aboutsummaryrefslogtreecommitdiff
path: root/src/daemon/https/tls/gnutls_handshake.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/daemon/https/tls/gnutls_handshake.c')
-rw-r--r--src/daemon/https/tls/gnutls_handshake.c244
1 files changed, 132 insertions, 112 deletions
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
index 84cb96cf..291ad03e 100644
--- a/src/daemon/https/tls/gnutls_handshake.c
+++ b/src/daemon/https/tls/gnutls_handshake.c
@@ -67,12 +67,13 @@
67 67
68 68
69static int MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, 69static int MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session,
70 cipher_suite_st ** cipherSuites, 70 cipher_suite_st **
71 int numCipherSuites, 71 cipherSuites,
72 enum 72 int numCipherSuites,
73 MHD_GNUTLS_PublicKeyAlgorithm); 73 enum
74static int MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data, 74 MHD_GNUTLS_PublicKeyAlgorithm);
75 int datalen); 75static int MHD_gtls_server_select_suite (MHD_gtls_session_t session,
76 opaque * data, int datalen);
76 77
77static int MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len); 78static int MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len);
78 79
@@ -86,7 +87,7 @@ static int MHD_gtls_handshake_client (MHD_gtls_session_t session);
86 87
87 88
88static int MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session, 89static int MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session,
89 opaque * data, int datalen); 90 opaque * data, int datalen);
90 91
91 92
92/* Clears the handshake hash buffers and handles. 93/* Clears the handshake hash buffers and handles.
@@ -119,8 +120,8 @@ resume_copy_required_values (MHD_gtls_session_t session)
119 * hello message. 120 * hello message.
120 */ 121 */
121 memcpy (session->security_parameters.current_cipher_suite.suite, 122 memcpy (session->security_parameters.current_cipher_suite.suite,
122 session->internals.resumed_security_parameters. 123 session->internals.resumed_security_parameters.current_cipher_suite.
123 current_cipher_suite.suite, 2); 124 suite, 2);
124 125
125 session->internals.compression_method = 126 session->internals.compression_method =
126 session->internals.resumed_security_parameters.read_compression_algorithm; 127 session->internals.resumed_security_parameters.read_compression_algorithm;
@@ -132,8 +133,9 @@ resume_copy_required_values (MHD_gtls_session_t session)
132 session->internals.resumed_security_parameters.entity; 133 session->internals.resumed_security_parameters.entity;
133 134
134 MHD_gtls_set_current_version (session, 135 MHD_gtls_set_current_version (session,
135 session->internals. 136 session->
136 resumed_security_parameters.version); 137 internals.resumed_security_parameters.
138 version);
137 139
138 session->security_parameters.cert_type = 140 session->security_parameters.cert_type =
139 session->internals.resumed_security_parameters.cert_type; 141 session->internals.resumed_security_parameters.cert_type;
@@ -157,7 +159,8 @@ resume_copy_required_values (MHD_gtls_session_t session)
157 * 159 *
158 **/ 160 **/
159void 161void
160MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t session, size_t max) 162MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t session,
163 size_t max)
161{ 164{
162 session->internals.max_handshake_data_buffer_size = max; 165 session->internals.max_handshake_data_buffer_size = max;
163} 166}
@@ -215,11 +218,13 @@ MHD__gnutls_ssl3_finished (MHD_gtls_session_t session, int type, opaque * ret)
215 MHD_gnutls_hash (td_sha, mesg, siz); 218 MHD_gnutls_hash (td_sha, mesg, siz);
216 219
217 MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, ret, 220 MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, ret,
218 session->security_parameters. 221 session->
219 master_secret, TLS_MASTER_SIZE); 222 security_parameters.master_secret,
223 TLS_MASTER_SIZE);
