gnutls-commit
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, gnutls_2_8_x, updated. gnutls_2_8_4-14-g15b31cf


From: Nikos Mavrogiannopoulos
Subject: [SCM] GNU gnutls branch, gnutls_2_8_x, updated. gnutls_2_8_4-14-g15b31cf
Date: Sun, 01 Nov 2009 10:01:20 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=15b31cfc7888aafb4135fb1bc92c710eeaebb4c0

The branch, gnutls_2_8_x has been updated
       via  15b31cfc7888aafb4135fb1bc92c710eeaebb4c0 (commit)
      from  6fe6e1d8419dec5de8e9883766d58fdf4d12eae3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 15b31cfc7888aafb4135fb1bc92c710eeaebb4c0
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun Nov 1 11:42:07 2009 +0200

    1. Fix for memory leaks on interrupted handshake.
    2. Fixes issue where a TLS 1.2 client will wrongly calculate hashes if the 
server will select a different than 1.2 protocol.
    3. In TLS 1.2 when a certificate request is sent, support is not complete. 
In that case abort the handshake. By checking
    TLS 1.2 it seems that the algorithms to be used for the signature in the 
certificate verify message are negotiated not at
    the client/server hello messages but rather selected by the server at the 
certificate request. This might not look as bad, but
    since in this message we have to sign all previous handshake messages, it 
forces us to keep all the handshake messages into a
    buffer until this point... I don't know who proposed this change to the TLS 
WG, but it seems it wasn't really thought of.

-----------------------------------------------------------------------

Summary of changes:
 lib/gnutls_buffers.c   |   22 +----
 lib/gnutls_buffers.h   |    2 -
 lib/gnutls_cipher.c    |   11 ++
 lib/gnutls_handshake.c |  291 +++++++++++++++++++++++++++++++-----------------
 lib/gnutls_handshake.h |    2 +
 lib/gnutls_hash_int.c  |   27 ++++-
 lib/gnutls_hash_int.h  |    1 +
 lib/gnutls_int.h       |   25 ++++-
 lib/gnutls_sig.c       |   23 +++-
 lib/gnutls_state.c     |   15 ++-
 10 files changed, 280 insertions(+), 139 deletions(-)

diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index a8b68e3..0998123 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -1068,8 +1068,7 @@ _gnutls_handshake_buffer_put (gnutls_session_t session, 
opaque * data,
       return GNUTLS_E_HANDSHAKE_TOO_LARGE;
     }
 
-  _gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data\n", length);
-
+  _gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data\n", (int)length);
   if (_gnutls_buffer_append (&session->internals.handshake_hash_buffer,
                             data, length) < 0)
     {
@@ -1091,24 +1090,6 @@ _gnutls_handshake_buffer_get_size (gnutls_session_t 
session)
  * and returns data from it (peek mode!)
  */
 int
-_gnutls_handshake_buffer_peek (gnutls_session_t session, opaque * data,
-                              size_t length)
-{
-  if (length > session->internals.handshake_hash_buffer.length)
-    {
-      length = session->internals.handshake_hash_buffer.length;
-    }
-
-  _gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", length);
-
-  memcpy (data, session->internals.handshake_hash_buffer.data, length);
-  return length;
-}
-
-/* this function does not touch the buffer
- * and returns data from it (peek mode!)
- */
-int
 _gnutls_handshake_buffer_get_ptr (gnutls_session_t session,
                                  opaque ** data_ptr, size_t * length)
 {
@@ -1142,7 +1123,6 @@ _gnutls_handshake_buffer_clear (gnutls_session_t session)
 {
 
   _gnutls_buffers_log ("BUF[HSK]: Cleared Data from buffer\n");
-
   _gnutls_buffer_clear (&session->internals.handshake_hash_buffer);
 
   return 0;
diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h
index b21ac5b..a8ffa7d 100644
--- a/lib/gnutls_buffers.h
+++ b/lib/gnutls_buffers.h
@@ -41,8 +41,6 @@ ssize_t _gnutls_io_write_buffered2 (gnutls_session_t, const 
void *iptr,
                                    size_t n, const void *iptr2, size_t n2);
 
 int _gnutls_handshake_buffer_get_size (gnutls_session_t session);
-int _gnutls_handshake_buffer_peek (gnutls_session_t session, opaque * data,
-                                  size_t length);
 int _gnutls_handshake_buffer_put (gnutls_session_t session, opaque * data,
                                  size_t length);
 int _gnutls_handshake_buffer_clear (gnutls_session_t session);
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 8defc2b..660d58b 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -418,6 +418,10 @@ _gnutls_compressed2ciphertext (gnutls_session_t session,
   return length;
 }
 
+#define DEINIT_MAC(td, ver, algo) \
+          if (algo != GNUTLS_MAC_NULL) \
+            mac_deinit (&td, NULL, ver);
+
 /* Deciphers the ciphertext packet, and puts the result to compress_data, of 
compress_size.
  * Returns the actual compressed packet size.
  */
@@ -473,6 +477,9 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
                                   ciphertext.size)) < 0)
        {
          gnutls_assert ();
+         DEINIT_MAC(td, ver, session->security_parameters.write_mac_algorithm);
+
+
          return ret;
        }
 
