From: Nikos Mavrogiannopoulos Date: Thu, 14 Jan 2010 17:56:29 +0000 (+0100) Subject: Further cleanup the extension internal structure. Now if values are not X-Git-Tag: gnutls_2_9_10~163 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d75ba16425be5ed98d11ecd1c8fc2f400d8b8792;p=thirdparty%2Fgnutls.git Further cleanup the extension internal structure. Now if values are not saved and restored when resumming they will be initialized to zero. --- diff --git a/lib/ext_session_ticket.c b/lib/ext_session_ticket.c index e7a2891535..a474ba1cd9 100644 --- a/lib/ext_session_ticket.c +++ b/lib/ext_session_ticket.c @@ -87,7 +87,7 @@ decrypt_ticket (gnutls_session_t session, struct ticket *ticket) int ret; /* Check the integrity of ticket using HMAC-SHA-256. */ - mac_secret.data = + mac_secret.data = (void*) session->security_parameters.extensions.session_ticket_key->mac_secret; mac_secret.size = MAC_SECRET_SIZE; ret = digest_ticket (&mac_secret, ticket, final); @@ -104,7 +104,7 @@ decrypt_ticket (gnutls_session_t session, struct ticket *ticket) } /* Decrypt encrypted_state using 128-bit AES in CBC mode. */ - key.data = session->security_parameters.extensions.session_ticket_key->key; + key.data = (void*)session->security_parameters.extensions.session_ticket_key->key; key.size = KEY_SIZE; IV.data = ticket->IV; IV.size = IV_SIZE; @@ -177,7 +177,7 @@ encrypt_ticket (gnutls_session_t session, struct ticket *ticket) _gnutls_free_datum (&state); /* Encrypt state using 128-bit AES in CBC mode. */ - key.data = session->security_parameters.extensions.session_ticket_key->key; + key.data = (void*)session->security_parameters.extensions.session_ticket_key->key; key.size = KEY_SIZE; IV.data = session->security_parameters.extensions.session_ticket_IV; IV.size = IV_SIZE; @@ -209,7 +209,7 @@ encrypt_ticket (gnutls_session_t session, struct ticket *ticket) ticket->encrypted_state = encrypted_state.data; mac_secret.data = - session->security_parameters.extensions.session_ticket_key->mac_secret; + (void*)session->security_parameters.extensions.session_ticket_key->mac_secret; mac_secret.size = MAC_SECRET_SIZE; ret = digest_ticket (&mac_secret, ticket, ticket->mac); if (ret < 0) diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index 78a38cc1f8..338c060e0e 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -381,17 +381,8 @@ _gnutls_set_write_keys (gnutls_session_t session) } #define CPY_EXTENSIONS \ - memcpy(dst->extensions.server_names, src->extensions.server_names, sizeof(src->extensions.server_names)); \ - dst->extensions.server_names_size = src->extensions.server_names_size; \ - memcpy(dst->extensions.srp_username, src->extensions.srp_username, sizeof(src->extensions.srp_username)); \ - memcpy(dst->extensions.sign_algorithms, src->extensions.sign_algorithms, sizeof(src->extensions.sign_algorithms)); \ - dst->extensions.sign_algorithms_size = src->extensions.sign_algorithms_size; \ - dst->extensions.gnutls_ia_enable = src->extensions.gnutls_ia_enable; \ - dst->extensions.gnutls_ia_peer_enable = src->extensions.gnutls_ia_peer_enable; \ - dst->extensions.gnutls_ia_allowskip = src->extensions.gnutls_ia_allowskip; \ - dst->extensions.gnutls_ia_peer_allowskip = src->extensions.gnutls_ia_peer_allowskip; \ - dst->extensions.do_recv_supplemental = src->extensions.do_recv_supplemental; \ - dst->extensions.do_send_supplemental = src->extensions.do_send_supplemental + memcpy(&dst->extensions.server_names, &src->extensions, sizeof(src->extensions)); \ + memset(&src->extensions, 0, sizeof(src->extensions)) /* avoid duplicate free's */ #define CPY_COMMON dst->entity = src->entity; \ dst->kx_algorithm = src->kx_algorithm; \ @@ -406,7 +397,6 @@ _gnutls_set_write_keys (gnutls_session_t session) dst->max_record_recv_size = src->max_record_recv_size; \ dst->max_record_send_size = src->max_record_send_size; \ dst->version = src->version; \ - CPY_EXTENSIONS; \ memcpy( &dst->inner_secret, &src->inner_secret, GNUTLS_MASTER_SIZE) static void @@ -425,6 +415,7 @@ _gnutls_cpy_write_security_parameters (security_parameters_st * dst, security_parameters_st * src) { CPY_COMMON; + CPY_EXTENSIONS; /* only do once */ dst->write_bulk_cipher_algorithm = src->write_bulk_cipher_algorithm; dst->write_mac_algorithm = src->write_mac_algorithm; diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index fec71a7fef..df5dc4f429 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -331,21 +331,22 @@ typedef struct /* Used by extensions that enable supplemental data. */ int do_recv_supplemental, do_send_supplemental; + opaque *session_ticket; + uint16_t session_ticket_len; + /*** Those below do not get copied when resuming session ***/ /* Opaque PRF input. */ gnutls_oprfi_callback_func oprfi_cb; - void *oprfi_userdata; + const void *oprfi_userdata; opaque *oprfi_client; uint16_t oprfi_client_len; opaque *oprfi_server; uint16_t oprfi_server_len; /* Session Ticket */ - opaque *session_ticket; - uint16_t session_ticket_len; - struct gnutls_session_ticket_key_st *session_ticket_key; + const struct gnutls_session_ticket_key_st *session_ticket_key; opaque session_ticket_IV[SESSION_TICKET_IV_SIZE]; /* Safe renegotiation. */ diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index 30c9e6b083..3d731348c2 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -1133,6 +1133,7 @@ unpack_security_parameters (gnutls_session_t session, return GNUTLS_E_INVALID_REQUEST; } + memset(&session->internals.resumed_security_parameters, 0, sizeof(session->internals.resumed_security_parameters)); session->internals.resumed_security_parameters.entity = packed_session->data[pos++]; session->internals.resumed_security_parameters.kx_algorithm =