summaryrefslogtreecommitdiff
path: root/lib/handshake.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/handshake.c')
-rw-r--r--lib/handshake.c93
1 files changed, 57 insertions, 36 deletions
diff --git a/lib/handshake.c b/lib/handshake.c
index cfaa290505..4745e2e72f 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -38,6 +38,7 @@
#include "hash_int.h"
#include "db.h"
#include "extensions.h"
+#include "extv.h"
#include "supplemental.h"
#include "auth.h"
#include "sslv2_compat.h"
@@ -79,7 +80,7 @@ handshake_hash_buffer_empty(gnutls_session_t session)
_gnutls_buffers_log("BUF[HSK]: Emptied buffer\n");
- session->internals.used_exts_size = 0;
+ session->internals.hello_ext.used_exts_size = 0;
session->internals.handshake_hash_buffer_prev_len = 0;
session->internals.handshake_hash_buffer.length = 0;
return;
@@ -544,9 +545,11 @@ read_client_hello(gnutls_session_t session, uint8_t * data,
* resumed ones.
*/
ret =
- _gnutls_parse_extensions(session, GNUTLS_EXT_FLAG_CLIENT_HELLO,
+ _gnutls_extv_parse(session, GNUTLS_EXT_FLAG_CLIENT_HELLO,
GNUTLS_EXT_MANDATORY,
- ext_ptr, ext_size);
+ ext_ptr, ext_size,
+ &session->internals.hello_ext,
+ EXTV_SAVE_RECEIVED);
if (ret < 0) {
gnutls_assert();
return ret;
@@ -585,9 +588,11 @@ read_client_hello(gnutls_session_t session, uint8_t * data,
* Unconditionally try to parse extensions; safe renegotiation uses them in
* sslv3 and higher, even though sslv3 doesn't officially support them.
*/
- ret = _gnutls_parse_extensions(session, GNUTLS_EXT_FLAG_CLIENT_HELLO,
+ ret = _gnutls_extv_parse(session, GNUTLS_EXT_FLAG_CLIENT_HELLO,
GNUTLS_EXT_APPLICATION,
- ext_ptr, ext_size);
+ ext_ptr, ext_size,
+ &session->internals.hello_ext,
+ EXTV_SAVE_RECEIVED);
/* len is the rest of the parsed length */
if (ret < 0) {
gnutls_assert();
@@ -603,8 +608,10 @@ read_client_hello(gnutls_session_t session, uint8_t * data,
/* Session tickets are parsed in this point */
ret =
- _gnutls_parse_extensions(session, GNUTLS_EXT_FLAG_CLIENT_HELLO,
- GNUTLS_EXT_TLS, ext_ptr, ext_size);
+ _gnutls_extv_parse(session, GNUTLS_EXT_FLAG_CLIENT_HELLO,
+ GNUTLS_EXT_TLS, ext_ptr, ext_size,
+ &session->internals.hello_ext,
+ EXTV_SAVE_RECEIVED);
if (ret < 0) {
gnutls_assert();
return ret;
@@ -658,8 +665,10 @@ read_client_hello(gnutls_session_t session, uint8_t * data,
/* call extensions that are intended to be parsed after the ciphersuite/cert
* are known. */
ret =
- _gnutls_parse_extensions(session, GNUTLS_EXT_FLAG_CLIENT_HELLO,
- _GNUTLS_EXT_TLS_POST_CS, ext_ptr, ext_size);
+ _gnutls_extv_parse(session, GNUTLS_EXT_FLAG_CLIENT_HELLO,
+ _GNUTLS_EXT_TLS_POST_CS, ext_ptr, ext_size,
+ &session->internals.hello_ext,
+ EXTV_SAVE_RECEIVED);
if (ret < 0) {
gnutls_assert();
return ret;
@@ -1572,9 +1581,11 @@ read_server_hello(gnutls_session_t session,
DECR_LEN(len, 2 + 1);
ret =
- _gnutls_parse_extensions(session, GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
+ _gnutls_extv_parse(session, GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
GNUTLS_EXT_MANDATORY,
- &data[pos], len);
+ &data[pos], len,
+ &session->internals.hello_ext,
+ EXTV_CHECK_UNADVERTIZED);
if (ret < 0) {
gnutls_assert();
return ret;
@@ -1610,34 +1621,42 @@ read_server_hello(gnutls_session_t session,
/* Parse extensions in order.
