/**
* gnutls_deinit:
* @session: is a #gnutls_session_t structure.
*
* This function clears all buffers associated with the @session.
* This function will also remove session data from the session
* database if the session was terminated abnormally.
**/
void
gnutls_deinit (gnutls_session_t session)
{
unsigned int i;
if (session == NULL)
return;
_gnutls_rnd_refresh();
/* remove auth info firstly */
_gnutls_free_auth_info (session);
_gnutls_handshake_internal_state_clear (session);
_gnutls_handshake_io_buffer_clear (session);
_gnutls_ext_free_session_data (session);
for (i = 0; i < MAX_EPOCH_INDEX; i++)
if (session->record_parameters[i] != NULL)
{
_gnutls_epoch_free (session, session->record_parameters[i]);
session->record_parameters[i] = NULL;
}
_gnutls_buffer_clear (&session->internals.handshake_hash_buffer);
_gnutls_buffer_clear (&session->internals.hb_remote_data);
_gnutls_buffer_clear (&session->internals.hb_local_data);
_gnutls_buffer_clear (&session->internals.record_presend_buffer);
_mbuffer_head_clear (&session->internals.record_buffer);
_mbuffer_head_clear (&session->internals.record_recv_buffer);
_mbuffer_head_clear (&session->internals.record_send_buffer);
gnutls_credentials_clear (session);
_gnutls_selected_certs_deinit (session);
gnutls_pk_params_release(&session->key.ecdh_params);
_gnutls_mpi_release (&session->key.ecdh_x);
_gnutls_mpi_release (&session->key.ecdh_y);
_gnutls_mpi_release (&session->key.KEY);
_gnutls_mpi_release (&session->key.client_Y);
_gnutls_mpi_release (&session->key.client_p);
_gnutls_mpi_release (&session->key.client_g);
_gnutls_mpi_release (&session->key.u);
_gnutls_mpi_release (&session->key.a);
_gnutls_mpi_release (&session->key.x);
_gnutls_mpi_release (&session->key.A);
_gnutls_mpi_release (&session->key.B);
_gnutls_mpi_release (&session->key.b);
/* RSA */
_gnutls_mpi_release (&session->key.rsa[0]);
_gnutls_mpi_release (&session->key.rsa[1]);
_gnutls_mpi_release (&session->key.dh_secret);
gnutls_free (session);
}
/* This function will set the auth info structure in the key
* structure.
* If allow change is !=0 then this will allow changing the auth
* info structure to a different type.
*/
int
_gnutls_auth_info_set (gnutls_session_t session,
gnutls_credentials_type_t type, int size,
int allow_change)
{
if (session->key->auth_info == NULL)
{
session->key->auth_info = gnutls_calloc (1, size);
if (session->key->auth_info == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
session->key->auth_info_type = type;
session->key->auth_info_size = size;
}
else
{
if (allow_change == 0)
{
/* If the credentials for the current authentication scheme,
* are not the one we want to set, then it's an error.
* This may happen if a rehandshake is performed an the
* ciphersuite which is negotiated has different authentication
* schema.
*/
if (gnutls_auth_get_type (session) != session->key->auth_info_type)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
}
else
{
/* The new behaviour: Here we reallocate the auth info structure
* in order to be able to negotiate different authentication
* types. Ie. perform an auth_anon and then authenticate again using a
* certificate (in order to prevent revealing the certificate's contents,
* to passive eavesdropers.
*/
if (gnutls_auth_get_type (session) != session->key->auth_info_type)
{
_gnutls_free_auth_info (session);
session->key->auth_info = calloc (1, size);
if (session->key->auth_info == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
session->key->auth_info_type = type;
session->key->auth_info_size = size;
}
}
}
return 0;
}
/**
* gnutls_deinit:
* @session: is a #gnutls_session_t structure.
*
* This function clears all buffers associated with the @session.
* This function will also remove session data from the session
* database if the session was terminated abnormally.
