diff options
Diffstat (limited to 'src/daemon/https/tls/gnutls_handshake.c')
-rw-r--r-- | src/daemon/https/tls/gnutls_handshake.c | 136 |
1 files changed, 46 insertions, 90 deletions
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c index 31826448..7833b3db 100644 --- a/src/daemon/https/tls/gnutls_handshake.c +++ b/src/daemon/https/tls/gnutls_handshake.c | |||
@@ -59,13 +59,39 @@ | |||
59 | #define TRUE 1 | 59 | #define TRUE 1 |
60 | #define FALSE 0 | 60 | #define FALSE 0 |
61 | 61 | ||
62 | |||
63 | /* This should be sufficient by now. It should hold all the extensions | ||
64 | * plus the headers in a hello message. | ||
65 | */ | ||
66 | #define MAX_EXT_DATA_LENGTH 1024 | ||
67 | |||
68 | |||
69 | static int MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, | ||
70 | cipher_suite_st ** cipherSuites, | ||
71 | int numCipherSuites, | ||
72 | enum | ||
73 | MHD_GNUTLS_PublicKeyAlgorithm); | ||
74 | static int MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data, | ||
75 | int datalen); | ||
76 | |||
77 | static int MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len); | ||
78 | |||
79 | static int MHD_gtls_handshake_common (MHD_gtls_session_t session); | ||
80 | |||
81 | static int MHD_gtls_handshake_server (MHD_gtls_session_t session); | ||
82 | |||
83 | #if MHD_DEBUG_TLS | ||
84 | static int MHD_gtls_handshake_client (MHD_gtls_session_t session); | ||
85 | #endif | ||
86 | |||
87 | |||
62 | static int MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session, | 88 | static int MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session, |
63 | opaque * data, int datalen); | 89 | opaque * data, int datalen); |
64 | 90 | ||
65 | 91 | ||
66 | /* Clears the handshake hash buffers and handles. | 92 | /* Clears the handshake hash buffers and handles. |
67 | */ | 93 | */ |
68 | inline static void | 94 | static void |
69 | MHD__gnutls_handshake_hash_buffers_clear (MHD_gtls_session_t session) | 95 | MHD__gnutls_handshake_hash_buffers_clear (MHD_gtls_session_t session) |
70 | { | 96 | { |
71 | MHD_gnutls_hash_deinit (session->internals.handshake_mac_handle_md5, NULL); | 97 | MHD_gnutls_hash_deinit (session->internals.handshake_mac_handle_md5, NULL); |
@@ -119,13 +145,13 @@ resume_copy_required_values (MHD_gtls_session_t session) | |||
119 | session->internals.resumed_security_parameters.session_id_size; | 145 | session->internals.resumed_security_parameters.session_id_size; |
120 | } | 146 | } |
121 | 147 | ||
122 | void | 148 | static void |
123 | MHD_gtls_set_server_random (MHD_gtls_session_t session, uint8_t * rnd) | 149 | MHD_gtls_set_server_random (MHD_gtls_session_t session, uint8_t * rnd) |
124 | { | 150 | { |
125 | memcpy (session->security_parameters.server_random, rnd, TLS_RANDOM_SIZE); | 151 | memcpy (session->security_parameters.server_random, rnd, TLS_RANDOM_SIZE); |
126 | } | 152 | } |
127 | 153 | ||
128 | void | 154 | static void |
129 | MHD_gtls_set_client_random (MHD_gtls_session_t session, uint8_t * rnd) | 155 | MHD_gtls_set_client_random (MHD_gtls_session_t session, uint8_t * rnd) |
130 | { | 156 | { |
131 | memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE); | 157 | memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE); |
@@ -243,7 +269,7 @@ MHD__gnutls_finished (MHD_gtls_session_t session, int type, void *ret) | |||
243 | /* this function will produce TLS_RANDOM_SIZE==32 bytes of random data | 269 | /* this function will produce TLS_RANDOM_SIZE==32 bytes of random data |
244 | * and put it to dst. | 270 | * and put it to dst. |
245 | */ | 271 | */ |
246 | int | 272 | static int |
247 | MHD_gtls_tls_create_random (opaque * dst) | 273 | MHD_gtls_tls_create_random (opaque * dst) |
248 | { | 274 | { |
249 | uint32_t tim; | 275 | uint32_t tim; |
@@ -257,7 +283,7 @@ MHD_gtls_tls_create_random (opaque * dst) | |||
257 | /* generate server random value */ | 283 | /* generate server random value */ |
258 | MHD_gtls_write_uint32 (tim, dst); | 284 | MHD_gtls_write_uint32 (tim, dst); |
259 | 285 | ||
