]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Modified extensions (session ticket, oprfi) to store internal data in gnutls internal...
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 15 Jan 2010 04:03:03 +0000 (05:03 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 15 Jan 2010 04:08:42 +0000 (05:08 +0100)
and input data only in the security_parameters extension structure.

Session ticket extension will call the user supplied hello function on resumption.

(the current API to handle that is inexistant. To be revised)

lib/ext_oprfi.c
lib/ext_session_ticket.c
lib/gnutls_constate.c
lib/gnutls_handshake.c
lib/gnutls_int.h

index b187684878972b05c1de904c151259104733f6b7..a20d9b3ab1a91121209ae2213161cffa86ba780a 100644 (file)
@@ -40,7 +40,7 @@ oprfi_recv_server (gnutls_session_t session,
   uint16_t len;
   int ret;
 
-  if (!session->security_parameters.extensions.oprfi_cb)
+  if (!session->internals.oprfi_cb)
     {
       gnutls_assert ();
       return 0;
@@ -152,7 +152,7 @@ oprfi_send_server (gnutls_session_t session, opaque * data, size_t _data_size)
   size_t len;
 
   if (!session->security_parameters.extensions.oprfi_client ||
-      !session->security_parameters.extensions.oprfi_cb)
+      !session->internals.oprfi_cb)
     return 0;
 
   /* Allocate buffer for outgoing data. */
@@ -167,8 +167,8 @@ oprfi_send_server (gnutls_session_t session, opaque * data, size_t _data_size)
     }
 
   /* Get outgoing data. */
-  ret = session->security_parameters.extensions.oprfi_cb
-    (session, session->security_parameters.extensions.oprfi_userdata,
+  ret = session->internals.oprfi_cb
+    (session, session->internals.oprfi_userdata,
      session->security_parameters.extensions.oprfi_client_len,
      session->security_parameters.extensions.oprfi_client,
      session->security_parameters.extensions.oprfi_server);
@@ -249,6 +249,6 @@ void
 gnutls_oprfi_enable_server (gnutls_session_t session,
                            gnutls_oprfi_callback_func cb, void *userdata)
 {
-  session->security_parameters.extensions.oprfi_cb = cb;
-  session->security_parameters.extensions.oprfi_userdata = userdata;
+  session->internals.oprfi_cb = cb;
+  session->internals.oprfi_userdata = userdata;
 }
index a474ba1cd9059953cb39d51b7b2f40783d35c0ca..f25c7391734e50c00de43fe13542172a45df5dc6 100644 (file)
@@ -88,7 +88,7 @@ decrypt_ticket (gnutls_session_t session, struct ticket *ticket)
 
   /* Check the integrity of ticket using HMAC-SHA-256. */
   mac_secret.data = (void*)
-    session->security_parameters.extensions.session_ticket_key->mac_secret;
+    session->internals.session_ticket_key->mac_secret;
   mac_secret.size = MAC_SECRET_SIZE;
   ret = digest_ticket (&mac_secret, ticket, final);
   if (ret < 0)
@@ -104,7 +104,7 @@ decrypt_ticket (gnutls_session_t session, struct ticket *ticket)
     }
 
   /* Decrypt encrypted_state using 128-bit AES in CBC mode. */
-  key.data = (void*)session->security_parameters.extensions.session_ticket_key->key;
+  key.data = (void*)session->internals.session_ticket_key->key;
   key.size = KEY_SIZE;
   IV.data = ticket->IV;
   IV.size = IV_SIZE;
@@ -177,9 +177,9 @@ encrypt_ticket (gnutls_session_t session, struct ticket *ticket)
   _gnutls_free_datum (&state);
 
   /* Encrypt state using 128-bit AES in CBC mode. */
-  key.data = (void*)session->security_parameters.extensions.session_ticket_key->key;
+  key.data = (void*)session->internals.session_ticket_key->key;
   key.size = KEY_SIZE;
-  IV.data = session->security_parameters.extensions.session_ticket_IV;
+  IV.data = session->internals.session_ticket_IV;
   IV.size = IV_SIZE;
   ret =
     _gnutls_cipher_init (&cipher_hd, GNUTLS_CIPHER_AES_128_CBC, &key, &IV);
@@ -202,14 +202,13 @@ encrypt_ticket (gnutls_session_t session, struct ticket *ticket)
 
