diff options
Diffstat (limited to 'lib/kx.c')
-rw-r--r-- | lib/kx.c | 170 |
1 files changed, 76 insertions, 94 deletions
@@ -36,35 +36,6 @@ #include <datum.h> #include <mbuffers.h> -/* This is a temporary function to be used before the generate_* - internal API is changed to use mbuffers. For now we don't avoid the - extra alloc + memcpy. */ -static int -send_handshake(gnutls_session_t session, uint8_t * data, size_t size, - gnutls_handshake_description_t type) -{ - mbuffer_st *bufel; - - if (data == NULL && size == 0) - return _gnutls_send_handshake(session, NULL, type); - - if (data == NULL && size > 0) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - bufel = _gnutls_handshake_alloc(session, size); - if (bufel == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - _mbuffer_set_udata(bufel, data, size); - - return _gnutls_send_handshake(session, bufel, type); -} - - /* This file contains important thing for the TLS handshake procedure. */ @@ -213,26 +184,29 @@ generate_normal_master(gnutls_session_t session, return ret; } - /* This is called when we want to receive the key exchange message of the * server. It does nothing if this type of message is not required * by the selected ciphersuite. */ int _gnutls_send_server_kx_message(gnutls_session_t session, int again) { - gnutls_buffer_st data; + gnutls_buffer_st buf; int ret = 0; + mbuffer_st *bufel = NULL; if (session->internals.auth_struct->gnutls_generate_server_kx == NULL) return 0; - _gnutls_buffer_init(&data); if (again == 0) { + ret = _gnutls_buffer_init_handshake_mbuffer(&buf); + if (ret < 0) + return gnutls_assert_val(ret); + ret = session->internals.auth_struct-> - gnutls_generate_server_kx(session, &data); + gnutls_generate_server_kx(session, &buf); if (ret == GNUTLS_E_INT_RET_0) { gnutls_assert(); @@ -244,16 +218,14 @@ int _gnutls_send_server_kx_message(gnutls_session_t session, int again) gnutls_assert(); goto cleanup; } - } - ret = send_handshake(session, data.data, data.length, - GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE); - if (ret < 0) { - gnutls_assert(); + bufel = _gnutls_buffer_to_mbuffer(&buf); } - cleanup: - _gnutls_buffer_clear(&data); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE); + + cleanup: + _gnutls_buffer_clear(&buf); return ret; } @@ -262,8 +234,9 @@ int _gnutls_send_server_kx_message(gnutls_session_t session, int again) */ int _gnutls_send_server_crt_request(gnutls_session_t session, int again) { - gnutls_buffer_st data; + gnutls_buffer_st buf; int ret = 0; + mbuffer_st *bufel = NULL; if (session->internals.auth_struct-> gnutls_generate_server_crt_request == NULL) @@ -272,27 +245,28 @@ int _gnutls_send_server_crt_request(gnutls_session_t session, int again) if (session->internals.send_cert_req <= 0) return 0; - _gnutls_buffer_init(&data); if (again == 0) { + ret = _gnutls_buffer_init_handshake_mbuffer(&buf); + if (ret < 0) + return gnutls_assert_val(ret); + ret = session->internals.auth_struct-> - gnutls_generate_server_crt_request(session, &data); + gnutls_generate_server_crt_request(session, &buf); if (ret < 0) { gnutls_assert(); goto cleanup; } - } - ret = send_handshake(session, data.data, data.length, - GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST); - if (ret < 0) { - gnutls_assert(); + bufel = _gnutls_buffer_to_mbuffer(&buf); } - cleanup: - _gnutls_buffer_clear(&data); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST); + + cleanup: + _gnutls_buffer_clear(&buf); return ret; } @@ -302,32 +276,34 @@ int _gnutls_send_server_crt_request(gnutls_session_t session, int again) */ int _gnutls_send_client_kx_message(gnutls_session_t session, int again) { - gnutls_buffer_st data; + gnutls_buffer_st buf; int ret = 0; + mbuffer_st *bufel = NULL; if (session->internals.auth_struct->gnutls_generate_client_kx == NULL) return 0; - _gnutls_buffer_init(&data); - if (again == 0) { + ret = _gnutls_buffer_init_handshake_mbuffer(&buf); + if (ret < 0) + return gnutls_assert_val(ret); + ret = session->internals.auth_struct-> - gnutls_generate_client_kx(session, &data); + gnutls_generate_client_kx(session, &buf); if (ret < 0) { gnutls_assert(); goto cleanup; } - } - ret = send_handshake(session, data.data, data.length, - GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE); - if (ret < 0) { - gnutls_assert(); + + bufel = _gnutls_buffer_to_mbuffer(&buf); } - cleanup: - _gnutls_buffer_clear(&data); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE); + + cleanup: + _gnutls_buffer_clear(&buf); return ret; } @@ -338,8 +314,9 @@ int _gnutls_send_client_kx_message(gnutls_session_t session, int again) int _gnutls_send_client_certificate_verify(gnutls_session_t session, int again) { - gnutls_buffer_st data; + gnutls_buffer_st buf; int ret = 0; + mbuffer_st *bufel = NULL; /* This is a packet that is only sent by the client */ @@ -359,12 +336,14 @@ _gnutls_send_client_certificate_verify(gnutls_session_t session, int again) */ } - _gnutls_buffer_init(&data); - if (again == 0) { + ret = _gnutls_buffer_init_handshake_mbuffer(&buf); + if (ret < 0) + return gnutls_assert_val(ret); + ret = session->internals.auth_struct-> - gnutls_generate_client_crt_vrfy(session, &data); + gnutls_generate_client_crt_vrfy(session, &buf); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -373,16 +352,14 @@ _gnutls_send_client_certificate_verify(gnutls_session_t session, int again) if (ret == 0) goto cleanup; - } - ret = send_handshake(session, data.data, data.length, - GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY); - if (ret < 0) { - gnutls_assert(); + bufel = _gnutls_buffer_to_mbuffer(&buf); } - cleanup: - _gnutls_buffer_clear(&data); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY); + + cleanup: + _gnutls_buffer_clear(&buf); return ret; } @@ -390,9 +367,9 @@ _gnutls_send_client_certificate_verify(gnutls_session_t session, int again) */ int _gnutls_send_client_certificate(gnutls_session_t session, int again) { - gnutls_buffer_st data; + gnutls_buffer_st buf; int ret = 0; - + mbuffer_st *bufel = NULL; if (session->internals.crt_requested == 0) return 0; @@ -401,9 +378,11 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again) gnutls_generate_client_certificate == NULL) return 0; - _gnutls_buffer_init(&data); - if (again == 0) { + ret = _gnutls_buffer_init_handshake_mbuffer(&buf); + if (ret < 0) + return gnutls_assert_val(ret); + #ifdef ENABLE_SSL3 if (get_num_version(session) != GNUTLS_SSL3 || session->internals.selected_cert_list_length > 0) @@ -414,13 +393,15 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again) ret = session->internals.auth_struct-> gnutls_generate_client_certificate(session, - &data); + &buf); if (ret < 0) { gnutls_assert(); goto cleanup; } } + + bufel = _gnutls_buffer_to_mbuffer(&buf); } #ifdef ENABLE_SSL3 @@ -430,18 +411,18 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again) */ if (get_num_version(session) == GNUTLS_SSL3 && session->internals.selected_cert_list_length == 0) { - ret = + _mbuffer_xfree(&bufel); + return gnutls_alert_send(session, GNUTLS_AL_WARNING, GNUTLS_A_SSL3_NO_CERTIFICATE); } else /* TLS 1.0 or SSL 3.0 with a valid certificate */ #endif - ret = send_handshake(session, data.data, data.length, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_PKT); - cleanup: - _gnutls_buffer_clear(&data); + cleanup: + _gnutls_buffer_clear(&buf); return ret; } @@ -450,34 +431,35 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again) */ int _gnutls_send_server_certificate(gnutls_session_t session, int again) { - gnutls_buffer_st data; + gnutls_buffer_st buf; int ret = 0; - + mbuffer_st *bufel = NULL; if (session->internals.auth_struct-> gnutls_generate_server_certificate == NULL) return 0; - _gnutls_buffer_init(&data); - if (again == 0) { + ret = _gnutls_buffer_init_handshake_mbuffer(&buf); + if (ret < 0) + return gnutls_assert_val(ret); + ret = session->internals.auth_struct-> - gnutls_generate_server_certificate(session, &data); + gnutls_generate_server_certificate(session, &buf); if (ret < 0) { gnutls_assert(); goto cleanup; } - } - ret = send_handshake(session, data.data, data.length, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT); - if (ret < 0) { - gnutls_assert(); + + bufel = _gnutls_buffer_to_mbuffer(&buf); } - cleanup: - _gnutls_buffer_clear(&data); + return _gnutls_send_handshake(session, bufel, GNUTLS_HANDSHAKE_CERTIFICATE_PKT); + + cleanup: + _gnutls_buffer_clear(&buf); return ret; } |