**/
void
gnutls_deinit (gnutls_session_t session)
{
unsigned int i;
if (session == NULL)
return;
/* remove auth info firstly */
_gnutls_free_auth_info (session);
_gnutls_handshake_internal_state_clear (session);
_gnutls_handshake_io_buffer_clear (session);
_gnutls_ext_free_session_data (session);
for (i = 0; i < MAX_EPOCH_INDEX; i++)
if (session->record_parameters[i] != NULL)
{
_gnutls_epoch_free (session, session->record_parameters[i]);
session->record_parameters[i] = NULL;
}
_gnutls_buffer_clear (&session->internals.handshake_hash_buffer);
_mbuffer_head_clear (&session->internals.record_buffer);
_mbuffer_head_clear (&session->internals.record_recv_buffer);
_mbuffer_head_clear (&session->internals.record_send_buffer);
gnutls_credentials_clear (session);
_gnutls_selected_certs_deinit (session);
if (session->key != NULL)
{
_gnutls_mpi_release (&session->key->KEY);
_gnutls_mpi_release (&session->key->client_Y);
_gnutls_mpi_release (&session->key->client_p);
_gnutls_mpi_release (&session->key->client_g);
_gnutls_mpi_release (&session->key->u);
_gnutls_mpi_release (&session->key->a);
_gnutls_mpi_release (&session->key->x);
_gnutls_mpi_release (&session->key->A);
_gnutls_mpi_release (&session->key->B);
_gnutls_mpi_release (&session->key->b);
/* RSA */
_gnutls_mpi_release (&session->key->rsa[0]);
_gnutls_mpi_release (&session->key->rsa[1]);
_gnutls_mpi_release (&session->key->dh_secret);
gnutls_free (session->key);
session->key = NULL;
}
memset (session, 0, sizeof (struct gnutls_session_int));
gnutls_free (session);
}
/**
* gnutls_deinit:
* @session: is a #gnutls_session_t type.
*
* This function clears all buffers associated with the @session.
* This function will also remove session data from the session
* database if the session was terminated abnormally.
**/
void gnutls_deinit(gnutls_session_t session)
{
unsigned int i;
if (session == NULL)
return;
/* remove auth info firstly */
_gnutls_free_auth_info(session);
_gnutls_handshake_internal_state_clear(session);
_gnutls_handshake_io_buffer_clear(session);
_gnutls_ext_free_session_data(session);
for (i = 0; i < MAX_EPOCH_INDEX; i++)
if (session->record_parameters[i] != NULL) {
_gnutls_epoch_free(session,
session->record_parameters[i]);
session->record_parameters[i] = NULL;
}
_gnutls_buffer_clear(&session->internals.handshake_hash_buffer);
_gnutls_buffer_clear(&session->internals.hb_remote_data);
_gnutls_buffer_clear(&session->internals.hb_local_data);
_gnutls_buffer_clear(&session->internals.record_presend_buffer);
_mbuffer_head_clear(&session->internals.record_buffer);
_mbuffer_head_clear(&session->internals.record_recv_buffer);
_mbuffer_head_clear(&session->internals.record_send_buffer);
_gnutls_free_datum(&session->internals.resumption_data);
gnutls_free(session->internals.rexts);
gnutls_free(session->internals.rsup);
gnutls_credentials_clear(session);
_gnutls_selected_certs_deinit(session);
gnutls_free(session);
}
/**
* gnutls_deinit - clear all buffers associated with a session
* @session: is a #gnutls_session_t structure.
*
* This function clears all buffers associated with the @session.
* This function will also remove session data from the session
* database if the session was terminated abnormally.
