diff options
Diffstat (limited to 'lib/handshake-checks.c')
-rw-r--r-- | lib/handshake-checks.c | 42 |
1 files changed, 27 insertions, 15 deletions
diff --git a/lib/handshake-checks.c b/lib/handshake-checks.c index f5a3a4d3d2..c7be9e9e19 100644 --- a/lib/handshake-checks.c +++ b/lib/handshake-checks.c @@ -57,15 +57,18 @@ int _gnutls_check_id_for_change(gnutls_session_t session) ai = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); if (ai == NULL) - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + return + gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); username = ai->username; username_length = ai->username_len; #ifdef ENABLE_SRP } else { - srp_server_auth_info_t ai = _gnutls_get_auth_info(session, GNUTLS_CRD_SRP); + srp_server_auth_info_t ai = + _gnutls_get_auth_info(session, GNUTLS_CRD_SRP); if (ai == NULL) - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + return + gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); username = ai->username; username_length = strlen(ai->username); @@ -77,22 +80,29 @@ int _gnutls_check_id_for_change(gnutls_session_t session) if (session->internals.saved_username && session->internals.saved_username_size != -1) { - if (session->internals.saved_username_size == username_length && - strncmp(session->internals.saved_username, username, username_length)) { - _gnutls_debug_log("Session's PSK username changed during rehandshake; aborting!\n"); - return gnutls_assert_val(GNUTLS_E_SESSION_USER_ID_CHANGED); + if (session->internals.saved_username_size == + username_length + && strncmp(session->internals.saved_username, + username, username_length)) { + _gnutls_debug_log + ("Session's PSK username changed during rehandshake; aborting!\n"); + return + gnutls_assert_val + (GNUTLS_E_SESSION_USER_ID_CHANGED); } } else if (session->internals.saved_username == NULL && session->internals.saved_username_size == -1) { if (username_length > MAX_USERNAME_SIZE) - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + return + gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); char *tmp = gnutls_malloc(username_length + 1); if (tmp == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); memcpy(tmp, username, username_length); tmp[username_length] = '\0'; session->internals.saved_username = tmp; - session->internals.saved_username_size = username_length; + session->internals.saved_username_size = + username_length; } else return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); @@ -101,7 +111,8 @@ int _gnutls_check_id_for_change(gnutls_session_t session) return 0; } -int _gnutls_check_if_cert_hash_is_same(gnutls_session_t session, gnutls_certificate_credentials_t cred) +int _gnutls_check_if_cert_hash_is_same(gnutls_session_t session, + gnutls_certificate_credentials_t cred) { cert_auth_info_t ai; char tmp[32]; @@ -114,17 +125,18 @@ int _gnutls_check_if_cert_hash_is_same(gnutls_session_t session, gnutls_certific if (ai == NULL || ai->ncerts == 0) return 0; - ret = gnutls_hash_fast(GNUTLS_DIG_SHA256, + ret = gnutls_hash_fast(GNUTLS_DIG_SHA256, ai->raw_certificate_list[0].data, - ai->raw_certificate_list[0].size, - tmp); + ai->raw_certificate_list[0].size, tmp); if (ret < 0) return gnutls_assert_val(ret); if (session->internals.cert_hash_set) { if (memcmp(tmp, session->internals.cert_hash, 32) != 0) { - _gnutls_debug_log("Session certificate changed during rehandshake; aborting!\n"); - return gnutls_assert_val(GNUTLS_E_SESSION_USER_ID_CHANGED); + _gnutls_debug_log + ("Session certificate changed during rehandshake; aborting!\n"); + return + gnutls_assert_val(GNUTLS_E_SESSION_USER_ID_CHANGED); } } else { memcpy(session->internals.cert_hash, tmp, 32); |