diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-01-17 16:10:32 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-01-17 16:10:32 +0000 |
| commit | f85907d18a6cbf654e92da0094f852779921dbb5 (patch) | |
| tree | 8e4fefd0377ed3dccee2bd29dd20d0d381683e3c | |
| parent | 41c46bd45d4fe32d74b5b430a283bda7bb3a2a05 (diff) | |
| download | gnutls-f85907d18a6cbf654e92da0094f852779921dbb5.tar.gz | |
changes in buffering code (actually variables' names are more
rational now).
| -rw-r--r-- | lib/auth_srp_sb64.c | 6 | ||||
| -rw-r--r-- | lib/gnutls.h.in.in | 17 | ||||
| -rw-r--r-- | lib/gnutls_algorithms.c | 36 | ||||
| -rw-r--r-- | lib/gnutls_buffers.c | 226 | ||||
| -rw-r--r-- | lib/gnutls_buffers.h | 42 | ||||
| -rw-r--r-- | lib/gnutls_cipher_int.c | 8 | ||||
| -rw-r--r-- | lib/gnutls_handshake.c | 37 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 29 | ||||
| -rw-r--r-- | lib/gnutls_record.c | 54 | ||||
| -rw-r--r-- | lib/gnutls_sig.c | 8 |
10 files changed, 239 insertions, 224 deletions
diff --git a/lib/auth_srp_sb64.c b/lib/auth_srp_sb64.c index 9ef8fa05db..d7be368f30 100644 --- a/lib/auth_srp_sb64.c +++ b/lib/auth_srp_sb64.c @@ -144,7 +144,7 @@ int _gnutls_sbase64_encode(uint8 * data, int data_size, uint8 ** result) ret += (data_size * 4) / 3; - (*result) = gnutls_malloc( ret + 1); + (*result) = gnutls_calloc( 1, ret + 1); if ((*result) == NULL) return -1; @@ -161,8 +161,7 @@ int _gnutls_sbase64_encode(uint8 * data, int data_size, uint8 ** result) memcpy(&(*result)[0], tmpres, tmp); i = mod; j = tmp; - - (*result)[j] = 0; + } /* encode the rest */ @@ -173,7 +172,6 @@ int _gnutls_sbase64_encode(uint8 * data, int data_size, uint8 ** result) return tmp; } memcpy(&(*result)[j], tmpres, tmp); - (*result)[j+tmp] = 0; } return strlen(*result); diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index 7f324229c2..eee80b9d4f 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -30,10 +30,18 @@ extern "C" { @DEFINE_SIZE_T@ @DEFINE_TIME_T@ -#define GNUTLS_AES GNUTLS_RIJNDAEL +#define GNUTLS_CIPHER_AES_128_CBC GNUTLS_CIPHER_RIJNDAEL_128_CBC +#define GNUTLS_CIPHER_AES_256_CBC GNUTLS_CIPHER_RIJNDAEL_256_CBC + +typedef enum GNUTLS_BulkCipherAlgorithm { GNUTLS_CIPHER_NULL=1, GNUTLS_CIPHER_ARCFOUR, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_TWOFISH_128_CBC, GNUTLS_CIPHER_RIJNDAEL_256_CBC } GNUTLS_BulkCipherAlgorithm; +#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_RIJNDAEL_128_CBC +#define GNUTLS_CIPHER_RIJNDAEL256_CBC GNUTLS_CIPHER_RIJNDAEL_256_CBC + +typedef enum GNUTLS_KXAlgorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP } GNUTLS_KXAlgorithm; +#define GNUTLS_KX_X509PKI_RSA GNUTLS_KX_RSA +#define GNUTLS_KX_X509PKI_DHE_RSA GNUTLS_KX_DHE_RSA +#define GNUTLS_KX_X509PKI_DHE_DSS GNUTLS_KX_DHE_DSS -typedef enum GNUTLS_BulkCipherAlgorithm { GNUTLS_CIPHER_NULL=1, GNUTLS_CIPHER_ARCFOUR, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_CIPHER_RIJNDAEL256_CBC } GNUTLS_BulkCipherAlgorithm; -typedef enum GNUTLS_KXAlgorithm { GNUTLS_KX_X509PKI_RSA=1, GNUTLS_KX_X509PKI_DHE_DSS, GNUTLS_KX_X509PKI_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP } GNUTLS_KXAlgorithm; typedef enum GNUTLS_CredType { GNUTLS_X509PKI=1, GNUTLS_ANON, GNUTLS_SRP } GNUTLS_CredType; #define CredType GNUTLS_CredType @@ -85,7 +93,6 @@ void gnutls_deinit(GNUTLS_STATE state); int gnutls_bye( GNUTLS_STATE state, GNUTLS_CloseRequest how); int gnutls_handshake( GNUTLS_STATE state); -int gnutls_check_pending(GNUTLS_STATE state); int gnutls_rehandshake( GNUTLS_STATE state); @@ -254,4 +261,6 @@ void gnutls_transport_set_pull_func( GNUTLS_STATE, GNUTLS_PULL_FUNC pull_func); size_t gnutls_record_get_max_size( GNUTLS_STATE state); size_t gnutls_record_set_max_size( GNUTLS_STATE state, size_t size); +size_t gnutls_record_check_pending(GNUTLS_STATE state); + int gnutls_fingerprint(GNUTLS_DigestAlgorithm algo, const gnutls_datum* data, char* result, int* result_size); diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 64a533d816..bf70ff8355 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -99,9 +99,9 @@ typedef struct gnutls_cipher_entry gnutls_cipher_entry; */ static const gnutls_cipher_entry algorithms[] = { GNUTLS_CIPHER_ENTRY(GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8), - GNUTLS_CIPHER_ENTRY(GNUTLS_CIPHER_RIJNDAEL_CBC, 16, 16, CIPHER_BLOCK, 16), - GNUTLS_CIPHER_ENTRY(GNUTLS_CIPHER_RIJNDAEL256_CBC, 16, 32, CIPHER_BLOCK, 16), - GNUTLS_CIPHER_ENTRY(GNUTLS_CIPHER_TWOFISH_CBC, 16, 16, CIPHER_BLOCK, 16), + GNUTLS_CIPHER_ENTRY(GNUTLS_CIPHER_RIJNDAEL_128_CBC, 16, 16, CIPHER_BLOCK, 16), + GNUTLS_CIPHER_ENTRY(GNUTLS_CIPHER_RIJNDAEL_256_CBC, 16, 32, CIPHER_BLOCK, 16), + GNUTLS_CIPHER_ENTRY(GNUTLS_CIPHER_TWOFISH_128_CBC, 16, 16, CIPHER_BLOCK, 16), GNUTLS_CIPHER_ENTRY(GNUTLS_CIPHER_ARCFOUR, 1, 16, CIPHER_STREAM, 0), GNUTLS_CIPHER_ENTRY(GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0), {0} @@ -262,13 +262,13 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_ANON_DH_RIJNDAEL_128_CBC_SHA, - GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_ANON_DH_RIJNDAEL_256_CBC_SHA, - GNUTLS_CIPHER_RIJNDAEL256_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_CIPHER_RIJNDAEL_256_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_ANON_DH_TWOFISH_128_CBC_SHA, - GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_CIPHER_TWOFISH_128_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA), /* SRP */ @@ -282,41 +282,41 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_RIJNDAEL_128_CBC_SHA, - GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_KX_SRP, + GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_KX_SRP, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_RIJNDAEL_256_CBC_SHA, - GNUTLS_CIPHER_RIJNDAEL256_CBC, GNUTLS_KX_SRP, + GNUTLS_CIPHER_RIJNDAEL_256_CBC, GNUTLS_KX_SRP, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_TWOFISH_128_CBC_SHA, - GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_KX_SRP, + GNUTLS_CIPHER_TWOFISH_128_CBC, GNUTLS_KX_SRP, GNUTLS_MAC_SHA), /* X509PKI_DHE_DSS */ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_X509PKI_DHE_DSS_TWOFISH_128_CBC_SHA, - GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_KX_X509PKI_DHE_DSS, + GNUTLS_CIPHER_TWOFISH_128_CBC, GNUTLS_KX_X509PKI_DHE_DSS, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_X509PKI_DHE_DSS_3DES_EDE_CBC_SHA, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_X509PKI_DHE_DSS, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_X509PKI_DHE_DSS_RIJNDAEL_128_CBC_SHA, - GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_KX_X509PKI_DHE_DSS, + GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_KX_X509PKI_DHE_DSS, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_X509PKI_DHE_DSS_RIJNDAEL_256_CBC_SHA, - GNUTLS_CIPHER_RIJNDAEL256_CBC, GNUTLS_KX_X509PKI_DHE_DSS, + GNUTLS_CIPHER_RIJNDAEL_256_CBC, GNUTLS_KX_X509PKI_DHE_DSS, GNUTLS_MAC_SHA), /* X509PKI_DHE_RSA */ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_X509PKI_DHE_RSA_TWOFISH_128_CBC_SHA, - GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_KX_X509PKI_DHE_RSA, + GNUTLS_CIPHER_TWOFISH_128_CBC, GNUTLS_KX_X509PKI_DHE_RSA, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_X509PKI_DHE_RSA_3DES_EDE_CBC_SHA, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_X509PKI_DHE_RSA, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_X509PKI_DHE_RSA_RIJNDAEL_128_CBC_SHA, - GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_KX_X509PKI_DHE_RSA, + GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_KX_X509PKI_DHE_RSA, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_X509PKI_DHE_RSA_RIJNDAEL_256_CBC_SHA, - GNUTLS_CIPHER_RIJNDAEL256_CBC, GNUTLS_KX_X509PKI_DHE_RSA, + GNUTLS_CIPHER_RIJNDAEL_256_CBC, GNUTLS_KX_X509PKI_DHE_RSA, GNUTLS_MAC_SHA), /* X509PKI_RSA */ @@ -334,13 +334,13 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_X509PKI_RSA, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_X509PKI_RSA_RIJNDAEL_128_CBC_SHA, - GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_KX_X509PKI_RSA, + GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_KX_X509PKI_RSA, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_X509PKI_RSA_RIJNDAEL_256_CBC_SHA, - GNUTLS_CIPHER_RIJNDAEL256_CBC, GNUTLS_KX_X509PKI_RSA, + GNUTLS_CIPHER_RIJNDAEL_256_CBC, GNUTLS_KX_X509PKI_RSA, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_X509PKI_RSA_TWOFISH_128_CBC_SHA, - GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_KX_X509PKI_RSA, + GNUTLS_CIPHER_TWOFISH_128_CBC, GNUTLS_KX_X509PKI_RSA, GNUTLS_MAC_SHA), {0} diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index 918cc663c4..cec4ec2ebe 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -32,11 +32,11 @@ * RECORD LAYER: * 1. uses a buffer to hold data (application/handshake), * we got but they were not requested, yet. - * (see gnutls_insert_to_data_buffer(), gnutls_get_data_buffer_size() etc.) + * (see gnutls_record_buffer_put(), gnutls_record_buffer_get_size() etc.) * * 2. uses a buffer to hold data that were incomplete (ie the read/write * was interrupted) - * (see _gnutls_read_buffered(), _gnutls_write_buffered() etc.) + * (see _gnutls_io_read_buffered(), _gnutls_io_write_buffered() etc.) * * HANDSHAKE LAYER: * Uses a buffer to hold data that was not sent or received @@ -67,35 +67,35 @@ static int RET( int err) { /* Buffers received packets of type APPLICATION DATA and * HANDSHAKE DATA. */ -int gnutls_insert_to_data_buffer(ContentType type, GNUTLS_STATE state, char *data, int length) +int _gnutls_record_buffer_put(ContentType type, GNUTLS_STATE state, char *data, int length) { int old_buffer; if (length==0) return 0; switch( type) { case GNUTLS_APPLICATION_DATA: - old_buffer = state->gnutls_internals.buffer.size; + old_buffer = state->gnutls_internals.application_data_buffer.size; - state->gnutls_internals.buffer.size += length; + state->gnutls_internals.application_data_buffer.size += length; #ifdef BUFFERS_DEBUG _gnutls_log( "RECORD BUFFER: Inserted %d bytes of Data(%d)\n", length, type); #endif - state->gnutls_internals.buffer.data = - gnutls_realloc_fast(state->gnutls_internals.buffer.data, - state->gnutls_internals.buffer.size); - memcpy(&state->gnutls_internals.buffer.data[old_buffer], data, length); + state->gnutls_internals.application_data_buffer.data = + gnutls_realloc_fast(state->gnutls_internals.application_data_buffer.data, + state->gnutls_internals.application_data_buffer.size); + memcpy(&state->gnutls_internals.application_data_buffer.data[old_buffer], data, length); break; case GNUTLS_HANDSHAKE: - old_buffer = state->gnutls_internals.buffer_handshake.size; + old_buffer = state->gnutls_internals.handshake_data_buffer.size; - state->gnutls_internals.buffer_handshake.size += length; + state->gnutls_internals.handshake_data_buffer.size += length; #ifdef BUFFERS_DEBUG _gnutls_log( "HANDSHAKE BUFFER: Inserted %d bytes of Data(%d)\n", length, type); #endif - state->gnutls_internals.buffer_handshake.data = - gnutls_realloc_fast(state->gnutls_internals.buffer_handshake.data, - state->gnutls_internals.buffer_handshake.size); - memcpy(&state->gnutls_internals.buffer_handshake.data[old_buffer], data, length); + state->gnutls_internals.handshake_data_buffer.data = + gnutls_realloc_fast(state->gnutls_internals.handshake_data_buffer.data, + state->gnutls_internals.handshake_data_buffer.size); + memcpy(&state->gnutls_internals.handshake_data_buffer.data[old_buffer], data, length); break; default: @@ -107,14 +107,14 @@ int gnutls_insert_to_data_buffer(ContentType type, GNUTLS_STATE state, char *dat } -int gnutls_get_data_buffer_size(ContentType type, GNUTLS_STATE state) +int _gnutls_record_buffer_get_size(ContentType type, GNUTLS_STATE state) { switch( type) { case GNUTLS_APPLICATION_DATA: - return state->gnutls_internals.buffer.size; + return state->gnutls_internals.application_data_buffer.size; case GNUTLS_HANDSHAKE: - return state->gnutls_internals.buffer_handshake.size; + return state->gnutls_internals.handshake_data_buffer.size; default: return GNUTLS_E_INVALID_PARAMETERS; @@ -123,7 +123,7 @@ int gnutls_get_data_buffer_size(ContentType type, GNUTLS_STATE state) } /** - * gnutls_check_pending - checks if there are any data to receive in gnutls buffers. + * gnutls_record_check_pending - checks if there are any data to receive in gnutls buffers. * @state: is a &GNUTLS_STATE structure. * * This function checks if there are any data to receive @@ -133,11 +133,19 @@ int gnutls_get_data_buffer_size(ContentType type, GNUTLS_STATE state) * (gnutls leaves some data in the tcp buffer in order for select * to work). **/ -int gnutls_check_pending(GNUTLS_STATE state) { - return gnutls_get_data_buffer_size(GNUTLS_APPLICATION_DATA, state); +size_t gnutls_record_check_pending(GNUTLS_STATE state) { + return _gnutls_record_buffer_get_size(GNUTLS_APPLICATION_DATA, state); } -int gnutls_get_data_buffer(ContentType type, GNUTLS_STATE state, char *data, int length) +#ifdef DEBUG +# warning REMOVE THIS ON API UPDATE +#endif + +int gnutls_check_pending( GNUTLS_STATE