[SCM] GNU gnutls branch, master, updated. gnutls_2_9

gnutls-commit
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-48-g2479072

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-48-g2479072
Date:	Fri, 15 Jan 2010 04:12:45 +0000
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=24790726540b1389ef39c28c83049dbd6831cb3a

The branch, master has been updated
       via  24790726540b1389ef39c28c83049dbd6831cb3a (commit)
      from  d75ba16425be5ed98d11ecd1c8fc2f400d8b8792 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 24790726540b1389ef39c28c83049dbd6831cb3a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Fri Jan 15 05:03:03 2010 +0100

    Modified extensions (session ticket, oprfi) to store internal data in 
gnutls internal structure
    and input data only in the security_parameters extension structure.
    
    Session ticket extension will call the user supplied hello function on 
resumption.
    
    (the current API to handle that is inexistant. To be revised)

-----------------------------------------------------------------------

Summary of changes:
 lib/ext_oprfi.c          |   12 ++++++------
 lib/ext_session_ticket.c |   20 +++++++++-----------
 lib/gnutls_constate.c    |    3 +++
 lib/gnutls_handshake.c   |    5 +++--
 lib/gnutls_int.h         |   14 ++++++++------
 5 files changed, 29 insertions(+), 25 deletions(-)

diff --git a/lib/ext_oprfi.c b/lib/ext_oprfi.c
index b187684..a20d9b3 100644
--- a/lib/ext_oprfi.c
+++ b/lib/ext_oprfi.c
@@ -40,7 +40,7 @@ oprfi_recv_server (gnutls_session_t session,
   uint16_t len;
   int ret;
 
-  if (!session->security_parameters.extensions.oprfi_cb)
+  if (!session->internals.oprfi_cb)
     {
       gnutls_assert ();
       return 0;
@@ -152,7 +152,7 @@ oprfi_send_server (gnutls_session_t session, opaque * data, 
size_t _data_size)
   size_t len;
 
   if (!session->security_parameters.extensions.oprfi_client ||
-      !session->security_parameters.extensions.oprfi_cb)
+      !session->internals.oprfi_cb)
     return 0;
 
   /* Allocate buffer for outgoing data. */
@@ -167,8 +167,8 @@ oprfi_send_server (gnutls_session_t session, opaque * data, 
size_t _data_size)
     }
 
   /* Get outgoing data. */
-  ret = session->security_parameters.extensions.oprfi_cb
-    (session, session->security_parameters.extensions.oprfi_userdata,
+  ret = session->internals.oprfi_cb
+    (session, session->internals.oprfi_userdata,
      session->security_parameters.extensions.oprfi_client_len,
      session->security_parameters.extensions.oprfi_client,
      session->security_parameters.extensions.oprfi_server);
@@ -249,6 +249,6 @@ void
 gnutls_oprfi_enable_server (gnutls_session_t session,
                            gnutls_oprfi_callback_func cb, void *userdata)
 {
-  session->security_parameters.extensions.oprfi_cb = cb;
-  session->security_parameters.extensions.oprfi_userdata = userdata;
+  session->internals.oprfi_cb = cb;
+  session->internals.oprfi_userdata = userdata;
 }
diff --git a/lib/ext_session_ticket.c b/lib/ext_session_ticket.c
index a474ba1..f25c739 100644
--- a/lib/ext_session_ticket.c
+++ b/lib/ext_session_ticket.c
@@ -88,7 +88,7 @@ decrypt_ticket (gnutls_session_t session, struct ticket 
*ticket)
 
   /* Check the integrity of ticket using HMAC-SHA-256. */
   mac_secret.data = (void*)
-    session->security_parameters.extensions.session_ticket_key->mac_secret;
+    session->internals.session_ticket_key->mac_secret;
   mac_secret.size = MAC_SECRET_SIZE;
   ret = digest_ticket (&mac_secret, ticket, final);
   if (ret < 0)
@@ -104,7 +104,7 @@ decrypt_ticket (gnutls_session_t session, struct ticket 
*ticket)
     }
 
   /* Decrypt encrypted_state using 128-bit AES in CBC mode. */
-  key.data = 
(void*)session->security_parameters.extensions.session_ticket_key->key;
+  key.data = (void*)session->internals.session_ticket_key->key;
   key.size = KEY_SIZE;
   IV.data = ticket->IV;
   IV.size = IV_SIZE;
@@ -177,9 +177,9 @@ encrypt_ticket (gnutls_session_t session, struct ticket 
*ticket)
   _gnutls_free_datum (&state);
 
   /* Encrypt state using 128-bit AES in CBC mode. */
-  key.data = 
(void*)session->security_parameters.extensions.session_ticket_key->key;
+  key.data = (void*)session->internals.session_ticket_key->key;
   key.size = KEY_SIZE;
-  IV.data = session->security_parameters.extensions.session_ticket_IV;
+  IV.data = session->internals.session_ticket_IV;
   IV.size = IV_SIZE;
   ret =
     _gnutls_cipher_init (&cipher_hd, GNUTLS_CIPHER_AES_128_CBC, &key, &IV);
@@ -202,14 +202,13 @@ encrypt_ticket (gnutls_session_t session, struct ticket 
*ticket)
 
