summaryrefslogtreecommitdiff
path: root/lib/gnutls_constate.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/gnutls_constate.c')
-rw-r--r--lib/gnutls_constate.c318
1 files changed, 159 insertions, 159 deletions
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index 6120d109bc..a3f2b028de 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -59,7 +59,7 @@ static const int servwrite_length = sizeof (servwrite) - 1;
*/
static int
_gnutls_set_keys (gnutls_session_t session, record_parameters_st * params,
- int hash_size, int IV_size, int key_size, int export_flag)
+ int hash_size, int IV_size, int key_size, int export_flag)
{
/* FIXME: This function is too long
*/
@@ -70,7 +70,7 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params,
char buf[65];
/* avoid using malloc */
opaque key_block[2 * MAX_HASH_SIZE + 2 * MAX_CIPHER_KEY_SIZE +
- 2 * MAX_CIPHER_BLOCK_SIZE];
+ 2 * MAX_CIPHER_BLOCK_SIZE];
record_state_st *client_write, *server_write;
client_write =
@@ -85,50 +85,50 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params,
block_size += 2 * IV_size;
memcpy (rnd, session->security_parameters.server_random,
- GNUTLS_RANDOM_SIZE);
+ GNUTLS_RANDOM_SIZE);
memcpy (&rnd[GNUTLS_RANDOM_SIZE],
- session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
+ session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
memcpy (rrnd, session->security_parameters.client_random,
- GNUTLS_RANDOM_SIZE);
+ GNUTLS_RANDOM_SIZE);
memcpy (&rrnd[GNUTLS_RANDOM_SIZE],
- session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
if (session->security_parameters.version == GNUTLS_SSL3)
- { /* SSL 3 */
+ { /* SSL 3 */
ret =
- _gnutls_ssl3_generate_random
- (session->security_parameters.master_secret, GNUTLS_MASTER_SIZE, rnd,
- 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
+ _gnutls_ssl3_generate_random
+ (session->security_parameters.master_secret, GNUTLS_MASTER_SIZE, rnd,
+ 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
}
else
- { /* TLS 1.0 */
+ { /* TLS 1.0 */
ret =
- _gnutls_PRF (session, session->security_parameters.master_secret,
- GNUTLS_MASTER_SIZE, keyexp, keyexp_length,
- rnd, 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
+ _gnutls_PRF (session, session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE, keyexp, keyexp_length,
+ rnd, 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
}
if (ret < 0)
return gnutls_assert_val (ret);
_gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size,
- _gnutls_bin2hex (key_block, block_size, buf,
- sizeof (buf), NULL));
+ _gnutls_bin2hex (key_block, block_size, buf,
+ sizeof (buf), NULL));
pos = 0;
if (hash_size > 0)
{
if (_gnutls_sset_datum
- (&client_write->mac_secret, &key_block[pos], hash_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ (&client_write->mac_secret, &key_block[pos], hash_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
pos += hash_size;
if (_gnutls_sset_datum
- (&server_write->mac_secret, &key_block[pos], hash_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ (&server_write->mac_secret, &key_block[pos], hash_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
pos += hash_size;
}
@@ -141,94 +141,94 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params,
int client_write_key_size, server_write_key_size;
if (export_flag == 0)
- {
- client_write_key = &key_block[pos];
- client_write_key_size = key_size;
+ {
+ client_write_key = &key_block[pos];
+ client_write_key_size = key_size;
- pos += key_size;
+ pos += key_size;
- server_write_key = &key_block[pos];
- server_write_key_size = key_size;
+ server_write_key = &key_block[pos];
+ server_write_key_size = key_size;
- pos += key_size;
+ pos += key_size;
- }
+ }
else
- { /* export */
- client_write_key = key1;
- server_write_key = key2;
-
- /* generate the final keys */
-
- if (session->security_parameters.version == GNUTLS_SSL3)
