[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-213-g743dedc
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-213-g743dedc |
|
Date: |
Fri, 04 Jun 2010 21:14:07 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=743dedcddb41d9a29a0e92fa85a24a5c270d5f01
The branch, master has been updated
via 743dedcddb41d9a29a0e92fa85a24a5c270d5f01 (commit)
via 644082bbd239b8b4a1131c4548a2fef16eaf8eee (commit)
from 125ce4842ced6f4f8631b953b0ce0f3f5a22e3e5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 743dedcddb41d9a29a0e92fa85a24a5c270d5f01
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jun 4 23:13:57 2010 +0200
More fixes for the rebase.
commit 644082bbd239b8b4a1131c4548a2fef16eaf8eee
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jun 4 23:12:51 2010 +0200
Added Jonathan.
-----------------------------------------------------------------------
Summary of changes:
AUTHORS | 3 +
lib/Makefile.am | 9 +-
lib/ext_session_ticket.c | 5 +-
lib/gnutls_algorithms.c | 57 +-------------
lib/gnutls_buffers.c | 20 ++---
lib/gnutls_buffers.h | 2 +-
lib/gnutls_handshake.c | 192 ++++++++++++++++++++++------------------------
lib/gnutls_handshake.h | 3 -
lib/gnutls_int.h | 13 ++--
lib/gnutls_kx.c | 3 +-
lib/gnutls_mbuffers.c | 31 ++++----
lib/gnutls_record.c | 4 +-
lib/gnutls_state.c | 7 +-
13 files changed, 144 insertions(+), 205 deletions(-)
diff --git a/AUTHORS b/AUTHORS
index 686adf6..967b539 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -67,6 +67,9 @@ C++ fixes.
Steve Dispensa <address@hidden>
TLS safe renegotiation fix.
+Jonathan Bastien-Filiatrault <address@hidden>
+Redesign and implementation of the buffering layer.
+
-----BEGIN PGP PUBLIC KEY BLOCK-----
URL: http://josefsson.org/key.txt (always latest version)
Comment: This 0xB565716F key is used to sign releases of GnuTLS.
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 111ba4b..397694a 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -67,7 +67,7 @@ OPRFI_COBJECTS = ext_oprfi.c
SESSION_TICKET_COBJECTS = ext_session_ticket.c
COBJECTS = gnutls_record.c gnutls_compress.c debug.c gnutls_cipher.c \
- gnutls_buffers.c gnutls_handshake.c gnutls_num.c \
+ gnutls_mbuffers.c gnutls_buffers.c gnutls_handshake.c gnutls_num.c \
gnutls_errors.c gnutls_algorithms.c gnutls_dh.c gnutls_kx.c \
gnutls_priority.c gnutls_hash_int.c gnutls_cipher_int.c \
gnutls_session.c gnutls_db.c x509_b64.c auth_anon.c \
@@ -80,9 +80,10 @@ COBJECTS = gnutls_record.c gnutls_compress.c debug.c
gnutls_cipher.c \
gnutls_str.c gnutls_state.c gnutls_x509.c ext_cert_type.c \
gnutls_rsa_export.c auth_rsa_export.c ext_server_name.c \
auth_dh_common.c gnutls_helper.c gnutls_supplemental.c \
- crypto.c random.c cryptodev.c ext_signature.c crypto-api.c \
- ext_safe_renegotiation.c gnutls_mbuffers.c gnutls_privkey.c pkcs11.c \
- pkcs11_privkey.c gnutls_pubkey.c pkcs11_write.c
+ crypto.c random.c ext_signature.c cryptodev.c \
+ crypto-api.c ext_safe_renegotiation.c gnutls_privkey.c \
+ pkcs11.c pkcs11_privkey.c gnutls_pubkey.c pkcs11_write.c
+
if ENABLE_NETTLE
SUBDIRS += nettle
diff --git a/lib/ext_session_ticket.c b/lib/ext_session_ticket.c
index b3646b3..2f000fe 100644
--- a/lib/ext_session_ticket.c
+++ b/lib/ext_session_ticket.c
@@ -32,6 +32,7 @@
#include <gnutls_session_pack.h>
#include <random.h>
#include <ext_session_ticket.h>
+#include <gnutls_mbuffers.h>
#ifdef ENABLE_SESSION_TICKET
@@ -500,6 +501,7 @@ _gnutls_send_new_session_ticket (gnutls_session_t session,
int again)
security_parameters.current_cipher_suite));
