summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2017-09-20 11:40:54 +0200
committerNikos Mavrogiannopoulos <nmav@redhat.com>2018-02-19 15:29:34 +0100
commit4be026b4a6dae7cda9edd1c8cfbde5bc96aed620 (patch)
tree5f7efa685b1815d50b05e87f4eab841c35fa9e4d
parente62213a66b74586647fbf374a2e3e46cd7145d8d (diff)
downloadgnutls-4be026b4a6dae7cda9edd1c8cfbde5bc96aed620.tar.gz
extensions: simplified semantics of store and check functions
That is, _gnutls_extension_list_check was made a boolean function, and both were renamed to more appropriate names such as, _gnutls_hello_ext_is_present, _gnutls_hello_ext_save. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r--lib/algorithms/ciphersuites.c4
-rw-r--r--lib/ext/safe_renegotiation.c2
-rw-r--r--lib/extensions.c23
-rw-r--r--lib/extensions.h30
-rw-r--r--lib/x509.c2
5 files changed, 28 insertions, 33 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index 0c562012f6..5605913e87 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -1457,7 +1457,7 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session,
* by RFC4492, probably to allow SSLv2 hellos negotiate elliptic curve
* ciphersuites */
if (session->internals.cand_ec_group == NULL &&
- _gnutls_extension_list_check(session, GNUTLS_EXTENSION_SUPPORTED_ECC) < 0) {
+ !_gnutls_hello_ext_is_present(session, GNUTLS_EXTENSION_SUPPORTED_ECC)) {
session->internals.cand_ec_group = _gnutls_id_to_group(DEFAULT_EC_GROUP);
}
@@ -1613,7 +1613,7 @@ _gnutls_get_client_ciphersuites(gnutls_session_t session,
if (ret < 0)
return gnutls_assert_val(ret);
- _gnutls_extension_list_add_sr(session);
+ _gnutls_hello_ext_save_sr(session);
}
#endif
diff --git a/lib/ext/safe_renegotiation.c b/lib/ext/safe_renegotiation.c
index 6870cf0bd9..2ab3ad8c4a 100644
--- a/lib/ext/safe_renegotiation.c
+++ b/lib/ext/safe_renegotiation.c
@@ -222,7 +222,7 @@ int _gnutls_ext_sr_recv_cs(gnutls_session_t session)
priv->safe_renegotiation_received = 1;
priv->connection_using_safe_renegotiation = 1;
- _gnutls_extension_list_add_sr(session);
+ _gnutls_hello_ext_save_sr(session);
if (set != 0)
_gnutls_ext_set_session_data(session,
diff --git a/lib/extensions.c b/lib/extensions.c
index 33dbbf083c..8f33a33df5 100644
--- a/lib/extensions.c
+++ b/lib/extensions.c
@@ -159,11 +159,6 @@ static unsigned tls_id_to_gid(gnutls_session_t session, unsigned tls_id)
return 0;
}
-void _gnutls_extension_list_add_sr(gnutls_session_t session)
-{
- _gnutls_extension_list_add(session, &ext_mod_sr, 1);
-}
-
typedef struct hello_ext_ctx_st {
gnutls_session_t session;
gnutls_ext_flags_t msg;
@@ -186,12 +181,10 @@ int hello_ext_parse(void *_ctx, uint16_t tls_id, const uint8_t *data, int data_s
}
if (session->security_parameters.entity == GNUTLS_CLIENT) {
- if ((ret =
- _gnutls_extension_list_check(session, id)) < 0) {
+ if (!_gnutls_hello_ext_is_present(session, id)) {
_gnutls_debug_log("EXT[%p]: Received unexpected extension '%s/%d'\n", session,
gnutls_ext_get_name(tls_id), (int)tls_id);
- gnutls_assert();
- return ret;
+ return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
}
}
@@ -211,7 +204,7 @@ int hello_ext_parse(void *_ctx, uint16_t tls_id, const uint8_t *data, int data_s
}
if (session->security_parameters.entity == GNUTLS_SERVER) {