- { /* SSL 3 */
- ret =
- _gnutls_ssl3_hash_md5 (&key_block[pos],
- key_size, rrnd,
- 2 * GNUTLS_RANDOM_SIZE,
- EXPORT_FINAL_KEY_SIZE,
- client_write_key);
-
- }
- else
- { /* TLS 1.0 */
- ret =
- _gnutls_PRF (session, &key_block[pos], key_size,
- cliwrite, cliwrite_length,
- rrnd,
- 2 * GNUTLS_RANDOM_SIZE,
- EXPORT_FINAL_KEY_SIZE, client_write_key);
- }
-
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- client_write_key_size = EXPORT_FINAL_KEY_SIZE;
- pos += key_size;
-
- if (session->security_parameters.version == GNUTLS_SSL3)
- { /* SSL 3 */
- ret =
- _gnutls_ssl3_hash_md5 (&key_block[pos], key_size,
- rnd, 2 * GNUTLS_RANDOM_SIZE,
- EXPORT_FINAL_KEY_SIZE,
- server_write_key);
- }
- else
- { /* TLS 1.0 */
- ret =
- _gnutls_PRF (session, &key_block[pos], key_size,
- servwrite, servwrite_length,
- rrnd, 2 * GNUTLS_RANDOM_SIZE,
- EXPORT_FINAL_KEY_SIZE, server_write_key);
- }
-
- if (ret < 0)
- return gnutls_assert_val (ret);
-
- server_write_key_size = EXPORT_FINAL_KEY_SIZE;
- pos += key_size;
- }
+ { /* export */
+ client_write_key = key1;
+ server_write_key = key2;
+
+ /* generate the final keys */
+
+ if (session->security_parameters.version == GNUTLS_SSL3)
+ { /* SSL 3 */
+ ret =
+ _gnutls_ssl3_hash_md5 (&key_block[pos],
+ key_size, rrnd,
+ 2 * GNUTLS_RANDOM_SIZE,
+ EXPORT_FINAL_KEY_SIZE,
+ client_write_key);
+
+ }
+ else
+ { /* TLS 1.0 */
+ ret =
+ _gnutls_PRF (session, &key_block[pos], key_size,
+ cliwrite, cliwrite_length,
+ rrnd,
+ 2 * GNUTLS_RANDOM_SIZE,
+ EXPORT_FINAL_KEY_SIZE, client_write_key);
+ }
+
+ if (ret < 0)
+ return gnutls_assert_val (ret);
+
+ client_write_key_size = EXPORT_FINAL_KEY_SIZE;
+ pos += key_size;
+
+ if (session->security_parameters.version == GNUTLS_SSL3)
+ { /* SSL 3 */
+ ret =
+ _gnutls_ssl3_hash_md5 (&key_block[pos], key_size,
+ rnd, 2 * GNUTLS_RANDOM_SIZE,
+ EXPORT_FINAL_KEY_SIZE,
+ server_write_key);
+ }
+ else
+ { /* TLS 1.0 */
+ ret =
+ _gnutls_PRF (session, &key_block[pos], key_size,
+ servwrite, servwrite_length,
+ rrnd, 2 * GNUTLS_RANDOM_SIZE,
+ EXPORT_FINAL_KEY_SIZE, server_write_key);
+ }
+
+ if (ret < 0)
+ return gnutls_assert_val (ret);
+
+ server_write_key_size = EXPORT_FINAL_KEY_SIZE;
+ pos += key_size;
+ }
if (_gnutls_sset_datum
- (&client_write->key, client_write_key, client_write_key_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ (&client_write->key, client_write_key, client_write_key_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
_gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n",
- client_write_key_size,
- _gnutls_bin2hex (client_write_key,
- client_write_key_size, buf,
- sizeof (buf), NULL));
+ client_write_key_size,
+ _gnutls_bin2hex (client_write_key,
+ client_write_key_size, buf,
+ sizeof (buf), NULL));
if (_gnutls_sset_datum
- (&server_write->key, server_write_key, server_write_key_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ (&server_write->key, server_write_key, server_write_key_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
_gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n",
- server_write_key_size,
- _gnutls_bin2hex (server_write_key,
- server_write_key_size, buf,
- sizeof (buf), NULL));
+ server_write_key_size,
+ _gnutls_bin2hex (server_write_key,
+ server_write_key_size, buf,
+ sizeof (buf), NULL));
}
@@ -238,14 +238,14 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params,
if (IV_size > 0 && export_flag == 0)
{
if (_gnutls_sset_datum
- (&client_write->IV, &key_block[pos], IV_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ (&client_write->IV, &key_block[pos], IV_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
pos += IV_size;
if (_gnutls_sset_datum
- (&server_write->IV, &key_block[pos], IV_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ (&server_write->IV, &key_block[pos], IV_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
