Coverage Report

Created: 2025-03-06 06:58

/src/gnutls/lib/state.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (C) 2002-2016 Free Software Foundation, Inc.
3
 * Copyright (C) 2014-2016 Nikos Mavrogiannopoulos
4
 * Copyright (C) 2015-2018 Red Hat, Inc.
5
 *
6
 * Author: Nikos Mavrogiannopoulos
7
 *
8
 * This file is part of GnuTLS.
9
 *
10
 * The GnuTLS is free software; you can redistribute it and/or
11
 * modify it under the terms of the GNU Lesser General Public License
12
 * as published by the Free Software Foundation; either version 2.1 of
13
 * the License, or (at your option) any later version.
14
 *
15
 * This library is distributed in the hope that it will be useful, but
16
 * WITHOUT ANY WARRANTY; without even the implied warranty of
17
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
18
 * Lesser General Public License for more details.
19
 *
20
 * You should have received a copy of the GNU Lesser General Public License
21
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
22
 *
23
 */
24
25
/* Functions to manipulate the session (gnutls_int.h), and some other stuff
26
 * are included here. The file's name is traditionally gnutls_state even if the
27
 * state has been renamed to session.
28
 */
29
30
#include "gnutls_int.h"
31
#include "errors.h"
32
#include "auth.h"
33
#include "num.h"
34
#include "datum.h"
35
#include "db.h"
36
#include "record.h"
37
#include "handshake.h"
38
#include "dh.h"
39
#include "buffers.h"
40
#include "mbuffers.h"
41
#include "state.h"
42
#include "constate.h"
43
#include "auth/cert.h"
44
#include "auth/anon.h"
45
#include "auth/psk.h"
46
#include "algorithms.h"
47
#include "hello_ext.h"
48
#include "system.h"
49
#include "random.h"
50
#include "fips.h"
51
#include <intprops.h>
52
#include <gnutls/dtls.h>
53
#include "dtls.h"
54
#include "tls13/session_ticket.h"
55
#include "ext/cert_types.h"
56
#include "locks.h"
57
#include "kx.h"
58
59
/* to be used by supplemental data support to disable TLS1.3
60
 * when supplemental data have been globally registered */
61
unsigned _gnutls_disable_tls13 = 0;
62
63
/* These should really be static, but src/tests.c calls them.  Make
64
   them public functions?  */
65
void _gnutls_rsa_pms_set_version(gnutls_session_t session, unsigned char major,
66
         unsigned char minor);
67
68
/**
69
 * gnutls_cipher_get:
70
 * @session: is a #gnutls_session_t type.
71
 *
72
 * Get the currently used cipher.
73
 *
74
 * Returns: the currently used cipher, a #gnutls_cipher_algorithm_t
75
 *   type.
76
 **/
77
gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session)
78
0
{
79
0
  record_parameters_st *record_params;
80
0
  int ret;
81
82
0
  ret = _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
83
0
  if (ret < 0)
84
0
    return gnutls_assert_val(GNUTLS_CIPHER_NULL);
85
86
0
  return record_params->cipher->id;
87
0
}
88
89
/**
90
 * gnutls_early_cipher_get:
91
 * @session: is a #gnutls_session_t type.
92
 *
93
 * Get the cipher algorithm used for encrypting early data.
94
 *
95
 * Returns: the cipher used for early data, a
96
 *   #gnutls_cipher_algorithm_t type.
97
 *
98
 * Since: 3.7.2
99
 **/
100
gnutls_cipher_algorithm_t gnutls_early_cipher_get(gnutls_session_t session)
101
0
{
102
0
  const cipher_entry_st *ce;
103
104
0
  if (!(session->internals.hsk_flags & HSK_EARLY_DATA_IN_FLIGHT)) {
105
0
    return gnutls_assert_val(GNUTLS_CIPHER_UNKNOWN);
106
0
  }
107
108
0
  if (unlikely(session->internals.resumed_security_parameters.cs ==
109
0
         NULL)) {
110
0
    return gnutls_assert_val(GNUTLS_CIPHER_UNKNOWN);
111
0
  }
112
113
0
  ce = cipher_to_entry(session->internals.resumed_security_parameters.cs
114
0
             ->block_algorithm);
115
0
  if (unlikely(ce == NULL)) {
116
0
    return gnutls_assert_val(GNUTLS_CIPHER_UNKNOWN);
117
0
  }
118
119
0
  return ce->id;
120
0
}
121
122
/**
123
 * gnutls_certificate_type_get:
124
 * @session: is a #gnutls_session_t type.
125
 *
126
 * This function returns the type of the certificate that is negotiated
127
 * for this side to send to the peer. The certificate type is by default
128
 * X.509, unless an alternative certificate type is enabled by
129
 * gnutls_init() and negotiated during the session.
130
 *
131
 * Resumed sessions will return the certificate type that was negotiated
132
 * and used in the original session.
133
 *
134
 * As of version 3.6.4 it is recommended to use
135
 * gnutls_certificate_type_get2() which is more fine-grained.
136
 *
137
 * Returns: the currently used #gnutls_certificate_type_t certificate
138
 *   type as negotiated for 'our' side of the connection.
139
 **/
140
gnutls_certificate_type_t gnutls_certificate_type_get(gnutls_session_t session)
141
0
{
142
0
  return gnutls_certificate_type_get2(session, GNUTLS_CTYPE_OURS);
143
0
}
144
145
/**
146
 * gnutls_certificate_type_get2:
147
 * @session: is a #gnutls_session_t type.
148
 * @target: is a #gnutls_ctype_target_t type.
149
 *
150
 * This function returns the type of the certificate that a side
151
 * is negotiated to use.  The certificate type is by default X.509,
152
 * unless an alternative certificate type is enabled by gnutls_init() and
153
 * negotiated during the session.
154
 *
155
 * The @target parameter specifies whether to request the negotiated
156
 * certificate type for the client (%GNUTLS_CTYPE_CLIENT),
157
 * or for the server (%GNUTLS_CTYPE_SERVER). Additionally, in P2P mode
158
 * connection set up where you don't know in advance who will be client
159
 * and who will be server you can use the flag (%GNUTLS_CTYPE_OURS) and
160
 * (%GNUTLS_CTYPE_PEERS) to retrieve the corresponding certificate types.
161
 *
162
 * Resumed sessions will return the certificate type that was negotiated
163
 * and used in the original session. That is, this function can be used
164
 * to reliably determine the type of the certificate returned by
165
 * gnutls_certificate_get_peers().
166
 *
167
 * Returns: the currently used #gnutls_certificate_type_t certificate
168
 *   type for the client or the server.
169
 *
170
 * Since: 3.6.4
171
 **/
172
gnutls_certificate_type_t
173
gnutls_certificate_type_get2(gnutls_session_t session,
174
           gnutls_ctype_target_t target)
175
0
{
176
  /* We want to inline this function so therefore
177
   * we've defined it in gnutls_int.h */
178
0
  return get_certificate_type(session, target);
179
0
}
180
181
/**
182
 * gnutls_kx_get:
183
 * @session: is a #gnutls_session_t type.
184
 *
185
 * Get the currently used key exchange algorithm.
186
 *
187
 * This function will return %GNUTLS_KX_ECDHE_RSA, or %GNUTLS_KX_DHE_RSA
188
 * under TLS 1.3, to indicate an elliptic curve DH key exchange or
189
 * a finite field one. The precise group used is available
190
 * by calling gnutls_group_get() instead.
191
 *
192
 * Returns: the key exchange algorithm used in the last handshake, a
193
 *   #gnutls_kx_algorithm_t value.
194
 **/
195
gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session)
196
0
{
197
0
  if (session->security_parameters.cs == 0)
198
0
    return 0;
199
200
0
  if (session->security_parameters.cs->kx_algorithm == 0) { /* TLS 1.3 */
201
0
    const version_entry_st *ver = get_version(session);
202
0
    const gnutls_group_entry_st *group = get_group(session);
203
204
0
    if (ver->tls13_sem) {
205
0
      if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
206
0
        if (group) {
207
0
          if (group->pk == GNUTLS_PK_DH)
208
0
            return GNUTLS_KX_DHE_PSK;
209
0
          else
210
0
            return GNUTLS_KX_ECDHE_PSK;
211
0
        } else {
212
0
          return GNUTLS_KX_PSK;
213
0
        }
214
0
      } else if (group) {
215
0
        if (group->pk == GNUTLS_PK_DH)
216
0
          return GNUTLS_KX_DHE_RSA;
217
0
        else
218
0
          return GNUTLS_KX_ECDHE_RSA;
219
0
      }
220
0
    }
221
0
  }
222
223
0
  return session->security_parameters.cs->kx_algorithm;
224
0
}
225
226
/**
227
 * gnutls_mac_get:
228
 * @session: is a #gnutls_session_t type.
229
 *
230
 * Get the currently used MAC algorithm.
231
 *
232
 * Returns: the currently used mac algorithm, a
233
 *   #gnutls_mac_algorithm_t value.
234
 **/
235
gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session)
236
0
{
237
0
  record_parameters_st *record_params;
238
0
  int ret;
239
240
0
  ret = _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
241
0
  if (ret < 0)
242
0
    return gnutls_assert_val(GNUTLS_MAC_NULL);
243
244
0
  return record_params->mac->id;
245
0
}
246
247
/**
248
 * gnutls_compression_get:
249
 * @session: is a #gnutls_session_t type.
250
 *
251
 * Get the currently used compression algorithm.
252
 *
253
 * Returns: the currently used compression method, a
254
 *   #gnutls_compression_method_t value.