220 MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &ret[16], 224 MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &ret[16],
221 session->security_parameters. 225 session->
222 master_secret, TLS_MASTER_SIZE); 226 security_parameters.master_secret,
227 TLS_MASTER_SIZE);
223 228
224 return 0; 229 return 0;
225} 230}
@@ -255,7 +260,7 @@ MHD__gnutls_finished (MHD_gtls_session_t session, int type, void *ret)
255 { 260 {
256 MHD_gnutls_assert (); 261 MHD_gnutls_assert ();
257 if (td_md5 != NULL) 262 if (td_md5 != NULL)
258 MHD_gnutls_hash_deinit (td_md5, NULL); 263 MHD_gnutls_hash_deinit (td_md5, NULL);
259 return GNUTLS_E_HASH_FAILED; 264 return GNUTLS_E_HASH_FAILED;
260 } 265 }
261 266
@@ -301,7 +306,7 @@ MHD_gtls_tls_create_random (opaque * dst)
301 /* generate server random value */ 306 /* generate server random value */
302 MHD_gtls_write_uint32 (tim, dst); 307 MHD_gtls_write_uint32 (tim, dst);
303 308
304 if (MHD_gc_nonce ((char*) &dst[4], TLS_RANDOM_SIZE - 4) != GC_OK) 309 if (MHD_gc_nonce ((char *) &dst[4], TLS_RANDOM_SIZE - 4) != GC_OK)
305 { 310 {
306 MHD_gnutls_assert (); 311 MHD_gnutls_assert ();
307 return GNUTLS_E_RANDOM_FAILED; 312 return GNUTLS_E_RANDOM_FAILED;
@@ -377,7 +382,7 @@ MHD_gtls_user_hello_func (MHD_gtls_session_t session,
377 */ 382 */
378static int 383static int
379MHD__gnutls_read_client_hello (MHD_gtls_session_t session, opaque * data, 384MHD__gnutls_read_client_hello (MHD_gtls_session_t session, opaque * data,
380 int datalen) 385 int datalen)
381{ 386{
382 uint8_t session_id_len; 387 uint8_t session_id_len;
383 int pos = 0, ret = 0; 388 int pos = 0, ret = 0;
@@ -390,7 +395,7 @@ MHD__gnutls_read_client_hello (MHD_gtls_session_t session, opaque * data,
390 DECR_LEN (len, 2); 395 DECR_LEN (len, 2);
391 396
392 MHD__gnutls_handshake_log ("HSK[%x]: Client's version: %d.%d\n", session, 397 MHD__gnutls_handshake_log ("HSK[%x]: Client's version: %d.%d\n", session,
393 data[pos], data[pos + 1]); 398 data[pos], data[pos + 1]);
394 399
395 adv_version = MHD_gtls_version_get (data[pos], data[pos + 1]); 400 adv_version = MHD_gtls_version_get (data[pos], data[pos + 1]);
396 set_adv_version (session, data[pos], data[pos + 1]); 401 set_adv_version (session, data[pos], data[pos + 1]);
@@ -437,8 +442,8 @@ MHD__gnutls_read_client_hello (MHD_gtls_session_t session, opaque * data,
437 else 442 else
438 { 443 {
439 MHD_gtls_generate_session_id (session->security_parameters.session_id, 444 MHD_gtls_generate_session_id (session->security_parameters.session_id,
440 &session->security_parameters. 445 &session->
441 session_id_size); 446 security_parameters.session_id_size);
442 447
443 session->internals.resumed = RESUME_FALSE; 448 session->internals.resumed = RESUME_FALSE;
444 } 449 }
@@ -573,18 +578,20 @@ MHD__gnutls_send_finished (MHD_gtls_session_t session, int again)
573 return ret; 578 return ret;
574 } 579 }
575 580
576 if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) 581 if (MHD__gnutls_protocol_get_version (session) ==
582 MHD_GNUTLS_PROTOCOL_SSL3)
577 { 583 {
578 ret = 584 ret =
579 MHD__gnutls_ssl3_finished (session, 585 MHD__gnutls_ssl3_finished (session,
580 session->security_parameters.entity, data); 586 session->security_parameters.entity,
587 data);
581 data_size = 36; 588 data_size = 36;
582 } 589 }
583 else 590 else
584 { /* TLS 1.0 */ 591 { /* TLS 1.0 */
585 ret = 592 ret =
586 MHD__gnutls_finished (session, 593 MHD__gnutls_finished (session,
587 session->security_parameters.entity, data); 594 session->security_parameters.entity, data);
588 data_size = 12; 595 data_size = 12;
589 } 596 }
590 597
@@ -645,15 +652,15 @@ MHD__gnutls_recv_finished (MHD_gtls_session_t session)
645 { 652 {
646 ret = 653 ret =
647 MHD__gnutls_ssl3_finished (session, 654 MHD__gnutls_ssl3_finished (session,
648 (session->security_parameters.entity + 1) % 2, 655 (session->security_parameters.entity +