if (ret < 0)
return ret;
+
ret = _gnutls_set_write_mac (session,
_gnutls_cipher_suite_get_mac_algo
(&session->
@@ -531,7 +533,7 @@ _gnutls_send_new_session_ticket (gnutls_session_t session,
int again)
return GNUTLS_E_MEMORY_ERROR;
}
- data = bufel->msg.data + bufel->mark;
+ data = _mbuffer_get_udata_ptr(bufel);
p = data;
/* FIXME: ticket lifetime is fixed to 10 days, which should be
customizable. */
@@ -558,7 +560,6 @@ _gnutls_send_new_session_ticket (gnutls_session_t session,
int again)
p += MAC_SIZE;
data_size = p - data;
- data = _gnutls_handshake_realloc(data, data_size);
}
ret = _gnutls_send_handshake (session, data_size ? bufel : NULL,
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index 891b2aa..b8aec37 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -1279,7 +1279,6 @@ _gnutls_version_has_selectable_prf (gnutls_protocol_t
version)
return version == GNUTLS_TLS1_2;
}
-
/* This function determines if the version specified has selectable
signature/hash functions for certificate authentification. */
int
@@ -1288,25 +1287,11 @@ _gnutls_version_has_selectable_sighash
(gnutls_protocol_t version)
return version == GNUTLS_TLS1_2;
}
-/* This function determines if the version specified has selectable
- signature/hash functions for certificate authentification. */
-int
-_gnutls_version_has_selectable_sighash (gnutls_protocol_t version)
-{
- switch(version) {
- case GNUTLS_TLS1_2:
- return 1;
- default:
- return 0;
- }
-}
-
/* This function determines if the version specified has support for
TLS extensions. */
int
_gnutls_version_has_extensions (gnutls_protocol_t version)
{
-<<<<<<< HEAD:lib/gnutls_algorithms.c
switch (version)
{
case GNUTLS_TLS1_0:
@@ -1347,44 +1332,6 @@ _gnutls_version_has_variable_padding (gnutls_protocol_t
version)
default:
return 0;
}
-=======
- switch(version) {
- case GNUTLS_TLS1_0:
- case GNUTLS_TLS1_1:
- case GNUTLS_TLS1_2:
- return 1;
- default:
- return 0;
- }
->>>>>>> Do not rely on version ordering; use switch..case
instead.:lib/gnutls_algorithms.c
-}
-
-/* This function determines if the version specified has explicit IVs
- (for CBC attack prevention). */
-int
-_gnutls_version_has_explicit_iv (gnutls_protocol_t version)
-{
- switch(version) {
- case GNUTLS_TLS1_1:
- case GNUTLS_TLS1_2:
- return 1;
- default:
- return 0;
- }
-}
-
-/* This function determines if the version specified can have
- non-minimal padding. */
-int _gnutls_version_has_variable_padding (gnutls_protocol_t version)
-{
- switch(version) {
- case GNUTLS_TLS1_0:
- case GNUTLS_TLS1_1:
- case GNUTLS_TLS1_2:
- return 1;
- default:
- return 0;
- }
}
/* Type to KX mappings */
@@ -2399,7 +2346,7 @@ gnutls_sec_param_get_name (gnutls_sec_param_t param)
case GNUTLS_SEC_PARAM_HIGH:
p = "High";
break;
-
+
case GNUTLS_SEC_PARAM_ULTRA:
p = "Ultra";
break;
@@ -2437,7 +2384,7 @@ gnutls_sec_param_t gnutls_pk_bits_to_sec_param
(gnutls_pk_algorithm_t algo,
return GNUTLS_SEC_PARAM_NORMAL;
else if (bits >= 1024)
return GNUTLS_SEC_PARAM_LOW;
- else
+ else
return GNUTLS_SEC_PARAM_WEAK;
}
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index 7d5a5d1..58d2f6a 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -261,7 +261,6 @@ _gnutls_read (gnutls_session_t session, void *iptr,
size_t left;
ssize_t i = 0;
char *ptr = iptr;
- unsigned j, x, sum = 0;
gnutls_transport_ptr_t fd = session->internals.transport_recv_ptr;
session->internals.direction = 0;
@@ -352,7 +351,6 @@ finish:
_gnutls_read_log ("READ: read %d bytes from %p\n",
(int) (sizeOfPtr - left), fd);
