and input data only in the security_parameters extension structure.
Session ticket extension will call the user supplied hello function on resumption.
(the current API to handle that is inexistant. To be revised)
uint16_t len;
int ret;
- if (!session->security_parameters.extensions.oprfi_cb)
+ if (!session->internals.oprfi_cb)
{
gnutls_assert ();
return 0;
size_t len;
if (!session->security_parameters.extensions.oprfi_client ||
- !session->security_parameters.extensions.oprfi_cb)
+ !session->internals.oprfi_cb)
return 0;
/* Allocate buffer for outgoing data. */
}
/* Get outgoing data. */
- ret = session->security_parameters.extensions.oprfi_cb
- (session, session->security_parameters.extensions.oprfi_userdata,
+ ret = session->internals.oprfi_cb
+ (session, session->internals.oprfi_userdata,
session->security_parameters.extensions.oprfi_client_len,
session->security_parameters.extensions.oprfi_client,
session->security_parameters.extensions.oprfi_server);
gnutls_oprfi_enable_server (gnutls_session_t session,
gnutls_oprfi_callback_func cb, void *userdata)
{
- session->security_parameters.extensions.oprfi_cb = cb;
- session->security_parameters.extensions.oprfi_userdata = userdata;
+ session->internals.oprfi_cb = cb;
+ session->internals.oprfi_userdata = userdata;
}
/* Check the integrity of ticket using HMAC-SHA-256. */
mac_secret.data = (void*)
- session->security_parameters.extensions.session_ticket_key->mac_secret;
+ session->internals.session_ticket_key->mac_secret;
mac_secret.size = MAC_SECRET_SIZE;
ret = digest_ticket (&mac_secret, ticket, final);
if (ret < 0)
}
/* Decrypt encrypted_state using 128-bit AES in CBC mode. */
- key.data = (void*)session->security_parameters.extensions.session_ticket_key->key;
+ key.data = (void*)session->internals.session_ticket_key->key;
key.size = KEY_SIZE;
IV.data = ticket->IV;
IV.size = IV_SIZE;
_gnutls_free_datum (&state);
/* Encrypt state using 128-bit AES in CBC mode. */
- key.data = (void*)session->security_parameters.extensions.session_ticket_key->key;
+ key.data = (void*)session->internals.session_ticket_key->key;
key.size = KEY_SIZE;
- IV.data = session->security_parameters.extensions.session_ticket_IV;
+ IV.data = session->internals.session_ticket_IV;
IV.size = IV_SIZE;
ret =
_gnutls_cipher_init (&cipher_hd, GNUTLS_CIPHER_AES_128_CBC, &key, &IV);
/* Fill the ticket structure to compute MAC. */
memcpy (ticket->key_name,
- session->security_parameters.extensions.
- session_ticket_key->key_name, KEY_NAME_SIZE);
+ session->internals.session_ticket_key->key_name, KEY_NAME_SIZE);
memcpy (ticket->IV, IV.data, IV.size);
ticket->encrypted_state_len = encrypted_state.size;
ticket->encrypted_state = encrypted_state.data;
mac_secret.data =
- (void*)session->security_parameters.extensions.session_ticket_key->mac_secret;
+ (void*)session->internals.session_ticket_key->mac_secret;
mac_secret.size = MAC_SECRET_SIZE;
ret = digest_ticket (&mac_secret, ticket, ticket->mac);
if (ret < 0)
/* If the key name of the ticket does not match the one that we
hold, issue a new ticket. */
if (memcmp (ticket.key_name,
- session->security_parameters.extensions.
- session_ticket_key->key_name, KEY_NAME_SIZE))
+ session->internals.session_ticket_key->key_name, KEY_NAME_SIZE))
{
session->internals.session_ticket_renew = 1;
return 0;
}
ret = _gnutls_rnd (GNUTLS_RND_RANDOM,
- session->security_parameters.extensions.
+ session->internals.
session_ticket_IV, IV_SIZE);
if (ret < 0)
{
return ret;
}
- session->security_parameters.extensions.session_ticket_key =
+ session->internals.session_ticket_key =
(struct gnutls_session_ticket_key_st *) key->data;
session->internals.session_ticket_enable = 1;
return 0;
}
#define CPY_EXTENSIONS \
+ gnutls_free(dst->extensions.session_ticket); \
+ gnutls_free(dst->extensions.oprfi_client); \
+ gnutls_free(dst->extensions.oprfi_server); \
memcpy(&dst->extensions.server_names, &src->extensions, sizeof(src->extensions)); \
memset(&src->extensions, 0, sizeof(src->extensions)) /* avoid duplicate free's */
pos += session_id_len;
if (ret == 0)
- { /* resumed! */
+ { /* resumed using default TLS resumption! */
/* Parse only the safe renegotiation extension
* We don't want to parse any other extensions since
* we don't want new extension values to overwrite the
session->security_parameters.max_record_send_size;
resume_copy_required_values (session);
- return 0;
+
+ return _gnutls_user_hello_func (session, adv_version);
}
/* select an appropriate cipher suite
***/
/* Opaque PRF input. */
- gnutls_oprfi_callback_func oprfi_cb;
- const void *oprfi_userdata;
opaque *oprfi_client;
uint16_t oprfi_client_len;
opaque *oprfi_server;
uint16_t oprfi_server_len;
- /* Session Ticket */
- const struct gnutls_session_ticket_key_st *session_ticket_key;
- opaque session_ticket_IV[SESSION_TICKET_IV_SIZE];
-
/* Safe renegotiation. */
uint8_t client_verify_data[MAX_VERIFY_DATA_SIZE];
size_t client_verify_data_len;
int safe_renegotiation_received:1;
int initial_negotiation_completed:1;
+ /* Oprfi */
+ gnutls_oprfi_callback_func oprfi_cb;
+ const void *oprfi_userdata;
+
+ /* Session Ticket */
+ struct gnutls_session_ticket_key_st *session_ticket_key;
+ opaque session_ticket_IV[SESSION_TICKET_IV_SIZE];
+
/* If you add anything here, check _gnutls_handshake_internal_state_clear().
*/
} internals_st;