@@ -483,6 +490,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
       if ((ciphertext.size < blocksize) || (ciphertext.size % blocksize != 0))
        {
          gnutls_assert ();
+         DEINIT_MAC(td, ver, session->security_parameters.write_mac_algorithm);
          return GNUTLS_E_DECRYPTION_FAILED;
        }
 
@@ -492,6 +500,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
                                   ciphertext.size)) < 0)
        {
          gnutls_assert ();
+         DEINIT_MAC(td, ver, session->security_parameters.write_mac_algorithm);
          return ret;
        }
 
@@ -505,6 +514,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
          if (ciphertext.size == 0)
            {
              gnutls_assert ();
+              DEINIT_MAC(td, ver, 
session->security_parameters.write_mac_algorithm);
              return GNUTLS_E_DECRYPTION_FAILED;
            }
        }
@@ -537,6 +547,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
       break;
     default:
       gnutls_assert ();
+      DEINIT_MAC(td, ver, session->security_parameters.write_mac_algorithm);
       return GNUTLS_E_INTERNAL_ERROR;
     }
 
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index a90f2e3..6f590a2 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -62,17 +62,31 @@
 #define TRUE 1
 #define FALSE 0
 
-int _gnutls_server_select_comp_method (gnutls_session_t session,
+static int _gnutls_handshake_hash_init (gnutls_session_t session);
+static int _gnutls_server_select_comp_method (gnutls_session_t session,
                                       opaque * data, int datalen);
+static int
+_gnutls_handshake_hash_add_recvd (gnutls_session_t session,
+                                 gnutls_handshake_description_t recv_type,
+                                 opaque * header, uint16_t header_size,
+                                 opaque * dataptr, uint32_t datalen);
 
 
 /* Clears the handshake hash buffers and handles.
  */
-static void
+void
 _gnutls_handshake_hash_buffers_clear (gnutls_session_t session)
 {
-  _gnutls_hash_deinit (&session->internals.handshake_mac_handle_md5, NULL);
-  _gnutls_hash_deinit (&session->internals.handshake_mac_handle_sha, NULL);
+  if (session->security_parameters.handshake_mac_handle_type == 
HANDSHAKE_MAC_TYPE_10) 
+    {
+      _gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls10.md5, 
NULL);
+      _gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls10.sha, 
NULL);
+    }
+  else if (session->security_parameters.handshake_mac_handle_type == 
HANDSHAKE_MAC_TYPE_12)
+    {
+      _gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls12.mac, 
NULL);
+    }
+  session->security_parameters.handshake_mac_handle_type = 0;
   session->internals.handshake_mac_handle_init = 0;
   _gnutls_handshake_buffer_clear (session);
 }
@@ -149,23 +163,33 @@ _gnutls_ssl3_finished (gnutls_session_t session, int 
type, opaque * ret)
   const char *mesg;
   int rc;
 
-  rc =
-    _gnutls_hash_copy (&td_md5, &session->internals.handshake_mac_handle_md5);
-  if (rc < 0)
+  if (session->security_parameters.handshake_mac_handle_type == 
HANDSHAKE_MAC_TYPE_10) 
     {
-      gnutls_assert ();
-      return rc;
-    }
+      rc =
+        _gnutls_hash_copy (&td_md5, 
&session->internals.handshake_mac_handle.tls10.md5);
+      if (rc < 0)
+        {
+          gnutls_assert ();
+          return rc;
+        }
+
+      rc =
+        _gnutls_hash_copy (&td_sha, 
&session->internals.handshake_mac_handle.tls10.sha);
+      if (rc < 0)
+        {
+          gnutls_assert ();
+          _gnutls_hash_deinit (&td_md5, NULL);
+          return rc;
+        }
 
-  rc =
-    _gnutls_hash_copy (&td_sha, &session->internals.handshake_mac_handle_sha);
-  if (rc < 0)
+    }
+  else
     {
-      gnutls_assert ();
-      _gnutls_hash_deinit (&td_md5, NULL);
-      return rc;
+      gnutls_assert();
+      return GNUTLS_E_INTERNAL_ERROR;
     }
 
+
   if (type == GNUTLS_SERVER)
     {
       mesg = SSL3_SERVER_MSG;
@@ -197,7 +221,7 @@ static int
 _gnutls_finished (gnutls_session_t session, int type, void *ret)
 {
   const int siz = TLS_MSG_LEN;
-  opaque concat[36];
+  opaque concat[MAX_HASH_SIZE+16/*MD5*/];
   size_t len;
   const char *mesg;
   digest_hd_st td_md5;
@@ -205,39 +229,45 @@ _gnutls_finished (gnutls_session_t session, int type, 
void *ret)
   gnutls_protocol_t ver = gnutls_protocol_get_version (session);
   int rc;
 
