/** * gnutls_deinit: * @session: is a #gnutls_session_t structure. * * This function clears all buffers associated with the @session. * This function will also remove session data from the session * database if the session was terminated abnormally. **/ void gnutls_deinit (gnutls_session_t session) { unsigned int i; if (session == NULL) return; _gnutls_rnd_refresh(); /* remove auth info firstly */ _gnutls_free_auth_info (session); _gnutls_handshake_internal_state_clear (session); _gnutls_handshake_io_buffer_clear (session); _gnutls_ext_free_session_data (session); for (i = 0; i < MAX_EPOCH_INDEX; i++) if (session->record_parameters[i] != NULL) { _gnutls_epoch_free (session, session->record_parameters[i]); session->record_parameters[i] = NULL; } _gnutls_buffer_clear (&session->internals.handshake_hash_buffer); _gnutls_buffer_clear (&session->internals.hb_remote_data); _gnutls_buffer_clear (&session->internals.hb_local_data); _gnutls_buffer_clear (&session->internals.record_presend_buffer); _mbuffer_head_clear (&session->internals.record_buffer); _mbuffer_head_clear (&session->internals.record_recv_buffer); _mbuffer_head_clear (&session->internals.record_send_buffer); gnutls_credentials_clear (session); _gnutls_selected_certs_deinit (session); gnutls_pk_params_release(&session->key.ecdh_params); _gnutls_mpi_release (&session->key.ecdh_x); _gnutls_mpi_release (&session->key.ecdh_y); _gnutls_mpi_release (&session->key.KEY); _gnutls_mpi_release (&session->key.client_Y); _gnutls_mpi_release (&session->key.client_p); _gnutls_mpi_release (&session->key.client_g); _gnutls_mpi_release (&session->key.u); _gnutls_mpi_release (&session->key.a); _gnutls_mpi_release (&session->key.x); _gnutls_mpi_release (&session->key.A); _gnutls_mpi_release (&session->key.B); _gnutls_mpi_release (&session->key.b); /* RSA */ _gnutls_mpi_release (&session->key.rsa[0]); _gnutls_mpi_release (&session->key.rsa[1]); _gnutls_mpi_release (&session->key.dh_secret); gnutls_free (session); }
/* This function will set the auth info structure in the key * structure. * If allow change is !=0 then this will allow changing the auth * info structure to a different type. */ int _gnutls_auth_info_set (gnutls_session_t session, gnutls_credentials_type_t type, int size, int allow_change) { if (session->key->auth_info == NULL) { session->key->auth_info = gnutls_calloc (1, size); if (session->key->auth_info == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } session->key->auth_info_type = type; session->key->auth_info_size = size; } else { if (allow_change == 0) { /* If the credentials for the current authentication scheme, * are not the one we want to set, then it's an error. * This may happen if a rehandshake is performed an the * ciphersuite which is negotiated has different authentication * schema. */ if (gnutls_auth_get_type (session) != session->key->auth_info_type) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } } else { /* The new behaviour: Here we reallocate the auth info structure * in order to be able to negotiate different authentication * types. Ie. perform an auth_anon and then authenticate again using a * certificate (in order to prevent revealing the certificate's contents, * to passive eavesdropers. */ if (gnutls_auth_get_type (session) != session->key->auth_info_type) { _gnutls_free_auth_info (session); session->key->auth_info = calloc (1, size); if (session->key->auth_info == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } session->key->auth_info_type = type; session->key->auth_info_size = size; } } } return 0; }