649 data); 656 1) % 2, data);
650 } 657 }
651 else 658 else
652 { /* TLS 1.0 */ 659 { /* TLS 1.0 */
653 ret = 660 ret =
654 MHD__gnutls_finished (session, 661 MHD__gnutls_finished (session,
655 (session->security_parameters.entity + 662 (session->security_parameters.entity +
656 1) % 2, data); 663 1) % 2, data);
657 } 664 }
658 665
659 if (ret < 0) 666 if (ret < 0)
@@ -678,7 +685,7 @@ MHD__gnutls_recv_finished (MHD_gtls_session_t session)
678 */ 685 */
679static int 686static int
680MHD__gnutls_server_find_pk_algos_in_ciphersuites (const opaque * 687MHD__gnutls_server_find_pk_algos_in_ciphersuites (const opaque *
681 data, int datalen) 688 data, int datalen)
682{ 689{
683 int j; 690 int j;
684 enum MHD_GNUTLS_PublicKeyAlgorithm algo = GNUTLS_PK_NONE, prev_algo = 0; 691 enum MHD_GNUTLS_PublicKeyAlgorithm algo = GNUTLS_PK_NONE, prev_algo = 0;
@@ -763,12 +770,13 @@ MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data,
763 for (j = 0; j < datalen; j += 2) 770 for (j = 0; j < datalen; j += 2)
764 { 771 {
765 memcpy (&cs.suite, &data[j], 2); 772 memcpy (&cs.suite, &data[j], 2);
766 MHD__gnutls_handshake_log ("\t%s\n", MHD_gtls_cipher_suite_get_name (&cs)); 773 MHD__gnutls_handshake_log ("\t%s\n",
774 MHD_gtls_cipher_suite_get_name (&cs));
767 } 775 }
768 MHD__gnutls_handshake_log ("HSK[%x]: Supported cipher suites: \n", session); 776 MHD__gnutls_handshake_log ("HSK[%x]: Supported cipher suites: \n", session);
769 for (j = 0; j < x; j++) 777 for (j = 0; j < x; j++)
770 MHD__gnutls_handshake_log ("\t%s\n", 778 MHD__gnutls_handshake_log ("\t%s\n",
771 MHD_gtls_cipher_suite_get_name (&ciphers[j])); 779 MHD_gtls_cipher_suite_get_name (&ciphers[j]));
772#endif 780#endif
773 memset (session->security_parameters.current_cipher_suite.suite, '\0', 2); 781 memset (session->security_parameters.current_cipher_suite.suite, '\0', 2);
774 782
@@ -806,9 +814,9 @@ finish:
806 */ 814 */
807 if (MHD_gtls_get_kx_cred 815 if (MHD_gtls_get_kx_cred
808 (session, 816 (session,
809 MHD_gtls_cipher_suite_get_kx_algo (&session->security_parameters. 817 MHD_gtls_cipher_suite_get_kx_algo (&session->
810 current_cipher_suite), &err) == NULL 818 security_parameters.current_cipher_suite),
811 && err != 0) 819 &err) == NULL && err != 0)
812 { 820 {
813 MHD_gnutls_assert (); 821 MHD_gnutls_assert ();
814 return GNUTLS_E_INSUFFICIENT_CREDENTIALS; 822 return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
@@ -821,8 +829,8 @@ finish:
821 */ 829 */
822 session->internals.auth_struct = 830 session->internals.auth_struct =
823 MHD_gtls_kx_auth_struct (MHD_gtls_cipher_suite_get_kx_algo 831 MHD_gtls_kx_auth_struct (MHD_gtls_cipher_suite_get_kx_algo
824 (&session->security_parameters. 832 (&session->
825 current_cipher_suite)); 833 security_parameters.current_cipher_suite));
826 if (session->internals.auth_struct == NULL) 834 if (session->internals.auth_struct == NULL)
827 { 835 {
828 836
@@ -842,7 +850,7 @@ finish:
842 */ 850 */
843static int 851static int
844MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session, 852MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session,
845 opaque * data, int datalen) 853 opaque * data, int datalen)
846{ 854{
847 int x, i, j; 855 int x, i, j;
848 uint8_t *comps; 856 uint8_t *comps;
@@ -871,8 +879,8 @@ MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session,
871 879
872 MHD__gnutls_handshake_log 880 MHD__gnutls_handshake_log
873 ("HSK[%x]: Selected Compression Method: %s\n", session, 881 ("HSK[%x]: Selected Compression Method: %s\n", session,
874 MHD_gtls_compression_get_name (session->internals. 882 MHD_gtls_compression_get_name (session->
875 compression_method)); 883 internals.compression_method));
876 884
877 885
878 return 0; 886 return 0;
@@ -896,7 +904,8 @@ MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session,
896 */ 904 */
897static int 905static int
