diff options
| author | Ander Juaristi <a@juaristi.eus> | 2017-11-05 18:29:27 +0100 |
|---|---|---|
| committer | Ander Juaristi <a@juaristi.eus> | 2017-11-06 09:25:44 +0100 |
| commit | 598576cc05b973685501213b9d2814b6aacdb7eb (patch) | |
| tree | 078cd002133537c14e323e9cc7de5fbe1b4fc2df | |
| parent | 90a81a94da76bdfb33f9ba19ee68a1cc803421a2 (diff) | |
| download | gnutls-tmp-draft-ietf-tls-tls13-21-ajuaristi-incremental-hash-buffer.tar.gz | |
Incremental handshake hash buildertmp-draft-ietf-tls-tls13-21-ajuaristi-incremental-hash-buffer
Signed-off-by: Ander Juaristi <a@juaristi.eus>
| -rw-r--r-- | lib/Makefile.am | 2 | ||||
| -rw-r--r-- | lib/ext/session_ticket.c | 3 | ||||
| -rw-r--r-- | lib/ext/status_request.c | 3 | ||||
| -rw-r--r-- | lib/handshake-msg.c | 222 | ||||
| -rw-r--r-- | lib/handshake-msg.h | 30 | ||||
| -rw-r--r-- | lib/handshake.c | 172 | ||||
| -rw-r--r-- | lib/handshake.h | 4 | ||||
| -rw-r--r-- | lib/kx.c | 12 | ||||
| -rw-r--r-- | lib/tls13/certificate.c | 2 | ||||
| -rw-r--r-- | lib/tls13/certificate_verify.c | 2 | ||||
| -rw-r--r-- | lib/tls13/encrypted_extensions.c | 2 | ||||
| -rw-r--r-- | lib/tls13/finished.c | 2 |
12 files changed, 297 insertions, 159 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am index 808e1bd350..c49ae3ac2e 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -66,7 +66,7 @@ SRP_COBJECTS = srp.c PSK_COBJECTS = psk.c COBJECTS = range.c record.c compress.c debug.c cipher.c handshake-tls13.c \ - mbuffers.c buffers.c handshake.c num.c errors.c dh.c kx.c \ + mbuffers.c buffers.c handshake.c handshake-msg.c num.c errors.c dh.c kx.c \ priority.c hash_int.c cipher_int.c session.c db.c x509_b64.c \ hello_ext.c auth.c sslv2_compat.c datum.c session_pack.c mpi.c \ pk.c cert.c global.c constate.c anon_cred.c pkix_asn1_tab.c gnutls_asn1_tab.c \ diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c index 9490a80f74..a21cf3c5a3 100644 --- a/lib/ext/session_ticket.c +++ b/lib/ext/session_ticket.c @@ -703,7 +703,8 @@ int _gnutls_send_new_session_ticket(gnutls_session_t session, int again) session->internals.ticket_sent = 1; } return _gnutls_send_handshake(session, data_size ? bufel : NULL, - GNUTLS_HANDSHAKE_NEW_SESSION_TICKET); + GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, + NULL); } int _gnutls_recv_new_session_ticket(gnutls_session_t session) diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c index 7020fc690e..694a67dd9f 100644 --- a/lib/ext/status_request.c +++ b/lib/ext/status_request.c @@ -577,7 +577,8 @@ _gnutls_send_server_certificate_status(gnutls_session_t session, int again) _gnutls_free_datum(&priv->response); } return _gnutls_send_handshake(session, data_size ? bufel : NULL, - GNUTLS_HANDSHAKE_CERTIFICATE_STATUS); + GNUTLS_HANDSHAKE_CERTIFICATE_STATUS, + NULL); } int _gnutls_recv_server_certificate_status(gnutls_session_t session) diff --git a/lib/handshake-msg.c b/lib/handshake-msg.c new file mode 100644 index 0000000000..aff65ba15f --- /dev/null +++ b/lib/handshake-msg.c @@ -0,0 +1,222 @@ +#include "gnutls_int.h" +#include "handshake.h" +#include "handshake-msg.h" +#include "mbuffers.h" + +#define CHECK_SIZE(ll) \ + if ((session->internals.max_handshake_data_buffer_size > 0) && \ + (((ll) + session->internals.handshake_hash_buffer.length) > \ + session->internals.max_handshake_data_buffer_size)) { \ + _gnutls_debug_log("Handshake buffer length is %u (max: %u)\n", (unsigned)((ll) + session->internals.handshake_hash_buffer.length), (unsigned)session->internals.max_handshake_data_buffer_size); \ + return gnutls_assert_val(GNUTLS_E_HANDSHAKE_TOO_LARGE); \ + } + +struct handshake_msg_st +{ + gnutls_handshake_description_t type; + size_t committed_bytes; +}; + +int _gnutls_handshake_msg_init(struct handshake_msg_st **out, + gnutls_handshake_description_t type, + gnutls_session_t session) +{ + struct handshake_msg_st *hs = _gnutls_calloc(1, sizeof(struct handshake_msg_st)); + + hs->type = type; + + *out = hs; + return GNUTLS_E_SUCCESS; +} + +void _gnutls_handshake_msg_deinit(struct handshake_msg_st **hs) +{ + gnutls_free(*hs); + *hs = NULL; +} + +/* This function add the handshake headers and the + * handshake data to the handshake hash buffers. Needed + * for the finished messages calculations. + */ +int +_gnutls_handshake_hash_add_recvd(gnutls_session_t session, + gnutls_handshake_description_t recv_type, + uint8_t * header, uint16_t header_size, + uint8_t * dataptr, uint32_t datalen) +{ + int ret; + const version_entry_st *vers = get_version(session); + + if (unlikely(vers == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + + if ((vers->id != GNUTLS_DTLS0_9 && + recv_type == GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST) || + recv_type == GNUTLS_HANDSHAKE_HELLO_REQUEST) + return 0; + + CHECK_SIZE(header_size + datalen); + + session->internals.handshake_hash_buffer_prev_len = + session->internals.handshake_hash_buffer.length; + + if (vers->id != GNUTLS_DTLS0_9) { + ret = + _gnutls_buffer_append_data(&session->internals. + handshake_hash_buffer, + header, header_size); + if (ret < 0) + return gnutls_assert_val(ret); + } + if (datalen > 0) { + ret = + _gnutls_buffer_append_data(&session->internals. + handshake_hash_buffer, + dataptr, datalen); + if (ret < 0) + return gnutls_assert_val(ret); + } + + /* save the size until client KX. That is because the TLS + * session hash is calculated up to this message. + */ + if (recv_type == GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE) + session->internals.handshake_hash_buffer_client_kx_len = + session->internals.handshake_hash_buffer.length; + if (recv_type == GNUTLS_HANDSHAKE_FINISHED && session->security_parameters.entity == GNUTLS_CLIENT) + session->internals.handshake_hash_buffer_server_finished_len = + session->internals.handshake_hash_buffer.length; + + return 0; +} + +/* This function will store the handshake message we sent. + */ +int +_gnutls_handshake_hash_add_sent(gnutls_session_t session, + gnutls_handshake_description_t type, + uint8_t * dataptr, uint32_t datalen) +{ + int ret; + const version_entry_st *vers = get_version(session); + + if (unlikely(vers == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + + /* We don't check for GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST because it + * is not sent via that channel. + */ + if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) { + CHECK_SIZE(datalen); + + if (vers->id == GNUTLS_DTLS0_9) { + /* Old DTLS doesn't include the header in the MAC */ + if (datalen < 12) { + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; + } + dataptr += 12; + datalen -= 12; + + if (datalen == 0) + return 0; + } + + ret = + _gnutls_buffer_append_data(&session->internals. + handshake_hash_buffer, + dataptr, datalen); + if (ret < 0) + return gnutls_assert_val(ret); + + if (type == GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE) + session->internals.handshake_hash_buffer_client_kx_len = + session->internals.handshake_hash_buffer.length; + if (type == GNUTLS_HANDSHAKE_FINISHED && session->security_parameters.entity == GNUTLS_SERVER) + session->internals.handshake_hash_buffer_server_finished_len = + session->internals.handshake_hash_buffer.length; + + return 0; + } + + return 0; +} + +static int +handshake_commit(gnutls_session_t session, + struct handshake_msg_st *hs, + uint8_t *data, uint32_t datasize, + size_t head_skip_bytes, size_t header_length) +{ + int