260 | if (MHD_gc_nonce (&dst[4], TLS_RANDOM_SIZE - 4) != GC_OK) | 286 | if (MHD_gc_nonce ((char*) &dst[4], TLS_RANDOM_SIZE - 4) != GC_OK) |
261 | { | 287 | { |
262 | MHD_gnutls_assert (); | 288 | MHD_gnutls_assert (); |
263 | return GNUTLS_E_RANDOM_FAILED; | 289 | return GNUTLS_E_RANDOM_FAILED; |
@@ -268,7 +294,7 @@ MHD_gtls_tls_create_random (opaque * dst) | |||
268 | 294 | ||
269 | /* returns the 0 on success or a negative value. | 295 | /* returns the 0 on success or a negative value. |
270 | */ | 296 | */ |
271 | int | 297 | static int |
272 | MHD_gtls_negotiate_version (MHD_gtls_session_t session, | 298 | MHD_gtls_negotiate_version (MHD_gtls_session_t session, |
273 | enum MHD_GNUTLS_Protocol adv_version) | 299 | enum MHD_GNUTLS_Protocol adv_version) |
274 | { | 300 | { |
@@ -299,7 +325,7 @@ MHD_gtls_negotiate_version (MHD_gtls_session_t session, | |||
299 | return ret; | 325 | return ret; |
300 | } | 326 | } |
301 | 327 | ||
302 | int | 328 | static int |
303 | MHD_gtls_user_hello_func (MHD_gtls_session_t session, | 329 | MHD_gtls_user_hello_func (MHD_gtls_session_t session, |
304 | enum MHD_GNUTLS_Protocol adv_version) | 330 | enum MHD_GNUTLS_Protocol adv_version) |
305 | { | 331 | { |
@@ -469,7 +495,7 @@ MHD__gnutls_read_client_hello (MHD_gtls_session_t session, opaque * data, | |||
469 | 495 | ||
470 | /* here we hash all pending data. | 496 | /* here we hash all pending data. |
471 | */ | 497 | */ |
472 | inline static int | 498 | static int |
473 | MHD__gnutls_handshake_hash_pending (MHD_gtls_session_t session) | 499 | MHD__gnutls_handshake_hash_pending (MHD_gtls_session_t session) |
474 | { | 500 | { |
475 | size_t siz; | 501 | size_t siz; |
@@ -669,7 +695,7 @@ MHD__gnutls_server_find_pk_algos_in_ciphersuites (const opaque * | |||
669 | /* This selects the best supported ciphersuite from the given ones. Then | 695 | /* This selects the best supported ciphersuite from the given ones. Then |
670 | * it adds the suite to the session and performs some checks. | 696 | * it adds the suite to the session and performs some checks. |
671 | */ | 697 | */ |
672 | int | 698 | static int |
673 | MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data, | 699 | MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data, |
674 | int datalen) | 700 | int datalen) |
675 | { | 701 | { |
@@ -1270,6 +1296,7 @@ MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t ** data, | |||
1270 | return ret; | 1296 | return ret; |
1271 | } | 1297 | } |
1272 | 1298 | ||
1299 | #if MHD_DEBUG_TLS | ||
1273 | /* This function checks if the given cipher suite is supported, and sets it | 1300 | /* This function checks if the given cipher suite is supported, and sets it |
1274 | * to the session; | 1301 | * to the session; |
1275 | */ | 1302 | */ |
@@ -1352,6 +1379,7 @@ MHD__gnutls_client_set_ciphersuite (MHD_gtls_session_t session, opaque suite[2]) | |||
1352 | return 0; | 1379 | return 0; |
1353 | } | 1380 | } |
1354 | 1381 | ||
1382 | |||
1355 | /* This function sets the given comp method to the session. | 1383 | /* This function sets the given comp method to the session. |
1356 | */ | 1384 | */ |
1357 | static int | 1385 | static int |
@@ -1407,7 +1435,8 @@ MHD__gnutls_client_check_if_resuming (MHD_gtls_session_t session, | |||
1407 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID length: %d\n", session, | 1435 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID length: %d\n", session, |
1408 | session_id_len); | 1436 | session_id_len); |
1409 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, | 1437 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, |
1410 | MHD_gtls_bin2hex (session_id, session_id_len, buf, | 1438 | MHD_gtls_bin2hex (session_id, session_id_len, |
1439 | (char*) buf, | ||
1411 | sizeof (buf))); | 1440 | sizeof (buf))); |
1412 | 1441 | ||
1413 | if (session_id_len > 0 && | 1442 | if (session_id_len > 0 && |
@@ -1438,7 +1467,6 @@ MHD__gnutls_client_check_if_resuming (MHD_gtls_session_t session, | |||
1438 | } | 1467 | } |
1439 | } | 1468 | } |
