diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2000-12-07 09:47:03 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2000-12-07 09:47:03 +0000 |
commit | f926187b03b89113734cf7cac57e62b7ed8755a5 (patch) | |
tree | 346baece0b273edf5a4695cbe0c75fef9f3c2ffc /lib | |
parent | 8ea2cb55648ba24899e57ed41b61ee7dc5bf7678 (diff) | |
download | gnutls-f926187b03b89113734cf7cac57e62b7ed8755a5.tar.gz |
SSL3 support was added
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gnutls_handshake.c | 16 | ||||
-rw-r--r-- | lib/gnutls_hash_int.c | 59 | ||||
-rw-r--r-- | lib/gnutls_hash_int.h | 2 |
3 files changed, 68 insertions, 9 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 2cf93e1e38..329b4e47f1 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -51,8 +51,8 @@ void* _gnutls_ssl3_finished( GNUTLS_STATE state, int type, int skip) { char* concat=gnutls_malloc(36); char *mesg; - td = gnutls_mac_init_ssl3( GNUTLS_MAC_MD5, state->security_parameters.master_secret, 48); - td2 = gnutls_mac_init_ssl3( GNUTLS_MAC_SHA, state->security_parameters.master_secret, 48); + td = gnutls_mac_init_ssl3_handshake( GNUTLS_MAC_MD5, state->security_parameters.master_secret, 48); + td2 = gnutls_mac_init_ssl3_handshake( GNUTLS_MAC_SHA, state->security_parameters.master_secret, 48); siz = gnutls_getHashDataBufferSize( state) - skip; data = gnutls_malloc( siz); @@ -61,27 +61,25 @@ void* _gnutls_ssl3_finished( GNUTLS_STATE state, int type, int skip) { gnutls_mac_ssl3(td, data, siz); gnutls_mac_ssl3(td2, data, siz); - gnutls_free(data); + if (type==GNUTLS_SERVER) { mesg = SSL3_SERVER_MSG; } else { mesg = SSL3_CLIENT_MSG; } - siz = strlen(mesg); gnutls_mac_ssl3(td, mesg, siz); gnutls_mac_ssl3(td2, mesg, siz); - - data = gnutls_mac_deinit_ssl3(td); + + data = gnutls_mac_deinit_ssl3_handshake(td); memcpy( concat, data, 16); gnutls_free(data); - data = gnutls_mac_deinit_ssl3(td2); + data = gnutls_mac_deinit_ssl3_handshake(td2); memcpy( &concat[16], data, 20); gnutls_free(data); - return concat; } @@ -397,7 +395,7 @@ int _gnutls_recv_handshake(int cd, GNUTLS_STATE state, uint8 **data, if (length32 > 0 && data!=NULL) memmove( *data, &dataptr[HANDSHAKE_HEADERS_SIZE], length32); - /* here we do the hashing work needed at Finished message */ + /* here we buffer the handshake messages - needed at Finished message */ gnutls_insertHashDataBuffer( state, dataptr, length32+HANDSHAKE_HEADERS_SIZE); switch (dataptr[0]) { diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index c847d42edf..8fe6d06d15 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -265,6 +265,22 @@ GNUTLS_MAC_HANDLE gnutls_mac_init_ssl3(MACAlgorithm algorithm, void *key, return ret; } +GNUTLS_MAC_HANDLE gnutls_mac_init_ssl3_handshake(MACAlgorithm algorithm, void *key, + int keylen) +{ + GNUTLS_MAC_HANDLE ret; + char *digest; + int padsize; + + ret = gnutls_hash_init(algorithm); + if (ret!=GNUTLS_MAC_FAILED) { + ret->key = key; + ret->keysize = keylen; + } + + return ret; +} + void *gnutls_mac_deinit_ssl3(GNUTLS_MAC_HANDLE handle) { void *ret=NULL; @@ -302,6 +318,49 @@ void *gnutls_mac_deinit_ssl3(GNUTLS_MAC_HANDLE handle) return ret; } +void *gnutls_mac_deinit_ssl3_handshake(GNUTLS_MAC_HANDLE handle) +{ + void *ret=NULL; + GNUTLS_MAC_HANDLE td; + char opad[48]; + char ipad[48]; + int padsize; + int block; + + switch (handle->algorithm) { + case GNUTLS_MAC_MD5: + padsize = 48; + break; + case GNUTLS_MAC_SHA: + padsize = 40; + break; + default: + padsize=0; + } + if (padsize > 0) { + memset(opad, 0x5C, padsize); + memset(ipad, 0x36, padsize); + } + + td = gnutls_hash_init(handle->algorithm); + if (td!=GNUTLS_MAC_FAILED) { + if (handle->keysize > 0) gnutls_hash(td, handle->key, handle->keysize); + + gnutls_hash(td, opad, padsize); + block = gnutls_hmac_get_algo_len(handle->algorithm); + + if (handle->keysize > 0) gnutls_hash( handle, handle->key, handle->keysize); + gnutls_hash(handle, ipad, padsize); + ret = gnutls_hash_deinit(handle); /* get the previous hash */ + + gnutls_hash(td, ret, block); + gnutls_free(ret); + + ret = gnutls_hash_deinit(td); + } + return ret; +} + static void *ssl3_sha(int i, char *secret, int secret_len, char *random, int random_len) { diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h index 14c246bc85..5d0febf871 100644 --- a/lib/gnutls_hash_int.h +++ b/lib/gnutls_hash_int.h @@ -44,4 +44,6 @@ void* gnutls_hash_deinit(GNUTLS_MAC_HANDLE handle); void *gnutls_ssl3_generate_random(void *secret, int secret_len, void *random, int random_len, int bytes); +GNUTLS_MAC_HANDLE gnutls_mac_init_ssl3_handshake(MACAlgorithm algorithm, void *key, int keylen); +void *gnutls_mac_deinit_ssl3_handshake(GNUTLS_MAC_HANDLE handle); #endif /* GNUTLS_HASH_INT_H */ |