|
Packit |
549fdc |
/*
|
|
Packit |
549fdc |
* Copyright (C) 2000-2016 Free Software Foundation, Inc.
|
|
Packit |
549fdc |
* Copyright (C) 2015-2017 Red Hat, Inc.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Author: Nikos Mavrogiannopoulos
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* This file is part of GnuTLS.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit |
549fdc |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit |
549fdc |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit |
549fdc |
* the License, or (at your option) any later version.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* This library is distributed in the hope that it will be useful, but
|
|
Packit |
549fdc |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
549fdc |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
549fdc |
* Lesser General Public License for more details.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit |
549fdc |
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#ifndef GNUTLS_INT_H
|
|
Packit |
549fdc |
#define GNUTLS_INT_H
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#ifdef HAVE_CONFIG_H
|
|
Packit |
549fdc |
#include <config.h>
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#include <stddef.h>
|
|
Packit |
549fdc |
#include <string.h>
|
|
Packit |
549fdc |
#include <stdlib.h>
|
|
Packit |
549fdc |
#include <stdio.h>
|
|
Packit |
549fdc |
#include <ctype.h>
|
|
Packit |
549fdc |
#include <limits.h>
|
|
Packit |
549fdc |
#include <stdint.h>
|
|
Packit |
549fdc |
#include <stdbool.h>
|
|
Packit |
549fdc |
#include <assert.h>
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* For some reason gnulib likes to provide alternatives for
|
|
Packit |
549fdc |
* functions it doesn't include. Even worse these functions seem
|
|
Packit |
549fdc |
* to be available on the target systems.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
#undef strdup
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#ifdef NO_SSIZE_T
|
|
Packit |
549fdc |
#define HAVE_SSIZE_T
|
|
Packit |
549fdc |
typedef int ssize_t;
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#include <sys/types.h>
|
|
Packit |
549fdc |
#include <unistd.h>
|
|
Packit |
549fdc |
#include <sys/stat.h>
|
|
Packit |
549fdc |
#if HAVE_SYS_SOCKET_H
|
|
Packit |
549fdc |
#include <sys/socket.h>
|
|
Packit |
549fdc |
#elif HAVE_WS2TCPIP_H
|
|
Packit |
549fdc |
#include <ws2tcpip.h>
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
#include <time.h>
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#ifdef HAVE_LIBNETTLE
|
|
Packit |
549fdc |
#include <nettle/memxor.h>
|
|
Packit |
549fdc |
#else
|
|
Packit |
549fdc |
#include <gl/memxor.h>
|
|
Packit |
549fdc |
#define memxor gl_memxor
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define ENABLE_ALIGN16
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#ifdef __GNUC__
|
|
Packit |
549fdc |
#ifndef _GNUTLS_GCC_VERSION
|
|
Packit |
549fdc |
#define _GNUTLS_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
#if _GNUTLS_GCC_VERSION >= 30100
|
|
Packit |
549fdc |
#define likely(x) __builtin_expect((x), 1)
|
|
Packit |
549fdc |
#define unlikely(x) __builtin_expect((x), 0)
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
#if _GNUTLS_GCC_VERSION >= 70100
|
|
Packit |
549fdc |
#define FALLTHROUGH __attribute__ ((fallthrough))
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#ifndef FALLTHROUGH
|
|
Packit |
549fdc |
# define FALLTHROUGH
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#ifndef likely
|
|
Packit |
549fdc |
#define likely
|
|
Packit |
549fdc |
#define unlikely
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* some systems had problems with long long int, thus,
|
|
Packit |
549fdc |
* it is not used.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
typedef struct {
|
|
Packit |
549fdc |
unsigned char i[8];
|
|
Packit |
549fdc |
} gnutls_uint64;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#include <gnutls/gnutls.h>
|
|
Packit |
549fdc |
#include <gnutls/dtls.h>
|
|
Packit |
549fdc |
#include <gnutls/abstract.h>
|
|
Packit |
549fdc |
#include <gnutls/socket.h>
|
|
Packit |
549fdc |
#include <system.h>
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* in case we compile with system headers taking priority, we
|
|
Packit |
549fdc |
* make sure that some new attributes are still available.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
#ifndef __GNUTLS_CONST__
|
|
Packit |
549fdc |
# define __GNUTLS_CONST__
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* The size of a handshake message should not
|
|
Packit |
549fdc |
* be larger than this value.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
#define MAX_HANDSHAKE_PACKET_SIZE 128*1024
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* The maximum digest size of hash algorithms.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
#define MAX_FILENAME 512
|
|
Packit |
549fdc |
#define MAX_HASH_SIZE 64
|
|
Packit |
549fdc |
#define MAX_CIPHER_BLOCK_SIZE 16
|
|
Packit |
549fdc |
#define MAX_CIPHER_KEY_SIZE 32
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define MAX_USERNAME_SIZE 128
|
|
Packit |
549fdc |
#define MAX_SERVER_NAME_SIZE 256
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define AEAD_EXPLICIT_DATA_SIZE 8
|
|
Packit |
549fdc |
#define AEAD_IMPLICIT_DATA_SIZE 4
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define GNUTLS_MASTER_SIZE 48
|
|
Packit |
549fdc |
#define GNUTLS_RANDOM_SIZE 32
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* DTLS */
|
|
Packit |
549fdc |
#define DTLS_RETRANS_TIMEOUT 1000
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* TLS Extensions */
|
|
Packit |
549fdc |
/* we can receive up to MAX_EXT_TYPES extensions.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
#define MAX_EXT_TYPES 32
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* TLS-internal extension (will be parsed after a ciphersuite is selected).
|
|
Packit |
549fdc |
* This amends the gnutls_ext_parse_type_t. Not exported yet to allow more refining
|
|
Packit |
549fdc |
* prior to finalizing an API. */
|
|
Packit |
549fdc |
#define _GNUTLS_EXT_TLS_POST_CS 177
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* expire time for resuming sessions */
|
|
Packit |
549fdc |
#define DEFAULT_EXPIRE_TIME 3600
|
|
Packit |
549fdc |
#define DEFAULT_HANDSHAKE_TIMEOUT_MS 40*1000
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* The EC group to be used when the extension
|
|
Packit |
549fdc |
* supported groups/curves is not present */
|
|
Packit |
549fdc |
#define DEFAULT_EC_GROUP GNUTLS_GROUP_SECP256R1
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef enum transport_t {
|
|
Packit |
549fdc |
GNUTLS_STREAM,
|
|
Packit |
549fdc |
GNUTLS_DGRAM
|
|
Packit |
549fdc |
} transport_t;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef enum record_flush_t {
|
|
Packit |
549fdc |
RECORD_FLUSH = 0,
|
|
Packit |
549fdc |
RECORD_CORKED,
|
|
Packit |
549fdc |
} record_flush_t;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* the maximum size of encrypted packets */
|
|
Packit |
549fdc |
#define IS_DTLS(session) (session->internals.transport == GNUTLS_DGRAM)
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define DEFAULT_MAX_RECORD_SIZE 16384
|
|
Packit |
549fdc |
#define TLS_RECORD_HEADER_SIZE 5
|
|
Packit |
549fdc |
#define DTLS_RECORD_HEADER_SIZE (TLS_RECORD_HEADER_SIZE+8)
|
|
Packit |
549fdc |
#define RECORD_HEADER_SIZE(session) (IS_DTLS(session) ? DTLS_RECORD_HEADER_SIZE : TLS_RECORD_HEADER_SIZE)
|
|
Packit |
549fdc |
#define MAX_RECORD_HEADER_SIZE DTLS_RECORD_HEADER_SIZE
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* The following macro is used to calculate the overhead when sending.
