From 9d7b7a7c95cdc5a84d2454227beb7ff329b17fec Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 20 Sep 2017 11:40:54 +0200 Subject: extensions: simplified semantics of store and check functions That is, _gnutls_extension_list_check was made a boolean function, and both were renamed to more appropriate names such as, _gnutls_hello_ext_is_present, _gnutls_hello_ext_save. Signed-off-by: Nikos Mavrogiannopoulos --- lib/algorithms/ciphersuites.c | 4 ++-- lib/ext/safe_renegotiation.c | 2 +- lib/extensions.c | 23 +++++++---------------- lib/extensions.h | 30 +++++++++++++++++------------- lib/x509.c | 2 +- 5 files changed, 28 insertions(+), 33 deletions(-) diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 0c562012f6..5605913e87 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -1457,7 +1457,7 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, * by RFC4492, probably to allow SSLv2 hellos negotiate elliptic curve * ciphersuites */ if (session->internals.cand_ec_group == NULL && - _gnutls_extension_list_check(session, GNUTLS_EXTENSION_SUPPORTED_ECC) < 0) { + !_gnutls_hello_ext_is_present(session, GNUTLS_EXTENSION_SUPPORTED_ECC)) { session->internals.cand_ec_group = _gnutls_id_to_group(DEFAULT_EC_GROUP); } @@ -1613,7 +1613,7 @@ _gnutls_get_client_ciphersuites(gnutls_session_t session, if (ret < 0) return gnutls_assert_val(ret); - _gnutls_extension_list_add_sr(session); + _gnutls_hello_ext_save_sr(session); } #endif diff --git a/lib/ext/safe_renegotiation.c b/lib/ext/safe_renegotiation.c index 6870cf0bd9..2ab3ad8c4a 100644 --- a/lib/ext/safe_renegotiation.c +++ b/lib/ext/safe_renegotiation.c @@ -222,7 +222,7 @@ int _gnutls_ext_sr_recv_cs(gnutls_session_t session) priv->safe_renegotiation_received = 1; priv->connection_using_safe_renegotiation = 1; - _gnutls_extension_list_add_sr(session); + _gnutls_hello_ext_save_sr(session); if (set != 0) _gnutls_ext_set_session_data(session, diff --git a/lib/extensions.c b/lib/extensions.c index 33dbbf083c..8f33a33df5 100644 --- a/lib/extensions.c +++ b/lib/extensions.c @@ -159,11 +159,6 @@ static unsigned tls_id_to_gid(gnutls_session_t session, unsigned tls_id) return 0; } -void _gnutls_extension_list_add_sr(gnutls_session_t session) -{ - _gnutls_extension_list_add(session, &ext_mod_sr, 1); -} - typedef struct hello_ext_ctx_st { gnutls_session_t session; gnutls_ext_flags_t msg; @@ -186,12 +181,10 @@ int hello_ext_parse(void *_ctx, uint16_t tls_id, const uint8_t *data, int data_s } if (session->security_parameters.entity == GNUTLS_CLIENT) { - if ((ret = - _gnutls_extension_list_check(session, id)) < 0) { + if (!_gnutls_hello_ext_is_present(session, id)) { _gnutls_debug_log("EXT[%p]: Received unexpected extension '%s/%d'\n", session, gnutls_ext_get_name(tls_id), (int)tls_id); - gnutls_assert(); - return ret; + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION); } } @@ -211,7 +204,7 @@ int hello_ext_parse(void *_ctx, uint16_t tls_id, const uint8_t *data, int data_s } if (session->security_parameters.entity == GNUTLS_SERVER) { - ret = _gnutls_extension_list_add(session, ext, 1); + ret = _gnutls_hello_ext_save(session, ext->gid, 1); if (ret == 0) return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION); } @@ -276,16 +269,14 @@ int hello_ext_send(void *_ctx, gnutls_buffer_st *buf) /* ensure we don't send something twice (i.e, overriden extensions in * client), and ensure we are sending only what we received in server. */ - ret = _gnutls_extension_list_check(session, p->gid); + ret = _gnutls_hello_ext_is_present(session, p->gid); if (session->security_parameters.entity == GNUTLS_SERVER) { - if (ret < 0) {/* not advertized */ + if (ret == 0) /* not advertised */ return 0; - } } else { - if (ret == 0) {/* already sent */ + if (ret != 0) /* already sent */ return 0; - } } @@ -304,7 +295,7 @@ int hello_ext_send(void *_ctx, gnutls_buffer_st *buf) if ((appended > 0 || ret == GNUTLS_E_INT_RET_0) && session->security_parameters.entity == GNUTLS_CLIENT) { - _gnutls_extension_list_add(session, p, 0); + _gnutls_hello_ext_save(session, p->gid, 0); } return ret; diff --git a/lib/extensions.h b/lib/extensions.h index 5c0d421462..8868d69766 100644 --- a/lib/extensions.h +++ b/lib/extensions.h @@ -117,19 +117,17 @@ typedef struct hello_ext_entry_st { int _gnutls_ext_register(hello_ext_entry_st *); -void _gnutls_extension_list_add_sr(gnutls_session_t session); - /* Checks if the extension @id provided has been requested - * by us (in client side). In that case it returns zero, - * otherwise a negative error value. + * by us (in client side). In that case it returns non-zero, + * otherwise zero. */ -inline static int -_gnutls_extension_list_check(gnutls_session_t session, extensions_t id) +inline static unsigned +_gnutls_hello_ext_is_present(gnutls_session_t session, extensions_t id) { if (id != 0 && ((1 << id) & session->internals.used_exts)) - return 0; + return 1; - return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION; + return 0; } /* Adds the extension we want to send in the extensions list. @@ -142,17 +140,23 @@ _gnutls_extension_list_check(gnutls_session_t session, extensions_t id) * Returns zero if failed, non-zero on success. */ inline static -unsigned _gnutls_extension_list_add(gnutls_session_t session, - const struct hello_ext_entry_st *e, - unsigned check_dup) +unsigned _gnutls_hello_ext_save(gnutls_session_t session, + extensions_t id, + unsigned check_dup) { - if (check_dup && _gnutls_extension_list_check(session, e->gid) == 0) { + if (check_dup && _gnutls_hello_ext_is_present(session, id)) { return 0; } - session->internals.used_exts |= (1 << e->gid); + session->internals.used_exts |= (1 << id); return 1; } +inline static +void _gnutls_hello_ext_save_sr(gnutls_session_t session) +{ + _gnutls_hello_ext_save(session, GNUTLS_EXTENSION_SAFE_RENEGOTIATION, 1); +} + #endif diff --git a/lib/x509.c b/lib/x509.c index 6ed556e5f9..3eb569e0f2 100644 --- a/lib/x509.c +++ b/lib/x509.c @@ -235,7 +235,7 @@ _gnutls_ocsp_verify_mandatory_stapling(gnutls_session_t session, * * To proceed, first check whether we have requested the certificate status */ - if (_gnutls_extension_list_check(session, GNUTLS_EXTENSION_STATUS_REQUEST) < 0) { + if (!_gnutls_hello_ext_is_present(session, GNUTLS_EXTENSION_STATUS_REQUEST)) { return 0; } -- cgit v1.2.1