File: | lib/gnutls_handshake.c |
Location: | line 1868, column 11 |
Description: | Value stored to 'pos' is never read |
1 | /* |
2 | * Copyright (C) 2000-2012 Free Software Foundation, Inc. |
3 | * |
4 | * Author: Nikos Mavrogiannopoulos |
5 | * |
6 | * This file is part of GnuTLS. |
7 | * |
8 | * The GnuTLS is free software; you can redistribute it and/or |
9 | * modify it under the terms of the GNU Lesser General Public License |
10 | * as published by the Free Software Foundation; either version 3 of |
11 | * the License, or (at your option) any later version. |
12 | * |
13 | * This library is distributed in the hope that it will be useful, but |
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
16 | * Lesser General Public License for more details. |
17 | * |
18 | * You should have received a copy of the GNU Lesser General Public License |
19 | * along with this program. If not, see <http://www.gnu.org/licenses/> |
20 | * |
21 | */ |
22 | |
23 | /* Functions that relate to the TLS handshake procedure. |
24 | */ |
25 | |
26 | #include "gnutls_int.h" |
27 | #include "gnutls_errors.h" |
28 | #include "gnutls_dh.h" |
29 | #include "debug.h" |
30 | #include "algorithms.h" |
31 | #include "gnutls_compress.h" |
32 | #include "gnutls_cipher.h" |
33 | #include "gnutls_buffers.h" |
34 | #include "gnutls_mbuffers.h" |
35 | #include "gnutls_kx.h" |
36 | #include "gnutls_handshake.h" |
37 | #include "gnutls_num.h" |
38 | #include "gnutls_hash_int.h" |
39 | #include "gnutls_db.h" |
40 | #include "gnutls_extensions.h" |
41 | #include "gnutls_supplemental.h" |
42 | #include "gnutls_auth.h" |
43 | #include "gnutls_v2_compat.h" |
44 | #include <auth/cert.h> |
45 | #include "gnutls_constate.h" |
46 | #include <gnutls_record.h> |
47 | #include <gnutls_state.h> |
48 | #include <ext/srp.h> |
49 | #include <ext/session_ticket.h> |
50 | #include <ext/safe_renegotiation.h> |
51 | #include <gnutls_rsa_export.h> /* for gnutls_get_rsa_params() */ |
52 | #include <auth/anon.h> /* for gnutls_anon_server_credentials_t */ |
53 | #include <auth/psk.h> /* for gnutls_psk_server_credentials_t */ |
54 | #include <random.h> |
55 | #include <gnutls_dtls.h> |
56 | |
57 | #ifdef HANDSHAKE_DEBUG |
58 | #define ERR(x, y) _gnutls_handshake_log("HSK[%p]: %s (%d)\n", session, x,y)do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: %s (%d)\n", session, x,y); } while(0) |
59 | #else |
60 | #define ERR(x, y) |
61 | #endif |
62 | |
63 | #define TRUE1 1 |
64 | #define FALSE0 0 |
65 | |
66 | static int _gnutls_server_select_comp_method (gnutls_session_t session, |
67 | opaque * data, int datalen); |
68 | static int |
69 | _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, |
70 | uint8_t * cipher_suites, |
71 | int cipher_suites_size, |
72 | gnutls_pk_algorithm_t *pk_algos, |
73 | size_t pk_algos_size); |
74 | |
75 | /* Empties but does not free the buffer |
76 | */ |
77 | static inline void |
78 | _gnutls_handshake_hash_buffer_empty (gnutls_session_t session) |
79 | { |
80 | |
81 | _gnutls_buffers_log ("BUF[HSK]: Emptied buffer\n")do { if (__builtin_expect((_gnutls_log_level == 6 || _gnutls_log_level > 9), 0)) _gnutls_log( 6, "BUF[HSK]: Emptied buffer\n"); } while(0); |
82 | |
83 | session->internals.handshake_hash_buffer_prev_len = 0; |
84 | session->internals.handshake_hash_buffer.length = 0; |
85 | return; |
86 | } |
87 | |
88 | static int |
89 | _gnutls_handshake_hash_add_recvd (gnutls_session_t session, |
90 | gnutls_handshake_description_t recv_type, |
91 | opaque * header, uint16_t header_size, |
92 | opaque * dataptr, uint32_t datalen); |
93 | |
94 | static int |
95 | _gnutls_handshake_hash_add_sent (gnutls_session_t session, |
96 | gnutls_handshake_description_t type, |
97 | opaque * dataptr, uint32_t datalen); |
98 | |
99 | static int |
100 | _gnutls_recv_hello_verify_request (gnutls_session_t session, |
101 | opaque * data, int datalen); |
102 | |
103 | |
104 | /* Clears the handshake hash buffers and handles. |
105 | */ |
106 | void |
107 | _gnutls_handshake_hash_buffers_clear (gnutls_session_t session) |
108 | { |
109 | session->internals.handshake_hash_buffer_prev_len = 0; |
110 | _gnutls_buffer_clear(&session->internals.handshake_hash_buffer); |
111 | } |
112 | |
113 | /* this will copy the required values for resuming to |
114 | * internals, and to security_parameters. |
115 | * this will keep as less data to security_parameters. |
116 | */ |
117 | static void |
118 | resume_copy_required_values (gnutls_session_t session) |
119 | { |
120 | /* get the new random values */ |
121 | memcpy (session->internals.resumed_security_parameters.server_random, |
122 | session->security_parameters.server_random, GNUTLS_RANDOM_SIZE32); |
123 | memcpy (session->internals.resumed_security_parameters.client_random, |
124 | session->security_parameters.client_random, GNUTLS_RANDOM_SIZE32); |
125 | |
126 | /* keep the ciphersuite and compression |
127 | * That is because the client must see these in our |
128 | * hello message. |
129 | */ |
130 | memcpy (session->security_parameters.cipher_suite, |
131 | session->internals.resumed_security_parameters.cipher_suite, 2); |
132 | session->security_parameters.compression_method = session->internals.resumed_security_parameters.compression_method; |
133 | |
134 | _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT70002, |
135 | session-> |
136 | internals.resumed_security_parameters.cipher_suite); |
137 | _gnutls_epoch_set_compression (session, EPOCH_NEXT70002, |
138 | session-> |
139 | internals.resumed_security_parameters.compression_method); |
140 | |
141 | /* or write_compression_algorithm |
142 | * they are the same |
143 | */ |
144 | |
145 | session->security_parameters.entity = |
146 | session->internals.resumed_security_parameters.entity; |
147 | |
148 | _gnutls_set_current_version (session, |
149 | session->internals.resumed_security_parameters. |
150 | version); |
151 | |
152 | session->security_parameters.cert_type = |
153 | session->internals.resumed_security_parameters.cert_type; |
154 | |
155 | memcpy (session->security_parameters.session_id, |
156 | session->internals.resumed_security_parameters.session_id, |
157 | sizeof (session->security_parameters.session_id)); |
158 | session->security_parameters.session_id_size = |
159 | session->internals.resumed_security_parameters.session_id_size; |
160 | |
161 | } |
162 | |
163 | void |
164 | _gnutls_set_server_random (gnutls_session_t session, uint8_t * rnd) |
165 | { |
166 | memcpy (session->security_parameters.server_random, rnd, |
167 | GNUTLS_RANDOM_SIZE32); |
168 | } |
169 | |
170 | void |
171 | _gnutls_set_client_random (gnutls_session_t session, uint8_t * rnd) |
172 | { |
173 | memcpy (session->security_parameters.client_random, rnd, |
174 | GNUTLS_RANDOM_SIZE32); |
175 | } |
176 | |
177 | /* Calculate The SSL3 Finished message |
178 | */ |
179 | #define SSL3_CLIENT_MSG"CLNT" "CLNT" |
180 | #define SSL3_SERVER_MSG"SRVR" "SRVR" |
181 | #define SSL_MSG_LEN4 4 |
182 | static int |
183 | _gnutls_ssl3_finished (gnutls_session_t session, int type, opaque * ret, int sending) |
184 | { |
185 | digest_hd_st td_md5; |
186 | digest_hd_st td_sha; |
187 | const char *mesg; |
188 | int rc, len; |
189 | |
190 | if (sending) |
191 | len = session->internals.handshake_hash_buffer.length; |
192 | else |
193 | len = session->internals.handshake_hash_buffer_prev_len; |
194 | |
195 | rc = _gnutls_hash_init (&td_sha, GNUTLS_DIG_SHA1); |
196 | if (rc < 0) |
197 | return gnutls_assert_val(rc)gnutls_assert_val_int(rc, "gnutls_handshake.c", 197); |
198 | |
199 | rc = _gnutls_hash_init (&td_md5, GNUTLS_DIG_MD5); |
200 | if (rc < 0) |
201 | { |
202 | _gnutls_hash_deinit (&td_sha, NULL((void*)0)); |
203 | return gnutls_assert_val(rc)gnutls_assert_val_int(rc, "gnutls_handshake.c", 203); |
204 | } |
205 | |
206 | _gnutls_hash(&td_sha, session->internals.handshake_hash_buffer.data, len); |
207 | _gnutls_hash(&td_md5, session->internals.handshake_hash_buffer.data, len); |
208 | |
209 | if (type == GNUTLS_SERVER1) |
210 | mesg = SSL3_SERVER_MSG"SRVR"; |
211 | else |
212 | mesg = SSL3_CLIENT_MSG"CLNT"; |
213 | |
214 | _gnutls_hash (&td_md5, mesg, SSL_MSG_LEN4); |
215 | _gnutls_hash (&td_sha, mesg, SSL_MSG_LEN4); |
216 | |
217 | rc = _gnutls_mac_deinit_ssl3_handshake (&td_md5, ret, |
218 | session-> |
219 | security_parameters.master_secret, |
220 | GNUTLS_MASTER_SIZE48); |
221 | if (rc < 0) |
222 | { |
223 | _gnutls_hash_deinit (&td_md5, NULL((void*)0)); |
224 | _gnutls_hash_deinit (&td_sha, NULL((void*)0)); |
225 | return gnutls_assert_val(rc)gnutls_assert_val_int(rc, "gnutls_handshake.c", 225); |
226 | } |
227 | |
228 | rc = _gnutls_mac_deinit_ssl3_handshake (&td_sha, &ret[16], |
229 | session-> |
230 | security_parameters.master_secret, |
231 | GNUTLS_MASTER_SIZE48); |
232 | if (rc < 0) |
233 | { |
234 | _gnutls_hash_deinit (&td_sha, NULL((void*)0)); |
235 | return gnutls_assert_val(rc)gnutls_assert_val_int(rc, "gnutls_handshake.c", 235); |
236 | } |
237 | |
238 | return 0; |
239 | } |
240 | |
241 | /* Hash the handshake messages as required by TLS 1.0 |
242 | */ |
243 | #define SERVER_MSG"server finished" "server finished" |
244 | #define CLIENT_MSG"client finished" "client finished" |
245 | #define TLS_MSG_LEN15 15 |
246 | static int |
247 | _gnutls_finished (gnutls_session_t session, int type, void *ret, int sending) |
248 | { |
249 | const int siz = TLS_MSG_LEN15; |
250 | opaque concat[MAX_HASH_SIZE64 + 16 /*MD5 */ ]; |
251 | size_t hash_len; |
252 | const char *mesg; |
253 | int rc, len; |
254 | |
255 | if (sending) |
256 | len = session->internals.handshake_hash_buffer.length; |
257 | else |
258 | len = session->internals.handshake_hash_buffer_prev_len; |
259 | |
260 | if (!_gnutls_version_has_selectable_prf (gnutls_protocol_get_version_gnutls_protocol_get_version(session))) |
261 | { |
262 | rc = _gnutls_hash_fast( GNUTLS_DIG_SHA1, session->internals.handshake_hash_buffer.data, len, &concat[16]); |
263 | if (rc < 0) |
264 | return gnutls_assert_val(rc)gnutls_assert_val_int(rc, "gnutls_handshake.c", 264); |
265 | |
266 | rc = _gnutls_hash_fast( GNUTLS_DIG_MD5, session->internals.handshake_hash_buffer.data, len, concat); |
267 | if (rc < 0) |
268 | return gnutls_assert_val(rc)gnutls_assert_val_int(rc, "gnutls_handshake.c", 268); |
269 | |
270 | hash_len = 20 + 16; |
271 | } |
272 | else |
273 | { |
274 | int algorithm = _gnutls_cipher_suite_get_prf(session->security_parameters.cipher_suite); |
275 | |
276 | rc = _gnutls_hash_fast( algorithm, session->internals.handshake_hash_buffer.data, len, concat); |
277 | if (rc < 0) |
278 | return gnutls_assert_val(rc)gnutls_assert_val_int(rc, "gnutls_handshake.c", 278); |
279 | |
280 | hash_len = _gnutls_hash_get_algo_len (algorithm); |
281 | } |
282 | |
283 | if (type == GNUTLS_SERVER1) |
284 | { |
285 | mesg = SERVER_MSG"server finished"; |
286 | } |
287 | else |
288 | { |
289 | mesg = CLIENT_MSG"client finished"; |
290 | } |
291 | |
292 | return _gnutls_PRF (session, session->security_parameters.master_secret, |
293 | GNUTLS_MASTER_SIZE48, mesg, siz, concat, hash_len, 12, ret); |
294 | } |
295 | |
296 | /* this function will produce GNUTLS_RANDOM_SIZE==32 bytes of random data |
297 | * and put it to dst. |
298 | */ |
299 | int |
300 | _gnutls_tls_create_random (opaque * dst) |
301 | { |
302 | uint32_t tim; |
303 | int ret; |
304 | |
305 | /* Use weak random numbers for the most of the |
306 | * buffer except for the first 4 that are the |
307 | * system's time. |
308 | */ |
309 | |
310 | tim = gnutls_time (NULL((void*)0)); |
311 | /* generate server random value */ |
312 | _gnutls_write_uint32 (tim, dst); |
313 | |
314 | ret = _gnutls_rnd (GNUTLS_RND_NONCE, &dst[4], GNUTLS_RANDOM_SIZE32 - 4); |
315 | if (ret < 0) |
316 | { |
317 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",317); } while(0) ;; |
318 | return ret; |
319 | } |
320 | |
321 | return 0; |
322 | } |
323 | |
324 | /* returns the 0 on success or a negative error code. |
325 | */ |
326 | int |
327 | _gnutls_negotiate_version (gnutls_session_t session, |
328 | gnutls_protocol_t adv_version) |
329 | { |
330 | int ret; |
331 | |
332 | /* if we do not support that version */ |
333 | if (_gnutls_version_is_supported (session, adv_version) == 0) |
334 | { |
335 | /* If he requested something we do not support |
336 | * then we send him the highest we support. |
337 | */ |
338 | ret = _gnutls_version_max (session); |
339 | if (ret == GNUTLS_VERSION_UNKNOWN) |
340 | { |
341 | /* this check is not really needed. |
342 | */ |
343 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",343); } while(0) ;; |
344 | return GNUTLS_E_UNKNOWN_CIPHER_SUITE-21; |
345 | } |
346 | } |
347 | else |
348 | { |
349 | ret = adv_version; |
350 | } |
351 | |
352 | _gnutls_set_current_version (session, ret); |
353 | |
354 | return ret; |
355 | } |
356 | |
357 | int |
358 | _gnutls_user_hello_func (gnutls_session_t session, |
359 | gnutls_protocol_t adv_version) |
360 | { |
361 | int ret; |
362 | |
363 | if (session->internals.user_hello_func != NULL((void*)0)) |
364 | { |
365 | ret = session->internals.user_hello_func (session); |
366 | if (ret < 0) |
367 | { |
368 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",368); } while(0) ;; |
369 | return ret; |
370 | } |
371 | /* Here we need to renegotiate the version since the callee might |
372 | * have disabled some TLS versions. |
373 | */ |
374 | ret = _gnutls_negotiate_version (session, adv_version); |
375 | if (ret < 0) |
376 | { |
377 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",377); } while(0) ;; |
378 | return ret; |
379 | } |
380 | } |
381 | return 0; |
382 | } |
383 | |
384 | /* Read a client hello packet. |
385 | * A client hello must be a known version client hello |
386 | * or version 2.0 client hello (only for compatibility |
387 | * since SSL version 2.0 is not supported). |
388 | */ |
389 | static int |
390 | _gnutls_read_client_hello (gnutls_session_t session, opaque * data, |
391 | int datalen) |
392 | { |
393 | uint8_t session_id_len; |
394 | int pos = 0, ret; |
395 | uint16_t suite_size, comp_size; |
396 | gnutls_protocol_t adv_version; |
397 | int neg_version; |
398 | int len = datalen; |
399 | opaque rnd[GNUTLS_RANDOM_SIZE32], *suite_ptr, *comp_ptr, *session_id; |
400 | |
401 | DECR_LEN (len, 2)do { len-=2; if (len<0) {do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c" ,401); } while(0);; return -9;} } while (0); |
402 | |
403 | _gnutls_handshake_log ("HSK[%p]: Client's version: %d.%d\n", session,do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Client's version: %d.%d\n", session, data[pos] , data[pos + 1]); } while(0) |
404 | data[pos], data[pos + 1])do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Client's version: %d.%d\n", session, data[pos] , data[pos + 1]); } while(0); |
405 | |
406 | adv_version = _gnutls_version_get (data[pos], data[pos + 1]); |
407 | set_adv_version (session, data[pos], data[pos + 1])session->internals.adv_version_major = data[pos]; session-> internals.adv_version_minor = data[pos + 1]; |
408 | pos += 2; |
409 | |
410 | neg_version = _gnutls_negotiate_version (session, adv_version); |
411 | if (neg_version < 0) |
412 | { |
413 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",413); } while(0) ;; |
414 | return neg_version; |
415 | } |
416 | |
417 | /* Read client random value. |
418 | */ |
419 | DECR_LEN (len, GNUTLS_RANDOM_SIZE)do { len-=32; if (len<0) {do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c" ,419); } while(0);; return -9;} } while (0); |
420 | _gnutls_set_client_random (session, &data[pos]); |
421 | pos += GNUTLS_RANDOM_SIZE32; |
422 | |
423 | _gnutls_tls_create_random (rnd); |
424 | _gnutls_set_server_random (session, rnd); |
425 | |
426 | session->security_parameters.timestamp = gnutls_time (NULL((void*)0)); |
427 | |
428 | DECR_LEN (len, 1)do { len-=1; if (len<0) {do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c" ,428); } while(0);; return -9;} } while (0); |
429 | session_id_len = data[pos++]; |
430 | |
431 | /* RESUME SESSION |
432 | */ |
433 | if (session_id_len > TLS_MAX_SESSION_ID_SIZE32) |
434 | { |
435 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",435); } while(0) ;; |
436 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH-9; |
437 | } |
438 | DECR_LEN (len, session_id_len)do { len-=session_id_len; if (len<0) {do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",438); } while(0);; return -9;} } while (0); |