-  if (ver < GNUTLS_TLS1_2)
+  if (session->security_parameters.handshake_mac_handle_type == 
HANDSHAKE_MAC_TYPE_10) 
     {
       rc =
        _gnutls_hash_copy (&td_md5,
-                          &session->internals.handshake_mac_handle_md5);
+                          &session->internals.handshake_mac_handle.tls10.md5);
       if (rc < 0)
        {
          gnutls_assert ();
          return rc;
        }
-    }
 
-  rc =
-    _gnutls_hash_copy (&td_sha, &session->internals.handshake_mac_handle_sha);
-  if (rc < 0)
-    {
-      gnutls_assert ();
-      _gnutls_hash_deinit (&td_md5, NULL);
-      return rc;
-    }
+      rc =
+        _gnutls_hash_copy (&td_sha, 
&session->internals.handshake_mac_handle.tls10.sha);
+      if (rc < 0)
+        {
+          gnutls_assert ();
+          _gnutls_hash_deinit (&td_md5, NULL);
+          return rc;
+        }
 
-  if (ver < GNUTLS_TLS1_2)
-    {
-      _gnutls_hash_deinit (&td_md5, concat);
-      _gnutls_hash_deinit (&td_sha, &concat[16]);
-      len = 20 + 16;
+        _gnutls_hash_deinit (&td_md5, concat);
+        _gnutls_hash_deinit (&td_sha, &concat[16]);
+        len = 20 + 16;
     }
-  else
+  else if (session->security_parameters.handshake_mac_handle_type == 
HANDSHAKE_MAC_TYPE_12) 
     {
-      _gnutls_hash_deinit (&td_sha, concat);
-      len = 20;
+      rc =
+        _gnutls_hash_copy (&td_sha, 
&session->internals.handshake_mac_handle.tls12.mac);
+      if (rc < 0)
+        {
+          gnutls_assert ();
+          return rc;
+        }
+
+        _gnutls_hash_deinit (&td_sha, concat);
+        len = _gnutls_hash_get_algo_len (td_sha.algorithm);
     }
 
+
   if (type == GNUTLS_SERVER)
     {
       mesg = SERVER_MSG;
@@ -514,8 +544,15 @@ _gnutls_handshake_hash_pending (gnutls_session_t session)
 
   if (siz > 0)
     {
-      _gnutls_hash (&session->internals.handshake_mac_handle_sha, data, siz);
-      _gnutls_hash (&session->internals.handshake_mac_handle_md5, data, siz);
+      if (session->security_parameters.handshake_mac_handle_type == 
HANDSHAKE_MAC_TYPE_10) 
+        {
+          _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha, 
data, siz);
+          _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5, 
data, siz);
+        } 
+      else if (session->security_parameters.handshake_mac_handle_type == 
HANDSHAKE_MAC_TYPE_12)
+        {
+          _gnutls_hash (&session->internals.handshake_mac_handle.tls12.mac, 
data, siz);
+        }
     }
 
   _gnutls_handshake_buffer_empty (session);
@@ -816,7 +853,7 @@ finish:
 
 /* This selects the best supported compression method from the ones provided 
  */
-int
+static int
 _gnutls_server_select_comp_method (gnutls_session_t session,
                                   opaque * data, int datalen)
 {
@@ -895,6 +932,18 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session,
 {
   int ret;
 
+  if (session->security_parameters.entity == GNUTLS_CLIENT && type == 
GNUTLS_HANDSHAKE_CLIENT_HELLO)
+    {
+      /* do not hash immediatelly since the hash has not yet been initialized 
*/
+      if ((ret =
+          _gnutls_handshake_buffer_put (session, dataptr, datalen)) < 0)
+       {
+         gnutls_assert ();
+         return ret;
+       }
+      return 0;
+    }
+
   if ((ret = _gnutls_handshake_hash_pending (session)) < 0)
     {
       gnutls_assert ();
@@ -903,10 +952,18 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session,
 
   if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
     {
-      _gnutls_hash (&session->internals.handshake_mac_handle_sha, dataptr,
+      if (session->security_parameters.handshake_mac_handle_type == 
HANDSHAKE_MAC_TYPE_10) 
+        {
+          _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha, 
dataptr,
                    datalen);
-      _gnutls_hash (&session->internals.handshake_mac_handle_md5, dataptr,
+          _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5, 
dataptr,
                    datalen);
+        }
+      else if (session->security_parameters.handshake_mac_handle_type == 
HANDSHAKE_MAC_TYPE_12) 
+        { 
+          _gnutls_hash (&session->internals.handshake_mac_handle.tls12.mac, 
dataptr,
+                   datalen);
+        }
     }
 
   return 0;
@@ -1145,11 +1202,14 @@ _gnutls_handshake_hash_add_recvd (gnutls_session_t 
session,
   /* The idea here is to hash the previous message we received,
    * and add the one we just received into the handshake_hash_buffer.
    */
-
-  if ((ret = _gnutls_handshake_hash_pending (session)) < 0)
+  if ((session->security_parameters.entity == GNUTLS_SERVER || recv_type != 
GNUTLS_HANDSHAKE_SERVER_HELLO) && 
+      (session->security_parameters.entity == GNUTLS_CLIENT || recv_type != 
GNUTLS_HANDSHAKE_CLIENT_HELLO))
     {
-      gnutls_assert ();
-      return ret;
+      if ((ret = _gnutls_handshake_hash_pending (session)) < 0)
+        {
+          gnutls_assert ();
+          return ret;
+        }
     }
 
