The after handshake function is now called before epoch change.

This allows enabling certain features, such as the new record padding, prior to exchanging finished messages.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2013-07-28 09:47:23 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2013-07-28 09:51:50 +0200
commit: b1fe3ce2d8c6b0a834429c8ff26ad01fcfa4005b (patch)
tree: be861e9fd7f6c4ce1de6afc8f0b02439f570ec98
parent: c5ce9f782ba597ddbafd84648d4befaf14745146 (diff)
download: gnutls-b1fe3ce2d8c6b0a834429c8ff26ad01fcfa4005b.tar.gz
8 files changed, 27 insertions, 19 deletions
diff --git a/lib/ext/new_record_padding.c b/lib/ext/new_record_padding.c
index e4cbd6e848..d16da658e8 100644
--- a/lib/ext/new_record_padding.c
+++ b/lib/ext/new_record_padding.c
@@ -34,7 +34,7 @@ static int new_record_padding_recv_params (gnutls_session_t session,
                                            size_t data_size);
 static int new_record_padding_send_params (gnutls_session_t session,
   gnutls_buffer_st* extdata);
-static int new_record_padding_after_handshake(gnutls_session_t session);
+static int new_record_padding_before_epoch_change(gnutls_session_t session);
 
 extension_entry_st ext_mod_new_record_padding = {
   .name = "NEW_RECORD_PADDING",
@@ -46,7 +46,7 @@ extension_entry_st ext_mod_new_record_padding = {
   .pack_func = NULL,
   .unpack_func = NULL,
   .deinit_func = NULL,
-  .handshake_func = new_record_padding_after_handshake
+  .epoch_func = new_record_padding_before_epoch_change
 };
 
 static int
@@ -83,7 +83,7 @@ new_record_padding_recv_params (gnutls_session_t session,
   return 0;
 }
 
-static int new_record_padding_after_handshake(gnutls_session_t session)
+static int new_record_padding_before_epoch_change(gnutls_session_t session)
 {
   extension_priv_data_t epriv;
   int ret;
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 3caa5aca9d..bc3af51f8b 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -131,7 +131,7 @@ _gnutls_encrypt (gnutls_session_t session,
       comp.size = ret;
     }
 
-  if (session->security_parameters.new_record_padding != 0)
+  if (params->write.new_record_padding != 0)
     ret = compressed_to_ciphertext_new (session, _mbuffer_get_udata_ptr(bufel),
                                         _mbuffer_get_udata_size(bufel),
                                         &comp, target_size, type, params);
@@ -176,7 +176,7 @@ _gnutls_decrypt (gnutls_session_t session,
 
   if (is_read_comp_null (params) == 0)
     {
-      if (session->security_parameters.new_record_padding != 0)
+      if (params->read.new_record_padding != 0)
         ret =
           ciphertext_to_compressed_new (session, ciphertext, output, 
                                         type, params, sequence);
@@ -198,7 +198,7 @@ _gnutls_decrypt (gnutls_session_t session,
       if (tmp.data == NULL)
         return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 
-      if (session->security_parameters.new_record_padding != 0)
+      if (params->read.new_record_padding != 0)
         ret =
           ciphertext_to_compressed_new (session, ciphertext, &tmp,
                                         type, params, sequence);
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index 569565eb59..3109db3a5b 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -35,6 +35,9 @@
 #include <gnutls_extensions.h>
 #include <gnutls_buffers.h>
 
+static int
+_gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo);
+
 static const char keyexp[] = "key expansion";
 static const int keyexp_length = sizeof (keyexp) - 1;
 
@@ -346,10 +349,12 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch)
   ret = _gnutls_init_record_state (params, ver, 1, &params->read);
   if (ret < 0)
     return gnutls_assert_val (ret);
+  params->read.new_record_padding = session->security_parameters.new_record_padding;
 
   ret = _gnutls_init_record_state (params, ver, 0, &params->write);
   if (ret < 0)
     return gnutls_assert_val (ret);
+  params->write.new_record_padding = session->security_parameters.new_record_padding;
 
   params->record_sw_size = 0;
 
@@ -500,7 +505,7 @@ _gnutls_write_connection_state_init (gnutls_session_t session)
 
 /* Sets the specified kx algorithm into pending session
  */
-int
+static int
 _gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo)
 {
 
diff --git a/lib/gnutls_constate.h b/lib/gnutls_constate.h
index 6bf7f5924b..cc83334fcf 100644
--- a/lib/gnutls_constate.h
+++ b/lib/gnutls_constate.h
@@ -35,8 +35,6 @@ int _gnutls_connection_state_init (gnutls_session_t session);
 int _gnutls_read_connection_state_init (gnutls_session_t session);
 int _gnutls_write_connection_state_init (gnutls_session_t session);
 
