summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/algorithms.h4
-rw-r--r--lib/algorithms/protocols.c16
-rw-r--r--lib/ext/supported_versions.c12
-rw-r--r--lib/handshake.c45
-rw-r--r--lib/handshake.h4
-rw-r--r--lib/sslv2_compat.c7
6 files changed, 39 insertions, 49 deletions
diff --git a/lib/algorithms.h b/lib/algorithms.h
index cff79348cb..46faa8d378 100644
--- a/lib/algorithms.h
+++ b/lib/algorithms.h
@@ -59,8 +59,8 @@ const version_entry_st *_gnutls_legacy_version_max(gnutls_session_t session);
const version_entry_st *_gnutls_version_max(gnutls_session_t session);
int _gnutls_version_priority(gnutls_session_t session,
gnutls_protocol_t version);
-int _gnutls_version_is_supported(gnutls_session_t session,
- const gnutls_protocol_t version);
+int _gnutls_nversion_is_supported(gnutls_session_t session,
+ unsigned char major, unsigned char minor);
gnutls_protocol_t _gnutls_version_get(uint8_t major, uint8_t minor);
unsigned _gnutls_version_is_too_high(gnutls_session_t session, uint8_t major, uint8_t minor);
diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c
index 12907190df..f2277a9e28 100644
--- a/lib/algorithms/protocols.c
+++ b/lib/algorithms/protocols.c
@@ -463,26 +463,29 @@ gnutls_protocol_t _gnutls_version_get(uint8_t major, uint8_t minor)
/* Version Functions */
int
-_gnutls_version_is_supported(gnutls_session_t session,
- const gnutls_protocol_t version)
+_gnutls_nversion_is_supported(gnutls_session_t session,
+ unsigned char major, unsigned char minor)
{
const version_entry_st *p;
- int ret = 0;
+ int version = 0;
for (p = sup_versions; p->name != NULL; p++) {
- if(p->id == version) {
+ if(p->major == major && p->minor == minor) {
#ifndef ENABLE_SSL3
if (p->obsolete != 0) return 0;
#endif
if (p->tls13_sem && (session->internals.flags & INT_FLAG_NO_TLS13))
return 0;
- ret = p->supported && p->transport == session->internals.transport;
+ if (!p->supported || p->transport != session->internals.transport)
+ return 0;
+
+ version = p->id;
break;
}
}
- if (ret == 0)
+ if (version == 0)
return 0;
if (_gnutls_version_priority(session, version) < 0)
@@ -490,4 +493,3 @@ _gnutls_version_is_supported(gnutls_session_t session,
else
return 1;
}
-
diff --git a/lib/ext/supported_versions.c b/lib/ext/supported_versions.c
index b637ec6637..3a11b39bd4 100644
--- a/lib/ext/supported_versions.c
+++ b/lib/ext/supported_versions.c
@@ -59,7 +59,6 @@ supported_versions_recv_params(gnutls_session_t session,
const version_entry_st *vers;
ssize_t data_size = _data_size;
uint8_t major, minor;
- gnutls_protocol_t proto;
ssize_t bytes;
int ret;
@@ -90,15 +89,11 @@ supported_versions_recv_params(gnutls_session_t session,
data += 2;
bytes -= 2;
- proto = _gnutls_version_get(major, minor);
-
_gnutls_handshake_log("EXT[%p]: Found version: %d.%d\n",
session, (int)major, (int)minor);
- if (_gnutls_version_is_supported(session, proto)) {
- ret = _gnutls_set_current_version(session, proto);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ if (_gnutls_nversion_is_supported(session, major, minor)) {
+ session->security_parameters.pversion = nversion_to_entry(major, minor);
_gnutls_handshake_log("EXT[%p]: Negotiated version: %d.%d\n",
session, (int)major, (int)minor);
@@ -131,7 +126,6 @@ supported_versions_recv_params(gnutls_session_t session,
return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
set_adv_version(session, major, minor);
- proto = _gnutls_version_get(major, minor);
_gnutls_handshake_log("EXT[%p]: Negotiated version: %d.%d\n",
session, (int)major, (int)minor);
@@ -139,7 +133,7 @@ supported_versions_recv_params(gnutls_session_t session,
if (!vers->tls13_sem)
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
- ret = _gnutls_negotiate_version(session, proto, major, minor);
+ ret = _gnutls_negotiate_version(session, major, minor);
if (ret < 0) {
gnutls_assert();
return ret;
diff --git a/lib/handshake.c b/lib/handshake.c
index 914f8ecacc..ccf8299165 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -431,21 +431,21 @@ _gnutls_finished(gnutls_session_t session, int type, void *ret,
*/
int
_gnutls_negotiate_version(gnutls_session_t session,
- gnutls_protocol_t adv_version, uint8_t major, uint8_t minor)
+ uint8_t major, uint8_t minor)
{
const version_entry_st *vers;
+ const version_entry_st *aversion = nversion_to_entry(major, minor);
/* if we do not support that version, unless that version is TLS 1.2;
* TLS 1.2 is handled separately because it is always advertized under TLS 1.3 or later */
- if (adv_version == GNUTLS_VERSION_UNKNOWN ||
- _gnutls_version_is_supported(session, adv_version) == 0) {
+ if (aversion == NULL ||
+ _gnutls_nversion_is_supported(session, major, minor) == 0) {
- if (adv_version == GNUTLS_TLS1_2) {
+ if (aversion && aversion->id == GNUTLS_TLS1_2) {
vers = _gnutls_version_max(session);
if (vers->id >= GNUTLS_TLS1_2) {
- if (_gnutls_set_current_version(session, adv_version) < 0)
- return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
- return adv_version;
+ session->security_parameters.pversion = aversion;
+ return 0;
}
}
@@ -467,12 +467,11 @@ _gnutls_negotiate_version(gnutls_session_t session,
session->security_parameters.pversion = vers;
- return vers->id;
+ return 0;
} else {
- if (_gnutls_set_current_version(session, adv_version) < 0)
- return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
+ session->security_parameters.pversion = aversion;
- return adv_version;
+ return 0;
}
}
@@ -483,7 +482,7 @@ _gnutls_negotiate_version(gnutls_session_t session,
*/
int
_gnutls_user_hello_func(gnutls_session_t session,
- gnutls_protocol_t adv_version, uint8_t major, uint8_t minor)
+ uint8_t major, uint8_t minor)
{
int ret, sret = 0;
const version_entry_st *vers;
@@ -506,7 +505,7 @@ _gnutls_user_hello_func(gnutls_session_t session,
* earlier, as TLS1.3 uses a different set of ciphersuites, and
* thus we cannot fallback.
