diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-09-14 14:10:14 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-09-18 09:15:09 +0200 |
commit | 0b92addd19d181ba29ea24112f3f2dcf7e03caca (patch) | |
tree | 3ecb6cefb04840b615a605111f6e214d1a72413c | |
parent | 8944fb994b3a779544b016bd03a9c20d96cf9eac (diff) | |
download | gnutls-0b92addd19d181ba29ea24112f3f2dcf7e03caca.tar.gz |
security params: store PRF when packing session
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/constate.c | 1 | ||||
-rw-r--r-- | lib/session_pack.c | 15 |
2 files changed, 16 insertions, 0 deletions
diff --git a/lib/constate.c b/lib/constate.c index 2d2d91ff82..0121f9a658 100644 --- a/lib/constate.c +++ b/lib/constate.c @@ -344,6 +344,7 @@ int _gnutls_epoch_set_keys(gnutls_session_t session, uint16_t epoch) #define CPY_COMMON dst->entity = src->entity; \ dst->cs = src->cs; \ + dst->prf = src->prf; \ memcpy( dst->master_secret, src->master_secret, GNUTLS_MASTER_SIZE); \ memcpy( dst->client_random, src->client_random, GNUTLS_RANDOM_SIZE); \ memcpy( dst->server_random, src->server_random, GNUTLS_RANDOM_SIZE); \ diff --git a/lib/session_pack.c b/lib/session_pack.c index 211307c6e7..526f5937de 100644 --- a/lib/session_pack.c +++ b/lib/session_pack.c @@ -700,6 +700,7 @@ unpack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) * 1 byte the protocol version * * 2 bytes the cipher suite + * 4 bytes the PRF ID * * 48 bytes the master secret * @@ -745,6 +746,8 @@ pack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) BUFFER_APPEND_NUM(ps, session->security_parameters.entity); BUFFER_APPEND(ps, session->security_parameters.cs->id, 2); + BUFFER_APPEND_NUM(ps, session->security_parameters.prf->id); + BUFFER_APPEND_NUM(ps, session->security_parameters.cert_type); BUFFER_APPEND_NUM(ps, session->security_parameters.pversion->id); @@ -821,6 +824,11 @@ unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) if (session->internals.resumed_security_parameters.cs == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + BUFFER_POP_NUM(ps, version); + session->internals.resumed_security_parameters.prf = mac_to_entry(version); + if (session->internals.resumed_security_parameters.prf == NULL) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + BUFFER_POP_NUM(ps, session->internals.resumed_security_parameters. cert_type); @@ -951,6 +959,13 @@ gnutls_session_set_premaster(gnutls_session_t session, unsigned int entity, session->internals.resumed_security_parameters.pversion = version_to_entry(version); + if (session->internals.resumed_security_parameters.pversion->selectable_prf) + session->internals.resumed_security_parameters.prf = mac_to_entry(session->internals.resumed_security_parameters.cs->prf); + else + session->internals.resumed_security_parameters.prf = mac_to_entry(GNUTLS_MAC_MD5_SHA1); + if (session->internals.resumed_security_parameters.prf == NULL) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + if (session->internals.resumed_security_parameters.pversion == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); |