- dump_bytes (ptr, sizeOfPtr - left, 0);
}
return (sizeOfPtr - left);
@@ -670,7 +668,7 @@ _gnutls_io_write_buffered (gnutls_session_t session,
{
mbuffer_head_st * const send_buffer = &session->internals.record_send_buffer;
- _gnutls_mbuffer_enqueue (send_buffer, bufel);
+ _mbuffer_enqueue (send_buffer, bufel);
_gnutls_write_log
("WRITE: enqueued %d bytes for %p. Total %d bytes.\n",
@@ -695,16 +693,15 @@ _gnutls_io_write_flush (gnutls_session_t session)
_gnutls_write_log ("WRITE FLUSH: %d bytes in buffer.\n",
(int)send_buffer->byte_length);
- for (_gnutls_mbuffer_get_head (send_buffer, &msg);
+ for (_mbuffer_get_head (send_buffer, &msg);
msg.data != NULL && msg.size > 0;
- _gnutls_mbuffer_get_head (send_buffer, &msg))
+ _mbuffer_get_head (send_buffer, &msg))
{
ret = _gnutls_write (session, msg.data, msg.size);
if (ret >= 0)
{
- dump_bytes (msg.data, msg.size, 1);
- _gnutls_mbuffer_remove_bytes (send_buffer, ret);
+ _mbuffer_remove_bytes (send_buffer, ret);
_gnutls_write_log ("WRITE: wrote %d bytes, %d bytes left.\n",
ret, (int)send_buffer->byte_length);
@@ -747,9 +744,9 @@ _gnutls_handshake_io_write_flush (gnutls_session_t session)
_gnutls_write_log ("HWRITE FLUSH: %d bytes in buffer.\n",
(int)send_buffer->byte_length);
- for (_gnutls_mbuffer_get_head (send_buffer, &msg);
+ for (_mbuffer_get_head (send_buffer, &msg);
msg.data != NULL && msg.size > 0;
- _gnutls_mbuffer_get_head (send_buffer, &msg))
+ _mbuffer_get_head (send_buffer, &msg))
{
ret = _gnutls_send_int (session, GNUTLS_HANDSHAKE,
session->internals.handshake_send_buffer_htype,
@@ -757,8 +754,7 @@ _gnutls_handshake_io_write_flush (gnutls_session_t session)
if (ret >= 0)
{
- dump_bytes (msg.data, msg.size, 1);
- _gnutls_mbuffer_remove_bytes (send_buffer, ret);
+ _mbuffer_remove_bytes (send_buffer, ret);
_gnutls_write_log ("HWRITE: wrote %d bytes, %d bytes left.\n",
ret, (int)send_buffer->byte_length);
@@ -797,7 +793,7 @@ _gnutls_handshake_io_send_int (gnutls_session_t session,
{
mbuffer_head_st * const send_buffer =
&session->internals.handshake_send_buffer;
- _gnutls_mbuffer_enqueue (send_buffer, bufel);
+ _mbuffer_enqueue (send_buffer, bufel);
session->internals.handshake_send_buffer_htype = htype;
_gnutls_write_log
diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h
index 6d52f4e..729bcfc 100644
--- a/lib/gnutls_buffers.h
+++ b/lib/gnutls_buffers.h
@@ -48,7 +48,7 @@ int _gnutls_handshake_buffer_get_ptr (gnutls_session_t
session,
opaque ** data_ptr, size_t * length);
#define _gnutls_handshake_io_buffer_clear( session) \
- _gnutls_mbuffer_clear( &session->internals.handshake_send_buffer); \
+ _mbuffer_clear( &session->internals.handshake_send_buffer); \
_gnutls_buffer_clear( &session->internals.handshake_recv_buffer);
ssize_t _gnutls_handshake_io_recv_int (gnutls_session_t, content_type_t,
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index e03280c..ecdee2f 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -76,26 +76,6 @@ _gnutls_handshake_hash_add_recvd (gnutls_session_t session,
opaque * dataptr, uint32_t datalen);
-mbuffer_st*
-_gnutls_handshake_alloc(size_t size)
-{
- mbuffer_st *ret = _gnutls_mbuffer_alloc (HANDSHAKE_HEADER_SIZE + size);
-
- if (!ret)
- return NULL;
-
- ret->mark = HANDSHAKE_HEADER_SIZE;
-
- return ret;
-}
-
-mbuffer_st*
-_gnutls_handshake_realloc(mbuffer_st *bufel, size_t size)
-{
- mbuffer_st *ret = _gnutls_mbuffer_realloc (bufel, HANDSHAKE_HEADER_SIZE +
size);
-
- return ret;
-}
/* Clears the handshake hash buffers and handles.