|
|
Packit |
549fdc |
* when receiving we use a different way as there are implementations that
|
|
Packit |
549fdc |
* store more data than allowed.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
#define MAX_RECORD_SEND_OVERHEAD(session) (MAX_CIPHER_BLOCK_SIZE/*iv*/+MAX_PAD_SIZE+MAX_HASH_SIZE/*MAC*/)
|
|
Packit |
549fdc |
#define MAX_RECORD_SEND_SIZE(session) (IS_DTLS(session)? \
|
|
Packit |
549fdc |
(MIN((size_t)gnutls_dtls_get_mtu(session), (size_t)session->security_parameters.max_record_send_size+MAX_RECORD_SEND_OVERHEAD(session))): \
|
|
Packit |
549fdc |
((size_t)session->security_parameters.max_record_send_size+MAX_RECORD_SEND_OVERHEAD(session)))
|
|
Packit |
549fdc |
#define MAX_PAD_SIZE 255
|
|
Packit |
549fdc |
#define EXTRA_COMP_SIZE 2048
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define TLS_HANDSHAKE_HEADER_SIZE 4
|
|
Packit |
549fdc |
#define DTLS_HANDSHAKE_HEADER_SIZE (TLS_HANDSHAKE_HEADER_SIZE+8)
|
|
Packit |
549fdc |
#define HANDSHAKE_HEADER_SIZE(session) (IS_DTLS(session) ? DTLS_HANDSHAKE_HEADER_SIZE : TLS_HANDSHAKE_HEADER_SIZE)
|
|
Packit |
549fdc |
#define MAX_HANDSHAKE_HEADER_SIZE DTLS_HANDSHAKE_HEADER_SIZE
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Maximum seed size for provable parameters */
|
|
Packit |
549fdc |
#define MAX_PVP_SEED_SIZE 256
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* This is the maximum handshake message size we send without
|
|
Packit |
549fdc |
fragmentation. This currently ignores record layer overhead. */
|
|
Packit |
549fdc |
#define DTLS_DEFAULT_MTU 1200
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* the maximum size of the DTLS cookie */
|
|
Packit |
549fdc |
#define DTLS_MAX_COOKIE_SIZE 32
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* The maximum number of HELLO_VERIFY_REQUEST messages the client
|
|
Packit |
549fdc |
processes before aborting. */
|
|
Packit |
549fdc |
#define MAX_HANDSHAKE_HELLO_VERIFY_REQUESTS 5
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define MAX_PK_PARAM_SIZE 2048
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* defaults for verification functions
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
#define DEFAULT_MAX_VERIFY_DEPTH 16
|
|
Packit |
549fdc |
#define DEFAULT_MAX_VERIFY_BITS (MAX_PK_PARAM_SIZE*8)
|
|
Packit |
549fdc |
#define MAX_VERIFY_DEPTH 4096
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#include <mem.h>
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define MEMSUB(x,y) ((ssize_t)((ptrdiff_t)x-(ptrdiff_t)y))
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define DECR_LEN(len, x) do { len-=x; if (len<0) {gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;} } while (0)
|
|
Packit |
549fdc |
#define DECR_LEN_FINAL(len, x) do { \
|
|
Packit |
549fdc |
len-=x; \
|
|
Packit |
549fdc |
if (len != 0) \
|
|
Packit |
549fdc |
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); \
|
|
Packit |
549fdc |
} while (0)
|
|
Packit |
549fdc |
#define DECR_LENGTH_RET(len, x, RET) do { len-=x; if (len<0) {gnutls_assert(); return RET;} } while (0)
|
|
Packit |
549fdc |
#define DECR_LENGTH_COM(len, x, COM) do { len-=x; if (len<0) {gnutls_assert(); COM;} } while (0)
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
|
|
Packit |
549fdc |
#define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define GNUTLS_KX_INVALID (-1)
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef struct {
|
|
Packit |
549fdc |
uint8_t pint[3];
|
|
Packit |
549fdc |
} uint24;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#include <mpi.h>
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef enum handshake_state_t { STATE0 = 0, STATE1, STATE2,
|
|
Packit |
549fdc |
STATE3, STATE4, STATE5, STATE6, STATE7, STATE8,
|
|
Packit |
549fdc |
STATE9, STATE10, STATE11, STATE12, STATE13, STATE14,
|
|
Packit |
549fdc |
STATE15, STATE16, STATE17, STATE18, STATE19,
|
|
Packit |
549fdc |
STATE20 = 20, STATE21, STATE22,
|
|
Packit |
549fdc |
STATE30 = 30, STATE31, STATE40 = 40, STATE41, STATE50 = 50
|
|
Packit |
549fdc |
} handshake_state_t;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef enum bye_state_t {
|
|
Packit |
549fdc |
BYE_STATE0 = 0, BYE_STATE1, BYE_STATE2
|
|
Packit |
549fdc |
} bye_state_t;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define BYE_STATE session->internals.bye_state
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef enum heartbeat_state_t {
|
|
Packit |
549fdc |
SHB_SEND1 = 0,
|
|
Packit |
549fdc |
SHB_SEND2,
|
|
Packit |
549fdc |
SHB_RECV
|
|
Packit |
549fdc |
} heartbeat_state_t;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef enum recv_state_t {
|
|
Packit |
549fdc |
RECV_STATE_0 = 0,
|
|
Packit |
549fdc |
RECV_STATE_DTLS_RETRANSMIT,
|
|
Packit |
549fdc |
RECV_STATE_FALSE_START_HANDLING, /* we are calling gnutls_handshake() within record_recv() */
|
|
Packit |
549fdc |
RECV_STATE_FALSE_START /* gnutls_record_recv() should complete the handshake */
|
|
Packit |
549fdc |
} recv_state_t;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#include "str.h"
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* This is the maximum number of algorithms (ciphers or macs etc).