439 | |
440 | session_id = &data[pos]; |
441 | ret = _gnutls_server_restore_session (session, session_id, session_id_len); |
442 | pos += session_id_len; |
443 | |
444 | if (session_id_len > 0) session->internals.resumption_requested = 1; |
445 | |
446 | if (ret == 0) |
447 | { /* resumed using default TLS resumption! */ |
448 | /* Parse only the safe renegotiation extension |
449 | * We don't want to parse any other extensions since |
450 | * we don't want new extension values to overwrite the |
451 | * resumed ones. |
452 | */ |
453 | |
454 | /* move forward to extensions */ |
455 | DECR_LEN (len, 2)do { len-=2; if (len<0) {do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c" ,455); } while(0);; return -9;} } while (0); |
456 | suite_size = _gnutls_read_uint16 (&data[pos]); |
457 | pos += 2; |
458 | |
459 | DECR_LEN (len, suite_size)do { len-=suite_size; if (len<0) {do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",459); } while(0);; return -9;} } while (0); |
460 | pos += suite_size; |
461 | |
462 | DECR_LEN (len, 1)do { len-=1; if (len<0) {do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c" ,462); } while(0);; return -9;} } while (0); |
463 | comp_size = data[pos++]; /* z is the number of compression methods */ |
464 | DECR_LEN (len, comp_size)do { len-=comp_size; if (len<0) {do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",464); } while(0);; return -9;} } while (0); |
465 | pos += comp_size; |
466 | |
467 | ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY, |
468 | &data[pos], len); |
469 | if (ret < 0) |
470 | { |
471 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",471); } while(0) ;; |
472 | return ret; |
473 | } |
474 | |
475 | resume_copy_required_values (session); |
476 | session->internals.resumed = RESUME_TRUE1; |
477 | |
478 | return _gnutls_user_hello_func (session, adv_version); |
479 | } |
480 | else |
481 | { |
482 | _gnutls_generate_session_id (session->security_parameters.session_id, |
483 | &session-> |
484 | security_parameters.session_id_size); |
485 | |
486 | session->internals.resumed = RESUME_FALSE0; |
487 | } |
488 | |
489 | if (IS_DTLS(session)(session->internals.transport == GNUTLS_DGRAM)) |
490 | { |
491 | int cookie_size; |
492 | |
493 | DECR_LEN (len, 1)do { len-=1; if (len<0) {do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c" ,493); } while(0);; return -9;} } while (0); |
494 | cookie_size = data[pos++]; |
495 | DECR_LEN (len, cookie_size)do { len-=cookie_size; if (len<0) {do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",495); } while(0);; return -9;} } while (0); |
496 | pos+=cookie_size; |
497 | } |
498 | |
499 | /* Remember ciphersuites for later |
500 | */ |
501 | DECR_LEN (len, 2)do { len-=2; if (len<0) {do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c" ,501); } while(0);; return -9;} } while (0); |
502 | suite_size = _gnutls_read_uint16 (&data[pos]); |
503 | pos += 2; |
504 | |
505 | DECR_LEN (len, suite_size)do { len-=suite_size; if (len<0) {do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",505); } while(0);; return -9;} } while (0); |
506 | suite_ptr = &data[pos]; |
507 | pos += suite_size; |
508 | |
509 | /* Point to the compression methods |
510 | */ |
511 | DECR_LEN (len, 1)do { len-=1; if (len<0) {do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c" ,511); } while(0);; return -9;} } while (0); |
512 | comp_size = data[pos++]; /* z is the number of compression methods */ |
513 | |
514 | DECR_LEN (len, comp_size)do { len-=comp_size; if (len<0) {do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",514); } while(0);; return -9;} } while (0); |
515 | comp_ptr = &data[pos]; |
516 | pos += comp_size; |
517 | |
518 | /* Parse the extensions (if any) |
519 | * |
520 | * Unconditionally try to parse extensions; safe renegotiation uses them in |
521 | * sslv3 and higher, even though sslv3 doesn't officially support them. |
522 | */ |
523 | ret = _gnutls_parse_extensions (session, GNUTLS_EXT_APPLICATION, |
524 | &data[pos], len); |
525 | /* len is the rest of the parsed length */ |
526 | if (ret < 0) |
527 | { |
528 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",528); } while(0) ;; |
529 | return ret; |
530 | } |
531 | |
532 | ret = _gnutls_user_hello_func (session, adv_version); |
533 | if (ret < 0) |
534 | { |
535 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",535); } while(0) ;; |
536 | return ret; |
537 | } |
538 | |
539 | ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY, |
540 | &data[pos], len); |
541 | if (ret < 0) |
542 | { |
543 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",543); } while(0) ;; |
544 | return ret; |
545 | } |
546 | |
547 | ret = _gnutls_parse_extensions (session, GNUTLS_EXT_TLS, &data[pos], len); |
548 | if (ret < 0) |
549 | { |
550 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",550); } while(0) ;; |
551 | return ret; |
552 | } |
553 | |
554 | /* resumed by session_ticket extension */ |
555 | if (session->internals.resumed != RESUME_FALSE0) |
556 | { |
557 | /* to indicate the client that the current session is resumed */ |
558 | memcpy (session->internals.resumed_security_parameters.session_id, |
559 | session_id, session_id_len); |
560 | session->internals.resumed_security_parameters.session_id_size = |
561 | session_id_len; |
562 | |
563 | session->internals.resumed_security_parameters.max_record_recv_size = |
564 | session->security_parameters.max_record_recv_size; |
565 | session->internals.resumed_security_parameters.max_record_send_size = |
566 | session->security_parameters.max_record_send_size; |
567 | |
568 | resume_copy_required_values (session); |
569 | |
570 | return _gnutls_user_hello_func (session, adv_version); |
571 | } |
572 | |
573 | /* select an appropriate cipher suite |
574 | */ |
575 | ret = _gnutls_server_select_suite (session, suite_ptr, suite_size); |
576 | if (ret < 0) |
577 | { |
578 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",578); } while(0) ;; |
579 | return ret; |
580 | } |
581 | |
582 | /* select appropriate compression method */ |
583 | ret = _gnutls_server_select_comp_method (session, comp_ptr, comp_size); |
584 | if (ret < 0) |
585 | { |
586 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",586); } while(0) ;; |
587 | return ret; |
588 | } |
589 | |
590 | return 0; |
591 | } |
592 | |
593 | /* This is to be called after sending CHANGE CIPHER SPEC packet |
594 | * and initializing encryption. This is the first encrypted message |
595 | * we send. |
596 | */ |
597 | static int |
598 | _gnutls_send_finished (gnutls_session_t session, int again) |
599 | { |
600 | mbuffer_st *bufel; |
601 | opaque *data; |
602 | int ret; |
603 | size_t vdata_size = 0; |
604 | |
605 | if (again == 0) |
606 | { |
607 | bufel = _gnutls_handshake_alloc (session, MAX_VERIFY_DATA_SIZE36, MAX_VERIFY_DATA_SIZE36); |
608 | if (bufel == NULL((void*)0)) |
609 | { |
610 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",610); } while(0) ;; |
611 | return GNUTLS_E_MEMORY_ERROR-25; |
612 | } |
613 | data = _mbuffer_get_udata_ptr (bufel); |
614 | |
615 | if (gnutls_protocol_get_version_gnutls_protocol_get_version (session) == GNUTLS_SSL3) |
616 | { |
617 | ret = |
618 | _gnutls_ssl3_finished (session, |
619 | session->security_parameters.entity, data, 1); |
620 | _mbuffer_set_udata_size (bufel, 36); |
621 | } |
622 | else |
623 | { /* TLS 1.0+ */ |
624 | ret = _gnutls_finished (session, |
625 | session->security_parameters.entity, data, 1); |
626 | _mbuffer_set_udata_size (bufel, 12); |
627 | } |
628 | |
629 | if (ret < 0) |
630 | { |
631 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",631); } while(0) ;; |
632 | return ret; |
633 | } |
634 | |
635 | vdata_size = _mbuffer_get_udata_size (bufel); |
636 | |
637 | ret = _gnutls_ext_sr_finished (session, data, vdata_size, 0); |
638 | if (ret < 0) |
639 | { |
640 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",640); } while(0) ;; |
641 | return ret; |
642 | } |
643 | |
644 | if ((session->internals.resumed == RESUME_FALSE0 |
645 | && session->security_parameters.entity == GNUTLS_CLIENT(1<<1)) |
646 | || (session->internals.resumed != RESUME_FALSE0 |
647 | && session->security_parameters.entity == GNUTLS_SERVER1)) |
648 | { |
649 | /* if we are a client not resuming - or we are a server resuming */ |
650 | _gnutls_handshake_log ("HSK[%p]: recording tls-unique CB (send)\n",do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: recording tls-unique CB (send)\n", session); } while(0) |
651 | session)do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: recording tls-unique CB (send)\n", session); } while(0); |
652 | memcpy (session->internals.cb_tls_unique, data, vdata_size); |
653 | session->internals.cb_tls_unique_len = vdata_size; |
654 | } |
655 | |
656 | ret = |
657 | _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_FINISHED); |
658 | } |
659 | else |
660 | { |
661 | ret = _gnutls_send_handshake (session, NULL((void*)0), GNUTLS_HANDSHAKE_FINISHED); |
662 | } |
663 | |
664 | return ret; |
665 | } |
666 | |
667 | /* This is to be called after sending our finished message. If everything |
668 | * went fine we have negotiated a secure connection |
669 | */ |
670 | static int |
671 | _gnutls_recv_finished (gnutls_session_t session) |
672 | { |
673 | uint8_t data[MAX_VERIFY_DATA_SIZE36], *vrfy; |
674 | gnutls_buffer_st buf; |
675 | int data_size; |
676 | int ret; |
677 | int vrfy_size; |
678 | |
679 | ret = |
680 | _gnutls_recv_handshake (session, GNUTLS_HANDSHAKE_FINISHED, |
681 | MANDATORY_PACKET, &buf); |
682 | if (ret < 0) |
683 | { |
684 | ERR ("recv finished int", ret); |
685 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",685); } while(0) ;; |
686 | return ret; |
687 | } |
688 | |
689 | vrfy = buf.data; |
690 | vrfy_size = buf.length; |
691 | |
692 | if (gnutls_protocol_get_version_gnutls_protocol_get_version (session) == GNUTLS_SSL3) |
693 | { |
694 | data_size = 36; |
695 | } |
696 | else |
697 | { |
698 | data_size = 12; |
699 | } |
700 | |
701 | if (vrfy_size != data_size) |
702 | { |
703 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",703); } while(0) ;; |
704 | ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET-18; |
705 | goto cleanup; |
706 | } |
707 | |
708 | if (gnutls_protocol_get_version_gnutls_protocol_get_version (session) == GNUTLS_SSL3) |
709 | { |
710 | ret = |
711 | _gnutls_ssl3_finished (session, |
712 | (session->security_parameters.entity + 1) % 2, |
713 | data, 0); |
714 | } |
715 | else |
716 | { /* TLS 1.0 */ |
717 | ret = |
718 | _gnutls_finished (session, |
719 | (session->security_parameters.entity + |
720 | 1) % 2, data, 0); |
721 | } |
722 | |
723 | if (ret < 0) |
724 | { |
725 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",725); } while(0) ;; |
726 | goto cleanup; |
727 | } |
728 | |
729 | if (memcmp (vrfy, data, data_size) != 0) |
730 | { |
731 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",731); } while(0) ;; |
732 | ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET-18; |
733 | goto cleanup; |
734 | } |
735 | |
736 | ret = _gnutls_ext_sr_finished (session, data, data_size, 1); |
737 | if (ret < 0) |
738 | { |
739 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",739); } while(0) ;; |
740 | goto cleanup; |
741 | } |
742 | |
743 | if ((session->internals.resumed != RESUME_FALSE0 |
744 | && session->security_parameters.entity == GNUTLS_CLIENT(1<<1)) |
745 | || (session->internals.resumed == RESUME_FALSE0 |
746 | && session->security_parameters.entity == GNUTLS_SERVER1)) |
747 | { |
748 | /* if we are a client resuming - or we are a server not resuming */ |
749 | _gnutls_handshake_log ("HSK[%p]: recording tls-unique CB (recv)\n",do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: recording tls-unique CB (recv)\n", session); } while(0) |
750 | session)do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: recording tls-unique CB (recv)\n", session); } while(0); |
751 | memcpy (session->internals.cb_tls_unique, data, data_size); |
752 | session->internals.cb_tls_unique_len = data_size; |
753 | } |
754 | |
755 | |
756 | session->internals.initial_negotiation_completed = 1; |
757 | |
758 | cleanup: |
759 | _gnutls_buffer_clear(&buf); |
760 | |
761 | return ret; |
762 | } |
763 | |
764 | /* returns PK_RSA if the given cipher suite list only supports, |
765 | * RSA algorithms, PK_DSA if DSS, and PK_ANY for both or PK_NONE for none. |
766 | */ |
767 | static int |
768 | server_find_pk_algos_in_ciphersuites (const opaque * |
769 | data, unsigned int datalen, |
770 | gnutls_pk_algorithm_t * algos, |
771 | size_t* algos_size) |
772 | { |
773 | unsigned int j; |
774 | gnutls_kx_algorithm_t kx; |
775 | int max = *algos_size; |
776 | |
777 | if (datalen % 2 != 0) |
778 | { |
779 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",779); } while(0) ;; |
780 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH-9; |
781 | } |
782 | |
783 | *algos_size = 0; |
784 | for (j = 0; j < datalen; j += 2) |
785 | { |
786 | kx = _gnutls_cipher_suite_get_kx_algo (&data[j]); |
787 | if (_gnutls_map_kx_get_cred (kx, 1) == GNUTLS_CRD_CERTIFICATE) |
788 | { |
789 | algos[(*algos_size)++] = _gnutls_map_pk_get_pk (kx); |
790 | |
791 | if ((*algos_size) >= max) |
792 | return 0; |
793 | } |
794 | } |
795 | |
796 | return 0; |
797 | } |
798 | |
799 | /* This selects the best supported ciphersuite from the given ones. Then |
800 | * it adds the suite to the session and performs some checks. |
801 | */ |
802 | int |
803 | _gnutls_server_select_suite (gnutls_session_t session, opaque * data, |
804 | int datalen) |
805 | { |
806 | int i, j, ret, cipher_suites_size; |
807 | size_t pk_algos_size; |
808 | uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE512]; |
809 | int retval, err; |
810 | gnutls_pk_algorithm_t pk_algos[MAX_ALGOS32]; /* will hold the pk algorithms |
811 | * supported by the peer. |
812 | */ |
813 | |
814 | /* First, check for safe renegotiation SCSV. |
815 | */ |
816 | if (session->internals.priorities.sr != SR_DISABLED) |
817 | { |
818 | int offset; |
819 | |
820 | for (offset = 0; offset < datalen; offset += 2) |
821 | { |
822 | /* TLS_RENEGO_PROTECTION_REQUEST = { 0x00, 0xff } */ |
823 | if (data[offset] == GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR0x00 && |
824 | data[offset + 1] == GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR0xFF) |
825 | { |
826 | _gnutls_handshake_logdo { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Received safe renegotiation CS\n", session); } while(0) |
827 | ("HSK[%p]: Received safe renegotiation CS\n", session)do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Received safe renegotiation CS\n", session); } while(0); |
828 | retval = _gnutls_ext_sr_recv_cs (session); |
829 | if (retval < 0) |
830 | { |
831 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",831); } while(0) ;; |
832 | return retval; |
833 | } |
834 | break; |
835 | } |
836 | } |
837 | } |
838 | |
839 | pk_algos_size = MAX_ALGOS32; |
840 | ret = server_find_pk_algos_in_ciphersuites (data, datalen, pk_algos, &pk_algos_size); |
841 | if (ret < 0) |
842 | return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "gnutls_handshake.c", 842); |
843 | |
844 | ret = _gnutls_supported_ciphersuites (session, cipher_suites, sizeof(cipher_suites)); |
845 | if (ret < 0) |
846 | return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "gnutls_handshake.c", 846); |
847 | |
848 | cipher_suites_size = ret; |
849 | |
850 | /* Here we remove any ciphersuite that does not conform |
851 | * the certificate requested, or to the |
852 | * authentication requested (e.g. SRP). |
853 | */ |
854 | ret = _gnutls_remove_unwanted_ciphersuites (session, cipher_suites, cipher_suites_size, pk_algos, pk_algos_size); |
855 | if (ret <= 0) |
856 | { |
857 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",857); } while(0) ;; |
858 | if (ret < 0) |
859 | return ret; |
860 | else |
861 | return GNUTLS_E_UNKNOWN_CIPHER_SUITE-21; |
862 | } |
863 | |
864 | cipher_suites_size = ret; |
865 | |
866 | /* Data length should be zero mod 2 since |
867 | * every ciphersuite is 2 bytes. (this check is needed |
868 | * see below). |
869 | */ |
870 | if (datalen % 2 != 0) |
871 | { |
872 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",872); } while(0) ;; |
873 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH-9; |
874 | } |
875 | |
876 | memset (session->security_parameters.cipher_suite, 0, 2); |