   /* Fill the ticket structure to compute MAC. */
   memcpy (ticket->key_name,
-         session->security_parameters.extensions.
-         session_ticket_key->key_name, KEY_NAME_SIZE);
+         session->internals.session_ticket_key->key_name, KEY_NAME_SIZE);
   memcpy (ticket->IV, IV.data, IV.size);
   ticket->encrypted_state_len = encrypted_state.size;
   ticket->encrypted_state = encrypted_state.data;
 
   mac_secret.data =
-    (void*)session->security_parameters.extensions.session_ticket_key->mac_secret;
+    (void*)session->internals.session_ticket_key->mac_secret;
   mac_secret.size = MAC_SECRET_SIZE;
   ret = digest_ticket (&mac_secret, ticket, ticket->mac);
   if (ret < 0)
@@ -251,8 +250,7 @@ _gnutls_session_ticket_recv_params (gnutls_session_t session,
       /* If the key name of the ticket does not match the one that we
          hold, issue a new ticket. */
       if (memcmp (ticket.key_name,
-                 session->security_parameters.extensions.
-                 session_ticket_key->key_name, KEY_NAME_SIZE))
+                 session->internals.session_ticket_key->key_name, KEY_NAME_SIZE))
        {
          session->internals.session_ticket_renew = 1;
          return 0;
@@ -438,7 +436,7 @@ gnutls_session_ticket_enable_server (gnutls_session_t session,
     }
 
   ret = _gnutls_rnd (GNUTLS_RND_RANDOM,
-                    session->security_parameters.extensions.
+                    session->internals.
                     session_ticket_IV, IV_SIZE);
   if (ret < 0)
     {
@@ -446,7 +444,7 @@ gnutls_session_ticket_enable_server (gnutls_session_t session,
       return ret;
     }
 
-  session->security_parameters.extensions.session_ticket_key =
+  session->internals.session_ticket_key =
     (struct gnutls_session_ticket_key_st *) key->data;
   session->internals.session_ticket_enable = 1;
   return 0;
index 338c060e0edb05e15e2987a29b2864b1e6148baf..4fe6e49581a75554e76f430261ca2fd030a6e9cb 100644 (file)
@@ -381,6 +381,9 @@ _gnutls_set_write_keys (gnutls_session_t session)
 }
 
 #define CPY_EXTENSIONS \
+        gnutls_free(dst->extensions.session_ticket); \
+        gnutls_free(dst->extensions.oprfi_client); \
+        gnutls_free(dst->extensions.oprfi_server); \
        memcpy(&dst->extensions.server_names, &src->extensions, sizeof(src->extensions)); \
        memset(&src->extensions, 0, sizeof(src->extensions)) /* avoid duplicate free's */
 
index 9ea7bd26d8f29bc9740de04e9ae329f8cf7b0a47..2575894d785d7a89ad8b40a218089e55fa2e82a4 100644 (file)
@@ -470,7 +470,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data,
   pos += session_id_len;
 
   if (ret == 0)
-    {                          /* resumed! */
+    { /* resumed using default TLS resumption! */
       /* Parse only the safe renegotiation extension
        * We don't want to parse any other extensions since
        * we don't want new extension values to overwrite the
@@ -585,7 +585,8 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data,
        session->security_parameters.max_record_send_size;
 
       resume_copy_required_values (session);
-       return 0;
+
+      return _gnutls_user_hello_func (session, adv_version);
     }
 
   /* select an appropriate cipher suite
index df5dc4f429be499eb894ee92eb6d8e371b22748a..5799d46bcefd42ec025dad77a39c6273169bc216 100644 (file)
@@ -338,17 +338,11 @@ typedef struct
    ***/
 
   /* Opaque PRF input. */
-  gnutls_oprfi_callback_func oprfi_cb;
-  const void *oprfi_userdata;
   opaque *oprfi_client;
   uint16_t oprfi_client_len;
   opaque *oprfi_server;
   uint16_t oprfi_server_len;
 
-  /* Session Ticket */
-  const struct gnutls_session_ticket_key_st *session_ticket_key;
-  opaque session_ticket_IV[SESSION_TICKET_IV_SIZE];
-
   /* Safe renegotiation. */
   uint8_t client_verify_data[MAX_VERIFY_DATA_SIZE]; 
   size_t client_verify_data_len;
@@ -750,6 +744,14 @@ typedef struct
   int safe_renegotiation_received:1;
   int initial_negotiation_completed:1;
 
+  /* Oprfi */
+  gnutls_oprfi_callback_func oprfi_cb;
+  const void *oprfi_userdata;
+
+  /* Session Ticket */
+  struct gnutls_session_ticket_key_st *session_ticket_key;
+  opaque session_ticket_IV[SESSION_TICKET_IV_SIZE];
+
   /* If you add anything here, check _gnutls_handshake_internal_state_clear().
    */
 } internals_st;