   /* here we buffer the handshake messages - needed at Finished message */
@@ -1272,11 +1332,23 @@ _gnutls_recv_handshake (gnutls_session_t session, 
uint8_t ** data,
     case GNUTLS_HANDSHAKE_CLIENT_HELLO:
     case GNUTLS_HANDSHAKE_SERVER_HELLO:
       ret = _gnutls_recv_hello (session, dataptr, length32);
+      
       /* dataptr is freed because the caller does not
        * need it */
       gnutls_free (dataptr);
       if (data != NULL)
        *data = NULL;
+      
+      if (ret < 0)
+        break;
+
+      /* initialize the hashes for both - (client will know server's version
+       * and server as well at this point) */
+      if ((ret = _gnutls_handshake_hash_init (session)) < 0) {
+        gnutls_assert();
+        return ret;
+      }
+
       break;
     case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
       if (length32 == 0)
@@ -2146,30 +2218,60 @@ _gnutls_abort_handshake (gnutls_session_t session, int 
ret)
 /* This function initialized the handshake hash session.
  * required for finished messages.
  */
-inline static int
+static int
 _gnutls_handshake_hash_init (gnutls_session_t session)
 {
+  gnutls_protocol_t ver = gnutls_protocol_get_version (session);
 
   if (session->internals.handshake_mac_handle_init == 0)
     {
-      int ret =
-       _gnutls_hash_init (&session->internals.handshake_mac_handle_md5,
+      int ret;
+
+      /* set the hash type for handshake message hashing */
+      if (_gnutls_version_has_selectable_prf (ver))
+        session->security_parameters.handshake_mac_handle_type = 
HANDSHAKE_MAC_TYPE_12;
+      else
+        session->security_parameters.handshake_mac_handle_type = 
HANDSHAKE_MAC_TYPE_10;
+
+
+      if (session->security_parameters.handshake_mac_handle_type == 
HANDSHAKE_MAC_TYPE_10) 
+        {
+          ret =
+           _gnutls_hash_init 
(&session->internals.handshake_mac_handle.tls10.md5,
                           GNUTLS_MAC_MD5);
 
-      if (ret < 0)
-       {
-         gnutls_assert ();
-         return ret;
-       }
+          if (ret < 0)
+           {
+             gnutls_assert ();
+             return ret;
+           }
 
-      ret =
-       _gnutls_hash_init (&session->internals.handshake_mac_handle_sha,
+          ret =
+            _gnutls_hash_init 
(&session->internals.handshake_mac_handle.tls10.sha,
                           GNUTLS_MAC_SHA1);
-      if (ret < 0)
-       {
-         gnutls_assert ();
-         return GNUTLS_E_MEMORY_ERROR;
-       }
+          if (ret < 0)
+           {
+             gnutls_assert ();
+             _gnutls_hash_deinit 
(&session->internals.handshake_mac_handle.tls10.md5, NULL);
+             return GNUTLS_E_MEMORY_ERROR;
+           }
+        }
+      else if (session->security_parameters.handshake_mac_handle_type == 
HANDSHAKE_MAC_TYPE_12)
+        {
+        /* The algorithm to compute hash over handshake messages must be
+          same as the one used as the basis for PRF.  By now we use
+          SHA256. */
+          gnutls_digest_algorithm_t hash_algo = GNUTLS_MAC_SHA256;
+
+          ret =
+           _gnutls_hash_init 
(&session->internals.handshake_mac_handle.tls12.mac,
+                          hash_algo);
+           if (ret < 0)
+            {
+              gnutls_assert ();
+              return GNUTLS_E_MEMORY_ERROR;
+            }
+        }
 
       session->internals.handshake_mac_handle_init = 1;
     }
@@ -2269,12 +2371,6 @@ gnutls_handshake (gnutls_session_t session)
 {
   int ret;
 
-  if ((ret = _gnutls_handshake_hash_init (session)) < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
   if (session->security_parameters.entity == GNUTLS_CLIENT)
     {
       ret = _gnutls_handshake_client (session);
@@ -2312,9 +2408,9 @@ gnutls_handshake (gnutls_session_t session)
   return 0;
 }
 