898MHD__gnutls_send_empty_handshake (MHD_gtls_session_t session, 906MHD__gnutls_send_empty_handshake (MHD_gtls_session_t session,
899 MHD_gnutls_handshake_description_t type, int again) 907 MHD_gnutls_handshake_description_t type,
908 int again)
900{ 909{
901 opaque data = 0; 910 opaque data = 0;
902 opaque *ptr; 911 opaque *ptr;
@@ -913,8 +922,8 @@ MHD__gnutls_send_empty_handshake (MHD_gtls_session_t session,
913/* This function will hash the handshake message we sent. */ 922/* This function will hash the handshake message we sent. */
914static int 923static int
915MHD__gnutls_handshake_hash_add_sent (MHD_gtls_session_t session, 924MHD__gnutls_handshake_hash_add_sent (MHD_gtls_session_t session,
916 MHD_gnutls_handshake_description_t type, 925 MHD_gnutls_handshake_description_t type,
917 opaque * dataptr, uint32_t datalen) 926 opaque * dataptr, uint32_t datalen)
918{ 927{
919 int ret; 928 int ret;
920 929
@@ -987,7 +996,8 @@ MHD_gtls_send_handshake (MHD_gtls_session_t session, void *i_data,
987 */ 996 */
988 if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) 997 if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
989 if ((ret = 998 if ((ret =
990 MHD__gnutls_handshake_hash_add_sent (session, type, data, datasize)) < 0) 999 MHD__gnutls_handshake_hash_add_sent (session, type, data,
1000 datasize)) < 0)
991 { 1001 {
992 MHD_gnutls_assert (); 1002 MHD_gnutls_assert ();
993 MHD_gnutls_afree (data); 1003 MHD_gnutls_afree (data);
@@ -1001,7 +1011,8 @@ MHD_gtls_send_handshake (MHD_gtls_session_t session, void *i_data,
1001 data, datasize); 1011 data, datasize);
1002 1012
1003 MHD__gnutls_handshake_log ("HSK[%x]: %s was sent [%ld bytes]\n", 1013 MHD__gnutls_handshake_log ("HSK[%x]: %s was sent [%ld bytes]\n",
1004 session, MHD__gnutls_handshake2str (type), datasize); 1014 session, MHD__gnutls_handshake2str (type),
1015 datasize);
1005 1016
1006 MHD_gnutls_afree (data); 1017 MHD_gnutls_afree (data);
1007 1018
@@ -1017,8 +1028,9 @@ MHD_gtls_send_handshake (MHD_gtls_session_t session, void *i_data,
1017#define SSL2_HEADERS 1 1028#define SSL2_HEADERS 1
1018static int 1029static int
1019MHD__gnutls_recv_handshake_header (MHD_gtls_session_t session, 1030MHD__gnutls_recv_handshake_header (MHD_gtls_session_t session,
1020 MHD_gnutls_handshake_description_t type, 1031 MHD_gnutls_handshake_description_t type,
1021 MHD_gnutls_handshake_description_t * recv_type) 1032 MHD_gnutls_handshake_description_t *
1033 recv_type)
1022{ 1034{
1023 int ret; 1035 int ret;
1024 uint32_t length32 = 0; 1036 uint32_t length32 = 0;
@@ -1032,8 +1044,8 @@ MHD__gnutls_recv_handshake_header (MHD_gtls_session_t session,
1032 if (session->internals.handshake_header_buffer.header_size == 1044 if (session->internals.handshake_header_buffer.header_size ==
1033 handshake_header_size || (session->internals.v2_hello != 0 1045 handshake_header_size || (session->internals.v2_hello != 0
1034 && type == GNUTLS_HANDSHAKE_CLIENT_HELLO 1046 && type == GNUTLS_HANDSHAKE_CLIENT_HELLO
1035 && session->internals. 1047 && session->internals.handshake_header_buffer.
1036 handshake_header_buffer.packet_length > 0)) 1048 packet_length > 0))
1037 { 1049 {
1038 1050
1039 *recv_type = session->internals.handshake_header_buffer.recv_type; 1051 *recv_type = session->internals.handshake_header_buffer.recv_type;
@@ -1076,11 +1088,13 @@ MHD__gnutls_recv_handshake_header (MHD_gtls_session_t session,
1076 MHD_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, 1088 MHD_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
1077 type, 1089 type,
1078 &dataptr 1090 &dataptr
1079 [session->internals. 1091 [session->
1080 handshake_header_buffer.header_size], 1092 internals.handshake_header_buffer.
1093 header_size],
1081 HANDSHAKE_HEADER_SIZE - 1094 HANDSHAKE_HEADER_SIZE -
1082 session->internals. 1095 session->
1083 handshake_header_buffer.header_size); 1096 internals.handshake_header_buffer.
