← Back to branch summary

~ubuntu-branches/ubuntu/quantal/gnutls26/quantal-security

« back to all changes in this revision

Viewing changes to lib/gnutls_constate.c

  • Committer: Bazaar Package Importer
  • Author(s): Steve Langasek
  • Date: 2011-05-20 13:07:18 UTC
  • mfrom: (12.1.11 sid)
  • Revision ID: james.westby@ubuntu.com-20110520130718-db41dybbanzfvlji
Tags: 2.10.5-1ubuntu1
* Merge from Debian unstable, remaining changes:
  - Fix build failure with --no-add-needed.
  - Build for multiarch.

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/gnutls_constate.c
1
1
/*
2
 
 * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2008  Free Software Foundation
 
2
 * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2008, 2010 Free
 
3
 * Software Foundation, Inc.
3
4
 *
4
5
 * Author: Nikos Mavrogiannopoulos
5
6
 *
6
 
 * This file is part of GNUTLS.
 
7
 * This file is part of GnuTLS.
7
8
 *
8
 
 * The GNUTLS library is free software; you can redistribute it and/or
 
9
 * The GnuTLS is free software; you can redistribute it and/or
9
10
 * modify it under the terms of the GNU Lesser General Public License
10
11
 * as published by the Free Software Foundation; either version 2.1 of
11
12
 * the License, or (at your option) any later version.
380
381
                           export_flag);
381
382
}
382
383
 
 
384
#define CPY_EXTENSIONS \
 
385
        gnutls_free(dst->extensions.session_ticket); \
 
386
        gnutls_free(dst->extensions.oprfi_client); \
 
387
        gnutls_free(dst->extensions.oprfi_server); \
 
388
        memcpy(&dst->extensions.server_names, &src->extensions, sizeof(src->extensions)); \
 
389
        memset(&src->extensions, 0, sizeof(src->extensions))    /* avoid duplicate free's */
 
390
 
383
391
#define CPY_COMMON dst->entity = src->entity; \
384
392
        dst->kx_algorithm = src->kx_algorithm; \
385
393
        memcpy( &dst->current_cipher_suite, &src->current_cipher_suite, sizeof(cipher_suite_st)); \
393
401
        dst->max_record_recv_size = src->max_record_recv_size; \
394
402
        dst->max_record_send_size = src->max_record_send_size; \
395
403
        dst->version = src->version; \
396
 
        memcpy( &dst->extensions, &src->extensions, sizeof(tls_ext_st)); \
397
 
        memcpy( &dst->inner_secret, &src->inner_secret, GNUTLS_MASTER_SIZE);
 
404
        memcpy( &dst->inner_secret, &src->inner_secret, GNUTLS_MASTER_SIZE)
398
405
 
399
406
static void
400
407
_gnutls_cpy_read_security_parameters (security_parameters_st *
412
419
                                       dst, security_parameters_st * src)
413
420
{
414
421
  CPY_COMMON;
 
422
  CPY_EXTENSIONS;               /* only do once */
415
423
 
416
424
  dst->write_bulk_cipher_algorithm = src->write_bulk_cipher_algorithm;
417
425
  dst->write_mac_algorithm = src->write_mac_algorithm;
460
468
    {
461
469
      rc = _gnutls_set_read_cipher (session,
462
470
                                    _gnutls_cipher_suite_get_cipher_algo
463
 
                                    (&session->security_parameters.
464
 
                                     current_cipher_suite));
 
471
                                    (&session->
 
472
                                     security_parameters.current_cipher_suite));
465
473
      if (rc < 0)
466
474
        return rc;
467
475
      rc = _gnutls_set_read_mac (session,
468
476
                                 _gnutls_cipher_suite_get_mac_algo
469
 
                                 (&session->security_parameters.
470
 
                                  current_cipher_suite));
 
477
                                 (&session->
 
478
                                  security_parameters.current_cipher_suite));
471
479
      if (rc < 0)
472
480
        return rc;
473
481
 
474
482
      rc = _gnutls_set_kx (session,
475
483
                           _gnutls_cipher_suite_get_kx_algo
476
 
                           (&session->security_parameters.
477
 
                            current_cipher_suite));
 
484
                           (&session->
 
485
                            security_parameters.current_cipher_suite));
478
486
      if (rc < 0)
479
487
        return rc;
480
488
 
481
489
      rc = _gnutls_set_read_compression (session,
482
 
                                         session->internals.
483
 
                                         compression_method);
 
490
                                         session->
 
491
                                         internals.compression_method);
484
492
      if (rc < 0)
485
493
        return rc;
486
494
    }
487
495
  else
488
496
    {                           /* RESUME_TRUE */
489
497
      _gnutls_cpy_read_security_parameters (&session->security_parameters,
490
 