-#define IMED_RET( str, ret) do { \
+#define IMED_RET( str, ret, check_fatal) do { \
        if (ret < 0) { \
-               if (gnutls_error_is_fatal(ret)==0) return ret; \
+               if (check_fatal != 0 && gnutls_error_is_fatal(ret)==0) return 
ret; \
                gnutls_assert(); \
                ERR( str, ret); \
                _gnutls_handshake_hash_buffers_clear(session); \
@@ -2352,7 +2448,7 @@ _gnutls_handshake_client (gnutls_session_t session)
     case STATE1:
       ret = _gnutls_send_hello (session, AGAIN (STATE1));
       STATE = STATE1;
-      IMED_RET ("send hello", ret);
+      IMED_RET ("send hello", ret, 0);
 
     case STATE2:
       /* receive the server hello */
@@ -2361,14 +2457,14 @@ _gnutls_handshake_client (gnutls_session_t session)
                                GNUTLS_HANDSHAKE_SERVER_HELLO,
                                MANDATORY_PACKET);
       STATE = STATE2;
-      IMED_RET ("recv hello", ret);
+      IMED_RET ("recv hello", ret, 1);
 
     case STATE70:
       if (session->security_parameters.extensions.do_recv_supplemental)
        {
          ret = _gnutls_recv_supplemental (session);
          STATE = STATE70;
-         IMED_RET ("recv supplemental", ret);
+         IMED_RET ("recv supplemental", ret, 1);
        }
 
     case STATE3:
@@ -2376,14 +2472,14 @@ _gnutls_handshake_client (gnutls_session_t session)
       if (session->internals.resumed == RESUME_FALSE)  /* if we are not 
resuming */
        ret = _gnutls_recv_server_certificate (session);
       STATE = STATE3;
-      IMED_RET ("recv server certificate", ret);
+      IMED_RET ("recv server certificate", ret, 1);
 
     case STATE4:
       /* receive the server key exchange */
       if (session->internals.resumed == RESUME_FALSE)  /* if we are not 
resuming */
        ret = _gnutls_recv_server_kx_message (session);
       STATE = STATE4;
-      IMED_RET ("recv server kx message", ret);
+      IMED_RET ("recv server kx message", ret, 1);
 
     case STATE5:
       /* receive the server certificate request - if any 
@@ -2392,7 +2488,7 @@ _gnutls_handshake_client (gnutls_session_t session)
       if (session->internals.resumed == RESUME_FALSE)  /* if we are not 
resuming */
        ret = _gnutls_recv_server_certificate_request (session);
       STATE = STATE5;
-      IMED_RET ("recv server certificate request message", ret);
+      IMED_RET ("recv server certificate request message", ret, 1);
 
     case STATE6:
       /* receive the server hello done */
@@ -2402,14 +2498,14 @@ _gnutls_handshake_client (gnutls_session_t session)
                                  GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
                                  MANDATORY_PACKET);
       STATE = STATE6;
-      IMED_RET ("recv server hello done", ret);
+      IMED_RET ("recv server hello done", ret, 1);
 
     case STATE71:
       if (session->security_parameters.extensions.do_send_supplemental)
        {
          ret = _gnutls_send_supplemental (session, AGAIN (STATE71));
          STATE = STATE71;
-         IMED_RET ("send supplemental", ret);
+         IMED_RET ("send supplemental", ret, 0);
        }
 
     case STATE7:
@@ -2418,13 +2514,13 @@ _gnutls_handshake_client (gnutls_session_t session)
       if (session->internals.resumed == RESUME_FALSE)  /* if we are not 
resuming */
        ret = _gnutls_send_client_certificate (session, AGAIN (STATE7));
       STATE = STATE7;
-      IMED_RET ("send client certificate", ret);
+      IMED_RET ("send client certificate", ret, 0);
 
     case STATE8:
       if (session->internals.resumed == RESUME_FALSE)  /* if we are not 
resuming */
        ret = _gnutls_send_client_kx_message (session, AGAIN (STATE8));
       STATE = STATE8;
-      IMED_RET ("send client kx", ret);
+      IMED_RET ("send client kx", ret, 0);
 
     case STATE9:
       /* send client certificate verify */
@@ -2432,7 +2528,7 @@ _gnutls_handshake_client (gnutls_session_t session)
        ret =
          _gnutls_send_client_certificate_verify (session, AGAIN (STATE9));
       STATE = STATE9;
-      IMED_RET ("send client certificate verify", ret);
+      IMED_RET ("send client certificate verify", ret, 0);
 
       STATE = STATE0;
     default:
@@ -2581,19 +2677,19 @@ _gnutls_handshake_server (gnutls_session_t session)
                                GNUTLS_HANDSHAKE_CLIENT_HELLO,
                                MANDATORY_PACKET);
       STATE = STATE1;
-      IMED_RET ("recv hello", ret);
+      IMED_RET ("recv hello", ret, 1);
 
     case STATE2:
       ret = _gnutls_send_hello (session, AGAIN (STATE2));
       STATE = STATE2;
-      IMED_RET ("send hello", ret);
+      IMED_RET ("send hello", ret, 0);
 
     case STATE70:
       if (session->security_parameters.extensions.do_send_supplemental)
        {
          ret = _gnutls_send_supplemental (session, AGAIN (STATE70));
          STATE = STATE70;
-         IMED_RET ("send supplemental data", ret);
+         IMED_RET ("send supplemental data", ret, 0);
        }
 