*/
@@ -671,6 +651,7 @@ _gnutls_send_finished (gnutls_session_t session, int again)
mbuffer_st *bufel;
opaque *data;
int ret;
+ size_t vdata_size = 0;
if (again == 0)
{
@@ -680,7 +661,7 @@ _gnutls_send_finished (gnutls_session_t session, int again)
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- data = bufel->msg.data + bufel->mark;
+ data = _mbuffer_get_udata_ptr(bufel);
/* This is needed in order to hash all the required
* messages.
@@ -696,12 +677,13 @@ _gnutls_send_finished (gnutls_session_t session, int
again)
ret =
_gnutls_ssl3_finished (session,
session->security_parameters.entity, data);
+ _mbuffer_set_udata_size(bufel, 36);
}
else
{ /* TLS 1.0+ */
ret = _gnutls_finished (session,
session->security_parameters.entity, data);
- bufel->msg.size = 12 + bufel->mark;
+ _mbuffer_set_udata_size(bufel, 12);
}
if (ret < 0)
@@ -709,9 +691,33 @@ _gnutls_send_finished (gnutls_session_t session, int again)
gnutls_assert ();
return ret;
}
+
+ vdata_size = _mbuffer_get_udata_size(bufel);
if (session->internals.finished_func)
- session->internals.finished_func (session, data, bufel->msg.size -
bufel->mark);
+ session->internals.finished_func (session, data, vdata_size);
+
+ /* Save data for safe renegotiation.
+ */
+ if (vdata_size > MAX_VERIFY_DATA_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ session->security_parameters.extensions.client_verify_data_len =
+ vdata_size;
+
+ memcpy (session->security_parameters.extensions.client_verify_data,
data, vdata_size);
+ }
+ else
+ {
+ session->security_parameters.extensions.server_verify_data_len =
vdata_size;
+ memcpy (session->security_parameters.extensions.server_verify_data,
+ data, vdata_size);
+ }
ret = _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_FINISHED);
}
@@ -1160,11 +1166,9 @@ _gnutls_send_handshake (gnutls_session_t session,
mbuffer_st *bufel,
datasize = _mbuffer_get_udata_size(bufel) + _mbuffer_get_uhead_size(bufel);
data[pos++] = (uint8_t) type;
- _gnutls_write_uint24 (bufel->msg.size - bufel->mark, &data[pos]);
+ _gnutls_write_uint24 ( _mbuffer_get_udata_size(bufel), &data[pos]);
pos += 3;
- bufel->mark = 0;
-
_gnutls_handshake_log ("HSK[%p]: %s was sent [%ld bytes]\n",
session, _gnutls_handshake2str (type),
(long) datasize);
@@ -1971,17 +1975,16 @@ _gnutls_send_client_hello (gnutls_session_t session,
int again)
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- data = bufel->msg.data + bufel->mark;
-
+ data = _mbuffer_get_udata_ptr(bufel);
extdatalen = MAX_EXT_DATA_LENGTH
+
session->internals.resumed_security_parameters.
