From 387d05a9a13fc72689ae9ceb00f53490e530f5b2 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 7 Nov 2017 16:25:31 +0100 Subject: handshake: ffdhe flags merged with handshake flags Signed-off-by: Nikos Mavrogiannopoulos --- lib/algorithms/ciphersuites.c | 5 +++-- lib/auth/dh_common.c | 8 +++----- lib/dh.c | 3 +-- lib/ext/ecc.c | 3 ++- lib/gnutls_int.h | 6 ++---- lib/state.c | 3 +-- 6 files changed, 12 insertions(+), 16 deletions(-) diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index d417da3b25..a541925029 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -1246,7 +1246,7 @@ check_server_dh_params(gnutls_session_t session, return 1; } - if (session->internals.have_ffdhe) { + if (session->internals.hsk_flags & HSK_HAVE_FFDHE) { /* if the client has advertized FFDHE then it doesn't matter * whether we have server DH parameters. They are no good. */ gnutls_assert(); @@ -1548,7 +1548,8 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, * we must also distinguish between not matching a ciphersuite due to an * incompatible certificate which we traditionally return GNUTLS_E_INSUFFICIENT_SECURITY. */ - if (!no_cert_found && session->internals.have_ffdhe && session->internals.priorities->groups.have_ffdhe) + if (!no_cert_found && (session->internals.hsk_flags & HSK_HAVE_FFDHE) && + session->internals.priorities->groups.have_ffdhe) return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_SECURITY); else return gnutls_assert_val(GNUTLS_E_NO_CIPHER_SUITES); diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c index 659921dfdf..6e11d9ff7d 100644 --- a/lib/auth/dh_common.c +++ b/lib/auth/dh_common.c @@ -190,8 +190,6 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, unsigned j; ssize_t data_size = _data_size; - session->internals.used_ffdhe = 0; - /* just in case we are resuming a session */ gnutls_pk_params_release(&session->key.dh_params); @@ -244,14 +242,14 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, memcmp(session->internals.priorities->groups.entry[j]->prime->data, data_p, n_p) == 0) { - session->internals.used_ffdhe = 1; + session->internals.hsk_flags |= HSK_USED_FFDHE; _gnutls_session_group_set(session, session->internals.priorities->groups.entry[j]); session->key.dh_params.qbits = *session->internals.priorities->groups.entry[j]->q_bits; break; } } - if (!session->internals.used_ffdhe) { + if (!(session->internals.hsk_flags & HSK_USED_FFDHE)) { _gnutls_audit_log(session, "FFDHE groups advertised, but server didn't support it; falling back to server's choice\n"); } } @@ -271,7 +269,7 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, session->key.dh_params.params_nr = 3; /* include empty q */ session->key.dh_params.algo = GNUTLS_PK_DH; - if (session->internals.used_ffdhe == 0) { + if (!(session->internals.hsk_flags & HSK_USED_FFDHE)) { bits = _gnutls_dh_get_min_prime_bits(session); if (bits < 0) { gnutls_assert(); diff --git a/lib/dh.c b/lib/dh.c index e265d1e3d0..1cec637d24 100644 --- a/lib/dh.c +++ b/lib/dh.c @@ -79,7 +79,6 @@ _gnutls_figure_dh_params(gnutls_session_t session, gnutls_dh_params_t dh_params, group = get_group(session); params.deinit = 0; - session->internals.used_ffdhe = 0; /* if we negotiated RFC7919 FFDHE */ if (group && group->pk == GNUTLS_PK_DH) { @@ -101,7 +100,7 @@ _gnutls_figure_dh_params(gnutls_session_t session, gnutls_dh_params_t dh_params, goto cleanup; } - session->internals.used_ffdhe = 1; + session->internals.hsk_flags |= HSK_USED_FFDHE; q_bits = *session->internals.priorities->groups.entry[i]->q_bits; goto finished; } diff --git a/lib/ext/ecc.c b/lib/ext/ecc.c index 797046bb2f..58cf3d86b2 100644 --- a/lib/ext/ecc.c +++ b/lib/ext/ecc.c @@ -179,7 +179,8 @@ _gnutls_supported_ecc_recv_params(gnutls_session_t session, } } - session->internals.have_ffdhe = have_ffdhe; + if (have_ffdhe) + session->internals.hsk_flags |= HSK_HAVE_FFDHE; } return 0; diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 750da73ad6..0956a99151 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1146,6 +1146,8 @@ typedef struct { #define HSK_CRT_REQ_GOT_SIG_ALGO (1<<6) #define HSK_KEY_UPDATE_ASKED (1<<7) /* flag is not used during handshake */ #define HSK_FALSE_START_USED (1<<8) /* TLS1.2 only */ +#define HSK_HAVE_FFDHE (1<<9) /* whether the peer has advertized at least an FFDHE group */ +#define HSK_USED_FFDHE (1<<10) /* whether ffdhe was actually negotiated and used */ unsigned hsk_flags; time_t last_key_update; @@ -1224,10 +1226,6 @@ typedef struct { * receive size */ unsigned max_recv_size; - /* whether the peer has advertized at least an FFDHE group */ - bool have_ffdhe; - bool used_ffdhe; /* whether ffdhe was actually negotiated and used */ - /* candidate groups to be selected for security params groups */ const gnutls_group_entry_st *cand_ec_group; const gnutls_group_entry_st *cand_dh_group; diff --git a/lib/state.c b/lib/state.c index 441d2a68a2..8b3766a8ed 100644 --- a/lib/state.c +++ b/lib/state.c @@ -219,7 +219,6 @@ static void handshake_internal_state_clear1(gnutls_session_t session) session->internals.dtls.hsk_read_seq = 0; session->internals.dtls.hsk_write_seq = 0; - session->internals.have_ffdhe = 0; session->internals.cand_ec_group = 0; session->internals.cand_dh_group = 0; @@ -1296,7 +1295,7 @@ unsigned gnutls_session_get_flags(gnutls_session_t session) flags |= GNUTLS_SFLAGS_HB_PEER_SEND; if (session->internals.hsk_flags & HSK_FALSE_START_USED) flags |= GNUTLS_SFLAGS_FALSE_START; - if (session->internals.used_ffdhe) + if (session->internals.hsk_flags & HSK_USED_FFDHE) flags |= GNUTLS_SFLAGS_RFC7919; return flags; -- cgit v1.2.1