diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-11-08 11:39:53 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-19 15:29:35 +0100 |
| commit | 40555d2185413cbcdfcf63462052bc60b4d6c1b4 (patch) | |
| tree | 7147131b0c9c30865cdf3e96046369ccf5e469f2 | |
| parent | f7b1b90257801bb3ab8dc493a4917b753f75f3d9 (diff) | |
| download | gnutls-40555d2185413cbcdfcf63462052bc60b4d6c1b4.tar.gz | |
dtls: cookie is stored dynamically when needed rather than in pre-allocated size
That reduces the number of bytes used in cases where DTLS is not in use or
we are in server-side.
Relates #281
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/gnutls_int.h | 3 | ||||
| -rw-r--r-- | lib/handshake.c | 13 | ||||
| -rw-r--r-- | lib/state.c | 1 |
3 files changed, 11 insertions, 6 deletions
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 605d3a3fb2..05c8371d2b 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -857,8 +857,7 @@ typedef struct gnutls_dh_params_int { */ typedef struct { /* HelloVerifyRequest DOS prevention cookie */ - uint8_t cookie[DTLS_MAX_COOKIE_SIZE]; - uint8_t cookie_len; + gnutls_datum_t dcookie; /* For DTLS handshake fragmentation and reassembly. */ uint16_t hsk_write_seq; diff --git a/lib/handshake.c b/lib/handshake.c index 3746296d44..79713b65e1 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -1897,12 +1897,14 @@ static int send_client_hello(gnutls_session_t session, int again) /* Copy the DTLS cookie */ if (IS_DTLS(session)) { - ret = _gnutls_buffer_append_data_prefix(&extdata, 8, session->internals.dtls.cookie, - session->internals.dtls.cookie_len); + ret = _gnutls_buffer_append_data_prefix(&extdata, 8, + session->internals.dtls.dcookie.data, + session->internals.dtls.dcookie.size); if (ret < 0) { gnutls_assert(); goto cleanup; } + _gnutls_free_datum(&session->internals.dtls.dcookie); } /* Copy the ciphersuites. @@ -2090,6 +2092,7 @@ recv_hello_verify_request(gnutls_session_t session, size_t pos = 0; uint8_t cookie_len; unsigned int nb_verifs; + int ret; if (!IS_DTLS(session) || session->security_parameters.entity == GNUTLS_SERVER) { @@ -2120,8 +2123,10 @@ recv_hello_verify_request(gnutls_session_t session, DECR_LEN(len, cookie_len); - session->internals.dtls.cookie_len = cookie_len; - memcpy(session->internals.dtls.cookie, &data[pos], cookie_len); + gnutls_free(session->internals.dtls.dcookie.data); + ret = _gnutls_set_datum(&session->internals.dtls.dcookie, &data[pos], cookie_len); + if (ret < 0) + return gnutls_assert_val(ret); if (len != 0) { gnutls_assert(); diff --git a/lib/state.c b/lib/state.c index ca53db23a6..1aeddc01ac 100644 --- a/lib/state.c +++ b/lib/state.c @@ -418,6 +418,7 @@ void gnutls_deinit(gnutls_session_t session) _mbuffer_head_clear(&session->internals.record_send_buffer); _gnutls_free_datum(&session->internals.resumption_data); + _gnutls_free_datum(&session->internals.dtls.dcookie); gnutls_free(session->internals.rexts); |