extensions.session_ticket_len;
+
extdata = gnutls_malloc (extdatalen);
if (extdata == NULL)
{
gnutls_assert ();
- gnutls_free (data);
return GNUTLS_E_MEMORY_ERROR;
}
@@ -2005,6 +2008,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int
again)
{
gnutls_assert ();
gnutls_free (bufel);
+ gnutls_free(extdata);
return GNUTLS_E_INTERNAL_ERROR;
}
@@ -2065,25 +2069,30 @@ _gnutls_send_client_hello (gnutls_session_t session,
int again)
session->security_parameters.entity == GNUTLS_CLIENT &&
gnutls_protocol_get_version (session) == GNUTLS_SSL3)
{
- datalen += extdatalen;
- bufel = _gnutls_handshake_realloc (bufel, datalen);
+ ret =
+ _gnutls_copy_ciphersuites (session, extdata, extdatalen, TRUE);
+ _gnutls_extension_list_add (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION);
+ }
+ else
+ ret = _gnutls_copy_ciphersuites (session, extdata, extdatalen, FALSE);
+
+ if (ret > 0)
+ {
+ bufel = _mbuffer_append_data (bufel, extdata, ret);
if (bufel == NULL)
{
gnutls_assert ();
gnutls_free (extdata);
return GNUTLS_E_MEMORY_ERROR;
}
- data = bufel->msg.data + bufel->mark;
-
- memcpy (&data[pos], extdata, ret);
- pos += ret;
-
}
else
{
if (extdatalen == 0)
extdatalen = GNUTLS_E_INTERNAL_ERROR;
gnutls_free (bufel);
+ gnutls_free(extdata);
gnutls_assert ();
return ret;
}
@@ -2094,29 +2103,24 @@ _gnutls_send_client_hello (gnutls_session_t session,
int again)
ret = _gnutls_copy_comp_methods (session, extdata, extdatalen);
if (ret > 0)
{
- datalen += extdatalen;
- bufel = _gnutls_handshake_realloc (bufel, datalen);
+ bufel = _mbuffer_append_data (bufel, extdata, ret);
if (bufel == NULL)
{
gnutls_assert ();
gnutls_free (extdata);
return GNUTLS_E_MEMORY_ERROR;
}
- data = bufel->msg.data + bufel->mark;
-
- memcpy (&data[pos], extdata, extdatalen);
- pos += extdatalen;
}
else
{
if (extdatalen == 0)
extdatalen = GNUTLS_E_INTERNAL_ERROR;
gnutls_free (bufel);
+ gnutls_free(extdata);
gnutls_assert ();
return ret;
}
-
/* Generate and copy TLS extensions.
*/
if (_gnutls_version_has_extensions (hver))
@@ -2129,38 +2133,29 @@ _gnutls_send_client_hello (gnutls_session_t session,
int again)
type = GNUTLS_EXT_NONE;
}
- if (extdatalen > 0)
- {
- datalen += extdatalen;
- bufel = _gnutls_handshake_realloc (bufel, datalen);
- if (bufel == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- data = bufel->msg.data + bufel->mark;
-
- memcpy (&data[pos], extdata, extdatalen);
- }
- else if (extdatalen < 0)
+ ret = _gnutls_gen_extensions (session, extdata, extdatalen, type);
+
+ if (ret > 0)
+ {
+ bufel = _mbuffer_append_data (bufel, extdata, ret);
+ if (bufel == NULL)
{
gnutls_assert ();
- gnutls_free (bufel);
- return extdatalen;
+ gnutls_free (extdata);
+ return GNUTLS_E_MEMORY_ERROR;
}
-
- memcpy (&data[pos], extdata, ret);
- }
+ }
else if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (data);
- gnutls_free (extdata);
- return ret;
- }
-
+ {
+ gnutls_assert ();
+ gnutls_free (bufel);
+ gnutls_free(extdata);
+ return ret;
+ }
}
+ gnutls_free(extdata);
+
ret = _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_CLIENT_HELLO);
return ret;
@@ -2222,7 +2217,7 @@ _gnutls_send_server_hello (gnutls_session_t session, int
again)
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- data = bufel->msg.data + bufel->mark;
+ data = _mbuffer_get_udata_ptr(bufel);
data[pos++] =
_gnutls_version_get_major (session->security_parameters.version);
@@ -2612,7 +2607,7 @@ _gnutls_send_supplemental (gnutls_session_t session, int
again)
return GNUTLS_E_MEMORY_ERROR;
}
- memcpy(bufel->msg.data + bufel->mark, buf.data, buf.length);
+ _mbuffer_set_udata(bufel, buf.data, buf.length);
_gnutls_buffer_clear (&buf);
ret = _gnutls_send_handshake (session, bufel,
@@ -2653,34 +2648,33 @@ _gnutls_recv_supplemental (gnutls_session_t session)
}
/**
- * gnutls_handshake - This is the main function in the handshake protocol.