       /* SEND CERTIFICATE + KEYEXCHANGE + CERTIFICATE_REQUEST */
@@ -2603,14 +2699,14 @@ _gnutls_handshake_server (gnutls_session_t session)
       if (session->internals.resumed == RESUME_FALSE)
        ret = _gnutls_send_server_certificate (session, AGAIN (STATE3));
       STATE = STATE3;
-      IMED_RET ("send server certificate", ret);
+      IMED_RET ("send server certificate", ret, 0);
 
     case STATE4:
       /* send server key exchange (A) */
       if (session->internals.resumed == RESUME_FALSE)
        ret = _gnutls_send_server_kx_message (session, AGAIN (STATE4));
       STATE = STATE4;
-      IMED_RET ("send server kx", ret);
+      IMED_RET ("send server kx", ret, 0);
 
     case STATE5:
       /* Send certificate request - if requested to */
@@ -2618,7 +2714,7 @@ _gnutls_handshake_server (gnutls_session_t session)
        ret =
          _gnutls_send_server_certificate_request (session, AGAIN (STATE5));
       STATE = STATE5;
-      IMED_RET ("send server cert request", ret);
+      IMED_RET ("send server cert request", ret, 0);
 
     case STATE6:
       /* send the server hello done */
@@ -2628,14 +2724,14 @@ _gnutls_handshake_server (gnutls_session_t session)
                                        GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
                                        AGAIN (STATE6));
       STATE = STATE6;
-      IMED_RET ("send server hello done", ret);
+      IMED_RET ("send server hello done", ret, 0);
 
     case STATE71:
       if (session->security_parameters.extensions.do_recv_supplemental)
        {
          ret = _gnutls_recv_supplemental (session);
          STATE = STATE71;
-         IMED_RET ("recv client supplemental", ret);
+         IMED_RET ("recv client supplemental", ret, 1);
        }
 
       /* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */
@@ -2644,21 +2740,21 @@ _gnutls_handshake_server (gnutls_session_t session)
       if (session->internals.resumed == RESUME_FALSE)  /* if we are not 
resuming */
        ret = _gnutls_recv_client_certificate (session);
       STATE = STATE7;
-      IMED_RET ("recv client certificate", ret);
+      IMED_RET ("recv client certificate", ret, 1);
 
     case STATE8:
       /* receive the client key exchange message */
       if (session->internals.resumed == RESUME_FALSE)  /* if we are not 
resuming */
        ret = _gnutls_recv_client_kx_message (session);
       STATE = STATE8;
-      IMED_RET ("recv client kx", ret);
+      IMED_RET ("recv client kx", ret, 1);
 
     case STATE9:
       /* receive the client certificate verify message */
       if (session->internals.resumed == RESUME_FALSE)  /* if we are not 
resuming */
        ret = _gnutls_recv_client_certificate_verify_message (session);
       STATE = STATE9;
-      IMED_RET ("recv client certificate verify", ret);
+      IMED_RET ("recv client certificate verify", ret, 1);
 
       STATE = STATE0;          /* finished thus clear session */
     default:
@@ -2682,26 +2778,19 @@ _gnutls_handshake_common (gnutls_session_t session)
       /* if we are a client resuming - or we are a server not resuming */
 
       ret = _gnutls_recv_handshake_final (session, TRUE);
-      IMED_RET ("recv handshake final", ret);
+      IMED_RET ("recv handshake final", ret, 1);
 
       ret = _gnutls_send_handshake_final (session, FALSE);
-      IMED_RET ("send handshake final", ret);
-
-      /* only store if we are not resuming */
-      if (session->security_parameters.entity == GNUTLS_SERVER)
-        {
-          /* in order to support session resuming */
-          _gnutls_server_register_current_session (session);
-        }
+      IMED_RET ("send handshake final", ret, 0);
     }
   else
     {                          /* if we are a client not resuming - or we are 
a server resuming */
 
       ret = _gnutls_send_handshake_final (session, TRUE);
-      IMED_RET ("send handshake final 2", ret);
+      IMED_RET ("send handshake final 2", ret, 0);
 
       ret = _gnutls_recv_handshake_final (session, FALSE);
-      IMED_RET ("recv handshake final 2", ret);
+      IMED_RET ("recv handshake final 2", ret, 1);
     }
 
   /* clear handshake buffer */
diff --git a/lib/gnutls_handshake.h b/lib/gnutls_handshake.h
index 5cff279..c6594bd 100644
--- a/lib/gnutls_handshake.h
+++ b/lib/gnutls_handshake.h
@@ -53,6 +53,8 @@ int _gnutls_server_select_suite (gnutls_session_t session, 
opaque * data,
 int _gnutls_negotiate_version( gnutls_session_t session, gnutls_protocol_t 
adv_version);
 int _gnutls_user_hello_func( gnutls_session, gnutls_protocol_t adv_version);
 
+void _gnutls_handshake_hash_buffers_clear (gnutls_session_t session);
+
 #define STATE session->internals.handshake_state
 /* This returns true if we have got there
  * before (and not finished due to an interrupt).
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index e55ae54..5e5b2aa 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -77,6 +77,7 @@ _gnutls_hash_init (digest_hd_st * dig, 
gnutls_digest_algorithm_t algorithm)
          gnutls_assert ();
          return GNUTLS_E_HASH_FAILED;
        }
+      dig->active = 1;
       return 0;
     }
 
