diff options
Diffstat (limited to 'lib/gnutls_constate.c')
-rw-r--r-- | lib/gnutls_constate.c | 318 |
1 files changed, 159 insertions, 159 deletions
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index 6120d109bc..a3f2b028de 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -59,7 +59,7 @@ static const int servwrite_length = sizeof (servwrite) - 1; */ static int _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params, - int hash_size, int IV_size, int key_size, int export_flag) + int hash_size, int IV_size, int key_size, int export_flag) { /* FIXME: This function is too long */ @@ -70,7 +70,7 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params, char buf[65]; /* avoid using malloc */ opaque key_block[2 * MAX_HASH_SIZE + 2 * MAX_CIPHER_KEY_SIZE + - 2 * MAX_CIPHER_BLOCK_SIZE]; + 2 * MAX_CIPHER_BLOCK_SIZE]; record_state_st *client_write, *server_write; client_write = @@ -85,50 +85,50 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params, block_size += 2 * IV_size; memcpy (rnd, session->security_parameters.server_random, - GNUTLS_RANDOM_SIZE); + GNUTLS_RANDOM_SIZE); memcpy (&rnd[GNUTLS_RANDOM_SIZE], - session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); + session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); memcpy (rrnd, session->security_parameters.client_random, - GNUTLS_RANDOM_SIZE); + GNUTLS_RANDOM_SIZE); memcpy (&rrnd[GNUTLS_RANDOM_SIZE], - session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); + session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); if (session->security_parameters.version == GNUTLS_SSL3) - { /* SSL 3 */ + { /* SSL 3 */ ret = - _gnutls_ssl3_generate_random - (session->security_parameters.master_secret, GNUTLS_MASTER_SIZE, rnd, - 2 * GNUTLS_RANDOM_SIZE, block_size, key_block); + _gnutls_ssl3_generate_random + (session->security_parameters.master_secret, GNUTLS_MASTER_SIZE, rnd, + 2 * GNUTLS_RANDOM_SIZE, block_size, key_block); } else - { /* TLS 1.0 */ + { /* TLS 1.0 */ ret = - _gnutls_PRF (session, session->security_parameters.master_secret, - GNUTLS_MASTER_SIZE, keyexp, keyexp_length, - rnd, 2 * GNUTLS_RANDOM_SIZE, block_size, key_block); + _gnutls_PRF (session, session->security_parameters.master_secret, + GNUTLS_MASTER_SIZE, keyexp, keyexp_length, + rnd, 2 * GNUTLS_RANDOM_SIZE, block_size, key_block); } if (ret < 0) return gnutls_assert_val (ret); _gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size, - _gnutls_bin2hex (key_block, block_size, buf, - sizeof (buf), NULL)); + _gnutls_bin2hex (key_block, block_size, buf, + sizeof (buf), NULL)); pos = 0; if (hash_size > 0) { if (_gnutls_sset_datum - (&client_write->mac_secret, &key_block[pos], hash_size) < 0) - return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); + (&client_write->mac_secret, &key_block[pos], hash_size) < 0) + return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); pos += hash_size; if (_gnutls_sset_datum - (&server_write->mac_secret, &key_block[pos], hash_size) < 0) - return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); + (&server_write->mac_secret, &key_block[pos], hash_size) < 0) + return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); pos += hash_size; } @@ -141,94 +141,94 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params, int client_write_key_size, server_write_key_size; if (export_flag == 0) - { - client_write_key = &key_block[pos]; - client_write_key_size = key_size; + { + client_write_key = &key_block[pos]; + client_write_key_size = key_size; - pos += key_size; + pos += key_size; - server_write_key = &key_block[pos]; - server_write_key_size = key_size; + server_write_key = &key_block[pos]; + server_write_key_size = key_size; - pos += key_size; + pos += key_size; - } + } else - { /* export */ - client_write_key = key1; - server_write_key = key2; - - /* generate the final keys */ - - if (session->security_parameters.version == GNUTLS_SSL3) - { /* SSL 