pos += IV_size;
@@ -255,36 +255,36 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params,
opaque iv_block[MAX_CIPHER_BLOCK_SIZE * 2];
if (session->security_parameters.version == GNUTLS_SSL3)
- { /* SSL 3 */
- ret = _gnutls_ssl3_hash_md5 ("", 0,
- rrnd, GNUTLS_RANDOM_SIZE * 2,
- IV_size, iv_block);
+ { /* SSL 3 */
+ ret = _gnutls_ssl3_hash_md5 ("", 0,
+ rrnd, GNUTLS_RANDOM_SIZE * 2,
+ IV_size, iv_block);
- if (ret < 0)
- return gnutls_assert_val (ret);
+ if (ret < 0)
+ return gnutls_assert_val (ret);
- ret = _gnutls_ssl3_hash_md5 ("", 0, rnd,
- GNUTLS_RANDOM_SIZE * 2,
- IV_size, &iv_block[IV_size]);
+ ret = _gnutls_ssl3_hash_md5 ("", 0, rnd,
+ GNUTLS_RANDOM_SIZE * 2,
+ IV_size, &iv_block[IV_size]);
- }
+ }
else
- { /* TLS 1.0 */
- ret = _gnutls_PRF (session, "", 0,
- ivblock, ivblock_length, rrnd,
- 2 * GNUTLS_RANDOM_SIZE, IV_size * 2, iv_block);
- }
+ { /* TLS 1.0 */
+ ret = _gnutls_PRF (session, "", 0,
+ ivblock, ivblock_length, rrnd,
+ 2 * GNUTLS_RANDOM_SIZE, IV_size * 2, iv_block);
+ }
if (ret < 0)
- return gnutls_assert_val (ret);
+ return gnutls_assert_val (ret);
if (_gnutls_sset_datum (&client_write->IV, iv_block, IV_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
if (_gnutls_sset_datum
- (&server_write->IV, &iv_block[IV_size], IV_size) < 0)
- return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ (&server_write->IV, &iv_block[IV_size], IV_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
}
return 0;
@@ -292,13 +292,13 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params,
static int
_gnutls_init_record_state (record_parameters_st * params, int read,
- record_state_st * state)
+ record_state_st * state)
{
int ret;
ret = _gnutls_cipher_init (&state->cipher_state,
- params->cipher_algorithm,
- &state->key, &state->IV);
+ params->cipher_algorithm,
+ &state->key, &state->IV);
if (ret < 0 && params->cipher_algorithm != GNUTLS_CIPHER_NULL)
return gnutls_assert_val (ret);
@@ -313,7 +313,7 @@ _gnutls_init_record_state (record_parameters_st * params, int read,
int
_gnutls_epoch_set_cipher_suite (gnutls_session_t session,
- int epoch_rel, cipher_suite_st * suite)
+ int epoch_rel, cipher_suite_st * suite)
{
gnutls_cipher_algorithm_t cipher_algo;
gnutls_mac_algorithm_t mac_algo;
@@ -344,8 +344,8 @@ _gnutls_epoch_set_cipher_suite (gnutls_session_t session,
int
_gnutls_epoch_set_compression (gnutls_session_t session,
- int epoch_rel,
- gnutls_compression_method_t comp_algo)
+ int epoch_rel,
+ gnutls_compression_method_t comp_algo)
{
record_parameters_st *params;
int ret;
@@ -368,7 +368,7 @@ _gnutls_epoch_set_compression (gnutls_session_t session,
void
_gnutls_epoch_set_null_algos (gnutls_session_t session,
- record_parameters_st * params)
+ record_parameters_st * params)
{
/* This is only called on startup. We are extra paranoid about this
because it may cause unencrypted application data to go out on
@@ -490,8 +490,8 @@ _gnutls_connection_state_init (gnutls_session_t session)
static int
_gnutls_check_algos (gnutls_session_t session,
- cipher_suite_st * suite,
- gnutls_compression_method_t comp_algo)
+ cipher_suite_st * suite,
+ gnutls_compression_method_t comp_algo)
{
gnutls_cipher_algorithm_t cipher_algo;
gnutls_mac_algorithm_t mac_algo;
@@ -534,18 +534,18 @@ _gnutls_read_connection_state_init (gnutls_session_t session)
if (session->internals.resumed == RESUME_FALSE)
{
ret = _gnutls_check_algos (session,
- &session->
- security_parameters.current_cipher_suite,
- session->internals.compression_method);
+ &session->
+ security_parameters.current_cipher_suite,
+ session->internals.compression_method);
if (ret < 0)
- return ret;
+ return ret;
ret = _gnutls_set_kx (session,
- _gnutls_cipher_suite_get_kx_algo
- (&session->
- security_parameters.current_cipher_suite));
+ _gnutls_cipher_suite_get_kx_algo
+ (&session->
