diff options
Diffstat (limited to 'src/daemon/https/tls/gnutls_handshake.c')
-rw-r--r-- | src/daemon/https/tls/gnutls_handshake.c | 244 |
1 files changed, 132 insertions, 112 deletions
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c index 84cb96cf..291ad03e 100644 --- a/src/daemon/https/tls/gnutls_handshake.c +++ b/src/daemon/https/tls/gnutls_handshake.c | |||
@@ -67,12 +67,13 @@ | |||
67 | 67 | ||
68 | 68 | ||
69 | static int MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, | 69 | static int MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, |
70 | cipher_suite_st ** cipherSuites, | 70 | cipher_suite_st ** |
71 | int numCipherSuites, | 71 | cipherSuites, |
72 | enum | 72 | int numCipherSuites, |
73 | MHD_GNUTLS_PublicKeyAlgorithm); | 73 | enum |
74 | static int MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data, | 74 | MHD_GNUTLS_PublicKeyAlgorithm); |
75 | int datalen); | 75 | static int MHD_gtls_server_select_suite (MHD_gtls_session_t session, |
76 | opaque * data, int datalen); | ||
76 | 77 | ||
77 | static int MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len); | 78 | static int MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len); |
78 | 79 | ||
@@ -86,7 +87,7 @@ static int MHD_gtls_handshake_client (MHD_gtls_session_t session); | |||
86 | 87 | ||
87 | 88 | ||
88 | static int MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session, | 89 | static int MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session, |
89 | opaque * data, int datalen); | 90 | opaque * data, int datalen); |
90 | 91 | ||
91 | 92 | ||
92 | /* Clears the handshake hash buffers and handles. | 93 | /* Clears the handshake hash buffers and handles. |
@@ -119,8 +120,8 @@ resume_copy_required_values (MHD_gtls_session_t session) | |||
119 | * hello message. | 120 | * hello message. |
120 | */ | 121 | */ |
121 | memcpy (session->security_parameters.current_cipher_suite.suite, | 122 | memcpy (session->security_parameters.current_cipher_suite.suite, |
122 | session->internals.resumed_security_parameters. | 123 | session->internals.resumed_security_parameters.current_cipher_suite. |
123 | current_cipher_suite.suite, 2); | 124 | suite, 2); |
124 | 125 | ||
125 | session->internals.compression_method = | 126 | session->internals.compression_method = |
126 | session->internals.resumed_security_parameters.read_compression_algorithm; | 127 | session->internals.resumed_security_parameters.read_compression_algorithm; |
@@ -132,8 +133,9 @@ resume_copy_required_values (MHD_gtls_session_t session) | |||
132 | session->internals.resumed_security_parameters.entity; | 133 | session->internals.resumed_security_parameters.entity; |
133 | 134 | ||
134 | MHD_gtls_set_current_version (session, | 135 | MHD_gtls_set_current_version (session, |
135 | session->internals. | 136 | session-> |
136 | resumed_security_parameters.version); | 137 | internals.resumed_security_parameters. |
138 | version); | ||
137 | 139 | ||
138 | session->security_parameters.cert_type = | 140 | session->security_parameters.cert_type = |
139 | session->internals.resumed_security_parameters.cert_type; | 141 | session->internals.resumed_security_parameters.cert_type; |
@@ -157,7 +159,8 @@ resume_copy_required_values (MHD_gtls_session_t session) | |||
157 | * | 159 | * |
158 | **/ | 160 | **/ |
159 | void | 161 | void |
160 | MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t session, size_t max) | 162 | MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t session, |
163 | size_t max) | ||
161 | { | 164 | { |
162 | session->internals.max_handshake_data_buffer_size = max; | 165 | session->internals.max_handshake_data_buffer_size = max; |
163 | } | 166 | } |
@@ -215,11 +218,13 @@ MHD__gnutls_ssl3_finished (MHD_gtls_session_t session, int type, opaque * ret) | |||
215 | MHD_gnutls_hash (td_sha, mesg, siz); | 218 | MHD_gnutls_hash (td_sha, mesg, siz); |
216 | 219 | ||
217 | MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, ret, | 220 | MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, ret, |
218 | session->security_parameters. | 221 | session-> |
219 | master_secret, TLS_MASTER_SIZE); | 222 | security_parameters.master_secret, |
223 | TLS_MASTER_SIZE); | ||
220 | MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &ret[16], | 224 | MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &ret[16], |
