summaryrefslogtreecommitdiff
path: root/lib/kx.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/kx.c')
-rw-r--r--lib/kx.c170
1 files changed, 76 insertions, 94 deletions
diff --git a/lib/kx.c b/lib/kx.c
index ef19563191..cb0eb4fd89 100644
--- a/lib/kx.c
+++ b/lib/kx.c
@@ -36,35 +36,6 @@
#include <datum.h>
#include <mbuffers.h>
-/* This is a temporary function to be used before the generate_*
- internal API is changed to use mbuffers. For now we don't avoid the
- extra alloc + memcpy. */
-static int
-send_handshake(gnutls_session_t session, uint8_t * data, size_t size,
- gnutls_handshake_description_t type)
-{
- mbuffer_st *bufel;
-
- if (data == NULL && size == 0)
- return _gnutls_send_handshake(session, NULL, type);
-
- if (data == NULL && size > 0) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- bufel = _gnutls_handshake_alloc(session, size);
- if (bufel == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- _mbuffer_set_udata(bufel, data, size);
-
- return _gnutls_send_handshake(session, bufel, type);
-}
-
-
/* This file contains important thing for the TLS handshake procedure.
*/
@@ -213,26 +184,29 @@ generate_normal_master(gnutls_session_t session,
return ret;
}
-
/* This is called when we want to receive the key exchange message of the
* server. It does nothing if this type of message is not required
* by the selected ciphersuite.
*/
int _gnutls_send_server_kx_message(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
+ gnutls_buffer_st buf;
int ret = 0;
+ mbuffer_st *bufel = NULL;
if (session->internals.auth_struct->gnutls_generate_server_kx ==
NULL)
return 0;
- _gnutls_buffer_init(&data);
if (again == 0) {
+ ret = _gnutls_buffer_init_handshake_mbuffer(&buf);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
ret =
session->internals.auth_struct->
- gnutls_generate_server_kx(session, &data);
+ gnutls_generate_server_kx(session, &buf);
if (ret == GNUTLS_E_INT_RET_0) {
gnutls_assert();
@@ -244,16 +218,14 @@ int _gnutls_send_server_kx_message(gnutls_session_t session, int again)
gnutls_assert();
goto cleanup;
}
- }
- ret = send_handshake(session, data.data, data.length,
- GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE);
- if (ret < 0) {
- gnutls_assert();
+ bufel = _gnutls_buffer_to_mbuffer(&buf);
}
- cleanup:
- _gnutls_buffer_clear(&data);
+ return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE);
+
+ cleanup:
+ _gnutls_buffer_clear(&buf);
return ret;
}
@@ -262,8 +234,9 @@ int _gnutls_send_server_kx_message(gnutls_session_t session, int again)
*/
int _gnutls_send_server_crt_request(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
+ gnutls_buffer_st buf;
int ret = 0;
+ mbuffer_st *bufel = NULL;
if (session->internals.auth_struct->
gnutls_generate_server_crt_request == NULL)
@@ -272,27 +245,28 @@ int _gnutls_send_server_crt_request(gnutls_session_t session, int again)
if (session->internals.send_cert_req <= 0)
return 0;
- _gnutls_buffer_init(&data);
if (again == 0) {
+ ret = _gnutls_buffer_init_handshake_mbuffer(&buf);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
ret =
session->internals.auth_struct->
- gnutls_generate_server_crt_request(session, &data);
+ gnutls_generate_server_crt_request(session, &buf);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- }
- ret = send_handshake(session, data.data, data.length,
- GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST);
- if (ret < 0) {
- gnutls_assert();
+ bufel = _gnutls_buffer_to_mbuffer(&buf);
}
- cleanup:
- _gnutls_buffer_clear(&data);
+ return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST);
+
+ cleanup:
+ _gnutls_buffer_clear(&buf);
return ret;
}
@@ -302,32 +276,34 @@ int _gnutls_send_server_crt_request(gnutls_session_t session, int again)
*/
int _gnutls_send_client_kx_message(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
+ gnutls_buffer_st buf;
int ret = 0;
+ mbuffer_st *bufel = NULL;
if (session->internals.auth_struct->gnutls_generate_client_kx ==
NULL)
return 0;
- _gnutls_buffer_init(&data);
-
if (again == 0) {
+ ret = _gnutls_buffer_init_handshake_mbuffer(&buf);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
ret =
session->internals.auth_struct->
- gnutls_generate_client_kx(session, &data);
+ gnutls_generate_client_kx(session, &buf);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- }