1097 header_size);
1084 if (ret <= 0) 1098 if (ret <= 0)
1085 { 1099 {
1086 MHD_gnutls_assert (); 1100 MHD_gnutls_assert ();
@@ -1102,8 +1116,9 @@ MHD__gnutls_recv_handshake_header (MHD_gtls_session_t session,
1102 handshake_header_size = HANDSHAKE_HEADER_SIZE; 1116 handshake_header_size = HANDSHAKE_HEADER_SIZE;
1103 1117
1104 MHD__gnutls_handshake_log ("HSK[%x]: %s was received [%ld bytes]\n", 1118 MHD__gnutls_handshake_log ("HSK[%x]: %s was received [%ld bytes]\n",
1105 session, MHD__gnutls_handshake2str (dataptr[0]), 1119 session,
1106 length32 + HANDSHAKE_HEADER_SIZE); 1120 MHD__gnutls_handshake2str (dataptr[0]),
1121 length32 + HANDSHAKE_HEADER_SIZE);
1107 1122
1108 } 1123 }
1109 else 1124 else
@@ -1115,8 +1130,9 @@ MHD__gnutls_recv_handshake_header (MHD_gtls_session_t session,
1115 *recv_type = dataptr[0]; 1130 *recv_type = dataptr[0];
1116 1131
1117 MHD__gnutls_handshake_log ("HSK[%x]: %s(v2) was received [%ld bytes]\n", 1132 MHD__gnutls_handshake_log ("HSK[%x]: %s(v2) was received [%ld bytes]\n",
1118 session, MHD__gnutls_handshake2str (*recv_type), 1133 session,
1119 length32 + handshake_header_size); 1134 MHD__gnutls_handshake2str (*recv_type),
1135 length32 + handshake_header_size);
1120 1136
1121 if (*recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO) 1137 if (*recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO)
1122 { /* it should be one or nothing */ 1138 { /* it should be one or nothing */
@@ -1147,9 +1163,10 @@ MHD__gnutls_recv_handshake_header (MHD_gtls_session_t session,
1147 */ 1163 */
1148static int 1164static int
1149MHD__gnutls_handshake_hash_add_recvd (MHD_gtls_session_t session, 1165MHD__gnutls_handshake_hash_add_recvd (MHD_gtls_session_t session,
1150 MHD_gnutls_handshake_description_t recv_type, 1166 MHD_gnutls_handshake_description_t
1151 opaque * header, uint16_t header_size, 1167 recv_type, opaque * header,
1152 opaque * dataptr, uint32_t datalen) 1168 uint16_t header_size, opaque * dataptr,
1169 uint32_t datalen)
1153{ 1170{
1154 int ret; 1171 int ret;
1155 1172
@@ -1195,7 +1212,8 @@ MHD__gnutls_handshake_hash_add_recvd (MHD_gtls_session_t session,
1195 */ 1212 */
1196int 1213int
1197MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t ** data, 1214MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t ** data,
1198 int *datalen, MHD_gnutls_handshake_description_t type, 1215 int *datalen,
1216 MHD_gnutls_handshake_description_t type,
1199 Optional optional) 1217 Optional optional)
1200{ 1218{
1201 int ret; 1219 int ret;
@@ -1259,11 +1277,12 @@ MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t ** data,
1259 1277
1260 1278
1261 ret = MHD__gnutls_handshake_hash_add_recvd (session, recv_type, 1279 ret = MHD__gnutls_handshake_hash_add_recvd (session, recv_type,
1262 session->internals. 1280 session->
1263 handshake_header_buffer.header, 1281 internals.handshake_header_buffer.
1264 session->internals. 1282 header,
1265 handshake_header_buffer.header_size, 1283 session->
1266 dataptr, length32); 1284 internals.handshake_header_buffer.
1285 header_size, dataptr, length32);
1267 if (ret < 0) 1286 if (ret < 0)
1268 { 1287 {
1269 MHD_gnutls_assert (); 1288 MHD_gnutls_assert ();
@@ -1319,7 +1338,8 @@ MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t ** data,
1319 * to the session; 1338 * to the session;
1320 */ 1339 */
1321static int 1340static int
1322MHD__gnutls_client_set_ciphersuite (MHD_gtls_session_t session, opaque suite[2]) 1341MHD__gnutls_client_set_ciphersuite (MHD_gtls_session_t session,
1342 opaque suite[2])
1323{ 1343{
1324 uint8_t z; 1344 uint8_t z;
1325 cipher_suite_st *cipher_suites; 1345 cipher_suite_st *cipher_suites;
@@ -1355,9 +1375,9 @@ MHD__gnutls_client_set_ciphersuite (MHD_gtls_session_t session, opaque suite[2])
1355 memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2); 1375 memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2);
1356 1376
1357 MHD__gnutls_handshake_log ("HSK[%x]: Selected cipher suite: %s\n", session, 1377 MHD__gnutls_handshake_log ("HSK[%x]: Selected cipher suite: %s\n", session,
1358 MHD_gtls_cipher_suite_get_name 1378 MHD_gtls_cipher_suite_get_name
1359 (&session->security_parameters. 1379 (&session->
1360 current_cipher_suite)); 1380 security_parameters.current_cipher_suite));
1361 1381
1362 1382
1363 /* check if the credentials (username, public key etc.) are ok. 1383 /* check if the credentials (username, public key etc.) are ok.