|
|
Packit |
549fdc |
* keep it synced with GNUTLS_MAX_ALGORITHM_NUM in gnutls.h
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
#define MAX_ALGOS GNUTLS_MAX_ALGORITHM_NUM
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
typedef enum extensions_t {
|
|
Packit |
549fdc |
GNUTLS_EXTENSION_SERVER_NAME = 0,
|
|
Packit |
549fdc |
GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1,
|
|
Packit |
549fdc |
GNUTLS_EXTENSION_STATUS_REQUEST = 5,
|
|
Packit |
549fdc |
GNUTLS_EXTENSION_CERT_TYPE = 9,
|
|
Packit |
549fdc |
GNUTLS_EXTENSION_SUPPORTED_ECC = 10,
|
|
Packit |
549fdc |
GNUTLS_EXTENSION_SUPPORTED_ECC_PF = 11,
|
|
Packit |
549fdc |
GNUTLS_EXTENSION_SRP = 12,
|
|
Packit |
549fdc |
GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS = 13,
|
|
Packit |
549fdc |
GNUTLS_EXTENSION_SRTP = 14,
|
|
Packit |
549fdc |
GNUTLS_EXTENSION_HEARTBEAT = 15,
|
|
Packit |
549fdc |
GNUTLS_EXTENSION_ALPN = 16,
|
|
Packit |
549fdc |
GNUTLS_EXTENSION_DUMBFW = 21,
|
|
Packit |
549fdc |
GNUTLS_EXTENSION_ETM = 22,
|
|
Packit |
549fdc |
GNUTLS_EXTENSION_EXT_MASTER_SECRET = 23,
|
|
Packit |
549fdc |
GNUTLS_EXTENSION_SESSION_TICKET = 35,
|
|
Packit |
549fdc |
GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281 /* aka: 0xff01 */
|
|
Packit |
549fdc |
} extensions_t;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef enum { CIPHER_STREAM, CIPHER_BLOCK, CIPHER_AEAD } cipher_type_t;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define RESUME_TRUE 1
|
|
Packit |
549fdc |
#define RESUME_FALSE 0
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Record Protocol */
|
|
Packit |
549fdc |
typedef enum content_type_t {
|
|
Packit |
549fdc |
GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT,
|
|
Packit |
549fdc |
GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA,
|
|
Packit |
549fdc |
GNUTLS_HEARTBEAT
|
|
Packit |
549fdc |
} content_type_t;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define GNUTLS_PK_ANY (gnutls_pk_algorithm_t)-1
|
|
Packit |
549fdc |
#define GNUTLS_PK_NONE (gnutls_pk_algorithm_t)-2
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define GNUTLS_PK_IS_RSA(pk) ((pk) == GNUTLS_PK_RSA || (pk) == GNUTLS_PK_RSA_PSS)
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Message buffers (mbuffers) structures */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* this is actually the maximum number of distinct handshake
|
|
Packit |
549fdc |
* messages that can arrive in a single flight
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
#define MAX_HANDSHAKE_MSGS 6
|
|
Packit |
549fdc |
typedef struct {
|
|
Packit |
549fdc |
/* Handshake layer type and sequence of message */
|
|
Packit |
549fdc |
gnutls_handshake_description_t htype;
|
|
Packit |
549fdc |
uint32_t length;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* valid in DTLS */
|
|
Packit |
549fdc |
uint16_t sequence;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* indicate whether that message is complete.
|
|
Packit |
549fdc |
* complete means start_offset == 0 and end_offset == length
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
uint32_t start_offset;
|
|
Packit |
549fdc |
uint32_t end_offset;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
uint8_t header[MAX_HANDSHAKE_HEADER_SIZE];
|
|
Packit |
549fdc |
int header_size;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_buffer_st data;
|
|
Packit |
549fdc |
} handshake_buffer_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef struct mbuffer_st {
|
|
Packit |
549fdc |
/* when used in mbuffer_head_st */
|
|
Packit |
549fdc |
struct mbuffer_st *next;
|
|
Packit |
549fdc |
struct mbuffer_st *prev;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* msg->size - mark = number of bytes left to process in this
|
|
Packit |
549fdc |
message. Mark should only be non-zero when this buffer is the
|
|
Packit |
549fdc |
head of the queue. */
|
|
Packit |
549fdc |
size_t mark;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* the data */
|
|
Packit |
549fdc |
gnutls_datum_t msg;
|
|
Packit |
549fdc |
size_t maximum_size;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* used during fill in, to separate header from data
|
|
Packit |
549fdc |
* body. */
|
|
Packit |
549fdc |
unsigned int uhead_mark;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Filled in by record layer on recv:
|
|
Packit |
549fdc |
* type, record_sequence
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* record layer content type */
|
|
Packit |
549fdc |
content_type_t type;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* record layer sequence */
|
|
Packit |
549fdc |
gnutls_uint64 record_sequence;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Filled in by handshake layer on send:
|
|
Packit |
549fdc |
* type, epoch, htype, handshake_sequence
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Record layer epoch of message */
|
|
Packit |
549fdc |
uint16_t epoch;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Handshake layer type and sequence of message */
|
|
Packit |
549fdc |
gnutls_handshake_description_t htype;
|
|
Packit |
549fdc |
uint16_t handshake_sequence;
|
|
Packit |
549fdc |
} mbuffer_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef struct mbuffer_head_st {
|
|
Packit |
549fdc |
mbuffer_st *head;
|
|
Packit |
549fdc |
mbuffer_st *tail;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
unsigned int length;
|
|
Packit |
549fdc |
size_t byte_length;
|
|
Packit |
549fdc |
} mbuffer_head_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Store & Retrieve functions defines:
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef struct auth_cred_st {
|
|
Packit |
549fdc |
gnutls_credentials_type_t algorithm;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* the type of credentials depends on algorithm
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
void *credentials;
|
|
Packit |
549fdc |
struct auth_cred_st *next;
|
|
Packit |
549fdc |
} auth_cred_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
struct gnutls_key_st {
|
|
Packit |
549fdc |
/* For ECDH KX */
|
|
Packit |
549fdc |
gnutls_pk_params_st ecdh_params; /* private part */
|
|
Packit |
549fdc |
/* public part */
|
|
Packit |
549fdc |
bigint_t ecdh_x;
|
|
Packit |
549fdc |
bigint_t ecdh_y;
|
|
Packit |
549fdc |
gnutls_datum_t ecdhx; /* public key used in ECDHX (point) */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* For DH KX */
|
|
Packit |
549fdc |
gnutls_datum_t key;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* For DH KX */
|
|
Packit |
549fdc |
gnutls_pk_params_st dh_params;
|
|
Packit |
549fdc |
bigint_t client_Y;
|
|
Packit |
549fdc |
/* for SRP */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
bigint_t srp_key;
|
|
Packit |
549fdc |
bigint_t srp_g;
|
|
Packit |
549fdc |
bigint_t srp_p;
|
|
Packit |
549fdc |
bigint_t A;
|
|
Packit |
549fdc |
bigint_t B;
|
|
Packit |
549fdc |
bigint_t u;
|
|
Packit |
549fdc |
bigint_t b;
|
|
Packit |
549fdc |
bigint_t a;
|
|
Packit |
549fdc |
bigint_t x;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* this is used to hold the peers authentication data
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
/* auth_info_t structures SHOULD NOT contain malloced
|
|
Packit |
549fdc |
* elements. Check gnutls_session_pack.c, and gnutls_auth.c.
|
|
Packit |
549fdc |
* Remember that this should be calloced!
