saved and restored when resumming they will be initialized to zero.
int ret;
/* Check the integrity of ticket using HMAC-SHA-256. */
- mac_secret.data =
+ mac_secret.data = (void*)
session->security_parameters.extensions.session_ticket_key->mac_secret;
mac_secret.size = MAC_SECRET_SIZE;
ret = digest_ticket (&mac_secret, ticket, final);
}
/* Decrypt encrypted_state using 128-bit AES in CBC mode. */
- key.data = session->security_parameters.extensions.session_ticket_key->key;
+ key.data = (void*)session->security_parameters.extensions.session_ticket_key->key;
key.size = KEY_SIZE;
IV.data = ticket->IV;
IV.size = IV_SIZE;
_gnutls_free_datum (&state);
/* Encrypt state using 128-bit AES in CBC mode. */
- key.data = session->security_parameters.extensions.session_ticket_key->key;
+ key.data = (void*)session->security_parameters.extensions.session_ticket_key->key;
key.size = KEY_SIZE;
IV.data = session->security_parameters.extensions.session_ticket_IV;
IV.size = IV_SIZE;
ticket->encrypted_state = encrypted_state.data;
mac_secret.data =
- session->security_parameters.extensions.session_ticket_key->mac_secret;
+ (void*)session->security_parameters.extensions.session_ticket_key->mac_secret;
mac_secret.size = MAC_SECRET_SIZE;
ret = digest_ticket (&mac_secret, ticket, ticket->mac);
if (ret < 0)
}
#define CPY_EXTENSIONS \
- memcpy(dst->extensions.server_names, src->extensions.server_names, sizeof(src->extensions.server_names)); \
- dst->extensions.server_names_size = src->extensions.server_names_size; \
- memcpy(dst->extensions.srp_username, src->extensions.srp_username, sizeof(src->extensions.srp_username)); \
- memcpy(dst->extensions.sign_algorithms, src->extensions.sign_algorithms, sizeof(src->extensions.sign_algorithms)); \
- dst->extensions.sign_algorithms_size = src->extensions.sign_algorithms_size; \
- dst->extensions.gnutls_ia_enable = src->extensions.gnutls_ia_enable; \
- dst->extensions.gnutls_ia_peer_enable = src->extensions.gnutls_ia_peer_enable; \
- dst->extensions.gnutls_ia_allowskip = src->extensions.gnutls_ia_allowskip; \
- dst->extensions.gnutls_ia_peer_allowskip = src->extensions.gnutls_ia_peer_allowskip; \
- dst->extensions.do_recv_supplemental = src->extensions.do_recv_supplemental; \
- dst->extensions.do_send_supplemental = src->extensions.do_send_supplemental
+ memcpy(&dst->extensions.server_names, &src->extensions, sizeof(src->extensions)); \
+ memset(&src->extensions, 0, sizeof(src->extensions)) /* avoid duplicate free's */
#define CPY_COMMON dst->entity = src->entity; \
dst->kx_algorithm = src->kx_algorithm; \
dst->max_record_recv_size = src->max_record_recv_size; \
dst->max_record_send_size = src->max_record_send_size; \
dst->version = src->version; \
- CPY_EXTENSIONS; \
memcpy( &dst->inner_secret, &src->inner_secret, GNUTLS_MASTER_SIZE)
static void
dst, security_parameters_st * src)
{
CPY_COMMON;
+ CPY_EXTENSIONS; /* only do once */
dst->write_bulk_cipher_algorithm = src->write_bulk_cipher_algorithm;
dst->write_mac_algorithm = src->write_mac_algorithm;
/* Used by extensions that enable supplemental data. */
int do_recv_supplemental, do_send_supplemental;
+ opaque *session_ticket;
+ uint16_t session_ticket_len;
+
/*** Those below do not get copied when resuming session
***/
/* Opaque PRF input. */
gnutls_oprfi_callback_func oprfi_cb;
- void *oprfi_userdata;
+ const void *oprfi_userdata;
opaque *oprfi_client;
uint16_t oprfi_client_len;
opaque *oprfi_server;
uint16_t oprfi_server_len;
/* Session Ticket */
- opaque *session_ticket;
- uint16_t session_ticket_len;
- struct gnutls_session_ticket_key_st *session_ticket_key;
+ const struct gnutls_session_ticket_key_st *session_ticket_key;
opaque session_ticket_IV[SESSION_TICKET_IV_SIZE];
/* Safe renegotiation. */
return GNUTLS_E_INVALID_REQUEST;
}
+ memset(&session->internals.resumed_security_parameters, 0, sizeof(session->internals.resumed_security_parameters));
session->internals.resumed_security_parameters.entity =
packed_session->data[pos++];
session->internals.resumed_security_parameters.kx_algorithm =