877 | |
878 | retval = GNUTLS_E_UNKNOWN_CIPHER_SUITE-21; |
879 | |
880 | _gnutls_handshake_log ("HSK[%p]: Requested cipher suites[size: %d]: \n", session, (int)datalen)do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Requested cipher suites[size: %d]: \n", session , (int)datalen); } while(0); |
881 | |
882 | if (session->internals.priorities.server_precedence == 0) |
883 | { |
884 | for (j = 0; j < datalen; j += 2) |
885 | { |
886 | _gnutls_handshake_log ("\t0x%.2x, 0x%.2x %s\n", data[j], data[j+1], _gnutls_cipher_suite_get_name (&data[j]))do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "\t0x%.2x, 0x%.2x %s\n", data[j], data[j+1], _gnutls_cipher_suite_get_name (&data[j])); } while(0); |
887 | for (i = 0; i < cipher_suites_size; i+=2) |
888 | { |
889 | if (memcmp (&cipher_suites[i], &data[j], 2) == 0) |
890 | { |
891 | _gnutls_handshake_logdo { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected cipher suite: %s\n", session, _gnutls_cipher_suite_get_name (&data[j])); } while(0) |
892 | ("HSK[%p]: Selected cipher suite: %s\n", session,do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected cipher suite: %s\n", session, _gnutls_cipher_suite_get_name (&data[j])); } while(0) |
893 | _gnutls_cipher_suite_get_name (&data[j]))do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected cipher suite: %s\n", session, _gnutls_cipher_suite_get_name (&data[j])); } while(0); |
894 | memcpy (session->security_parameters.cipher_suite, |
895 | &cipher_suites[i], 2); |
896 | _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT70002, |
897 | session-> |
898 | security_parameters.cipher_suite); |
899 | |
900 | |
901 | retval = 0; |
902 | goto finish; |
903 | } |
904 | } |
905 | } |
906 | } |
907 | else /* server selects */ |
908 | { |
909 | for (i = 0; i < cipher_suites_size; i+=2) |
910 | { |
911 | for (j = 0; j < datalen; j += 2) |
912 | { |
913 | if (memcmp (&cipher_suites[i], &data[j], 2) == 0) |
914 | { |
915 | _gnutls_handshake_logdo { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected cipher suite: %s\n", session, _gnutls_cipher_suite_get_name (&data[j])); } while(0) |
916 | ("HSK[%p]: Selected cipher suite: %s\n", session,do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected cipher suite: %s\n", session, _gnutls_cipher_suite_get_name (&data[j])); } while(0) |
917 | _gnutls_cipher_suite_get_name (&data[j]))do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected cipher suite: %s\n", session, _gnutls_cipher_suite_get_name (&data[j])); } while(0); |
918 | memcpy (session->security_parameters.cipher_suite, |
919 | &cipher_suites[i], 2); |
920 | _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT70002, |
921 | session-> |
922 | security_parameters.cipher_suite); |
923 | |
924 | |
925 | retval = 0; |
926 | goto finish; |
927 | } |
928 | } |
929 | } |
930 | } |
931 | finish: |
932 | |
933 | if (retval != 0) |
934 | { |
935 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",935); } while(0) ;; |
936 | return retval; |
937 | } |
938 | |
939 | /* check if the credentials (username, public key etc.) are ok |
940 | */ |
941 | if (_gnutls_get_kx_cred |
942 | (session, |
943 | _gnutls_cipher_suite_get_kx_algo (session-> |
944 | security_parameters.cipher_suite), |
945 | &err) == NULL((void*)0) && err != 0) |
946 | { |
947 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",947); } while(0) ;; |
948 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS-32; |
949 | } |
950 | |
951 | |
952 | /* set the mod_auth_st to the appropriate struct |
953 | * according to the KX algorithm. This is needed since all the |
954 | * handshake functions are read from there; |
955 | */ |
956 | session->internals.auth_struct = |
957 | _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo |
958 | (session-> |
959 | security_parameters.cipher_suite)); |
960 | if (session->internals.auth_struct == NULL((void*)0)) |
961 | { |
962 | |
963 | _gnutls_handshake_logdo { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n" , session); } while(0) |
964 | ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n",do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n" , session); } while(0) |
965 | session)do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n" , session); } while(0); |
966 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",966); } while(0) ;; |
967 | return GNUTLS_E_INTERNAL_ERROR-59; |
968 | } |
969 | |
970 | return 0; |
971 | |
972 | } |
973 | |
974 | |
975 | /* This selects the best supported compression method from the ones provided |
976 | */ |
977 | static int |
978 | _gnutls_server_select_comp_method (gnutls_session_t session, |
979 | opaque * data, int datalen) |
980 | { |
981 | int x, i, j; |
982 | uint8_t comps[MAX_ALGOS32]; |
983 | |
984 | x = _gnutls_supported_compression_methods (session, comps, MAX_ALGOS32); |
985 | if (x < 0) |
986 | { |
987 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",987); } while(0) ;; |
988 | return x; |
989 | } |
990 | |
991 | if (session->internals.priorities.server_precedence == 0) |
992 | { |
993 | for (j = 0; j < datalen; j++) |
994 | { |
995 | for (i = 0; i < x; i++) |
996 | { |
997 | if (comps[i] == data[j]) |
998 | { |
999 | gnutls_compression_method_t method = |
1000 | _gnutls_compression_get_id (comps[i]); |
1001 | |
1002 | _gnutls_epoch_set_compression (session, EPOCH_NEXT70002, method); |
1003 | session->security_parameters.compression_method = method; |
1004 | |
1005 | _gnutls_handshake_logdo { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected Compression Method: %s\n", session, gnutls_compression_get_name (method)); } while(0) |
1006 | ("HSK[%p]: Selected Compression Method: %s\n", session,do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected Compression Method: %s\n", session, gnutls_compression_get_name (method)); } while(0) |
1007 | gnutls_compression_get_name (method))do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected Compression Method: %s\n", session, gnutls_compression_get_name (method)); } while(0); |
1008 | return 0; |
1009 | } |
1010 | } |
1011 | } |
1012 | } |
1013 | else |
1014 | { |
1015 | for (i = 0; i < x; i++) |
1016 | { |
1017 | for (j = 0; j < datalen; j++) |
1018 | { |
1019 | if (comps[i] == data[j]) |
1020 | { |
1021 | gnutls_compression_method_t method = |
1022 | _gnutls_compression_get_id (comps[i]); |
1023 | |
1024 | _gnutls_epoch_set_compression (session, EPOCH_NEXT70002, method); |
1025 | session->security_parameters.compression_method = method; |
1026 | |
1027 | _gnutls_handshake_logdo { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected Compression Method: %s\n", session, gnutls_compression_get_name (method)); } while(0) |
1028 | ("HSK[%p]: Selected Compression Method: %s\n", session,do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected Compression Method: %s\n", session, gnutls_compression_get_name (method)); } while(0) |
1029 | gnutls_compression_get_name (method))do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected Compression Method: %s\n", session, gnutls_compression_get_name (method)); } while(0); |
1030 | return 0; |
1031 | } |
1032 | } |
1033 | } |
1034 | } |
1035 | |
1036 | /* we were not able to find a compatible compression |
1037 | * algorithm |
1038 | */ |
1039 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1039); } while(0 );; |
1040 | return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM-3; |
1041 | |
1042 | } |
1043 | |
1044 | /* This function sends an empty handshake packet. (like hello request). |
1045 | * If the previous _gnutls_send_empty_handshake() returned |
1046 | * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again |
1047 | * (until it returns ok), with NULL parameters. |
1048 | */ |
1049 | static int |
1050 | _gnutls_send_empty_handshake (gnutls_session_t session, |
1051 | gnutls_handshake_description_t type, int again) |
1052 | { |
1053 | mbuffer_st *bufel; |
1054 | |
1055 | if (again == 0) |
1056 | { |
1057 | bufel = _gnutls_handshake_alloc (session, 0, 0); |
1058 | if (bufel == NULL((void*)0)) |
1059 | { |
1060 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1060); } while(0 );; |
1061 | return GNUTLS_E_MEMORY_ERROR-25; |
1062 | } |
1063 | } |
1064 | else |
1065 | bufel = NULL((void*)0); |
1066 | |
1067 | return _gnutls_send_handshake (session, bufel, type); |
1068 | } |
1069 | |
1070 | |
1071 | |
1072 | |
1073 | /* This function sends a handshake message of type 'type' containing the |
1074 | * data specified here. If the previous _gnutls_send_handshake() returned |
1075 | * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again |
1076 | * (until it returns ok), with NULL parameters. |
1077 | */ |
1078 | int |
1079 | _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel, |
1080 | gnutls_handshake_description_t type) |
1081 | { |
1082 | int ret; |
1083 | uint8_t *data; |
1084 | uint32_t datasize, i_datasize; |
1085 | int pos = 0; |
1086 | |
1087 | if (bufel == NULL((void*)0)) |
1088 | { |
1089 | /* we are resuming a previously interrupted |
1090 | * send. |
1091 | */ |
1092 | ret = _gnutls_handshake_io_write_flush (session); |
1093 | return ret; |
1094 | |
1095 | } |
1096 | |
1097 | /* first run */ |
1098 | data = _mbuffer_get_uhead_ptr (bufel); |
1099 | i_datasize = _mbuffer_get_udata_size(bufel); |
1100 | datasize = i_datasize + _mbuffer_get_uhead_size (bufel); |
1101 | |
1102 | data[pos++] = (uint8_t) type; |
1103 | _gnutls_write_uint24 (_mbuffer_get_udata_size (bufel), &data[pos]); |
1104 | pos += 3; |
1105 | |
1106 | /* Add DTLS handshake fragment headers. The message will be |
1107 | * fragmented later by the fragmentation sub-layer. All fields must |
1108 | * be set properly for HMAC. The HMAC requires we pretend that the |
1109 | * message was sent in a single fragment. */ |
1110 | if (IS_DTLS(session)(session->internals.transport == GNUTLS_DGRAM)) |
1111 | { |
1112 | _gnutls_write_uint16 (session->internals.dtls.hsk_write_seq++, &data[pos]); |
1113 | pos += 2; |
1114 | |
1115 | /* Fragment offset */ |
1116 | _gnutls_write_uint24 (0, &data[pos]); |
1117 | pos += 3; |
1118 | |
1119 | /* Fragment length */ |
1120 | _gnutls_write_uint24 (i_datasize, &data[pos]); |
1121 | pos += 3; |
1122 | } |
1123 | |
1124 | _gnutls_handshake_log ("HSK[%p]: %s was queued [%ld bytes]\n",do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: %s was queued [%ld bytes]\n", session, _gnutls_handshake2str (type), (long) datasize); } while(0) |
1125 | session, _gnutls_handshake2str (type),do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: %s was queued [%ld bytes]\n", session, _gnutls_handshake2str (type), (long) datasize); } while(0) |
1126 | (long) datasize)do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: %s was queued [%ld bytes]\n", session, _gnutls_handshake2str (type), (long) datasize); } while(0); |
1127 | |
1128 | /* Here we keep the handshake messages in order to hash them... |
1129 | */ |
1130 | if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) |
1131 | if ((ret = |
1132 | _gnutls_handshake_hash_add_sent (session, type, data, datasize)) < 0) |
1133 | { |
1134 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1134); } while(0 );; |
1135 | _mbuffer_xfree(&bufel); |
1136 | return ret; |
1137 | } |
1138 | |
1139 | session->internals.last_handshake_out = type; |
1140 | |
1141 | ret = _gnutls_handshake_io_cache_int (session, type, bufel); |
1142 | if (ret < 0) |
1143 | { |
1144 | _mbuffer_xfree(&bufel); |
1145 | gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1145); } while(0 );; |
1146 | return ret; |
1147 | } |
1148 | |
1149 | switch (type) |
1150 | { |
1151 | case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: /* this one is followed by ServerHelloDone |
1152 | * or ClientKeyExchange always. |
1153 | */ |
1154 | case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: /* as above */ |
1155 | case GNUTLS_HANDSHAKE_SERVER_HELLO: /* as above */ |
1156 | case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: /* as above */ |
1157 | case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: /* followed by ChangeCipherSpec */ |
1158 | |
1159 | /* now for client Certificate, ClientKeyExchange and |
1160 | * CertificateVerify are always followed by ChangeCipherSpec |
1161 | */ |
1162 | case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: |
1163 | case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: |
1164 | ret = 0; |
1165 | break; |
1166 | default: |
1167 | /* send cached messages */ |
1168 | ret = _gnutls_handshake_io_write_flush (session); |
1169 | break; |
1170 | } |
1171 | |
1172 | return ret; |
1173 | } |
1174 | |
1175 | #define CHECK_SIZE(ll)if ((session->internals.max_handshake_data_buffer_size > 0) && (((ll) + session->internals.handshake_hash_buffer .length) > session->internals.max_handshake_data_buffer_size )) return gnutls_assert_val_int(-210, "gnutls_handshake.c", 1175 ) \ |
1176 | if ((session->internals.max_handshake_data_buffer_size > 0) && \ |
1177 | (((ll) + session->internals.handshake_hash_buffer.length) > \ |
1178 | session->internals.max_handshake_data_buffer_size)) \ |
1179 | return gnutls_assert_val(GNUTLS_E_HANDSHAKE_TOO_LARGE)gnutls_assert_val_int(-210, "gnutls_handshake.c", 1179) |
1180 | |
1181 | /* This function add the handshake headers and the |
1182 | * handshake data to the handshake hash buffers. Needed |
1183 | * for the finished messages calculations. |
1184 | */ |
1185 | static int |
1186 | _gnutls_handshake_hash_add_recvd (gnutls_session_t session, |
1187 | gnutls_handshake_description_t recv_type, |
1188 | opaque * header, uint16_t header_size, |
1189 | opaque * dataptr, uint32_t datalen) |
1190 | { |
1191 | int ret; |
1192 | |
1193 | if (recv_type == GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST || |
1194 | recv_type == GNUTLS_HANDSHAKE_HELLO_REQUEST) |
1195 | return 0; |
1196 | |
1197 | CHECK_SIZE(header_size + datalen)if ((session->internals.max_handshake_data_buffer_size > 0) && (((header_size + datalen) + session->internals .handshake_hash_buffer.length) > session->internals.max_handshake_data_buffer_size )) return gnutls_assert_val_int(-210, "gnutls_handshake.c", 1197 ); |
1198 | |
1199 | session->internals.handshake_hash_buffer_prev_len = session->internals.handshake_hash_buffer.length; |
1200 | |
1201 | ret = _gnutls_buffer_append_data(&session->internals.handshake_hash_buffer, |
1202 | header, header_size); |
1203 | if (ret < 0) |
1204 | return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "gnutls_handshake.c", 1204); |
1205 | |
1206 | if (datalen > 0) |
1207 | { |
1208 | ret = _gnutls_buffer_append_data(&session->internals.handshake_hash_buffer, |
1209 | dataptr, datalen); |
1210 | if (ret < 0) |
1211 | return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "gnutls_handshake.c", 1211); |
1212 | } |
1213 | |
1214 | return 0; |
1215 | } |
1216 | |
1217 | /* This function will store the handshake message we sent. |
1218 | */ |
1219 | static int |
1220 | _gnutls_handshake_hash_add_sent (gnutls_session_t session, |
1221 | gnutls_handshake_description_t type, |
1222 | opaque * dataptr, uint32_t datalen) |
1223 | { |
1224 | int ret; |
1225 | |
1226 | /* We don't check for GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST because it |
1227 | * is not sent via that channel. |
1228 | */ |
1229 | if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) |
1230 | { |
1231 | CHECK_SIZE(datalen)if ((session->internals.max_handshake_data_buffer_size > 0) && (((datalen) + session->internals.handshake_hash_buffer .length) > session->internals.max_handshake_data_buffer_size )) return gnutls_assert_val_int(-210, "gnutls_handshake.c", 1231 ); |
1232 | |
1233 | ret = _gnutls_buffer_append_data(&session->internals.handshake_hash_buffer, |
1234 | dataptr, datalen); |
1235 | if (ret < 0) |
1236 | return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "gnutls_handshake.c", 1236); |
1237 | |
1238 | return 0; |
1239 | } |
1240 | |
1241 | return 0; |
1242 | } |
1243 | |
1244 | |
1245 | /* This function will receive handshake messages of the given types, |
1246 | * and will pass the message to the right place in order to be processed. |
1247 | * E.g. for the SERVER_HELLO message (if it is expected), it will be |
1248 | * passed to _gnutls_recv_hello(). |
1249 | */ |
1250 | int |
1251 | _gnutls_recv_handshake (gnutls_session_t session, |
1252 | gnutls_handshake_description_t type, |