   /* Fill the ticket structure to compute MAC. */
   memcpy (ticket->key_name,
-         session->security_parameters.extensions.
-         session_ticket_key->key_name, KEY_NAME_SIZE);
+         session->internals.session_ticket_key->key_name, KEY_NAME_SIZE);
   memcpy (ticket->IV, IV.data, IV.size);
   ticket->encrypted_state_len = encrypted_state.size;
   ticket->encrypted_state = encrypted_state.data;
 
   mac_secret.data =
-    
(void*)session->security_parameters.extensions.session_ticket_key->mac_secret;
+    (void*)session->internals.session_ticket_key->mac_secret;
   mac_secret.size = MAC_SECRET_SIZE;
   ret = digest_ticket (&mac_secret, ticket, ticket->mac);
   if (ret < 0)
@@ -251,8 +250,7 @@ _gnutls_session_ticket_recv_params (gnutls_session_t 
session,
       /* If the key name of the ticket does not match the one that we
          hold, issue a new ticket. */
       if (memcmp (ticket.key_name,
-                 session->security_parameters.extensions.
-                 session_ticket_key->key_name, KEY_NAME_SIZE))
+                 session->internals.session_ticket_key->key_name, 
KEY_NAME_SIZE))
        {
          session->internals.session_ticket_renew = 1;
          return 0;
@@ -438,7 +436,7 @@ gnutls_session_ticket_enable_server (gnutls_session_t 
session,
     }
 
   ret = _gnutls_rnd (GNUTLS_RND_RANDOM,
-                    session->security_parameters.extensions.
+                    session->internals.
                     session_ticket_IV, IV_SIZE);
   if (ret < 0)
     {
@@ -446,7 +444,7 @@ gnutls_session_ticket_enable_server (gnutls_session_t 
session,
       return ret;
     }
 
-  session->security_parameters.extensions.session_ticket_key =
+  session->internals.session_ticket_key =
     (struct gnutls_session_ticket_key_st *) key->data;
   session->internals.session_ticket_enable = 1;
   return 0;
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index 338c060..4fe6e49 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -381,6 +381,9 @@ _gnutls_set_write_keys (gnutls_session_t session)
 }
 
 #define CPY_EXTENSIONS \
+        gnutls_free(dst->extensions.session_ticket); \
+        gnutls_free(dst->extensions.oprfi_client); \
+        gnutls_free(dst->extensions.oprfi_server); \
        memcpy(&dst->extensions.server_names, &src->extensions, 
sizeof(src->extensions)); \
        memset(&src->extensions, 0, sizeof(src->extensions)) /* avoid duplicate 
free's */
 
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 9ea7bd2..2575894 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -470,7 +470,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque 
* data,
   pos += session_id_len;
 
   if (ret == 0)
-    {                          /* resumed! */
+    { /* resumed using default TLS resumption! */
       /* Parse only the safe renegotiation extension
        * We don't want to parse any other extensions since
        * we don't want new extension values to overwrite the
@@ -585,7 +585,8 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque 
* data,
        session->security_parameters.max_record_send_size;
 
       resume_copy_required_values (session);
-       return 0;
+
+      return _gnutls_user_hello_func (session, adv_version);
     }
 
   /* select an appropriate cipher suite
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index df5dc4f..5799d46 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -338,17 +338,11 @@ typedef struct
    ***/
 
   /* Opaque PRF input. */
-  gnutls_oprfi_callback_func oprfi_cb;
-  const void *oprfi_userdata;
   opaque *oprfi_client;
   uint16_t oprfi_client_len;
   opaque *oprfi_server;
   uint16_t oprfi_server_len;
 
-  /* Session Ticket */
-  const struct gnutls_session_ticket_key_st *session_ticket_key;
-  opaque session_ticket_IV[SESSION_TICKET_IV_SIZE];
-
   /* Safe renegotiation. */
   uint8_t client_verify_data[MAX_VERIFY_DATA_SIZE]; 
   size_t client_verify_data_len;
@@ -750,6 +744,14 @@ typedef struct
   int safe_renegotiation_received:1;
   int initial_negotiation_completed:1;
 
+  /* Oprfi */
+  gnutls_oprfi_callback_func oprfi_cb;
+  const void *oprfi_userdata;
+
+  /* Session Ticket */
+  struct gnutls_session_ticket_key_st *session_ticket_key;
+  opaque session_ticket_IV[SESSION_TICKET_IV_SIZE];
+
   /* If you add anything here, check _gnutls_handshake_internal_state_clear().
    */
 } internals_st;


hooks/post-receive
-- 
GNU gnutls
[Prev in Thread]
Current Thread
[Next in Thread]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-48-g2479072, Nikos Mavrogiannopoulos <=
Prev by Date: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-47-gd75ba16
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-49-g81b417e
Previous by thread: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-47-gd75ba16
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-49-g81b417e
Index(es):
- Date
- Thread