255
 **/
256
gnutls_compression_method_t gnutls_compression_get(gnutls_session_t session)
257
0
{
258
0
  return GNUTLS_COMP_NULL;
259
0
}
260
261
/**
262
 * gnutls_prf_hash_get:
263
 * @session: is a #gnutls_session_t type.
264
 *
265
 * Get the currently used hash algorithm. In TLS 1.3, the hash
266
 * algorithm is used for both the key derivation function and
267
 * handshake message authentication code. In TLS 1.2, it matches the
268
 * hash algorithm used for PRF.
269
 *
270
 * Returns: the currently used hash algorithm, a
271
 *    #gnutls_digest_algorithm_t value.
272
 *
273
 * Since: 3.6.13
274
 **/
275
gnutls_digest_algorithm_t gnutls_prf_hash_get(const gnutls_session_t session)
276
0
{
277
0
  if (session->security_parameters.prf == NULL)
278
0
    return gnutls_assert_val(GNUTLS_DIG_UNKNOWN);
279
280
0
  if (session->security_parameters.prf->id >= GNUTLS_MAC_AEAD)
281
0
    return gnutls_assert_val(GNUTLS_DIG_UNKNOWN);
282
283
0
  return (gnutls_digest_algorithm_t)session->security_parameters.prf->id;
284
0
}
285
286
/**
287
 * gnutls_early_prf_hash_get:
288
 * @session: is a #gnutls_session_t type.
289
 *
290
 * Get the hash algorithm used as a PRF to derive keys for encrypting
291
 * early data in TLS 1.3.
292
 *
293
 * Returns: the hash algorithm used for early data, a
294
 *    #gnutls_digest_algorithm_t value.
295
 *
296
 * Since: 3.7.2
297
 **/
298
gnutls_digest_algorithm_t
299
gnutls_early_prf_hash_get(const gnutls_session_t session)
300
0
{
301
0
  if (!(session->internals.hsk_flags & HSK_EARLY_DATA_IN_FLIGHT)) {
302
0
    return gnutls_assert_val(GNUTLS_DIG_UNKNOWN);
303
0
  }
304
305
0
  if (unlikely(session->internals.resumed_security_parameters.prf ==
306
0
         NULL)) {
307
0
    return gnutls_assert_val(GNUTLS_DIG_UNKNOWN);
308
0
  }
309
310
0
  if (unlikely(session->internals.resumed_security_parameters.prf->id >=
311
0
         GNUTLS_MAC_AEAD)) {
312
0
    return gnutls_assert_val(GNUTLS_DIG_UNKNOWN);
313
0
  }
314
315
0
  return (gnutls_digest_algorithm_t)
316
0
    session->internals.resumed_security_parameters.prf->id;
317
0
}
318
319
/**
320
 * gnutls_ciphersuite_get:
321
 * @session: is a #gnutls_session_t type.
322
 *
323
 * Get the canonical name of negotiated TLS ciphersuite.  The names
324
 * returned by this function match the IANA registry, with one
325
 * exception:
326
 *
327
 *   TLS_DHE_DSS_RC4_128_SHA { 0x00, 0x66 }
328
 *
329
 * which is reserved for compatibility.
330
 *
331
 * To get a detailed description of the current ciphersuite, it is
332
 * recommended to use gnutls_session_get_desc().
333
 *
334
 * Returns: a string that contains the canonical name of a TLS ciphersuite,
335
 *     or %NULL if the handshake is not completed.
336
 *
337
 * Since: 3.7.4
338
 **/
339
const char *gnutls_ciphersuite_get(gnutls_session_t session)
340
0
{
341
0
  if (unlikely(session->internals.handshake_in_progress)) {
342
0
    return NULL;
343
0
  }
344
0
  return session->security_parameters.cs->canonical_name;
345
0
}
346
347
void reset_binders(gnutls_session_t session)
348
0
{
349
0
  _gnutls_free_temp_key_datum(&session->key.binders[0].psk);
350
0
  _gnutls_free_temp_key_datum(&session->key.binders[1].psk);
351
0
  memset(session->key.binders, 0, sizeof(session->key.binders));
352
0
}
353
354
/* Check whether certificate credentials of type @cert_type are set
355
 * for the current session.
356
 */
357
static bool _gnutls_has_cert_credentials(gnutls_session_t session,
358
           gnutls_certificate_type_t cert_type)
359
0
{
360
0
  unsigned i;
361
0
  unsigned cert_found = 0;
362
0
  gnutls_certificate_credentials_t cred;
363
364
  /* First, check for certificate credentials. If we have no certificate
365
   * credentials set then we don't support certificates at all.
366
   */
367
0
  cred = (gnutls_certificate_credentials_t)_gnutls_get_cred(
368
0
    session, GNUTLS_CRD_CERTIFICATE);
369
370
0
  if (cred == NULL)
371
0
    return false;
372
373
  /* There are credentials initialized. Now check whether we can find
374
   * pre-set certificates of the required type, but only if we don't
375
   * use the callback functions.
376
   */
377
0
  if (cred->get_cert_callback3 == NULL) {
378
0
    for (i = 0; i < cred->ncerts; i++) {
379
0
      if (cred->certs[i].cert_list[0].type == cert_type) {
380
0
        cert_found = 1;
381
0
        break;
382
0
      }
383
0
    }
384
385
0
    if (cert_found == 0) {
386
      /* No matching certificate found. */
387
0
      return false;
388
0
    }
389
0
  }
390
391
0
  return true; // OK
392
0
}
393
394
/* Check if the given certificate type is supported.
395
 * This means that it is enabled by the priority functions,
396
 * and in some cases a matching certificate exists. A check for
397
 * the latter can be toggled via the parameter @check_credentials.
398
 */
399
bool _gnutls_session_is_cert_type_supported(gnutls_session_t session,
400
              gnutls_certificate_type_t cert_type,
401
              bool check_credentials,
402
              gnutls_ctype_target_t target)
403
0
{
404
0
  unsigned i;
405
0
  priority_st *ctype_priorities;
406
407
  // Check whether this cert type is enabled by the application
408
0
  if (!is_cert_type_enabled(session, cert_type))
409
0
    return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
410
411
  // Perform a credentials check if requested
412
0
  if (check_credentials) {
413
0
    if (!_gnutls_has_cert_credentials(session, cert_type))
414
0
      return gnutls_assert_val(
415
0
        GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
416
0
  }
417
418
  /* So far so good. We have the required credentials (if needed).
419
   * Now check whether we are allowed to use them according to our
420
   * priorities.
421
   */
422
  // Which certificate type should we query?
423
0
  switch (target) {
424
0
  case GNUTLS_CTYPE_CLIENT:
425
0
    ctype_priorities =
426
0
      &(session->internals.priorities->client_ctype);
427
0
    break;
428
0
  case GNUTLS_CTYPE_SERVER:
429
0
    ctype_priorities =
430
0
      &(session->internals.priorities->server_ctype);
431
0
    break;
432
0
  default:
433
0
    return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
434
0
  }
435
436
  // No explicit priorities set, and default ctype is asked
437
0
  if (ctype_priorities->num_priorities == 0 &&
438
0
      cert_type == DEFAULT_CERT_TYPE)
439
0
    return 0;
440
441
  /* Now lets find out whether our cert type is in our priority
442
   * list, i.e. set of allowed cert types.
443
   */
444
0
  for (i = 0; i < ctype_priorities->num_priorities; i++) {
445
0
    if (ctype_priorities->priorities[i] == cert_type)
446
0
      return 0;
447
0
  }
448
449
0
  return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
450
0
}
451
452
static void deinit_keys(gnutls_session_t session)
453
0
{
454
0
  const version_entry_st *vers = get_version(session);
455
456
0
  if (vers == NULL)
457
0
    return;
458
459
0
  gnutls_pk_params_release(&session->key.kshare.ecdhx_params);
460
0
  gnutls_pk_params_release(&session->key.kshare.ecdh_params);
461
0
  gnutls_pk_params_release(&session->key.kshare.dh_params);
462
0
  gnutls_pk_params_release(&session->key.kshare.kem_params);
463
464
0
  if (!vers->tls13_sem && session->key.binders[0].prf == NULL) {
465
0
    gnutls_pk_params_release(&session->key.proto.tls12.ecdh.params);
466
0
    gnutls_pk_params_release(&session->key.proto.tls12.dh.params);
467
0
    zrelease_temp_mpi_key(&session->key.proto.tls12.ecdh.x);
468
0
    zrelease_temp_mpi_key(&session->key.proto.tls12.ecdh.y);
469
0
    _gnutls_free_temp_key_datum(&session->key.proto.tls12.ecdh.raw);
470
471
0
    zrelease_temp_mpi_key(&session->key.proto.tls12.dh.client_Y);
472
473
    /* SRP */
474
0
    zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_p);
475
0
    zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_g);
476
0
    zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_key);
477
478
0
    zrelease_temp_mpi_key(&session->key.proto.tls12.srp.u);
479
0
    zrelease_temp_mpi_key(&session->key.proto.tls12.srp.a);
480
0
    zrelease_temp_mpi_key(&session->key.proto.tls12.srp.x);
481
0
    zrelease_temp_mpi_key(&session->key.proto.tls12.srp.A);
482
0
    zrelease_temp_mpi_key(&session->key.proto.tls12.srp.B);
483
0
    zrelease_temp_mpi_key(&session->key.proto.tls12.srp.b);
484
0
  } else {
485
0
    gnutls_memset(session->key.proto.tls13.temp_secret, 0,
486
0
            sizeof(session->key.proto.tls13.temp_secret));
487
0
  }
488
489
0
  reset_binders(session);
490
0
  _gnutls_free_temp_key_datum(&session->key.key);
491
0
}
492
493
/* An internal version of _gnutls_handshake_internal_state_clear(),
494
 * it will not attempt to deallocate, only initialize */
495
static void handshake_internal_state_clear1(gnutls_session_t session)
496
0
{
497
  /* by default no selected certificate */
498
0
  session->internals.adv_version_major = 0;
499
0
  session->internals.adv_version_minor = 0;
500
0
  session->internals.direction = 0;
501
502
  /* use out of band data for the last
503
   * handshake messages received.