1253 | optional_t optional, gnutls_buffer_st* buf) |
1254 | { |
1255 | int ret; |
1256 | handshake_buffer_st hsk; |
1257 | |
1258 | ret = |
1259 | _gnutls_handshake_io_recv_int (session, type, &hsk); |
1260 | if (ret < 0) |
1261 | { |
1262 | if (optional == OPTIONAL_PACKET && ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET-19) |
1263 | { |
1264 | if (buf) _gnutls_buffer_init(buf); |
1265 | return 0; |
1266 | } |
1267 | |
1268 | if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET-19) |
1269 | _gnutls_audit_log(session, "Received unexpected handshake message '%s' (%d). Expected '%s' (%d)\n", |
1270 | _gnutls_handshake2str(hsk.htype), (int)hsk.htype, _gnutls_handshake2str(type), (int)type); |
1271 | |
1272 | return gnutls_assert_val_fatal(ret)(((ret)!=-28 && (ret)!=-52)?gnutls_assert_val_int(ret , "gnutls_handshake.c", 1272):(ret)); |
1273 | } |
1274 | |
1275 | ret = _gnutls_handshake_hash_add_recvd (session, hsk.htype, |
1276 | hsk.header, hsk.header_size, |
1277 | hsk.data.data, hsk.data.length); |
1278 | if (ret < 0) |
1279 | { |
1280 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1280); } while(0 );; |
1281 | goto cleanup; |
1282 | } |
1283 | |
1284 | switch (hsk.htype) |
1285 | { |
1286 | case GNUTLS_HANDSHAKE_CLIENT_HELLO_V2: |
1287 | case GNUTLS_HANDSHAKE_CLIENT_HELLO: |
1288 | case GNUTLS_HANDSHAKE_SERVER_HELLO: |
1289 | if (hsk.htype == GNUTLS_HANDSHAKE_CLIENT_HELLO_V2) |
1290 | ret = _gnutls_read_client_hello_v2 (session, hsk.data.data, hsk.data.length); |
1291 | else |
1292 | ret = _gnutls_recv_hello (session, hsk.data.data, hsk.data.length); |
1293 | |
1294 | if (ret < 0) |
1295 | { |
1296 | gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1296); } while(0 );; |
1297 | goto cleanup; |
1298 | } |
1299 | |
1300 | goto cleanup; /* caller doesn't need dataptr */ |
1301 | |
1302 | break; |
1303 | case GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: |
1304 | ret = _gnutls_recv_hello_verify_request (session, hsk.data.data, hsk.data.length); |
1305 | if (ret < 0) |
1306 | { |
1307 | gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1307); } while(0 );; |
1308 | goto cleanup; |
1309 | } |
1310 | else |
1311 | /* Signal our caller we have received a verification cookie |
1312 | and ClientHello needs to be sent again. */ |
1313 | ret = 1; |
1314 | |
1315 | goto cleanup; /* caller doesn't need dataptr */ |
1316 | |
1317 | break; |
1318 | case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: |
1319 | if (hsk.data.length == 0) |
1320 | ret = 0; |
1321 | else |
1322 | { |
1323 | gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1323); } while(0 );; |
1324 | ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH-9; |
1325 | goto cleanup; |
1326 | } |
1327 | break; |
1328 | case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: |
1329 | case GNUTLS_HANDSHAKE_FINISHED: |
1330 | case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: |
1331 | case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: |
1332 | case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: |
1333 | case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: |
1334 | case GNUTLS_HANDSHAKE_SUPPLEMENTAL: |
1335 | case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: |
1336 | ret = hsk.data.length; |
1337 | break; |
1338 | default: |
1339 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1339); } while(0 );; |
1340 | /* we shouldn't actually arrive here in any case . |
1341 | * unexpected messages should be catched after _gnutls_handshake_io_recv_int() |
1342 | */ |
1343 | ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET-19; |
1344 | goto cleanup; |
1345 | } |
1346 | |
1347 | if (buf) |
1348 | { |
1349 | *buf = hsk.data; |
1350 | return ret; |
1351 | } |
1352 | |
1353 | cleanup: |
1354 | _gnutls_handshake_buffer_clear (&hsk); |
1355 | return ret; |
1356 | } |
1357 | |
1358 | /* This function checks if the given cipher suite is supported, and sets it |
1359 | * to the session; |
1360 | */ |
1361 | static int |
1362 | _gnutls_client_set_ciphersuite (gnutls_session_t session, opaque suite[2]) |
1363 | { |
1364 | uint8_t z; |
1365 | uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE512]; |
1366 | int cipher_suite_size; |
1367 | int i, err; |
1368 | |
1369 | z = 1; |
1370 | cipher_suite_size = _gnutls_supported_ciphersuites (session, cipher_suites, sizeof(cipher_suites)); |
1371 | if (cipher_suite_size < 0) |
1372 | { |
1373 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1373); } while(0 );; |
1374 | return cipher_suite_size; |
1375 | } |
1376 | |
1377 | for (i = 0; i < cipher_suite_size; i+=2) |
1378 | { |
1379 | if (memcmp (&cipher_suites[i], suite, 2) == 0) |
1380 | { |
1381 | z = 0; |
1382 | break; |
1383 | } |
1384 | } |
1385 | |
1386 | if (z != 0) |
1387 | { |
1388 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1388); } while(0 );; |
1389 | return GNUTLS_E_UNKNOWN_CIPHER_SUITE-21; |
1390 | } |
1391 | |
1392 | memcpy (session->security_parameters.cipher_suite, suite, 2); |
1393 | _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT70002, |
1394 | session-> |
1395 | security_parameters.cipher_suite); |
1396 | |
1397 | _gnutls_handshake_log ("HSK[%p]: Selected cipher suite: %s\n", session,do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected cipher suite: %s\n", session, _gnutls_cipher_suite_get_name (session-> security_parameters.cipher_suite)); } while(0) |
1398 | _gnutls_cipher_suite_get_namedo { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected cipher suite: %s\n", session, _gnutls_cipher_suite_get_name (session-> security_parameters.cipher_suite)); } while(0) |
1399 | (session->do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected cipher suite: %s\n", session, _gnutls_cipher_suite_get_name (session-> security_parameters.cipher_suite)); } while(0) |
1400 | security_parameters.cipher_suite))do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected cipher suite: %s\n", session, _gnutls_cipher_suite_get_name (session-> security_parameters.cipher_suite)); } while(0); |
1401 | |
1402 | |
1403 | /* check if the credentials (username, public key etc.) are ok. |
1404 | * Actually checks if they exist. |
1405 | */ |
1406 | if (_gnutls_get_kx_cred |
1407 | (session, |
1408 | _gnutls_cipher_suite_get_kx_algo |
1409 | (session->security_parameters.cipher_suite), &err) == NULL((void*)0) |
1410 | && err != 0) |
1411 | { |
1412 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1412); } while(0 );; |
1413 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS-32; |
1414 | } |
1415 | |
1416 | |
1417 | /* set the mod_auth_st to the appropriate struct |
1418 | * according to the KX algorithm. This is needed since all the |
1419 | * handshake functions are read from there; |
1420 | */ |
1421 | session->internals.auth_struct = |
1422 | _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo |
1423 | (session-> |
1424 | security_parameters.cipher_suite)); |
1425 | |
1426 | if (session->internals.auth_struct == NULL((void*)0)) |
1427 | { |
1428 | |
1429 | _gnutls_handshake_logdo { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n" , session); } while(0) |
1430 | ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n",do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n" , session); } while(0) |
1431 | session)do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n" , session); } while(0); |
1432 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1432); } while(0 );; |
1433 | return GNUTLS_E_INTERNAL_ERROR-59; |
1434 | } |
1435 | |
1436 | |
1437 | return 0; |
1438 | } |
1439 | |
1440 | /* This function sets the given comp method to the session. |
1441 | */ |
1442 | static int |
1443 | _gnutls_client_set_comp_method (gnutls_session_t session, opaque comp_method) |
1444 | { |
1445 | int comp_methods_num; |
1446 | uint8_t compression_methods[MAX_ALGOS32]; |
1447 | int id = _gnutls_compression_get_id(comp_method); |
1448 | int i; |
1449 | |
1450 | _gnutls_handshake_log ("HSK[%p]: Selected compression method: %s (%d)\n", session,do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected compression method: %s (%d)\n", session , gnutls_compression_get_name(id), (int)comp_method); } while (0) |
1451 | gnutls_compression_get_name(id), (int)comp_method)do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Selected compression method: %s (%d)\n", session , gnutls_compression_get_name(id), (int)comp_method); } while (0); |
1452 | |
1453 | comp_methods_num = _gnutls_supported_compression_methods (session, |
1454 | compression_methods, MAX_ALGOS32); |
1455 | if (comp_methods_num < 0) |
1456 | { |
1457 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1457); } while(0 );; |
1458 | return comp_methods_num; |
1459 | } |
1460 | |
1461 | for (i = 0; i < comp_methods_num; i++) |
1462 | { |
1463 | if (compression_methods[i] == comp_method) |
1464 | { |
1465 | comp_methods_num = 0; |
1466 | break; |
1467 | } |
1468 | } |
1469 | |
1470 | if (comp_methods_num != 0) |
1471 | { |
1472 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1472); } while(0 );; |
1473 | return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM-3; |
1474 | } |
1475 | |
1476 | session->security_parameters.compression_method = id; |
1477 | _gnutls_epoch_set_compression (session, EPOCH_NEXT70002, id); |
1478 | |
1479 | return 0; |
1480 | } |
1481 | |
1482 | /* This function returns 0 if we are resuming a session or -1 otherwise. |
1483 | * This also sets the variables in the session. Used only while reading a server |
1484 | * hello. |
1485 | */ |
1486 | static int |
1487 | _gnutls_client_check_if_resuming (gnutls_session_t session, |
1488 | opaque * session_id, int session_id_len) |
1489 | { |
1490 | opaque buf[2 * TLS_MAX_SESSION_ID_SIZE32 + 1]; |
1491 | |
1492 | _gnutls_handshake_log ("HSK[%p]: SessionID length: %d\n", session,do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: SessionID length: %d\n", session, session_id_len ); } while(0) |
1493 | session_id_len)do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: SessionID length: %d\n", session, session_id_len ); } while(0); |
1494 | _gnutls_handshake_log ("HSK[%p]: SessionID: %s\n", session,do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: SessionID: %s\n", session, _gnutls_bin2hex (session_id , session_id_len, buf, sizeof (buf), ((void*)0))); } while(0) |
1495 | _gnutls_bin2hex (session_id, session_id_len, buf,do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: SessionID: %s\n", session, _gnutls_bin2hex (session_id , session_id_len, buf, sizeof (buf), ((void*)0))); } while(0) |
1496 | sizeof (buf), NULL))do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: SessionID: %s\n", session, _gnutls_bin2hex (session_id , session_id_len, buf, sizeof (buf), ((void*)0))); } while(0); |
1497 | |
1498 | if (session_id_len > 0 && |
1499 | session->internals.resumed_security_parameters.session_id_size == |
1500 | session_id_len |
1501 | && memcmp (session_id, |
1502 | session->internals.resumed_security_parameters.session_id, |
1503 | session_id_len) == 0) |
1504 | { |
1505 | /* resume session */ |
1506 | memcpy (session->internals.resumed_security_parameters.server_random, |
1507 | session->security_parameters.server_random, GNUTLS_RANDOM_SIZE32); |
1508 | memcpy (session->internals.resumed_security_parameters.client_random, |
1509 | session->security_parameters.client_random, GNUTLS_RANDOM_SIZE32); |
1510 | |
1511 | _gnutls_epoch_set_cipher_suite |
1512 | (session, EPOCH_NEXT70002, |
1513 | session->internals. |
1514 | resumed_security_parameters.cipher_suite); |
1515 | _gnutls_epoch_set_compression (session, EPOCH_NEXT70002, |
1516 | session-> |
1517 | internals.resumed_security_parameters.compression_method); |
1518 | |
1519 | session->internals.resumed = RESUME_TRUE1; /* we are resuming */ |
1520 | |
1521 | return 0; |
1522 | } |
1523 | else |
1524 | { |
1525 | /* keep the new session id */ |
1526 | session->internals.resumed = RESUME_FALSE0; /* we are not resuming */ |
1527 | session->security_parameters.session_id_size = session_id_len; |
1528 | memcpy (session->security_parameters.session_id, |
1529 | session_id, session_id_len); |
1530 | |
1531 | return -1; |
1532 | } |
1533 | } |
1534 | |
1535 | |
1536 | /* This function reads and parses the server hello handshake message. |
1537 | * This function also restores resumed parameters if we are resuming a |
1538 | * session. |
1539 | */ |
1540 | static int |
1541 | _gnutls_read_server_hello (gnutls_session_t session, |
1542 | opaque * data, int datalen) |
1543 | { |
1544 | uint8_t session_id_len = 0; |
1545 | int pos = 0; |
1546 | int ret = 0; |
1547 | gnutls_protocol_t version; |
1548 | int len = datalen; |
1549 | |
1550 | if (datalen < 38) |
1551 | { |
1552 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1552); } while(0 );; |
1553 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH-9; |
1554 | } |
1555 | |
1556 | _gnutls_handshake_log ("HSK[%p]: Server's version: %d.%d\n",do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Server's version: %d.%d\n", session, data[pos] , data[pos + 1]); } while(0) |
1557 | session, data[pos], data[pos + 1])do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Server's version: %d.%d\n", session, data[pos] , data[pos + 1]); } while(0); |
1558 | |
1559 | DECR_LEN (len, 2)do { len-=2; if (len<0) {do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c" ,1559); } while(0);; return -9;} } while (0); |
1560 | version = _gnutls_version_get (data[pos], data[pos + 1]); |
1561 | if (_gnutls_version_is_supported (session, version) == 0) |
1562 | { |
1563 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1563); } while(0 );; |
1564 | return GNUTLS_E_UNSUPPORTED_VERSION_PACKET-8; |
1565 | } |
1566 | else |
1567 | { |
1568 | _gnutls_set_current_version (session, version); |
1569 | } |
1570 | |
1571 | pos += 2; |
1572 | |
1573 | DECR_LEN (len, GNUTLS_RANDOM_SIZE)do { len-=32; if (len<0) {do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c" ,1573); } while(0);; return -9;} } while (0); |
1574 | _gnutls_set_server_random (session, &data[pos]); |
1575 | pos += GNUTLS_RANDOM_SIZE32; |
1576 | |
1577 | |
1578 | /* Read session ID |
1579 | */ |
1580 | DECR_LEN (len, 1)do { len-=1; if (len<0) {do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c" ,1580); } while(0);; return -9;} } while (0); |
1581 | session_id_len = data[pos++]; |
1582 | |
1583 | if (len < session_id_len) |
1584 | { |
1585 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1585); } while(0 );; |
1586 | return GNUTLS_E_UNSUPPORTED_VERSION_PACKET-8; |
1587 | } |
1588 | DECR_LEN (len, session_id_len)do { len-=session_id_len; if (len<0) {do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",1588); } while(0);; return -9;} } while (0); |
1589 | |
1590 | /* check if we are resuming and set the appropriate |
1591 | * values; |
1592 | */ |
1593 | if (_gnutls_client_check_if_resuming |
1594 | (session, &data[pos], session_id_len) == 0) |
1595 | { |
1596 | pos += session_id_len + 2 + 1; |
1597 | DECR_LEN (len, 2 + 1)do { len-=2 + 1; if (len<0) {do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c" ,1597); } while(0);; return -9;} } while (0); |
1598 | |
1599 | ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY, |
1600 | &data[pos], len); |
1601 | if (ret < 0) |
1602 | { |
1603 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1603); } while(0 );; |
1604 | return ret; |
1605 | } |
1606 | return 0; |
1607 | } |
1608 | |
1609 | pos += session_id_len; |
1610 | |
1611 | /* Check if the given cipher suite is supported and copy |
1612 | * it to the session. |
1613 | */ |
1614 | |
1615 | DECR_LEN (len, 2)do { len-=2; if (len<0) {do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c" ,1615); } while(0);; return -9;} } while (0); |
1616 | ret = _gnutls_client_set_ciphersuite (session, &data[pos]); |
1617 | if (ret < 0) |
1618 | { |
1619 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1619); } while(0 );; |
1620 | return ret; |
1621 | } |
1622 | pos += 2; |
1623 | |
1624 | /* move to compression |
1625 | */ |
1626 | DECR_LEN (len, 1)do { len-=1; if (len<0) {do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c" ,1626); } while(0);; return -9;} } while (0); |
1627 | |
1628 | ret = _gnutls_client_set_comp_method (session, data[pos++]); |
1629 | if (ret < 0) |
1630 | { |
1631 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1631); } while(0 );; |