- * @session: is a #gnutls_session_t structure.
- *
- * This function does the handshake of the TLS/SSL protocol, and
- * initializes the TLS connection.
- *
- * This function will fail if any problem is encountered, and will
- * return a negative error code. In case of a client, if the client
- * has asked to resume a session, but the server couldn't, then a
- * full handshake will be performed.
- *
- * The non-fatal errors such as %GNUTLS_E_AGAIN and
- * %GNUTLS_E_INTERRUPTED interrupt the handshake procedure, which
- * should be later be resumed. Call this function again, until it
- * returns 0; cf. gnutls_record_get_direction() and
- * gnutls_error_is_fatal().
- *
- * If this function is called by a server after a rehandshake request
- * then %GNUTLS_E_GOT_APPLICATION_DATA or
- * %GNUTLS_E_WARNING_ALERT_RECEIVED may be returned. Note that these
- * are non fatal errors, only in the specific case of a rehandshake.
- * Their meaning is that the client rejected the rehandshake request or
- * in the case of %GNUTLS_E_GOT_APPLICATION_DATA it might also mean that
- * some data were pending.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
- *
- **/
+ * gnutls_handshake:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function does the handshake of the TLS/SSL protocol, and
+ * initializes the TLS connection.
+ *
+ * This function will fail if any problem is encountered, and will
+ * return a negative error code. In case of a client, if the client
+ * has asked to resume a session, but the server couldn't, then a
+ * full handshake will be performed.
+ *
+ * The non-fatal errors such as %GNUTLS_E_AGAIN and
+ * %GNUTLS_E_INTERRUPTED interrupt the handshake procedure, which
+ * should be later be resumed. Call this function again, until it
+ * returns 0; cf. gnutls_record_get_direction() and
+ * gnutls_error_is_fatal().
+ *
+ * If this function is called by a server after a rehandshake request
+ * then %GNUTLS_E_GOT_APPLICATION_DATA or
+ * %GNUTLS_E_WARNING_ALERT_RECEIVED may be returned. Note that these
+ * are non fatal errors, only in the specific case of a rehandshake.