state) { + return gnutls_record_check_pending( state); +} + +int _gnutls_record_buffer_get(ContentType type, GNUTLS_STATE state, char *data, int length) { if (length < 0 || data==NULL) { gnutls_assert(); @@ -147,41 +155,41 @@ int gnutls_get_data_buffer(ContentType type, GNUTLS_STATE state, char *data, int switch(type) { case GNUTLS_APPLICATION_DATA: - if (length > state->gnutls_internals.buffer.size) { - length = state->gnutls_internals.buffer.size; + if (length > state->gnutls_internals.application_data_buffer.size) { + length = state->gnutls_internals.application_data_buffer.size; } #ifdef BUFFERS_DEBUG _gnutls_log( "RECORD BUFFER: Read %d bytes of Data(%d)\n", length, type); #endif - state->gnutls_internals.buffer.size -= length; - memcpy(data, state->gnutls_internals.buffer.data, length); + state->gnutls_internals.application_data_buffer.size -= length; + memcpy(data, state->gnutls_internals.application_data_buffer.data, length); /* overwrite buffer */ - memcpy(state->gnutls_internals.buffer.data, - &state->gnutls_internals.buffer.data[length], - state->gnutls_internals.buffer.size); - state->gnutls_internals.buffer.data = - gnutls_realloc_fast(state->gnutls_internals.buffer.data, - state->gnutls_internals.buffer.size); + memcpy(state->gnutls_internals.application_data_buffer.data, + &state->gnutls_internals.application_data_buffer.data[length], + state->gnutls_internals.application_data_buffer.size); + state->gnutls_internals.application_data_buffer.data = + gnutls_realloc_fast(state->gnutls_internals.application_data_buffer.data, + state->gnutls_internals.application_data_buffer.size); break; case GNUTLS_HANDSHAKE: - if (length > state->gnutls_internals.buffer_handshake.size) { - length = state->gnutls_internals.buffer_handshake.size; + if (length > state->gnutls_internals.handshake_data_buffer.size) { + length = state->gnutls_internals.handshake_data_buffer.size; } #ifdef BUFFERS_DEBUG _gnutls_log( "HANDSHAKE BUFFER: Read %d bytes of Data(%d)\n", length, type); #endif - state->gnutls_internals.buffer_handshake.size -= length; - memcpy(data, state->gnutls_internals.buffer_handshake.data, length); + state->gnutls_internals.handshake_data_buffer.size -= length; + memcpy(data, state->gnutls_internals.handshake_data_buffer.data, length); /* overwrite buffer */ - memcpy(state->gnutls_internals.buffer_handshake.data, - &state->gnutls_internals.buffer_handshake.data[length], - state->gnutls_internals.buffer_handshake.size); - state->gnutls_internals.buffer_handshake.data = - gnutls_realloc_fast(state->gnutls_internals.buffer_handshake.data, - state->gnutls_internals.buffer_handshake.size); + memcpy(state->gnutls_internals.handshake_data_buffer.data, + &state->gnutls_internals.handshake_data_buffer.data[length], + state->gnutls_internals.handshake_data_buffer.size); + state->gnutls_internals.handshake_data_buffer.data = + gnutls_realloc_fast(state->gnutls_internals.handshake_data_buffer.data, + state->gnutls_internals.handshake_data_buffer.size); break; default: gnutls_assert(); @@ -272,7 +280,7 @@ static ssize_t _gnutls_read( GNUTLS_STATE state, void *iptr, size_t sizeOfPtr, i /* This function is only used with berkeley style sockets. * Clears the peeked data (read with MSG_PEEK). */ -int _gnutls_clear_peeked_data( GNUTLS_STATE state) { +int _gnutls_io_clear_peeked_data( GNUTLS_STATE state) { char peekdata1[10]; char *peekdata2; char * peek; @@ -316,8 +324,8 @@ int ret, sum; } -void _gnutls_clear_read_buffer( GNUTLS_STATE state) { - state->gnutls_internals.recv_buffer.size = 0; +void _gnutls_io_clear_read_buffer( GNUTLS_STATE state) { + state->gnutls_internals.record_recv_buffer.size = 0; } /* This function is like recv(with MSG_PEEK). But it does not return -1 on error. @@ -330,7 +338,7 @@ void _gnutls_clear_read_buffer( GNUTLS_STATE state) { * This is not a general purpose function. It returns EXACTLY the data requested. * */ -ssize_t _gnutls_read_buffered( GNUTLS_STATE state, opaque **iptr, size_t sizeOfPtr, ContentType recv_type) +ssize_t _gnutls_io_read_buffered( GNUTLS_STATE state, opaque **iptr, size_t sizeOfPtr, ContentType recv_type) { ssize_t ret=0, ret2=0; int min, buf_pos; @@ -338,10 +346,10 @@ ssize_t _gnutls_read_buffered( GNUTLS_STATE state, opaque **iptr, size_t sizeOfP int recvlowat = RCVLOWAT; int recvdata; - *iptr = state->gnutls_internals.recv_buffer.data; + *iptr = state->gnutls_internals.record_recv_buffer.data; if ( sizeOfPtr > MAX_RECV_SIZE || sizeOfPtr == 0 - || (state->gnutls_internals.recv_buffer.size+sizeOfPtr) > MAX_RECV_SIZE) { + || (state->gnutls_internals.record_recv_buffer.size+sizeOfPtr) > MAX_RECV_SIZE) { gnutls_assert(); /* internal error */ return GNUTLS_E_INVALID_PARAMETERS; } @@ -358,7 +366,7 @@ ssize_t _gnutls_read_buffered( GNUTLS_STATE state, opaque **iptr, size_t sizeOfP /* calculate the actual size, ie. get the minimum of the * buffered data and the requested data. */ - min = GMIN( state->gnutls_internals.recv_buffer.size, sizeOfPtr); + min = GMIN( state->gnutls_internals.record_recv_buffer.size, sizeOfPtr); if ( min > 0) { /* if we have enough buffered data * then just return them. @@ -375,15 +383,15 @@ ssize_t _gnutls_read_buffered( GNUTLS_STATE state, opaque **iptr, size_t sizeOfP /* Allocate the data required to store the new packet. */ - state->gnutls_internals.recv_buffer.data = gnutls_realloc_fast( - state->gnutls_internals.recv_buffer.data, recvdata+state->gnutls_internals.recv_buffer.size); - if ( state->gnutls_internals.recv_buffer.data==NULL) { + state->gnutls_internals.record_recv_buffer.data = gnutls_realloc_fast( + state->gnutls_internals.record_recv_buffer.data, recvdata+state->gnutls_internals.record_recv_buffer.size); + if ( state->gnutls_internals.record_recv_buffer.data==NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - buf_pos = state->gnutls_internals.recv_buffer.size; - buf = state->gnutls_internals.recv_buffer.data; + buf_pos = state->gnutls_internals.record_recv_buffer.size; + buf = state->gnutls_internals.record_recv_buffer.data; *iptr = buf; /* READ DATA - but leave RCVLOWAT bytes in the kernel buffer. @@ -401,15 +409,15 @@ ssize_t _gnutls_read_buffered( GNUTLS_STATE state, opaque **iptr, size_t sizeOfP #ifdef READ_DEBUG if (ret > 0) - _gnutls_log("RB: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", state->gnutls_internals.recv_buffer.size, ret, sizeOfPtr); + _gnutls_log("RB: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", state->gnutls_internals.record_recv_buffer.size, ret, sizeOfPtr); #endif /* copy fresh data to our buffer. */ if (ret > 0) - state->gnutls_internals.recv_buffer.size += ret; + state->gnutls_internals.record_recv_buffer.size += ret; - buf_pos = state->gnutls_internals.recv_buffer.size; + buf_pos = state->gnutls_internals.record_recv_buffer.size; /* This is hack in order for select to work. Just leave recvlowat data, * into the kernel buffer (using a read with MSG_PEEK), thus making @@ -426,13 +434,13 @@ ssize_t _gnutls_read_buffered( GNUTLS_STATE state, opaque **iptr, size_t sizeOfP #ifdef READ_DEBUG if (ret2 > 0) { _gnutls_log("RB-PEEK: Read %d bytes in PEEK MODE.