3 */ - ret = - _gnutls_ssl3_hash_md5 (&key_block[pos], - key_size, rrnd, - 2 * GNUTLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, - client_write_key); - - } - else - { /* TLS 1.0 */ - ret = - _gnutls_PRF (session, &key_block[pos], key_size, - cliwrite, cliwrite_length, - rrnd, - 2 * GNUTLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, client_write_key); - } - - if (ret < 0) - return gnutls_assert_val (ret); - - client_write_key_size = EXPORT_FINAL_KEY_SIZE; - pos += key_size; - - if (session->security_parameters.version == GNUTLS_SSL3) - { /* SSL 3 */ - ret = - _gnutls_ssl3_hash_md5 (&key_block[pos], key_size, - rnd, 2 * GNUTLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, - server_write_key); - } - else - { /* TLS 1.0 */ - ret = - _gnutls_PRF (session, &key_block[pos], key_size, - servwrite, servwrite_length, - rrnd, 2 * GNUTLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, server_write_key); - } - - if (ret < 0) - return gnutls_assert_val (ret); - - server_write_key_size = EXPORT_FINAL_KEY_SIZE; - pos += key_size; - } + { /* export */ + client_write_key = key1; + server_write_key = key2; + + /* generate the final keys */ + + if (session->security_parameters.version == GNUTLS_SSL3) + { /* SSL 3 */ + ret = + _gnutls_ssl3_hash_md5 (&key_block[pos], + key_size, rrnd, + 2 * GNUTLS_RANDOM_SIZE, + EXPORT_FINAL_KEY_SIZE, + client_write_key); + + } + else + { /* TLS 1.0 */ + ret = + _gnutls_PRF (session, &key_block[pos], key_size, + cliwrite, cliwrite_length, + rrnd, + 2 * GNUTLS_RANDOM_SIZE, + EXPORT_FINAL_KEY_SIZE, client_write_key); + } + + if (ret < 0) + return gnutls_assert_val (ret); + + client_write_key_size = EXPORT_FINAL_KEY_SIZE; + pos += key_size; + + if (session->security_parameters.version == GNUTLS_SSL3) + { /* SSL 3 */ + ret = + _gnutls_ssl3_hash_md5 (&key_block[pos], key_size, + rnd, 2 * GNUTLS_RANDOM_SIZE, + EXPORT_FINAL_KEY_SIZE, + server_write_key); + } + else + { /* TLS 1.0 */ + ret = + _gnutls_PRF (session, &key_block[pos], key_size, + servwrite, servwrite_length, + rrnd, 2 * GNUTLS_RANDOM_SIZE, + EXPORT_FINAL_KEY_SIZE, server_write_key); + } + + if (ret < 0) + return gnutls_assert_val (ret); + + server_write_key_size = EXPORT_FINAL_KEY_SIZE; + pos += key_size; + } if (_gnutls_sset_datum - (&client_write->key, client_write_key, client_write_key_size) < 0) - return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); + (&client_write->key, client_write_key, client_write_key_size) < 0) + return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); _gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n", - client_write_key_size, - _gnutls_bin2hex (client_write_key, - client_write_key_size, buf, - sizeof (buf), NULL)); + client_write_key_size, + _gnutls_bin2hex (client_write_key, + client_write_key_size, buf, + sizeof (buf), NULL)); if (_gnutls_sset_datum - (&server_write->key, server_write_key, server_write_key_size) < 0) - return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); + (&server_write->key, server_write_key, server_write_key_size) < 0) + return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); _gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n", - server_write_key_size, - _gnutls_bin2hex (server_write_key, - server_write_key_size, buf, - sizeof (buf), NULL)); + server_write_key_size, + _gnutls_bin2hex (server_write_key, + server_write_key_size, buf, + sizeof (buf), NULL)); } @@ -238,14 +238,14 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params, if (IV_size > 0 && export_flag == 0) { if (_gnutls_sset_datum - (&client_write->IV, &key_block[pos], IV_size) < 0) - return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); + (&client_write->IV, &key_block[pos], IV_size) < 0) + return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); pos += IV_size; if (_gnutls_sset_datum - (&server_write->IV, &key_block[pos], IV_size) < 