@@ -89,6 +90,7 @@ _gnutls_hash_init (digest_hd_st * dig, 
gnutls_digest_algorithm_t algorithm)
       return result;
     }
 
+  dig->active = 1;
   return 0;
 }
 
@@ -119,10 +121,10 @@ _gnutls_hash_copy (digest_hd_st * dst, digest_hd_st * src)
 {
   int result;
 
+  memset(dst, 0, sizeof(*dst));
   dst->algorithm = src->algorithm;
-  dst->key = NULL;             /* it's a hash anyway */
-  dst->keysize = 0;
   dst->registered = src->registered;
+  dst->active = 1;
 
   if (src->registered)
     {
@@ -165,7 +167,14 @@ _gnutls_hash_output (digest_hd_st * handle, void *digest)
 void
 _gnutls_hash_deinit (digest_hd_st * handle, void *digest)
 {
-  _gnutls_hash_output (handle, digest);
+  if (handle->active != 1) {
+    return;
+  }
+
+  if (digest != NULL)
+    _gnutls_hash_output (handle, digest);
+
+  handle->active = 0;
 
   if (handle->registered && handle->hd.rh.ctx != NULL)
     {
@@ -269,6 +278,7 @@ _gnutls_hmac_init (digest_hd_st * dig, 
gnutls_mac_algorithm_t algorithm,
          return GNUTLS_E_HASH_FAILED;
        }
 
+      dig->active = 1;
       return 0;
     }
 
@@ -283,6 +293,7 @@ _gnutls_hmac_init (digest_hd_st * dig, 
gnutls_mac_algorithm_t algorithm,
 
   _gnutls_mac_ops.setkey (dig->hd.gc, key, keylen);
 
+  dig->active = 1;
   return 0;
 }
 
@@ -323,8 +334,14 @@ _gnutls_hmac_output (digest_hd_st * handle, void *digest)
 void
 _gnutls_hmac_deinit (digest_hd_st * handle, void *digest)
 {
-  _gnutls_hmac_output (handle, digest);
+  if (handle->active != 1) {
+    return;
+  }
+
+  if (digest)
+    _gnutls_hmac_output (handle, digest);
 
+  handle->active = 0;
   if (handle->registered && handle->hd.rh.ctx != NULL)
     {
       handle->hd.rh.cc->deinit (handle->hd.rh.ctx);
@@ -398,6 +415,7 @@ _gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void 
*digest)
   if (padsize == 0)
     {
       gnutls_assert ();
+      _gnutls_hash_deinit (handle, NULL);
       return;
     }
 
@@ -407,6 +425,7 @@ _gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void 
*digest)
   if (rc < 0)
     {
       gnutls_assert ();
+      _gnutls_hash_deinit (handle, NULL);
       return;
     }
 
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index 8017d12..d915af5 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -52,6 +52,7 @@ typedef struct
   gnutls_mac_algorithm_t algorithm;
   const void *key;
   int keysize;
+  int active;
 } digest_hd_st;
 
 int _gnutls_hmac_init (digest_hd_st*, gnutls_mac_algorithm_t algorithm,
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 6d6ab5d..a56cd26 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -195,6 +195,12 @@ typedef enum content_type_t
 #define GNUTLS_PK_ANY (gnutls_pk_algorithm_t)-1
 #define GNUTLS_PK_NONE (gnutls_pk_algorithm_t)-2
 
+typedef enum
+{
+  HANDSHAKE_MAC_TYPE_10=1,
+  HANDSHAKE_MAC_TYPE_12
+} handshake_mac_type_t;
+
 /* Store & Retrieve functions defines: 
  */
 
@@ -208,7 +214,6 @@ typedef struct auth_cred_st
   struct auth_cred_st *next;
 } auth_cred_st;
 
-
 struct gnutls_key_st
 {
   /* For DH KX */
@@ -339,6 +344,7 @@ typedef struct
   gnutls_cipher_algorithm_t write_bulk_cipher_algorithm;
   gnutls_mac_algorithm_t write_mac_algorithm;
   gnutls_compression_method_t write_compression_algorithm;
+  handshake_mac_type_t handshake_mac_handle_type; /* one of HANDSHAKE_TYPE_10 
and HANDSHAKE_TYPE_12 */
 
   /* this is the ciphersuite we are going to use 
    * moved here from internals in order to be restored
@@ -446,14 +452,25 @@ typedef struct
   gnutls_handshake_description_t recv_type;
 } handshake_header_buffer_st;
 
