diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-07-28 09:47:23 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-07-28 09:51:50 +0200 |
commit | b1fe3ce2d8c6b0a834429c8ff26ad01fcfa4005b (patch) | |
tree | be861e9fd7f6c4ce1de6afc8f0b02439f570ec98 | |
parent | c5ce9f782ba597ddbafd84648d4befaf14745146 (diff) | |
download | gnutls-b1fe3ce2d8c6b0a834429c8ff26ad01fcfa4005b.tar.gz |
The after handshake function is now called before epoch change.
This allows enabling certain features, such as the new record padding, prior to exchanging finished messages.
-rw-r--r-- | lib/ext/new_record_padding.c | 6 | ||||
-rw-r--r-- | lib/gnutls_cipher.c | 6 | ||||
-rw-r--r-- | lib/gnutls_constate.c | 7 | ||||
-rw-r--r-- | lib/gnutls_constate.h | 2 | ||||
-rw-r--r-- | lib/gnutls_extensions.c | 6 | ||||
-rw-r--r-- | lib/gnutls_extensions.h | 6 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 12 | ||||
-rw-r--r-- | lib/gnutls_int.h | 1 |
8 files changed, 27 insertions, 19 deletions
diff --git a/lib/ext/new_record_padding.c b/lib/ext/new_record_padding.c index e4cbd6e848..d16da658e8 100644 --- a/lib/ext/new_record_padding.c +++ b/lib/ext/new_record_padding.c @@ -34,7 +34,7 @@ static int new_record_padding_recv_params (gnutls_session_t session, size_t data_size); static int new_record_padding_send_params (gnutls_session_t session, gnutls_buffer_st* extdata); -static int new_record_padding_after_handshake(gnutls_session_t session); +static int new_record_padding_before_epoch_change(gnutls_session_t session); extension_entry_st ext_mod_new_record_padding = { .name = "NEW_RECORD_PADDING", @@ -46,7 +46,7 @@ extension_entry_st ext_mod_new_record_padding = { .pack_func = NULL, .unpack_func = NULL, .deinit_func = NULL, - .handshake_func = new_record_padding_after_handshake + .epoch_func = new_record_padding_before_epoch_change }; static int @@ -83,7 +83,7 @@ new_record_padding_recv_params (gnutls_session_t session, return 0; } -static int new_record_padding_after_handshake(gnutls_session_t session) +static int new_record_padding_before_epoch_change(gnutls_session_t session) { extension_priv_data_t epriv; int ret; diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 3caa5aca9d..bc3af51f8b 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -131,7 +131,7 @@ _gnutls_encrypt (gnutls_session_t session, comp.size = ret; } - if (session->security_parameters.new_record_padding != 0) + if (params->write.new_record_padding != 0) ret = compressed_to_ciphertext_new (session, _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel), &comp, target_size, type, params); @@ -176,7 +176,7 @@ _gnutls_decrypt (gnutls_session_t session, if (is_read_comp_null (params) == 0) { - if (session->security_parameters.new_record_padding != 0) + if (params->read.new_record_padding != 0) ret = ciphertext_to_compressed_new (session, ciphertext, output, type, params, sequence); @@ -198,7 +198,7 @@ _gnutls_decrypt (gnutls_session_t session, if (tmp.data == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); - if (session->security_parameters.new_record_padding != 0) + if (params->read.new_record_padding != 0) ret = ciphertext_to_compressed_new (session, ciphertext, &tmp, type, params, sequence); diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index 569565eb59..3109db3a5b 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -35,6 +35,9 @@ #include <gnutls_extensions.h> #include <gnutls_buffers.h> +static int +_gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo); + static const char keyexp[] = "key expansion"; static const int keyexp_length = sizeof (keyexp) - 1; @@ -346,10 +349,12 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch) ret = _gnutls_init_record_state (params, ver, 1, ¶ms->read); if (ret < 0) return gnutls_assert_val (ret); + params->read.new_record_padding = session->security_parameters.new_record_padding; ret = _gnutls_init_record_state (params, ver, 0, ¶ms->write); if (ret < 0) return gnutls_assert_val (ret); + params->write.new_record_padding = session->security_parameters.new_record_padding; params->record_sw_size = 0; @@ -500,7 +505,7 @@ _gnutls_write_connection_state_init (gnutls_session_t session) /* Sets the specified kx algorithm into pending session */ -int +static int _gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo) { diff --git a/lib/gnutls_constate.h b/lib/gnutls_constate.h index 6bf7f5924b..cc83334fcf 100644 --- a/lib/gnutls_constate.h +++ b/lib/gnutls_constate.h @@ -35,8 +35,6 @@ int _gnutls_connection_state_init (gnutls_session_t session); int _gnutls_read_connection_state_init (gnutls_session_t session); int _gnutls_write_connection_state_init (gnutls_session_t session); -int _gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo); - int _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel, record_parameters_st ** params_out); int _gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch, diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index 99ed731594..e045e98f7a 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -408,16 +408,16 @@ _gnutls_ext_register (extension_entry_st * mod) } int -_gnutls_ext_after_handshake (gnutls_session_t session) +_gnutls_ext_before_epoch_change (gnutls_session_t session) { unsigned int i; int ret; for (i = 0; i < extfunc_size; i++) { - if (extfunc[i].handshake_func != NULL) + if (extfunc[i].epoch_func != NULL) { - ret = extfunc[i].handshake_func (session); + ret = extfunc[i].epoch_func (session); if (ret < 0) return gnutls_assert_val(ret); } diff --git a/lib/gnutls_extensions.h b/lib/gnutls_extensions.h index 96320e11ea..c6ab1e6608 100644 --- a/lib/gnutls_extensions.h +++ b/lib/gnutls_extensions.h @@ -45,7 +45,7 @@ typedef int (*gnutls_ext_pack_func) (extension_priv_data_t data, gnutls_buffer_st * packed_data); typedef int (*gnutls_ext_unpack_func) (gnutls_buffer_st * packed_data, extension_priv_data_t * data); -typedef int (*gnutls_ext_handshake_func) (gnutls_session_t session); +typedef int (*gnutls_ext_epoch_func) (gnutls_session_t session); void _gnutls_ext_free_session_data (gnutls_session_t session); @@ -61,7 +61,7 @@ int _gnutls_ext_get_resumed_session_data (gnutls_session_t session, extension_priv_data_t * data); void _gnutls_ext_restore_resumed_session (gnutls_session_t session); -int _gnutls_ext_after_handshake (gnutls_session_t session); +int _gnutls_ext_before_epoch_change (gnutls_session_t session); /* for session packing */ int _gnutls_ext_pack (gnutls_session_t session, gnutls_buffer_st * packed); @@ -91,7 +91,7 @@ typedef struct */ gnutls_ext_pack_func pack_func; /* packs internal data to machine independent format */ gnutls_ext_unpack_func unpack_func; /* unpacks internal data */ - gnutls_ext_handshake_func handshake_func; /* called after the handshake is finished */ + gnutls_ext_epoch_func epoch_func; /* called after the handshake is finished */ } extension_entry_st; int _gnutls_ext_register (extension_entry_st *); diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 681391b3de..ae486213f7 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -2556,10 +2556,6 @@ gnutls_handshake (gnutls_session_t session) session->security_parameters.epoch_next++; - ret = _gnutls_ext_after_handshake(session); - if (ret < 0) - return gnutls_assert_val(ret); - return 0; } @@ -2896,6 +2892,10 @@ _gnutls_send_handshake_final (gnutls_session_t session, int init) */ if (init == TRUE) { + ret = _gnutls_ext_before_epoch_change(session); + if (ret < 0) + return gnutls_assert_val(ret); + ret = _gnutls_connection_state_init (session); if (ret < 0) { @@ -2988,6 +2988,10 @@ _gnutls_recv_handshake_final (gnutls_session_t session, int init) /* Initialize the connection session (start encryption) - in case of server */ if (init == TRUE) { + ret = _gnutls_ext_before_epoch_change(session); + if (ret < 0) + return gnutls_assert_val(ret); + ret = _gnutls_connection_state_init (session); if (ret < 0) { diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 4ad22f42a7..e5eb7150e1 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -593,6 +593,7 @@ struct record_state_st auth_cipher_hd_st cipher_state; comp_hd_st compression_state; uint64 sequence_number; + uint8_t new_record_padding; }; |