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
void *auth_info;
|
|
Packit |
549fdc |
gnutls_credentials_type_t auth_info_type;
|
|
Packit |
549fdc |
int auth_info_size; /* needed in order to store to db for restoring
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
uint8_t crypt_algo;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
auth_cred_st *cred; /* used to specify keys/certificates etc */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
};
|
|
Packit |
549fdc |
typedef struct gnutls_key_st gnutls_key_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
struct pin_info_st {
|
|
Packit |
549fdc |
gnutls_pin_callback_t cb;
|
|
Packit |
549fdc |
void *data;
|
|
Packit |
549fdc |
};
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
struct record_state_st;
|
|
Packit |
549fdc |
typedef struct record_state_st record_state_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
struct record_parameters_st;
|
|
Packit |
549fdc |
typedef struct record_parameters_st record_parameters_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* cipher and mac parameters */
|
|
Packit |
549fdc |
typedef struct cipher_entry_st {
|
|
Packit |
549fdc |
const char *name;
|
|
Packit |
549fdc |
gnutls_cipher_algorithm_t id;
|
|
Packit |
549fdc |
uint16_t blocksize;
|
|
Packit |
549fdc |
uint16_t keysize;
|
|
Packit |
549fdc |
cipher_type_t type;
|
|
Packit |
549fdc |
uint16_t implicit_iv; /* the size of implicit IV - the IV generated but not sent */
|
|
Packit |
549fdc |
uint16_t explicit_iv; /* the size of explicit IV - the IV stored in record */
|
|
Packit |
549fdc |
uint16_t cipher_iv; /* the size of IV needed by the cipher */
|
|
Packit |
549fdc |
uint16_t tagsize;
|
|
Packit |
549fdc |
bool xor_nonce; /* In this TLS AEAD cipher xor the implicit_iv with the nonce */
|
|
Packit |
549fdc |
bool only_aead; /* When set, this cipher is only available through the new AEAD API */
|
|
Packit |
549fdc |
} cipher_entry_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef struct gnutls_cipher_suite_entry_st {
|
|
Packit |
549fdc |
const char *name;
|
|
Packit |
549fdc |
const uint8_t id[2];
|
|
Packit |
549fdc |
gnutls_cipher_algorithm_t block_algorithm;
|
|
Packit |
549fdc |
gnutls_kx_algorithm_t kx_algorithm;
|
|
Packit |
549fdc |
gnutls_mac_algorithm_t mac_algorithm;
|
|
Packit |
549fdc |
gnutls_protocol_t min_version; /* this cipher suite is supported
|
|
Packit |
549fdc |
* from 'version' and above;
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
gnutls_protocol_t min_dtls_version; /* DTLS min version */
|
|
Packit |
549fdc |
gnutls_mac_algorithm_t prf;
|
|
Packit |
549fdc |
} gnutls_cipher_suite_entry_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef struct gnutls_group_entry_st {
|
|
Packit |
549fdc |
const char *name;
|
|
Packit |
549fdc |
gnutls_group_t id;
|
|
Packit |
549fdc |
const gnutls_datum_t *prime;
|
|
Packit |
549fdc |
const gnutls_datum_t *generator;
|
|
Packit |
549fdc |
const unsigned *q_bits;
|
|
Packit |
549fdc |
gnutls_ecc_curve_t curve;
|
|
Packit |
549fdc |
gnutls_pk_algorithm_t pk;
|
|
Packit |
549fdc |
unsigned tls_id; /* The RFC4492 namedCurve ID or TLS 1.3 group ID */
|
|
Packit |
549fdc |
} gnutls_group_entry_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* This structure is used both for MACs and digests
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
typedef struct mac_entry_st {
|
|
Packit |
549fdc |
const char *name;
|
|
Packit |
549fdc |
const char *oid; /* OID of the hash - if it is a hash */
|
|
Packit |
549fdc |
const char *mac_oid; /* OID of the MAC algorithm - if it is a MAC */
|
|
Packit |
549fdc |
gnutls_mac_algorithm_t id;
|
|
Packit |
549fdc |
unsigned output_size;
|
|
Packit |
549fdc |
unsigned key_size;
|
|
Packit |
549fdc |
unsigned nonce_size;
|
|
Packit |
549fdc |
unsigned placeholder; /* if set, then not a real MAC */
|
|
Packit |
549fdc |
unsigned block_size; /* internal block size for HMAC */
|
|
Packit |
549fdc |
unsigned preimage_insecure; /* if this algorithm should not be trusted for pre-image attacks */
|
|
Packit |
549fdc |
} mac_entry_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef struct {
|
|
Packit |
549fdc |
const char *name;
|
|
Packit |
549fdc |
gnutls_protocol_t id; /* gnutls internal version number */
|
|
Packit |
549fdc |
unsigned age; /* internal ordering by protocol age */
|
|
Packit |
549fdc |
uint8_t major; /* defined by the protocol */
|
|
Packit |
549fdc |
uint8_t minor; /* defined by the protocol */
|
|
Packit |
549fdc |
transport_t transport; /* Type of transport, stream or datagram */
|
|
Packit |
549fdc |
bool supported; /* 0 not supported, > 0 is supported */
|
|
Packit |
549fdc |
bool explicit_iv;
|
|
Packit |
549fdc |
bool extensions; /* whether it supports extensions */
|
|
Packit |
549fdc |
bool selectable_sighash; /* whether signatures can be selected */
|
|
Packit |
549fdc |
bool selectable_prf; /* whether the PRF is ciphersuite-defined */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* if SSL3 is disabled this flag indicates that this protocol is a placeholder,
|
|
Packit |
549fdc |
* otherwise it prevents this protocol from being set as record version */
|
|
Packit |
549fdc |
bool obsolete;
|
|
Packit |
549fdc |
bool false_start; /* That version can be used with false start */
|
|
Packit |
549fdc |
} version_entry_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* STATE (cont) */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#include <hash_int.h>
|
|
Packit |
549fdc |
#include <cipher_int.h>
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef struct {
|
|
Packit |
549fdc |
uint8_t id[2]; /* used to be (in TLS 1.2) hash algorithm , PK algorithm */
|
|
Packit |
549fdc |
} sign_algorithm_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* This structure holds parameters got from TLS extension
|
|
Packit |
549fdc |
* mechanism. (some extensions may hold parameters in auth_info_t
|
|
Packit |
549fdc |
* structures also - see SRP).
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define MAX_VERIFY_DATA_SIZE 36 /* in SSL 3.0, 12 in TLS 1.0 */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* auth_info_t structures now MAY contain malloced
|
|
Packit |
549fdc |
* elements.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* This structure and auth_info_t, are stored in the resume database,
|
|
Packit |
549fdc |
* and are restored, in case of resume.
|
|
Packit |
549fdc |
* Holds all the required parameters to resume the current
|
|
Packit |
549fdc |
* session.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Note that the security parameters structure is set up after the
|
|
Packit |
549fdc |
* handshake has finished. The only value you may depend on while
|
|
Packit |
549fdc |
* the handshake is in progress is the cipher suite value.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
typedef struct {
|
|
Packit |
549fdc |
unsigned int entity; /* GNUTLS_SERVER or GNUTLS_CLIENT */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* The epoch used to read and write */
|
|
Packit |
549fdc |
uint16_t epoch_read;
|
|
Packit |
549fdc |
uint16_t epoch_write;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* The epoch that the next handshake will initialize. */
|
|
Packit |
549fdc |
uint16_t epoch_next;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* The epoch at index 0 of record_parameters. */
|
|
Packit |
549fdc |
uint16_t epoch_min;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* this is the ciphersuite we are going to use
|
|
Packit |
549fdc |
* moved here from internals in order to be restored
|
|
Packit |
549fdc |
* on resume;
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
const struct gnutls_cipher_suite_entry_st *cs;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* This is kept outside the ciphersuite entry as on certain
|
|
Packit |
549fdc |
* TLS versions we need a separate PRF MAC, i.e., MD5_SHA1. */
|
|
Packit |
549fdc |
gnutls_mac_algorithm_t prf_mac;
|
|
Packit |
549fdc |
uint8_t master_secret[GNUTLS_MASTER_SIZE];
|
|
Packit |
549fdc |
uint8_t client_random[GNUTLS_RANDOM_SIZE];
|
|
Packit |
549fdc |
uint8_t server_random[GNUTLS_RANDOM_SIZE];
|
|
Packit |
549fdc |
uint8_t session_id[GNUTLS_MAX_SESSION_ID_SIZE];
|
|
Packit |
549fdc |
uint8_t session_id_size;
|
|
Packit |
549fdc |
time_t timestamp;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* The send size is the one requested by the programmer.
