Changeset f450ac9 in mod_gnutls


Ignore:
Timestamp:
Jun 9, 2016, 2:50:43 PM (3 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, master, upstream
Children:
70a1e5a
Parents:
d18afb8
git-author:
Thomas Klute <thomas2.klute@…> (06/09/16 14:36:10)
git-committer:
Thomas Klute <thomas2.klute@…> (06/09/16 14:50:43)
Message:

Replace mgs_session_id2sz() with apr_(p?)escape_hex()

There's no need to carry a local bin-to-hex function if APR already
provides a converter. Using integrated pool allocation even avoids a
few string copies in gnutls_hooks.c.

The session hex buffers in gnutls_cache.c don't need room for the
memcache tag because it is added in a apr_psprintf() call if
necessary, so we can save a few bytes of stack space there.

Location:
src
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_cache.c

    rd18afb8 rf450ac9  
    2727
    2828#include "apr_dbm.h"
     29#include <apr_escape.h>
    2930
    3031#include "ap_mpm.h"
     
    4445 */
    4546#define MC_TAG "mod_gnutls:"
    46 #define MC_TAG_LEN sizeof(MC_TAG)
    47 #define STR_SESSION_LEN (GNUTLS_SESSION_ID_STRING_LEN + MC_TAG_LEN)
     47/* two characters per byte, plus one more for '\0' */
     48#define GNUTLS_SESSION_ID_STRING_LEN ((GNUTLS_MAX_SESSION_ID_SIZE * 2) + 1)
    4849
    4950#if MODULE_MAGIC_NUMBER_MAJOR < 20081201
     
    5455APLOG_USE_MODULE(gnutls);
    5556#endif
    56 
    57 char *mgs_session_id2sz(unsigned char *id, int idlen,
    58         char *str, int strsize) {
    59     char *cp;
    60     int n;
    61 
    62     cp = str;
    63     for (n = 0; n < idlen && n < GNUTLS_MAX_SESSION_ID; n++) {
    64         apr_snprintf(cp, strsize - (cp - str), "%02X", id[n]);
    65         cp += 2;
    66     }
    67     *cp = '\0';
    68     return str;
    69 }
    7057
    7158/* Name the Session ID as:
     
    7663                              gnutls_datum_t *dbmkey)
    7764{
    78     char buf[STR_SESSION_LEN];
    79     char *sz;
    80 
    81     sz = mgs_session_id2sz(id, idlen, buf, sizeof (buf));
    82     if (sz == NULL)
     65    char sz[GNUTLS_SESSION_ID_STRING_LEN];
     66    apr_status_t rv = apr_escape_hex(sz, id, idlen, 0, NULL);
     67    if (rv != APR_SUCCESS)
    8368        return -1;
    8469
     
    11398 * to disallow resuming sessions on different servers
    11499 */
    115 static char *mgs_session_id2mc(conn_rec * c, unsigned char *id, int idlen) {
    116     char buf[STR_SESSION_LEN];
    117     char *sz;
    118 
    119     sz = mgs_session_id2sz(id, idlen, buf, sizeof (buf));
    120     if (sz == NULL)
     100static char *mgs_session_id2mc(conn_rec * c, unsigned char *id, int idlen)
     101{
     102    char sz[GNUTLS_SESSION_ID_STRING_LEN];
     103    apr_status_t rv = apr_escape_hex(sz, id, idlen, 0, NULL);
     104    if (rv != APR_SUCCESS)
    121105        return NULL;
    122106
  • src/gnutls_cache.h

    rd18afb8 rf450ac9  
    4141int mgs_cache_session_init(mgs_handle_t *ctxt);
    4242
    43 #define GNUTLS_SESSION_ID_STRING_LEN \
    44     ((GNUTLS_MAX_SESSION_ID + 1) * 2)
    4543
    46 
    47 
    48 /**
    49  * Convert a SSL Session ID into a Null Terminated Hex Encoded String
    50  * @param id raw SSL Session ID
    51  * @param idlen Length of the raw Session ID
    52  * @param str Location to store the Hex Encoded String
    53  * @param strsize The Maximum Length that can be stored in str
    54  */
    55 char *mgs_session_id2sz(unsigned char *id, int idlen, char *str, int strsize);
    5644
    5745/**
  • src/gnutls_hooks.c

    rd18afb8 rf450ac9  
    2727#include "mod_status.h"
    2828#include <util_mutex.h>
     29#include <apr_escape.h>
    2930
    3031#ifdef ENABLE_MSVA
     
    893894int mgs_hook_fixups(request_rec * r) {
    894895    unsigned char sbuf[GNUTLS_MAX_SESSION_ID];
    895     char buf[AP_IOBUFSIZE];
    896896    const char *tmp;
    897897    size_t len;
     
    963963    len = sizeof (sbuf);
    964964    gnutls_session_get_id(ctxt->session, sbuf, &len);
    965     tmp = mgs_session_id2sz(sbuf, len, buf, sizeof (buf));
    966     apr_table_setn(env, "SSL_SESSION_ID", apr_pstrdup(r->pool, tmp));
     965    apr_table_setn(env, "SSL_SESSION_ID",
     966                   apr_pescape_hex(r->pool, sbuf, len, 0));
    967967
    968968    if (gnutls_certificate_type_get(ctxt->session) == GNUTLS_CRT_X509) {
     
    10991099    len = sizeof (sbuf);
    11001100    gnutls_x509_crt_get_serial(cert, sbuf, &len);
    1101     tmp = mgs_session_id2sz(sbuf, len, buf, sizeof (buf));
    1102     apr_table_setn(env, MGS_SIDE("_M_SERIAL"), apr_pstrdup(r->pool, tmp));
     1101    apr_table_setn(env, MGS_SIDE("_M_SERIAL"),
     1102                   apr_pescape_hex(r->pool, sbuf, len, 0));
    11031103
    11041104    ret = gnutls_x509_crt_get_version(cert);
     
    12161216    len = sizeof (sbuf);
    12171217    gnutls_openpgp_crt_get_fingerprint(cert, sbuf, &len);
    1218     tmp = mgs_session_id2sz(sbuf, len, buf, sizeof (buf));
    1219     apr_table_setn(env, MGS_SIDE("_FINGERPRINT"), apr_pstrdup(r->pool, tmp));
     1218    apr_table_setn(env, MGS_SIDE("_FINGERPRINT"),
     1219                   apr_pescape_hex(r->pool, sbuf, len, 0));
    12201220
    12211221    ret = gnutls_openpgp_crt_get_version(cert);
Note: See TracChangeset for help on using the changeset viewer.