diff options
author | Daiki Ueno <dueno@redhat.com> | 2018-04-16 17:22:19 +0200 |
---|---|---|
committer | Daiki Ueno <dueno@redhat.com> | 2018-04-19 14:56:15 +0200 |
commit | 1f678f55f72340c8cbdce3d772645c232cbe032e (patch) | |
tree | 49e3def368ceaa23425fc36372a966d1c6a4c74f | |
parent | a9bd68881e255802ca492195f6a48988846cb409 (diff) | |
download | gnutls-1f678f55f72340c8cbdce3d772645c232cbe032e.tar.gz |
handshake: Record the transcript offset of client Finished
This is for deriving resumption_master_secret, whose value is
calculated over ClientHello...client Finished.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
-rw-r--r-- | lib/gnutls_int.h | 2 | ||||
-rw-r--r-- | lib/handshake.c | 7 |
2 files changed, 9 insertions, 0 deletions
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 06cd380926..bd570a322d 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -986,6 +986,8 @@ typedef struct { * the client key exchange message */ unsigned handshake_hash_buffer_server_finished_len;/* if non-zero it is the length of data until the * the server finished message */ + unsigned handshake_hash_buffer_client_finished_len;/* if non-zero it is the length of data until the + * the client finished message */ gnutls_buffer_st handshake_hash_buffer; /* used to keep the last received handshake * message */ bool resumable; /* TRUE or FALSE - if we can resume that session */ diff --git a/lib/handshake.c b/lib/handshake.c index a530fb9a8c..660c270415 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -81,6 +81,7 @@ handshake_hash_buffer_reset(gnutls_session_t session) session->internals.handshake_hash_buffer_client_kx_len = 0; session->internals.handshake_hash_buffer_server_finished_len = 0; + session->internals.handshake_hash_buffer_client_finished_len = 0; session->internals.handshake_hash_buffer_prev_len = 0; session->internals.handshake_hash_buffer.length = 0; session->internals.full_client_hello.length = 0; @@ -1303,6 +1304,9 @@ handshake_hash_add_recvd(gnutls_session_t session, if (recv_type == GNUTLS_HANDSHAKE_FINISHED && session->security_parameters.entity == GNUTLS_CLIENT) session->internals.handshake_hash_buffer_server_finished_len = session->internals.handshake_hash_buffer.length; + if (recv_type == GNUTLS_HANDSHAKE_FINISHED && session->security_parameters.entity == GNUTLS_SERVER) + session->internals.handshake_hash_buffer_client_finished_len = + session->internals.handshake_hash_buffer.length; return 0; } @@ -1352,6 +1356,9 @@ handshake_hash_add_sent(gnutls_session_t session, if (type == GNUTLS_HANDSHAKE_FINISHED && session->security_parameters.entity == GNUTLS_SERVER) session->internals.handshake_hash_buffer_server_finished_len = session->internals.handshake_hash_buffer.length; + if (type == GNUTLS_HANDSHAKE_FINISHED && session->security_parameters.entity == GNUTLS_CLIENT) + session->internals.handshake_hash_buffer_client_finished_len = + session->internals.handshake_hash_buffer.length; return 0; } |