+ security_parameters.current_cipher_suite));
if (ret < 0)
- return ret;
+ return ret;
}
else if (session->security_parameters.entity == GNUTLS_CLIENT)
_gnutls_set_resumed_parameters (session);
@@ -555,10 +555,10 @@ _gnutls_read_connection_state_init (gnutls_session_t session)
return ret;
_gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n",
- session,
- _gnutls_cipher_suite_get_name
- (&session->
- security_parameters.current_cipher_suite));
+ session,
+ _gnutls_cipher_suite_get_name
+ (&session->
+ security_parameters.current_cipher_suite));
session->security_parameters.epoch_read = epoch_next;
_gnutls_epoch_gc (session);
@@ -583,18 +583,18 @@ _gnutls_write_connection_state_init (gnutls_session_t session)
if (session->internals.resumed == RESUME_FALSE)
{
ret = _gnutls_check_algos (session,
- &session->
- security_parameters.current_cipher_suite,
- session->internals.compression_method);
+ &session->
+ security_parameters.current_cipher_suite,
+ session->internals.compression_method);
if (ret < 0)
- return ret;
+ return ret;
ret = _gnutls_set_kx (session,
- _gnutls_cipher_suite_get_kx_algo
- (&session->
- security_parameters.current_cipher_suite));
+ _gnutls_cipher_suite_get_kx_algo
+ (&session->
+ security_parameters.current_cipher_suite));
if (ret < 0)
- return ret;
+ return ret;
}
else if (session->security_parameters.entity == GNUTLS_SERVER)
_gnutls_set_resumed_parameters (session);
@@ -604,9 +604,9 @@ _gnutls_write_connection_state_init (gnutls_session_t session)
return gnutls_assert_val (ret);
_gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n", session,
- _gnutls_cipher_suite_get_name
- (&session->
- security_parameters.current_cipher_suite));
+ _gnutls_cipher_suite_get_name
+ (&session->
+ security_parameters.current_cipher_suite));
_gnutls_handshake_log
("HSK[%p]: Initializing internal [write] cipher sessions\n", session);
@@ -638,7 +638,7 @@ _gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo)
static inline int
epoch_resolve (gnutls_session_t session,
- unsigned int epoch_rel, uint16_t * epoch_out)
+ unsigned int epoch_rel, uint16_t * epoch_out)
{
switch (epoch_rel)
{
@@ -656,7 +656,7 @@ epoch_resolve (gnutls_session_t session,
default:
if (epoch_rel > 0xffffu)
- return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
+ return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
*epoch_out = epoch_rel;
return 0;
@@ -680,7 +680,7 @@ epoch_get_slot (gnutls_session_t session, uint16_t epoch)
int
_gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel,
- record_parameters_st ** params_out)
+ record_parameters_st ** params_out)
{
uint16_t epoch;
record_parameters_st **params;
@@ -701,7 +701,7 @@ _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel,
int
_gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch,
- record_parameters_st ** out)
+ record_parameters_st ** out)
{
record_parameters_st **slot;
@@ -738,8 +738,8 @@ epoch_alive (gnutls_session_t session, record_parameters_st * params)
/* DTLS will, in addition, need to check the epoch timeout value. */
return (params->epoch == sp->epoch_read
- || params->epoch == sp->epoch_write
- || params->epoch == sp->epoch_next);
+ || params->epoch == sp->epoch_write
+ || params->epoch == sp->epoch_next);
}
void
@@ -753,10 +753,10 @@ _gnutls_epoch_gc (gnutls_session_t session)
/* Free all dead cipher state */
for (i = 0; i < MAX_EPOCH_INDEX; i++)
if (session->record_parameters[i] != NULL
- && !epoch_alive (session, session->record_parameters[i]))
+ && !epoch_alive (session, session->record_parameters[i]))
{
- _gnutls_epoch_free (session, session->record_parameters[i]);
- session->record_parameters[i] = NULL;
+ _gnutls_epoch_free (session, session->record_parameters[i]);
+ session->record_parameters[i] = NULL;
}
/* Look for contiguous NULLs at the start of the array */
View Lorry Controller Status