1632 | return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM-3; |
1633 | } |
1634 | |
1635 | /* Parse extensions. |
1636 | */ |
1637 | ret = _gnutls_parse_extensions (session, GNUTLS_EXT_ANY, &data[pos], len); |
1638 | if (ret < 0) |
1639 | { |
1640 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1640); } while(0 );; |
1641 | return ret; |
1642 | } |
1643 | |
1644 | return ret; |
1645 | } |
1646 | |
1647 | |
1648 | /* This function copies the appropriate ciphersuites to a locally allocated buffer |
1649 | * Needed in client hello messages. Returns the new data length. If add_scsv is |
1650 | * true, add the special safe renegotiation CS. |
1651 | */ |
1652 | static int |
1653 | _gnutls_copy_ciphersuites (gnutls_session_t session, |
1654 | gnutls_buffer_st * cdata, |
1655 | int add_scsv) |
1656 | { |
1657 | int ret; |
1658 | uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE512+2]; |
1659 | int cipher_suites_size; |
1660 | size_t init_length = cdata->length; |
1661 | |
1662 | ret = _gnutls_supported_ciphersuites (session, cipher_suites, sizeof(cipher_suites)-2); |
1663 | if (ret < 0) |
1664 | return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "gnutls_handshake.c", 1664); |
1665 | |
1666 | /* Here we remove any ciphersuite that does not conform |
1667 | * the certificate requested, or to the |
1668 | * authentication requested (eg SRP). |
1669 | */ |
1670 | ret = |
1671 | _gnutls_remove_unwanted_ciphersuites (session, cipher_suites, ret, NULL((void*)0), 0); |
1672 | if (ret < 0) |
1673 | return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "gnutls_handshake.c", 1673); |
1674 | |
1675 | /* If no cipher suites were enabled. |
1676 | */ |
1677 | if (ret == 0) |
1678 | return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS)gnutls_assert_val_int(-32, "gnutls_handshake.c", 1678); |
1679 | |
1680 | cipher_suites_size = ret; |
1681 | if (add_scsv) |
1682 | { |
1683 | cipher_suites[cipher_suites_size] = 0x00; |
1684 | cipher_suites[cipher_suites_size+1] = 0xff; |
1685 | cipher_suites_size += 2; |
1686 | |
1687 | ret = _gnutls_ext_sr_send_cs (session); |
1688 | if (ret < 0) |
1689 | return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "gnutls_handshake.c", 1689); |
1690 | } |
1691 | |
1692 | ret = _gnutls_buffer_append_data_prefix(cdata, 16, cipher_suites, cipher_suites_size); |
1693 | if (ret < 0) |
1694 | return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "gnutls_handshake.c", 1694); |
1695 | |
1696 | ret = cdata->length - init_length; |
1697 | |
1698 | return ret; |
1699 | } |
1700 | |
1701 | |
1702 | /* This function copies the appropriate compression methods, to a locally allocated buffer |
1703 | * Needed in hello messages. Returns the new data length. |
1704 | */ |
1705 | static int |
1706 | _gnutls_copy_comp_methods (gnutls_session_t session, |
1707 | gnutls_buffer_st * cdata) |
1708 | { |
1709 | int ret; |
1710 | uint8_t compression_methods[MAX_ALGOS32], comp_num; |
1711 | size_t init_length = cdata->length; |
1712 | |
1713 | ret = _gnutls_supported_compression_methods (session, compression_methods, MAX_ALGOS32); |
1714 | if (ret < 0) |
1715 | return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "gnutls_handshake.c", 1715); |
1716 | |
1717 | comp_num = ret; |
1718 | |
1719 | /* put the number of compression methods */ |
1720 | ret = _gnutls_buffer_append_prefix(cdata, 8, comp_num); |
1721 | if (ret < 0) |
1722 | return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "gnutls_handshake.c", 1722); |
1723 | |
1724 | ret = _gnutls_buffer_append_data(cdata, compression_methods, comp_num); |
1725 | if (ret < 0) |
1726 | return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "gnutls_handshake.c", 1726); |
1727 | |
1728 | ret = cdata->length - init_length; |
1729 | |
1730 | return ret; |
1731 | } |
1732 | |
1733 | /* This should be sufficient by now. It should hold all the extensions |
1734 | * plus the headers in a hello message. |
1735 | */ |
1736 | #define MAX_EXT_DATA_LENGTH32*1024 32*1024 |
1737 | |
1738 | /* This function sends the client hello handshake message. |
1739 | */ |
1740 | static int |
1741 | _gnutls_send_client_hello (gnutls_session_t session, int again) |
1742 | { |
1743 | mbuffer_st *bufel = NULL((void*)0); |
1744 | opaque *data = NULL((void*)0); |
1745 | int pos = 0, type; |
1746 | int datalen = 0, ret = 0; |
1747 | opaque rnd[GNUTLS_RANDOM_SIZE32]; |
1748 | gnutls_protocol_t hver; |
1749 | gnutls_buffer_st extdata; |
1750 | int rehandshake = 0; |
1751 | uint8_t session_id_len = |
1752 | session->internals.resumed_security_parameters.session_id_size; |
1753 | uint8_t cookie_len; |
1754 | |
1755 | _gnutls_buffer_init(&extdata); |
1756 | |
1757 | /* note that rehandshake is different than resuming |
1758 | */ |
1759 | if (session->security_parameters.session_id_size) |
1760 | rehandshake = 1; |
1761 | |
1762 | if (again == 0) |
1763 | { |
1764 | if(IS_DTLS(session)(session->internals.transport == GNUTLS_DGRAM)) |
1765 | { |
1766 | cookie_len = session->internals.dtls.cookie_len + 1; |
1767 | } |
1768 | else |
1769 | { |
1770 | cookie_len = 0; |
1771 | } |
1772 | |
1773 | datalen = 2 + (session_id_len + 1) + GNUTLS_RANDOM_SIZE32 + cookie_len; |
1774 | /* 2 for version, (4 for unix time + 28 for random bytes==GNUTLS_RANDOM_SIZE) |
1775 | */ |
1776 | |
1777 | bufel = _gnutls_handshake_alloc (session, datalen, datalen+MAX_EXT_DATA_LENGTH32*1024); |
1778 | if (bufel == NULL((void*)0)) |
1779 | { |
1780 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1780); } while(0 );; |
1781 | return GNUTLS_E_MEMORY_ERROR-25; |
1782 | } |
1783 | data = _mbuffer_get_udata_ptr (bufel); |
1784 | |
1785 | /* if we are resuming a session then we set the |
1786 | * version number to the previously established. |
1787 | */ |
1788 | if (session_id_len == 0) |
1789 | { |
1790 | if (rehandshake) /* already negotiated version thus version_max == negotiated version */ |
1791 | hver = session->security_parameters.version; |
1792 | else /* new handshake. just get the max */ |
1793 | hver = _gnutls_version_max (session); |
1794 | } |
1795 | else |
1796 | { |
1797 | /* we are resuming a session */ |
1798 | hver = session->internals.resumed_security_parameters.version; |
1799 | } |
1800 | |
1801 | if (hver == GNUTLS_VERSION_UNKNOWN || hver == 0) |
1802 | { |
1803 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1803); } while(0 );; |
1804 | gnutls_free (bufel); |
1805 | return GNUTLS_E_INTERNAL_ERROR-59; |
1806 | } |
1807 | |
1808 | data[pos++] = _gnutls_version_get_major (hver); |
1809 | data[pos++] = _gnutls_version_get_minor (hver); |
1810 | |
1811 | /* Set the version we advertized as maximum |
1812 | * (RSA uses it). |
1813 | */ |
1814 | _gnutls_set_adv_version (session, hver); |
1815 | _gnutls_set_current_version (session, hver); |
1816 | |
1817 | if (session->internals.priorities.ssl3_record_version != 0) |
1818 | { |
1819 | /* Advertize the SSL 3.0 record packet version in |
1820 | * record packets during the handshake. |
1821 | * That is to avoid confusing implementations |
1822 | * that do not support TLS 1.2 and don't know |
1823 | * how 3,3 version of record packets look like. |
1824 | */ |
1825 | if (!IS_DTLS(session)(session->internals.transport == GNUTLS_DGRAM)) |
1826 | _gnutls_record_set_default_version (session, 3, 0); |
1827 | else |
1828 | _gnutls_record_set_default_version (session, 254, 255); |
1829 | } |
1830 | |
1831 | /* In order to know when this session was initiated. |
1832 | */ |
1833 | session->security_parameters.timestamp = gnutls_time (NULL((void*)0)); |
1834 | |
1835 | /* Generate random data |
1836 | */ |
1837 | if (!IS_DTLS (session)(session->internals.transport == GNUTLS_DGRAM) |
1838 | || session->internals.dtls.hsk_hello_verify_requests == 0) |
1839 | { |
1840 | _gnutls_tls_create_random (rnd); |
1841 | _gnutls_set_client_random (session, rnd); |
1842 | |
1843 | memcpy (&data[pos], rnd, GNUTLS_RANDOM_SIZE32); |
1844 | } |
1845 | else |
1846 | memcpy (&data[pos], session->security_parameters.client_random, GNUTLS_RANDOM_SIZE32); |
1847 | |
1848 | pos += GNUTLS_RANDOM_SIZE32; |
1849 | |
1850 | /* Copy the Session ID |
1851 | */ |
1852 | data[pos++] = session_id_len; |
1853 | |
1854 | if (session_id_len > 0) |
1855 | { |
1856 | memcpy (&data[pos], |
1857 | session->internals.resumed_security_parameters.session_id, |
1858 | session_id_len); |
1859 | pos += session_id_len; |
1860 | } |
1861 | |
1862 | /* Copy the DTLS cookie |
1863 | */ |
1864 | if (IS_DTLS(session)(session->internals.transport == GNUTLS_DGRAM)) |
1865 | { |
1866 | data[pos++] = session->internals.dtls.cookie_len; |
1867 | memcpy(&data[pos], &session->internals.dtls.cookie, session->internals.dtls.cookie_len); |
1868 | pos += session->internals.dtls.cookie_len; |
Value stored to 'pos' is never read | |
1869 | } |
1870 | |
1871 | /* Copy the ciphersuites. |
1872 | * |
1873 | * If using SSLv3 Send TLS_RENEGO_PROTECTION_REQUEST SCSV for MITM |
1874 | * prevention on initial negotiation (but not renegotiation; that's |
1875 | * handled with the RI extension below). |
1876 | */ |
1877 | if (!session->internals.initial_negotiation_completed && |
1878 | session->security_parameters.entity == GNUTLS_CLIENT(1<<1) && |
1879 | (gnutls_protocol_get_version_gnutls_protocol_get_version (session) == GNUTLS_SSL3 || |
1880 | session->internals.priorities.no_extensions != 0)) |
1881 | { |
1882 | ret = |
1883 | _gnutls_copy_ciphersuites (session, &extdata, TRUE1); |
1884 | _gnutls_extension_list_add (session, |
1885 | GNUTLS_EXTENSION_SAFE_RENEGOTIATION); |
1886 | } |
1887 | else |
1888 | ret = _gnutls_copy_ciphersuites (session, &extdata, FALSE0); |
1889 | |
1890 | if (ret < 0) |
1891 | { |
1892 | gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1892); } while(0 );; |
1893 | goto cleanup; |
1894 | } |
1895 | |
1896 | /* Copy the compression methods. |
1897 | */ |
1898 | ret = _gnutls_copy_comp_methods (session, &extdata); |
1899 | if (ret < 0) |
1900 | { |
1901 | gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1901); } while(0 );; |
1902 | goto cleanup; |
1903 | } |
1904 | |
1905 | /* Generate and copy TLS extensions. |
1906 | */ |
1907 | if (session->internals.priorities.no_extensions == 0) |
1908 | { |
1909 | if (_gnutls_version_has_extensions (hver)) |
1910 | type = GNUTLS_EXT_ANY; |
1911 | else |
1912 | { |
1913 | if (session->internals.initial_negotiation_completed != 0) |
1914 | type = GNUTLS_EXT_MANDATORY; |
1915 | else |
1916 | type = GNUTLS_EXT_NONE; |
1917 | } |
1918 | |
1919 | ret = _gnutls_gen_extensions (session, &extdata, type); |
1920 | if (ret < 0) |
1921 | { |
1922 | gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1922); } while(0 );; |
1923 | goto cleanup; |
1924 | } |
1925 | |
1926 | } |
1927 | |
1928 | ret = _mbuffer_append_data (bufel, extdata.data, extdata.length); |
1929 | if (ret < 0) |
1930 | { |
1931 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1931); } while(0 );; |
1932 | goto cleanup; |
1933 | } |
1934 | } |
1935 | |
1936 | _gnutls_buffer_clear(&extdata); |
1937 | |
1938 | return |
1939 | _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_CLIENT_HELLO); |
1940 | |
1941 | cleanup: |
1942 | _mbuffer_xfree(&bufel); |
1943 | _gnutls_buffer_clear(&extdata); |
1944 | return ret; |
1945 | } |
1946 | |
1947 | static int |
1948 | _gnutls_send_server_hello (gnutls_session_t session, int again) |
1949 | { |
1950 | mbuffer_st *bufel = NULL((void*)0); |
1951 | opaque *data = NULL((void*)0); |
1952 | gnutls_buffer_st extdata; |
1953 | int pos = 0; |
1954 | int datalen, ret = 0; |
1955 | uint8_t comp; |
1956 | uint8_t session_id_len = session->security_parameters.session_id_size; |
1957 | opaque buf[2 * TLS_MAX_SESSION_ID_SIZE32 + 1]; |
1958 | |
1959 | datalen = 0; |
1960 | |
1961 | _gnutls_buffer_init(&extdata); |
1962 | |
1963 | if (again == 0) |
1964 | { |
1965 | datalen = 2 + session_id_len + 1 + GNUTLS_RANDOM_SIZE32 + 3; |
1966 | ret = |
1967 | _gnutls_gen_extensions (session, &extdata, GNUTLS_EXT_ANY); |
1968 | if (ret < 0) |
1969 | { |
1970 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1970); } while(0 );; |
1971 | goto fail; |
1972 | } |
1973 | |
1974 | bufel = _gnutls_handshake_alloc (session, datalen + extdata.length, datalen + extdata.length); |
1975 | if (bufel == NULL((void*)0)) |
1976 | { |
1977 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",1977); } while(0 );; |
1978 | ret = GNUTLS_E_MEMORY_ERROR-25; |
1979 | goto fail; |
1980 | } |
1981 | data = _mbuffer_get_udata_ptr (bufel); |
1982 | |
1983 | data[pos++] = |
1984 | _gnutls_version_get_major (session->security_parameters.version); |
1985 | data[pos++] = |
1986 | _gnutls_version_get_minor (session->security_parameters.version); |
1987 | |
1988 | memcpy (&data[pos], |
1989 | session->security_parameters.server_random, GNUTLS_RANDOM_SIZE32); |
1990 | pos += GNUTLS_RANDOM_SIZE32; |
1991 | |
1992 | data[pos++] = session_id_len; |
1993 | if (session_id_len > 0) |
1994 | { |
1995 | memcpy (&data[pos], session->security_parameters.session_id, |
1996 | session_id_len); |
1997 | } |
1998 | pos += session_id_len; |
1999 | |
2000 | _gnutls_handshake_log ("HSK[%p]: SessionID: %s\n", session,do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: SessionID: %s\n", session, _gnutls_bin2hex (session ->security_parameters. session_id, session_id_len, buf, sizeof (buf), ((void*)0))); } while(0) |
2001 | _gnutls_bin2hex (session->security_parameters.do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: SessionID: %s\n", session, _gnutls_bin2hex (session ->security_parameters. session_id, session_id_len, buf, sizeof (buf), ((void*)0))); } while(0) |
2002 | session_id, session_id_len, buf,do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: SessionID: %s\n", session, _gnutls_bin2hex (session ->security_parameters. session_id, session_id_len, buf, sizeof (buf), ((void*)0))); } while(0) |
2003 | sizeof (buf), NULL))do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: SessionID: %s\n", session, _gnutls_bin2hex (session ->security_parameters. session_id, session_id_len, buf, sizeof (buf), ((void*)0))); } while(0); |
2004 | |
2005 | memcpy (&data[pos], |
2006 | session->security_parameters.cipher_suite, 2); |
2007 | pos += 2; |
2008 | |
2009 | comp = _gnutls_compression_get_num ( session->security_parameters.compression_method); |
2010 | data[pos++] = comp; |
2011 | |
2012 | if (extdata.length > 0) |
2013 | { |
2014 | datalen += extdata.length; |
2015 | memcpy (&data[pos], extdata.data, extdata.length); |
2016 | } |
2017 | } |
2018 | |
2019 | ret = |
2020 | _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_SERVER_HELLO); |
2021 | |
2022 | fail: |
2023 | _gnutls_buffer_clear(&extdata); |
2024 | return ret; |
2025 | } |
2026 | |
2027 | int |
2028 | _gnutls_send_hello (gnutls_session_t session, int again) |
2029 | { |
2030 | int ret; |
2031 | |
2032 | if (session->security_parameters.entity == GNUTLS_CLIENT(1<<1)) |
2033 | { |
2034 | ret = _gnutls_send_client_hello (session, again); |
2035 | |
2036 | } |
2037 | else |
2038 | { /* SERVER */ |
2039 | ret = _gnutls_send_server_hello (session, again); |
2040 | } |
2041 | |
2042 | return ret; |
2043 | } |
2044 | |
2045 | /* RECEIVE A HELLO MESSAGE. This should be called from gnutls_recv_handshake_int only if a |
2046 | * hello message is expected. It uses the security_parameters.cipher_suite |
2047 | * and internals.compression_method. |
2048 | */ |
2049 | int |
2050 | _gnutls_recv_hello (gnutls_session_t session, opaque * data, int datalen) |
2051 | { |
2052 | int ret; |
2053 | |
2054 | if (session->security_parameters.entity == GNUTLS_CLIENT(1<<1)) |
2055 | { |
2056 | ret = _gnutls_read_server_hello (session, data, datalen); |
2057 | if (ret < 0) |
2058 | { |
2059 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2059); } while(0 );; |
2060 | return ret; |
2061 | } |
2062 | } |
2063 | else |
2064 | { /* Server side reading a client hello */ |
2065 | |
2066 | ret = _gnutls_read_client_hello (session, data, datalen); |
2067 | if (ret < 0) |
2068 | { |
2069 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2069); } while(0 );; |
2070 | return ret; |
2071 | } |
2072 | } |
2073 | |
2074 | ret = _gnutls_ext_sr_verify (session); |
2075 | if (ret < 0) |
2076 | { |
2077 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2077); } while(0 );; |
2078 | return ret; |
2079 | } |
2080 | |
2081 | return 0; |
2082 | } |
2083 | |
2084 | static int |