- ret = _gnutls_extension_list_add(session, ext, 1);
+ ret = _gnutls_hello_ext_save(session, ext->gid, 1);
if (ret == 0)
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
}
@@ -276,16 +269,14 @@ int hello_ext_send(void *_ctx, gnutls_buffer_st *buf)
/* ensure we don't send something twice (i.e, overriden extensions in
* client), and ensure we are sending only what we received in server. */
- ret = _gnutls_extension_list_check(session, p->gid);
+ ret = _gnutls_hello_ext_is_present(session, p->gid);
if (session->security_parameters.entity == GNUTLS_SERVER) {
- if (ret < 0) {/* not advertized */
+ if (ret == 0) /* not advertised */
return 0;
- }
} else {
- if (ret == 0) {/* already sent */
+ if (ret != 0) /* already sent */
return 0;
- }
}
@@ -304,7 +295,7 @@ int hello_ext_send(void *_ctx, gnutls_buffer_st *buf)
if ((appended > 0 || ret == GNUTLS_E_INT_RET_0) &&
session->security_parameters.entity == GNUTLS_CLIENT) {
- _gnutls_extension_list_add(session, p, 0);
+ _gnutls_hello_ext_save(session, p->gid, 0);
}
return ret;
diff --git a/lib/extensions.h b/lib/extensions.h
index 5c0d421462..8868d69766 100644
--- a/lib/extensions.h
+++ b/lib/extensions.h
@@ -117,19 +117,17 @@ typedef struct hello_ext_entry_st {
int _gnutls_ext_register(hello_ext_entry_st *);
-void _gnutls_extension_list_add_sr(gnutls_session_t session);
-
/* Checks if the extension @id provided has been requested
- * by us (in client side). In that case it returns zero,
- * otherwise a negative error value.
+ * by us (in client side). In that case it returns non-zero,
+ * otherwise zero.
*/
-inline static int
-_gnutls_extension_list_check(gnutls_session_t session, extensions_t id)
+inline static unsigned
+_gnutls_hello_ext_is_present(gnutls_session_t session, extensions_t id)
{
if (id != 0 && ((1 << id) & session->internals.used_exts))
- return 0;
+ return 1;
- return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION;
+ return 0;
}
/* Adds the extension we want to send in the extensions list.
@@ -142,17 +140,23 @@ _gnutls_extension_list_check(gnutls_session_t session, extensions_t id)
* Returns zero if failed, non-zero on success.
*/
inline static
-unsigned _gnutls_extension_list_add(gnutls_session_t session,
- const struct hello_ext_entry_st *e,
- unsigned check_dup)
+unsigned _gnutls_hello_ext_save(gnutls_session_t session,
+ extensions_t id,
+ unsigned check_dup)
{
- if (check_dup && _gnutls_extension_list_check(session, e->gid) == 0) {
+ if (check_dup && _gnutls_hello_ext_is_present(session, id)) {
return 0;
}
- session->internals.used_exts |= (1 << e->gid);
+ session->internals.used_exts |= (1 << id);
return 1;
}
+inline static
+void _gnutls_hello_ext_save_sr(gnutls_session_t session)
+{
+ _gnutls_hello_ext_save(session, GNUTLS_EXTENSION_SAFE_RENEGOTIATION, 1);
+}
+
#endif
diff --git a/lib/x509.c b/lib/x509.c
index 6ed556e5f9..3eb569e0f2 100644
--- a/lib/x509.c
+++ b/lib/x509.c
@@ -235,7 +235,7 @@ _gnutls_ocsp_verify_mandatory_stapling(gnutls_session_t session,
*
* To proceed, first check whether we have requested the certificate status
*/
- if (_gnutls_extension_list_check(session, GNUTLS_EXTENSION_STATUS_REQUEST) < 0) {
+ if (!_gnutls_hello_ext_is_present(session, GNUTLS_EXTENSION_STATUS_REQUEST)) {
return 0;
}