504
   */
505
0
  session->internals.last_handshake_in = -1;
506
0
  session->internals.last_handshake_out = -1;
507
508
0
  session->internals.resumable = true;
509
510
0
  session->internals.handshake_suspicious_loops = 0;
511
0
  session->internals.dtls.hsk_read_seq = 0;
512
0
  session->internals.dtls.hsk_write_seq = 0;
513
514
0
  session->internals.cand_ec_group = 0;
515
0
  session->internals.cand_dh_group = 0;
516
517
0
  session->internals.hrr_cs[0] = CS_INVALID_MAJOR;
518
0
  session->internals.hrr_cs[1] = CS_INVALID_MINOR;
519
520
0
  session->internals.client_hello_exts_set = false;
521
0
}
522
523
/* This function will clear all the variables in internals
524
 * structure within the session, which depend on the current handshake.
525
 * This is used to allow further handshakes.
526
 */
527
void _gnutls_handshake_internal_state_clear(gnutls_session_t session)
528
0
{
529
0
  handshake_internal_state_clear1(session);
530
531
0
  _gnutls_handshake_hash_buffers_clear(session);
532
0
  deinit_keys(session);
533
534
0
  _gnutls_epoch_gc(session);
535
536
0
  session->internals.handshake_abs_timeout.tv_sec = 0;
537
0
  session->internals.handshake_abs_timeout.tv_nsec = 0;
538
0
  session->internals.handshake_in_progress = 0;
539
540
0
  session->internals.tfo.connect_addrlen = 0;
541
0
  session->internals.tfo.connect_only = 0;
542
0
  session->internals.early_data_received = 0;
543
0
  session->internals.session_ticket_renew = 0;
544
0
}
545
546
/**
547
 * gnutls_init:
548
 * @session: is a pointer to a #gnutls_session_t type.
549
 * @flags: indicate if this session is to be used for server or client.
550
 *
551
 * This function initializes the provided session. Every session must
552
 * be initialized before use, and after successful initialization and
553
 * use must be deinitialized by calling gnutls_deinit().
554
 *
555
 * @flags can be any combination of flags from %gnutls_init_flags_t.
556
 *
557
 * Note that since version 3.1.2 this function enables some common
558
 * TLS extensions such as session tickets and OCSP certificate status
559
 * request in client side by default. To prevent that use the %GNUTLS_NO_DEFAULT_EXTENSIONS
560
 * flag.
561
 *
562
 * Note that it is never mandatory to use gnutls_deinit() after this
563
 * function fails.  Since gnutls 3.8.0, it is safe to unconditionally
564
 * use gnutls_deinit() even after failure regardless of whether the
565
 * memory was initialized prior to gnutls_init(); however, clients
566
 * wanting to be portable to older versions of the library should
567
 * either skip deinitialization on failure, or pre-initialize the
568
 * memory passed in to gnutls_init() to all zeroes via memset() or
569
 * similar.
570
 *
571
 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
572
 **/
573
int gnutls_init(gnutls_session_t *session, unsigned int flags)
574
0
{
575
0
  int ret;
576
577
0
  *session = NULL;
578
0
  FAIL_IF_LIB_ERROR;
579
580
0
  *session = gnutls_calloc(1, sizeof(struct gnutls_session_int));
581
0
  if (*session == NULL)
582
0
    return GNUTLS_E_MEMORY_ERROR;
583
584
0
  ret = gnutls_mutex_init(&(*session)->internals.post_negotiation_lock);
585
0
  if (ret < 0) {
586
0
    gnutls_assert();
587
0
    gnutls_free(*session);
588
0
    return ret;
589
0
  }
590
591
0
  ret = gnutls_mutex_init(&(*session)->internals.epoch_lock);
592
0
  if (ret < 0) {
593
0
    gnutls_assert();
594
0
    gnutls_mutex_deinit(
595
0
      &(*session)->internals.post_negotiation_lock);
596
0
    gnutls_free(*session);
597
0
    return ret;
598
0
  }
599
600
0
  ret = _gnutls_epoch_setup_next(*session, 1, NULL);
601
0
  if (ret < 0) {
602
0
    gnutls_mutex_deinit(
603
0
      &(*session)->internals.post_negotiation_lock);
604
0
    gnutls_mutex_deinit(&(*session)->internals.epoch_lock);
605
0
    gnutls_free(*session);
606
0
    return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
607
0
  }
608
0
  _gnutls_epoch_bump(*session);
609
610
0
  (*session)->security_parameters.entity =
611
0
    (flags & GNUTLS_SERVER ? GNUTLS_SERVER : GNUTLS_CLIENT);
612
613
  /* the default certificate type for TLS */
614
0
  (*session)->security_parameters.client_ctype = DEFAULT_CERT_TYPE;
615
0
  (*session)->security_parameters.server_ctype = DEFAULT_CERT_TYPE;
616
617
  /* Initialize buffers */
618
0
  _gnutls_buffer_init(&(*session)->internals.handshake_hash_buffer);
619
0
  _gnutls_buffer_init(&(*session)->internals.post_handshake_hash_buffer);
620
0
  _gnutls_buffer_init(&(*session)->internals.hb_remote_data);
621
0
  _gnutls_buffer_init(&(*session)->internals.hb_local_data);
622
0
  _gnutls_buffer_init(&(*session)->internals.record_presend_buffer);
623
0
  _gnutls_buffer_init(&(*session)->internals.record_key_update_buffer);
624
0
  _gnutls_buffer_init(&(*session)->internals.reauth_buffer);
625
626
0
  _mbuffer_head_init(&(*session)->internals.record_buffer);
627
0
  _mbuffer_head_init(&(*session)->internals.record_send_buffer);
628
0
  _mbuffer_head_init(&(*session)->internals.record_recv_buffer);
629
0
  _mbuffer_head_init(&(*session)->internals.early_data_recv_buffer);
630
0
  _gnutls_buffer_init(&(*session)->internals.early_data_presend_buffer);
631
632
0
  _mbuffer_head_init(&(*session)->internals.handshake_send_buffer);
633
0
  _gnutls_handshake_recv_buffer_init(*session);
634
635
0
  (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME;
636
637
  /* Ticket key rotation - set the default X to 3 times the ticket expire time */
638
0
  (*session)->key.totp.last_result = 0;
639
640
0
  gnutls_handshake_set_max_packet_length((*session),
641
0
                 MAX_HANDSHAKE_PACKET_SIZE);
642
643
  /* set the socket pointers to -1;
644
   */
645
0
  (*session)->internals.transport_recv_ptr = (gnutls_transport_ptr_t)-1;
646
0
  (*session)->internals.transport_send_ptr = (gnutls_transport_ptr_t)-1;
647
648
  /* set the default maximum record size for TLS
649
   */
650
0
  (*session)->security_parameters.max_record_recv_size =
651
0
    DEFAULT_MAX_RECORD_SIZE;
652
0
  (*session)->security_parameters.max_record_send_size =
653
0
    DEFAULT_MAX_RECORD_SIZE;
654
0
  (*session)->security_parameters.max_user_record_recv_size =
655
0
    DEFAULT_MAX_RECORD_SIZE;
656
0
  (*session)->security_parameters.max_user_record_send_size =
657
0
    DEFAULT_MAX_RECORD_SIZE;
658
659
  /* set the default early data size for TLS
660
   */
661
0
  if ((*session)->security_parameters.entity == GNUTLS_SERVER) {
662
0
    (*session)->security_parameters.max_early_data_size =
663
0
      DEFAULT_MAX_EARLY_DATA_SIZE;
664
0
  } else {
665
0
    (*session)->security_parameters.max_early_data_size = 0;
666
0
  }
667
668
  /* Everything else not initialized here is initialized as NULL
669
   * or 0. This is why calloc is used. However, we want to
670
   * ensure that certain portions of data are initialized at
671
   * runtime before being used. Mark such regions with a
672
   * valgrind client request as undefined.