*/
ret =
- _gnutls_parse_extensions(session,
- ext_parse_flag,
- GNUTLS_EXT_MANDATORY,
- &data[pos], len);
+ _gnutls_extv_parse(session,
+ ext_parse_flag,
+ GNUTLS_EXT_MANDATORY,
+ &data[pos], len,
+ &session->internals.hello_ext,
+ EXTV_CHECK_UNADVERTIZED);
if (ret < 0)
return gnutls_assert_val(ret);
ret =
- _gnutls_parse_extensions(session,
- ext_parse_flag,
- GNUTLS_EXT_APPLICATION,
- &data[pos], len);
+ _gnutls_extv_parse(session,
+ ext_parse_flag,
+ GNUTLS_EXT_APPLICATION,
+ &data[pos], len,
+ &session->internals.hello_ext,
+ EXTV_CHECK_UNADVERTIZED);
if (ret < 0)
return gnutls_assert_val(ret);
ret =
- _gnutls_parse_extensions(session,
- ext_parse_flag,
- GNUTLS_EXT_TLS,
- &data[pos], len);
+ _gnutls_extv_parse(session,
+ ext_parse_flag,
+ GNUTLS_EXT_TLS,
+ &data[pos], len,
+ &session->internals.hello_ext,
+ EXTV_CHECK_UNADVERTIZED);
if (ret < 0)
return gnutls_assert_val(ret);
ret =
- _gnutls_parse_extensions(session,
- ext_parse_flag,
- _GNUTLS_EXT_TLS_POST_CS,
- &data[pos], len);
+ _gnutls_extv_parse(session,
+ ext_parse_flag,
+ _GNUTLS_EXT_TLS_POST_CS,
+ &data[pos], len,
+ &session->internals.hello_ext,
+ EXTV_CHECK_UNADVERTIZED);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -1835,9 +1854,10 @@ static int send_client_hello(gnutls_session_t session, int again)
}
ret =
- _gnutls_gen_extensions(session, &extdata,
+ _gnutls_extv_gen(session, &session->internals.hello_ext,
+ &extdata,
GNUTLS_EXT_FLAG_CLIENT_HELLO,
- type);
+ type, 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -1900,12 +1920,13 @@ static int send_server_hello(gnutls_session_t session, int again)
ext_parse_flag = GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO;
ret =
- _gnutls_gen_extensions(session, &extdata,
- ext_parse_flag,
- (session->internals.resumed ==
- RESUME_TRUE) ?
- GNUTLS_EXT_MANDATORY :
- GNUTLS_EXT_ANY);
+ _gnutls_extv_gen(session, &session->internals.hello_ext,
+ &extdata,
+ ext_parse_flag,
+ (session->internals.resumed == RESUME_TRUE) ?
+ GNUTLS_EXT_MANDATORY :
+ GNUTLS_EXT_ANY,
+ EXTV_SEND_SAVED_ONLY);
if (ret < 0) {
gnutls_assert();
goto fail;
@@ -2250,7 +2271,7 @@ int gnutls_handshake(gnutls_session_t session)
if (ret < 0)
return gnutls_assert_val(ret);
- session->internals.used_exts_size = 0;
+ session->internals.hello_ext.used_exts_size = 0;
session->internals.crt_requested = 0;
session->internals.handshake_in_progress = 1;
session->internals.vc_status = -1;
View Lorry Controller Status