@@ -1380,8 +1400,8 @@ MHD__gnutls_client_set_ciphersuite (MHD_gtls_session_t session, opaque suite[2])
1380 */ 1400 */
1381 session->internals.auth_struct = 1401 session->internals.auth_struct =
1382 MHD_gtls_kx_auth_struct (MHD_gtls_cipher_suite_get_kx_algo 1402 MHD_gtls_kx_auth_struct (MHD_gtls_cipher_suite_get_kx_algo
1383 (&session->security_parameters. 1403 (&session->
1384 current_cipher_suite)); 1404 security_parameters.current_cipher_suite));
1385 1405
1386 if (session->internals.auth_struct == NULL) 1406 if (session->internals.auth_struct == NULL)
1387 { 1407 {
@@ -1402,7 +1422,7 @@ MHD__gnutls_client_set_ciphersuite (MHD_gtls_session_t session, opaque suite[2])
1402 */ 1422 */
1403static int 1423static int
1404MHD__gnutls_client_set_comp_method (MHD_gtls_session_t session, 1424MHD__gnutls_client_set_comp_method (MHD_gtls_session_t session,
1405 opaque comp_method) 1425 opaque comp_method)
1406{ 1426{
1407 int comp_methods_num; 1427 int comp_methods_num;
1408 uint8_t *compression_methods; 1428 uint8_t *compression_methods;
@@ -1446,16 +1466,15 @@ MHD__gnutls_client_set_comp_method (MHD_gtls_session_t session,
1446 */ 1466 */
1447static int 1467static int
1448MHD__gnutls_client_check_if_resuming (MHD_gtls_session_t session, 1468MHD__gnutls_client_check_if_resuming (MHD_gtls_session_t session,
1449 opaque * session_id, int session_id_len) 1469 opaque * session_id, int session_id_len)
1450{ 1470{
1451 opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1]; 1471 opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
1452 1472
1453 MHD__gnutls_handshake_log ("HSK[%x]: SessionID length: %d\n", session, 1473 MHD__gnutls_handshake_log ("HSK[%x]: SessionID length: %d\n", session,
1454 session_id_len); 1474 session_id_len);
1455 MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, 1475 MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session,
1456 MHD_gtls_bin2hex (session_id, session_id_len, 1476 MHD_gtls_bin2hex (session_id, session_id_len,
1457 (char*) buf, 1477 (char *) buf, sizeof (buf)));
1458 sizeof (buf)));
1459 1478
1460 if (session_id_len > 0 && 1479 if (session_id_len > 0 &&
1461 session->internals.resumed_security_parameters.session_id_size == 1480 session->internals.resumed_security_parameters.session_id_size ==
@@ -1491,7 +1510,7 @@ MHD__gnutls_client_check_if_resuming (MHD_gtls_session_t session,
1491 */ 1510 */
1492static int 1511static int
1493MHD__gnutls_read_server_hello (MHD_gtls_session_t session, 1512MHD__gnutls_read_server_hello (MHD_gtls_session_t session,
1494 opaque * data, int datalen) 1513 opaque * data, int datalen)
1495{ 1514{
1496 uint8_t session_id_len = 0; 1515 uint8_t session_id_len = 0;
1497 int pos = 0; 1516 int pos = 0;
@@ -1506,7 +1525,7 @@ MHD__gnutls_read_server_hello (MHD_gtls_session_t session,
1506 } 1525 }
1507 1526
1508 MHD__gnutls_handshake_log ("HSK[%x]: Server's version: %d.%d\n", 1527 MHD__gnutls_handshake_log ("HSK[%x]: Server's version: %d.%d\n",
1509 session, data[pos], data[pos + 1]); 1528 session, data[pos], data[pos + 1]);
1510 1529
1511 DECR_LEN (len, 2); 1530 DECR_LEN (len, 2);
1512 version = MHD_gtls_version_get (data[pos], data[pos + 1]); 1531 version = MHD_gtls_version_get (data[pos], data[pos + 1]);
@@ -1594,7 +1613,7 @@ MHD__gnutls_read_server_hello (MHD_gtls_session_t session,
1594 */ 1613 */
1595static int 1614static int
1596MHD__gnutls_copy_ciphersuites (MHD_gtls_session_t session, 1615MHD__gnutls_copy_ciphersuites (MHD_gtls_session_t session,