673
   */
674
0
  _gnutls_memory_mark_undefined(
675
0
    (*session)->security_parameters.master_secret,
676
0
    GNUTLS_MASTER_SIZE);
677
0
  _gnutls_memory_mark_undefined(
678
0
    (*session)->security_parameters.client_random,
679
0
    GNUTLS_RANDOM_SIZE);
680
0
  _gnutls_memory_mark_undefined(
681
0
    (*session)->security_parameters.server_random,
682
0
    GNUTLS_RANDOM_SIZE);
683
0
  _gnutls_memory_mark_undefined((*session)->key.session_ticket_key,
684
0
              TICKET_MASTER_KEY_SIZE);
685
0
  _gnutls_memory_mark_undefined((*session)->key.previous_ticket_key,
686
0
              TICKET_MASTER_KEY_SIZE);
687
0
  _gnutls_memory_mark_undefined((*session)->key.initial_stek,
688
0
              TICKET_MASTER_KEY_SIZE);
689
690
0
  handshake_internal_state_clear1(*session);
691
692
0
#ifdef MSG_NOSIGNAL
693
0
  if (flags & GNUTLS_NO_SIGNAL)
694
0
    gnutls_transport_set_vec_push_function(*session,
695
0
                   system_writev_nosignal);
696
0
  else
697
0
#endif
698
0
    gnutls_transport_set_vec_push_function(*session, system_writev);
699
0
  (*session)->internals.pull_timeout_func = gnutls_system_recv_timeout;
700
0
  (*session)->internals.pull_func = system_read;
701
0
  (*session)->internals.errno_func = system_errno;
702
703
0
  (*session)->internals.saved_username = NULL;
704
0
  (*session)->internals.saved_username_size = -1;
705
706
  /* heartbeat timeouts */
707
0
  (*session)->internals.hb_retrans_timeout_ms = 1000;
708
0
  (*session)->internals.hb_total_timeout_ms = 60000;
709
710
0
  if (flags & GNUTLS_DATAGRAM) {
711
0
    (*session)->internals.dtls.mtu = DTLS_DEFAULT_MTU;
712
0
    (*session)->internals.transport = GNUTLS_DGRAM;
713
714
0
    gnutls_dtls_set_timeouts(*session, DTLS_RETRANS_TIMEOUT, 60000);
715
0
  } else {
716
0
    (*session)->internals.transport = GNUTLS_STREAM;
717
0
  }
718
719
  /* Enable useful extensions */
720
0
  if ((flags & GNUTLS_CLIENT) &&
721
0
      !(flags & GNUTLS_NO_DEFAULT_EXTENSIONS)) {
722
0
#ifdef ENABLE_OCSP
723
0
    if (!(flags & GNUTLS_NO_STATUS_REQUEST))
724
0
      gnutls_ocsp_status_request_enable_client(*session, NULL,
725
0
                 0, NULL);
726
0
#endif
727
0
  }
728
729
  /* session tickets in server side are enabled by setting a key */
730
0
  if (flags & GNUTLS_SERVER)
731
0
    flags |= GNUTLS_NO_TICKETS;
732
733
0
  (*session)->internals.flags = flags;
734
735
0
  if (_gnutls_disable_tls13 != 0)
736
0
    (*session)->internals.flags |= INT_FLAG_NO_TLS13;
737
738
  /* Install the default keylog function */
739
0
  gnutls_session_set_keylog_function(*session, _gnutls_nss_keylog_func);
740
741
0
  return 0;
742
0
}
743
744
/**
745
 * gnutls_deinit:
746
 * @session: is a #gnutls_session_t type.
747
 *
748
 * This function clears all buffers associated with the @session.
749
 * This function will also remove session data from the session
750
 * database if the session was terminated abnormally.
751
 **/
752
void gnutls_deinit(gnutls_session_t session)
753
0
{
754
0
  unsigned int i;
755
756
0
  if (session == NULL)
757
0
    return;
758
759
  /* remove auth info firstly */
760
0
  _gnutls_free_auth_info(session);
761
762
0
  _gnutls_handshake_internal_state_clear(session);
763
0
  _gnutls_handshake_io_buffer_clear(session);
764
0
  _gnutls_hello_ext_priv_deinit(session);
765
766
0
  for (i = 0; i < MAX_EPOCH_INDEX; i++)
767
0
    if (session->record_parameters[i] != NULL) {
768
0
      _gnutls_epoch_free(session,
769
0
             session->record_parameters[i]);
770
0
      session->record_parameters[i] = NULL;
771
0
    }
772
773
0
  _gnutls_buffer_clear(&session->internals.handshake_hash_buffer);
774
0
  _gnutls_buffer_clear(&session->internals.post_handshake_hash_buffer);
775
0
  _gnutls_buffer_clear(&session->internals.hb_remote_data);
776
0
  _gnutls_buffer_clear(&session->internals.hb_local_data);
777
0
  _gnutls_buffer_clear(&session->internals.record_presend_buffer);
778
0
  _gnutls_buffer_clear(&session->internals.record_key_update_buffer);
779
0
  _gnutls_buffer_clear(&session->internals.reauth_buffer);
780
781
0
  _mbuffer_head_clear(&session->internals.record_buffer);
782
0
  _mbuffer_head_clear(&session->internals.record_recv_buffer);
783
0
  _mbuffer_head_clear(&session->internals.record_send_buffer);
784
785
0
  _mbuffer_head_clear(&session->internals.early_data_recv_buffer);
786
0
  _gnutls_buffer_clear(&session->internals.early_data_presend_buffer);
787
788
0
  _gnutls_free_datum(&session->internals.resumption_data);
789
0
  _gnutls_free_datum(&session->internals.dtls.dcookie);
790
791
0
  for (i = 0; i < session->internals.rexts_size; i++)
792
0
    gnutls_free(session->internals.rexts[i].name);
793
0
  gnutls_free(session->internals.rexts);
794
0
  gnutls_free(session->internals.post_handshake_cr_context.data);
795
796
0
  gnutls_free(session->internals.saved_username);
797
0
  gnutls_free(session->internals.rsup);
798
799
0
  gnutls_credentials_clear(session);
800
0
  _gnutls_selected_certs_deinit(session);
801
802
  /* destroy any session ticket we may have received */
803
0
  tls13_ticket_deinit(&session->internals.tls13_ticket);
804
805
  /* we rely on priorities' internal reference counting */
806
0
  gnutls_priority_deinit(session->internals.priorities);
807
808
  /* overwrite any temp TLS1.3 keys */
809
0
  gnutls_memset(&session->key.proto, 0, sizeof(session->key.proto));
810
811
  /* clear session ticket keys */
812
0
  _gnutls_memory_mark_defined(session->key.session_ticket_key,
813
0
            TICKET_MASTER_KEY_SIZE);
814
0
  gnutls_memset(&session->key.session_ticket_key, 0,
815
0
          TICKET_MASTER_KEY_SIZE);
816
0
  _gnutls_memory_mark_undefined(session->key.session_ticket_key,
817
0
              TICKET_MASTER_KEY_SIZE);
818
819
0
  _gnutls_memory_mark_defined(session->key.previous_ticket_key,
820
0
            TICKET_MASTER_KEY_SIZE);
821
0
  gnutls_memset(&session->key.previous_ticket_key, 0,
822
0
          TICKET_MASTER_KEY_SIZE);
823
0
  _gnutls_memory_mark_undefined(session->key.previous_ticket_key,
824
0
              TICKET_MASTER_KEY_SIZE);
825
826
0
  _gnutls_memory_mark_defined(session->key.initial_stek,
827
0
            TICKET_MASTER_KEY_SIZE);
828
0
  gnutls_memset(&session->key.initial_stek, 0, TICKET_MASTER_KEY_SIZE);
829
0
  _gnutls_memory_mark_undefined(session->key.initial_stek,
830
0
              TICKET_MASTER_KEY_SIZE);
831
832
0
  gnutls_mutex_deinit(&session->internals.post_negotiation_lock);
833
0
  gnutls_mutex_deinit(&session->internals.epoch_lock);
834
835
0
  gnutls_free(session);
836
0
}
837
838
int _gnutls_dh_set_peer_public(gnutls_session_t session, bigint_t public)
839
0
{
840
0
  dh_info_st *dh;
841
0
  int ret;
842
843
0
  switch (gnutls_auth_get_type(session)) {
844
0
  case GNUTLS_CRD_ANON: {
845
0
    anon_auth_info_t info;
846
0
    info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON);
847
0
    if (info == NULL)
848
0
      return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
849
850
0
    dh = &info->dh;
851
0
    break;
852
0
  }
853
0
  case GNUTLS_CRD_PSK: {
854
0
    psk_auth_info_t info;
855
0
    info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
856
0
    if (info == NULL)
857
0
      return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
858
859
0
    dh = &info->dh;
860
0
    break;
861
0
  }
862
0
  case GNUTLS_CRD_CERTIFICATE: {
863
0
    cert_auth_info_t info;
864
865
0
    info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
866
0
    if (info == NULL)
867
0
      return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
868
869
0
    dh = &info->dh;
870
0
    break;
871
0
  }
872
0
  default:
873
0
    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
874
0
  }
875
876
0
  if (dh->public_key.data)
877
0
    _gnutls_free_datum(&dh->public_key);
878
879
0
  ret = _gnutls_mpi_dprint_lz(public, &dh->public_key);
880
0
  if (ret < 0) {
881
0
    gnutls_assert();
882
0
    return ret;
883
0
  }
884
885
0
  return 0;
886
0
}
887
888
int _gnutls_dh_set_secret_bits(gnutls_session_t session, unsigned bits)
889
0
{
890
0
  switch (gnutls_auth_get_type(session)) {
891
0
  case GNUTLS_CRD_ANON: {
892
0
    anon_auth_info_t info;
893
0
    info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON);
894
0
    if (info == NULL)
895
0
      return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
896
0
    info->dh.secret_bits = bits;
897
0
    break;
898
0
  }
899
0
  case GNUTLS_CRD_PSK: {
900
0
    psk_auth_info_t info;
901
0
    info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
902
0
    if (info == NULL)
903
0
      return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
904
0
    info->dh.secret_bits = bits;
905
0
    break;
906
0
  }
907
0
  case GNUTLS_CRD_CERTIFICATE: {
908
0
    cert_auth_info_t info;
909
910
0
    info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
911
0
    if (info == NULL)
912
0
      return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
913
914
0
    info->dh.secret_bits = bits;
915
0
    break;
916
0
  default:
917
0
    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
918
0
  }
919
0
  }
920
921
0
  return 0;
922
0
}
923
924
/* Sets the prime and the generator in the auth info structure.