|
|
Packit |
549fdc |
* The recv size is the one negotiated with the peer.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
uint16_t max_record_send_size;
|
|
Packit |
549fdc |
uint16_t max_record_recv_size;
|
|
Packit |
549fdc |
/* holds the negotiated certificate type */
|
|
Packit |
549fdc |
gnutls_certificate_type_t cert_type;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* The selected (after server hello EC or DH group */
|
|
Packit |
549fdc |
const gnutls_group_entry_st *grp;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Holds the signature algorithm that will be used in this session,
|
|
Packit |
549fdc |
* selected by the server at the time of Ciphersuite/certificate
|
|
Packit |
549fdc |
* selection - see select_sign_algorithm() */
|
|
Packit |
549fdc |
gnutls_sign_algorithm_t server_sign_algo;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Holds the signature algorithm used in this session - If any */
|
|
Packit |
549fdc |
gnutls_sign_algorithm_t client_sign_algo;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Whether the master secret negotiation will be according to
|
|
Packit |
549fdc |
* draft-ietf-tls-session-hash-01
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
uint8_t ext_master_secret;
|
|
Packit |
549fdc |
/* encrypt-then-mac -> rfc7366 */
|
|
Packit |
549fdc |
uint8_t etm;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Note: if you add anything in Security_Parameters struct, then
|
|
Packit |
549fdc |
* also modify CPY_COMMON in gnutls_constate.c, and gnutls_session_pack.c,
|
|
Packit |
549fdc |
* in order to save it in the session storage.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Used by extensions that enable supplemental data: Which ones
|
|
Packit |
549fdc |
* do that? Do they belong in security parameters?
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
int do_recv_supplemental, do_send_supplemental;
|
|
Packit |
549fdc |
const version_entry_st *pversion;
|
|
Packit |
549fdc |
} security_parameters_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
struct record_state_st {
|
|
Packit |
549fdc |
gnutls_datum_t mac_secret;
|
|
Packit |
549fdc |
gnutls_datum_t IV;
|
|
Packit |
549fdc |
gnutls_datum_t key;
|
|
Packit |
549fdc |
auth_cipher_hd_st cipher_state;
|
|
Packit |
549fdc |
gnutls_uint64 sequence_number;
|
|
Packit |
549fdc |
};
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* These are used to resolve relative epochs. These values are just
|
|
Packit |
549fdc |
outside the 16 bit range to prevent off-by-one errors. An absolute
|
|
Packit |
549fdc |
epoch may be referred to by its numeric id in the range
|
|
Packit |
549fdc |
0x0000-0xffff. */
|
|
Packit |
549fdc |
#define EPOCH_READ_CURRENT 70000
|
|
Packit |
549fdc |
#define EPOCH_WRITE_CURRENT 70001
|
|
Packit |
549fdc |
#define EPOCH_NEXT 70002
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
struct record_parameters_st {
|
|
Packit |
549fdc |
uint16_t epoch;
|
|
Packit |
549fdc |
int initialized;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
const cipher_entry_st *cipher;
|
|
Packit |
549fdc |
bool etm;
|
|
Packit |
549fdc |
const mac_entry_st *mac;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* for DTLS sliding window */
|
|
Packit |
549fdc |
uint64_t dtls_sw_next; /* The end point (next expected packet) of the sliding window without epoch */
|
|
Packit |
549fdc |
uint64_t dtls_sw_bits;
|
|
Packit |
549fdc |
unsigned dtls_sw_have_recv; /* whether at least a packet has been received */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
record_state_st read;
|
|
Packit |
549fdc |
record_state_st write;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Whether this state is in use, i.e., if there is
|
|
Packit |
549fdc |
a pending handshake message waiting to be encrypted
|
|
Packit |
549fdc |
under this epoch's parameters.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
int usage_cnt;
|
|
Packit |
549fdc |
};
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef struct {
|
|
Packit |
549fdc |
unsigned int priority[MAX_ALGOS];
|
|
Packit |
549fdc |
unsigned int algorithms;
|
|
Packit |
549fdc |
} priority_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef enum {
|
|
Packit |
549fdc |
SR_DISABLED,
|
|
Packit |
549fdc |
SR_UNSAFE,
|
|
Packit |
549fdc |
SR_PARTIAL,
|
|
Packit |
549fdc |
SR_SAFE
|
|
Packit |
549fdc |
} safe_renegotiation_t;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define MAX_CIPHERSUITE_SIZE 256
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef struct ciphersuite_list_st {
|
|
Packit |
549fdc |
const gnutls_cipher_suite_entry_st *entry[MAX_CIPHERSUITE_SIZE];
|
|
Packit |
549fdc |
unsigned int size;
|
|
Packit |
549fdc |
} ciphersuite_list_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef struct group_list_st {
|
|
Packit |
549fdc |
const gnutls_group_entry_st *entry[MAX_ALGOS];
|
|
Packit |
549fdc |
unsigned int size;
|
|
Packit |
549fdc |
bool have_ffdhe;
|
|
Packit |
549fdc |
} group_list_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef struct sign_algo_list_st {
|
|
Packit |
549fdc |
const struct gnutls_sign_entry_st *entry[MAX_ALGOS];
|
|
Packit |
549fdc |
unsigned int size;
|
|
Packit |
549fdc |
} sign_algo_list_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#include "atomic.h"
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* For the external api */
|
|
Packit |
549fdc |
struct gnutls_priority_st {
|
|
Packit |
549fdc |
priority_st protocol;
|
|
Packit |
549fdc |
priority_st cert_type;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* The following are not necessary to be stored in
|
|
Packit |
549fdc |
* the structure; however they are required by the
|
|
Packit |
549fdc |
* external APIs: gnutls_priority_*_list() */
|
|
Packit |
549fdc |
priority_st _cipher;
|
|
Packit |
549fdc |
priority_st _mac;
|
|
Packit |
549fdc |
priority_st _kx;
|
|
Packit |
549fdc |
priority_st _sign_algo;
|
|
Packit |
549fdc |
priority_st _supported_ecc;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* the supported groups */
|
|
Packit |
549fdc |
group_list_st groups;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* the supported signature algorithms */
|
|
Packit |
549fdc |
sign_algo_list_st sigalg;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* the supported ciphersuites */
|
|
Packit |
549fdc |
ciphersuite_list_st cs;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* to disable record padding */
|
|
Packit |
549fdc |
bool no_extensions;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
safe_renegotiation_t sr;
|
|
Packit |
549fdc |
bool min_record_version;
|
|
Packit |
549fdc |
bool server_precedence;
|
|
Packit |
549fdc |
bool allow_server_key_usage_violation; /* for test suite purposes only */
|
|
Packit |
549fdc |
bool no_tickets;
|
|
Packit |
549fdc |
bool have_cbc;
|
|
Packit |
549fdc |
unsigned int additional_verify_flags;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* TLS_FALLBACK_SCSV */
|
|
Packit |
549fdc |
bool fallback;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* The session's expected security level.
|
|
Packit |
549fdc |
* Will be used to determine the minimum DH bits,
|
|
Packit |
549fdc |
* (or the acceptable certificate security level).