1597 opaque * ret_data, size_t ret_data_size) 1616 opaque * ret_data, size_t ret_data_size)
1598{ 1617{
1599 int ret, i; 1618 int ret, i;
1600 cipher_suite_st *cipher_suites; 1619 cipher_suite_st *cipher_suites;
@@ -1662,7 +1681,7 @@ MHD__gnutls_copy_ciphersuites (MHD_gtls_session_t session,
1662 */ 1681 */
1663static int 1682static int
1664MHD__gnutls_copy_comp_methods (MHD_gtls_session_t session, 1683MHD__gnutls_copy_comp_methods (MHD_gtls_session_t session,
1665 opaque * ret_data, size_t ret_data_size) 1684 opaque * ret_data, size_t ret_data_size)
1666{ 1685{
1667 int ret, i; 1686 int ret, i;
1668 uint8_t *compression_methods, comp_num; 1687 uint8_t *compression_methods, comp_num;
@@ -1921,7 +1940,7 @@ MHD__gnutls_send_server_hello (MHD_gtls_session_t session, int again)
1921 */ 1940 */
1922 MHD_gnutls_assert (); 1941 MHD_gnutls_assert ();
1923 ret = MHD__gnutls_alert_send (session, GNUTLS_AL_FATAL, 1942 ret = MHD__gnutls_alert_send (session, GNUTLS_AL_FATAL,
1924 GNUTLS_A_UNKNOWN_PSK_IDENTITY); 1943 GNUTLS_A_UNKNOWN_PSK_IDENTITY);
1925 if (ret < 0) 1944 if (ret < 0)
1926 { 1945 {
1927 MHD_gnutls_assert (); 1946 MHD_gnutls_assert ();
@@ -1969,16 +1988,17 @@ MHD__gnutls_send_server_hello (MHD_gtls_session_t session, int again)
1969 pos += session_id_len; 1988 pos += session_id_len;
1970 1989
1971 MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, 1990 MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session,
1972 MHD_gtls_bin2hex (SessionID, session_id_len, 1991 MHD_gtls_bin2hex (SessionID, session_id_len,
1973 (char*) buf, sizeof (buf))); 1992 (char *) buf,
1993 sizeof (buf)));
1974 1994
1975 memcpy (&data[pos], 1995 memcpy (&data[pos],
1976 session->security_parameters.current_cipher_suite.suite, 2); 1996 session->security_parameters.current_cipher_suite.suite, 2);
1977 pos += 2; 1997 pos += 2;
1978 1998
1979 comp = 1999 comp =
1980 (uint8_t) MHD_gtls_compression_get_num (session-> 2000 (uint8_t) MHD_gtls_compression_get_num (session->internals.
1981 internals.compression_method); 2001 compression_method);
1982 data[pos++] = comp; 2002 data[pos++] = comp;
1983 2003
1984 2004
@@ -2103,7 +2123,7 @@ MHD__gnutls_rehandshake (MHD_gtls_session_t session)
2103 2123
2104 ret = 2124 ret =
2105 MHD__gnutls_send_empty_handshake (session, GNUTLS_HANDSHAKE_HELLO_REQUEST, 2125 MHD__gnutls_send_empty_handshake (session, GNUTLS_HANDSHAKE_HELLO_REQUEST,
2106 AGAIN (STATE50)); 2126 AGAIN (STATE50));
2107 STATE = STATE50; 2127 STATE = STATE50;
2108 2128
2109 if (ret < 0) 2129 if (ret < 0)
@@ -2260,14 +2280,14 @@ MHD__gnutls_handshake (MHD_gtls_session_t session)
2260 } 2280 }
2261#if MHD_DEBUG_TLS 2281#if MHD_DEBUG_TLS
2262 if (session->security_parameters.entity == GNUTLS_CLIENT) 2282 if (session->security_parameters.entity == GNUTLS_CLIENT)
2263 { 2283 {
2264 ret = MHD_gtls_handshake_client (session); 2284 ret = MHD_gtls_handshake_client (session);
2265 } 2285 }
2266 else 2286 else
2267#endif 2287#endif
2268 { 2288 {
2269 ret = MHD_gtls_handshake_server (session); 2289 ret = MHD_gtls_handshake_server (session);
2270 } 2290 }
2271 2291
2272 if (ret < 0) 2292 if (ret < 0)
2273 { 2293 {
@@ -2323,13 +2343,11 @@ MHD_gtls_handshake_client (MHD_gtls_session_t session)
2323 2343
2324 if (session->internals.resumed_security_parameters.session_id_size > 0) 2344 if (session->internals.resumed_security_parameters.session_id_size > 0)
2325 MHD__gnutls_handshake_log ("HSK[%x]: Ask to resume: %s\n", session, 2345 MHD__gnutls_handshake_log ("HSK[%x]: Ask to resume: %s\n", session,