*/
- ret = _gnutls_negotiate_version(session, adv_version, major, minor);
+ ret = _gnutls_negotiate_version(session, major, minor);
if (ret < 0) {
gnutls_assert();
return ret;
@@ -551,7 +550,6 @@ read_client_hello(gnutls_session_t session, uint8_t * data,
int pos = 0, ret;
uint16_t suite_size, comp_size;
int ext_size;
- gnutls_protocol_t adv_version;
int neg_version, sret = 0;
int len = datalen;
uint8_t major, minor;
@@ -562,17 +560,16 @@ read_client_hello(gnutls_session_t session, uint8_t * data,
_gnutls_handshake_log("HSK[%p]: Client's version: %d.%d\n",
session, data[pos], data[pos + 1]);
- adv_version = _gnutls_version_get(data[pos], data[pos + 1]);
-
major = data[pos];
minor = data[pos+1];
+
set_adv_version(session, major, minor);
- neg_version = _gnutls_negotiate_version(session, adv_version, major, minor);
- if (neg_version < 0) {
- gnutls_assert();
- return neg_version;
- }
+ ret = _gnutls_negotiate_version(session, major, minor);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ neg_version = get_num_version(session);
pos += 2;
@@ -677,7 +674,7 @@ read_client_hello(gnutls_session_t session, uint8_t * data,
session->internals.resumed = RESUME_TRUE;
- return _gnutls_user_hello_func(session, adv_version, major, minor);
+ return _gnutls_user_hello_func(session, major, minor);
} else {
ret = _gnutls_generate_session_id(session->security_parameters.
session_id,
@@ -711,7 +708,7 @@ read_client_hello(gnutls_session_t session, uint8_t * data,
}
/* we cache this error code */
- sret = _gnutls_user_hello_func(session, adv_version, major, minor);
+ sret = _gnutls_user_hello_func(session, major, minor);
if (sret < 0 && sret != GNUTLS_E_INT_RET_0) {
gnutls_assert();
return sret;
@@ -1824,7 +1821,7 @@ read_server_hello(gnutls_session_t session,
return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
}
- if (_gnutls_version_is_supported(session, vers->id) == 0)
+ if (_gnutls_nversion_is_supported(session, vers->major, vers->minor) == 0)
return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
/* set server random - done after final version is selected */
diff --git a/lib/handshake.h b/lib/handshake.h
index e32de894f2..0d617213c5 100644
--- a/lib/handshake.h
+++ b/lib/handshake.h
@@ -94,9 +94,9 @@ int _gnutls_server_select_suite(gnutls_session_t session, uint8_t * data,
unsigned int datalen, unsigned int scsv_only);
int _gnutls_negotiate_version(gnutls_session_t session,
- gnutls_protocol_t adv_version, uint8_t major, uint8_t minor);
+ uint8_t major, uint8_t minor);
int _gnutls_user_hello_func(gnutls_session_t session,
- gnutls_protocol_t adv_version, uint8_t major, uint8_t minor);
+ uint8_t major, uint8_t minor);
void _gnutls_handshake_hash_buffers_clear(gnutls_session_t session);
diff --git a/lib/sslv2_compat.c b/lib/sslv2_compat.c
index d466cc30f1..de762a5674 100644
--- a/lib/sslv2_compat.c
+++ b/lib/sslv2_compat.c
@@ -93,7 +93,6 @@ _gnutls_read_client_hello_v2(gnutls_session_t session, uint8_t * data,
int pos = 0;
int ret = 0, sret = 0;
uint16_t sizeOfSuites;
- gnutls_protocol_t adv_version;
uint8_t rnd[GNUTLS_RANDOM_SIZE], major, minor;
int len = datalen;
int neg_version;
@@ -110,9 +109,7 @@ _gnutls_read_client_hello_v2(gnutls_session_t session, uint8_t * data,
minor = data[pos + 1];
set_adv_version(session, major, minor);
- adv_version = _gnutls_version_get(major, minor);
-
- ret = _gnutls_negotiate_version(session, adv_version, major, minor);
+ ret = _gnutls_negotiate_version(session, major, minor);
if (ret < 0) {
gnutls_assert();
return ret;
@@ -148,7 +145,7 @@ _gnutls_read_client_hello_v2(gnutls_session_t session, uint8_t * data,
/* call the user hello callback
*/
- ret = _gnutls_user_hello_func(session, adv_version, major, minor);
+ ret = _gnutls_user_hello_func(session, major, minor);
if (ret < 0) {
if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) {
sret = GNUTLS_E_INT_RET_0;