diff options
| -rw-r--r-- | lib/gnutls_constate.c | 4 | ||||
| -rw-r--r-- | lib/gnutls_handshake.c | 9 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 12 | ||||
| -rw-r--r-- | lib/gnutls_range.c | 2 | ||||
| -rw-r--r-- | lib/gnutls_session_pack.c | 13 |
5 files changed, 26 insertions, 14 deletions
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index 717cacf716..569565eb59 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -92,7 +92,7 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params, memcpy (&rrnd[GNUTLS_RANDOM_SIZE], session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); - if (session->security_parameters.version == GNUTLS_SSL3) + if (get_num_version(session) == GNUTLS_SSL3) { /* SSL 3 */ ret = _gnutls_ssl3_generate_random @@ -382,7 +382,7 @@ _gnutls_set_resumed_parameters (gnutls_session_t session) security_parameters_st *dst = &session->security_parameters; CPY_COMMON; - _gnutls_set_current_version(session, src->version); + dst->pversion = src->pversion; } /* Sets the current connection session to conform with the diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 1b2780fd18..681391b3de 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -152,9 +152,10 @@ resume_copy_required_values (gnutls_session_t session) session->security_parameters.entity = session->internals.resumed_security_parameters.entity; - _gnutls_set_current_version (session, - session->internals.resumed_security_parameters. - version); + if (session->internals.resumed_security_parameters.pversion != NULL) + _gnutls_set_current_version (session, + session->internals.resumed_security_parameters. + pversion->id); session->security_parameters.cert_type = session->internals.resumed_security_parameters.cert_type; @@ -1940,7 +1941,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) else { /* we are resuming a session */ - hver = version_to_entry(session->internals.resumed_security_parameters.version); + hver = session->internals.resumed_security_parameters.pversion; } if (hver == NULL) diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 180422a389..4ad22f42a7 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -569,7 +569,6 @@ typedef struct /* holds the negotiated certificate type */ gnutls_certificate_type_t cert_type; gnutls_ecc_curve_t ecc_curve; /* holds the first supported ECC curve requested by client */ - gnutls_protocol_t version; /* moved here */ /* Holds the signature algorithm used in this session - If any */ gnutls_sign_algorithm_t server_sign_algo; @@ -1043,11 +1042,16 @@ get_version (gnutls_session_t session) return session->security_parameters.pversion; } -#define get_num_version(session) \ - session->security_parameters.version +inline static unsigned +get_num_version (gnutls_session_t session) +{ + if (likely(session->security_parameters.pversion != NULL)) + return session->security_parameters.pversion->id; + else + return GNUTLS_VERSION_UNKNOWN; +} #define _gnutls_set_current_version(s, v) { \ - s->security_parameters.version = v; \ s->security_parameters.pversion = version_to_entry(v); \ } diff --git a/lib/gnutls_range.c b/lib/gnutls_range.c index b28de1c40c..67c39287d8 100644 --- a/lib/gnutls_range.c +++ b/lib/gnutls_range.c @@ -119,7 +119,7 @@ gnutls_record_can_use_length_hiding (gnutls_session_t session) if (session->security_parameters.new_record_padding != 0) return 1; - if (session->security_parameters.version == GNUTLS_SSL3) + if (get_num_version(session) == GNUTLS_SSL3) return 0; ret = _gnutls_epoch_get (session, EPOCH_WRITE_CURRENT, &record_params); diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index c10d86fee5..b230f5e8fe 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -772,7 +772,7 @@ pack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps) session->security_parameters.cipher_suite, 2); BUFFER_APPEND_NUM (ps, session->security_parameters.compression_method); BUFFER_APPEND_NUM (ps, session->security_parameters.cert_type); - BUFFER_APPEND_NUM (ps, session->security_parameters.version); + BUFFER_APPEND_NUM (ps, session->security_parameters.pversion->id); BUFFER_APPEND (ps, session->security_parameters.master_secret, GNUTLS_MASTER_SIZE); @@ -803,6 +803,7 @@ unpack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps) { size_t pack_size; int ret; + unsigned version; time_t timestamp; BUFFER_POP_NUM (ps, pack_size); @@ -825,7 +826,10 @@ unpack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps) resumed_security_parameters.cipher_suite, 2); BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.compression_method); BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.cert_type); - BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.version); + BUFFER_POP_NUM (ps, version); + session->internals.resumed_security_parameters.pversion = version_to_entry(version); + if (session->internals.resumed_security_parameters.pversion == NULL) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); BUFFER_POP (ps, session->internals.resumed_security_parameters.master_secret, @@ -923,7 +927,10 @@ gnutls_session_set_premaster (gnutls_session_t session, unsigned int entity, session->internals.resumed_security_parameters.compression_method = comp; session->internals.resumed_security_parameters.cert_type = DEFAULT_CERT_TYPE; - session->internals.resumed_security_parameters.version = version; + session->internals.resumed_security_parameters.pversion = version_to_entry(version); + + if (session->internals.resumed_security_parameters.pversion == NULL) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); if (master->size != GNUTLS_MASTER_SIZE) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); |