925
 */
926
int _gnutls_dh_save_group(gnutls_session_t session, bigint_t gen,
927
        bigint_t prime)
928
0
{
929
0
  dh_info_st *dh;
930
0
  int ret;
931
932
0
  switch (gnutls_auth_get_type(session)) {
933
0
  case GNUTLS_CRD_ANON: {
934
0
    anon_auth_info_t info;
935
0
    info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON);
936
0
    if (info == NULL)
937
0
      return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
938
939
0
    dh = &info->dh;
940
0
    break;
941
0
  }
942
0
  case GNUTLS_CRD_PSK: {
943
0
    psk_auth_info_t info;
944
0
    info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
945
0
    if (info == NULL)
946
0
      return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
947
948
0
    dh = &info->dh;
949
0
    break;
950
0
  }
951
0
  case GNUTLS_CRD_CERTIFICATE: {
952
0
    cert_auth_info_t info;
953
954
0
    info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
955
0
    if (info == NULL)
956
0
      return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
957
958
0
    dh = &info->dh;
959
0
    break;
960
0
  }
961
0
  default:
962
0
    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
963
0
  }
964
965
0
  if (dh->prime.data)
966
0
    _gnutls_free_datum(&dh->prime);
967
968
0
  if (dh->generator.data)
969
0
    _gnutls_free_datum(&dh->generator);
970
971
  /* prime
972
   */
973
0
  ret = _gnutls_mpi_dprint_lz(prime, &dh->prime);
974
0
  if (ret < 0) {
975
0
    gnutls_assert();
976
0
    return ret;
977
0
  }
978
979
  /* generator
980
   */
981
0
  ret = _gnutls_mpi_dprint_lz(gen, &dh->generator);
982
0
  if (ret < 0) {
983
0
    gnutls_assert();
984
0
    _gnutls_free_datum(&dh->prime);
985
0
    return ret;
986
0
  }
987
988
0
  return 0;
989
0
}
990
991
/**
992
 * gnutls_certificate_send_x509_rdn_sequence:
993
 * @session: a #gnutls_session_t type.
994
 * @status: is 0 or 1
995
 *
996
 * If status is non zero, this function will order gnutls not to send
997
 * the rdnSequence in the certificate request message. That is the
998
 * server will not advertise its trusted CAs to the peer. If status
999
 * is zero then the default behaviour will take effect, which is to
1000
 * advertise the server's trusted CAs.
1001
 *
1002
 * This function has no effect in clients, and in authentication
1003
 * methods other than certificate with X.509 certificates.
1004
 **/
1005
void gnutls_certificate_send_x509_rdn_sequence(gnutls_session_t session,
1006
                 int status)
1007
0
{
1008
0
  session->internals.ignore_rdn_sequence = status;
1009
0
}
1010
1011
/*-
1012
 * _gnutls_record_set_default_version - Used to set the default version for the first record packet
1013
 * @session: is a #gnutls_session_t type.
1014
 * @major: is a tls major version
1015
 * @minor: is a tls minor version
1016
 *
1017
 * This function sets the default version that we will use in the first
1018
 * record packet (client hello). This function is only useful to people
1019
 * that know TLS internals and want to debug other implementations.
1020
 -*/
1021
void _gnutls_record_set_default_version(gnutls_session_t session,
1022
          unsigned char major,
1023
          unsigned char minor)
1024
0
{
1025
0
  session->internals.default_record_version[0] = major;
1026
0
  session->internals.default_record_version[1] = minor;
1027
0
}
1028
1029
/*-
1030
 * _gnutls_hello_set_default_version - Used to set the default version for the first record packet
1031
 * @session: is a #gnutls_session_t type.
1032
 * @major: is a tls major version
1033
 * @minor: is a tls minor version
1034
 *
1035
 * This function sets the default version that we will use in the first
1036
 * record packet (client hello). This function is only useful to people
1037
 * that know TLS internals and want to debug other implementations.
1038
 -*/
1039
void _gnutls_hello_set_default_version(gnutls_session_t session,
1040
               unsigned char major, unsigned char minor)
1041
0
{
1042
0
  session->internals.default_hello_version[0] = major;
1043
0
  session->internals.default_hello_version[1] = minor;
1044
0
}
1045
1046
/**
1047
 * gnutls_handshake_set_private_extensions:
1048
 * @session: is a #gnutls_session_t type.
1049
 * @allow: is an integer (0 or 1)
1050
 *
1051
 * This function will enable or disable the use of private cipher
1052
 * suites (the ones that start with 0xFF).  By default or if @allow
1053
 * is 0 then these cipher suites will not be advertised nor used.
1054
 *
1055
 * Currently GnuTLS does not include such cipher-suites or
1056
 * compression algorithms.
1057
 *
1058
 * Enabling the private ciphersuites when talking to other than
1059
 * gnutls servers and clients may cause interoperability problems.
1060
 **/
1061
void gnutls_handshake_set_private_extensions(gnutls_session_t session,
1062
               int allow)
1063
0
{
1064
  /* we have no private extensions */
1065
0
  return;
1066
0
}
1067
1068
/**
1069
 * gnutls_session_is_resumed:
1070
 * @session: is a #gnutls_session_t type.
1071
 *
1072
 * Checks whether session is resumed or not. This is functional
1073
 * for both server and client side.
1074
 *
1075
 * Returns: non zero if this session is resumed, or a zero if this is
1076
 *   a new session.
1077
 **/
1078
int gnutls_session_is_resumed(gnutls_session_t session)
1079
0
{
1080
0
  if (session->security_parameters.entity == GNUTLS_CLIENT) {
1081
0
    const version_entry_st *ver = get_version(session);
1082
0
    if (ver && ver->tls13_sem) {
1083
0
      return session->internals.resumed;
1084
0
    }
1085
1086
0
    if (session->security_parameters.session_id_size > 0 &&
1087
0
        session->security_parameters.session_id_size ==
1088
0
          session->internals.resumed_security_parameters
1089
0
            .session_id_size &&
1090
0
        memcmp(session->security_parameters.session_id,
1091
0
         session->internals.resumed_security_parameters
1092
0
           .session_id,
1093
0
         session->security_parameters.session_id_size) == 0)
1094
0
      return 1;
1095
0
  } else {
1096
0
    if (session->internals.resumed)
1097
0
      return 1;
1098
0
  }
1099
1100
0
  return 0;
1101
0
}
1102
1103
/**
1104
 * gnutls_session_resumption_requested:
1105
 * @session: is a #gnutls_session_t type.
1106
 *
1107
 * Check whether the client has asked for session resumption.
1108
 * This function is valid only on server side.
1109
 *
1110
 * Returns: non zero if session resumption was asked, or a zero if not.
1111
 **/
1112
int gnutls_session_resumption_requested(gnutls_session_t session)
1113
0
{
1114
0
  if (session->security_parameters.entity == GNUTLS_CLIENT) {
1115
0
    return 0;
1116
0
  } else {
1117
0
    return session->internals.resumption_requested;
1118
0
  }
1119
0
}
1120
1121
/*-
1122
 * _gnutls_session_is_psk - Used to check whether this session uses PSK kx
1123
 * @session: is a #gnutls_session_t type.
1124
 *
1125
 * This function will return non zero if this session uses a PSK key
1126
 * exchange algorithm.
1127
 -*/
1128
int _gnutls_session_is_psk(gnutls_session_t session)
1129
0
{
1130
0
  gnutls_kx_algorithm_t kx;
1131
1132
0
  kx = session->security_parameters.cs->kx_algorithm;
1133
0
  if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK ||
1134
0
      kx == GNUTLS_KX_RSA_PSK)
1135
0
    return 1;
1136
1137
0
  return 0;
1138
0
}
1139
1140
/*-
1141
 * _gnutls_session_is_ecc - Used to check whether this session uses ECC kx
1142
 * @session: is a #gnutls_session_t type.
1143
 *
1144
 * This function will return non zero if this session uses an elliptic
1145
 * curves key exchange exchange algorithm.
1146
 -*/
1147
int _gnutls_session_is_ecc(gnutls_session_t session)
1148
0
{
1149
0
  gnutls_kx_algorithm_t kx;
1150
1151
  /* We get the key exchange algorithm through the ciphersuite because
1152
   * the negotiated key exchange might not have been set yet.
1153
   */
1154
0
  kx = session->security_parameters.cs->kx_algorithm;
1155
1156
0
  return _gnutls_kx_is_ecc(kx);
1157
0
}
1158
1159
/**
1160
 * gnutls_session_get_ptr:
1161
 * @session: is a #gnutls_session_t type.
1162
 *
1163
 * Get user pointer for session.  Useful in callbacks.  This is the
1164
 *   pointer set with gnutls_session_set_ptr().
1165
 *
1166
 * Returns: the user given pointer from the session structure, or
1167
 *   %NULL if it was never set.
1168
 **/
1169
void *gnutls_session_get_ptr(gnutls_session_t session)
1170
0
{
1171
0
  return session->internals.user_ptr;
1172
0
}
1173
1174
/**
1175
 * gnutls_session_set_ptr:
1176
 * @session: is a #gnutls_session_t type.
1177
 * @ptr: is the user pointer
1178
 *
1179
 * This function will set (associate) the user given pointer @ptr to
1180
 * the session structure.  This pointer can be accessed with
1181
 * gnutls_session_get_ptr().
