if (cs->prf == GNUTLS_MAC_UNKNOWN ||
_gnutls_mac_is_ok(mac_to_entry(cs->prf)) == 0)
return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- session->security_parameters.prf_mac = cs->prf;
+ session->security_parameters.prf = mac_to_entry(cs->prf);
} else {
- session->security_parameters.prf_mac = GNUTLS_MAC_MD5_SHA1;
+ session->security_parameters.prf = mac_to_entry(GNUTLS_MAC_MD5_SHA1);
}
session->security_parameters.cs = cs;
/* This is kept outside the ciphersuite entry as on certain
* TLS versions we need a separate PRF MAC, i.e., MD5_SHA1. */
- gnutls_mac_algorithm_t prf_mac;
+ const mac_entry_st *prf;
+
uint8_t master_secret[GNUTLS_MASTER_SIZE];
uint8_t client_random[GNUTLS_RANDOM_SIZE];
uint8_t server_random[GNUTLS_RANDOM_SIZE];
uint8_t etm;
/* Note: if you add anything in Security_Parameters struct, then
- * also modify CPY_COMMON in gnutls_constate.c, and gnutls_session_pack.c,
+ * also modify CPY_COMMON in constate.c, and session_pack.c,
* in order to save it in the session storage.
*/
else
len = session->internals.handshake_hash_buffer_prev_len;
- algorithm = session->security_parameters.prf_mac;
+ algorithm = session->security_parameters.prf->id;
rc = _gnutls_hash_fast(algorithm,
session->internals.
handshake_hash_buffer.data, len,
if (rc < 0)
return gnutls_assert_val(rc);
- hash_len = _gnutls_hash_get_algo_len(mac_to_entry(algorithm));
+ hash_len = session->security_parameters.prf->output_size;
if (type == GNUTLS_SERVER) {
mesg = SERVER_MSG;
{
const version_entry_st *ver = get_version(session);
int ret;
- const mac_entry_st *me;
uint8_t concat[2*MAX_HASH_SIZE];
if (unlikely(ver == NULL))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
}
- me = mac_to_entry(session->security_parameters.prf_mac);
- if (me == NULL)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
ret =
- _gnutls_hash_fast((gnutls_digest_algorithm_t)me->id,
+ _gnutls_hash_fast((gnutls_digest_algorithm_t)session->security_parameters.prf->id,
session->internals.handshake_hash_buffer.
data,
session->internals.handshake_hash_buffer_client_kx_len,
if (ret < 0)
return gnutls_assert_val(ret);
- return _gnutls_set_datum(shash, concat, me->output_size);
+ return _gnutls_set_datum(shash, concat, session->security_parameters.prf->output_size);
}
{
int ret;
- ret = _gnutls_prf_raw(session->security_parameters.prf_mac,
+ ret = _gnutls_prf_raw(session->security_parameters.prf->id,
GNUTLS_MASTER_SIZE, session->security_parameters.master_secret,
label_size, label,
seed_size, (uint8_t *) seed,
}
ret =
- _gnutls_prf_raw(session->security_parameters.prf_mac,
+ _gnutls_prf_raw(session->security_parameters.prf->id,
GNUTLS_MASTER_SIZE, session->security_parameters.master_secret,
label_size, label,
seedsize, seed,
{
char buf[128];
- session->key.temp_secret_size = gnutls_hmac_get_len(session->security_parameters.prf_mac);
+ session->key.temp_secret_size = session->security_parameters.prf->output_size;
/* when no PSK, use the zero-value */
if (psk == NULL) {
psk = (uint8_t*)buf;
}
- return gnutls_hmac_fast(session->security_parameters.prf_mac,
+ return gnutls_hmac_fast(session->security_parameters.prf->id,
"", 0,
psk, psk_size,
session->key.temp_secret);
/* HKDF-Extract(Prev-Secret, key) */
int _tls13_update_secret(gnutls_session_t session, const uint8_t *key, size_t key_size)
{
- return gnutls_hmac_fast(session->security_parameters.prf_mac,
+ return gnutls_hmac_fast(session->security_parameters.prf->id,
session->key.temp_secret, session->key.temp_secret_size,
key, key_size,
session->key.temp_secret);
{
uint8_t digest[MAX_HASH_SIZE];
int ret;
- unsigned digest_size = gnutls_hmac_get_len(session->security_parameters.prf_mac);
+ unsigned digest_size = session->security_parameters.prf->output_size;
if (unlikely(label_size >= sizeof(digest)))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- ret = gnutls_hash_fast((gnutls_digest_algorithm_t)session->security_parameters.prf_mac,
+ ret = gnutls_hash_fast((gnutls_digest_algorithm_t)session->security_parameters.prf->id,
tbh, tbh_size, digest);
if (ret < 0)
return gnutls_assert_val(ret);
goto cleanup;
}
- switch(session->security_parameters.prf_mac) {
+ switch(session->security_parameters.prf->id) {
case GNUTLS_MAC_SHA256:{
struct hmac_sha256_ctx ctx;
const char *label, int label_size, const uint8_t * seed,
int seed_size, int total_bytes, void *ret)
{
- return _gnutls_prf_raw(session->security_parameters.prf_mac,
+ return _gnutls_prf_raw(session->security_parameters.prf->id,
secret_size, secret,
label_size, label,
seed_size, seed,
projects / thirdparty / gnutls.git / commitdiff