221 | session->security_parameters. | 225 | session-> |
222 | master_secret, TLS_MASTER_SIZE); | 226 | security_parameters.master_secret, |
227 | TLS_MASTER_SIZE); | ||
223 | 228 | ||
224 | return 0; | 229 | return 0; |
225 | } | 230 | } |
@@ -255,7 +260,7 @@ MHD__gnutls_finished (MHD_gtls_session_t session, int type, void *ret) | |||
255 | { | 260 | { |
256 | MHD_gnutls_assert (); | 261 | MHD_gnutls_assert (); |
257 | if (td_md5 != NULL) | 262 | if (td_md5 != NULL) |
258 | MHD_gnutls_hash_deinit (td_md5, NULL); | 263 | MHD_gnutls_hash_deinit (td_md5, NULL); |
259 | return GNUTLS_E_HASH_FAILED; | 264 | return GNUTLS_E_HASH_FAILED; |
260 | } | 265 | } |
261 | 266 | ||
@@ -301,7 +306,7 @@ MHD_gtls_tls_create_random (opaque * dst) | |||
301 | /* generate server random value */ | 306 | /* generate server random value */ |
302 | MHD_gtls_write_uint32 (tim, dst); | 307 | MHD_gtls_write_uint32 (tim, dst); |
303 | 308 | ||
304 | if (MHD_gc_nonce ((char*) &dst[4], TLS_RANDOM_SIZE - 4) != GC_OK) | 309 | if (MHD_gc_nonce ((char *) &dst[4], TLS_RANDOM_SIZE - 4) != GC_OK) |
305 | { | 310 | { |
306 | MHD_gnutls_assert (); | 311 | MHD_gnutls_assert (); |
307 | return GNUTLS_E_RANDOM_FAILED; | 312 | return GNUTLS_E_RANDOM_FAILED; |
@@ -377,7 +382,7 @@ MHD_gtls_user_hello_func (MHD_gtls_session_t session, | |||
377 | */ | 382 | */ |
378 | static int | 383 | static int |
379 | MHD__gnutls_read_client_hello (MHD_gtls_session_t session, opaque * data, | 384 | MHD__gnutls_read_client_hello (MHD_gtls_session_t session, opaque * data, |
380 | int datalen) | 385 | int datalen) |
381 | { | 386 | { |
382 | uint8_t session_id_len; | 387 | uint8_t session_id_len; |
383 | int pos = 0, ret = 0; | 388 | int pos = 0, ret = 0; |
@@ -390,7 +395,7 @@ MHD__gnutls_read_client_hello (MHD_gtls_session_t session, opaque * data, | |||
390 | DECR_LEN (len, 2); | 395 | DECR_LEN (len, 2); |
391 | 396 | ||
392 | MHD__gnutls_handshake_log ("HSK[%x]: Client's version: %d.%d\n", session, | 397 | MHD__gnutls_handshake_log ("HSK[%x]: Client's version: %d.%d\n", session, |
393 | data[pos], data[pos + 1]); | 398 | data[pos], data[pos + 1]); |
394 | 399 | ||
395 | adv_version = MHD_gtls_version_get (data[pos], data[pos + 1]); | 400 | adv_version = MHD_gtls_version_get (data[pos], data[pos + 1]); |
396 | set_adv_version (session, data[pos], data[pos + 1]); | 401 | set_adv_version (session, data[pos], data[pos + 1]); |
@@ -437,8 +442,8 @@ MHD__gnutls_read_client_hello (MHD_gtls_session_t session, opaque * data, | |||
437 | else | 442 | else |
438 | { | 443 | { |
439 | MHD_gtls_generate_session_id (session->security_parameters.session_id, | 444 | MHD_gtls_generate_session_id (session->security_parameters.session_id, |
440 | &session->security_parameters. | 445 | &session-> |
441 | session_id_size); | 446 | security_parameters.session_id_size); |
442 | 447 | ||
443 | session->internals.resumed = RESUME_FALSE; | 448 | session->internals.resumed = RESUME_FALSE; |
444 | } | 449 | } |
@@ -573,18 +578,20 @@ MHD__gnutls_send_finished (MHD_gtls_session_t session, int again) | |||
573 | return ret; | 578 | return ret; |
574 | } | 579 | } |
575 | 580 | ||
576 | if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) | 581 | if (MHD__gnutls_protocol_get_version (session) == |
582 | MHD_GNUTLS_PROTOCOL_SSL3) | ||
577 | { | 583 | { |
578 | ret = | 584 | ret = |
579 | MHD__gnutls_ssl3_finished (session, | 585 | MHD__gnutls_ssl3_finished (session, |
580 | session->security_parameters.entity, data); | 586 | session->security_parameters.entity, |
587 | data); | ||
581 | data_size = 36; | 588 | data_size = 36; |
582 | } | 589 | } |
583 | else | 590 | else |
584 | { /* TLS 1.0 */ | 591 | { /* TLS 1.0 */ |
585 | ret = | 592 | ret = |
586 | MHD__gnutls_finished (session, | 593 | MHD__gnutls_finished (session, |
587 | session->security_parameters.entity, data); | 594 | session->security_parameters.entity, data); |
588 | data_size = 12; | 595 | data_size = 12; |
589 | } | 596 | } |
590 | 597 | ||
@@ -645,15 +652,15 @@ MHD__gnutls_recv_finished (MHD_gtls_session_t session) | |||
645 | { | 652 | { |
646 | ret = | 653 | ret = |
647 | MHD__gnutls_ssl3_finished (session, | 654 | MHD__gnutls_ssl3_finished (session, |