1182
 **/
1183
void gnutls_session_set_ptr(gnutls_session_t session, void *ptr)
1184
0
{
1185
0
  session->internals.user_ptr = ptr;
1186
0
}
1187
1188
/**
1189
 * gnutls_session_set_verify_function:
1190
 * @session: is a #gnutls_session_t type.
1191
 * @func: is the callback function
1192
 *
1193
 * This function sets a callback to be called when peer's certificate
1194
 * has been received in order to verify it on receipt rather than
1195
 * doing after the handshake is completed. This overrides any callback
1196
 * set using gnutls_certificate_set_verify_function().
1197
 *
1198
 * The callback's function prototype is:
1199
 * int (*callback)(gnutls_session_t);
1200
 *
1201
 * If the callback function is provided then gnutls will call it, in the
1202
 * handshake, just after the certificate message has been received.
1203
 * To verify or obtain the certificate the gnutls_certificate_verify_peers2(),
1204
 * gnutls_certificate_type_get(), gnutls_certificate_get_peers() functions
1205
 * can be used.
1206
 *
1207
 * The callback function should return 0 for the handshake to continue
1208
 * or non-zero to terminate.
1209
 *
1210
 * Since: 3.4.6
1211
 **/
1212
void gnutls_session_set_verify_function(
1213
  gnutls_session_t session, gnutls_certificate_verify_function *func)
1214
0
{
1215
0
  session->internals.verify_callback = func;
1216
0
}
1217
1218
/**
1219
 * gnutls_record_get_direction:
1220
 * @session: is a #gnutls_session_t type.
1221
 *
1222
 * This function is useful to determine whether a GnuTLS function was interrupted
1223
 * while sending or receiving, so that select() or poll() may be called appropriately.
1224
 *
1225
 * It provides information about the internals of the record
1226
 * protocol and is only useful if a prior gnutls function call,
1227
 * e.g.  gnutls_handshake(), was interrupted and returned
1228
 * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN. After such an interrupt
1229
 * applications may call select() or poll() before restoring the
1230
 * interrupted GnuTLS function.
1231
 *
1232
 * This function's output is unreliable if you are using the same
1233
 * @session in different threads for sending and receiving.
1234
 *
1235
 * Returns: 0 if interrupted while trying to read data, or 1 while trying to write data.
1236
 **/
1237
int gnutls_record_get_direction(gnutls_session_t session)
1238
0
{
1239
0
  return session->internals.direction;
1240
0
}
1241
1242
/*-
1243
 * _gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS
1244
 * @session: is a #gnutls_session_t type.
1245
 * @major: is the major version to use
1246
 * @minor: is the minor version to use
1247
 *
1248
 * This function will set the given version number to be used at the
1249
 * RSA PMS secret. This is only useful to clients, which want to
1250
 * test server's capabilities.
1251
 -*/
1252
void _gnutls_rsa_pms_set_version(gnutls_session_t session, unsigned char major,
1253
         unsigned char minor)
1254
0
{
1255
0
  session->internals.rsa_pms_version[0] = major;
1256
0
  session->internals.rsa_pms_version[1] = minor;
1257
0
}
1258
1259
void _gnutls_session_client_cert_type_set(gnutls_session_t session,
1260
            gnutls_certificate_type_t ct)
1261
0
{
1262
0
  _gnutls_handshake_log(
1263
0
    "HSK[%p]: Selected client certificate type %s (%d)\n", session,
1264
0
    gnutls_certificate_type_get_name(ct), ct);
1265
0
  session->security_parameters.client_ctype = ct;
1266
0
}
1267
1268
void _gnutls_session_server_cert_type_set(gnutls_session_t session,
1269
            gnutls_certificate_type_t ct)
1270
0
{
1271
0
  _gnutls_handshake_log(
1272
0
    "HSK[%p]: Selected server certificate type %s (%d)\n", session,
1273
0
    gnutls_certificate_type_get_name(ct), ct);
1274
0
  session->security_parameters.server_ctype = ct;
1275
0
}
1276
1277
/**
1278
 * gnutls_handshake_set_post_client_hello_function:
1279
 * @session: is a #gnutls_session_t type.
1280
 * @func: is the function to be called
1281
 *
1282
 * This function will set a callback to be called after the client
1283
 * hello has been received (callback valid in server side only). This
1284
 * allows the server to adjust settings based on received extensions.
1285
 *
1286
 * Those settings could be ciphersuites, requesting certificate, or
1287
 * anything else except for version negotiation (this is done before
1288
 * the hello message is parsed).
1289
 *
1290
 * This callback must return 0 on success or a gnutls error code to
1291
 * terminate the handshake.
1292
 *
1293
 * Since GnuTLS 3.3.5 the callback is
1294
 * allowed to return %GNUTLS_E_AGAIN or %GNUTLS_E_INTERRUPTED to
1295
 * put the handshake on hold. In that case gnutls_handshake()
1296
 * will return %GNUTLS_E_INTERRUPTED and can be resumed when needed.
1297
 *
1298
 * Warning: You should not use this function to terminate the
1299
 * handshake based on client input unless you know what you are
1300
 * doing. Before the handshake is finished there is no way to know if
1301
 * there is a man-in-the-middle attack being performed.
1302
 **/
1303
void gnutls_handshake_set_post_client_hello_function(
1304
  gnutls_session_t session, gnutls_handshake_simple_hook_func func)
1305
0
{
1306
0
  session->internals.user_hello_func = func;
1307
0
}
1308
1309
/**
1310
 * gnutls_session_enable_compatibility_mode:
1311
 * @session: is a #gnutls_session_t type.
1312
 *
1313
 * This function can be used to disable certain (security) features in
1314
 * TLS in order to maintain maximum compatibility with buggy
1315
 * clients. Because several trade-offs with security are enabled,
1316
 * if required they will be reported through the audit subsystem.
1317
 *
1318
 * Normally only servers that require maximum compatibility with
1319
 * everything out there, need to call this function.
1320
 *
1321
 * Note that this function must be called after any call to gnutls_priority
1322
 * functions.
1323
 *
1324
 * Since: 2.1.4
1325
 **/
1326
void gnutls_session_enable_compatibility_mode(gnutls_session_t session)
1327
0
{
1328
0
  ENABLE_COMPAT(&session->internals);
1329
0
}
1330
1331
/**
1332
 * gnutls_session_channel_binding:
1333
 * @session: is a #gnutls_session_t type.
1334
 * @cbtype: an #gnutls_channel_binding_t enumeration type
1335
 * @cb: output buffer array with data
1336
 *
1337
 * Extract given channel binding data of the @cbtype (e.g.,
1338
 * %GNUTLS_CB_TLS_UNIQUE) type.
1339
 *
1340
 * Returns: %GNUTLS_E_SUCCESS on success,
1341
 * %GNUTLS_E_UNIMPLEMENTED_FEATURE if the @cbtype is unsupported,
1342
 * %GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE if the data is not
1343
 * currently available, or an error code.