-int _gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo);
-
 int _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel,
                        record_parameters_st ** params_out);
 int _gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch,
diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c
index 99ed731594..e045e98f7a 100644
--- a/lib/gnutls_extensions.c
+++ b/lib/gnutls_extensions.c
@@ -408,16 +408,16 @@ _gnutls_ext_register (extension_entry_st * mod)
 }
 
 int
-_gnutls_ext_after_handshake (gnutls_session_t session)
+_gnutls_ext_before_epoch_change (gnutls_session_t session)
 {
   unsigned int i;
   int ret;
 
   for (i = 0; i < extfunc_size; i++)
     {
-      if (extfunc[i].handshake_func != NULL)
+      if (extfunc[i].epoch_func != NULL)
         {
-          ret = extfunc[i].handshake_func (session);
+          ret = extfunc[i].epoch_func (session);
           if (ret < 0)
             return gnutls_assert_val(ret);
         }
diff --git a/lib/gnutls_extensions.h b/lib/gnutls_extensions.h
index 96320e11ea..c6ab1e6608 100644
--- a/lib/gnutls_extensions.h
+++ b/lib/gnutls_extensions.h
@@ -45,7 +45,7 @@ typedef int (*gnutls_ext_pack_func) (extension_priv_data_t data,
                                      gnutls_buffer_st * packed_data);
 typedef int (*gnutls_ext_unpack_func) (gnutls_buffer_st * packed_data,
                                        extension_priv_data_t * data);
-typedef int (*gnutls_ext_handshake_func) (gnutls_session_t session);
+typedef int (*gnutls_ext_epoch_func) (gnutls_session_t session);
 
 void _gnutls_ext_free_session_data (gnutls_session_t session);
 
@@ -61,7 +61,7 @@ int _gnutls_ext_get_resumed_session_data (gnutls_session_t session,
                                           extension_priv_data_t * data);
 
 void _gnutls_ext_restore_resumed_session (gnutls_session_t session);
-int _gnutls_ext_after_handshake (gnutls_session_t session);
+int _gnutls_ext_before_epoch_change (gnutls_session_t session);
 
 /* for session packing */
 int _gnutls_ext_pack (gnutls_session_t session, gnutls_buffer_st * packed);
@@ -91,7 +91,7 @@ typedef struct
                                                  */
   gnutls_ext_pack_func pack_func;       /* packs internal data to machine independent format */
   gnutls_ext_unpack_func unpack_func;   /* unpacks internal data */
-  gnutls_ext_handshake_func handshake_func; /* called after the handshake is finished */
+  gnutls_ext_epoch_func epoch_func; /* called after the handshake is finished */
 } extension_entry_st;
 
 int _gnutls_ext_register (extension_entry_st *);
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 681391b3de..ae486213f7 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2556,10 +2556,6 @@ gnutls_handshake (gnutls_session_t session)
 
   session->security_parameters.epoch_next++;
 
-  ret = _gnutls_ext_after_handshake(session);
-  if (ret < 0)
-    return gnutls_assert_val(ret);
-
   return 0;
 }
 
@@ -2896,6 +2892,10 @@ _gnutls_send_handshake_final (gnutls_session_t session, int init)
        */
       if (init == TRUE)
         {
+          ret = _gnutls_ext_before_epoch_change(session);
+          if (ret < 0)
+            return gnutls_assert_val(ret);
+
           ret = _gnutls_connection_state_init (session);
           if (ret < 0)
             {
@@ -2988,6 +2988,10 @@ _gnutls_recv_handshake_final (gnutls_session_t session, int init)
       /* Initialize the connection session (start encryption) - in case of server */
       if (init == TRUE)
         {
+          ret = _gnutls_ext_before_epoch_change(session);
+          if (ret < 0)
+            return gnutls_assert_val(ret);
+
           ret = _gnutls_connection_state_init (session);
           if (ret < 0)
             {
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 4ad22f42a7..e5eb7150e1 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -593,6 +593,7 @@ struct record_state_st
   auth_cipher_hd_st cipher_state;
   comp_hd_st compression_state;
   uint64 sequence_number;
+  uint8_t new_record_padding;
 };
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2013-07-28 09:47:23 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2013-07-28 09:51:50 +0200
commit	b1fe3ce2d8c6b0a834429c8ff26ad01fcfa4005b (patch)
tree	be861e9fd7f6c4ce1de6afc8f0b02439f570ec98
parent	c5ce9f782ba597ddbafd84648d4befaf14745146 (diff)
download	gnutls-b1fe3ce2d8c6b0a834429c8ff26ad01fcfa4005b.tar.gz