ret; + size_t to_commit, offset, prev_committed_bytes; + + /* This message is not taken into account for the hash */ + if (hs->type == GNUTLS_HANDSHAKE_HELLO_REQUEST) + return GNUTLS_E_SUCCESS; + + prev_committed_bytes = hs->committed_bytes; + + if (datasize > hs->committed_bytes) { + to_commit = datasize - hs->committed_bytes - head_skip_bytes; + offset = hs->committed_bytes + head_skip_bytes; + + ret = _gnutls_handshake_hash_add_sent(session, hs->type, + data + offset, + to_commit); + if (ret < 0) + return gnutls_assert_val(ret); + + hs->committed_bytes += to_commit; + } + + if (hs->committed_bytes > prev_committed_bytes) { + /* Update type field */ + session->internals.handshake_hash_buffer.data[0] = (uint8_t) hs->type; + /* Update size field */ + _gnutls_write_uint24(hs->committed_bytes - header_length, + &session->internals.handshake_hash_buffer.data[1]); + } + + return GNUTLS_E_SUCCESS; +} + +int _gnutls_handshake_msg_commit_from_buffer(gnutls_session_t session, + struct handshake_msg_st *hs, + gnutls_buffer_st *buf, + size_t head_skip_bytes, + size_t header_length) +{ + uint8_t *data; + uint32_t datasize; + + if (!hs || !buf) + return GNUTLS_E_INTERNAL_ERROR; + + data = buf->data; + datasize = buf->length; + + return handshake_commit(session, hs, + data, datasize, + head_skip_bytes, header_length); +} + +int _gnutls_handshake_msg_commit_from_mbuffer(gnutls_session_t session, + struct handshake_msg_st *hs, + mbuffer_st *bufel, + size_t head_skip_bytes, size_t header_length) +{ + uint8_t *data; + uint32_t datasize; + + if (!hs || !bufel) + return GNUTLS_E_INTERNAL_ERROR; + + data = _mbuffer_get_uhead_ptr(bufel); + datasize = _mbuffer_get_udata_size(bufel) + _mbuffer_get_uhead_size(bufel); + + return handshake_commit(session, hs, + data, datasize, + head_skip_bytes, header_length); +} diff --git a/lib/handshake-msg.h b/lib/handshake-msg.h new file mode 100644 index 0000000000..5532b4a9d9 --- /dev/null +++ b/lib/handshake-msg.h @@ -0,0 +1,30 @@ +#ifndef HANDSHAKE_MSG_H +#define HANDSHAKE_MSG_H + +struct handshake_msg_st; + +int _gnutls_handshake_msg_init(struct handshake_msg_st **out, + gnutls_handshake_description_t type, + gnutls_session_t session); +void _gnutls_handshake_msg_deinit(struct handshake_msg_st **hs); + +int _gnutls_handshake_hash_add_sent(gnutls_session_t session, + gnutls_handshake_description_t type, + uint8_t * dataptr, uint32_t datalen); +int _gnutls_handshake_hash_add_recvd(gnutls_session_t session, + gnutls_handshake_description_t recv_type, + uint8_t *header, uint16_t header_size, + uint8_t *dataptr, uint32_t datalen); + +int _gnutls_handshake_msg_commit_from_buffer(gnutls_session_t session, + struct handshake_msg_st *hs, + gnutls_buffer_st *buf, + size_t head_skip_bytes, + size_t header_length); +int _gnutls_handshake_msg_commit_from_mbuffer(gnutls_session_t session, + struct handshake_msg_st *hs, + mbuffer_st *bufel, + size_t head_skip_bytes, + size_t header_length); + +#endif diff --git a/lib/handshake.c b/lib/handshake.c index da0f41cc05..45210254d2 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -34,6 +34,7 @@ #include "mbuffers.h" #include "kx.h" #include "handshake.h" +#include "handshake-msg.h" #include "num.h" #include "hash_int.h" #include "db.h" @@ -87,17 +88,6 @@ handshake_hash_buffer_empty(gnutls_session_t session) } static int -handshake_hash_add_recvd(gnutls_session_t session, - gnutls_handshake_description_t recv_type, - uint8_t * header, uint16_t header_size, - uint8_t * dataptr, uint32_t datalen); - -static int -handshake_hash_add_sent(gnutls_session_t session, - gnutls_handshake_description_t type, - uint8_t * dataptr, uint32_t datalen); - -static int recv_hello_verify_request(gnutls_session_t