- ret = send_handshake(session, data.data, data.length,
- GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE);
- if (ret < 0) {
- gnutls_assert();
+
+ bufel = _gnutls_buffer_to_mbuffer(&buf);
}
- cleanup:
- _gnutls_buffer_clear(&data);
+ return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE);
+
+ cleanup:
+ _gnutls_buffer_clear(&buf);
return ret;
}
@@ -338,8 +314,9 @@ int _gnutls_send_client_kx_message(gnutls_session_t session, int again)
int
_gnutls_send_client_certificate_verify(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
+ gnutls_buffer_st buf;
int ret = 0;
+ mbuffer_st *bufel = NULL;
/* This is a packet that is only sent by the client
*/
@@ -359,12 +336,14 @@ _gnutls_send_client_certificate_verify(gnutls_session_t session, int again)
*/
}
- _gnutls_buffer_init(&data);
-
if (again == 0) {
+ ret = _gnutls_buffer_init_handshake_mbuffer(&buf);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
ret =
session->internals.auth_struct->
- gnutls_generate_client_crt_vrfy(session, &data);
+ gnutls_generate_client_crt_vrfy(session, &buf);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -373,16 +352,14 @@ _gnutls_send_client_certificate_verify(gnutls_session_t session, int again)
if (ret == 0)
goto cleanup;
- }
- ret = send_handshake(session, data.data, data.length,
- GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY);
- if (ret < 0) {
- gnutls_assert();
+ bufel = _gnutls_buffer_to_mbuffer(&buf);
}
- cleanup:
- _gnutls_buffer_clear(&data);
+ return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY);
+
+ cleanup:
+ _gnutls_buffer_clear(&buf);
return ret;
}
@@ -390,9 +367,9 @@ _gnutls_send_client_certificate_verify(gnutls_session_t session, int again)
*/
int _gnutls_send_client_certificate(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
+ gnutls_buffer_st buf;
int ret = 0;
-
+ mbuffer_st *bufel = NULL;
if (session->internals.crt_requested == 0)
return 0;
@@ -401,9 +378,11 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again)
gnutls_generate_client_certificate == NULL)
return 0;
- _gnutls_buffer_init(&data);
-
if (again == 0) {
+ ret = _gnutls_buffer_init_handshake_mbuffer(&buf);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
#ifdef ENABLE_SSL3
if (get_num_version(session) != GNUTLS_SSL3 ||
session->internals.selected_cert_list_length > 0)
@@ -414,13 +393,15 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again)
ret =
session->internals.auth_struct->
gnutls_generate_client_certificate(session,
- &data);
+ &buf);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
}
+
+ bufel = _gnutls_buffer_to_mbuffer(&buf);
}
#ifdef ENABLE_SSL3
@@ -430,18 +411,18 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again)
*/
if (get_num_version(session) == GNUTLS_SSL3 &&
session->internals.selected_cert_list_length == 0) {
- ret =
+ _mbuffer_xfree(&bufel);
+ return
gnutls_alert_send(session, GNUTLS_AL_WARNING,
GNUTLS_A_SSL3_NO_CERTIFICATE);
} else /* TLS 1.0 or SSL 3.0 with a valid certificate
*/
#endif
- ret = send_handshake(session, data.data, data.length,
- GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
+ return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
- cleanup:
- _gnutls_buffer_clear(&data);
+ cleanup:
+ _gnutls_buffer_clear(&buf);
return ret;
}
@@ -450,34 +431,35 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again)
*/
int _gnutls_send_server_certificate(gnutls_session_t session, int again)
{
- gnutls_buffer_st data;
+ gnutls_buffer_st buf;
int ret = 0;
-
+ mbuffer_st *bufel = NULL;
if (session->internals.auth_struct->
gnutls_generate_server_certificate == NULL)
return 0;
- _gnutls_buffer_init(&data);
-
if (again == 0) {
+ ret = _gnutls_buffer_init_handshake_mbuffer(&buf);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
ret =
session->internals.auth_struct->
- gnutls_generate_server_certificate(session, &data);
+ gnutls_generate_server_certificate(session, &buf);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- }
- ret = send_handshake(session, data.data, data.length,
- GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
- if (ret < 0) {
- gnutls_assert();
+
+ bufel = _gnutls_buffer_to_mbuffer(&buf);
}
- cleanup:
- _gnutls_buffer_clear(&data);
+ return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
+
+ cleanup:
+ _gnutls_buffer_clear(&buf);
return ret;
}
View Lorry Controller Status