1440 | 1469 | ||
1441 | |||
1442 | /* This function reads and parses the server hello handshake message. | 1470 | /* This function reads and parses the server hello handshake message. |
1443 | * This function also restores resumed parameters if we are resuming a | 1471 | * This function also restores resumed parameters if we are resuming a |
1444 | * session. | 1472 | * session. |
@@ -1653,12 +1681,6 @@ MHD__gnutls_copy_comp_methods (MHD_gtls_session_t session, | |||
1653 | return datalen; | 1681 | return datalen; |
1654 | } | 1682 | } |
1655 | 1683 | ||
1656 | /* This should be sufficient by now. It should hold all the extensions | ||
1657 | * plus the headers in a hello message. | ||
1658 | */ | ||
1659 | #define MAX_EXT_DATA_LENGTH 1024 | ||
1660 | |||
1661 | #if MHD_DEBUG_TLS | ||
1662 | /* This function sends the client hello handshake message. | 1684 | /* This function sends the client hello handshake message. |
1663 | */ | 1685 | */ |
1664 | static int | 1686 | static int |
@@ -1930,7 +1952,7 @@ MHD__gnutls_send_server_hello (MHD_gtls_session_t session, int again) | |||
1930 | 1952 | ||
1931 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, | 1953 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, |
1932 | MHD_gtls_bin2hex (SessionID, session_id_len, | 1954 | MHD_gtls_bin2hex (SessionID, session_id_len, |
1933 | buf, sizeof (buf))); | 1955 | (char*) buf, sizeof (buf))); |
1934 | 1956 | ||
1935 | memcpy (&data[pos], | 1957 | memcpy (&data[pos], |
1936 | session->security_parameters.current_cipher_suite.suite, 2); | 1958 | session->security_parameters.current_cipher_suite.suite, 2); |
@@ -2273,7 +2295,7 @@ MHD__gnutls_handshake (MHD_gtls_session_t session) | |||
2273 | * MHD_gtls_handshake_client | 2295 | * MHD_gtls_handshake_client |
2274 | * This function performs the client side of the handshake of the TLS/SSL protocol. | 2296 | * This function performs the client side of the handshake of the TLS/SSL protocol. |
2275 | */ | 2297 | */ |
2276 | int | 2298 | static int |
2277 | MHD_gtls_handshake_client (MHD_gtls_session_t session) | 2299 | MHD_gtls_handshake_client (MHD_gtls_session_t session) |
2278 | { | 2300 | { |
2279 | int ret = 0; | 2301 | int ret = 0; |
@@ -2515,7 +2537,7 @@ MHD__gnutls_recv_handshake_final (MHD_gtls_session_t session, int init) | |||
2515 | * This function does the server stuff of the handshake protocol. | 2537 | * This function does the server stuff of the handshake protocol. |
2516 | */ | 2538 | */ |
2517 | 2539 | ||
2518 | int | 2540 | static int |
2519 | MHD_gtls_handshake_server (MHD_gtls_session_t session) | 2541 | MHD_gtls_handshake_server (MHD_gtls_session_t session) |
2520 | { | 2542 | { |
2521 | int ret = 0; | 2543 | int ret = 0; |
@@ -2616,7 +2638,7 @@ MHD_gtls_handshake_server (MHD_gtls_session_t session) | |||
2616 | return 0; | 2638 | return 0; |
2617 | } | 2639 | } |
2618 | 2640 | ||
2619 | int | 2641 | static int |
2620 | MHD_gtls_handshake_common (MHD_gtls_session_t session) | 2642 | MHD_gtls_handshake_common (MHD_gtls_session_t session) |
2621 | { | 2643 | { |
2622 | int ret = 0; | 2644 | int ret = 0; |
@@ -2651,12 +2673,12 @@ MHD_gtls_handshake_common (MHD_gtls_session_t session) | |||
2651 | 2673 | ||
2652 | } | 2674 | } |
2653 | 2675 | ||
2654 | int | 2676 | static int |
2655 | MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len) | 2677 | MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len) |
2656 | { | 2678 | { |
2657 | *len = TLS_MAX_SESSION_ID_SIZE; | 2679 | *len = TLS_MAX_SESSION_ID_SIZE; |
2658 | 2680 | ||
2659 | if (MHD_gc_nonce (session_id, *len) != GC_OK) | 2681 | if (MHD_gc_nonce ((char*) session_id, *len) != GC_OK) |
2660 | { | 2682 | { |
2661 | MHD_gnutls_assert (); | 2683 | MHD_gnutls_assert (); |
2662 | return GNUTLS_E_RANDOM_FAILED; | 2684 | return GNUTLS_E_RANDOM_FAILED; |
@@ -2811,7 +2833,7 @@ check_server_params (MHD_gtls_session_t session, | |||
2811 | * This does a more high level check than MHD_gnutls_supported_ciphersuites(), | 2833 | * This does a more high level check than MHD_gnutls_supported_ciphersuites(), |
