diff options
Diffstat (limited to 'lib/ext_safe_renegotiation.c')
| -rw-r--r-- | lib/ext_safe_renegotiation.c | 236 |
1 files changed, 118 insertions, 118 deletions
diff --git a/lib/ext_safe_renegotiation.c b/lib/ext_safe_renegotiation.c index 5c9cdb012d..c34d450ef2 100644 --- a/lib/ext_safe_renegotiation.c +++ b/lib/ext_safe_renegotiation.c @@ -28,9 +28,9 @@ static int _gnutls_sr_recv_params (gnutls_session_t state, - const opaque * data, size_t data_size); + const opaque * data, size_t data_size); static int _gnutls_sr_send_params (gnutls_session_t state, - opaque * data, size_t); + opaque * data, size_t); static void _gnutls_sr_deinit_data (extension_priv_data_t priv); extension_entry_st ext_mod_sr = { @@ -47,7 +47,7 @@ extension_entry_st ext_mod_sr = { int _gnutls_ext_sr_finished (gnutls_session_t session, void *vdata, - size_t vdata_size, int dir) + size_t vdata_size, int dir) { int ret; sr_ext_st *priv; @@ -59,8 +59,8 @@ _gnutls_ext_sr_finished (gnutls_session_t session, void *vdata, } ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, - &epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0) { gnutls_assert (); @@ -105,8 +105,8 @@ _gnutls_ext_sr_verify (gnutls_session_t session) } ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, - &epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret >= 0) priv = epriv.ptr; @@ -115,85 +115,85 @@ _gnutls_ext_sr_verify (gnutls_session_t session) if (priv && priv->safe_renegotiation_received) { if ((priv->ri_extension_data_len < priv->client_verify_data_len) || - (memcmp (priv->ri_extension_data, - priv->client_verify_data, priv->client_verify_data_len))) - { - gnutls_assert (); - _gnutls_handshake_log ("HSK[%p]: Safe renegotiation failed [1]\n", - session); - return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; - } + (memcmp (priv->ri_extension_data, + priv->client_verify_data, priv->client_verify_data_len))) + { + gnutls_assert (); + _gnutls_handshake_log ("HSK[%p]: Safe renegotiation failed [1]\n", + session); + return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; + } if (session->security_parameters.entity == GNUTLS_CLIENT) - { - if ((priv->ri_extension_data_len != - priv->client_verify_data_len + priv->server_verify_data_len) || - memcmp (priv->ri_extension_data + priv->client_verify_data_len, - priv->server_verify_data, - priv->server_verify_data_len) != 0) - { - gnutls_assert (); - _gnutls_handshake_log - ("HSK[%p]: Safe renegotiation failed [2]\n", session); - return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; - } - } - else /* Make sure there are 0 extra bytes */ - { - if (priv->ri_extension_data_len != priv->client_verify_data_len) - { - gnutls_assert (); - _gnutls_handshake_log - ("HSK[%p]: Safe renegotiation failed [3]\n", session); - return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; - } - } + { + if ((priv->ri_extension_data_len != + priv->client_verify_data_len + priv->server_verify_data_len) || + memcmp (priv->ri_extension_data + priv->client_verify_data_len, + priv->server_verify_data, + priv->server_verify_data_len) != 0) + { + gnutls_assert (); + _gnutls_handshake_log + ("HSK[%p]: Safe renegotiation failed [2]\n", session); + return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; + } + } + else /* Make sure there are 0 extra bytes */ + { + if (priv->ri_extension_data_len != priv->client_verify_data_len) + { + gnutls_assert (); + _gnutls_handshake_log + ("HSK[%p]: Safe renegotiation failed [3]\n", session); + return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; + } + } _gnutls_handshake_log ("HSK[%p]: Safe renegotiation succeeded\n", - session); + session); } - else /* safe renegotiation not received... */ + else /* safe renegotiation not received... */ { if (priv && priv->connection_using_safe_renegotiation) - { - gnutls_assert (); - _gnutls_handshake_log - ("HSK[%p]: Peer previously asked for safe renegotiation\n", - session); - return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; - } + { + gnutls_assert (); + _gnutls_handshake_log + ("HSK[%p]: Peer previously asked for safe renegotiation\n", + session); + return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; + } /* Clients can't tell if it's an initial negotiation */ if (session->internals.initial_negotiation_completed) - { - if (session->internals.priorities.sr < SR_PARTIAL) - { - _gnutls_handshake_log - ("HSK[%p]: Allowing unsafe (re)negotiation\n", session); - } - else - { - gnutls_assert (); - _gnutls_handshake_log - ("HSK[%p]: Denying unsafe (re)negotiation\n", session); - return GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED; - } - } + { + if (session->internals.priorities.sr < SR_PARTIAL) + { + _gnutls_handshake_log + ("HSK[%p]: Allowing unsafe (re)negotiation\n", session); + } + else + { + gnutls_assert (); + _gnutls_handshake_log + ("HSK[%p]: Denying unsafe (re)negotiation\n", session); + return GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED; + } + } else - { - if (session->internals.priorities.sr < SR_SAFE) - { - _gnutls_handshake_log - ("HSK[%p]: Allowing unsafe initial negotiation\n", session); - } - else - { - gnutls_assert (); - _gnutls_handshake_log - ("HSK[%p]: Denying unsafe initial negotiation\n", session); - return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; - } - } + { + if (session->internals.priorities.sr < SR_SAFE) + { + _gnutls_handshake_log + ("HSK[%p]: Allowing unsafe initial negotiation\n", session); + } + else + { + gnutls_assert (); + _gnutls_handshake_log + ("HSK[%p]: Denying unsafe initial negotiation\n", session); + return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; + } + } } return 0; @@ -209,8 +209,8 @@ _gnutls_ext_sr_recv_cs (gnutls_session_t session) extension_priv_data_t epriv; ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, - &epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0) { set = 1; @@ -225,10 +225,10 @@ _gnutls_ext_sr_recv_cs (gnutls_session_t session) { priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } epriv.ptr = priv; } else @@ -239,7 +239,7 @@ _gnutls_ext_sr_recv_cs (gnutls_session_t session) if (set != 0) _gnutls_ext_set_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); return 0; } @@ -252,8 +252,8 @@ _gnutls_ext_sr_send_cs (gnutls_session_t session) extension_priv_data_t epriv; ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, - &epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0) { set = 1; @@ -268,10 +268,10 @@ _gnutls_ext_sr_send_cs (gnutls_session_t session) { priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } epriv.ptr = priv; } else @@ -279,14 +279,14 @@ _gnutls_ext_sr_send_cs (gnutls_session_t session) if (set != 0) _gnutls_ext_set_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); return 0; } static int _gnutls_sr_recv_params (gnutls_session_t session, - const opaque * data, size_t _data_size) + const opaque * data, size_t _data_size) { int len = data[0]; ssize_t data_size = _data_size; @@ -303,8 +303,8 @@ _gnutls_sr_recv_params (gnutls_session_t session, } ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, - &epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0 && session->security_parameters.entity == GNUTLS_SERVER) { set = 1; @@ -319,10 +319,10 @@ _gnutls_sr_recv_params (gnutls_session_t session, { priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } epriv.ptr = priv; } else @@ -357,13 +357,13 @@ _gnutls_sr_recv_params (gnutls_session_t session, if (set != 0) _gnutls_ext_set_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); return 0; } static int _gnutls_sr_send_params (gnutls_session_t session, - opaque * data, size_t _data_size) + opaque * data, size_t _data_size) { /* The format of this extension is a one-byte length of verify data followed * by the verify data itself. Note that the length byte does not include @@ -382,8 +382,8 @@ _gnutls_sr_send_params (gnutls_session_t session, } ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, - &epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0) { set = 1; @@ -393,15 +393,15 @@ _gnutls_sr_send_params (gnutls_session_t session, { priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } epriv.ptr = priv; _gnutls_ext_set_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, - epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + epriv); } else priv = epriv.ptr; @@ -418,24 +418,24 @@ _gnutls_sr_send_params (gnutls_session_t session, DECR_LEN (data_size, priv->client_verify_data_len); if (priv->client_verify_data_len > 0) - memcpy (&data[1], priv->client_verify_data, - priv->client_verify_data_len); + memcpy (&data[1], priv->client_verify_data, + priv->client_verify_data_len); if (session->security_parameters.entity == GNUTLS_SERVER) - { - data[0] += priv->server_verify_data_len; + { + data[0] += priv->server_verify_data_len; - DECR_LEN (data_size, priv->server_verify_data_len); + DECR_LEN (data_size, priv->server_verify_data_len); - if (priv->server_verify_data_len > 0) - memcpy (&data[1 + priv->client_verify_data_len], - priv->server_verify_data, priv->server_verify_data_len); - } + if (priv->server_verify_data_len > 0) + memcpy (&data[1 + priv->client_verify_data_len], + priv->server_verify_data, priv->server_verify_data_len); + } } else return 0; - return 1 + data[0]; /* don't forget the length byte */ + return 1 + data[0]; /* don't forget the length byte */ } static void @@ -464,8 +464,8 @@ gnutls_safe_renegotiation_status (gnutls_session_t session) extension_priv_data_t epriv; ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, - &epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0) { gnutls_assert (); |