diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-11-22 18:28:01 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-11-22 18:28:01 +0100 |
commit | 741b9452f649071faaba95676ddc88d73bbfad78 (patch) | |
tree | 9cfa1c9914b6cebce2331e994bcd03c93a4525d1 | |
parent | 0e359cf9e0ef20fb61fa07f6bda101c59fc5e2c0 (diff) | |
download | gnutls-741b9452f649071faaba95676ddc88d73bbfad78.tar.gz |
generate separate IV for session tickets.
-rw-r--r-- | lib/ext/session_ticket.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c index 0bb222c4eb..158a4e2e9d 100644 --- a/lib/ext/session_ticket.c +++ b/lib/ext/session_ticket.c @@ -72,7 +72,6 @@ typedef struct { int session_ticket_enable; int session_ticket_renew; - uint8_t session_ticket_IV[SESSION_TICKET_IV_SIZE]; uint8_t *session_ticket; int session_ticket_len; @@ -191,6 +190,7 @@ encrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv, { cipher_hd_st cipher_hd; gnutls_datum_t key, IV, mac_secret, state, encrypted_state; + uint8_t iv[IV_SIZE]; int blocksize; int ret; @@ -219,8 +219,17 @@ encrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv, /* Encrypt state using 128-bit AES in CBC mode. */ key.data = (void *) &priv->key[KEY_POS]; key.size = KEY_SIZE; - IV.data = priv->session_ticket_IV; + IV.data = iv; IV.size = IV_SIZE; + + ret = _gnutls_rnd (GNUTLS_RND_NONCE, iv, IV_SIZE); + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (&encrypted_state); + return ret; + } + ret = _gnutls_cipher_init (&cipher_hd, GNUTLS_CIPHER_AES_128_CBC, &key, &IV, 1); if (ret < 0) @@ -536,7 +545,6 @@ int gnutls_session_ticket_enable_server (gnutls_session_t session, const gnutls_datum_t * key) { - int ret; session_ticket_ext_st *priv = NULL; extension_priv_data_t epriv; @@ -555,13 +563,6 @@ gnutls_session_ticket_enable_server (gnutls_session_t session, } epriv.ptr = priv; - ret = _gnutls_rnd (GNUTLS_RND_NONCE, priv->session_ticket_IV, IV_SIZE); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - memcpy (&priv->key, key->data, key->size); priv->session_ticket_enable = 1; |