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
gnutls_sec_param_t level;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* these should be accessed from
|
|
Packit |
549fdc |
* session->internals.VAR names */
|
|
Packit |
549fdc |
bool _allow_large_records;
|
|
Packit |
549fdc |
bool _no_etm;
|
|
Packit |
549fdc |
bool _no_ext_master_secret;
|
|
Packit |
549fdc |
bool _allow_key_usage_violation;
|
|
Packit |
549fdc |
bool _allow_wrong_pms;
|
|
Packit |
549fdc |
bool _dumbfw;
|
|
Packit |
549fdc |
unsigned int _dh_prime_bits; /* old (deprecated) variable */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
DEF_ATOMIC_INT(usage_cnt);
|
|
Packit |
549fdc |
};
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Allow around 50KB of length-hiding padding
|
|
Packit |
549fdc |
* when using legacy padding,
|
|
Packit |
549fdc |
* or around 3.2MB when using new padding. */
|
|
Packit |
549fdc |
#define DEFAULT_MAX_EMPTY_RECORDS 200
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define ENABLE_COMPAT(x) \
|
|
Packit |
549fdc |
(x)->allow_large_records = 1; \
|
|
Packit |
549fdc |
(x)->no_etm = 1; \
|
|
Packit |
549fdc |
(x)->no_ext_master_secret = 1; \
|
|
Packit |
549fdc |
(x)->allow_key_usage_violation = 1; \
|
|
Packit |
549fdc |
(x)->allow_wrong_pms = 1; \
|
|
Packit |
549fdc |
(x)->dumbfw = 1
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define ENABLE_PRIO_COMPAT(x) \
|
|
Packit |
549fdc |
(x)->_allow_large_records = 1; \
|
|
Packit |
549fdc |
(x)->_no_etm = 1; \
|
|
Packit |
549fdc |
(x)->_no_ext_master_secret = 1; \
|
|
Packit |
549fdc |
(x)->_allow_key_usage_violation = 1; \
|
|
Packit |
549fdc |
(x)->_allow_wrong_pms = 1; \
|
|
Packit |
549fdc |
(x)->_dumbfw = 1
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* DH and RSA parameters types.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
typedef struct gnutls_dh_params_int {
|
|
Packit |
549fdc |
/* [0] is the prime, [1] is the generator.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
bigint_t params[2];
|
|
Packit |
549fdc |
int q_bits; /* length of q in bits. If zero then length is unknown.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
} dh_params_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* DTLS session state
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
typedef struct {
|
|
Packit |
549fdc |
/* HelloVerifyRequest DOS prevention cookie */
|
|
Packit |
549fdc |
uint8_t cookie[DTLS_MAX_COOKIE_SIZE];
|
|
Packit |
549fdc |
uint8_t cookie_len;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* For DTLS handshake fragmentation and reassembly. */
|
|
Packit |
549fdc |
uint16_t hsk_write_seq;
|
|
Packit |
549fdc |
/* the sequence number of the expected packet */
|
|
Packit |
549fdc |
unsigned int hsk_read_seq;
|
|
Packit |
549fdc |
uint16_t mtu;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* a flight transmission is in process */
|
|
Packit |
549fdc |
bool flight_init;
|
|
Packit |
549fdc |
/* whether this is the last flight in the protocol */
|
|
Packit |
549fdc |
bool last_flight;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* the retransmission timeout in milliseconds */
|
|
Packit |
549fdc |
unsigned int retrans_timeout_ms;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
unsigned int hsk_hello_verify_requests;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* The actual retrans_timeout for the next message (e.g. doubled or so)
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
unsigned int actual_retrans_timeout_ms;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* timers to handle async handshake after gnutls_handshake()
|
|
Packit |
549fdc |
* has terminated. Required to handle retransmissions.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
time_t async_term;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* last retransmission triggered by record layer */
|
|
Packit |
549fdc |
struct timespec last_retransmit;
|
|
Packit |
549fdc |
unsigned int packets_dropped;
|
|
Packit |
549fdc |
} dtls_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef struct tfo_st {
|
|
Packit |
549fdc |
int fd;
|
|
Packit |
549fdc |
int flags;
|
|
Packit |
549fdc |
bool connect_only; /* a previous sendmsg() failed, attempting connect() */
|
|
Packit |
549fdc |
struct sockaddr_storage connect_addr;
|
|
Packit |
549fdc |
socklen_t connect_addrlen;
|
|
Packit |
549fdc |
} tfo_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef struct {
|
|
Packit |
549fdc |
/* holds all the parsed data received by the record layer */
|
|
Packit |
549fdc |
mbuffer_head_st record_buffer;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
int handshake_hash_buffer_prev_len; /* keeps the length of handshake_hash_buffer, excluding
|
|
Packit |
549fdc |
* the last received message */
|
|
Packit |
549fdc |
unsigned handshake_hash_buffer_client_kx_len;/* if non-zero it is the length of data until the
|
|
Packit |
549fdc |
* the client key exchange message */
|
|
Packit |
549fdc |
gnutls_buffer_st handshake_hash_buffer; /* used to keep the last received handshake
|
|
Packit |
549fdc |
* message */
|
|
Packit |
549fdc |
bool resumable; /* TRUE or FALSE - if we can resume that session */
|
|
Packit |
549fdc |
bool ticket_sent; /* whether a session ticket was sent */
|
|
Packit |
549fdc |
bye_state_t bye_state; /* used by gnutls_bye() */
|
|
Packit |
549fdc |
handshake_state_t handshake_final_state;
|
|
Packit |
549fdc |
handshake_state_t handshake_state; /* holds
|
|
Packit |
549fdc |
* a number which indicates where
|
|
Packit |
549fdc |
* the handshake procedure has been
|
|
Packit |
549fdc |
* interrupted. If it is 0 then
|
|
Packit |
549fdc |
* no interruption has happened.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
bool invalid_connection; /* true or FALSE - if this session is valid */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
bool may_not_read; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
bool may_not_write;
|
|
Packit |
549fdc |
bool read_eof; /* non-zero if we have received a closure alert. */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
int last_alert; /* last alert received */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* The last handshake messages sent or received.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
int last_handshake_in;
|
|
Packit |
549fdc |
int last_handshake_out;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* priorities */
|
|
Packit |
549fdc |
struct gnutls_priority_st *priorities;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* variables directly set when setting the priorities above, or
|
|
Packit |
549fdc |
* when overriding them */
|
|
Packit |
549fdc |
bool allow_large_records;
|
|
Packit |
549fdc |
bool no_etm;
|
|
Packit |
549fdc |
bool no_ext_master_secret;
|
|
Packit |
549fdc |
bool allow_key_usage_violation;
|
|
Packit |
549fdc |
bool allow_wrong_pms;
|
|
Packit |
549fdc |
bool dumbfw;
|
|
Packit |
549fdc |
unsigned int dh_prime_bits; /* old (deprecated) variable */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* resumed session */
|
|
Packit |
549fdc |
bool resumed; /* RESUME_TRUE or FALSE - if we are resuming a session */
|
|
Packit |
549fdc |
bool resumption_requested; /* non-zero if resumption was requested by client */
|
|
Packit |
549fdc |
security_parameters_st resumed_security_parameters;
|
|
Packit |
549fdc |
gnutls_datum_t resumption_data; /* copy of input to gnutls_session_set_data() */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* These buffers are used in the handshake
|
|
Packit |
549fdc |
* protocol only. freed using _gnutls_handshake_io_buffer_clear();
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
mbuffer_head_st handshake_send_buffer;
|
|
Packit |
549fdc |
handshake_buffer_st handshake_recv_buffer[MAX_HANDSHAKE_MSGS];
|
|
Packit |
549fdc |
int handshake_recv_buffer_size;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* this buffer holds a record packet -mostly used for
|
|
Packit |
549fdc |
* non blocking IO.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
mbuffer_head_st record_recv_buffer; /* buffer holding the unparsed record that is currently
|
|
Packit |
549fdc |
* being received */
|
|
Packit |
549fdc |
mbuffer_head_st record_send_buffer; /* holds cached data
|
|
Packit |
549fdc |
* for the gnutls_io_write_buffered()
|
|
Packit |
549fdc |
* function.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
size_t record_send_buffer_user_size; /* holds the
|
|
Packit |
549fdc |
* size of the user specified data to
|
|
Packit |
549fdc |
* send.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
record_flush_t record_flush_mode; /* GNUTLS_FLUSH or GNUTLS_CORKED */
|
|
Packit |
549fdc |
gnutls_buffer_st record_presend_buffer; /* holds cached data
|
|
Packit |
549fdc |
* for the gnutls_record_send()
|
|
Packit |
549fdc |
* function.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
time_t expire_time; /* after expire_time seconds this session will expire */
|
|
Packit |
549fdc |
struct mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* this is the highest version available
|
|
Packit |
549fdc |
* to the peer. (advertized version).