2812 | * by checking certificates etc. | 2834 | * by checking certificates etc. |
2813 | */ | 2835 | */ |
2814 | int | 2836 | static int |
2815 | MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, | 2837 | MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, |
2816 | cipher_suite_st ** cipherSuites, | 2838 | cipher_suite_st ** cipherSuites, |
2817 | int numCipherSuites, | 2839 | int numCipherSuites, |
@@ -2939,75 +2961,9 @@ MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, | |||
2939 | 2961 | ||
2940 | } | 2962 | } |
2941 | 2963 | ||
2942 | /** | ||
2943 | * MHD__gnutls_handshake_set_max_packet_length - This function will set the maximum length of a handshake message | ||
2944 | * @session: is a #MHD_gtls_session_t structure. | ||
2945 | * @max: is the maximum number. | ||
2946 | * | ||
2947 | * This function will set the maximum size of a handshake message. | ||
2948 | * Handshake messages over this size are rejected. The default value | ||
2949 | * is 16kb which is large enough. Set this to 0 if you do not want to | ||
2950 | * set an upper limit. | ||
2951 | * | ||
2952 | **/ | ||
2953 | void | ||
2954 | MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t session, | ||
2955 | size_t max) | ||
2956 | { | ||
2957 | session->internals.max_handshake_data_buffer_size = max; | ||
2958 | } | ||
2959 | |||
2960 | void | ||
2961 | MHD_gtls_set_adv_version (MHD_gtls_session_t session, | ||
2962 | enum MHD_GNUTLS_Protocol ver) | ||
2963 | { | ||
2964 | set_adv_version (session, MHD_gtls_version_get_major (ver), | ||
2965 | MHD_gtls_version_get_minor (ver)); | ||
2966 | } | ||
2967 | |||
2968 | enum MHD_GNUTLS_Protocol | 2964 | enum MHD_GNUTLS_Protocol |
2969 | MHD_gtls_get_adv_version (MHD_gtls_session_t session) | 2965 | MHD_gtls_get_adv_version (MHD_gtls_session_t session) |
2970 | { | 2966 | { |
2971 | return MHD_gtls_version_get (MHD__gnutls_get_adv_version_major (session), | 2967 | return MHD_gtls_version_get (MHD__gnutls_get_adv_version_major (session), |
2972 | MHD__gnutls_get_adv_version_minor (session)); | 2968 | MHD__gnutls_get_adv_version_minor (session)); |
2973 | } | 2969 | } |
2974 | |||
2975 | /** | ||
2976 | * MHD_gtls_handshake_get_last_in - Returns the last handshake message received. | ||
2977 | * @session: is a #MHD_gtls_session_t structure. | ||
2978 | * | ||
2979 | * This function is only useful to check where the last performed | ||
2980 | * handshake failed. If the previous handshake succeed or was not | ||
2981 | * performed at all then no meaningful value will be returned. | ||
2982 | * | ||
2983 | * Check %MHD_gnutls_handshake_description_t in gnutls.h for the | ||
2984 | * available handshake descriptions. | ||
2985 | * | ||
2986 | * Returns: the last handshake message type received, a | ||
2987 | * %MHD_gnutls_handshake_description_t. | ||
2988 | **/ | ||
2989 | MHD_gnutls_handshake_description_t | ||
2990 | MHD_gtls_handshake_get_last_in (MHD_gtls_session_t session) | ||
2991 | { | ||
2992 | return session->internals.last_handshake_in; | ||
2993 | } | ||
2994 | |||
2995 | /** | ||
2996 | * MHD_gtls_handshake_get_last_out - Returns the last handshake message sent. | ||
2997 | * @session: is a #MHD_gtls_session_t structure. | ||
2998 | * | ||
2999 | * This function is only useful to check where the last performed | ||
3000 | * handshake failed. If the previous handshake succeed or was not | ||
3001 | * performed at all then no meaningful value will be returned. | ||
3002 | * | ||
3003 | * Check %MHD_gnutls_handshake_description_t in gnutls.h for the | ||
3004 | * available handshake descriptions. | ||
3005 | * | ||
3006 | * Returns: the last handshake message type sent, a | ||
3007 | * %MHD_gnutls_handshake_description_t. | ||
3008 | **/ | ||
3009 | MHD_gnutls_handshake_description_t | ||
3010 | MHD_gtls_handshake_get_last_out (MHD_gtls_session_t session) | ||
3011 | { | ||
3012 | return session->internals.last_handshake_out; | ||
3013 | } | ||