                                            &session->internals.
491
 
                                            resumed_security_parameters);
 
498
                                            &session->
 
499
                                            internals.resumed_security_parameters);
492
500
    }
493
501
 
494
502
 
499
507
  _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n",
500
508
                         session,
501
509
                         _gnutls_cipher_suite_get_name
502
 
                         (&session->security_parameters.
503
 
                          current_cipher_suite));
 
510
                         (&session->
 
511
                          security_parameters.current_cipher_suite));
504
512
 
505
513
  if (_gnutls_compression_is_ok
506
514
      (session->security_parameters.read_compression_algorithm) != 0)
528
536
 
529
537
 
530
538
  mac_size =
531
 
    _gnutls_hash_get_algo_len (session->security_parameters.
532
 
                               read_mac_algorithm);
 
539
    _gnutls_hash_get_algo_len (session->
 
540
                               security_parameters.read_mac_algorithm);
533
541
 
534
542
  _gnutls_handshake_log
535
543
    ("HSK[%p]: Initializing internal [read] cipher sessions\n", session);
540
548
      /* initialize cipher session
541
549
       */
542
550
      rc = _gnutls_cipher_init (&session->connection_state.read_cipher_state,
543
 
                                session->
544
 
                                security_parameters.read_bulk_cipher_algorithm,
 
551
                                session->security_parameters.
 
552
                                read_bulk_cipher_algorithm,
545
553
                                &session->cipher_specs.client_write_key,
546
554
                                &session->cipher_specs.client_write_IV);
547
555
      if (rc < 0
558
566
      if (mac_size > 0)
559
567
        {
560
568
          if (_gnutls_sset_datum (&session->connection_state.read_mac_secret,
561
 
                                  session->cipher_specs.
562
 
                                  client_write_mac_secret.data,
563
 
                                  session->cipher_specs.
564
 
                                  client_write_mac_secret.size) < 0)
 
569
                                  session->
 
570
                                  cipher_specs.client_write_mac_secret.data,
 
571
                                  session->
 
572
                                  cipher_specs.client_write_mac_secret.size) <
 
573
              0)
565
574
            {
566
575
              gnutls_assert ();
567
576
              return GNUTLS_E_MEMORY_ERROR;
573
582
 
574
583
    case GNUTLS_CLIENT:
575
584
      rc = _gnutls_cipher_init (&session->connection_state.read_cipher_state,
576
 
                                session->
577
 
                                security_parameters.read_bulk_cipher_algorithm,
 
585
                                session->security_parameters.
 
586
                                read_bulk_cipher_algorithm,
578
587
                                &session->cipher_specs.server_write_key,
579
588
                                &session->cipher_specs.server_write_IV);
580
589
 
592
601
      if (mac_size > 0)
593
602
        {
594
603
          if (_gnutls_sset_datum (&session->connection_state.read_mac_secret,
595
 
                                  session->cipher_specs.
596
 
                                  server_write_mac_secret.data,
597
 
                                  session->cipher_specs.
598
 
                                  server_write_mac_secret.size) < 0)
 
604
                                  session->
 
605
                                  cipher_specs.server_write_mac_secret.data,
 
606
                                  session->
 
607
                                  cipher_specs.server_write_mac_secret.size) <
 
608
              0)
599
609
            {
600
610
              gnutls_assert ();
601
611
              return GNUTLS_E_MEMORY_ERROR;
610
620
    }
611
621
 
612
622
  session->connection_state.read_compression_state =
613
 
    _gnutls_comp_init (session->security_parameters.
614
 
                       read_compression_algorithm, 1);
 
623
    _gnutls_comp_init (session->
 
624
                       security_parameters.read_compression_algorithm, 1);
615
625
 
616
626
  if (session->connection_state.read_compression_state == GNUTLS_COMP_FAILED)
617
627
    {
642
652
    {
643
653
      rc = _gnutls_set_write_cipher (session,
644
654
                                     _gnutls_cipher_suite_get_cipher_algo
645
 
                                     (&session->security_parameters.
646
 
                                      current_cipher_suite));
 
655
                                     (&session->
 
656
                                      security_parameters.current_cipher_suite));
647
657
      if (rc < 0)
648
658
        return rc;
649
659
      rc = _gnutls_set_write_mac (session,
650
660
                                  _gnutls_cipher_suite_get_mac_algo
651
 
                                  (&session->security_parameters.
652
 
                                   current_cipher_suite));
 
661
                                  (&session->
 
662
                                   security_parameters.current_cipher_suite));
653
663
      if (rc < 0)
654
664
        return rc;
655
665
 