648 | (session->security_parameters.entity + 1) % 2, | 655 | (session->security_parameters.entity + |
649 | data); | 656 | 1) % 2, data); |
650 | } | 657 | } |
651 | else | 658 | else |
652 | { /* TLS 1.0 */ | 659 | { /* TLS 1.0 */ |
653 | ret = | 660 | ret = |
654 | MHD__gnutls_finished (session, | 661 | MHD__gnutls_finished (session, |
655 | (session->security_parameters.entity + | 662 | (session->security_parameters.entity + |
656 | 1) % 2, data); | 663 | 1) % 2, data); |
657 | } | 664 | } |
658 | 665 | ||
659 | if (ret < 0) | 666 | if (ret < 0) |
@@ -678,7 +685,7 @@ MHD__gnutls_recv_finished (MHD_gtls_session_t session) | |||
678 | */ | 685 | */ |
679 | static int | 686 | static int |
680 | MHD__gnutls_server_find_pk_algos_in_ciphersuites (const opaque * | 687 | MHD__gnutls_server_find_pk_algos_in_ciphersuites (const opaque * |
681 | data, int datalen) | 688 | data, int datalen) |
682 | { | 689 | { |
683 | int j; | 690 | int j; |
684 | enum MHD_GNUTLS_PublicKeyAlgorithm algo = GNUTLS_PK_NONE, prev_algo = 0; | 691 | enum MHD_GNUTLS_PublicKeyAlgorithm algo = GNUTLS_PK_NONE, prev_algo = 0; |
@@ -763,12 +770,13 @@ MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data, | |||
763 | for (j = 0; j < datalen; j += 2) | 770 | for (j = 0; j < datalen; j += 2) |
764 | { | 771 | { |
765 | memcpy (&cs.suite, &data[j], 2); | 772 | memcpy (&cs.suite, &data[j], 2); |
766 | MHD__gnutls_handshake_log ("\t%s\n", MHD_gtls_cipher_suite_get_name (&cs)); | 773 | MHD__gnutls_handshake_log ("\t%s\n", |
774 | MHD_gtls_cipher_suite_get_name (&cs)); | ||
767 | } | 775 | } |
768 | MHD__gnutls_handshake_log ("HSK[%x]: Supported cipher suites: \n", session); | 776 | MHD__gnutls_handshake_log ("HSK[%x]: Supported cipher suites: \n", session); |
769 | for (j = 0; j < x; j++) | 777 | for (j = 0; j < x; j++) |
770 | MHD__gnutls_handshake_log ("\t%s\n", | 778 | MHD__gnutls_handshake_log ("\t%s\n", |
771 | MHD_gtls_cipher_suite_get_name (&ciphers[j])); | 779 | MHD_gtls_cipher_suite_get_name (&ciphers[j])); |
772 | #endif | 780 | #endif |
773 | memset (session->security_parameters.current_cipher_suite.suite, '\0', 2); | 781 | memset (session->security_parameters.current_cipher_suite.suite, '\0', 2); |
774 | 782 | ||
@@ -806,9 +814,9 @@ finish: | |||
806 | */ | 814 | */ |
807 | if (MHD_gtls_get_kx_cred | 815 | if (MHD_gtls_get_kx_cred |
808 | (session, | 816 | (session, |
809 | MHD_gtls_cipher_suite_get_kx_algo (&session->security_parameters. | 817 | MHD_gtls_cipher_suite_get_kx_algo (&session-> |
810 | current_cipher_suite), &err) == NULL | 818 | security_parameters.current_cipher_suite), |
811 | && err != 0) | 819 | &err) == NULL && err != 0) |
812 | { | 820 | { |
813 | MHD_gnutls_assert (); | 821 | MHD_gnutls_assert (); |
814 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | 822 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; |
@@ -821,8 +829,8 @@ finish: | |||
821 | */ | 829 | */ |
822 | session->internals.auth_struct = | 830 | session->internals.auth_struct = |
823 | MHD_gtls_kx_auth_struct (MHD_gtls_cipher_suite_get_kx_algo | 831 | MHD_gtls_kx_auth_struct (MHD_gtls_cipher_suite_get_kx_algo |
824 | (&session->security_parameters. | 832 | (&session-> |
825 | current_cipher_suite)); | 833 | security_parameters.current_cipher_suite)); |
826 | if (session->internals.auth_struct == NULL) | 834 | if (session->internals.auth_struct == NULL) |
827 | { | 835 | { |
828 | 836 | ||
@@ -842,7 +850,7 @@ finish: | |||
842 | */ | 850 | */ |
843 | static int | 851 | static int |
844 | MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session, | 852 | MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session, |
845 | opaque * data, int datalen) | 853 | opaque * data, int datalen) |
846 | { | 854 | { |
847 | int x, i, j; | 855 | int x, i, j; |
848 | uint8_t *comps; | 856 | uint8_t *comps; |
@@ -871,8 +879,8 @@ MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session, | |||
871 | 879 | ||
872 | MHD__gnutls_handshake_log | 880 | MHD__gnutls_handshake_log |
873 | ("HSK[%x]: Selected Compression Method: %s\n", session, | 881 | ("HSK[%x]: Selected Compression Method: %s\n", session, |
874 | MHD_gtls_compression_get_name (session->internals. | 882 | MHD_gtls_compression_get_name (session-> |
875 | compression_method)); | 883 | internals.compression_method)); |