session, uint8_t * data, int datalen); @@ -756,11 +746,13 @@ int _gnutls_send_finished(gnutls_session_t session, int again) ret = _gnutls_send_handshake(session, bufel, - GNUTLS_HANDSHAKE_FINISHED); + GNUTLS_HANDSHAKE_FINISHED, + NULL); } else { ret = _gnutls_send_handshake(session, NULL, - GNUTLS_HANDSHAKE_FINISHED); + GNUTLS_HANDSHAKE_FINISHED, + NULL); } return ret; @@ -1005,7 +997,7 @@ _gnutls_send_empty_handshake(gnutls_session_t session, } else bufel = NULL; - return _gnutls_send_handshake(session, bufel, type); + return _gnutls_send_handshake(session, bufel, type, NULL); } inline @@ -1034,12 +1026,12 @@ inline */ int _gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel, - gnutls_handshake_description_t type) + gnutls_handshake_description_t type, + struct handshake_msg_st *hs) { - int ret; + int pos = 0, ret; uint8_t *data; uint32_t datasize, i_datasize; - int pos = 0; if (bufel == NULL) { /* we are resuming a previously interrupted @@ -1047,7 +1039,6 @@ _gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel, */ ret = _gnutls_handshake_io_write_flush(session); return ret; - } /* first run */ @@ -1081,16 +1072,23 @@ _gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel, session, _gnutls_handshake2str(type), (long) datasize); - /* Here we keep the handshake messages in order to hash them... - */ - if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) - if ((ret = - handshake_hash_add_sent(session, type, data, - datasize)) < 0) { - gnutls_assert(); + if (hs) { + /* + * Use the given handshake buffer context + * to append handshake data to the buffer + */ + ret = _gnutls_handshake_msg_commit_from_mbuffer(session, hs, + bufel, + 0, _mbuffer_get_uhead_size(bufel)); + if (ret < 0) { + gnutls_assert_val(ret); _mbuffer_xfree(&bufel); return ret; } + } else { + /* Just append the whole thing to the handshake buffer */ + ret = _gnutls_handshake_hash_add_sent(session, type, data, datasize); + } ret = call_hook_func(session, type, GNUTLS_HOOK_PRE, 0, _mbuffer_get_udata_ptr(bufel), _mbuffer_get_udata_size(bufel)); @@ -1144,122 +1142,6 @@ _gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel, return ret; } -#define CHECK_SIZE(ll) \ - if ((session->internals.max_handshake_data_buffer_size > 0) && \ - (((ll) + session->internals.handshake_hash_buffer.length) > \ - session->internals.max_handshake_data_buffer_size)) { \ - _gnutls_debug_log("Handshake buffer length is %u (max: %u)\n", (unsigned)((ll) + session->internals.handshake_hash_buffer.length), (unsigned)session->internals.max_handshake_data_buffer_size); \ - return gnutls_assert_val(GNUTLS_E_HANDSHAKE_TOO_LARGE); \ - } - -/* This function add the handshake headers and the - * handshake data to the handshake hash buffers. Needed - * for the finished messages calculations. - */ -static int -handshake_hash_add_recvd(gnutls_session_t session, - gnutls_handshake_description_t recv_type, - uint8_t * header, uint16_t header_size, - uint8_t * dataptr, uint32_t datalen) -{ - int ret; - const version_entry_st *vers = get_version(session); - - if (unlikely(vers == NULL)) - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - - if ((vers->id != GNUTLS_DTLS0_9 && - recv_type == GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST) || - recv_type == GNUTLS_HANDSHAKE_HELLO_REQUEST) - return 0; - - CHECK_SIZE(header_size + datalen); - - session->internals.handshake_hash_buffer_prev_len = - session->internals.handshake_hash_buffer.length; - - if (vers->id != GNUTLS_DTLS0_9) { - ret = - _gnutls_buffer_append_data(&session->internals. - handshake_hash_buffer, - header, header_size); - if (ret < 0) - return gnutls_assert_val(ret); - } - if (datalen > 0) { - ret = - _gnutls_buffer_append_data(&session->internals. - handshake_hash_buffer, - dataptr, datalen); - if (ret < 0) - return gnutls_assert_val(ret); - } - - /* save the size until client KX. That is because the TLS - * session hash is calculated up to this message. - */ - if (recv_type == GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE) - session->internals.handshake_hash_buffer_client_kx_len = - session->internals.handshake_hash_buffer.length; - if (recv_type == GNUTLS_HANDSHAKE_FINISHED && session->security_parameters.entity == GNUTLS_CLIENT) - session->internals.handshake_hash_buffer_server_finished_len = - session->internals.handshake_hash_buffer.length; - - return 0; -} - -/* This function will store the handshake message we sent. - */ -static int -handshake_hash_add_sent(gnutls_session_t session, - gnutls_handshake_description_t type, - uint8_t * dataptr, uint32_t datalen) -{ - int ret; - const version_entry_st *vers = get_version(session); - - if (unlikely(vers == NULL)) - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - - /* We don't check for GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST because it - * is not sent via that channel. - */ - if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) { - CHECK_SIZE(datalen); - - if (vers->id == GNUTLS_DTLS0_9) { - /* Old DTLS doesn't include the header in the MAC */ - if (datalen < 12) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } - dataptr += 12; - datalen -= 12; - - if (datalen == 0) - return 0; - } - - ret = - _gnutls_buffer_append_data(&session->internals. - handshake_hash_buffer, - dataptr, datalen); - if (ret < 0) - return gnutls_assert_val(ret); - - if (type == GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE) - session->internals.handshake_hash_buffer_client_kx_len = - session->internals.handshake_hash_buffer.length; - if (type == GNUTLS_HANDSHAKE_FINISHED && session->security_parameters.entity == GNUTLS_SERVER) - session->internals.handshake_hash_buffer_server_finished_len = - session->internals.handshake_hash_buffer.length; - - return 0; - } - - return 0; -} - /* This function will receive handshake messages of the given types, * and will pass the message to the right place in order to be processed. * E.g. for the SERVER_HELLO message (if it is expected), it will be @@ -1292,7 +1174,7 @@ _gnutls_recv_handshake(gnutls_session_t session, goto cleanup; } - ret = handshake_hash_add_recvd(session, hsk.htype, + ret = _gnutls_handshake_hash_add_recvd(session, hsk.htype, hsk.header, hsk.header_size, hsk.data.data, hsk.data.length); @@ -1876,7 +1758,7 @@ static int send_client_hello(gnutls_session_t session, int again) return _gnutls_send_handshake(session, bufel, - GNUTLS_HANDSHAKE_CLIENT_HELLO); + GNUTLS_HANDSHAKE_CLIENT_HELLO, NULL); cleanup: _gnutls_buffer_clear(&extdata); @@ -1992,7 +1874,7 @@ static int send_server_hello(gnutls_session_t session, int again) ret = _gnutls_send_handshake(session, bufel, - GNUTLS_HANDSHAKE_SERVER_HELLO); + GNUTLS_HANDSHAKE_SERVER_HELLO, NULL); fail: _gnutls_buffer_clear(&buf); @@ -2178,7 +2060,7 @@ static int _gnutls_send_supplemental(gnutls_session_t session, int again) } return _gnutls_send_handshake(session, bufel, - GNUTLS_HANDSHAKE_SUPPLEMENTAL); + GNUTLS_HANDSHAKE_SUPPLEMENTAL, NULL); } static int _gnutls_recv_supplemental(gnutls_session_t session) diff --git a/lib/handshake.h b/lib/handshake.h index 79ac19eb7a..bbd6b381a0 100644 --- a/lib/handshake.h +++ b/lib/handshake.h @@ -26,6 +26,7 @@ #include "errors.h" #include "record.h" +#include "handshake-msg.h" #define IMED_RET( str, ret, allow_alert) do { \ if (ret < 0) { \ @@ -54,7 +55,8 @@ } } while (0) int _gnutls_send_handshake(gnutls_session_t session, mbuffer_st * bufel, - gnutls_handshake_description_t type); + gnutls_handshake_description_t type, + struct handshake_msg_st *hs); int _gnutls_recv_hello_request(gnutls_session_t session, void *data, uint32_t data_size); int _gnutls_recv_handshake(gnutls_session_t session, @@ -222,7 +222,7 @@ int _gnutls_send_server_kx_message(gnutls_session_t session, int again) bufel = _gnutls_buffer_to_mbuffer(&buf); } - return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE, NULL); cleanup: _gnutls_buffer_clear(&buf); @@ -263,7 +263,7 @@ int _gnutls_send_server_crt_request(gnutls_session_t session, int again) bufel = _gnutls_buffer_to_mbuffer(&buf); } - return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, NULL); cleanup: _gnutls_buffer_clear(&buf); @@ -300,7 +300,7 @@ int _gnutls_send_client_kx_message(gnutls_session_t session, int again) bufel = _gnutls_buffer_to_mbuffer(&buf); } - return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE, NULL); cleanup: _gnutls_buffer_clear(&buf); @@ -356,7 +356,7 @@ _gnutls_send_client_certificate_verify(gnutls_session_t session, int again) bufel = _gnutls_buffer_to_mbuffer(&buf); } - return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY, NULL); cleanup: _gnutls_buffer_clear(&buf); @@ -419,7 +419,7 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again) } else /* TLS 1.0 or SSL 3.0 with a valid certificate */ #endif - return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_PKT); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_PKT, NULL); cleanup: _gnutls_buffer_clear(&buf); @@ -456,7 +456,7 @@ int _gnutls_send_server_certificate(gnutls_session_t session, int again) bufel = _gnutls_buffer_to_mbuffer(&buf); } - return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_PKT); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_PKT, NULL); cleanup: _gnutls_buffer_clear(&buf); diff --git a/lib/tls13/certificate.c b/lib/tls13/certificate.c index 6b4c336fa2..2468361c3c 100644 --- a/lib/tls13/certificate.c +++ b/lib/tls13/certificate.c @@ -147,7 +147,7 @@ int _gnutls13_send_certificate(gnutls_session_t session, unsigned again) bufel = _gnutls_buffer_to_mbuffer(&buf); } - return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_PKT); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_PKT, NULL); cleanup: _gnutls_buffer_clear(&buf); diff --git a/lib/tls13/certificate_verify.c b/lib/tls13/certificate_verify.c index 813c37ba8c..0aa77f3e03 100644 --- a/lib/tls13/certificate_verify.c +++ b/lib/tls13/certificate_verify.c @@ -194,7 +194,7 @@ int _gnutls13_send_certificate_verify(gnutls_session_t session, unsigned again) gnutls_free(sig.data); } - return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY, NULL); cleanup: gnutls_free(sig.data); diff --git a/lib/tls13/encrypted_extensions.c b/lib/tls13/encrypted_extensions.c index ba63b95337..57ddcea0d3 100644 --- a/lib/tls13/encrypted_extensions.c +++ b/lib/tls13/encrypted_extensions.c @@ -67,7 +67,7 @@ int _gnutls13_send_encrypted_extensions(gnutls_session_t session, unsigned again bufel = _gnutls_buffer_to_mbuffer(&buf); } - return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_ENCRYPTED_EXTENSIONS); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_ENCRYPTED_EXTENSIONS, NULL); cleanup: _gnutls_buffer_clear(&buf); diff --git a/lib/tls13/finished.c b/lib/tls13/finished.c index 8d9975cefa..80bdd1b6d6 100644 --- a/lib/tls13/finished.c +++ b/lib/tls13/finished.c @@ -146,7 +146,7 @@ int _gnutls13_send_finished(gnutls_session_t session, unsigned again) } } - return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_FINISHED); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_FINISHED, NULL); cleanup: _mbuffer_xfree(&bufel); |