2085 | _gnutls_recv_hello_verify_request (gnutls_session_t session, |
2086 | opaque * data, int datalen) |
2087 | { |
2088 | ssize_t len = datalen; |
2089 | size_t pos = 0; |
2090 | uint8_t cookie_len; |
2091 | unsigned int nb_verifs; |
2092 | |
2093 | if (!IS_DTLS (session)(session->internals.transport == GNUTLS_DGRAM) |
2094 | || session->security_parameters.entity == GNUTLS_SERVER1) |
2095 | { |
2096 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2096); } while(0 );; |
2097 | return GNUTLS_E_INTERNAL_ERROR-59; |
2098 | } |
2099 | |
2100 | nb_verifs = ++session->internals.dtls.hsk_hello_verify_requests; |
2101 | if (nb_verifs >= MAX_HANDSHAKE_HELLO_VERIFY_REQUESTS5) |
2102 | { |
2103 | /* The server is either buggy, malicious or changing cookie |
2104 | secrets _way_ too fast. */ |
2105 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2105); } while(0 );; |
2106 | return GNUTLS_E_UNEXPECTED_PACKET-15; |
2107 | } |
2108 | |
2109 | /* TODO: determine if we need to do anything with the server version field */ |
2110 | DECR_LEN (len, 2)do { len-=2; if (len<0) {do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c" ,2110); } while(0);; return -9;} } while (0); |
2111 | pos += 2; |
2112 | |
2113 | DECR_LEN (len, 1)do { len-=1; if (len<0) {do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c" ,2113); } while(0);; return -9;} } while (0); |
2114 | cookie_len = data[pos]; |
2115 | pos++; |
2116 | |
2117 | if (cookie_len > DTLS_MAX_COOKIE_SIZE32) |
2118 | { |
2119 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2119); } while(0 );; |
2120 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH-9; |
2121 | } |
2122 | |
2123 | DECR_LEN (len, cookie_len)do { len-=cookie_len; if (len<0) {do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2123); } while(0);; return -9;} } while (0); |
2124 | |
2125 | session->internals.dtls.cookie_len = cookie_len; |
2126 | memcpy (session->internals.dtls.cookie, &data[pos], cookie_len); |
2127 | |
2128 | pos += cookie_len; |
2129 | |
2130 | if (len != 0) |
2131 | { |
2132 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2132); } while(0 );; |
2133 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH-9; |
2134 | } |
2135 | |
2136 | /* reset handshake hash buffers */ |
2137 | _gnutls_handshake_hash_buffer_empty (session); |
2138 | |
2139 | return 0; |
2140 | } |
2141 | |
2142 | /* The packets in gnutls_handshake (it's more broad than original TLS handshake) |
2143 | * |
2144 | * Client Server |
2145 | * |
2146 | * ClientHello --------> |
2147 | * <-------- ServerHello |
2148 | * |
2149 | * Certificate* |
2150 | * ServerKeyExchange* |
2151 | * <-------- CertificateRequest* |
2152 | * |
2153 | * <-------- ServerHelloDone |
2154 | * Certificate* |
2155 | * ClientKeyExchange |
2156 | * CertificateVerify* |
2157 | * [ChangeCipherSpec] |
2158 | * Finished --------> |
2159 | * NewSessionTicket |
2160 | * [ChangeCipherSpec] |
2161 | * <-------- Finished |
2162 | * |
2163 | * (*): means optional packet. |
2164 | */ |
2165 | |
2166 | /* Handshake when resumming session: |
2167 | * Client Server |
2168 | * |
2169 | * ClientHello --------> |
2170 | * ServerHello |
2171 | * [ChangeCipherSpec] |
2172 | * <-------- Finished |
2173 | * [ChangeCipherSpec] |
2174 | * Finished --------> |
2175 | * |
2176 | */ |
2177 | |
2178 | /** |
2179 | * gnutls_rehandshake: |
2180 | * @session: is a #gnutls_session_t structure. |
2181 | * |
2182 | * This function will renegotiate security parameters with the |
2183 | * client. This should only be called in case of a server. |
2184 | * |
2185 | * This message informs the peer that we want to renegotiate |
2186 | * parameters (perform a handshake). |
2187 | * |
2188 | * If this function succeeds (returns 0), you must call the |
2189 | * gnutls_handshake() function in order to negotiate the new |
2190 | * parameters. |
2191 | * |
2192 | * Since TLS is full duplex some application data might have been |
2193 | * sent during peer's processing of this message. In that case |
2194 | * one should call gnutls_record_recv() until GNUTLS_E_REHANDSHAKE |
2195 | * is returned to clear any pending data. Care must be taken if |
2196 | * rehandshake is mandatory to terminate if it does not start after |
2197 | * some threshold. |
2198 | * |
2199 | * If the client does not wish to renegotiate parameters he will |
2200 | * should with an alert message, thus the return code will be |
2201 | * %GNUTLS_E_WARNING_ALERT_RECEIVED and the alert will be |
2202 | * %GNUTLS_A_NO_RENEGOTIATION. A client may also choose to ignore |
2203 | * this message. |
2204 | * |
2205 | * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. |
2206 | **/ |
2207 | int |
2208 | gnutls_rehandshake (gnutls_session_t session) |
2209 | { |
2210 | int ret; |
2211 | |
2212 | /* only server sends that handshake packet */ |
2213 | if (session->security_parameters.entity == GNUTLS_CLIENT(1<<1)) |
2214 | return GNUTLS_E_INVALID_REQUEST-50; |
2215 | |
2216 | ret = |
2217 | _gnutls_send_empty_handshake (session, GNUTLS_HANDSHAKE_HELLO_REQUEST, |
2218 | AGAIN (STATE50)(session->internals.handshake_state==STATE50?1:0)); |
2219 | STATEsession->internals.handshake_state = STATE50; |
2220 | |
2221 | if (ret < 0) |
2222 | { |
2223 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2223); } while(0 );; |
2224 | return ret; |
2225 | } |
2226 | STATEsession->internals.handshake_state = STATE0; |
2227 | |
2228 | return 0; |
2229 | } |
2230 | |
2231 | inline static int |
2232 | _gnutls_abort_handshake (gnutls_session_t session, int ret) |
2233 | { |
2234 | if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED-16) && |
2235 | (gnutls_alert_get (session) == GNUTLS_A_NO_RENEGOTIATION)) |
2236 | || ret == GNUTLS_E_GOT_APPLICATION_DATA-38) |
2237 | return 0; |
2238 | |
2239 | /* this doesn't matter */ |
2240 | return GNUTLS_E_INTERNAL_ERROR-59; |
2241 | } |
2242 | |
2243 | |
2244 | |
2245 | static int |
2246 | _gnutls_send_supplemental (gnutls_session_t session, int again) |
2247 | { |
2248 | mbuffer_st *bufel; |
2249 | int ret = 0; |
2250 | |
2251 | _gnutls_debug_log ("EXT[%p]: Sending supplemental data\n", session)do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "EXT[%p]: Sending supplemental data\n", session); } while (0); |
2252 | |
2253 | if (again) |
2254 | ret = |
2255 | _gnutls_send_handshake (session, NULL((void*)0), GNUTLS_HANDSHAKE_SUPPLEMENTAL); |
2256 | else |
2257 | { |
2258 | gnutls_buffer_st buf; |
2259 | _gnutls_buffer_init (&buf); |
2260 | |
2261 | ret = _gnutls_gen_supplemental (session, &buf); |
2262 | if (ret < 0) |
2263 | { |
2264 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2264); } while(0 );; |
2265 | return ret; |
2266 | } |
2267 | |
2268 | bufel = _gnutls_handshake_alloc(session, buf.length, buf.length); |
2269 | if (bufel == NULL((void*)0)) |
2270 | { |
2271 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2271); } while(0 );; |
2272 | return GNUTLS_E_MEMORY_ERROR-25; |
2273 | } |
2274 | |
2275 | _mbuffer_set_udata (bufel, buf.data, buf.length); |
2276 | _gnutls_buffer_clear (&buf); |
2277 | |
2278 | ret = _gnutls_send_handshake (session, bufel, |
2279 | GNUTLS_HANDSHAKE_SUPPLEMENTAL); |
2280 | } |
2281 | |
2282 | return ret; |
2283 | } |
2284 | |
2285 | static int |
2286 | _gnutls_recv_supplemental (gnutls_session_t session) |
2287 | { |
2288 | gnutls_buffer_st buf; |
2289 | int ret; |
2290 | |
2291 | _gnutls_debug_log ("EXT[%p]: Expecting supplemental data\n", session)do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "EXT[%p]: Expecting supplemental data\n", session); } while (0); |
2292 | |
2293 | ret = _gnutls_recv_handshake (session, GNUTLS_HANDSHAKE_SUPPLEMENTAL, |
2294 | OPTIONAL_PACKET, &buf); |
2295 | if (ret < 0) |
2296 | { |
2297 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2297); } while(0 );; |
2298 | return ret; |
2299 | } |
2300 | |
2301 | ret = _gnutls_parse_supplemental (session, buf.data, buf.length); |
2302 | if (ret < 0) |
2303 | { |
2304 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2304); } while(0 );; |
2305 | goto cleanup; |
2306 | } |
2307 | |
2308 | cleanup: |
2309 | _gnutls_buffer_clear(&buf); |
2310 | |
2311 | return ret; |
2312 | } |
2313 | |
2314 | /** |
2315 | * gnutls_handshake: |
2316 | * @session: is a #gnutls_session_t structure. |
2317 | * |
2318 | * This function does the handshake of the TLS/SSL protocol, and |
2319 | * initializes the TLS connection. |
2320 | * |
2321 | * This function will fail if any problem is encountered, and will |
2322 | * return a negative error code. In case of a client, if the client |
2323 | * has asked to resume a session, but the server couldn't, then a |
2324 | * full handshake will be performed. |
2325 | * |
2326 | * The non-fatal errors such as %GNUTLS_E_AGAIN and |
2327 | * %GNUTLS_E_INTERRUPTED interrupt the handshake procedure, which |
2328 | * should be resumed later. Call this function again, until it |
2329 | * returns 0; cf. gnutls_record_get_direction() and |
2330 | * gnutls_error_is_fatal(). |
2331 | * |
2332 | * If this function is called by a server after a rehandshake request |
2333 | * then %GNUTLS_E_GOT_APPLICATION_DATA or |
2334 | * %GNUTLS_E_WARNING_ALERT_RECEIVED may be returned. Note that these |
2335 | * are non fatal errors, only in the specific case of a rehandshake. |
2336 | * Their meaning is that the client rejected the rehandshake request or |
2337 | * in the case of %GNUTLS_E_GOT_APPLICATION_DATA it might also mean that |
2338 | * some data were pending. |
2339 | * |
2340 | * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. |
2341 | **/ |
2342 | int |
2343 | gnutls_handshake (gnutls_session_t session) |
2344 | { |
2345 | int ret; |
2346 | record_parameters_st *params; |
2347 | |
2348 | /* sanity check. Verify that there are priorities setup. |
2349 | */ |
2350 | if (session->internals.priorities.protocol.algorithms == 0) |
2351 | return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET)gnutls_assert_val_int(-326, "gnutls_handshake.c", 2351); |
2352 | |
2353 | ret = _gnutls_epoch_get (session, session->security_parameters.epoch_next, |
2354 | ¶ms); |
2355 | if (ret < 0) |
2356 | { |
2357 | /* We assume the epoch is not allocated if _gnutls_epoch_get fails. */ |
2358 | ret = |
2359 | _gnutls_epoch_alloc (session, session->security_parameters.epoch_next, |
2360 | NULL((void*)0)); |
2361 | if (ret < 0) |
2362 | return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "gnutls_handshake.c", 2362); |
2363 | } |
2364 | |
2365 | if (session->security_parameters.entity == GNUTLS_CLIENT(1<<1)) |
2366 | { |
2367 | do |
2368 | { |
2369 | ret = _gnutls_handshake_client (session); |
2370 | } while (ret == 1); |
2371 | } |
2372 | else |
2373 | { |
2374 | ret = _gnutls_handshake_server (session); |
2375 | } |
2376 | if (ret < 0) |
2377 | { |
2378 | /* In the case of a rehandshake abort |
2379 | * we should reset the handshake's internal state. |
2380 | */ |
2381 | if (_gnutls_abort_handshake (session, ret) == 0) |
2382 | STATEsession->internals.handshake_state = STATE0; |
2383 | |
2384 | return ret; |
2385 | } |
2386 | |
2387 | ret = _gnutls_handshake_common (session); |
2388 | |
2389 | if (ret < 0) |
2390 | { |
2391 | if (_gnutls_abort_handshake (session, ret) == 0) |
2392 | STATEsession->internals.handshake_state = STATE0; |
2393 | |
2394 | return ret; |
2395 | } |
2396 | |
2397 | STATEsession->internals.handshake_state = STATE0; |
2398 | |
2399 | if (IS_DTLS(session)(session->internals.transport == GNUTLS_DGRAM)==0) |
2400 | { |
2401 | _gnutls_handshake_io_buffer_clear (session)_mbuffer_head_clear( &session->internals.handshake_send_buffer ); _gnutls_handshake_recv_buffer_clear( session);; |
2402 | } |
2403 | else |
2404 | { |
2405 | _dtls_async_timer_init(session); |
2406 | } |
2407 | |
2408 | _gnutls_handshake_internal_state_clear (session); |
2409 | |
2410 | session->security_parameters.epoch_next++; |
2411 | |
2412 | return 0; |
2413 | } |
2414 | |
2415 | |
2416 | #define IMED_RET( str, ret, allow_alert)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (allow_alert != 0 && ret==-16) return ret; do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2416); } while(0 );; ; _gnutls_handshake_hash_buffers_clear(session); return ret ; } } while (0) do { \ |
2417 | if (ret < 0) { \ |
2418 | /* EAGAIN and INTERRUPTED are always non-fatal */ \ |
2419 | if (ret == GNUTLS_E_AGAIN-28 || ret == GNUTLS_E_INTERRUPTED-52) \ |
2420 | return ret; \ |
2421 | /* a warning alert might interrupt handshake */ \ |
2422 | if (allow_alert != 0 && ret==GNUTLS_E_WARNING_ALERT_RECEIVED-16) return ret; \ |
2423 | gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2423); } while(0 );; \ |
2424 | ERR( str, ret); \ |
2425 | _gnutls_handshake_hash_buffers_clear(session); \ |
2426 | return ret; \ |
2427 | } } while (0) |
2428 | |
2429 | |
2430 | |
2431 | /* |
2432 | * _gnutls_handshake_client |
2433 | * This function performs the client side of the handshake of the TLS/SSL protocol. |
2434 | */ |
2435 | int |
2436 | _gnutls_handshake_client (gnutls_session_t session) |
2437 | { |
2438 | int ret = 0; |
2439 | |
2440 | #ifdef HANDSHAKE_DEBUG |
2441 | char buf[64]; |
2442 | |
2443 | if (session->internals.resumed_security_parameters.session_id_size > 0) |
2444 | _gnutls_handshake_log ("HSK[%p]: Ask to resume: %s\n", session,do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Ask to resume: %s\n", session, _gnutls_bin2hex (session-> internals.resumed_security_parameters.session_id , session-> internals.resumed_security_parameters.session_id_size , buf, sizeof (buf), ((void*)0))); } while(0) |
2445 | _gnutls_bin2hex (session->do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Ask to resume: %s\n", session, _gnutls_bin2hex (session-> internals.resumed_security_parameters.session_id , session-> internals.resumed_security_parameters.session_id_size , buf, sizeof (buf), ((void*)0))); } while(0) |
2446 | internals.resumed_security_parameters.session_id,do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Ask to resume: %s\n", session, _gnutls_bin2hex (session-> internals.resumed_security_parameters.session_id , session-> internals.resumed_security_parameters.session_id_size , buf, sizeof (buf), ((void*)0))); } while(0) |
2447 | session->do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Ask to resume: %s\n", session, _gnutls_bin2hex (session-> internals.resumed_security_parameters.session_id , session-> internals.resumed_security_parameters.session_id_size , buf, sizeof (buf), ((void*)0))); } while(0) |
2448 | internals.resumed_security_parameters.session_id_size,do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Ask to resume: %s\n", session, _gnutls_bin2hex (session-> internals.resumed_security_parameters.session_id , session-> internals.resumed_security_parameters.session_id_size , buf, sizeof (buf), ((void*)0))); } while(0) |
2449 | buf, sizeof (buf), NULL))do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Ask to resume: %s\n", session, _gnutls_bin2hex (session-> internals.resumed_security_parameters.session_id , session-> internals.resumed_security_parameters.session_id_size , buf, sizeof (buf), ((void*)0))); } while(0); |
2450 | #endif |
2451 | |
2452 | switch (STATEsession->internals.handshake_state) |
2453 | { |
2454 | case STATE0: |
2455 | case STATE1: |
2456 | ret = _gnutls_send_hello (session, AGAIN (STATE1)(session->internals.handshake_state==STATE1?1:0)); |
2457 | STATEsession->internals.handshake_state = STATE1; |
2458 | IMED_RET ("send hello", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2458); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2459 | |
2460 | case STATE11: |
2461 | if (IS_DTLS (session)(session->internals.transport == GNUTLS_DGRAM)) |
2462 | { |
2463 | ret = |
2464 | _gnutls_recv_handshake (session, |
2465 | GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST, |
2466 | OPTIONAL_PACKET, NULL((void*)0)); |
2467 | STATEsession->internals.handshake_state = STATE11; |
2468 | IMED_RET ("recv hello verify", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2468); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2469 | |
2470 | if (ret == 1) |
2471 | { |
2472 | STATEsession->internals.handshake_state = STATE0; |
2473 | return 1; |
2474 | } |
2475 | } |
2476 | case STATE2: |
2477 | /* receive the server hello */ |
2478 | ret = |
2479 | _gnutls_recv_handshake (session, |
2480 | GNUTLS_HANDSHAKE_SERVER_HELLO, |