876 | 884 | ||
877 | 885 | ||
878 | return 0; | 886 | return 0; |
@@ -896,7 +904,8 @@ MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session, | |||
896 | */ | 904 | */ |
897 | static int | 905 | static int |
898 | MHD__gnutls_send_empty_handshake (MHD_gtls_session_t session, | 906 | MHD__gnutls_send_empty_handshake (MHD_gtls_session_t session, |
899 | MHD_gnutls_handshake_description_t type, int again) | 907 | MHD_gnutls_handshake_description_t type, |
908 | int again) | ||
900 | { | 909 | { |
901 | opaque data = 0; | 910 | opaque data = 0; |
902 | opaque *ptr; | 911 | opaque *ptr; |
@@ -913,8 +922,8 @@ MHD__gnutls_send_empty_handshake (MHD_gtls_session_t session, | |||
913 | /* This function will hash the handshake message we sent. */ | 922 | /* This function will hash the handshake message we sent. */ |
914 | static int | 923 | static int |
915 | MHD__gnutls_handshake_hash_add_sent (MHD_gtls_session_t session, | 924 | MHD__gnutls_handshake_hash_add_sent (MHD_gtls_session_t session, |
916 | MHD_gnutls_handshake_description_t type, | 925 | MHD_gnutls_handshake_description_t type, |
917 | opaque * dataptr, uint32_t datalen) | 926 | opaque * dataptr, uint32_t datalen) |
918 | { | 927 | { |
919 | int ret; | 928 | int ret; |
920 | 929 | ||
@@ -987,7 +996,8 @@ MHD_gtls_send_handshake (MHD_gtls_session_t session, void *i_data, | |||
987 | */ | 996 | */ |
988 | if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) | 997 | if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) |
989 | if ((ret = | 998 | if ((ret = |
990 | MHD__gnutls_handshake_hash_add_sent (session, type, data, datasize)) < 0) | 999 | MHD__gnutls_handshake_hash_add_sent (session, type, data, |
1000 | datasize)) < 0) | ||
991 | { | 1001 | { |
992 | MHD_gnutls_assert (); | 1002 | MHD_gnutls_assert (); |
993 | MHD_gnutls_afree (data); | 1003 | MHD_gnutls_afree (data); |
@@ -1001,7 +1011,8 @@ MHD_gtls_send_handshake (MHD_gtls_session_t session, void *i_data, | |||
1001 | data, datasize); | 1011 | data, datasize); |
1002 | 1012 | ||
1003 | MHD__gnutls_handshake_log ("HSK[%x]: %s was sent [%ld bytes]\n", | 1013 | MHD__gnutls_handshake_log ("HSK[%x]: %s was sent [%ld bytes]\n", |
1004 | session, MHD__gnutls_handshake2str (type), datasize); | 1014 | session, MHD__gnutls_handshake2str (type), |
1015 | datasize); | ||
1005 | 1016 | ||
1006 | MHD_gnutls_afree (data); | 1017 | MHD_gnutls_afree (data); |
1007 | 1018 | ||
@@ -1017,8 +1028,9 @@ MHD_gtls_send_handshake (MHD_gtls_session_t session, void *i_data, | |||
1017 | #define SSL2_HEADERS 1 | 1028 | #define SSL2_HEADERS 1 |
1018 | static int | 1029 | static int |
1019 | MHD__gnutls_recv_handshake_header (MHD_gtls_session_t session, | 1030 | MHD__gnutls_recv_handshake_header (MHD_gtls_session_t session, |
1020 | MHD_gnutls_handshake_description_t type, | 1031 | MHD_gnutls_handshake_description_t type, |
1021 | MHD_gnutls_handshake_description_t * recv_type) | 1032 | MHD_gnutls_handshake_description_t * |
1033 | recv_type) | ||
1022 | { | 1034 | { |
1023 | int ret; | 1035 | int ret; |
1024 | uint32_t length32 = 0; | 1036 | uint32_t length32 = 0; |
@@ -1032,8 +1044,8 @@ MHD__gnutls_recv_handshake_header (MHD_gtls_session_t session, | |||
1032 | if (session->internals.handshake_header_buffer.header_size == | 1044 | if (session->internals.handshake_header_buffer.header_size == |
1033 | handshake_header_size || (session->internals.v2_hello != 0 | 1045 | handshake_header_size || (session->internals.v2_hello != 0 |
1034 | && type == GNUTLS_HANDSHAKE_CLIENT_HELLO | 1046 | && type == GNUTLS_HANDSHAKE_CLIENT_HELLO |
1035 | && session->internals. | 1047 | && session->internals.handshake_header_buffer. |
1036 | handshake_header_buffer.packet_length > 0)) | 1048 | packet_length > 0)) |
1037 | { | 1049 | { |
1038 | 1050 | ||
1039 | *recv_type = session->internals.handshake_header_buffer.recv_type; | 1051 | *recv_type = session->internals.handshake_header_buffer.recv_type; |
@@ -1076,11 +1088,13 @@ MHD__gnutls_recv_handshake_header (MHD_gtls_session_t session, | |||
1076 | MHD_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, | 1088 | MHD_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, |
1077 | type, | 1089 | type, |
1078 | &dataptr | 1090 | &dataptr |
1079 | [session->internals. | 1091 | [session-> |