1344
 *
1345
 * Since: 2.12.0
1346
 **/
1347
int gnutls_session_channel_binding(gnutls_session_t session,
1348
           gnutls_channel_binding_t cbtype,
1349
           gnutls_datum_t *cb)
1350
0
{
1351
0
  if (!session->internals.initial_negotiation_completed)
1352
0
    return GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE;
1353
1354
0
  if (cbtype == GNUTLS_CB_TLS_UNIQUE) {
1355
0
    const version_entry_st *ver = get_version(session);
1356
0
    if (unlikely(ver == NULL || ver->tls13_sem))
1357
0
      return GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE;
1358
1359
0
    cb->size = session->internals.cb_tls_unique_len;
1360
0
    cb->data = gnutls_malloc(cb->size);
1361
0
    if (cb->data == NULL)
1362
0
      return GNUTLS_E_MEMORY_ERROR;
1363
1364
0
    memcpy(cb->data, session->internals.cb_tls_unique, cb->size);
1365
1366
0
    return 0;
1367
0
  }
1368
1369
0
  if (cbtype == GNUTLS_CB_TLS_SERVER_END_POINT) {
1370
0
    const gnutls_datum_t *ders;
1371
0
    unsigned int num_certs = 1;
1372
0
    int ret;
1373
0
    size_t rlen;
1374
0
    gnutls_x509_crt_t cert;
1375
0
    gnutls_digest_algorithm_t algo;
1376
1377
    /* Only X509 certificates are supported for this binding type */
1378
0
    ret = gnutls_certificate_type_get(session);
1379
0
    if (ret != GNUTLS_CRT_X509)
1380
0
      return GNUTLS_E_UNIMPLEMENTED_FEATURE;
1381
1382
0
    if (session->security_parameters.entity == GNUTLS_CLIENT)
1383
0
      ders = gnutls_certificate_get_peers(session,
1384
0
                  &num_certs);
1385
0
    else
1386
0
      ders = gnutls_certificate_get_ours(session);
1387
1388
    /* Previous check indicated we have x509 but you never know */
1389
0
    if (!ders || num_certs == 0)
1390
0
      return GNUTLS_E_UNIMPLEMENTED_FEATURE;
1391
1392
0
    ret = gnutls_x509_crt_list_import(&cert, &num_certs, ders,
1393
0
              GNUTLS_X509_FMT_DER, 0);
1394
    /* Again, this is not supposed to happen (normally) */
1395
0
    if (ret < 0 || num_certs == 0)
1396
0
      return GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE;
1397
1398
    /* Obtain signature algorithm used by certificate */
1399
0
    ret = gnutls_x509_crt_get_signature_algorithm(cert);
1400
0
    if (ret < 0 || ret == GNUTLS_SIGN_UNKNOWN)
1401
0
      return GNUTLS_E_UNIMPLEMENTED_FEATURE;
1402
1403
    /* obtain hash function from signature and normalize it */
1404
0
    algo = gnutls_sign_get_hash_algorithm(ret);
1405
0
    switch (algo) {
1406
0
    case GNUTLS_DIG_MD5:
1407
0
    case GNUTLS_DIG_SHA1:
1408
0
      algo = GNUTLS_DIG_SHA256;
1409
0
      break;
1410
0
    case GNUTLS_DIG_UNKNOWN:
1411
0
    case GNUTLS_DIG_NULL:
1412
0
    case GNUTLS_DIG_MD5_SHA1:
1413
      /* double hashing not supported either */
1414
0
      gnutls_x509_crt_deinit(cert);
1415
0
      return GNUTLS_E_UNIMPLEMENTED_FEATURE;
1416
0
    default:
1417
0
      break;
1418
0
    }
1419
1420
    /* preallocate 512 bits buffer as maximum supported digest */
1421
0
    rlen = MAX_HASH_SIZE;
1422
0
    cb->data = gnutls_malloc(rlen);
1423
0
    if (cb->data == NULL) {
1424
0
      gnutls_x509_crt_deinit(cert);
1425
0
      return GNUTLS_E_MEMORY_ERROR;
1426
0
    }
1427
1428
0
    ret = gnutls_x509_crt_get_fingerprint(cert, algo, cb->data,
1429
0
                  &rlen);
1430
0
    if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
1431
0
      cb->data = gnutls_realloc_fast(cb->data, cb->size);
1432
0
      if (cb->data == NULL) {
1433
0
        gnutls_x509_crt_deinit(cert);
1434
0
        return GNUTLS_E_MEMORY_ERROR;
1435
0
      }
1436
0
      ret = gnutls_x509_crt_get_fingerprint(cert, algo,
1437
0
                    cb->data, &rlen);
1438
0
    }
1439
0
    cb->size = rlen;
1440
0
    gnutls_x509_crt_deinit(cert);
1441
0
    return ret;
1442
0
  }
1443
1444
0
  if (cbtype == GNUTLS_CB_TLS_EXPORTER) {
1445
0
#define RFC5705_LABEL_DATA "EXPORTER-Channel-Binding"
1446
0
#define RFC5705_LABEL_LEN 24
1447
0
#define EXPORTER_CTX_DATA ""
1448
0
#define EXPORTER_CTX_LEN 0
1449
1450
0
    const version_entry_st *ver = get_version(session);
1451
0
    if (unlikely(ver == NULL)) {
1452
0
      return GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE;
1453
0
    }
1454
1455
    /* "tls-exporter" channel binding is defined only when
1456
     * the TLS handshake results in unique master secrets,
1457
     * i.e., either TLS 1.3, or TLS 1.2 with extended
1458
     * master secret negotiated.
1459
     */
1460
0
    if (!ver->tls13_sem &&
1461
0
        gnutls_session_ext_master_secret_status(session) == 0) {
1462
0
      return GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE;
1463
0
    }
1464
1465
0
    cb->size = 32;
1466
0
    cb->data = gnutls_malloc(cb->size);
1467
0
    if (cb->data == NULL)
1468
0
      return GNUTLS_E_MEMORY_ERROR;
1469
1470
0
    return gnutls_prf_rfc5705(session, RFC5705_LABEL_LEN,
1471
0
            RFC5705_LABEL_DATA, EXPORTER_CTX_LEN,
1472
0
            EXPORTER_CTX_DATA, cb->size,
1473
0
            (char *)cb->data);
1474
0
  }
1475
1476
0
  return GNUTLS_E_UNIMPLEMENTED_FEATURE;
1477
0
}
1478
1479
/**
1480
 * gnutls_ecc_curve_get:
1481
 * @session: is a #gnutls_session_t type.
1482
 *
1483
 * Returns the currently used elliptic curve for key exchange. Only valid
1484
 * when using an elliptic curve ciphersuite.
1485
 *
1486
 * Returns: the currently used curve, a #gnutls_ecc_curve_t
1487
 *   type.
1488
 *
1489
 * Since: 3.0
1490
 **/
1491
gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session)
1492
0
{
1493
0
  const gnutls_group_entry_st *e;
1494
1495
0
  e = get_group(session);
1496
0
  if (e == NULL || e->curve == 0)
1497
0
    return 0;
1498
0
  return e->curve;
1499
0
}
1500
1501
/**
1502
 * gnutls_group_get:
1503
 * @session: is a #gnutls_session_t type.
1504
 *
1505
 * Returns the currently used group for key exchange. Only valid
1506
 * when using an elliptic curve or DH ciphersuite.
1507
 *
1508
 * Returns: the currently used group, a #gnutls_group_t
1509
 *   type.
1510
 *
1511
 * Since: 3.6.0
1512
 **/
1513
gnutls_group_t gnutls_group_get(gnutls_session_t session)
1514
0
{
1515
0
  const gnutls_group_entry_st *e;
1516
1517
0
  e = get_group(session);
1518
0
  if (e == NULL)
1519
0
    return 0;
1520
0
  return e->id;
1521
0
}
1522
1523
/**
1524
 * gnutls_protocol_get_version:
1525
 * @session: is a #gnutls_session_t type.
1526
 *
1527
 * Get TLS version, a #gnutls_protocol_t value.
1528
 *
1529
 * Returns: The version of the currently used protocol.
1530
 **/
1531
gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session)
1532
0
{
1533
0
  return get_num_version(session);
1534
0
}
1535
1536
/**
1537
 * gnutls_session_get_random:
1538
 * @session: is a #gnutls_session_t type.
1539
 * @client: the client part of the random
1540
 * @server: the server part of the random
1541
 *
1542
 * This function returns pointers to the client and server
1543
 * random fields used in the TLS handshake. The pointers are
1544
 * not to be modified or deallocated.
1545
 *
1546
 * If a client random value has not yet been established, the output
1547
 * will be garbage.
1548
 *
1549
 * Since: 3.0
1550
 **/
1551
void gnutls_session_get_random(gnutls_session_t session, gnutls_datum_t *client,
1552
             gnutls_datum_t *server)
1553
0
{
1554
0
  if (client) {
1555
0
    client->data = session->security_parameters.client_random;
1556
0
    client->size =
1557
0
      sizeof(session->security_parameters.client_random);
1558
0
  }
1559
1560
0
  if (server) {
1561
0
    server->data = session->security_parameters.server_random;
1562
0
    server->size =
1563
0
      sizeof(session->security_parameters.server_random);
1564
0
  }
1565
0
}
1566
1567
/**
1568
 * gnutls_session_get_master_secret:
1569
 * @session: is a #gnutls_session_t type.
1570
 * @secret: the session's master secret
1571
 *
1572
 * This function returns pointers to the master secret
1573
 * used in the TLS session. The pointers are not to be modified or deallocated.
1574
 *
1575
 * This function is only applicable under TLS 1.2 or earlier versions.
1576
 *
1577
 * Since: 3.5.0
1578
 **/
1579
void gnutls_session_get_master_secret(gnutls_session_t session,
1580
              gnutls_datum_t *secret)
1581
0
{
1582
0
  secret->data = session->security_parameters.master_secret;
1583
0
  secret->size = sizeof(session->security_parameters.master_secret);
1584
0
}
1585
1586
unsigned int timespec_sub_ms(struct timespec *a, struct timespec *b)
1587
0
{
1588
0
  time_t dsecs;
1589
1590
0
  dsecs = a->tv_sec - b->tv_sec;
1591
0
  if (!INT_MULTIPLY_OVERFLOW(dsecs, 1000)) {
1592
0
    return (dsecs * 1000 +
1593
0
      (a->tv_nsec - b->tv_nsec) / (1000 * 1000));
1594
0
  } else {
1595
0
    return UINT_MAX;
1596
0
  }
1597
0
}
1598
1599
/**
1600
 * gnutls_handshake_set_random:
1601
 * @session: is a #gnutls_session_t type.
1602
 * @random: a random value of 32-bytes
1603
 *
1604
 * This function will explicitly set the server or client hello 
1605
 * random value in the subsequent TLS handshake. The random value 
1606
 * should be a 32-byte value.
1607
 *
1608
 * Note that this function should not normally be used as gnutls
1609
 * will select automatically a random value for the handshake.
1610
 *
1611
 * This function should not be used when resuming a session.
1612
 *
1613
 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1614
 *
1615
 * Since 3.1.9
1616
 **/
1617
int gnutls_handshake_set_random(gnutls_session_t session,
1618
        const gnutls_datum_t *random)
1619
0
{
1620
0
  if (random->size != GNUTLS_RANDOM_SIZE)
1621
0
    return GNUTLS_E_INVALID_REQUEST;
1622
1623
0
  session->internals.sc_random_set = 1;
1624
0
  if (session->security_parameters.entity == GNUTLS_CLIENT)
1625
0
    memcpy(session->internals.resumed_security_parameters
1626
0
             .client_random,
1627
0
           random->data, random->size);
1628
0
  else
1629
0
    memcpy(session->internals.resumed_security_parameters
1630
0
             .server_random,
1631
0
           random->data, random->size);
1632
1633
0
  return 0;
1634
0
}
1635
1636
/**
1637
 * gnutls_handshake_set_hook_function:
1638
 * @session: is a #gnutls_session_t type
1639
 * @htype: the %gnutls_handshake_description_t of the message to hook at
1640
 * @when: %GNUTLS_HOOK_* depending on when the hook function should be called
1641
 * @func: is the function to be called
1642
 *
1643
 * This function will set a callback to be called after or before the specified
1644
 * handshake message has been received or generated. This is a
1645
 * generalization of gnutls_handshake_set_post_client_hello_function().