+ * Their meaning is that the client rejected the rehandshake request or
+ * in the case of %GNUTLS_E_GOT_APPLICATION_DATA it might also mean that
+ * some data were pending.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ **/
int
gnutls_handshake (gnutls_session_t session)
{
diff --git a/lib/gnutls_handshake.h b/lib/gnutls_handshake.h
index 860afac..4203b10 100644
--- a/lib/gnutls_handshake.h
+++ b/lib/gnutls_handshake.h
@@ -26,9 +26,6 @@
typedef enum Optional
{ OPTIONAL_PACKET, MANDATORY_PACKET } Optional;
-mbuffer_st* _gnutls_handshake_alloc(size_t size);
-mbuffer_st* _gnutls_handshake_realloc(mbuffer_st *bufel, size_t size);
-
int _gnutls_send_handshake (gnutls_session_t session, mbuffer_st *bufel,
gnutls_handshake_description_t type);
int _gnutls_recv_hello_request (gnutls_session_t session, void *data,
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 1ca2e12..d317486 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -203,12 +203,6 @@ typedef enum content_type_t
#define GNUTLS_PK_ANY (gnutls_pk_algorithm_t)-1
#define GNUTLS_PK_NONE (gnutls_pk_algorithm_t)-2
-typedef enum
-{
- HANDSHAKE_MAC_TYPE_10 = 1,
- HANDSHAKE_MAC_TYPE_12
-} handshake_mac_type_t;
-
/* Message buffers (mbuffers) structures */
typedef struct mbuffer_st
@@ -220,6 +214,7 @@ typedef struct mbuffer_st
message. Mark should only be non-zero when this buffer is the
head of the queue. */
size_t mark;
+ unsigned int user_mark; /* only used during fill in */
} mbuffer_st;
typedef struct mbuffer_head_st
@@ -231,6 +226,12 @@ typedef struct mbuffer_head_st
size_t byte_length;
} mbuffer_head_st;
+typedef enum
+{
+ HANDSHAKE_MAC_TYPE_10 = 1,
+ HANDSHAKE_MAC_TYPE_12
+} handshake_mac_type_t;
+
/* Store & Retrieve functions defines:
*/
diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c
index 1173160..9d3cae9 100644
--- a/lib/gnutls_kx.c
+++ b/lib/gnutls_kx.c
@@ -38,6 +38,7 @@
#include <gnutls_state.h>
#include <gnutls_datum.h>
#include <gnutls_rsa_export.h>
+#include <gnutls_mbuffers.h>
/* This is a temporary function to be used before the generate_*
internal API is changed to use mbuffers. For now we don't avoid the
@@ -64,7 +65,7 @@ send_handshake (gnutls_session_t session, opaque *data,
size_t size,
return GNUTLS_E_MEMORY_ERROR;
}
- memcpy(bufel->msg.data + bufel->mark, data, size);
+ _mbuffer_set_udata(bufel, data, size);
return _gnutls_send_handshake(session, bufel, type);
}
diff --git a/lib/gnutls_mbuffers.c b/lib/gnutls_mbuffers.c
index ace77b9..2c9e9d8 100644
--- a/lib/gnutls_mbuffers.c
+++ b/lib/gnutls_mbuffers.c
@@ -28,7 +28,7 @@
/* Here be mbuffers */
void
-_gnutls_mbuffer_init (mbuffer_head_st *buf)
+_mbuffer_init (mbuffer_head_st *buf)
{
buf->head = NULL;
buf->tail = &buf->head;
@@ -38,7 +38,7 @@ _gnutls_mbuffer_init (mbuffer_head_st *buf)
}
void
-_gnutls_mbuffer_clear (mbuffer_head_st *buf)
+_mbuffer_clear (mbuffer_head_st *buf)
{
mbuffer_st *bufel, *next;
@@ -48,11 +48,11 @@ _gnutls_mbuffer_clear (mbuffer_head_st *buf)
gnutls_free(bufel);
}
- _gnutls_mbuffer_init (buf);
+ _mbuffer_init (buf);
}
void
-_gnutls_mbuffer_enqueue (mbuffer_head_st *buf, mbuffer_st *bufel)
+_mbuffer_enqueue (mbuffer_head_st *buf, mbuffer_st *bufel)
{
bufel->next = NULL;
@@ -64,7 +64,7 @@ _gnutls_mbuffer_enqueue (mbuffer_head_st *buf, mbuffer_st
*bufel)
}
void
-_gnutls_mbuffer_get_head (mbuffer_head_st *buf, gnutls_datum_t *msg)
+_mbuffer_get_head (mbuffer_head_st *buf, gnutls_datum_t *msg)
{
mbuffer_st *bufel;
@@ -101,7 +101,7 @@ remove_front (mbuffer_head_st *buf)
}
int