1080 | handshake_header_buffer.header_size], | 1092 | internals.handshake_header_buffer. |
1093 | header_size], | ||
1081 | HANDSHAKE_HEADER_SIZE - | 1094 | HANDSHAKE_HEADER_SIZE - |
1082 | session->internals. | 1095 | session-> |
1083 | handshake_header_buffer.header_size); | 1096 | internals.handshake_header_buffer. |
1097 | header_size); | ||
1084 | if (ret <= 0) | 1098 | if (ret <= 0) |
1085 | { | 1099 | { |
1086 | MHD_gnutls_assert (); | 1100 | MHD_gnutls_assert (); |
@@ -1102,8 +1116,9 @@ MHD__gnutls_recv_handshake_header (MHD_gtls_session_t session, | |||
1102 | handshake_header_size = HANDSHAKE_HEADER_SIZE; | 1116 | handshake_header_size = HANDSHAKE_HEADER_SIZE; |
1103 | 1117 | ||
1104 | MHD__gnutls_handshake_log ("HSK[%x]: %s was received [%ld bytes]\n", | 1118 | MHD__gnutls_handshake_log ("HSK[%x]: %s was received [%ld bytes]\n", |
1105 | session, MHD__gnutls_handshake2str (dataptr[0]), | 1119 | session, |
1106 | length32 + HANDSHAKE_HEADER_SIZE); | 1120 | MHD__gnutls_handshake2str (dataptr[0]), |
1121 | length32 + HANDSHAKE_HEADER_SIZE); | ||
1107 | 1122 | ||
1108 | } | 1123 | } |
1109 | else | 1124 | else |
@@ -1115,8 +1130,9 @@ MHD__gnutls_recv_handshake_header (MHD_gtls_session_t session, | |||
1115 | *recv_type = dataptr[0]; | 1130 | *recv_type = dataptr[0]; |
1116 | 1131 | ||
1117 | MHD__gnutls_handshake_log ("HSK[%x]: %s(v2) was received [%ld bytes]\n", | 1132 | MHD__gnutls_handshake_log ("HSK[%x]: %s(v2) was received [%ld bytes]\n", |
1118 | session, MHD__gnutls_handshake2str (*recv_type), | 1133 | session, |
1119 | length32 + handshake_header_size); | 1134 | MHD__gnutls_handshake2str (*recv_type), |
1135 | length32 + handshake_header_size); | ||
1120 | 1136 | ||
1121 | if (*recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO) | 1137 | if (*recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO) |
1122 | { /* it should be one or nothing */ | 1138 | { /* it should be one or nothing */ |
@@ -1147,9 +1163,10 @@ MHD__gnutls_recv_handshake_header (MHD_gtls_session_t session, | |||
1147 | */ | 1163 | */ |
1148 | static int | 1164 | static int |
1149 | MHD__gnutls_handshake_hash_add_recvd (MHD_gtls_session_t session, | 1165 | MHD__gnutls_handshake_hash_add_recvd (MHD_gtls_session_t session, |
1150 | MHD_gnutls_handshake_description_t recv_type, | 1166 | MHD_gnutls_handshake_description_t |
1151 | opaque * header, uint16_t header_size, | 1167 | recv_type, opaque * header, |
1152 | opaque * dataptr, uint32_t datalen) | 1168 | uint16_t header_size, opaque * dataptr, |
1169 | uint32_t datalen) | ||
1153 | { | 1170 | { |
1154 | int ret; | 1171 | int ret; |
1155 | 1172 | ||
@@ -1195,7 +1212,8 @@ MHD__gnutls_handshake_hash_add_recvd (MHD_gtls_session_t session, | |||
1195 | */ | 1212 | */ |
1196 | int | 1213 | int |
1197 | MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t ** data, | 1214 | MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t ** data, |
1198 | int *datalen, MHD_gnutls_handshake_description_t type, | 1215 | int *datalen, |
1216 | MHD_gnutls_handshake_description_t type, | ||
1199 | Optional optional) | 1217 | Optional optional) |
1200 | { | 1218 | { |
1201 | int ret; | 1219 | int ret; |
@@ -1259,11 +1277,12 @@ MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t ** data, | |||
1259 | 1277 | ||
1260 | 1278 | ||
1261 | ret = MHD__gnutls_handshake_hash_add_recvd (session, recv_type, | 1279 | ret = MHD__gnutls_handshake_hash_add_recvd (session, recv_type, |
1262 | session->internals. | 1280 | session-> |
1263 | handshake_header_buffer.header, | 1281 | internals.handshake_header_buffer. |
1264 | session->internals. | 1282 | header, |
1265 | handshake_header_buffer.header_size, | 1283 | session-> |
1266 | dataptr, length32); | 1284 | internals.handshake_header_buffer. |
1285 | header_size, dataptr, length32); | ||
1267 | if (ret < 0) | 1286 | if (ret < 0) |
1268 | { | 1287 | { |
1269 | MHD_gnutls_assert (); | 1288 | MHD_gnutls_assert (); |
@@ -1319,7 +1338,8 @@ MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t ** data, | |||
1319 | * to the session; | 1338 | * to the session; |
1320 | */ | 1339 | */ |
1321 | static int | 1340 | static int |
1322 | MHD__gnutls_client_set_ciphersuite (MHD_gtls_session_t session, opaque suite[2]) | 1341 | MHD__gnutls_client_set_ciphersuite (MHD_gtls_session_t session, |