0) - return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); + (&server_write->IV, &key_block[pos], IV_size) < 0) + return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); pos += IV_size; @@ -255,36 +255,36 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params, opaque iv_block[MAX_CIPHER_BLOCK_SIZE * 2]; if (session->security_parameters.version == GNUTLS_SSL3) - { /* SSL 3 */ - ret = _gnutls_ssl3_hash_md5 ("", 0, - rrnd, GNUTLS_RANDOM_SIZE * 2, - IV_size, iv_block); + { /* SSL 3 */ + ret = _gnutls_ssl3_hash_md5 ("", 0, + rrnd, GNUTLS_RANDOM_SIZE * 2, + IV_size, iv_block); - if (ret < 0) - return gnutls_assert_val (ret); + if (ret < 0) + return gnutls_assert_val (ret); - ret = _gnutls_ssl3_hash_md5 ("", 0, rnd, - GNUTLS_RANDOM_SIZE * 2, - IV_size, &iv_block[IV_size]); + ret = _gnutls_ssl3_hash_md5 ("", 0, rnd, + GNUTLS_RANDOM_SIZE * 2, + IV_size, &iv_block[IV_size]); - } + } else - { /* TLS 1.0 */ - ret = _gnutls_PRF (session, "", 0, - ivblock, ivblock_length, rrnd, - 2 * GNUTLS_RANDOM_SIZE, IV_size * 2, iv_block); - } + { /* TLS 1.0 */ + ret = _gnutls_PRF (session, "", 0, + ivblock, ivblock_length, rrnd, + 2 * GNUTLS_RANDOM_SIZE, IV_size * 2, iv_block); + } if (ret < 0) - return gnutls_assert_val (ret); + return gnutls_assert_val (ret); if (_gnutls_sset_datum (&client_write->IV, iv_block, IV_size) < 0) - return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); + return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); if (_gnutls_sset_datum - (&server_write->IV, &iv_block[IV_size], IV_size) < 0) - return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); + (&server_write->IV, &iv_block[IV_size], IV_size) < 0) + return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); } return 0; @@ -292,13 +292,13 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params, static int _gnutls_init_record_state (record_parameters_st * params, int read, - record_state_st * state) + record_state_st * state) { int ret; ret = _gnutls_cipher_init (&state->cipher_state, - params->cipher_algorithm, - &state->key, &state->IV); + params->cipher_algorithm, + &state->key, &state->IV); if (ret < 0 && params->cipher_algorithm != GNUTLS_CIPHER_NULL) return gnutls_assert_val (ret); @@ -313,7 +313,7 @@ _gnutls_init_record_state (record_parameters_st * params, int read, int _gnutls_epoch_set_cipher_suite (gnutls_session_t session, - int epoch_rel, cipher_suite_st * suite) + int epoch_rel, cipher_suite_st * suite) { gnutls_cipher_algorithm_t cipher_algo; gnutls_mac_algorithm_t mac_algo; @@ -344,8 +344,8 @@ _gnutls_epoch_set_cipher_suite (gnutls_session_t session, int _gnutls_epoch_set_compression (gnutls_session_t session, - int epoch_rel, - gnutls_compression_method_t comp_algo) + int epoch_rel, + gnutls_compression_method_t comp_algo) { record_parameters_st *params; int ret; @@ -368,7 +368,7 @@ _gnutls_epoch_set_compression (gnutls_session_t session, void _gnutls_epoch_set_null_algos (gnutls_session_t session, - record_parameters_st * params) + record_parameters_st * params) { /* This is only called on startup. We are extra paranoid about this because it may cause unencrypted application data to go out on @@ -490,8 +490,8 @@ _gnutls_connection_state_init (gnutls_session_t session) static int _gnutls_check_algos (gnutls_session_t session, - cipher_suite_st * suite, - gnutls_compression_method_t comp_algo) + cipher_suite_st * suite, + gnutls_compression_method_t comp_algo) { gnutls_cipher_algorithm_t cipher_algo; gnutls_mac_algorithm_t mac_algo; @@ -534,18 +534,18 @@ _gnutls_read_connection_state_init (gnutls_session_t session) if (session->internals.resumed == RESUME_FALSE) { ret = _gnutls_check_algos (session, - &session-> - security_parameters.current_cipher_suite, - session->internals.compression_method); + &session-> + security_parameters.current_cipher_suite, + session->internals.compression_method); if (ret < 0) - return ret; + return ret; ret = _gnutls_set_kx (session, - _gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite)); + _gnutls_cipher_suite_get_kx_algo + (&session-> + security_parameters.current_cipher_suite)); if (ret < 0) - return ret; + return ret; } else if (session->security_parameters.entity == GNUTLS_CLIENT) _gnutls_set_resumed_parameters (session); @@ -555,10 +555,10 @@ _gnutls_read_connection_state_init (gnutls_session_t session) return ret; _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n", - session, - _gnutls_cipher_suite_get_name - (&session-> - security_parameters.current_cipher_suite)); + session, + _gnutls_cipher_suite_get_name + (&session-> + security_parameters.current_cipher_suite)); session->security_parameters.epoch_read = epoch_next; _gnutls_epoch_gc (session); @@ -583,18 +583,18 @@ _gnutls_write_connection_state_init (gnutls_session_t session) if (session->internals.resumed == RESUME_FALSE) { ret = _gnutls_check_algos (session, - &session-> - security_parameters.current_cipher_suite, - session->internals.compression_method); + &session-> + security_parameters.current_cipher_suite, + session->internals.compression_method); if (ret < 0) - return ret; + return ret; ret = _gnutls_set_kx (session, - _gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite)); + _gnutls_cipher_suite_get_kx_algo + (&session-> + security_parameters.current_cipher_suite)); if (ret < 0) - return ret; + return ret; } else if (session->security_parameters.entity == GNUTLS_SERVER) _gnutls_set_resumed_parameters (session); @@ -604,9 +604,9 @@ _gnutls_write_connection_state_init (gnutls_session_t session) return gnutls_assert_val (ret); _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n", session, - _gnutls_cipher_suite_get_name - (&session-> - security_parameters.current_cipher_suite)); + _gnutls_cipher_suite_get_name + (&session-> + security_parameters.current_cipher_suite)); _gnutls_handshake_log ("HSK[%p]: Initializing internal [write] cipher sessions\n", session); @@ -638,7 +638,7 @@ _gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo) static inline int epoch_resolve (gnutls_session_t session, - unsigned int epoch_rel, uint16_t * epoch_out) + unsigned int epoch_rel, uint16_t * epoch_out) { switch (epoch_rel) { @@ -656,7 +656,7 @@ epoch_resolve (gnutls_session_t session, default: if (epoch_rel > 0xffffu) - return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST); + return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST); *epoch_out = epoch_rel; return 0; @@ -680,7 +680,7 @@ epoch_get_slot (gnutls_session_t session, uint16_t epoch) int _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel, - record_parameters_st ** params_out) + record_parameters_st ** params_out) { uint16_t epoch; record_parameters_st **params; @@ -701,7 +701,7 @@ _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel, int _gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch, - record_parameters_st ** out) + record_parameters_st ** out) { record_parameters_st **slot; @@ -738,8 +738,8 @@ epoch_alive (gnutls_session_t session, record_parameters_st * params) /* DTLS will, in addition, need to check the epoch timeout value. */ return (params->epoch == sp->epoch_read - || params->epoch == sp->epoch_write - || params->epoch == sp->epoch_next); + || params->epoch == sp->epoch_write + || params->epoch == sp->epoch_next); } void @@ -753,10 +753,10 @@ _gnutls_epoch_gc (gnutls_session_t session) /* Free all dead cipher state */ for (i = 0; i < MAX_EPOCH_INDEX; i++) if (session->record_parameters[i] != NULL - && !epoch_alive (session, session->record_parameters[i])) + && !epoch_alive (session, session->record_parameters[i])) { - _gnutls_epoch_free (session, session->record_parameters[i]); - session->record_parameters[i] = NULL; + _gnutls_epoch_free (session, session->record_parameters[i]); + session->record_parameters[i] = NULL; } /* Look for contiguous NULLs at the start of the array */ |