|
|
Packit |
549fdc |
* This is obtained by the Handshake Client Hello
|
|
Packit |
549fdc |
* message. (some implementations read the Record version)
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
uint8_t adv_version_major;
|
|
Packit |
549fdc |
uint8_t adv_version_minor;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* if this is non zero a certificate request message
|
|
Packit |
549fdc |
* will be sent to the client. - only if the ciphersuite
|
|
Packit |
549fdc |
* supports it. In server side it contains GNUTLS_CERT_REQUIRE
|
|
Packit |
549fdc |
* or similar.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
gnutls_certificate_request_t send_cert_req;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
size_t max_handshake_data_buffer_size;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* PUSH & PULL functions.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
gnutls_pull_timeout_func pull_timeout_func;
|
|
Packit |
549fdc |
gnutls_pull_func pull_func;
|
|
Packit |
549fdc |
gnutls_push_func push_func;
|
|
Packit |
549fdc |
gnutls_vec_push_func vec_push_func;
|
|
Packit |
549fdc |
gnutls_errno_func errno_func;
|
|
Packit |
549fdc |
/* Holds the first argument of PUSH and PULL
|
|
Packit |
549fdc |
* functions;
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
gnutls_transport_ptr_t transport_recv_ptr;
|
|
Packit |
549fdc |
gnutls_transport_ptr_t transport_send_ptr;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* STORE & RETRIEVE functions. Only used if other
|
|
Packit |
549fdc |
* backend than gdbm is used.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
gnutls_db_store_func db_store_func;
|
|
Packit |
549fdc |
gnutls_db_retr_func db_retrieve_func;
|
|
Packit |
549fdc |
gnutls_db_remove_func db_remove_func;
|
|
Packit |
549fdc |
void *db_ptr;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* post client hello callback (server side only)
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
gnutls_handshake_post_client_hello_func user_hello_func;
|
|
Packit |
549fdc |
/* handshake hook function */
|
|
Packit |
549fdc |
gnutls_handshake_hook_func h_hook;
|
|
Packit |
549fdc |
unsigned int h_type; /* the hooked type */
|
|
Packit |
549fdc |
int16_t h_post; /* whether post-generation/receive */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* holds the selected certificate and key.
|
|
Packit |
549fdc |
* use _gnutls_selected_certs_deinit() and _gnutls_selected_certs_set()
|
|
Packit |
549fdc |
* to change them.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
gnutls_pcert_st *selected_cert_list;
|
|
Packit |
549fdc |
int16_t selected_cert_list_length;
|
|
Packit |
549fdc |
struct gnutls_privkey_st *selected_key;
|
|
Packit |
549fdc |
bool selected_need_free;
|
|
Packit |
549fdc |
gnutls_status_request_ocsp_func selected_ocsp_func;
|
|
Packit |
549fdc |
void *selected_ocsp_func_ptr;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* This holds the default version that our first
|
|
Packit |
549fdc |
* record packet will have. */
|
|
Packit |
549fdc |
uint8_t default_record_version[2];
|
|
Packit |
549fdc |
uint8_t default_hello_version[2];
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
void *user_ptr;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Holds 0 if the last called function was interrupted while
|
|
Packit |
549fdc |
* receiving, and non zero otherwise.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
bool direction;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* If non zero the server will not advertise the CA's he
|
|
Packit |
549fdc |
* trusts (do not send an RDN sequence).
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
bool ignore_rdn_sequence;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* This is used to set an arbitary version in the RSA
|
|
Packit |
549fdc |
* PMS secret. Can be used by clients to test whether the
|
|
Packit |
549fdc |
* server checks that version. (** only used in gnutls-cli-debug)
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
uint8_t rsa_pms_version[2];
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* To avoid using global variables, and especially on Windows where
|
|
Packit |
549fdc |
* the application may use a different errno variable than GnuTLS,
|
|
Packit |
549fdc |
* it is possible to use gnutls_transport_set_errno to set a
|
|
Packit |
549fdc |
* session-specific errno variable in the user-replaceable push/pull
|
|
Packit |
549fdc |
* functions. This value is used by the send/recv functions. (The
|
|
Packit |
549fdc |
* strange name of this variable is because 'errno' is typically
|
|
Packit |
549fdc |
* #define'd.)
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
int errnum;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* minimum bits to allow for SRP
|
|
Packit |
549fdc |
* use gnutls_srp_set_prime_bits() to adjust it.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
uint16_t srp_prime_bits;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* A handshake process has been completed */
|
|
Packit |
549fdc |
bool initial_negotiation_completed;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* The type of transport protocol; stream or datagram */
|
|
Packit |
549fdc |
transport_t transport;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* DTLS session state */
|
|
Packit |
549fdc |
dtls_st dtls;
|
|
Packit |
549fdc |
/* Protect from infinite loops due to GNUTLS_E_LARGE_PACKET non-handling
|
|
Packit |
549fdc |
* or due to multiple alerts being received. */
|
|
Packit |
549fdc |
unsigned handshake_suspicious_loops;
|
|
Packit |
549fdc |
/* should be non-zero when a handshake is in progress */
|
|
Packit |
549fdc |
bool handshake_in_progress;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* if set it means that the master key was set using
|
|
Packit |
549fdc |
* gnutls_session_set_master() rather than being negotiated. */
|
|
Packit |
549fdc |
bool premaster_set;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
unsigned int cb_tls_unique_len;
|
|
Packit |
549fdc |
unsigned char cb_tls_unique[MAX_VERIFY_DATA_SIZE];
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* starting time of current handshake */
|
|
Packit |
549fdc |
struct timespec handshake_start_time;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
time_t handshake_endtime; /* end time in seconds */
|
|
Packit |
549fdc |
unsigned int handshake_timeout_ms; /* timeout in milliseconds */
|
|
Packit |
549fdc |
unsigned int record_timeout_ms; /* timeout in milliseconds */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
unsigned crt_requested; /* 1 if client auth was requested (i.e., client cert).