1342 | opaque suite[2]) | ||
1323 | { | 1343 | { |
1324 | uint8_t z; | 1344 | uint8_t z; |
1325 | cipher_suite_st *cipher_suites; | 1345 | cipher_suite_st *cipher_suites; |
@@ -1355,9 +1375,9 @@ MHD__gnutls_client_set_ciphersuite (MHD_gtls_session_t session, opaque suite[2]) | |||
1355 | memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2); | 1375 | memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2); |
1356 | 1376 | ||
1357 | MHD__gnutls_handshake_log ("HSK[%x]: Selected cipher suite: %s\n", session, | 1377 | MHD__gnutls_handshake_log ("HSK[%x]: Selected cipher suite: %s\n", session, |
1358 | MHD_gtls_cipher_suite_get_name | 1378 | MHD_gtls_cipher_suite_get_name |
1359 | (&session->security_parameters. | 1379 | (&session-> |
1360 | current_cipher_suite)); | 1380 | security_parameters.current_cipher_suite)); |
1361 | 1381 | ||
1362 | 1382 | ||
1363 | /* check if the credentials (username, public key etc.) are ok. | 1383 | /* check if the credentials (username, public key etc.) are ok. |
@@ -1380,8 +1400,8 @@ MHD__gnutls_client_set_ciphersuite (MHD_gtls_session_t session, opaque suite[2]) | |||
1380 | */ | 1400 | */ |
1381 | session->internals.auth_struct = | 1401 | session->internals.auth_struct = |
1382 | MHD_gtls_kx_auth_struct (MHD_gtls_cipher_suite_get_kx_algo | 1402 | MHD_gtls_kx_auth_struct (MHD_gtls_cipher_suite_get_kx_algo |
1383 | (&session->security_parameters. | 1403 | (&session-> |
1384 | current_cipher_suite)); | 1404 | security_parameters.current_cipher_suite)); |
1385 | 1405 | ||
1386 | if (session->internals.auth_struct == NULL) | 1406 | if (session->internals.auth_struct == NULL) |
1387 | { | 1407 | { |
@@ -1402,7 +1422,7 @@ MHD__gnutls_client_set_ciphersuite (MHD_gtls_session_t session, opaque suite[2]) | |||
1402 | */ | 1422 | */ |
1403 | static int | 1423 | static int |
1404 | MHD__gnutls_client_set_comp_method (MHD_gtls_session_t session, | 1424 | MHD__gnutls_client_set_comp_method (MHD_gtls_session_t session, |
1405 | opaque comp_method) | 1425 | opaque comp_method) |
1406 | { | 1426 | { |
1407 | int comp_methods_num; | 1427 | int comp_methods_num; |
1408 | uint8_t *compression_methods; | 1428 | uint8_t *compression_methods; |
@@ -1446,16 +1466,15 @@ MHD__gnutls_client_set_comp_method (MHD_gtls_session_t session, | |||
1446 | */ | 1466 | */ |
1447 | static int | 1467 | static int |
1448 | MHD__gnutls_client_check_if_resuming (MHD_gtls_session_t session, | 1468 | MHD__gnutls_client_check_if_resuming (MHD_gtls_session_t session, |
1449 | opaque * session_id, int session_id_len) | 1469 | opaque * session_id, int session_id_len) |
1450 | { | 1470 | { |
1451 | opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1]; | 1471 | opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1]; |
1452 | 1472 | ||
1453 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID length: %d\n", session, | 1473 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID length: %d\n", session, |
1454 | session_id_len); | 1474 | session_id_len); |
1455 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, | 1475 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, |
1456 | MHD_gtls_bin2hex (session_id, session_id_len, | 1476 | MHD_gtls_bin2hex (session_id, session_id_len, |
1457 | (char*) buf, | 1477 | (char *) buf, sizeof (buf))); |
1458 | sizeof (buf))); | ||
1459 | 1478 | ||
1460 | if (session_id_len > 0 && | 1479 | if (session_id_len > 0 && |
1461 | session->internals.resumed_security_parameters.session_id_size == | 1480 | session->internals.resumed_security_parameters.session_id_size == |
@@ -1491,7 +1510,7 @@ MHD__gnutls_client_check_if_resuming (MHD_gtls_session_t session, | |||
1491 | */ | 1510 | */ |
1492 | static int | 1511 | static int |
1493 | MHD__gnutls_read_server_hello (MHD_gtls_session_t session, | 1512 | MHD__gnutls_read_server_hello (MHD_gtls_session_t session, |
1494 | opaque * data, int datalen) | 1513 | opaque * data, int datalen) |
1495 | { | 1514 | { |
1496 | uint8_t session_id_len = 0; | 1515 | uint8_t session_id_len = 0; |
1497 | int pos = 0; | 1516 | int pos = 0; |
@@ -1506,7 +1525,7 @@ MHD__gnutls_read_server_hello (MHD_gtls_session_t session, | |||
1506 | } | 1525 | } |
1507 | 1526 | ||
1508 | MHD__gnutls_handshake_log ("HSK[%x]: Server's version: %d.%d\n", | 1527 | MHD__gnutls_handshake_log ("HSK[%x]: Server's version: %d.%d\n", |
