DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

GnuTLS: Use struct wpabuf for push/pull buffers

Browse source
This commit is contained in:
Jouni Malinen 2009-12-20 18:31:56 +02:00
parent 81c85c069a
commit 074be2332f
1 changed files with 30 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

79
src/crypto/tls_gnutls.c
View file

@ -112,8 +112,9 @@ struct tls_connection {
int established; int established;
int verify_peer; int verify_peer;
u8 *push_buf, *pull_buf, *pull_buf_offset; struct wpabuf *push_buf;
size_t push_buf_len, pull_buf_len; struct wpabuf *pull_buf;
const u8 *pull_buf_offset;
int params_set; int params_set;
gnutls_certificate_credentials_t xcred; gnutls_certificate_credentials_t xcred;
@ -241,22 +242,22 @@ static ssize_t tls_pull_func(gnutls_transport_ptr ptr, void *buf,
size_t len) size_t len)
{ {
struct tls_connection *conn = (struct tls_connection *) ptr; struct tls_connection *conn = (struct tls_connection *) ptr;
u8 *end; const u8 *end;
if (conn->pull_buf == NULL) { if (conn->pull_buf == NULL) {
errno = EWOULDBLOCK; errno = EWOULDBLOCK;
return -1; return -1;
} }
end = conn->pull_buf + conn->pull_buf_len; end = wpabuf_head_u8(conn->pull_buf) + wpabuf_len(conn->pull_buf);
if ((size_t) (end - conn->pull_buf_offset) < len) if ((size_t) (end - conn->pull_buf_offset) < len)
len = end - conn->pull_buf_offset; len = end - conn->pull_buf_offset;
os_memcpy(buf, conn->pull_buf_offset, len); os_memcpy(buf, conn->pull_buf_offset, len);
conn->pull_buf_offset += len; conn->pull_buf_offset += len;
if (conn->pull_buf_offset == end) { if (conn->pull_buf_offset == end) {
wpa_printf(MSG_DEBUG, "%s - pull_buf consumed", __func__); wpa_printf(MSG_DEBUG, "%s - pull_buf consumed", __func__);
os_free(conn->pull_buf); wpabuf_free(conn->pull_buf);
conn->pull_buf = conn->pull_buf_offset = NULL; conn->pull_buf = NULL;
conn->pull_buf_len = 0; conn->pull_buf_offset = NULL;
} else { } else {
wpa_printf(MSG_DEBUG, "%s - %lu bytes remaining in pull_buf", wpa_printf(MSG_DEBUG, "%s - %lu bytes remaining in pull_buf",
__func__, __func__,
@ -270,16 +271,12 @@ static ssize_t tls_push_func(gnutls_transport_ptr ptr, const void *buf,
size_t len) size_t len)
{ {
struct tls_connection *conn = (struct tls_connection *) ptr; struct tls_connection *conn = (struct tls_connection *) ptr;
u8 *nbuf;
nbuf = os_realloc(conn->push_buf, conn->push_buf_len + len); if (wpabuf_resize(&conn->push_buf, len) < 0) {
if (nbuf == NULL) {
errno = ENOMEM; errno = ENOMEM;
return -1; return -1;
} }
os_memcpy(nbuf + conn->push_buf_len, buf, len); wpabuf_put_data(conn->push_buf, buf, len);
conn->push_buf = nbuf;
conn->push_buf_len += len;
return len; return len;
} }
@ -383,8 +380,8 @@ void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
os_free(conn->pre_shared_secret); os_free(conn->pre_shared_secret);
os_free(conn->subject_match); os_free(conn->subject_match);
os_free(conn->altsubject_match); os_free(conn->altsubject_match);
os_free(conn->push_buf); wpabuf_free(conn->push_buf);
os_free(conn->pull_buf); wpabuf_free(conn->pull_buf);
os_free(conn); os_free(conn);
} }
@ -407,9 +404,8 @@ int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
* because the connection was already terminated in practice * because the connection was already terminated in practice
* and "close notify" shutdown alert would confuse AS. */ * and "close notify" shutdown alert would confuse AS. */
gnutls_bye(conn->session, GNUTLS_SHUT_RDWR); gnutls_bye(conn->session, GNUTLS_SHUT_RDWR);
os_free(conn->push_buf); wpabuf_free(conn->push_buf);
conn->push_buf = NULL; conn->push_buf = NULL;
conn->push_buf_len = 0;
conn->established = 0; conn->established = 0;
conn->final_phase_finished = 0; conn->final_phase_finished = 0;
#ifdef GNUTLS_IA #ifdef GNUTLS_IA
@ -950,16 +946,13 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
if (conn->pull_buf) { if (conn->pull_buf) {
wpa_printf(MSG_DEBUG, "%s - %lu bytes remaining in " wpa_printf(MSG_DEBUG, "%s - %lu bytes remaining in "