+
 typedef struct
 {
   gnutls_buffer application_data_buffer;       /* holds data to be delivered 
to application layer */
   gnutls_buffer handshake_hash_buffer; /* used to keep the last received 
handshake 
                                         * message */
-  digest_hd_st handshake_mac_handle_sha;       /* hash of the handshake 
messages */
-  digest_hd_st handshake_mac_handle_md5;       /* hash of the handshake 
messages */
-  int handshake_mac_handle_init; /* 1 when the previous two were initialized */
+  union
+    {
+      struct 
+        {
+          digest_hd_st sha;    /* hash of the handshake messages */
+          digest_hd_st md5;    /* hash of the handshake messages */
+        } tls10;
+      struct
+        {
+          digest_hd_st mac;    /* hash of the handshake messages for TLS 1.2+ 
*/
+        } tls12;
+    } handshake_mac_handle;
+  int handshake_mac_handle_init; /* 1 when the previous union and type were 
initialized */
 
   gnutls_buffer handshake_data_buffer; /* this is a buffer that holds the 
current handshake message */
   gnutls_buffer ia_data_buffer;        /* holds inner application data 
(TLS/IA) */
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 81f5aa3..aa0316e 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -58,8 +58,17 @@ _gnutls_tls_sign_hdata (gnutls_session_t session,
   digest_hd_st td_sha;
   gnutls_protocol_t ver = gnutls_protocol_get_version (session);
 
+  /* FIXME: This is not compliant to TLS 1.2. We should use an algorithm from 
the
+   * SignatureAndHashAlgorithm field of Certificate Request.
+   */
+  if (session->security_parameters.handshake_mac_handle_type != 
HANDSHAKE_MAC_TYPE_10)
+    {
+      gnutls_assert();
+      return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+    }
+  
   ret =
-    _gnutls_hash_copy (&td_sha, &session->internals.handshake_mac_handle_sha);
+    _gnutls_hash_copy (&td_sha, 
&session->internals.handshake_mac_handle.tls10.sha);
   if (ret < 0)
     {
       gnutls_assert ();
@@ -87,7 +96,7 @@ _gnutls_tls_sign_hdata (gnutls_session_t session,
     case GNUTLS_PK_RSA:
       ret =
        _gnutls_hash_copy (&td_md5,
-                          &session->internals.handshake_mac_handle_md5);
+                          &session->internals.handshake_mac_handle.tls10.md5);
       if (ret < 0)
        {
          gnutls_assert ();
@@ -376,8 +385,14 @@ _gnutls_verify_sig_hdata (gnutls_session_t session, 
gnutls_cert * cert,
   gnutls_datum_t dconcat;
   gnutls_protocol_t ver = gnutls_protocol_get_version (session);
 
+  if (session->security_parameters.handshake_mac_handle_type != 
HANDSHAKE_MAC_TYPE_10)
+    {
+      gnutls_assert();
+      return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+    }
+
   ret =
-    _gnutls_hash_copy (&td_md5, &session->internals.handshake_mac_handle_md5);
+    _gnutls_hash_copy (&td_md5, 
&session->internals.handshake_mac_handle.tls10.md5);
   if (ret < 0)
     {
       gnutls_assert ();
@@ -385,7 +400,7 @@ _gnutls_verify_sig_hdata (gnutls_session_t session, 
gnutls_cert * cert,
     }
 
   ret =
-    _gnutls_hash_copy (&td_sha, &session->internals.handshake_mac_handle_sha);
+    _gnutls_hash_copy (&td_sha, 
&session->internals.handshake_mac_handle.tls10.sha);
   if (ret < 0)
     {
       gnutls_assert ();
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index d9abd55..78f7145 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -201,6 +201,8 @@ deinit_internal_params (gnutls_session_t session)
   if (session->internals.params.free_rsa_params)
     gnutls_rsa_params_deinit (session->internals.params.rsa_params);
 
+  _gnutls_handshake_hash_buffers_clear(session);
+
   memset (&session->internals.params, 0, sizeof (session->internals.params));
 }
 
@@ -208,8 +210,8 @@ deinit_internal_params (gnutls_session_t session)
  * structure within the session, which depend on the current handshake.
  * This is used to allow further handshakes.
  */
-void
-_gnutls_handshake_internal_state_clear (gnutls_session_t session)
+static void
+_gnutls_handshake_internal_state_init (gnutls_session_t session)
 {
   session->internals.extensions_sent_size = 0;
 
@@ -231,6 +233,13 @@ _gnutls_handshake_internal_state_clear (gnutls_session_t 
session)
   session->internals.last_handshake_out = -1;
 
   session->internals.resumable = RESUME_TRUE;
+}
+
+void
+_gnutls_handshake_internal_state_clear (gnutls_session_t session)
+{
+  _gnutls_handshake_internal_state_init(session);
+
   _gnutls_free_datum (&session->internals.recv_buffer);
 
   deinit_internal_params (session);
@@ -336,7 +345,7 @@ gnutls_init (gnutls_session_t * session, 
gnutls_connection_end_t con_end)
    * as NULL or 0. This is why calloc is used.
    */
 
-  _gnutls_handshake_internal_state_clear (*session);
+  _gnutls_handshake_internal_state_init (*session);
 
   return 0;
 }


hooks/post-receive
-- 
GNU gnutls




reply via email to

[Prev in Thread] Current Thread [Next in Thread]