2481 | MANDATORY_PACKET, NULL((void*)0)); |
2482 | STATEsession->internals.handshake_state = STATE2; |
2483 | IMED_RET ("recv hello", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2483); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2484 | |
2485 | case STATE70: |
2486 | if (session->security_parameters.do_recv_supplemental) |
2487 | { |
2488 | ret = _gnutls_recv_supplemental (session); |
2489 | STATEsession->internals.handshake_state = STATE70; |
2490 | IMED_RET ("recv supplemental", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2490); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2491 | } |
2492 | |
2493 | case STATE3: |
2494 | /* RECV CERTIFICATE */ |
2495 | if (session->internals.resumed == RESUME_FALSE0) /* if we are not resuming */ |
2496 | ret = _gnutls_recv_server_certificate (session); |
2497 | STATEsession->internals.handshake_state = STATE3; |
2498 | IMED_RET ("recv server certificate", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2498); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2499 | |
2500 | case STATE4: |
2501 | /* receive the server key exchange */ |
2502 | if (session->internals.resumed == RESUME_FALSE0) /* if we are not resuming */ |
2503 | ret = _gnutls_recv_server_kx_message (session); |
2504 | STATEsession->internals.handshake_state = STATE4; |
2505 | IMED_RET ("recv server kx message", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2505); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2506 | |
2507 | case STATE5: |
2508 | /* receive the server certificate request - if any |
2509 | */ |
2510 | |
2511 | if (session->internals.resumed == RESUME_FALSE0) /* if we are not resuming */ |
2512 | ret = _gnutls_recv_server_certificate_request (session); |
2513 | STATEsession->internals.handshake_state = STATE5; |
2514 | IMED_RET ("recv server certificate request message", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2514); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2515 | |
2516 | case STATE6: |
2517 | /* receive the server hello done */ |
2518 | if (session->internals.resumed == RESUME_FALSE0) /* if we are not resuming */ |
2519 | ret = |
2520 | _gnutls_recv_handshake (session, |
2521 | GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, |
2522 | MANDATORY_PACKET, NULL((void*)0)); |
2523 | STATEsession->internals.handshake_state = STATE6; |
2524 | IMED_RET ("recv server hello done", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2524); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2525 | case STATE71: |
2526 | if (session->security_parameters.do_send_supplemental) |
2527 | { |
2528 | ret = _gnutls_send_supplemental (session, AGAIN (STATE71)(session->internals.handshake_state==STATE71?1:0)); |
2529 | STATEsession->internals.handshake_state = STATE71; |
2530 | IMED_RET ("send supplemental", ret, 0)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (0 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2530); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2531 | } |
2532 | |
2533 | case STATE7: |
2534 | /* send our certificate - if any and if requested |
2535 | */ |
2536 | if (session->internals.resumed == RESUME_FALSE0) /* if we are not resuming */ |
2537 | ret = _gnutls_send_client_certificate (session, AGAIN (STATE7)(session->internals.handshake_state==STATE7?1:0)); |
2538 | STATEsession->internals.handshake_state = STATE7; |
2539 | IMED_RET ("send client certificate", ret, 0)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (0 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2539); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2540 | |
2541 | case STATE8: |
2542 | if (session->internals.resumed == RESUME_FALSE0) /* if we are not resuming */ |
2543 | ret = _gnutls_send_client_kx_message (session, AGAIN (STATE8)(session->internals.handshake_state==STATE8?1:0)); |
2544 | STATEsession->internals.handshake_state = STATE8; |
2545 | IMED_RET ("send client kx", ret, 0)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (0 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2545); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2546 | |
2547 | case STATE9: |
2548 | /* send client certificate verify */ |
2549 | if (session->internals.resumed == RESUME_FALSE0) /* if we are not resuming */ |
2550 | ret = |
2551 | _gnutls_send_client_certificate_verify (session, AGAIN (STATE9)(session->internals.handshake_state==STATE9?1:0)); |
2552 | STATEsession->internals.handshake_state = STATE9; |
2553 | IMED_RET ("send client certificate verify", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2553); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2554 | |
2555 | STATEsession->internals.handshake_state = STATE0; |
2556 | default: |
2557 | break; |
2558 | } |
2559 | |
2560 | |
2561 | return 0; |
2562 | } |
2563 | |
2564 | |
2565 | |
2566 | /* This function is to be called if the handshake was successfully |
2567 | * completed. This sends a Change Cipher Spec packet to the peer. |
2568 | */ |
2569 | static ssize_t |
2570 | send_change_cipher_spec (gnutls_session_t session, int again) |
2571 | { |
2572 | opaque* data; |
2573 | mbuffer_st * bufel; |
2574 | int ret; |
2575 | |
2576 | if (again == 0) |
2577 | { |
2578 | bufel = _gnutls_handshake_alloc (session, 1, 1); |
2579 | if (bufel == NULL((void*)0)) |
2580 | return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR)gnutls_assert_val_int(-25, "gnutls_handshake.c", 2580); |
2581 | |
2582 | _mbuffer_set_uhead_size(bufel, 1); |
2583 | _mbuffer_set_udata_size(bufel, 0); |
2584 | |
2585 | data = _mbuffer_get_uhead_ptr (bufel); |
2586 | |
2587 | data[0] = 1; |
2588 | |
2589 | ret = _gnutls_handshake_io_cache_int (session, GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC, bufel); |
2590 | if (ret < 0) |
2591 | { |
2592 | _mbuffer_xfree(&bufel); |
2593 | return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "gnutls_handshake.c", 2593); |
2594 | } |
2595 | |
2596 | _gnutls_handshake_log ("REC[%p]: Sent ChangeCipherSpec\n", session)do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "REC[%p]: Sent ChangeCipherSpec\n", session); } while(0); |
2597 | } |
2598 | |
2599 | return 0; |
2600 | } |
2601 | |
2602 | /* This function sends the final handshake packets and initializes connection |
2603 | */ |
2604 | static int |
2605 | _gnutls_send_handshake_final (gnutls_session_t session, int init) |
2606 | { |
2607 | int ret = 0; |
2608 | |
2609 | /* Send the CHANGE CIPHER SPEC PACKET */ |
2610 | |
2611 | switch (STATEsession->internals.handshake_state) |
2612 | { |
2613 | case STATE0: |
2614 | case STATE20: |
2615 | ret = send_change_cipher_spec (session, AGAIN (STATE20)(session->internals.handshake_state==STATE20?1:0)); |
2616 | STATEsession->internals.handshake_state = STATE0; |
2617 | |
2618 | if (ret < 0) |
2619 | { |
2620 | ERR ("send ChangeCipherSpec", ret); |
2621 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2621); } while(0 );; |
2622 | return ret; |
2623 | } |
2624 | /* Initialize the connection session (start encryption) - in case of client |
2625 | */ |
2626 | if (init == TRUE1) |
2627 | { |
2628 | ret = _gnutls_connection_state_init (session); |
2629 | if (ret < 0) |
2630 | { |
2631 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2631); } while(0 );; |
2632 | return ret; |
2633 | } |
2634 | } |
2635 | |
2636 | ret = _gnutls_write_connection_state_init (session); |
2637 | if (ret < 0) |
2638 | { |
2639 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2639); } while(0 );; |
2640 | return ret; |
2641 | } |
2642 | |
2643 | case STATE21: |
2644 | /* send the finished message */ |
2645 | ret = _gnutls_send_finished (session, AGAIN (STATE21)(session->internals.handshake_state==STATE21?1:0)); |
2646 | STATEsession->internals.handshake_state = STATE21; |
2647 | if (ret < 0) |
2648 | { |
2649 | ERR ("send Finished", ret); |
2650 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2650); } while(0 );; |
2651 | return ret; |
2652 | } |
2653 | |
2654 | STATEsession->internals.handshake_state = STATE0; |
2655 | default: |
2656 | break; |
2657 | } |
2658 | |
2659 | return 0; |
2660 | } |
2661 | |
2662 | /* This function receives the final handshake packets |
2663 | * And executes the appropriate function to initialize the |
2664 | * read session. |
2665 | */ |
2666 | static int |
2667 | _gnutls_recv_handshake_final (gnutls_session_t session, int init) |
2668 | { |
2669 | int ret = 0; |
2670 | uint8_t ch; |
2671 | |
2672 | switch (STATEsession->internals.handshake_state) |
2673 | { |
2674 | case STATE0: |
2675 | case STATE30: |
2676 | ret = _gnutls_recv_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, 1, NULL((void*)0)); |
2677 | STATEsession->internals.handshake_state = STATE30; |
2678 | if (ret <= 0) |
2679 | { |
2680 | ERR ("recv ChangeCipherSpec", ret); |
2681 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2681); } while(0 );; |
2682 | return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH-9; |
2683 | } |
2684 | |
2685 | /* Initialize the connection session (start encryption) - in case of server */ |
2686 | if (init == TRUE1) |
2687 | { |
2688 | ret = _gnutls_connection_state_init (session); |
2689 | if (ret < 0) |
2690 | { |
2691 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2691); } while(0 );; |
2692 | return ret; |
2693 | } |
2694 | } |
2695 | |
2696 | ret = _gnutls_read_connection_state_init (session); |
2697 | if (ret < 0) |
2698 | { |
2699 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2699); } while(0 );; |
2700 | return ret; |
2701 | } |
2702 | |
2703 | case STATE31: |
2704 | ret = _gnutls_recv_finished (session); |
2705 | STATEsession->internals.handshake_state = STATE31; |
2706 | if (ret < 0) |
2707 | { |
2708 | ERR ("recv finished", ret); |
2709 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2709); } while(0 );; |
2710 | return ret; |
2711 | } |
2712 | STATEsession->internals.handshake_state = STATE0; |
2713 | default: |
2714 | break; |
2715 | } |
2716 | |
2717 | |
2718 | return 0; |
2719 | } |
2720 | |
2721 | /* |
2722 | * _gnutls_handshake_server |
2723 | * This function does the server stuff of the handshake protocol. |
2724 | */ |
2725 | int |
2726 | _gnutls_handshake_server (gnutls_session_t session) |
2727 | { |
2728 | int ret = 0; |
2729 | |
2730 | switch (STATEsession->internals.handshake_state) |
2731 | { |
2732 | case STATE0: |
2733 | case STATE1: |
2734 | ret = |
2735 | _gnutls_recv_handshake (session, |
2736 | GNUTLS_HANDSHAKE_CLIENT_HELLO, |
2737 | MANDATORY_PACKET, NULL((void*)0)); |
2738 | STATEsession->internals.handshake_state = STATE1; |
2739 | IMED_RET ("recv hello", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2739); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2740 | |
2741 | case STATE2: |
2742 | ret = _gnutls_send_hello (session, AGAIN (STATE2)(session->internals.handshake_state==STATE2?1:0)); |
2743 | STATEsession->internals.handshake_state = STATE2; |
2744 | IMED_RET ("send hello", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2744); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2745 | |
2746 | case STATE70: |
2747 | if (session->security_parameters.do_send_supplemental) |
2748 | { |
2749 | ret = _gnutls_send_supplemental (session, AGAIN (STATE70)(session->internals.handshake_state==STATE70?1:0)); |
2750 | STATEsession->internals.handshake_state = STATE70; |
2751 | IMED_RET ("send supplemental data", ret, 0)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (0 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2751); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2752 | } |
2753 | |
2754 | /* SEND CERTIFICATE + KEYEXCHANGE + CERTIFICATE_REQUEST */ |
2755 | case STATE3: |
2756 | /* NOTE: these should not be send if we are resuming */ |
2757 | |
2758 | if (session->internals.resumed == RESUME_FALSE0) |
2759 | ret = _gnutls_send_server_certificate (session, AGAIN (STATE3)(session->internals.handshake_state==STATE3?1:0)); |
2760 | STATEsession->internals.handshake_state = STATE3; |
2761 | IMED_RET ("send server certificate", ret, 0)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (0 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2761); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2762 | |
2763 | case STATE4: |
2764 | /* send server key exchange (A) */ |
2765 | if (session->internals.resumed == RESUME_FALSE0) |
2766 | ret = _gnutls_send_server_kx_message (session, AGAIN (STATE4)(session->internals.handshake_state==STATE4?1:0)); |
2767 | STATEsession->internals.handshake_state = STATE4; |
2768 | IMED_RET ("send server kx", ret, 0)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (0 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2768); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2769 | |
2770 | case STATE5: |
2771 | /* Send certificate request - if requested to */ |
2772 | if (session->internals.resumed == RESUME_FALSE0) |
2773 | ret = |
2774 | _gnutls_send_server_certificate_request (session, AGAIN (STATE5)(session->internals.handshake_state==STATE5?1:0)); |
2775 | STATEsession->internals.handshake_state = STATE5; |
2776 | IMED_RET ("send server cert request", ret, 0)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (0 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2776); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2777 | |
2778 | case STATE6: |
2779 | /* send the server hello done */ |
2780 | if (session->internals.resumed == RESUME_FALSE0) /* if we are not resuming */ |
2781 | ret = |
2782 | _gnutls_send_empty_handshake (session, |
2783 | GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, |
2784 | AGAIN (STATE6)(session->internals.handshake_state==STATE6?1:0)); |
2785 | STATEsession->internals.handshake_state = STATE6; |
2786 | IMED_RET ("send server hello done", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2786); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2787 | |
2788 | case STATE71: |
2789 | if (session->security_parameters.do_recv_supplemental) |
2790 | { |
2791 | ret = _gnutls_recv_supplemental (session); |
2792 | STATEsession->internals.handshake_state = STATE71; |
2793 | IMED_RET ("recv client supplemental", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2793); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2794 | } |
2795 | |
2796 | /* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */ |
2797 | case STATE7: |
2798 | /* receive the client certificate message */ |
2799 | if (session->internals.resumed == RESUME_FALSE0) /* if we are not resuming */ |
2800 | ret = _gnutls_recv_client_certificate (session); |
2801 | STATEsession->internals.handshake_state = STATE7; |
2802 | IMED_RET ("recv client certificate", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2802); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2803 | |
2804 | case STATE8: |
2805 | /* receive the client key exchange message */ |
2806 | if (session->internals.resumed == RESUME_FALSE0) /* if we are not resuming */ |
2807 | ret = _gnutls_recv_client_kx_message (session); |
2808 | STATEsession->internals.handshake_state = STATE8; |
2809 | IMED_RET ("recv client kx", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2809); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2810 | |
2811 | case STATE9: |
2812 | /* receive the client certificate verify message */ |
2813 | if (session->internals.resumed == RESUME_FALSE0) /* if we are not resuming */ |
2814 | ret = _gnutls_recv_client_certificate_verify_message (session); |
2815 | STATEsession->internals.handshake_state = STATE9; |
2816 | IMED_RET ("recv client certificate verify", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2816); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2817 | |
2818 | STATEsession->internals.handshake_state = STATE0; /* finished thus clear session */ |
2819 | default: |
2820 | break; |
2821 | } |
2822 | |
2823 | return 0; |
2824 | } |
2825 | |
2826 | int |
2827 | _gnutls_handshake_common (gnutls_session_t session) |
2828 | { |
2829 | int ret = 0; |
2830 | |
2831 | /* send and recv the change cipher spec and finished messages */ |
2832 | if ((session->internals.resumed != RESUME_FALSE0 |
2833 | && session->security_parameters.entity == GNUTLS_CLIENT(1<<1)) |
2834 | || (session->internals.resumed == RESUME_FALSE0 |
2835 | && session->security_parameters.entity == GNUTLS_SERVER1)) |
2836 | { |
2837 | /* if we are a client resuming - or we are a server not resuming */ |
2838 | ret = _gnutls_recv_handshake_final (session, TRUE1); |