/** * gnutls_deinit: * @session: is a #gnutls_session_t structure. * * This function clears all buffers associated with the @session. * This function will also remove session data from the session * database if the session was terminated abnormally. **/ void gnutls_deinit (gnutls_session_t session) { unsigned int i; if (session == NULL) return; /* remove auth info firstly */ _gnutls_free_auth_info (session); _gnutls_handshake_internal_state_clear (session); _gnutls_handshake_io_buffer_clear (session); _gnutls_ext_free_session_data (session); for (i = 0; i < MAX_EPOCH_INDEX; i++) if (session->record_parameters[i] != NULL) { _gnutls_epoch_free (session, session->record_parameters[i]); session->record_parameters[i] = NULL; } _gnutls_buffer_clear (&session->internals.handshake_hash_buffer); _mbuffer_head_clear (&session->internals.record_buffer); _mbuffer_head_clear (&session->internals.record_recv_buffer); _mbuffer_head_clear (&session->internals.record_send_buffer); gnutls_credentials_clear (session); _gnutls_selected_certs_deinit (session); if (session->key != NULL) { _gnutls_mpi_release (&session->key->KEY); _gnutls_mpi_release (&session->key->client_Y); _gnutls_mpi_release (&session->key->client_p); _gnutls_mpi_release (&session->key->client_g); _gnutls_mpi_release (&session->key->u); _gnutls_mpi_release (&session->key->a); _gnutls_mpi_release (&session->key->x); _gnutls_mpi_release (&session->key->A); _gnutls_mpi_release (&session->key->B); _gnutls_mpi_release (&session->key->b); /* RSA */ _gnutls_mpi_release (&session->key->rsa[0]); _gnutls_mpi_release (&session->key->rsa[1]); _gnutls_mpi_release (&session->key->dh_secret); gnutls_free (session->key); session->key = NULL; } memset (session, 0, sizeof (struct gnutls_session_int)); gnutls_free (session); }
/** * gnutls_deinit: * @session: is a #gnutls_session_t type. * * This function clears all buffers associated with the @session. * This function will also remove session data from the session * database if the session was terminated abnormally. **/ void gnutls_deinit(gnutls_session_t session) { unsigned int i; if (session == NULL) return; /* remove auth info firstly */ _gnutls_free_auth_info(session); _gnutls_handshake_internal_state_clear(session); _gnutls_handshake_io_buffer_clear(session); _gnutls_ext_free_session_data(session); for (i = 0; i < MAX_EPOCH_INDEX; i++) if (session->record_parameters[i] != NULL) { _gnutls_epoch_free(session, session->record_parameters[i]); session->record_parameters[i] = NULL; } _gnutls_buffer_clear(&session->internals.handshake_hash_buffer); _gnutls_buffer_clear(&session->internals.hb_remote_data); _gnutls_buffer_clear(&session->internals.hb_local_data); _gnutls_buffer_clear(&session->internals.record_presend_buffer); _mbuffer_head_clear(&session->internals.record_buffer); _mbuffer_head_clear(&session->internals.record_recv_buffer); _mbuffer_head_clear(&session->internals.record_send_buffer); _gnutls_free_datum(&session->internals.resumption_data); gnutls_free(session->internals.rexts); gnutls_free(session->internals.rsup); gnutls_credentials_clear(session); _gnutls_selected_certs_deinit(session); gnutls_free(session); }
/** * gnutls_deinit - clear all buffers associated with a session * @session: is a #gnutls_session_t structure. * * This function clears all buffers associated with the @session. * This function will also remove session data from the session * database if the session was terminated abnormally. **/ void gnutls_deinit (gnutls_session_t session) { if (session == NULL) return; /* remove auth info firstly */ _gnutls_free_auth_info (session); _gnutls_handshake_internal_state_clear (session); _gnutls_handshake_io_buffer_clear (session); _gnutls_free_datum (&session->connection_state.read_mac_secret); _gnutls_free_datum (&session->connection_state.write_mac_secret); _gnutls_buffer_clear (&session->internals.ia_data_buffer); _gnutls_buffer_clear (&session->internals.handshake_hash_buffer); _gnutls_buffer_clear (&session->internals.handshake_data_buffer); _gnutls_buffer_clear (&session->internals.application_data_buffer); _gnutls_buffer_clear (&session->internals.record_recv_buffer); _gnutls_buffer_clear (&session->internals.record_send_buffer); gnutls_credentials_clear (session); _gnutls_selected_certs_deinit (session); _gnutls_cipher_deinit (&session->connection_state.read_cipher_state); _gnutls_cipher_deinit (&session->connection_state.write_cipher_state); if (session->connection_state.read_compression_state != NULL) _gnutls_comp_deinit (session->connection_state.read_compression_state, 1); if (session->connection_state.write_compression_state != NULL) _gnutls_comp_deinit (session->connection_state.write_compression_state, 0); _gnutls_free_datum (&session->cipher_specs.server_write_mac_secret); _gnutls_free_datum (&session->cipher_specs.client_write_mac_secret); _gnutls_free_datum (&session->cipher_specs.server_write_IV); _gnutls_free_datum (&session->cipher_specs.client_write_IV); _gnutls_free_datum (&session->cipher_specs.server_write_key); _gnutls_free_datum (&session->cipher_specs.client_write_key); if (session->key != NULL) { _gnutls_mpi_release (&session->key->KEY); _gnutls_mpi_release (&session->key->client_Y); _gnutls_mpi_release (&session->key->client_p); _gnutls_mpi_release (&session->key->client_g); _gnutls_mpi_release (&session->key->u); _gnutls_mpi_release (&session->key->a); _gnutls_mpi_release (&session->key->x); _gnutls_mpi_release (&session->key->A); _gnutls_mpi_release (&session->key->B); _gnutls_mpi_release (&session->key->b); /* RSA */ _gnutls_mpi_release (&session->key->rsa[0]); _gnutls_mpi_release (&session->key->rsa[1]); _gnutls_mpi_release (&session->key->dh_secret); gnutls_free (session->key); session->key = NULL; } gnutls_free (session->internals.srp_username); if (session->internals.srp_password) { memset (session->internals.srp_password, 0, strlen (session->internals.srp_password)); gnutls_free (session->internals.srp_password); } memset (session, 0, sizeof (struct gnutls_session_int)); gnutls_free (session); }
/* Load session data from a buffer. */ int _gnutls_session_unpack (gnutls_session_t session, const gnutls_datum_t * packed_session) { int ret; gnutls_buffer_st sb; opaque id; _gnutls_buffer_init (&sb); if (packed_session == NULL || packed_session->size == 0) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } ret = _gnutls_buffer_append_data (&sb, packed_session->data, packed_session->size); if (ret < 0) { gnutls_assert (); return ret; } if (_gnutls_get_auth_info (session) != NULL) { _gnutls_free_auth_info (session); } BUFFER_POP (&sb, &id, 1); switch (id) { #ifdef ENABLE_SRP case GNUTLS_CRD_SRP: ret = unpack_srp_auth_info (session, &sb); if (ret < 0) { gnutls_assert (); goto error; } break; #endif #ifdef ENABLE_PSK case GNUTLS_CRD_PSK: ret = unpack_psk_auth_info (session, &sb); if (ret < 0) { gnutls_assert (); goto error; } break; #endif #ifdef ENABLE_ANON case GNUTLS_CRD_ANON: ret = unpack_anon_auth_info (session, &sb); if (ret < 0) { gnutls_assert (); return ret; } break; #endif case GNUTLS_CRD_CERTIFICATE: ret = unpack_certificate_auth_info (session, &sb); if (ret < 0) { gnutls_assert (); goto error; } break; default: gnutls_assert (); ret = GNUTLS_E_INTERNAL_ERROR; goto error; } /* Auth_info structures copied. Now copy security_parameters_st. * packed_session must have allocated space for the security parameters. */ ret = unpack_security_parameters (session, &sb); if (ret < 0) { gnutls_assert (); goto error; } ret = _gnutls_ext_unpack (session, &sb); if (ret < 0) { gnutls_assert (); goto error; } ret = 0; error: _gnutls_buffer_clear (&sb); return ret; }
/* Load session data from a buffer. */ int _gnutls_session_unpack (gnutls_session_t session, const gnutls_datum_t * packed_session) { int ret; if (packed_session == NULL || packed_session->size == 0) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } if (session->key->auth_info != NULL) { _gnutls_free_auth_info (session); } switch (packed_session->data[0]) { #ifdef ENABLE_SRP case GNUTLS_CRD_SRP: ret = unpack_srp_auth_info (session, packed_session); if (ret < 0) { gnutls_assert (); return ret; } break; #endif #ifdef ENABLE_PSK case GNUTLS_CRD_PSK: ret = unpack_psk_auth_info (session, packed_session); if (ret < 0) { gnutls_assert (); return ret; } break; #endif #ifdef ENABLE_ANON case GNUTLS_CRD_ANON: ret = unpack_anon_auth_info (session, packed_session); if (ret < 0) { gnutls_assert (); return ret; } break; #endif case GNUTLS_CRD_CERTIFICATE: ret = unpack_certificate_auth_info (session, packed_session); if (ret < 0) { gnutls_assert (); return ret; } break; default: gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } /* Auth_info structures copied. Now copy security_parameters_st. * packed_session must have allocated space for the security parameters. */ ret = unpack_security_parameters (session, packed_session); if (ret < 0) { gnutls_assert (); return ret; } return 0; }