"pull_buf", __func__, "pull_buf", __func__,
(unsigned long) conn->pull_buf_len); (unsigned long) wpabuf_len(conn->pull_buf));
os_free(conn->pull_buf); wpabuf_free(conn->pull_buf);
} }
conn->pull_buf = os_malloc(wpabuf_len(in_data)); conn->pull_buf = wpabuf_dup(in_data);
if (conn->pull_buf == NULL) if (conn->pull_buf == NULL)
return NULL; return NULL;
os_memcpy(conn->pull_buf, wpabuf_head(in_data), conn->pull_buf_offset = wpabuf_head(conn->pull_buf);
wpabuf_len(in_data));
conn->pull_buf_offset = conn->pull_buf;
conn->pull_buf_len = wpabuf_len(in_data);
} }
ret = gnutls_handshake(conn->session); ret = gnutls_handshake(conn->session);
@ -970,7 +963,7 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
conn->push_buf == NULL) { conn->push_buf == NULL) {
/* Need to return something to trigger /* Need to return something to trigger
* completion of EAP-TLS. */ * completion of EAP-TLS. */
conn->push_buf = os_malloc(1); conn->push_buf = wpabuf_alloc(0);
} }
break; break;
case GNUTLS_E_FATAL_ALERT_RECEIVED: case GNUTLS_E_FATAL_ALERT_RECEIVED:
@ -1011,7 +1004,7 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
conn->established = 1; conn->established = 1;
if (conn->push_buf == NULL) { if (conn->push_buf == NULL) {
/* Need to return something to get final TLS ACK. */ /* Need to return something to get final TLS ACK. */
conn->push_buf = os_malloc(1); conn->push_buf = wpabuf_alloc(0);
} }
gnutls_session_get_data(conn->session, NULL, &size); gnutls_session_get_data(conn->session, NULL, &size);
@ -1028,13 +1021,8 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx,
} }
} }
if (conn->push_buf == NULL) out_data = conn->push_buf;
return NULL;
out_data = wpabuf_alloc_ext_data(conn->push_buf, conn->push_buf_len);
if (out_data == NULL)
os_free(conn->push_buf);
conn->push_buf = NULL; conn->push_buf = NULL;
conn->push_buf_len = 0;
return out_data; return out_data;
} }
@ -1068,13 +1056,9 @@ struct wpabuf * tls_connection_encrypt(void *tls_ctx,
__func__, gnutls_strerror(res)); __func__, gnutls_strerror(res));
return NULL; return NULL;
} }
if (conn->push_buf == NULL)
return NULL; buf = conn->push_buf;
buf = wpabuf_alloc_ext_data(conn->push_buf, conn->push_buf_len);
if (buf == NULL)
os_free(conn->push_buf);
conn->push_buf = NULL; conn->push_buf = NULL;
conn->push_buf_len = 0;
return buf; return buf;
} }
@ -1089,15 +1073,13 @@ struct wpabuf * tls_connection_decrypt(void *tls_ctx,
if (conn->pull_buf) { if (conn->pull_buf) {
wpa_printf(MSG_DEBUG, "%s - %lu bytes remaining in " wpa_printf(MSG_DEBUG, "%s - %lu bytes remaining in "
"pull_buf", __func__, "pull_buf", __func__,
(unsigned long) conn->pull_buf_len); (unsigned long) wpabuf_len(conn->pull_buf));
os_free(conn->pull_buf); wpabuf_free(conn->pull_buf);
} }
conn->pull_buf = os_malloc(wpabuf_len(in_data)); conn->pull_buf = wpabuf_dup(in_data);
if (conn->pull_buf == NULL) if (conn->pull_buf == NULL)
return NULL; return NULL;
os_memcpy(conn->pull_buf, wpabuf_head(in_data), wpabuf_len(in_data)); conn->pull_buf_offset = wpabuf_head(conn->pull_buf);
conn->pull_buf_offset = conn->pull_buf;
conn->pull_buf_len = wpabuf_len(in_data);
/* /*
* Even though we try to disable TLS compression, it is possible that * Even though we try to disable TLS compression, it is possible that
@ -1340,12 +1322,11 @@ int tls_connection_ia_send_phase_finished(void *tls_ctx,
if (conn->push_buf == NULL) if (conn->push_buf == NULL)
return -1; return -1;
if (conn->push_buf_len < out_len) if (wpabuf_len(conn->push_buf) < out_len)
out_len = conn->push_buf_len; out_len = wpabuf_len(conn->push_buf);
os_memcpy(out_data, conn->push_buf, out_len); os_memcpy(out_data, wpabuf_head(conn->push_buf), out_len);
os_free(conn->push_buf); wpabuf_free(conn->push_buf);
conn->push_buf = NULL; conn->push_buf = NULL;
conn->push_buf_len = 0;
return out_len; return out_len;
#else /* GNUTLS_IA */ #else /* GNUTLS_IA */
return -1; return -1;