2839 | IMED_RET ("recv handshake final", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2839); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2840 | |
2841 | switch (STATEsession->internals.handshake_state) |
2842 | { |
2843 | case STATE0: |
2844 | case STATE40: |
2845 | ret = _gnutls_send_new_session_ticket (session, AGAIN (STATE40)(session->internals.handshake_state==STATE40?1:0)); |
2846 | STATEsession->internals.handshake_state = STATE40; |
2847 | IMED_RET ("send handshake new session ticket", ret, 0)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (0 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2847); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2848 | STATEsession->internals.handshake_state = STATE0; |
2849 | default: |
2850 | break; |
2851 | } |
2852 | |
2853 | ret = _gnutls_send_handshake_final (session, FALSE0); |
2854 | IMED_RET ("send handshake final", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2854); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2855 | |
2856 | /* only store if we are not resuming a session and we didn't previously send a ticket |
2857 | */ |
2858 | if (session->security_parameters.entity == GNUTLS_SERVER1 && session->internals.ticket_sent == 0) |
2859 | { |
2860 | /* in order to support session resuming */ |
2861 | _gnutls_server_register_current_session (session); |
2862 | } |
2863 | } |
2864 | else |
2865 | { /* if we are a client not resuming - or we are a server resuming */ |
2866 | |
2867 | ret = _gnutls_send_handshake_final (session, TRUE1); |
2868 | IMED_RET ("send handshake final 2", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2868); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2869 | |
2870 | switch (STATEsession->internals.handshake_state) |
2871 | { |
2872 | case STATE0: |
2873 | case STATE41: |
2874 | ret = _gnutls_recv_new_session_ticket (session); |
2875 | STATEsession->internals.handshake_state = STATE41; |
2876 | IMED_RET ("recv handshake new session ticket", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2876); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2877 | STATEsession->internals.handshake_state = STATE0; |
2878 | default: |
2879 | break; |
2880 | } |
2881 | |
2882 | ret = _gnutls_recv_handshake_final (session, FALSE0); |
2883 | IMED_RET ("recv handshake final 2", ret, 1)do { if (ret < 0) { if (ret == -28 || ret == -52) return ret ; if (1 != 0 && ret==-16) return ret; do { if (__builtin_expect ((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n" , "gnutls_handshake.c",2883); } while(0);; ; _gnutls_handshake_hash_buffers_clear (session); return ret; } } while (0); |
2884 | |
2885 | } |
2886 | |
2887 | |
2888 | /* clear handshake buffer */ |
2889 | _gnutls_handshake_hash_buffers_clear (session); |
2890 | return ret; |
2891 | |
2892 | } |
2893 | |
2894 | int |
2895 | _gnutls_generate_session_id (opaque * session_id, uint8_t * len) |
2896 | { |
2897 | int ret; |
2898 | |
2899 | *len = TLS_MAX_SESSION_ID_SIZE32; |
2900 | |
2901 | ret = _gnutls_rnd (GNUTLS_RND_NONCE, session_id, *len); |
2902 | if (ret < 0) |
2903 | { |
2904 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2904); } while(0 );; |
2905 | return ret; |
2906 | } |
2907 | |
2908 | return 0; |
2909 | } |
2910 | |
2911 | int |
2912 | _gnutls_recv_hello_request (gnutls_session_t session, void *data, |
2913 | uint32_t data_size) |
2914 | { |
2915 | uint8_t type; |
2916 | |
2917 | if (session->security_parameters.entity == GNUTLS_SERVER1) |
2918 | { |
2919 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2919); } while(0 );; |
2920 | return GNUTLS_E_UNEXPECTED_PACKET-15; |
2921 | } |
2922 | if (data_size < 1) |
2923 | { |
2924 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2924); } while(0 );; |
2925 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH-9; |
2926 | } |
2927 | type = ((uint8_t *) data)[0]; |
2928 | if (type == GNUTLS_HANDSHAKE_HELLO_REQUEST) |
2929 | return GNUTLS_E_REHANDSHAKE-37; |
2930 | else |
2931 | { |
2932 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",2932); } while(0 );; |
2933 | return GNUTLS_E_UNEXPECTED_PACKET-15; |
2934 | } |
2935 | } |
2936 | |
2937 | /* Returns 1 if the given KX has not the corresponding parameters |
2938 | * (DH or RSA) set up. Otherwise returns 0. |
2939 | */ |
2940 | inline static int |
2941 | check_server_params (gnutls_session_t session, |
2942 | gnutls_kx_algorithm_t kx, |
2943 | gnutls_kx_algorithm_t * alg, int alg_size) |
2944 | { |
2945 | int cred_type; |
2946 | gnutls_dh_params_t dh_params = NULL((void*)0); |
2947 | gnutls_rsa_params_t rsa_params = NULL((void*)0); |
2948 | int j; |
2949 | |
2950 | cred_type = _gnutls_map_kx_get_cred (kx, 1); |
2951 | |
2952 | /* Read the Diffie-Hellman parameters, if any. |
2953 | */ |
2954 | if (cred_type == GNUTLS_CRD_CERTIFICATE) |
2955 | { |
2956 | int delete; |
2957 | gnutls_certificate_credentials_t x509_cred = |
2958 | (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key, |
2959 | cred_type, NULL((void*)0)); |
2960 | |
2961 | if (x509_cred != NULL((void*)0)) |
2962 | { |
2963 | dh_params = |
2964 | _gnutls_get_dh_params (x509_cred->dh_params, |
2965 | x509_cred->params_func, session); |
2966 | rsa_params = |
2967 | _gnutls_certificate_get_rsa_params (x509_cred->rsa_params, |
2968 | x509_cred->params_func, |
2969 | session); |
2970 | } |
2971 | |
2972 | /* Check also if the certificate supports the |
2973 | * KX method. |
2974 | */ |
2975 | delete = 1; |
2976 | for (j = 0; j < alg_size; j++) |
2977 | { |
2978 | if (alg[j] == kx) |
2979 | { |
2980 | delete = 0; |
2981 | break; |
2982 | } |
2983 | } |
2984 | |
2985 | if (delete == 1) |
2986 | return 1; |
2987 | |
2988 | #ifdef ENABLE_ANON1 |
2989 | } |
2990 | else if (cred_type == GNUTLS_CRD_ANON) |
2991 | { |
2992 | gnutls_anon_server_credentials_t anon_cred = |
2993 | (gnutls_anon_server_credentials_t) _gnutls_get_cred (session->key, |
2994 | cred_type, NULL((void*)0)); |
2995 | |
2996 | if (anon_cred != NULL((void*)0)) |
2997 | { |
2998 | dh_params = |
2999 | _gnutls_get_dh_params (anon_cred->dh_params, |
3000 | anon_cred->params_func, session); |
3001 | } |
3002 | #endif |
3003 | #ifdef ENABLE_PSK1 |
3004 | } |
3005 | else if (cred_type == GNUTLS_CRD_PSK) |
3006 | { |
3007 | gnutls_psk_server_credentials_t psk_cred = |
3008 | (gnutls_psk_server_credentials_t) _gnutls_get_cred (session->key, |
3009 | cred_type, NULL((void*)0)); |
3010 | |
3011 | if (psk_cred != NULL((void*)0)) |
3012 | { |
3013 | dh_params = |
3014 | _gnutls_get_dh_params (psk_cred->dh_params, psk_cred->params_func, |
3015 | session); |
3016 | } |
3017 | #endif |
3018 | } |
3019 | else |
3020 | return 0; /* no need for params */ |
3021 | |
3022 | |
3023 | /* If the key exchange method needs RSA or DH params, |
3024 | * but they are not set then remove it. |
3025 | */ |
3026 | if (_gnutls_kx_needs_rsa_params (kx) != 0) |
3027 | { |
3028 | /* needs rsa params. */ |
3029 | if (_gnutls_rsa_params_to_mpi (rsa_params) == NULL((void*)0)) |
3030 | { |
3031 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",3031); } while(0 );; |
3032 | return 1; |
3033 | } |
3034 | } |
3035 | |
3036 | if (_gnutls_kx_needs_dh_params (kx) != 0) |
3037 | { |
3038 | /* needs DH params. */ |
3039 | if (_gnutls_dh_params_to_mpi (dh_params) == NULL((void*)0)) |
3040 | { |
3041 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",3041); } while(0 );; |
3042 | return 1; |
3043 | } |
3044 | } |
3045 | |
3046 | return 0; |
3047 | } |
3048 | |
3049 | /* This function will remove algorithms that are not supported by |
3050 | * the requested authentication method. We remove an algorithm if |
3051 | * we have a certificate with keyUsage bits set. |
3052 | * |
3053 | * This does a more high level check than gnutls_supported_ciphersuites(), |
3054 | * by checking certificates etc. |
3055 | */ |
3056 | static int |
3057 | _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, |
3058 | uint8_t * cipher_suites, |
3059 | int cipher_suites_size, |
3060 | gnutls_pk_algorithm_t *pk_algos, |
3061 | size_t pk_algos_size) |
3062 | { |
3063 | |
3064 | int ret = 0; |
3065 | int i, new_suites_size; |
3066 | gnutls_certificate_credentials_t cert_cred; |
3067 | gnutls_kx_algorithm_t kx; |
3068 | int server = session->security_parameters.entity == GNUTLS_SERVER1 ? 1 : 0; |
3069 | gnutls_kx_algorithm_t alg[MAX_ALGOS32]; |
3070 | int alg_size = MAX_ALGOS32; |
3071 | |
3072 | /* if we should use a specific certificate, |
3073 | * we should remove all algorithms that are not supported |
3074 | * by that certificate and are on the same authentication |
3075 | * method (CERTIFICATE). |
3076 | */ |
3077 | |
3078 | cert_cred = |
3079 | (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key, |
3080 | GNUTLS_CRD_CERTIFICATE, |
3081 | NULL((void*)0)); |
3082 | |
3083 | /* If there are certificate credentials, find an appropriate certificate |
3084 | * or disable them; |
3085 | */ |
3086 | if (session->security_parameters.entity == GNUTLS_SERVER1 |
3087 | && cert_cred != NULL((void*)0) && pk_algos_size > 0) |
3088 | { |
3089 | ret = _gnutls_server_select_cert (session, pk_algos, pk_algos_size); |
3090 | if (ret < 0) |
3091 | { |
3092 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",3092); } while(0 );; |
3093 | _gnutls_debug_log ("Could not find an appropriate certificate: %s\n",do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "Could not find an appropriate certificate: %s\n", gnutls_strerror (ret)); } while(0) |
3094 | gnutls_strerror (ret))do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "Could not find an appropriate certificate: %s\n", gnutls_strerror (ret)); } while(0); |
3095 | } |
3096 | } |
3097 | |
3098 | /* get all the key exchange algorithms that are |
3099 | * supported by the X509 certificate parameters. |
3100 | */ |
3101 | if ((ret = |
3102 | _gnutls_selected_cert_supported_kx (session, alg, &alg_size)) < 0) |
3103 | { |
3104 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "gnutls_handshake.c",3104); } while(0 );; |
3105 | return ret; |
3106 | } |
3107 | |
3108 | new_suites_size = 0; |
3109 | |
3110 | /* now removes ciphersuites based on the KX algorithm |
3111 | */ |
3112 | for (i = 0; i < cipher_suites_size; i+=2) |
3113 | { |
3114 | int delete = 0; |
3115 | |
3116 | /* finds the key exchange algorithm in |
3117 | * the ciphersuite |
3118 | */ |
3119 | kx = _gnutls_cipher_suite_get_kx_algo (&cipher_suites[i]); |
3120 | |
3121 | /* if it is defined but had no credentials |
3122 | */ |
3123 | if (_gnutls_get_kx_cred (session, kx, NULL((void*)0)) == NULL((void*)0)) |
3124 | { |
3125 | delete = 1; |
3126 | } |
3127 | else |
3128 | { |
3129 | delete = 0; |
3130 | |
3131 | if (server) |
3132 | delete = check_server_params (session, kx, alg, alg_size); |
3133 | } |
3134 | |
3135 | /* If we have not agreed to a common curve with the peer don't bother |
3136 | * negotiating ECDH. |
3137 | */ |
3138 | if (server != 0 && _gnutls_kx_is_ecc(kx)) |
3139 | { |
3140 | if (_gnutls_session_ecc_curve_get(session) == GNUTLS_ECC_CURVE_INVALID) |
3141 | { |
3142 | delete = 1; |
3143 | } |
3144 | } |
3145 | |
3146 | /* These two SRP kx's are marked to require a CRD_CERTIFICATE, |
3147 | (see cred_mappings in gnutls_algorithms.c), but it also |
3148 | requires a SRP credential. Don't use SRP kx unless we have a |
3149 | SRP credential too. */ |
3150 | if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS) |
3151 | { |
3152 | if (!_gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL((void*)0))) |
3153 | { |
3154 | delete = 1; |
3155 | } |
3156 | } |
3157 | |
3158 | if (delete == 0) |
3159 | { |
3160 | |
3161 | _gnutls_handshake_log ("HSK[%p]: Keeping ciphersuite: %s\n",do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Keeping ciphersuite: %s\n", session, _gnutls_cipher_suite_get_name (&cipher_suites[i])); } while(0) |
3162 | session,do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Keeping ciphersuite: %s\n", session, _gnutls_cipher_suite_get_name (&cipher_suites[i])); } while(0) |
3163 | _gnutls_cipher_suite_get_name (&cipher_suites[i]))do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Keeping ciphersuite: %s\n", session, _gnutls_cipher_suite_get_name (&cipher_suites[i])); } while(0); |
3164 | |
3165 | if (i != new_suites_size) |
3166 | memmove( &cipher_suites[new_suites_size], &cipher_suites[i], 2); |
3167 | new_suites_size+=2; |
3168 | } |
3169 | else |
3170 | { |
3171 | _gnutls_handshake_log ("HSK[%p]: Removing ciphersuite: %s\n",do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Removing ciphersuite: %s\n", session, _gnutls_cipher_suite_get_name (&cipher_suites[i])); } while(0) |
3172 | session,do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Removing ciphersuite: %s\n", session, _gnutls_cipher_suite_get_name (&cipher_suites[i])); } while(0) |
3173 | _gnutls_cipher_suite_get_name (&cipher_suites[i]))do { if (__builtin_expect((_gnutls_log_level >= 3), 0)) _gnutls_log ( 3, "HSK[%p]: Removing ciphersuite: %s\n", session, _gnutls_cipher_suite_get_name (&cipher_suites[i])); } while(0); |
3174 | |
3175 | } |
3176 | } |
3177 | |
3178 | ret = new_suites_size; |
3179 | |
3180 | return ret; |
3181 | |
3182 | } |
3183 | |
3184 | /** |
3185 | * gnutls_handshake_set_max_packet_length: |
3186 | * @session: is a #gnutls_session_t structure. |
3187 | * @max: is the maximum number. |
3188 | * |
3189 | * This function will set the maximum size of all handshake messages. |
3190 | * Handshakes over this size are rejected with |
3191 | * %GNUTLS_E_HANDSHAKE_TOO_LARGE error code. The default value is |
3192 | * 48kb which is typically large enough. Set this to 0 if you do not |
3193 | * want to set an upper limit. |
3194 | * |
3195 | * The reason for restricting the handshake message sizes are to |
3196 | * limit Denial of Service attacks. |
3197 | **/ |
3198 | void |
3199 | gnutls_handshake_set_max_packet_length (gnutls_session_t session, size_t max) |
3200 | { |
3201 | session->internals.max_handshake_data_buffer_size = max; |
3202 | } |
3203 | |
3204 | void |
3205 | _gnutls_set_adv_version (gnutls_session_t session, gnutls_protocol_t ver) |
3206 | { |
3207 | set_adv_version (session, _gnutls_version_get_major (ver),session->internals.adv_version_major = _gnutls_version_get_major (ver); session->internals.adv_version_minor = _gnutls_version_get_minor (ver) |
3208 | _gnutls_version_get_minor (ver))session->internals.adv_version_major = _gnutls_version_get_major (ver); session->internals.adv_version_minor = _gnutls_version_get_minor (ver); |
3209 | } |
3210 | |
3211 | gnutls_protocol_t |
3212 | _gnutls_get_adv_version (gnutls_session_t session) |
3213 | { |
3214 | return _gnutls_version_get (_gnutls_get_adv_version_major (session)session->internals.adv_version_major, |
3215 | _gnutls_get_adv_version_minor (session)session->internals.adv_version_minor); |
3216 | } |
3217 | |
3218 | /** |
3219 | * gnutls_handshake_get_last_in: |
3220 | * @session: is a #gnutls_session_t structure. |
3221 | * |
3222 | * This function is only useful to check where the last performed |
3223 | * handshake failed. If the previous handshake succeed or was not |
3224 | * performed at all then no meaningful value will be returned. |
3225 | * |
3226 | * Check %gnutls_handshake_description_t in gnutls.h for the |
3227 | * available handshake descriptions. |
3228 | * |
3229 | * Returns: the last handshake message type received, a |
3230 | * %gnutls_handshake_description_t. |
3231 | **/ |
3232 | gnutls_handshake_description_t |
3233 | gnutls_handshake_get_last_in (gnutls_session_t session) |
3234 | { |
3235 | return session->internals.last_handshake_in; |
3236 | } |
3237 | |
3238 | /** |
3239 | * gnutls_handshake_get_last_out: |
3240 | * @session: is a #gnutls_session_t structure. |
3241 | * |
3242 | * This function is only useful to check where the last performed |
3243 | * handshake failed. If the previous handshake succeed or was not |
3244 | * performed at all then no meaningful value will be returned. |
3245 | * |
3246 | * Check %gnutls_handshake_description_t in gnutls.h for the |
3247 | * available handshake descriptions. |
3248 | * |
3249 | * Returns: the last handshake message type sent, a |
3250 | * %gnutls_handshake_description_t. |
3251 | **/ |
3252 | gnutls_handshake_description_t |
3253 | gnutls_handshake_get_last_out (gnutls_session_t session) |
3254 | { |
3255 | return session->internals.last_handshake_out; |
3256 | } |