656
666
      rc = _gnutls_set_kx (session,
657
667
                           _gnutls_cipher_suite_get_kx_algo
658
 
                           (&session->security_parameters.
659
 
                            current_cipher_suite));
 
668
                           (&session->
 
669
                            security_parameters.current_cipher_suite));
660
670
      if (rc < 0)
661
671
        return rc;
662
672
 
663
673
      rc = _gnutls_set_write_compression (session,
664
 
                                          session->internals.
665
 
                                          compression_method);
 
674
                                          session->
 
675
                                          internals.compression_method);
666
676
      if (rc < 0)
667
677
        return rc;
668
678
    }
669
679
  else
670
680
    {                           /* RESUME_TRUE */
671
681
      _gnutls_cpy_write_security_parameters (&session->security_parameters,
672
 
                                             &session->internals.
673
 
                                             resumed_security_parameters);
 
682
                                             &session->
 
683
                                             internals.resumed_security_parameters);
674
684
    }
675
685
 
676
686
  rc = _gnutls_set_write_keys (session);
679
689
 
680
690
  _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n", session,
681
691
                         _gnutls_cipher_suite_get_name
682
 
                         (&session->security_parameters.
683
 
                          current_cipher_suite));
 
692
                         (&session->
 
693
                          security_parameters.current_cipher_suite));
684
694
 
685
695
  if (_gnutls_compression_is_ok
686
696
      (session->security_parameters.write_compression_algorithm) != 0)
710
720
                         0);
711
721
 
712
722
  mac_size =
713
 
    _gnutls_hash_get_algo_len (session->security_parameters.
714
 
                               write_mac_algorithm);
 
723
    _gnutls_hash_get_algo_len (session->
 
724
                               security_parameters.write_mac_algorithm);
715
725
 
716
726
  _gnutls_handshake_log
717
727
    ("HSK[%p]: Initializing internal [write] cipher sessions\n", session);
722
732
      /* initialize cipher session
723
733
       */
724
734
      rc = _gnutls_cipher_init (&session->connection_state.write_cipher_state,
725
 
                                session->security_parameters.
726
 
                                write_bulk_cipher_algorithm,
 
735
                                session->
 
736
                                security_parameters.write_bulk_cipher_algorithm,
727
737
                                &session->cipher_specs.server_write_key,
728
738
                                &session->cipher_specs.server_write_IV);
729
739
 
742
752
      if (mac_size > 0)
743
753
        {
744
754
          if (_gnutls_sset_datum (&session->connection_state.write_mac_secret,
745
 
                                  session->cipher_specs.
746
 
                                  server_write_mac_secret.data,
747
 
                                  session->cipher_specs.
748
 
                                  server_write_mac_secret.size) < 0)
 
755
                                  session->
 
756
                                  cipher_specs.server_write_mac_secret.data,
 
757
                                  session->
 
758
                                  cipher_specs.server_write_mac_secret.size) <
 
759
              0)
749
760
            {
750
761
              gnutls_assert ();
751
762
              return GNUTLS_E_MEMORY_ERROR;
758
769
 
759
770
    case GNUTLS_CLIENT:
760
771
      rc = _gnutls_cipher_init (&session->connection_state.write_cipher_state,
761
 
                                session->security_parameters.
762
 
                                write_bulk_cipher_algorithm,
 
772
                                session->
 
773
                                security_parameters.write_bulk_cipher_algorithm,
763
774
                                &session->cipher_specs.client_write_key,
764
775
                                &session->cipher_specs.client_write_IV);
765
776
 
776
787
      if (mac_size > 0)
777
788
        {
778
789
          if (_gnutls_sset_datum (&session->connection_state.write_mac_secret,
779
 
                                  session->cipher_specs.
780
 
                                  client_write_mac_secret.data,
781
 
                                  session->cipher_specs.
782
 
                                  client_write_mac_secret.size) < 0)
 
790
                                  session->
 
791
                                  cipher_specs.client_write_mac_secret.data,
 
792
                                  session->
 
793
                                  cipher_specs.client_write_mac_secret.size) <
 
794
              0)
783
795
            {
784
796
              gnutls_assert ();
785
797
              return GNUTLS_E_MEMORY_ERROR;
795
807
 
796
808
 
797
809
  session->connection_state.write_compression_state =
798
 
    _gnutls_comp_init (session->security_parameters.
799
 
                       write_compression_algorithm, 0);
 
810
    _gnutls_comp_init (session->
 
811
                       security_parameters.write_compression_algorithm, 0);
800
812
 
801
813
  if (session->connection_state.write_compression_state == GNUTLS_COMP_FAILED)
802
814
    {