diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-02-26 02:36:07 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-02-26 10:41:49 +0100 |
commit | 42116c1bc8a7579e5db33a8903c3eb93250e5584 (patch) | |
tree | 58140ad30f646e5a2dae4f1737fb4fd2223e9cdd /lib/gnutls_constate.c | |
parent | 50684ae4cdabf10228db865d0c5c4ebea8dcc747 (diff) | |
download | gnutls-42116c1bc8a7579e5db33a8903c3eb93250e5584.tar.gz |
fixes in DTLS rehandshake and epoch cleanup.
Diffstat (limited to 'lib/gnutls_constate.c')
-rw-r--r-- | lib/gnutls_constate.c | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index 730301081f..84e6fe3682 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -757,14 +757,10 @@ _gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch, } static inline int -epoch_alive (gnutls_session_t session, record_parameters_st * params) +epoch_is_active(gnutls_session_t session, record_parameters_st * params) { const security_parameters_st *sp = &session->security_parameters; - /* DTLS will, in addition, need to check the epoch timeout value. */ - if (params->usage_cnt > 0) - return 1; - if (params->epoch == sp->epoch_read) return 1; @@ -777,6 +773,15 @@ epoch_alive (gnutls_session_t session, record_parameters_st * params) return 0; } +static inline int +epoch_alive (gnutls_session_t session, record_parameters_st * params) +{ + if (params->usage_cnt > 0) + return 1; + + return epoch_is_active(session, params); +} + void _gnutls_epoch_gc (gnutls_session_t session) { @@ -787,12 +792,18 @@ _gnutls_epoch_gc (gnutls_session_t session) /* Free all dead cipher state */ for (i = 0; i < MAX_EPOCH_INDEX; i++) - if (session->record_parameters[i] != NULL - && !epoch_alive (session, session->record_parameters[i])) - { - _gnutls_epoch_free (session, session->record_parameters[i]); - session->record_parameters[i] = NULL; - } + { + if (session->record_parameters[i] != NULL) + { + if (!epoch_is_active(session, session->record_parameters[i]) && session->record_parameters[i]->usage_cnt) + _gnutls_record_log ("REC[%p]: Note inactive epoch %d has %d users\n", session, session->record_parameters[i]->epoch, session->record_parameters[i]->usage_cnt); + if (!epoch_alive (session, session->record_parameters[i])) + { + _gnutls_epoch_free (session, session->record_parameters[i]); + session->record_parameters[i] = NULL; + } + } + } /* Look for contiguous NULLs at the start of the array */ for (i = 0; i < MAX_EPOCH_INDEX && session->record_parameters[i] == NULL; |