1646
 *
1647
 * To call the hook function prior to the message being generated or processed
1648
 * use %GNUTLS_HOOK_PRE as @when parameter, %GNUTLS_HOOK_POST to call
1649
 * after, and %GNUTLS_HOOK_BOTH for both cases.
1650
 *
1651
 * This callback must return 0 on success or a gnutls error code to
1652
 * terminate the handshake.
1653
 *
1654
 * To hook at all handshake messages use an @htype of %GNUTLS_HANDSHAKE_ANY.
1655
 *
1656
 * Warning: You should not use this function to terminate the
1657
 * handshake based on client input unless you know what you are
1658
 * doing. Before the handshake is finished there is no way to know if
1659
 * there is a man-in-the-middle attack being performed.
1660
 **/
1661
void gnutls_handshake_set_hook_function(gnutls_session_t session,
1662
          unsigned int htype, int when,
1663
          gnutls_handshake_hook_func func)
1664
0
{
1665
0
  session->internals.h_hook = func;
1666
0
  session->internals.h_type = htype;
1667
0
  session->internals.h_post = when;
1668
0
}
1669
1670
/**
1671
 * gnutls_handshake_set_read_function:
1672
 * @session: is #gnutls_session_t type
1673
 * @func: is the function to be called
1674
 *
1675
 * This function will set a callback to be called when a handshake
1676
 * message is being sent.
1677
 *
1678
 * Since: 3.7.0
1679
 */
1680
void gnutls_handshake_set_read_function(gnutls_session_t session,
1681
          gnutls_handshake_read_func func)
1682
0
{
1683
0
  session->internals.h_read_func = func;
1684
0
}
1685
1686
/**
1687
 * gnutls_alert_set_read_function:
1688
 * @session: is #gnutls_session_t type
1689
 * @func: is the function to be called
1690
 *
1691
 * This function will set a callback to be called when an alert
1692
 * message is being sent.
1693
 *
1694
 * Since: 3.7.0
1695
 */
1696
void gnutls_alert_set_read_function(gnutls_session_t session,
1697
            gnutls_alert_read_func func)
1698
0
{
1699
0
  session->internals.alert_read_func = func;
1700
0
}
1701
1702
/**
1703
 * gnutls_record_get_state:
1704
 * @session: is a #gnutls_session_t type
1705
 * @read: if non-zero the read parameters are returned, otherwise the write
1706
 * @mac_key: the key used for MAC (if a MAC is used)
1707
 * @IV: the initialization vector or nonce used
1708
 * @cipher_key: the cipher key
1709
 * @seq_number: A 64-bit sequence number
1710
 *
1711
 * This function will return the parameters of the current record state.
1712
 * These are only useful to be provided to an external off-loading device
1713
 * or subsystem. The returned values should be considered constant
1714
 * and valid for the lifetime of the session.
1715
 *
1716
 * In that case, to sync the state back you must call gnutls_record_set_state().
1717
 *
1718
 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1719
 *
1720
 * Since 3.4.0
1721
 **/
1722
int gnutls_record_get_state(gnutls_session_t session, unsigned read,
1723
          gnutls_datum_t *mac_key, gnutls_datum_t *IV,
1724
          gnutls_datum_t *cipher_key,
1725
          unsigned char seq_number[8])
1726
0
{
1727
0
  record_parameters_st *record_params;
1728
0
  record_state_st *record_state;
1729
0
  unsigned int epoch;
1730
0
  int ret;
1731
1732
0
  if (read)
1733
0
    epoch = EPOCH_READ_CURRENT;
1734
0
  else
1735
0
    epoch = EPOCH_WRITE_CURRENT;
1736
1737
0
  ret = _gnutls_epoch_get(session, epoch, &record_params);
1738
0
  if (ret < 0)
1739
0
    return gnutls_assert_val(ret);
1740
1741
0
  if (!record_params->initialized)
1742
0
    return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
1743
1744
0
  if (read)
1745
0
    record_state = &record_params->read;
1746
0
  else
1747
0
    record_state = &record_params->write;
1748
1749
0
  if (mac_key) {
1750
0
    mac_key->data = record_state->mac_key;
1751
0
    mac_key->size = record_state->mac_key_size;
1752
0
  }
1753
1754
0
  if (IV) {
1755
0
    IV->data = record_state->iv;
1756
0
    IV->size = record_state->iv_size;
1757
0
  }
1758
1759
0
  if (cipher_key) {
1760
0
    cipher_key->data = record_state->key;
1761
0
    cipher_key->size = record_state->key_size;
1762
0
  }
1763
1764
0
  if (seq_number)
1765
0
    _gnutls_write_uint64(record_state->sequence_number, seq_number);
1766
0
  return 0;
1767
0
}
1768
1769
/**
1770
 * gnutls_record_set_state:
1771
 * @session: is a #gnutls_session_t type
1772
 * @read: if non-zero the read parameters are returned, otherwise the write
1773
 * @seq_number: A 64-bit sequence number
1774
 *
1775
 * This function will set the sequence number in the current record state.
1776
 * This function is useful if sending and receiving are offloaded from
1777
 * gnutls. That is, if gnutls_record_get_state() was used.
1778
 *
1779
 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1780
 *
1781
 * Since 3.4.0
1782
 **/
1783
int gnutls_record_set_state(gnutls_session_t session, unsigned read,
1784
          const unsigned char seq_number[8])
1785
0
{
1786
0
  record_parameters_st *record_params;
1787
0
  record_state_st *record_state;
1788
0
  int epoch, ret;
1789
1790
0
  if (read)
1791
0
    epoch = EPOCH_READ_CURRENT;
1792
0
  else
1793
0
    epoch = EPOCH_WRITE_CURRENT;
1794
1795
0
  ret = _gnutls_epoch_get(session, epoch, &record_params);
1796
0
  if (ret < 0)
1797
0
    return gnutls_assert_val(ret);
1798
1799
0
  if (!record_params->initialized)
1800
0
    return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
1801
1802
0
  if (read)
1803
0
    record_state = &record_params->read;
1804
0
  else
1805
0
    record_state = &record_params->write;
1806
1807
0
  record_state->sequence_number = _gnutls_read_uint64(seq_number);
1808
1809
0
  if (IS_DTLS(session)) {
1810
0
    _dtls_reset_window(record_params);
1811
0
  }
1812
1813
0
  return 0;
1814
0
}
1815
1816
/**
1817
 * gnutls_session_get_flags:
1818
 * @session: is a #gnutls_session_t type.
1819
 *
1820
 * This function will return a series (ORed) of flags, applicable
1821
 * for the current session.
1822
 *
1823
 * This replaces individual informational functions such as
1824
 * gnutls_safe_renegotiation_status(), gnutls_session_ext_master_secret_status(),
1825
 * etc.
1826
 *
1827
 * Returns: An ORed sequence of flags (see %gnutls_session_flags_t)
1828
 *
1829
 * Since: 3.5.0
1830
 **/
1831
unsigned gnutls_session_get_flags(gnutls_session_t session)
1832
0
{
1833
0
  unsigned flags = 0;
1834
1835
0
  if (gnutls_safe_renegotiation_status(session))
1836
0
    flags |= GNUTLS_SFLAGS_SAFE_RENEGOTIATION;
1837
0
  if (gnutls_session_ext_master_secret_status(session))
1838
0
    flags |= GNUTLS_SFLAGS_EXT_MASTER_SECRET;
1839
0
  if (gnutls_session_etm_status(session))
1840
0
    flags |= GNUTLS_SFLAGS_ETM;
1841
0
  if (gnutls_heartbeat_allowed(session, GNUTLS_HB_LOCAL_ALLOWED_TO_SEND))
1842
0
    flags |= GNUTLS_SFLAGS_HB_LOCAL_SEND;
1843
0
  if (gnutls_heartbeat_allowed(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND))
1844
0
    flags |= GNUTLS_SFLAGS_HB_PEER_SEND;
1845
0
  if (session->internals.hsk_flags & HSK_FALSE_START_USED)
1846
0
    flags |= GNUTLS_SFLAGS_FALSE_START;
1847
0
  if ((session->internals.hsk_flags & HSK_EARLY_START_USED) &&
1848
0
      (session->internals.flags & GNUTLS_ENABLE_EARLY_START))
1849
0
    flags |= GNUTLS_SFLAGS_EARLY_START;
1850
0
  if (session->internals.hsk_flags & HSK_USED_FFDHE)
1851
0
    flags |= GNUTLS_SFLAGS_RFC7919;
1852
0
  if (session->internals.hsk_flags & HSK_TICKET_RECEIVED)
1853
0
    flags |= GNUTLS_SFLAGS_SESSION_TICKET;
1854
0
  if (session->security_parameters.post_handshake_auth)
1855
0
    flags |= GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH;
1856
0
  if (session->internals.hsk_flags & HSK_EARLY_DATA_ACCEPTED)
1857
0
    flags |= GNUTLS_SFLAGS_EARLY_DATA;
1858
0
  if (session->internals.hsk_flags & HSK_OCSP_REQUESTED)
1859
0
    flags |= GNUTLS_SFLAGS_CLI_REQUESTED_OCSP;
1860
0
  if (session->internals.hsk_flags & HSK_CLIENT_OCSP_REQUESTED)
1861
0
    flags |= GNUTLS_SFLAGS_SERV_REQUESTED_OCSP;
1862
1863
0
  return flags;
1864
0
}