diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-06-10 10:03:44 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-06-10 10:03:44 +0000 |
| commit | 67b883c8c66d09734264b53f1aaad91aff3aa257 (patch) | |
| tree | 58c395aa74d4e3fb524ba3f5fecc89ef07d215da | |
| parent | c80e4f4bdba5a4c5b70c817662b3478e57d74f91 (diff) | |
| download | gnutls-67b883c8c66d09734264b53f1aaad91aff3aa257.tar.gz | |
some fixes in the session resuming code.
| -rw-r--r-- | lib/gnutls_handshake.c | 14 | ||||
| -rw-r--r-- | lib/gnutls_state.c | 5 | ||||
| -rw-r--r-- | lib/x509/x509.c | 12 |
3 files changed, 23 insertions, 8 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index f3e18be3fb..75f7e88eb0 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -1224,11 +1224,9 @@ opaque buf[2*TLS_MAX_SESSION_ID_SIZE+1]; _gnutls_handshake_log("HSK[%x]: SessionID: %s\n", session, _gnutls_bin2hex(session_id, session_id_len, buf, sizeof(buf))); - if ((session->internals.resumed_security_parameters. - session_id_size > 0) - && memcmp(session_id, - session->internals. - resumed_security_parameters.session_id, + if (session_id_len > 0 && + session->internals.resumed_security_parameters.session_id_size == session_id_len && + memcmp(session_id, session->internals.resumed_security_parameters.session_id, session_id_len) == 0) { /* resume session */ memcpy(session->internals. @@ -1243,7 +1241,8 @@ opaque buf[2*TLS_MAX_SESSION_ID_SIZE+1]; return 0; } else { - /* keep the new session id */ + /* keep the new session id + */ session->internals.resumed = RESUME_FALSE; /* we are not resuming */ session->security_parameters.session_id_size = session_id_len; @@ -1303,7 +1302,6 @@ static int _gnutls_read_server_hello(gnutls_session session, opaque *data, } DECR_LEN(len, session_id_len); - /* check if we are resuming and set the appropriate * values; */ @@ -2367,6 +2365,8 @@ inline static int check_server_params( gnutls_session session, gnutls_kx_algorit cred_type = _gnutls_map_kx_get_cred( kx, 1); + /* Read the DH parameters if any. + */ if (cred_type == GNUTLS_CRD_CERTIFICATE) { x509_cred = _gnutls_get_cred(session->key, cred_type, NULL); diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 390e11b65a..83b40a2d1c 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -760,7 +760,10 @@ int _gnutls_PRF( const opaque * secret, int secret_size, const char * label, int int gnutls_session_is_resumed(gnutls_session session) { if (session->security_parameters.entity==GNUTLS_CLIENT) { - if (memcmp( session->security_parameters.session_id, + if (session->security_parameters.session_id_size > 0 && + session->security_parameters.session_id_size == + session->internals.resumed_security_parameters.session_id_size && + memcmp( session->security_parameters.session_id, session->internals.resumed_security_parameters.session_id, session->security_parameters.session_id_size)==0) return 1; diff --git a/lib/x509/x509.c b/lib/x509/x509.c index ed3d0945e9..5d8ce24a22 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -1706,6 +1706,12 @@ int i; return GNUTLS_E_INVALID_REQUEST; } + ret = gnutls_x509_crt_get_pk_algorithm( crt, NULL); + if (ret != GNUTLS_PK_RSA) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + ret = _gnutls_x509_crt_get_mpis( crt, params, ¶ms_size); if (ret < 0) { gnutls_assert(); @@ -1761,6 +1767,12 @@ int i; return GNUTLS_E_INVALID_REQUEST; } + ret = gnutls_x509_crt_get_pk_algorithm( crt, NULL); + if (ret != GNUTLS_PK_DSA) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + ret = _gnutls_x509_crt_get_mpis( crt, params, ¶ms_size); if (ret < 0) { gnutls_assert(); |