-_gnutls_mbuffer_remove_bytes (mbuffer_head_st *buf, size_t bytes)
+_mbuffer_remove_bytes (mbuffer_head_st *buf, size_t bytes)
{
size_t left = bytes;
mbuffer_st *bufel, *next;
@@ -130,7 +130,7 @@ _gnutls_mbuffer_remove_bytes (mbuffer_head_st *buf, size_t
bytes)
}
mbuffer_st *
-_gnutls_mbuffer_alloc (size_t payload_size)
+_mbuffer_alloc (size_t payload_size)
{
mbuffer_st * st;
@@ -145,25 +145,24 @@ _gnutls_mbuffer_alloc (size_t payload_size)
st->msg.data = (opaque*)st + sizeof (mbuffer_st);
st->msg.size = payload_size;
st->mark = 0;
+ st->user_mark = 0;
st->next = NULL;
return st;
}
mbuffer_st*
-_gnutls_mbuffer_realloc (mbuffer_st *bufel, size_t payload_size)
+_mbuffer_append_data (mbuffer_st *bufel, void* newdata, size_t newdata_size)
{
- mbuffer_st *ret;
-
- ret = gnutls_realloc_fast (bufel, payload_size+sizeof (mbuffer_st));
- if (ret == NULL)
+ bufel = gnutls_realloc_fast (bufel, bufel->msg.size+newdata_size+sizeof
(mbuffer_st));
+ if (bufel == NULL)
{
gnutls_assert ();
return NULL;
}
+ bufel->msg.data = (opaque*)bufel + sizeof (mbuffer_st);
+ memcpy(&bufel->msg.data[bufel->msg.size], newdata, newdata_size);
+ bufel->msg.size += newdata_size;
- ret->msg.size = payload_size;
- ret->msg.data = (opaque*)ret + sizeof (mbuffer_st);
-
- return ret;
+ return bufel;
}
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 1209e0d..a3a0409 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -400,7 +400,7 @@ _gnutls_send_int (gnutls_session_t session, content_type_t
type,
/* now proceed to packet encryption
*/
cipher_size = data2send_size + MAX_RECORD_OVERHEAD;
- bufel = _gnutls_mbuffer_alloc (cipher_size);
+ bufel = _mbuffer_alloc (cipher_size);
if (bufel == NULL)
{
gnutls_assert ();
@@ -465,7 +465,7 @@ _gnutls_send_int (gnutls_session_t session, content_type_t
type,
(int)
_gnutls_uint64touint32
(&session->connection_state.write_sequence_number),
- _gnutls_packet2str (type), type, cipher_size);
+ _gnutls_packet2str (type), type, (int)cipher_size);
return retval;
}
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 4dbb815..eca8a64 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -295,10 +295,10 @@ gnutls_init (gnutls_session_t * session,
gnutls_connection_end_t con_end)
_gnutls_buffer_init (&(*session)->internals.handshake_hash_buffer);
_gnutls_buffer_init (&(*session)->internals.ia_data_buffer);
- _gnutls_mbuffer_init (&(*session)->internals.record_send_buffer);
+ _mbuffer_init (&(*session)->internals.record_send_buffer);
_gnutls_buffer_init (&(*session)->internals.record_recv_buffer);
- _gnutls_mbuffer_init (&(*session)->internals.handshake_send_buffer);
+ _mbuffer_init (&(*session)->internals.handshake_send_buffer);
_gnutls_buffer_init (&(*session)->internals.handshake_recv_buffer);
(*session)->key = gnutls_calloc (1, sizeof (struct gnutls_key_st));
@@ -394,7 +394,7 @@ gnutls_deinit (gnutls_session_t session)
_gnutls_buffer_clear (&session->internals.handshake_data_buffer);
_gnutls_buffer_clear (&session->internals.application_data_buffer);
_gnutls_buffer_clear (&session->internals.record_recv_buffer);
- _gnutls_mbuffer_clear (&session->internals.record_send_buffer);
+ _mbuffer_clear (&session->internals.record_send_buffer);
gnutls_credentials_clear (session);
_gnutls_selected_certs_deinit (session);
@@ -917,7 +917,6 @@ _gnutls_PRF (gnutls_session_t session,
memcpy (s_seed, label, label_size);
memcpy (&s_seed[label_size], seed, seed_size);
-
if (_gnutls_version_has_selectable_prf (ver))
{
result =
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-213-g743dedc,
Nikos Mavrogiannopoulos <=