|
|
Packit |
549fdc |
* In case of a server this holds 1 if we should wait
|
|
Packit |
549fdc |
* for a client certificate verify
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
gnutls_buffer_st hb_local_data;
|
|
Packit |
549fdc |
gnutls_buffer_st hb_remote_data;
|
|
Packit |
549fdc |
struct timespec hb_ping_start; /* timestamp: when first HeartBeat ping was sent */
|
|
Packit |
549fdc |
struct timespec hb_ping_sent; /* timestamp: when last HeartBeat ping was sent */
|
|
Packit |
549fdc |
unsigned int hb_actual_retrans_timeout_ms; /* current timeout, in milliseconds */
|
|
Packit |
549fdc |
unsigned int hb_retrans_timeout_ms; /* the default timeout, in milliseconds */
|
|
Packit |
549fdc |
unsigned int hb_total_timeout_ms; /* the total timeout, in milliseconds */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
bool ocsp_check_ok; /* will be zero if the OCSP response TLS extension
|
|
Packit |
549fdc |
* check failed (OCSP was old/unrelated or so). */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
heartbeat_state_t hb_state; /* for ping */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
recv_state_t recv_state; /* state of the receive function */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
bool sc_random_set;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
unsigned flags; /* the flags in gnutls_init() */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* a verify callback to override the verify callback from the credentials
|
|
Packit |
549fdc |
* structure */
|
|
Packit |
549fdc |
gnutls_certificate_verify_function *verify_callback;
|
|
Packit |
549fdc |
gnutls_typed_vdata_st *vc_data;
|
|
Packit |
549fdc |
gnutls_typed_vdata_st vc_sdata;
|
|
Packit |
549fdc |
unsigned vc_elements;
|
|
Packit |
549fdc |
unsigned vc_status;
|
|
Packit |
549fdc |
unsigned int additional_verify_flags; /* may be set by priorities or the vc functions */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* we append the verify flags because these can be set,
|
|
Packit |
549fdc |
* either by this function or by gnutls_session_set_verify_cert().
|
|
Packit |
549fdc |
* However, we ensure that a single profile is set. */
|
|
Packit |
549fdc |
#define ADD_PROFILE_VFLAGS(session, vflags) do { \
|
|
Packit |
549fdc |
if ((session->internals.additional_verify_flags & GNUTLS_VFLAGS_PROFILE_MASK) && \
|
|
Packit |
549fdc |
(vflags & GNUTLS_VFLAGS_PROFILE_MASK)) \
|
|
Packit |
549fdc |
session->internals.additional_verify_flags &= ~GNUTLS_VFLAGS_PROFILE_MASK; \
|
|
Packit |
549fdc |
session->internals.additional_verify_flags |= vflags; \
|
|
Packit |
549fdc |
} while(0)
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* the SHA256 hash of the peer's certificate */
|
|
Packit |
549fdc |
uint8_t cert_hash[32];
|
|
Packit |
549fdc |
bool cert_hash_set;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* The saved username from PSK or SRP auth */
|
|
Packit |
549fdc |
char saved_username[MAX_USERNAME_SIZE+1];
|
|
Packit |
549fdc |
bool saved_username_set;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
bool false_start_used; /* non-zero if false start was used for appdata */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Needed for TCP Fast Open (TFO), set by gnutls_transport_set_fastopen() */
|
|
Packit |
549fdc |
tfo_st tfo;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
struct gnutls_supplemental_entry_st *rsup;
|
|
Packit |
549fdc |
unsigned rsup_size;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
struct extension_entry_st *rexts;
|
|
Packit |
549fdc |
unsigned rexts_size;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
struct {
|
|
Packit |
549fdc |
uint16_t type;
|
|
Packit |
549fdc |
gnutls_ext_priv_data_t priv;
|
|
Packit |
549fdc |
gnutls_ext_priv_data_t resumed_priv;
|
|
Packit |
549fdc |
uint8_t set;
|
|
Packit |
549fdc |
uint8_t resumed_set;
|
|
Packit |
549fdc |
} ext_data[MAX_EXT_TYPES];
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* In case of a client holds the extensions we sent to the peer;
|
|
Packit |
549fdc |
* otherwise the extensions we received from the client.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
const struct extension_entry_st *used_exts[MAX_EXT_TYPES];
|
|
Packit |
549fdc |
unsigned used_exts_size;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* this is not the negotiated max_record_recv_size, but the actual maximum
|
|
Packit |
549fdc |
* receive size */
|
|
Packit |
549fdc |
unsigned max_recv_size;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* whether the peer has advertized at least an FFDHE group */
|
|
Packit |
549fdc |
bool have_ffdhe;
|
|
Packit |
549fdc |
bool used_ffdhe; /* whether ffdhe was actually negotiated and used */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* candidate groups to be selected for security params groups */
|
|
Packit |
549fdc |
const gnutls_group_entry_st *cand_ec_group;
|
|
Packit |
549fdc |
const gnutls_group_entry_st *cand_dh_group;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* If you add anything here, check _gnutls_handshake_internal_state_clear().
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
} internals_st;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Maximum number of epochs we keep around. */
|
|
Packit |
549fdc |
#define MAX_EPOCH_INDEX 4
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
struct gnutls_session_int {
|
|
Packit |
549fdc |
security_parameters_st security_parameters;
|
|
Packit |
549fdc |
record_parameters_st *record_parameters[MAX_EPOCH_INDEX];
|
|
Packit |
549fdc |
internals_st internals;
|
|
Packit |
549fdc |
gnutls_key_st key;
|
|
Packit |
549fdc |
};
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* functions
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
void _gnutls_free_auth_info(gnutls_session_t session);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* These two macros return the advertised TLS version of
|
|
Packit |
549fdc |
* the peer.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
#define _gnutls_get_adv_version_major( session) \
|
|
Packit |
549fdc |
session->internals.adv_version_major
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define _gnutls_get_adv_version_minor( session) \
|
|
Packit |
549fdc |
session->internals.adv_version_minor
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define set_adv_version( session, major, minor) \
|
|
Packit |
549fdc |
session->internals.adv_version_major = major; \
|
|
Packit |
549fdc |
session->internals.adv_version_minor = minor
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
int _gnutls_is_secure_mem_null(const void *);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
inline static const version_entry_st *get_version(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
return session->security_parameters.pversion;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
inline static unsigned get_num_version(gnutls_session_t session)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
if (likely(session->security_parameters.pversion != NULL))
|
|
Packit |
549fdc |
return session->security_parameters.pversion->id;
|
|
Packit |
549fdc |
else
|
|
Packit |
549fdc |
return GNUTLS_VERSION_UNKNOWN;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
void _gnutls_priority_update_fips(void);
|
|
Packit |
549fdc |
void _gnutls_priority_update_non_aesni(void);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define timespec_sub_ms _gnutls_timespec_sub_ms
|
|
Packit |
549fdc |
unsigned int
|
|
Packit |
549fdc |
/* returns a-b in ms */
|
|
Packit |
549fdc |
timespec_sub_ms(struct timespec *a, struct timespec *b);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#include <algorithms.h>
|
|
Packit |
549fdc |
inline static int _gnutls_set_current_version(gnutls_session_t s, unsigned v)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
s->security_parameters.pversion = version_to_entry(v);
|
|
Packit |
549fdc |
if (s->security_parameters.pversion == NULL) {
|
|
Packit |
549fdc |
return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
return 0;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
inline static size_t max_user_send_size(gnutls_session_t session,
|
|
Packit |
549fdc |
record_parameters_st *
|
|
Packit |
549fdc |
record_params)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
size_t max;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (IS_DTLS(session)) {
|
|
Packit |
549fdc |
max = MIN(gnutls_dtls_get_data_mtu(session), session->security_parameters.max_record_send_size);
|
|
Packit |
549fdc |
} else {
|
|
Packit |
549fdc |
max = session->security_parameters.max_record_send_size;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return max;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#endif /* GNUTLS_INT_H */
|