2326 MHD_gtls_bin2hex (session->internals. 2346 MHD_gtls_bin2hex (session->
2327 resumed_security_parameters. 2347 internals.resumed_security_parameters.session_id,
2328 session_id, 2348 session->
2329 session->internals. 2349 internals.resumed_security_parameters.session_id_size,
2330 resumed_security_parameters. 2350 buf, sizeof (buf)));
2331 session_id_size, buf,
2332 sizeof (buf)));
2333#endif 2351#endif
2334 2352
2335 switch (STATE) 2353 switch (STATE)
@@ -2613,8 +2631,8 @@ MHD_gtls_handshake_server (MHD_gtls_session_t session)
2613 if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ 2631 if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
2614 ret = 2632 ret =
2615 MHD__gnutls_send_empty_handshake (session, 2633 MHD__gnutls_send_empty_handshake (session,
2616 GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, 2634 GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
2617 AGAIN (STATE6)); 2635 AGAIN (STATE6));
2618 STATE = STATE6; 2636 STATE = STATE6;
2619 IMED_RET ("send server hello done", ret); 2637 IMED_RET ("send server hello done", ret);
2620 2638
@@ -2696,7 +2714,7 @@ MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len)
2696{ 2714{
2697 *len = TLS_MAX_SESSION_ID_SIZE; 2715 *len = TLS_MAX_SESSION_ID_SIZE;
2698 2716
2699 if (MHD_gc_nonce ((char*) session_id, *len) != GC_OK) 2717 if (MHD_gc_nonce ((char *) session_id, *len) != GC_OK)
2700 { 2718 {
2701 MHD_gnutls_assert (); 2719 MHD_gnutls_assert ();
2702 return GNUTLS_E_RANDOM_FAILED; 2720 return GNUTLS_E_RANDOM_FAILED;
@@ -2804,7 +2822,8 @@ check_server_params (MHD_gtls_session_t session,
2804 { 2822 {
2805 MHD_gnutls_psk_server_credentials_t psk_cred = 2823 MHD_gnutls_psk_server_credentials_t psk_cred =
2806 (MHD_gnutls_psk_server_credentials_t) MHD_gtls_get_cred (session->key, 2824 (MHD_gnutls_psk_server_credentials_t) MHD_gtls_get_cred (session->key,
2807 cred_type, NULL); 2825 cred_type,
2826 NULL);
2808 2827
2809 if (psk_cred != NULL) 2828 if (psk_cred != NULL)
2810 { 2829 {
@@ -2889,8 +2908,9 @@ MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session,
2889 if (ret < 0) 2908 if (ret < 0)
2890 { 2909 {
2891 MHD_gnutls_assert (); 2910 MHD_gnutls_assert ();
2892 MHD__gnutls_x509_log ("Could not find an appropriate certificate: %s\n", 2911 MHD__gnutls_x509_log
2893 MHD_gtls_strerror (ret)); 2912 ("Could not find an appropriate certificate: %s\n",
2913 MHD_gtls_strerror (ret));
2894 cert_cred = NULL; 2914 cert_cred = NULL;
2895 } 2915 }
2896 } 2916 }
@@ -2954,8 +2974,8 @@ MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session,
2954 { 2974 {
2955 2975
2956 MHD__gnutls_handshake_log ("HSK[%x]: Keeping ciphersuite: %s\n", 2976 MHD__gnutls_handshake_log ("HSK[%x]: Keeping ciphersuite: %s\n",
2957 session, 2977 session,
2958 MHD_gtls_cipher_suite_get_name (&cs)); 2978 MHD_gtls_cipher_suite_get_name (&cs));
2959 2979
2960 memcpy (newSuite[newSuiteSize].suite, (*cipherSuites)[i].suite, 2); 2980 memcpy (newSuite[newSuiteSize].suite, (*cipherSuites)[i].suite, 2);
2961 newSuiteSize++; 2981 newSuiteSize++;
@@ -2963,8 +2983,8 @@ MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session,
2963 else 2983 else
2964 { 2984 {
2965 MHD__gnutls_handshake_log ("HSK[%x]: Removing ciphersuite: %s\n", 2985 MHD__gnutls_handshake_log ("HSK[%x]: Removing ciphersuite: %s\n",
2966 session, 2986 session,
2967 MHD_gtls_cipher_suite_get_name (&cs)); 2987 MHD_gtls_cipher_suite_get_name (&cs));
2968 2988
2969 } 2989 }
2970 } 2990 }
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-16 02:03:30 +0000