diff options
Diffstat (limited to 'lib/handshake.c')
-rw-r--r-- | lib/handshake.c | 114 |
1 files changed, 56 insertions, 58 deletions
diff --git a/lib/handshake.c b/lib/handshake.c index 52bb20bfe2..6c894eb68a 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -61,9 +61,6 @@ #include <valgrind/memcheck.h> #endif -#define TRUE 1 -#define FALSE 0 - static int check_if_null_comp_present(gnutls_session_t session, uint8_t * data, int datalen); static int handshake_client(gnutls_session_t session); @@ -532,7 +529,7 @@ _gnutls_user_hello_func(gnutls_session_t session, * server, and that includes switching version which we have already * negotiated; note that this doesn't apply when resuming as the version * negotiation is already complete. */ - if (session->internals.resumed != RESUME_TRUE) { + if (!session->internals.resumed) { new_max = _gnutls_version_max(session); old_vers = get_version(session); @@ -580,7 +577,7 @@ static int set_auth_types(gnutls_session_t session) /* Under TLS1.3 this returns a KX which matches the negotiated * groups from the key shares; if we are resuming then the KX seen * here doesn't match the original session. */ - if (session->internals.resumed == RESUME_FALSE) + if (!session->internals.resumed) kx = gnutls_kx_get(session); else kx = GNUTLS_KX_UNKNOWN; @@ -592,7 +589,7 @@ static int set_auth_types(gnutls_session_t session) if (kx != GNUTLS_KX_UNKNOWN) { session->security_parameters.server_auth_type = _gnutls_map_kx_get_cred(kx, 1); session->security_parameters.client_auth_type = _gnutls_map_kx_get_cred(kx, 0); - } else if (unlikely(session->internals.resumed == RESUME_FALSE)) { + } else if (unlikely(!session->internals.resumed)) { /* Here we can only arrive if something we received * prevented the session from completing. */ return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); @@ -740,7 +737,7 @@ read_client_hello(gnutls_session_t session, uint8_t * data, if (ret < 0) return gnutls_assert_val(ret); - session->internals.resumed = RESUME_TRUE; + session->internals.resumed = true; return _gnutls_user_hello_func(session, major, minor); } else { @@ -751,7 +748,7 @@ read_client_hello(gnutls_session_t session, uint8_t * data, if (ret < 0) return gnutls_assert_val(ret); - session->internals.resumed = RESUME_FALSE; + session->internals.resumed = false; } } else { /* TLS1.3 */ /* we echo client's session ID - length was checked previously */ @@ -792,7 +789,7 @@ read_client_hello(gnutls_session_t session, uint8_t * data, } /* resumed by session_ticket extension */ - if (!vers->tls13_sem && session->internals.resumed != RESUME_FALSE) { + if (!vers->tls13_sem && session->internals.resumed) { session->internals.resumed_security_parameters. max_record_recv_size = session->security_parameters.max_record_recv_size; @@ -930,10 +927,10 @@ int _gnutls_send_finished(gnutls_session_t session, int again) return ret; } - if ((session->internals.resumed == RESUME_FALSE + if ((!session->internals.resumed && session->security_parameters.entity == GNUTLS_CLIENT) - || (session->internals.resumed != RESUME_FALSE + || (session->internals.resumed && session->security_parameters.entity == GNUTLS_SERVER)) { /* if we are a client not resuming - or we are a server resuming */ @@ -1034,9 +1031,9 @@ int _gnutls_recv_finished(gnutls_session_t session) goto cleanup; } - if ((session->internals.resumed != RESUME_FALSE + if ((session->internals.resumed && session->security_parameters.entity == GNUTLS_CLIENT) - || (session->internals.resumed == RESUME_FALSE + || (!session->internals.resumed && session->security_parameters.entity == GNUTLS_SERVER)) { /* if we are a client resuming - or we are a server not resuming */ _gnutls_handshake_log @@ -1845,13 +1842,13 @@ client_check_if_resuming(gnutls_session_t session, goto no_resume; } - session->internals.resumed = RESUME_TRUE; /* we are resuming */ + session->internals.resumed = true; /* we are resuming */ return 0; } else { no_resume: /* keep the new session id */ - session->internals.resumed = RESUME_FALSE; /* we are not resuming */ + session->internals.resumed = false; /* we are not resuming */ return -1; } } @@ -2097,17 +2094,19 @@ static int send_client_hello(gnutls_session_t session, int again) const version_entry_st *hver, *min_ver, *max_ver; uint8_t tver[2]; gnutls_buffer_st extdata; - int rehandshake = 0; + bool rehandshake = false; + bool resuming = false; unsigned add_sr_scsv = 0; + uint8_t *session_id = + session->internals.resumed_security_parameters.session_id; uint8_t session_id_len = - session->internals.resumed_security_parameters.session_id_size; - + session->internals.resumed_security_parameters.session_id_size; if (again == 0) { /* note that rehandshake is different than resuming */ if (session->internals.initial_negotiation_completed) - rehandshake = 1; + rehandshake = true; ret = _gnutls_buffer_init_handshake_mbuffer(&extdata); if (ret < 0) @@ -2124,6 +2123,8 @@ static int send_client_hello(gnutls_session_t session, int again) hver = _gnutls_legacy_version_max(session); } else { /* we are resuming a session */ + resuming = true; + hver = session->internals.resumed_security_parameters. pversion; @@ -2211,11 +2212,8 @@ static int send_client_hello(gnutls_session_t session, int again) goto cleanup; } - uint8_t *resumed_session_id = session->internals.resumed_security_parameters.session_id; #ifdef TLS13_APPENDIX_D4 - if (max_ver->tls13_sem && - session->security_parameters.session_id_size == 0) { - + if (max_ver->tls13_sem && !resuming) { /* Under TLS1.3 we generate a random session ID to make * the TLS1.3 session look like a resumed TLS1.2 session */ ret = _gnutls_generate_session_id(session->security_parameters. @@ -2226,7 +2224,7 @@ static int send_client_hello(gnutls_session_t session, int again) gnutls_assert(); goto cleanup; } - resumed_session_id = session->security_parameters.session_id; + session_id = session->security_parameters.session_id; session_id_len = session->security_parameters.session_id_size; } #endif @@ -2234,7 +2232,7 @@ static int send_client_hello(gnutls_session_t session, int again) /* Copy the Session ID - if any */ ret = _gnutls_buffer_append_data_prefix(&extdata, 8, - resumed_session_id, + session_id, session_id_len); if (ret < 0) { gnutls_assert(); @@ -2393,7 +2391,7 @@ int _gnutls_send_server_hello(gnutls_session_t session, int again) goto fail; } - if (!vers->tls13_sem && session->internals.resumed != RESUME_FALSE) + if (!vers->tls13_sem && session->internals.resumed) etype = GNUTLS_EXT_MANDATORY; else etype = GNUTLS_EXT_ANY; @@ -3002,7 +3000,7 @@ static int handshake_client(gnutls_session_t session) FALLTHROUGH; case STATE6: /* RECV CERTIFICATE */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (!session->internals.resumed) /* if we are not resuming */ ret = _gnutls_recv_server_certificate(session); STATE = STATE6; IMED_RET("recv server certificate", ret, 1); @@ -3010,7 +3008,7 @@ static int handshake_client(gnutls_session_t session) case STATE7: #ifdef ENABLE_OCSP /* RECV CERTIFICATE STATUS */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (!session->internals.resumed) /* if we are not resuming */ ret = _gnutls_recv_server_certificate_status (session); @@ -3027,7 +3025,7 @@ static int handshake_client(gnutls_session_t session) FALLTHROUGH; case STATE9: /* receive the server key exchange */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (!session->internals.resumed) /* if we are not resuming */ ret = _gnutls_recv_server_kx_message(session); STATE = STATE9; IMED_RET("recv server kx message", ret, 1); @@ -3036,7 +3034,7 @@ static int handshake_client(gnutls_session_t session) /* receive the server certificate request - if any */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (!session->internals.resumed) /* if we are not resuming */ ret = _gnutls_recv_server_crt_request(session); STATE = STATE10; IMED_RET("recv server certificate request message", ret, @@ -3044,7 +3042,7 @@ static int handshake_client(gnutls_session_t session) FALLTHROUGH; case STATE11: /* receive the server hello done */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (!session->internals.resumed) /* if we are not resuming */ ret = _gnutls_recv_handshake(session, GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, @@ -3064,7 +3062,7 @@ static int handshake_client(gnutls_session_t session) case STATE13: /* send our certificate - if any and if requested */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (!session->internals.resumed) /* if we are not resuming */ ret = _gnutls_send_client_certificate(session, AGAIN @@ -3073,7 +3071,7 @@ static int handshake_client(gnutls_session_t session) IMED_RET("send client certificate", ret, 0); FALLTHROUGH; case STATE14: - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (!session->internals.resumed) /* if we are not resuming */ ret = _gnutls_send_client_kx_message(session, AGAIN(STATE14)); @@ -3082,7 +3080,7 @@ static int handshake_client(gnutls_session_t session) FALLTHROUGH; case STATE15: /* send client certificate verify */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (!session->internals.resumed) /* if we are not resuming */ ret = _gnutls_send_client_certificate_verify(session, AGAIN @@ -3092,8 +3090,8 @@ static int handshake_client(gnutls_session_t session) FALLTHROUGH; case STATE16: STATE = STATE16; - if (session->internals.resumed == RESUME_FALSE) { - ret = send_handshake_final(session, TRUE); + if (!session->internals.resumed) { + ret = send_handshake_final(session, true); IMED_RET("send handshake final 2", ret, 1); } else { ret = _gnutls_recv_new_session_ticket(session); @@ -3103,7 +3101,7 @@ static int handshake_client(gnutls_session_t session) FALLTHROUGH; case STATE17: STATE = STATE17; - if (session->internals.resumed == RESUME_FALSE && (session->internals.flags & GNUTLS_ENABLE_FALSE_START) && can_send_false_start(session)) { + if (!session->internals.resumed && (session->internals.flags & GNUTLS_ENABLE_FALSE_START) && can_send_false_start(session)) { session->internals.hsk_flags |= HSK_FALSE_START_USED; session->internals.recv_state = RECV_STATE_FALSE_START; /* complete this phase of the handshake. We @@ -3118,22 +3116,22 @@ static int handshake_client(gnutls_session_t session) case STATE18: STATE = STATE18; - if (session->internals.resumed == RESUME_FALSE) { + if (!session->internals.resumed) { ret = _gnutls_recv_new_session_ticket(session); IMED_RET("recv handshake new session ticket", ret, 1); } else { - ret = recv_handshake_final(session, TRUE); + ret = recv_handshake_final(session, true); IMED_RET("recv handshake final", ret, 1); } FALLTHROUGH; case STATE19: STATE = STATE19; - if (session->internals.resumed == RESUME_FALSE) { - ret = recv_handshake_final(session, FALSE); + if (!session->internals.resumed) { + ret = recv_handshake_final(session, false); IMED_RET("recv handshake final 2", ret, 1); } else { - ret = send_handshake_final(session, FALSE); + ret = send_handshake_final(session, false); IMED_RET("send handshake final", ret, 1); } @@ -3245,7 +3243,7 @@ static int send_handshake_final(gnutls_session_t session, int init) } /* Initialize the connection session (start encryption) - in case of client */ - if (init == TRUE) { + if (init) { ret = _gnutls_connection_state_init(session); if (ret < 0) { gnutls_assert(); @@ -3330,7 +3328,7 @@ static int recv_handshake_final(gnutls_session_t session, int init) session->internals.dtls.hsk_read_seq++; /* Initialize the connection session (start encryption) - in case of server */ - if (init == TRUE) { + if (init) { ret = _gnutls_connection_state_init(session); if (ret < 0) { gnutls_assert(); @@ -3438,7 +3436,7 @@ static int handshake_server(gnutls_session_t session) case STATE5: /* NOTE: these should not be send if we are resuming */ - if (session->internals.resumed == RESUME_FALSE) + if (!session->internals.resumed) ret = _gnutls_send_server_certificate(session, AGAIN(STATE5)); @@ -3447,7 +3445,7 @@ static int handshake_server(gnutls_session_t session) FALLTHROUGH; case STATE6: #ifdef ENABLE_OCSP - if (session->internals.resumed == RESUME_FALSE) + if (!session->internals.resumed) ret = _gnutls_send_server_certificate_status(session, AGAIN @@ -3458,7 +3456,7 @@ static int handshake_server(gnutls_session_t session) FALLTHROUGH; case STATE7: /* send server key exchange (A) */ - if (session->internals.resumed == RESUME_FALSE) + if (!session->internals.resumed) ret = _gnutls_send_server_kx_message(session, AGAIN(STATE7)); @@ -3467,7 +3465,7 @@ static int handshake_server(gnutls_session_t session) FALLTHROUGH; case STATE8: /* Send certificate request - if requested to */ - if (session->internals.resumed == RESUME_FALSE) + if (!session->internals.resumed) ret = _gnutls_send_server_crt_request(session, AGAIN(STATE8)); @@ -3476,7 +3474,7 @@ static int handshake_server(gnutls_session_t session) FALLTHROUGH; case STATE9: /* send the server hello done */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (!session->internals.resumed) /* if we are not resuming */ ret = _gnutls_send_empty_handshake(session, GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, @@ -3494,7 +3492,7 @@ static int handshake_server(gnutls_session_t session) FALLTHROUGH; case STATE11: /* receive the client certificate message */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (!session->internals.resumed) /* if we are not resuming */ ret = _gnutls_recv_client_certificate(session); STATE = STATE11; IMED_RET("recv client certificate", ret, 1); @@ -3507,14 +3505,14 @@ static int handshake_server(gnutls_session_t session) FALLTHROUGH; case STATE13: /* receive the client key exchange message */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (!session->internals.resumed) /* if we are not resuming */ ret = _gnutls_recv_client_kx_message(session); STATE = STATE13; IMED_RET("recv client kx", ret, 1); FALLTHROUGH; case STATE14: /* receive the client certificate verify message */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (!session->internals.resumed) /* if we are not resuming */ ret = _gnutls_recv_client_certificate_verify_message (session); @@ -3523,11 +3521,11 @@ static int handshake_server(gnutls_session_t session) FALLTHROUGH; case STATE15: STATE = STATE15; - if (session->internals.resumed == RESUME_FALSE) { /* if we are not resuming */ - ret = recv_handshake_final(session, TRUE); + if (!session->internals.resumed) { /* if we are not resuming */ + ret = recv_handshake_final(session, true); IMED_RET("recv handshake final", ret, 1); } else { - ret = send_handshake_final(session, TRUE); + ret = send_handshake_final(session, true); IMED_RET("send handshake final 2", ret, 1); } FALLTHROUGH; @@ -3540,8 +3538,8 @@ static int handshake_server(gnutls_session_t session) FALLTHROUGH; case STATE17: STATE = STATE17; - if (session->internals.resumed == RESUME_FALSE) { /* if we are not resuming */ - ret = send_handshake_final(session, FALSE); + if (!session->internals.resumed) { /* if we are not resuming */ + ret = send_handshake_final(session, false); IMED_RET("send handshake final", ret, 1); if (session->security_parameters.entity == @@ -3552,7 +3550,7 @@ static int handshake_server(gnutls_session_t session) (session); } } else { - ret = recv_handshake_final(session, FALSE); + ret = recv_handshake_final(session, false); IMED_RET("recv handshake final 2", ret, 1); } |