1509 | session, data[pos], data[pos + 1]); | 1528 | session, data[pos], data[pos + 1]); |
1510 | 1529 | ||
1511 | DECR_LEN (len, 2); | 1530 | DECR_LEN (len, 2); |
1512 | version = MHD_gtls_version_get (data[pos], data[pos + 1]); | 1531 | version = MHD_gtls_version_get (data[pos], data[pos + 1]); |
@@ -1594,7 +1613,7 @@ MHD__gnutls_read_server_hello (MHD_gtls_session_t session, | |||
1594 | */ | 1613 | */ |
1595 | static int | 1614 | static int |
1596 | MHD__gnutls_copy_ciphersuites (MHD_gtls_session_t session, | 1615 | MHD__gnutls_copy_ciphersuites (MHD_gtls_session_t session, |
1597 | opaque * ret_data, size_t ret_data_size) | 1616 | opaque * ret_data, size_t ret_data_size) |
1598 | { | 1617 | { |
1599 | int ret, i; | 1618 | int ret, i; |
1600 | cipher_suite_st *cipher_suites; | 1619 | cipher_suite_st *cipher_suites; |
@@ -1662,7 +1681,7 @@ MHD__gnutls_copy_ciphersuites (MHD_gtls_session_t session, | |||
1662 | */ | 1681 | */ |
1663 | static int | 1682 | static int |
1664 | MHD__gnutls_copy_comp_methods (MHD_gtls_session_t session, | 1683 | MHD__gnutls_copy_comp_methods (MHD_gtls_session_t session, |
1665 | opaque * ret_data, size_t ret_data_size) | 1684 | opaque * ret_data, size_t ret_data_size) |
1666 | { | 1685 | { |
1667 | int ret, i; | 1686 | int ret, i; |
1668 | uint8_t *compression_methods, comp_num; | 1687 | uint8_t *compression_methods, comp_num; |
@@ -1921,7 +1940,7 @@ MHD__gnutls_send_server_hello (MHD_gtls_session_t session, int again) | |||
1921 | */ | 1940 | */ |
1922 | MHD_gnutls_assert (); | 1941 | MHD_gnutls_assert (); |
1923 | ret = MHD__gnutls_alert_send (session, GNUTLS_AL_FATAL, | 1942 | ret = MHD__gnutls_alert_send (session, GNUTLS_AL_FATAL, |
1924 | GNUTLS_A_UNKNOWN_PSK_IDENTITY); | 1943 | GNUTLS_A_UNKNOWN_PSK_IDENTITY); |
1925 | if (ret < 0) | 1944 | if (ret < 0) |
1926 | { | 1945 | { |
1927 | MHD_gnutls_assert (); | 1946 | MHD_gnutls_assert (); |
@@ -1969,16 +1988,17 @@ MHD__gnutls_send_server_hello (MHD_gtls_session_t session, int again) | |||
1969 | pos += session_id_len; | 1988 | pos += session_id_len; |
1970 | 1989 | ||
1971 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, | 1990 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, |
1972 | MHD_gtls_bin2hex (SessionID, session_id_len, | 1991 | MHD_gtls_bin2hex (SessionID, session_id_len, |
1973 | (char*) buf, sizeof (buf))); | 1992 | (char *) buf, |
1993 | sizeof (buf))); | ||
1974 | 1994 | ||
1975 | memcpy (&data[pos], | 1995 | memcpy (&data[pos], |
1976 | session->security_parameters.current_cipher_suite.suite, 2); | 1996 | session->security_parameters.current_cipher_suite.suite, 2); |
1977 | pos += 2; | 1997 | pos += 2; |
1978 | 1998 | ||
1979 | comp = | 1999 | comp = |
1980 | (uint8_t) MHD_gtls_compression_get_num (session-> | 2000 | (uint8_t) MHD_gtls_compression_get_num (session->internals. |
1981 | internals.compression_method); | 2001 | compression_method); |
1982 | data[pos++] = comp; | 2002 | data[pos++] = comp; |
1983 | 2003 | ||
1984 | 2004 | ||
@@ -2103,7 +2123,7 @@ MHD__gnutls_rehandshake (MHD_gtls_session_t session) | |||
2103 | 2123 | ||
2104 | ret = | 2124 | ret = |
2105 | MHD__gnutls_send_empty_handshake (session, GNUTLS_HANDSHAKE_HELLO_REQUEST, | 2125 | MHD__gnutls_send_empty_handshake (session, GNUTLS_HANDSHAKE_HELLO_REQUEST, |
2106 | AGAIN (STATE50)); | 2126 | AGAIN (STATE50)); |
2107 | STATE = STATE50; | 2127 | STATE = STATE50; |
2108 | 2128 | ||
2109 | if (ret < 0) | 2129 | if (ret < 0) |
@@ -2260,14 +2280,14 @@ MHD__gnutls_handshake (MHD_gtls_session_t session) | |||
2260 | } | 2280 | } |
2261 | #if MHD_DEBUG_TLS | 2281 | #if MHD_DEBUG_TLS |
2262 | if (session->security_parameters.entity == GNUTLS_CLIENT) | 2282 | if (session->security_parameters.entity == GNUTLS_CLIENT) |
2263 | { | 2283 | { |
2264 | ret = MHD_gtls_handshake_client (session); | 2284 | ret = MHD_gtls_handshake_client (session); |
2265 | } | 2285 | } |
2266 | else | 2286 | else |
2267 | #endif | 2287 | #endif |
2268 | { | 2288 | { |
2269 | ret = MHD_gtls_handshake_server (session); | 2289 | ret = MHD_gtls_handshake_server (session); |
2270 | } | 2290 | } |
2271 | 2291 | ||
2272 | if (ret < 0) | 2292 | if (ret < 0) |
2273 | { | 2293 | { |
@@ -2323,13 +2343,11 @@ MHD_gtls_handshake_client (MHD_gtls_session_t session) | |||