\n", ret2); - _gnutls_log("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", state->gnutls_internals.recv_buffer.size, ret2, sizeOfPtr); + _gnutls_log("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", state->gnutls_internals.record_recv_buffer.size, ret2, sizeOfPtr); } #endif if (ret2 > 0) { state->gnutls_internals.have_peeked_data = 1; - state->gnutls_internals.recv_buffer.size += ret2; + state->gnutls_internals.record_recv_buffer.size += ret2; } } @@ -455,7 +463,7 @@ ssize_t _gnutls_read_buffered( GNUTLS_STATE state, opaque **iptr, size_t sizeOfP return 0; } - ret = state->gnutls_internals.recv_buffer.size; + ret = state->gnutls_internals.record_recv_buffer.size; if ((ret > 0) && (ret < sizeOfPtr)) { /* Short Read */ @@ -529,7 +537,7 @@ static int _gnutls_buffer_get( gnutls_datum * buffer, const opaque ** ptr, size_ * to decrypt and verify the integrity. * */ -ssize_t _gnutls_write_buffered( GNUTLS_STATE state, const void *iptr, size_t n) +ssize_t _gnutls_io_write_buffered( GNUTLS_STATE state, const void *iptr, size_t n) { size_t left; #ifdef WRITE_DEBUG @@ -546,7 +554,7 @@ ssize_t _gnutls_write_buffered( GNUTLS_STATE state, const void *iptr, size_t n) * iptr != NULL and we have data in the buffer. * If this is true then return an error. */ - if (state->gnutls_internals.send_buffer.size > 0 && iptr != NULL) { + if (state->gnutls_internals.record_send_buffer.size > 0 && iptr != NULL) { gnutls_assert(); return GNUTLS_E_INVALID_PARAMETERS; } @@ -555,7 +563,7 @@ ssize_t _gnutls_write_buffered( GNUTLS_STATE state, const void *iptr, size_t n) */ if (iptr == NULL) { /* checking is handled above */ - ret = _gnutls_buffer_get( &state->gnutls_internals.send_buffer, &ptr, &n); + ret = _gnutls_buffer_get( &state->gnutls_internals.record_send_buffer, &ptr, &n); if (ret < 0) { gnutls_assert(); return retval; @@ -580,9 +588,9 @@ ssize_t _gnutls_write_buffered( GNUTLS_STATE state, const void *iptr, size_t n) if (i == -1) { if (errno == EAGAIN || errno == EINTR) { - state->gnutls_internals.send_buffer_prev_size += n - left; + state->gnutls_internals.record_send_buffer_prev_size += n - left; - retval = _gnutls_buffer_insert( &state->gnutls_internals.send_buffer, &ptr[n-left], left); + retval = _gnutls_buffer_insert( &state->gnutls_internals.record_send_buffer, &ptr[n-left], left); if (retval < 0) { gnutls_assert(); return retval; @@ -620,10 +628,10 @@ ssize_t _gnutls_write_buffered( GNUTLS_STATE state, const void *iptr, size_t n) } - retval = n + state->gnutls_internals.send_buffer_prev_size; + retval = n + state->gnutls_internals.record_send_buffer_prev_size; - state->gnutls_internals.send_buffer.size = 0; - state->gnutls_internals.send_buffer_prev_size = 0; + state->gnutls_internals.record_send_buffer.size = 0; + state->gnutls_internals.record_send_buffer_prev_size = 0; return retval; @@ -633,16 +641,16 @@ ssize_t _gnutls_write_buffered( GNUTLS_STATE state, const void *iptr, size_t n) * TLS write buffer (ie. because the previous write was * interrupted. */ -ssize_t _gnutls_write_flush( GNUTLS_STATE state) +ssize_t _gnutls_io_write_flush( GNUTLS_STATE state) { ssize_t ret; - if (state->gnutls_internals.send_buffer.size == 0) + if (state->gnutls_internals.record_send_buffer.size == 0) return 0; /* done */ - ret = _gnutls_write_buffered( state, NULL, 0); + ret = _gnutls_io_write_buffered( state, NULL, 0); #ifdef WRITE_DEBUG - _gnutls_log("WRITE FLUSH: %d [buffer: %d]\n", ret, state->gnutls_internals.send_buffer.size); + _gnutls_log("WRITE FLUSH: %d [buffer: %d]\n", ret, state->gnutls_internals.record_send_buffer.size); #endif return ret; @@ -652,10 +660,10 @@ ssize_t _gnutls_write_flush( GNUTLS_STATE state) * Handshake write buffer (ie. because the previous write was * interrupted. */ -ssize_t _gnutls_handshake_write_flush( GNUTLS_STATE state) +ssize_t _gnutls_handshake_io_write_flush( GNUTLS_STATE state) { ssize_t ret; - ret = _gnutls_handshake_send_int( state, 0, 0, NULL, 0); + ret = _gnutls_handshake_io_send_int( state, 0, 0, NULL, 0); if (ret < 0) { gnutls_assert(); return ret; @@ -679,7 +687,7 @@ ssize_t _gnutls_handshake_write_flush( GNUTLS_STATE state) /* This is a send function for the gnutls handshake * protocol. Just makes sure that all data have been sent. */ -ssize_t _gnutls_handshake_send_int( GNUTLS_STATE state, ContentType type, HandshakeType htype, const void *iptr, size_t n) +ssize_t _gnutls_handshake_io_send_int( GNUTLS_STATE state, ContentType type, HandshakeType htype, const void *iptr, size_t n) { size_t left; ssize_t i = 0, ret=0; @@ -784,7 +792,7 @@ ssize_t _gnutls_handshake_send_int( GNUTLS_STATE state, ContentType type, Handsh /* This is a receive function for the gnutls handshake * protocol. Makes sure that we have received all data. */ -ssize_t _gnutls_handshake_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType htype, void *iptr, size_t sizeOfPtr) +ssize_t _gnutls_handshake_io_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType htype, void *iptr, size_t sizeOfPtr) { size_t left; ssize_t i; @@ -871,15 +879,15 @@ ssize_t _gnutls_handshake_recv_int( GNUTLS_STATE state, ContentType type, Handsh * for finished messages to use them. Used in HMAC calculation * and finished messages. */ -int gnutls_insert_to_handshake_buffer( GNUTLS_STATE state, char *data, int length) +int _gnutls_handshake_buffer_put( GNUTLS_STATE state, char *data, int length) { int old_buffer; if (length==0) return 0; - old_buffer = state->gnutls_internals.hash_buffer.size; + old_buffer = state->gnutls_internals.handshake_hash_buffer.size; - state->gnutls_internals.hash_buffer.size += length; - if (state->gnutls_internals.max_handshake_data_buffer_size > 0 && state->gnutls_internals.hash_buffer.size > state->gnutls_internals.max_handshake_data_buffer_size) { + state->gnutls_internals.handshake_hash_buffer.size += length; + if (state->gnutls_internals.max_handshake_data_buffer_size > 0 && state->gnutls_internals.handshake_hash_buffer.size > state->gnutls_internals.max_handshake_data_buffer_size) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } @@ -887,43 +895,43 @@ int gnutls_insert_to_handshake_buffer( GNUTLS_STATE state, char *data, int lengt #ifdef BUFFERS_DEBUG _gnutls_log( "HASH BUFFER: Inserted %d bytes of Data\n", length); #endif - state->gnutls_internals.hash_buffer.data = - gnutls_realloc_fast(state->gnutls_internals.hash_buffer.data, - state->gnutls_internals.hash_buffer.size); - if (state->gnutls_internals.hash_buffer.data == NULL) { + state->gnutls_internals.handshake_hash_buffer.data = + gnutls_realloc_fast(state->gnutls_internals.handshake_hash_buffer.data, + state->gnutls_internals.handshake_hash_buffer.size); + if (state->gnutls_internals.handshake_hash_buffer.data == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - memcpy(&state->gnutls_internals.hash_buffer.data[old_buffer], data, length); + memcpy(&state->gnutls_internals.handshake_hash_buffer.data[old_buffer], data, length); return 0; } -int gnutls_get_handshake_buffer_size( GNUTLS_STATE state) +int _gnutls_handshake_buffer_get_size( GNUTLS_STATE state) { - return state->gnutls_internals.hash_buffer.size; + return state->gnutls_internals.handshake_hash_buffer.size; } -int gnutls_get_handshake_buffer( GNUTLS_STATE state, char *data, int length) +int _gnutls_handshake_buffer_get( GNUTLS_STATE state, char *data, int length) { - if (length > state->gnutls_internals.hash_buffer.size) { - length = state->gnutls_internals.hash_buffer.size; + if (length > state->gnutls_internals.handshake_hash_buffer.size) { + length = state->gnutls_internals.handshake_hash_buffer.size; } #ifdef BUFFERS_DEBUG _gnutls_log( "HASH BUFFER: Got %d bytes of Data\n", length); #endif - state->gnutls_internals.hash_buffer.size -= length; - memcpy(data, state->gnutls_internals.hash_buffer.data, length); + state->gnutls_internals.handshake_hash_buffer.size -= length; + memcpy(data, state->gnutls_internals.handshake_hash_buffer.data, length); /* overwrite buffer */ - memcpy(state->gnutls_internals.hash_buffer.data, - &state->gnutls_internals.hash_buffer.data[length], - state->gnutls_internals.hash_buffer.size); - state->gnutls_internals.hash_buffer.data = - gnutls_realloc_fast(state->gnutls_internals.hash_buffer.data, - state->gnutls_internals.hash_buffer.size); - - if (state->gnutls_internals.hash_buffer.data == NULL) { + memcpy(state->gnutls_internals.handshake_hash_buffer.data, + &state->gnutls_internals.handshake_hash_buffer.data[length], + state->gnutls_internals.handshake_hash_buffer.size); + state->gnutls_internals.handshake_hash_buffer.data = + gnutls_realloc_fast(state->gnutls_internals.handshake_hash_buffer.data, + state->gnutls_internals.handshake_hash_buffer.size); + + if (state->gnutls_internals.handshake_hash_buffer.data == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } @@ -935,30 +943,30 @@ int gnutls_get_handshake_buffer( GNUTLS_STATE state, char *data, int length) /* this function does not touch the buffer * and returns data from it (peek mode!) */ -int gnutls_read_handshake_buffer( GNUTLS_STATE state, char *data, int length) +int _gnutls_handshake_buffer_peek( GNUTLS_STATE state, char *data, int length) { - if (length > state->gnutls_internals.hash_buffer.size) { - length = state->gnutls_internals.hash_buffer.size; + if (length > state->gnutls_internals.handshake_hash_buffer.size) { + length = state->gnutls_internals.handshake_hash_buffer.size; } #ifdef BUFFERS_DEBUG _gnutls_log( "HASH BUFFER: Read %d bytes of Data\n", length); #endif - memcpy(data, state->gnutls_internals.hash_buffer.data, length); + memcpy(data, state->gnutls_internals.handshake_hash_buffer.data, length); return length; } -int gnutls_clear_handshake_buffer( GNUTLS_STATE state) +int _gnutls_handshake_buffer_clear( GNUTLS_STATE state) { #ifdef BUFFERS_DEBUG _gnutls_log( "HASH BUFFER: Cleared Data from buffer\n"); #endif - state->gnutls_internals.hash_buffer.size = 0; - if (state->gnutls_internals.hash_buffer.data!=NULL) - gnutls_free(state->gnutls_internals.hash_buffer.data); - state->gnutls_internals.hash_buffer.data = NULL; + state->gnutls_internals.handshake_hash_buffer.size = 0; + if (state->gnutls_internals.handshake_hash_buffer.data!=NULL) + gnutls_free(state->gnutls_internals.handshake_hash_buffer.data); + state->gnutls_internals.handshake_hash_buffer.data = NULL; return 0; } diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h index e4c98d298c..407affcb65 100644 --- a/lib/gnutls_buffers.h +++ b/lib/gnutls_buffers.h @@ -18,23 +18,31 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -int gnutls_insert_to_data_buffer(ContentType type, GNUTLS_STATE state, char *data, int length); -int gnutls_get_data_buffer_size(ContentType type, GNUTLS_STATE state); -int gnutls_get_data_buffer(ContentType type, GNUTLS_STATE state, char *data, int length); -ssize_t _gnutls_read_buffered( GNUTLS_STATE, opaque **iptr, size_t n, ContentType); -void _gnutls_clear_read_buffer( GNUTLS_STATE); -int _gnutls_clear_peeked_data( GNUTLS_STATE state); +int _gnutls_record_buffer_put(ContentType type, GNUTLS_STATE state, char *data, int length); +int _gnutls_record_buffer_get_size(ContentType type, GNUTLS_STATE state); +int _gnutls_record_buffer_get(ContentType type, GNUTLS_STATE state, char *data, int length); +ssize_t _gnutls_io_read_buffered( GNUTLS_STATE, opaque **iptr, size_t n, ContentType); +void _gnutls_io_clear_read_buffer( GNUTLS_STATE); +int _gnutls_io_clear_peeked_data( GNUTLS_STATE state); -ssize_t _gnutls_write_buffered( GNUTLS_STATE, const void *iptr, size_t n ); +ssize_t _gnutls_io_write_buffered( GNUTLS_STATE, const void *iptr, size_t n ); -/* used in SSL3 */ -int gnutls_get_handshake_buffer( GNUTLS_STATE state, char *data, int length); -int gnutls_get_handshake_buffer_size( GNUTLS_STATE state); -int gnutls_read_handshake_buffer( GNUTLS_STATE state, char *data, int length); -int gnutls_insert_to_handshake_buffer( GNUTLS_STATE state, char *data, int length); -int gnutls_clear_handshake_buffer( GNUTLS_STATE state); +int _gnutls_handshake_buffer_get( GNUTLS_STATE state, char *data, int length); +int _gnutls_handshake_buffer_get_size( GNUTLS_STATE state); +int _gnutls_handshake_buffer_peek( GNUTLS_STATE state, char *data, int length); +int _gnutls_handshake_buffer_put( GNUTLS_STATE state, char *data, int length); +int _gnutls_handshake_buffer_clear( GNUTLS_STATE state); -ssize_t _gnutls_handshake_recv_int( GNUTLS_STATE, ContentType, HandshakeType, void *, size_t); -ssize_t _gnutls_handshake_send_int( GNUTLS_STATE, ContentType, HandshakeType, const void *, size_t); -ssize_t _gnutls_write_flush( GNUTLS_STATE state); -ssize_t _gnutls_handshake_write_flush( GNUTLS_STATE state); +#define _gnutls_handshake_io_buffer_clear( state) \ + gnutls_free( state->gnutls_internals.handshake_send_buffer.data); \ + gnutls_free( state->gnutls_internals.handshake_recv_buffer.data); \ + state->gnutls_internals.handshake_send_buffer.data = NULL; \ + state->gnutls_internals.handshake_recv_buffer.data = NULL; \ + state->gnutls_internals.handshake_send_buffer.size = 0; \ + state->gnutls_internals.handshake_recv_buffer.size = 0; \ + state->gnutls_internals.handshake_send_buffer_prev_size = 0 + +ssize_t _gnutls_handshake_io_recv_int( GNUTLS_STATE, ContentType, HandshakeType, void *, size_t); +ssize_t _gnutls_handshake_io_send_int( GNUTLS_STATE, ContentType, HandshakeType, const void *, size_t); +ssize_t _gnutls_io_write_flush( GNUTLS_STATE state); +ssize_t _gnutls_handshake_io_write_flush( GNUTLS_STATE state); diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c index 5249e48b31..edaf56f844 100644 --- a/lib/gnutls_cipher_int.c +++ b/lib/gnutls_cipher_int.c @@ -31,21 +31,21 @@ GNUTLS_CIPHER_HANDLE ret; case GNUTLS_CIPHER_NULL: ret = GNUTLS_CIPHER_FAILED; break; - case GNUTLS_CIPHER_RIJNDAEL_CBC: + case GNUTLS_CIPHER_RIJNDAEL_128_CBC: #ifdef USE_MCRYPT ret = mcrypt_module_open( "rijndael-128", NULL, "cbc", NULL); #else ret = gcry_cipher_open(GCRY_CIPHER_RIJNDAEL, GCRY_CIPHER_MODE_CBC, 0); #endif break; - case GNUTLS_CIPHER_RIJNDAEL256_CBC: + case GNUTLS_CIPHER_RIJNDAEL_256_CBC: #ifdef USE_MCRYPT ret = mcrypt_module_open( "rijndael-128", NULL, "cbc", NULL); #else ret = gcry_cipher_open(GCRY_CIPHER_RIJNDAEL256, GCRY_CIPHER_MODE_CBC, 0); #endif break; - case GNUTLS_CIPHER_TWOFISH_CBC: + case GNUTLS_CIPHER_TWOFISH_128_CBC: #ifdef USE_MCRYPT ret = mcrypt_module_open( "twofish", NULL, "cbc", NULL); #else @@ -74,7 +74,7 @@ GNUTLS_CIPHER_HANDLE ret; /* ivsize is assumed to be blocksize */ if ( mcrypt_generic_init( ret, key.data, key.size, iv.data) < 0) { return GNUTLS_CIPHER_FAILED; - }; + }; #else gcry_cipher_setkey(ret, key.data, key.size); if (iv.data!=NULL && iv.size>0) gcry_cipher_setiv(ret, iv.data, iv.size); diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 2eba02f9a9..cfd2c254a6 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -139,7 +139,7 @@ static int _gnutls_ssl3_finished(GNUTLS_STATE state, int type, int skip, return GNUTLS_E_HASH_FAILED; } - siz = gnutls_get_handshake_buffer_size(state) - skip; + siz = _gnutls_handshake_buffer_get_size(state) - skip; data = gnutls_malloc(siz); if (data == NULL) { gnutls_assert(); @@ -148,7 +148,7 @@ static int _gnutls_ssl3_finished(GNUTLS_STATE state, int type, int skip, return GNUTLS_E_MEMORY_ERROR; } - gnutls_read_handshake_buffer(state, data, siz); + _gnutls_handshake_buffer_peek(state, data, siz); gnutls_mac_ssl3(td, data, siz); gnutls_mac_ssl3(td2, data, siz); @@ -197,7 +197,7 @@ int _gnutls_finished(GNUTLS_STATE state, int type, int skip, void *ret) return GNUTLS_E_HASH_FAILED; } - siz = gnutls_get_handshake_buffer_size(state) - skip; + siz = _gnutls_handshake_buffer_get_size(state) - skip; data = gnutls_malloc(siz); if (data == NULL) { @@ -207,7 +207,7 @@ int _gnutls_finished(GNUTLS_STATE state, int type, int skip, void *ret) return GNUTLS_E_MEMORY_ERROR; } - gnutls_read_handshake_buffer(state, data, siz); + _gnutls_handshake_buffer_get(state, data, siz); gnutls_hash(td, data, siz); gnutls_hash(td2, data, siz); @@ -650,7 +650,7 @@ int _gnutls_send_handshake(GNUTLS_STATE state, void *i_data, /* we are resuming a previously interrupted * send. */ - ret = _gnutls_handshake_write_flush(state); + ret = _gnutls_handshake_io_write_flush(state); return ret; } @@ -685,7 +685,7 @@ int _gnutls_send_handshake(GNUTLS_STATE state, void *i_data, if (type != GNUTLS_HELLO_REQUEST) { if ((ret = - gnutls_insert_to_handshake_buffer(state, data, + _gnutls_handshake_buffer_put(state, data, datasize)) < 0) { gnutls_assert(); gnutls_free(data); @@ -694,7 +694,7 @@ int _gnutls_send_handshake(GNUTLS_STATE state, void *i_data, } ret = - _gnutls_handshake_send_int(state, GNUTLS_HANDSHAKE, type, + _gnutls_handshake_io_send_int(state, GNUTLS_HANDSHAKE, type, data, datasize); gnutls_free(data); @@ -744,7 +744,7 @@ static int _gnutls_recv_handshake_header(GNUTLS_STATE state, if (state->gnutls_internals.handshake_header_buffer.header_size < SSL2_HEADERS) { ret = - _gnutls_handshake_recv_int(state, GNUTLS_HANDSHAKE, + _gnutls_handshake_io_recv_int(state, GNUTLS_HANDSHAKE, type, dataptr, SSL2_HEADERS); @@ -766,7 +766,7 @@ static int _gnutls_recv_handshake_header(GNUTLS_STATE state, if (state->gnutls_internals.v2_hello == 0 || type != GNUTLS_CLIENT_HELLO) { ret = - _gnutls_handshake_recv_int(state, GNUTLS_HANDSHAKE, + _gnutls_handshake_io_recv_int(state, GNUTLS_HANDSHAKE, type, &dataptr[state-> gnutls_internals. @@ -831,7 +831,7 @@ static int _gnutls_recv_handshake_header(GNUTLS_STATE state, if (*recv_type != GNUTLS_HELLO_REQUEST) { if ((ret = - gnutls_insert_to_handshake_buffer(state, dataptr, + _gnutls_handshake_buffer_put(state, dataptr, handshake_header_size)) < 0) { gnutls_assert(); @@ -839,7 +839,7 @@ static int _gnutls_recv_handshake_header(GNUTLS_STATE state, } } - /* This MUST be after insert_to_handshake_buffer(), because + /* This MUST be after handshake_buffer_put(), because * of optional packets. */ if (*recv_type != type) { @@ -850,7 +850,7 @@ static int _gnutls_recv_handshake_header(GNUTLS_STATE state, return length32; } -#define _gnutls_clear_handshake_header_buffer( state) state->gnutls_internals.handshake_header_buffer.header_size = 0 +#define _gnutls_handshake_header_buffer_clear( state) state->gnutls_internals.handshake_header_buffer.header_size = 0 /* This function will receive handshake messages of the given types, @@ -900,7 +900,7 @@ int _gnutls_recv_handshake(GNUTLS_STATE state, uint8 ** data, if (length32 > 0) { ret = - _gnutls_handshake_recv_int(state, GNUTLS_HANDSHAKE, + _gnutls_handshake_io_recv_int(state, GNUTLS_HANDSHAKE, type, dataptr, length32); if (ret <= 0) { gnutls_assert(); @@ -915,7 +915,7 @@ int _gnutls_recv_handshake(GNUTLS_STATE state, uint8 ** data, * have have received above. if we get here the we clear the handshake * header we received. */ - _gnutls_clear_handshake_header_buffer(state); + _gnutls_handshake_header_buffer_clear(state); ret = GNUTLS_E_UNKNOWN_ERROR; @@ -926,7 +926,7 @@ int _gnutls_recv_handshake(GNUTLS_STATE state, uint8 ** data, if (recv_type != GNUTLS_HELLO_REQUEST && length32 > 0) { if ((ret = - gnutls_insert_to_handshake_buffer(state, dataptr, + _gnutls_handshake_buffer_put(state, dataptr, length32)) < 0) { gnutls_assert(); return ret; @@ -1704,7 +1704,7 @@ int gnutls_handshake(GNUTLS_STATE state) STATE = STATE0; - _gnutls_clear_handshake_buffers(state); + _gnutls_handshake_io_buffer_clear(state); return 0; } @@ -1714,7 +1714,7 @@ int gnutls_handshake(GNUTLS_STATE state) if (gnutls_error_is_fatal(ret)==0) return ret; \ gnutls_assert(); \ ERR( str, ret); \ - gnutls_clear_handshake_buffer(state); \ + _gnutls_handshake_buffer_clear(state); \ return ret; \ } @@ -2094,8 +2094,9 @@ int gnutls_handshake_common(GNUTLS_STATE state) /* in order to support session resuming */ _gnutls_server_register_current_session(state); } + /* clear handshake buffer */ - gnutls_clear_handshake_buffer(state); + _gnutls_handshake_buffer_clear(state); return ret; } diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index c5d262bd91..632445a28e 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -144,7 +144,7 @@ typedef struct { /* STATE */ typedef enum ConnectionEnd { GNUTLS_SERVER=1, GNUTLS_CLIENT } ConnectionEnd; -typedef enum BulkCipherAlgorithm { GNUTLS_CIPHER_NULL=1, GNUTLS_CIPHER_ARCFOUR, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_CIPHER_RIJNDAEL256_CBC } BulkCipherAlgorithm; +typedef enum BulkCipherAlgorithm { GNUTLS_CIPHER_NULL=1, GNUTLS_CIPHER_ARCFOUR, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_TWOFISH_128_CBC, GNUTLS_CIPHER_RIJNDAEL_256_CBC } BulkCipherAlgorithm; typedef enum Extensions { GNUTLS_EXTENSION_DNSNAME=0, GNUTLS_EXTENSION_MAX_RECORD_SIZE=1, GNUTLS_EXTENSION_SRP=6 } Extensions; typedef enum KXAlgorithm { GNUTLS_KX_X509PKI_RSA=1, GNUTLS_KX_X509PKI_DHE_DSS, GNUTLS_KX_X509PKI_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP } KXAlgorithm; typedef enum CredType { GNUTLS_X509PKI=1, GNUTLS_ANON, GNUTLS_SRP } CredType; @@ -345,9 +345,9 @@ typedef struct { } HANDSHAKE_HEADER_BUFFER; typedef struct { - gnutls_datum buffer; - gnutls_datum hash_buffer; /* used to keep all handshake messages */ - gnutls_datum buffer_handshake; /* this is a buffer that holds the current handshake message */ + gnutls_datum application_data_buffer; /* holds data to be delivered to application layer */ + gnutls_datum handshake_hash_buffer; /* used to keep all handshake messages */ + gnutls_datum handshake_data_buffer; /* this is a buffer that holds the current handshake message */ ResumableSession resumable; /* TRUE or FALSE - if we can resume that session */ HandshakeState handshake_state; /* holds * a number which indicates where @@ -380,7 +380,7 @@ typedef struct { int lowat; /* These buffers are used in the handshake - * protocol only. freed using _gnutls_clear_handshake_buffers(); + * protocol only. freed using _gnutls_handshake_io_buffer_clear(); */ gnutls_datum handshake_send_buffer; size_t handshake_send_buffer_prev_size; @@ -393,15 +393,15 @@ typedef struct { /* this buffer holds a record packet -mostly used for * non blocking IO. */ - gnutls_datum recv_buffer; - gnutls_datum send_buffer; /* holds cached data - * for the gnutls_write_buffered() + gnutls_datum record_recv_buffer; + gnutls_datum record_send_buffer; /* holds cached data + * for the gnutls_io_write_buffered() * function. */ - size_t send_buffer_prev_size; /* holds the + size_t record_send_buffer_prev_size; /* holds the * data written in the previous runs. */ - size_t send_buffer_user_size; /* holds the + size_t record_send_buffer_user_size; /* holds the * size of the user specified data to * send. */ @@ -509,15 +509,6 @@ void _gnutls_free_auth_info( GNUTLS_STATE state); #define _gnutls_get_adv_version_minor( state) \ state->gnutls_internals.adv_version_minor -#define _gnutls_clear_handshake_buffers( state) \ - gnutls_free( state->gnutls_internals.handshake_send_buffer.data); \ - gnutls_free( state->gnutls_internals.handshake_recv_buffer.data); \ - state->gnutls_internals.handshake_send_buffer.data = NULL; \ - state->gnutls_internals.handshake_recv_buffer.data = NULL; \ - state->gnutls_internals.handshake_send_buffer.size = 0; \ - state->gnutls_internals.handshake_recv_buffer.size = 0; \ - state->gnutls_internals.handshake_send_buffer_prev_size = 0 - #define set_adv_version( state, major, minor) \ state->gnutls_internals.adv_version_major = major; \ state->gnutls_internals.adv_version_minor = minor diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 1e8c3aaba3..fe8f2f2a23 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -150,7 +150,7 @@ int default_protocol_list[] = { GNUTLS_TLS1, 0 }; * This is allocated in order to avoid small messages, makeing * the receive procedure slow. */ - (*state)->gnutls_internals.recv_buffer.data = gnutls_malloc(INITIAL_RECV_BUFFER_SIZE); + (*state)->gnutls_internals.record_recv_buffer.data = gnutls_malloc(INITIAL_RECV_BUFFER_SIZE); /* set the default maximum record size for TLS */ @@ -186,16 +186,16 @@ void gnutls_deinit(GNUTLS_STATE state) gdbm_close(state->gnutls_internals.db_reader); #endif - _gnutls_clear_handshake_buffers( state); + _gnutls_handshake_io_buffer_clear( state); gnutls_sfree_datum(&state->connection_state.read_mac_secret); gnutls_sfree_datum(&state->connection_state.write_mac_secret); - _gnutls_free(state->gnutls_internals.recv_buffer.data); - _gnutls_free(state->gnutls_internals.buffer.data); - _gnutls_free(state->gnutls_internals.buffer_handshake.data); - _gnutls_free(state->gnutls_internals.hash_buffer.data); - _gnutls_free(state->gnutls_internals.send_buffer.data); + _gnutls_free(state->gnutls_internals.application_data_buffer.data); + _gnutls_free(state->gnutls_internals.handshake_data_buffer.data); + _gnutls_free(state->gnutls_internals.handshake_hash_buffer.data); + _gnutls_free(state->gnutls_internals.record_recv_buffer.data); + _gnutls_free(state->gnutls_internals.record_send_buffer.data); gnutls_clear_creds( state); @@ -420,7 +420,7 @@ int gnutls_bye( GNUTLS_STATE state, CloseRequest how) case STATE0: case STATE60: if (STATE==STATE60) { - ret = _gnutls_write_flush( state); + ret = _gnutls_io_write_flush( state); } else { ret = gnutls_alert_send( state, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY); STATE = STATE60; @@ -501,14 +501,14 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty /* Only encrypt if we don't have data to send * from the previous run. - probably interrupted. */ - if (state->gnutls_internals.send_buffer.size > 0) { - ret = _gnutls_write_flush( state); + if (state->gnutls_internals.record_send_buffer.size > 0) { + ret = _gnutls_io_write_flush( state); if (ret > 0) cipher_size = ret; else cipher_size = 0; cipher = NULL; - retval = state->gnutls_internals.send_buffer_user_size; + retval = state->gnutls_internals.record_send_buffer_user_size; } else { cipher_size = _gnutls_encrypt( state, headers, RECORD_HEADER_SIZE, data, data2send, &cipher, type); if (cipher_size <= 0) { @@ -518,7 +518,7 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty } retval = data2send; - state->gnutls_internals.send_buffer_user_size = data2send; + state->gnutls_internals.record_send_buffer_user_size = data2send; /* increase sequence number */ @@ -530,7 +530,7 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty return GNUTLS_E_RECORD_LIMIT_REACHED; } - ret = _gnutls_write_buffered( state, cipher, cipher_size); + ret = _gnutls_io_write_buffered( state, cipher, cipher_size); } if ( ret != cipher_size) { @@ -554,7 +554,7 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty return ret; } - state->gnutls_internals.send_buffer_user_size = 0; + state->gnutls_internals.record_send_buffer_user_size = 0; gnutls_free(cipher); @@ -580,7 +580,7 @@ ssize_t _gnutls_send_change_cipher_spec( GNUTLS_STATE state, int again) if (again==0) return gnutls_send_int( state, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, 1); else { - return _gnutls_write_flush( state); + return _gnutls_io_write_flush( state); } } @@ -635,16 +635,16 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty /* If we have enough data in the cache do not bother receiving * a new packet. (in order to flush the cache) */ - if ( (type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE) && gnutls_get_data_buffer_size(type, state) > 0) { - ret = gnutls_get_data_buffer(type, state, data, sizeofdata); + if ( (type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE) && _gnutls_record_buffer_get_size(type, state) > 0) { + ret = _gnutls_record_buffer_get(type, state, data, sizeofdata); if (ret < 0) { gnutls_assert(); return ret; } /* if the buffer just got empty */ - if (gnutls_get_data_buffer_size(type, state)==0) { - if ( (ret2=_gnutls_clear_peeked_data( state)) < 0) { + if (_gnutls_record_buffer_get_size(type, state)==0) { + if ( (ret2=_gnutls_io_clear_peeked_data( state)) < 0) { gnutls_assert(); return ret2; } @@ -656,7 +656,7 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty /* in order for GNUTLS_E_AGAIN to be returned the socket * must be set to non blocking mode */ - if ( (ret = _gnutls_read_buffered( state, &headers, header_size, -1)) != header_size) { + if ( (ret = _gnutls_io_read_buffered( state, &headers, header_size, -1)) != header_size) { if (ret < 0 && gnutls_error_is_fatal(ret)==0) return ret; state->gnutls_internals.valid_connection = VALID_FALSE; @@ -740,7 +740,7 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty /* check if we have that data into buffer. */ - if ( (ret = _gnutls_read_buffered( state, &recv_data, header_size+length, recv_type)) != length+header_size) { + if ( (ret = _gnutls_io_read_buffered( state, &recv_data, header_size+length, recv_type)) != length+header_size) { if (ret<0 && gnutls_error_is_fatal(ret)==0) return ret; state->gnutls_internals.valid_connection = VALID_FALSE; @@ -752,7 +752,7 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty /* ok now we are sure that we can read all the data - so * move on ! */ - _gnutls_clear_read_buffer( state); + _gnutls_io_clear_read_buffer( state); ciphertext = &recv_data[header_size]; /* decrypt the data we got @@ -797,7 +797,7 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty } if ( (recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE)) { - gnutls_insert_to_data_buffer(type, state, (void *) tmpdata, tmplen); + _gnutls_record_buffer_put(type, state, (void *) tmpdata, tmplen); } else { switch (recv_type) { case GNUTLS_ALERT: @@ -848,7 +848,7 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty return GNUTLS_E_UNEXPECTED_PACKET; case GNUTLS_APPLICATION_DATA: /* even if data is unexpected put it into the buffer */ - if ( (ret=gnutls_insert_to_data_buffer(recv_type, state, (void *) tmpdata, tmplen)) < 0) { + if ( (ret=_gnutls_record_buffer_put(recv_type, state, (void *) tmpdata, tmplen)) < 0) { gnutls_assert(); return ret; } @@ -884,15 +884,15 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty /* Get Application data from buffer */ if ((type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE) && (recv_type == type)) { - ret = gnutls_get_data_buffer(type, state, data, sizeofdata); + ret = _gnutls_record_buffer_get(type, state, data, sizeofdata); if (ret < 0) { gnutls_assert(); return ret; } /* if the buffer just got empty */ - if (gnutls_get_data_buffer_size(type, state)==0) { - if ( (ret2 = _gnutls_clear_peeked_data( state)) < 0) { + if (_gnutls_record_buffer_get_size(type, state)==0) { + if ( (ret2 = _gnutls_io_clear_peeked_data( state)) < 0) { gnutls_assert(); return ret2; } diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index 51830ae4e7..a146b18c7c 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -41,7 +41,7 @@ */ int _gnutls_generate_sig_from_hdata( GNUTLS_STATE state, gnutls_cert* cert, gnutls_private_key *pkey, gnutls_datum *signature) { gnutls_datum data; -int size = gnutls_get_handshake_buffer_size( state); +int size = _gnutls_handshake_buffer_get_size( state); int ret; data.data = gnutls_malloc(size); @@ -51,7 +51,7 @@ int ret; return GNUTLS_E_MEMORY_ERROR; } - gnutls_read_handshake_buffer( state, data.data, data.size); + _gnutls_handshake_buffer_peek( state, data.data, data.size); ret = _gnutls_pkcs1_rsa_generate_sig( cert, pkey, &data, signature); gnutls_free_datum( &data); @@ -237,7 +237,7 @@ int _gnutls_pkcs1_rsa_verify_sig( gnutls_cert *cert, const gnutls_datum *data, g */ int _gnutls_verify_sig_hdata( GNUTLS_STATE state, gnutls_cert *cert, gnutls_datum* signature, int ubuffer_size) { gnutls_datum data; -int size = gnutls_get_handshake_buffer_size( state) - ubuffer_size; /* do not get the last message */ +int size = _gnutls_handshake_buffer_get_size( state) - ubuffer_size; /* do not get the last message */ int ret; data.data = gnutls_malloc(size); @@ -247,7 +247,7 @@ int ret; return GNUTLS_E_MEMORY_ERROR; } - gnutls_read_handshake_buffer( state, data.data, data.size); + _gnutls_handshake_buffer_peek( state, data.data, data.size); ret = _gnutls_pkcs1_rsa_verify_sig( cert, &data, signature); if (ret < 0) { |