]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Further cleanup the extension internal structure. Now if values are not
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Thu, 14 Jan 2010 17:56:29 +0000 (18:56 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Thu, 14 Jan 2010 17:56:29 +0000 (18:56 +0100)
saved and restored when resumming they will be initialized to zero.

lib/ext_session_ticket.c
lib/gnutls_constate.c
lib/gnutls_int.h
lib/gnutls_session_pack.c

index e7a28915350a08ea825649a8b688a8216786098e..a474ba1cd9059953cb39d51b7b2f40783d35c0ca 100644 (file)
@@ -87,7 +87,7 @@ decrypt_ticket (gnutls_session_t session, struct ticket *ticket)
   int ret;
 
   /* Check the integrity of ticket using HMAC-SHA-256. */
-  mac_secret.data =
+  mac_secret.data = (void*)
     session->security_parameters.extensions.session_ticket_key->mac_secret;
   mac_secret.size = MAC_SECRET_SIZE;
   ret = digest_ticket (&mac_secret, ticket, final);
@@ -104,7 +104,7 @@ decrypt_ticket (gnutls_session_t session, struct ticket *ticket)
     }
 
   /* Decrypt encrypted_state using 128-bit AES in CBC mode. */
-  key.data = session->security_parameters.extensions.session_ticket_key->key;
+  key.data = (void*)session->security_parameters.extensions.session_ticket_key->key;
   key.size = KEY_SIZE;
   IV.data = ticket->IV;
   IV.size = IV_SIZE;
@@ -177,7 +177,7 @@ encrypt_ticket (gnutls_session_t session, struct ticket *ticket)
   _gnutls_free_datum (&state);
 
   /* Encrypt state using 128-bit AES in CBC mode. */
-  key.data = session->security_parameters.extensions.session_ticket_key->key;
+  key.data = (void*)session->security_parameters.extensions.session_ticket_key->key;
   key.size = KEY_SIZE;
   IV.data = session->security_parameters.extensions.session_ticket_IV;
   IV.size = IV_SIZE;
@@ -209,7 +209,7 @@ encrypt_ticket (gnutls_session_t session, struct ticket *ticket)
   ticket->encrypted_state = encrypted_state.data;
 
   mac_secret.data =
-    session->security_parameters.extensions.session_ticket_key->mac_secret;
+    (void*)session->security_parameters.extensions.session_ticket_key->mac_secret;
   mac_secret.size = MAC_SECRET_SIZE;
   ret = digest_ticket (&mac_secret, ticket, ticket->mac);
   if (ret < 0)
index 78a38cc1f83f6234b664d7d0ec4d699ec52ee8dc..338c060e0edb05e15e2987a29b2864b1e6148baf 100644 (file)
@@ -381,17 +381,8 @@ _gnutls_set_write_keys (gnutls_session_t session)
 }
 
 #define CPY_EXTENSIONS \
-       memcpy(dst->extensions.server_names, src->extensions.server_names, sizeof(src->extensions.server_names)); \
-       dst->extensions.server_names_size = src->extensions.server_names_size; \
-       memcpy(dst->extensions.srp_username, src->extensions.srp_username, sizeof(src->extensions.srp_username)); \
-       memcpy(dst->extensions.sign_algorithms, src->extensions.sign_algorithms, sizeof(src->extensions.sign_algorithms)); \
-       dst->extensions.sign_algorithms_size = src->extensions.sign_algorithms_size; \
-       dst->extensions.gnutls_ia_enable = src->extensions.gnutls_ia_enable; \
-       dst->extensions.gnutls_ia_peer_enable = src->extensions.gnutls_ia_peer_enable; \
-       dst->extensions.gnutls_ia_allowskip = src->extensions.gnutls_ia_allowskip; \
-       dst->extensions.gnutls_ia_peer_allowskip = src->extensions.gnutls_ia_peer_allowskip; \
-       dst->extensions.do_recv_supplemental = src->extensions.do_recv_supplemental; \
-       dst->extensions.do_send_supplemental = src->extensions.do_send_supplemental
+       memcpy(&dst->extensions.server_names, &src->extensions, sizeof(src->extensions)); \
+       memset(&src->extensions, 0, sizeof(src->extensions)) /* avoid duplicate free's */
 
 #define CPY_COMMON dst->entity = src->entity; \
        dst->kx_algorithm = src->kx_algorithm; \
@@ -406,7 +397,6 @@ _gnutls_set_write_keys (gnutls_session_t session)
        dst->max_record_recv_size = src->max_record_recv_size; \
        dst->max_record_send_size = src->max_record_send_size; \
        dst->version = src->version; \
-       CPY_EXTENSIONS; \
        memcpy( &dst->inner_secret, &src->inner_secret, GNUTLS_MASTER_SIZE)
 
 static void
@@ -425,6 +415,7 @@ _gnutls_cpy_write_security_parameters (security_parameters_st *
                                       dst, security_parameters_st * src)
 {
   CPY_COMMON;
+  CPY_EXTENSIONS; /* only do once */
 
   dst->write_bulk_cipher_algorithm = src->write_bulk_cipher_algorithm;
   dst->write_mac_algorithm = src->write_mac_algorithm;
index fec71a7fef174bd8bc4079ef2f2076696bec24ed..df5dc4f429be499eb894ee92eb6d8e371b22748a 100644 (file)
@@ -331,21 +331,22 @@ typedef struct
   /* Used by extensions that enable supplemental data. */
   int do_recv_supplemental, do_send_supplemental;
 
+  opaque *session_ticket;
+  uint16_t session_ticket_len;
+
   /*** Those below do not get copied when resuming session 
    ***/
 
   /* Opaque PRF input. */
   gnutls_oprfi_callback_func oprfi_cb;
-  void *oprfi_userdata;
+  const void *oprfi_userdata;
   opaque *oprfi_client;
   uint16_t oprfi_client_len;
   opaque *oprfi_server;
   uint16_t oprfi_server_len;
 
   /* Session Ticket */
-  opaque *session_ticket;
-  uint16_t session_ticket_len;
-  struct gnutls_session_ticket_key_st *session_ticket_key;
+  const struct gnutls_session_ticket_key_st *session_ticket_key;
   opaque session_ticket_IV[SESSION_TICKET_IV_SIZE];
 
   /* Safe renegotiation. */
index 30c9e6b0834222c3b7417755b2678cc06e3b15d9..3d731348c2f0338836d8bed6632871799171a348 100644 (file)
@@ -1133,6 +1133,7 @@ unpack_security_parameters (gnutls_session_t session,
       return GNUTLS_E_INVALID_REQUEST;
     }
 
+  memset(&session->internals.resumed_security_parameters, 0, sizeof(session->internals.resumed_security_parameters));
   session->internals.resumed_security_parameters.entity =
     packed_session->data[pos++];
   session->internals.resumed_security_parameters.kx_algorithm =