2323 | 2343 | ||
2324 | if (session->internals.resumed_security_parameters.session_id_size > 0) | 2344 | if (session->internals.resumed_security_parameters.session_id_size > 0) |
2325 | MHD__gnutls_handshake_log ("HSK[%x]: Ask to resume: %s\n", session, | 2345 | MHD__gnutls_handshake_log ("HSK[%x]: Ask to resume: %s\n", session, |
2326 | MHD_gtls_bin2hex (session->internals. | 2346 | MHD_gtls_bin2hex (session-> |
2327 | resumed_security_parameters. | 2347 | internals.resumed_security_parameters.session_id, |
2328 | session_id, | 2348 | session-> |
2329 | session->internals. | 2349 | internals.resumed_security_parameters.session_id_size, |
2330 | resumed_security_parameters. | 2350 | buf, sizeof (buf))); |
2331 | session_id_size, buf, | ||
2332 | sizeof (buf))); | ||
2333 | #endif | 2351 | #endif |
2334 | 2352 | ||
2335 | switch (STATE) | 2353 | switch (STATE) |
@@ -2613,8 +2631,8 @@ MHD_gtls_handshake_server (MHD_gtls_session_t session) | |||
2613 | if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ | 2631 | if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ |
2614 | ret = | 2632 | ret = |
2615 | MHD__gnutls_send_empty_handshake (session, | 2633 | MHD__gnutls_send_empty_handshake (session, |
2616 | GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, | 2634 | GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, |
2617 | AGAIN (STATE6)); | 2635 | AGAIN (STATE6)); |
2618 | STATE = STATE6; | 2636 | STATE = STATE6; |
2619 | IMED_RET ("send server hello done", ret); | 2637 | IMED_RET ("send server hello done", ret); |
2620 | 2638 | ||
@@ -2696,7 +2714,7 @@ MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len) | |||
2696 | { | 2714 | { |
2697 | *len = TLS_MAX_SESSION_ID_SIZE; | 2715 | *len = TLS_MAX_SESSION_ID_SIZE; |
2698 | 2716 | ||
2699 | if (MHD_gc_nonce ((char*) session_id, *len) != GC_OK) | 2717 | if (MHD_gc_nonce ((char *) session_id, *len) != GC_OK) |
2700 | { | 2718 | { |
2701 | MHD_gnutls_assert (); | 2719 | MHD_gnutls_assert (); |
2702 | return GNUTLS_E_RANDOM_FAILED; | 2720 | return GNUTLS_E_RANDOM_FAILED; |
@@ -2804,7 +2822,8 @@ check_server_params (MHD_gtls_session_t session, | |||
2804 | { | 2822 | { |
2805 | MHD_gnutls_psk_server_credentials_t psk_cred = | 2823 | MHD_gnutls_psk_server_credentials_t psk_cred = |
2806 | (MHD_gnutls_psk_server_credentials_t) MHD_gtls_get_cred (session->key, | 2824 | (MHD_gnutls_psk_server_credentials_t) MHD_gtls_get_cred (session->key, |
2807 | cred_type, NULL); | 2825 | cred_type, |
2826 | NULL); | ||
2808 | 2827 | ||
2809 | if (psk_cred != NULL) | 2828 | if (psk_cred != NULL) |
2810 | { | 2829 | { |
@@ -2889,8 +2908,9 @@ MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, | |||
2889 | if (ret < 0) | 2908 | if (ret < 0) |
2890 | { | 2909 | { |
2891 | MHD_gnutls_assert (); | 2910 | MHD_gnutls_assert (); |
2892 | MHD__gnutls_x509_log ("Could not find an appropriate certificate: %s\n", | 2911 | MHD__gnutls_x509_log |
2893 | MHD_gtls_strerror (ret)); | 2912 | ("Could not find an appropriate certificate: %s\n", |
2913 | MHD_gtls_strerror (ret)); | ||
2894 | cert_cred = NULL; | 2914 | cert_cred = NULL; |
2895 | } | 2915 | } |
2896 | } | 2916 | } |
@@ -2954,8 +2974,8 @@ MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, | |||
2954 | { | 2974 | { |
2955 | 2975 | ||
2956 | MHD__gnutls_handshake_log ("HSK[%x]: Keeping ciphersuite: %s\n", | 2976 | MHD__gnutls_handshake_log ("HSK[%x]: Keeping ciphersuite: %s\n", |
2957 | session, | 2977 | session, |
2958 | MHD_gtls_cipher_suite_get_name (&cs)); | 2978 | MHD_gtls_cipher_suite_get_name (&cs)); |
2959 | 2979 | ||
2960 | memcpy (newSuite[newSuiteSize].suite, (*cipherSuites)[i].suite, 2); | 2980 | memcpy (newSuite[newSuiteSize].suite, (*cipherSuites)[i].suite, 2); |
2961 | newSuiteSize++; | 2981 | newSuiteSize++; |
@@ -2963,8 +2983,8 @@ MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, | |||
2963 | else | 2983 | else |
2964 | { | 2984 | { |
2965 | MHD__gnutls_handshake_log ("HSK[%x]: Removing ciphersuite: %s\n", | 2985 | MHD__gnutls_handshake_log ("HSK[%x]: Removing ciphersuite: %s\n", |
2966 | session, | 2986 | session, |
2967 | MHD_gtls_cipher_suite_get_name (&cs)); | 2987 | MHD_gtls_cipher_suite_get_name (&cs)); |
2968 | 2988 | ||
2969 | } | 2989 | } |
2970 | } | 2990 | } |