**/
void
gnutls_deinit (gnutls_session_t session)
{
if (session == NULL)
return;
/* remove auth info firstly */
_gnutls_free_auth_info (session);
_gnutls_handshake_internal_state_clear (session);
_gnutls_handshake_io_buffer_clear (session);
_gnutls_free_datum (&session->connection_state.read_mac_secret);
_gnutls_free_datum (&session->connection_state.write_mac_secret);
_gnutls_buffer_clear (&session->internals.ia_data_buffer);
_gnutls_buffer_clear (&session->internals.handshake_hash_buffer);
_gnutls_buffer_clear (&session->internals.handshake_data_buffer);
_gnutls_buffer_clear (&session->internals.application_data_buffer);
_gnutls_buffer_clear (&session->internals.record_recv_buffer);
_gnutls_buffer_clear (&session->internals.record_send_buffer);
gnutls_credentials_clear (session);
_gnutls_selected_certs_deinit (session);
_gnutls_cipher_deinit (&session->connection_state.read_cipher_state);
_gnutls_cipher_deinit (&session->connection_state.write_cipher_state);
if (session->connection_state.read_compression_state != NULL)
_gnutls_comp_deinit (session->connection_state.read_compression_state, 1);
if (session->connection_state.write_compression_state != NULL)
_gnutls_comp_deinit (session->connection_state.write_compression_state,
0);
_gnutls_free_datum (&session->cipher_specs.server_write_mac_secret);
_gnutls_free_datum (&session->cipher_specs.client_write_mac_secret);
_gnutls_free_datum (&session->cipher_specs.server_write_IV);
_gnutls_free_datum (&session->cipher_specs.client_write_IV);
_gnutls_free_datum (&session->cipher_specs.server_write_key);
_gnutls_free_datum (&session->cipher_specs.client_write_key);
if (session->key != NULL)
{
_gnutls_mpi_release (&session->key->KEY);
_gnutls_mpi_release (&session->key->client_Y);
_gnutls_mpi_release (&session->key->client_p);
_gnutls_mpi_release (&session->key->client_g);
_gnutls_mpi_release (&session->key->u);
_gnutls_mpi_release (&session->key->a);
_gnutls_mpi_release (&session->key->x);
_gnutls_mpi_release (&session->key->A);
_gnutls_mpi_release (&session->key->B);
_gnutls_mpi_release (&session->key->b);
/* RSA */
_gnutls_mpi_release (&session->key->rsa[0]);
_gnutls_mpi_release (&session->key->rsa[1]);
_gnutls_mpi_release (&session->key->dh_secret);
gnutls_free (session->key);
session->key = NULL;
}
gnutls_free (session->internals.srp_username);
if (session->internals.srp_password)
{
memset (session->internals.srp_password, 0,
strlen (session->internals.srp_password));
gnutls_free (session->internals.srp_password);
}
memset (session, 0, sizeof (struct gnutls_session_int));
gnutls_free (session);
}
/* Load session data from a buffer.
*/
int
_gnutls_session_unpack (gnutls_session_t session,
const gnutls_datum_t * packed_session)
{
int ret;
gnutls_buffer_st sb;
opaque id;
_gnutls_buffer_init (&sb);
if (packed_session == NULL || packed_session->size == 0)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
ret =
_gnutls_buffer_append_data (&sb, packed_session->data,
packed_session->size);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
if (_gnutls_get_auth_info (session) != NULL)
{
_gnutls_free_auth_info (session);
}
BUFFER_POP (&sb, &id, 1);
switch (id)
{
#ifdef ENABLE_SRP
case GNUTLS_CRD_SRP:
ret = unpack_srp_auth_info (session, &sb);
if (ret < 0)
{
gnutls_assert ();
goto error;
}
break;
#endif
#ifdef ENABLE_PSK
case GNUTLS_CRD_PSK:
ret = unpack_psk_auth_info (session, &sb);
if (ret < 0)
{
gnutls_assert ();
goto error;
}
break;
#endif
#ifdef ENABLE_ANON
case GNUTLS_CRD_ANON:
ret = unpack_anon_auth_info (session, &sb);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
break;
#endif
case GNUTLS_CRD_CERTIFICATE:
ret = unpack_certificate_auth_info (session, &sb);
if (ret < 0)
{
gnutls_assert ();
goto error;
}
break;
default:
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
goto error;
}
/* Auth_info structures copied. Now copy security_parameters_st.
* packed_session must have allocated space for the security parameters.
*/
ret = unpack_security_parameters (session, &sb);
if (ret < 0)
{
gnutls_assert ();
goto error;
}
ret = _gnutls_ext_unpack (session, &sb);
if (ret < 0)
{
gnutls_assert ();
goto error;
}
ret = 0;
error:
_gnutls_buffer_clear (&sb);
return ret;
}
/* Load session data from a buffer.
*/
int
_gnutls_session_unpack (gnutls_session_t session,
const gnutls_datum_t * packed_session)
{
int ret;
if (packed_session == NULL || packed_session->size == 0)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
if (session->key->auth_info != NULL)
{
_gnutls_free_auth_info (session);
}
switch (packed_session->data[0])
{
#ifdef ENABLE_SRP
case GNUTLS_CRD_SRP:
ret = unpack_srp_auth_info (session, packed_session);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
break;
#endif
#ifdef ENABLE_PSK
case GNUTLS_CRD_PSK:
ret = unpack_psk_auth_info (session, packed_session);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
break;
#endif
#ifdef ENABLE_ANON
case GNUTLS_CRD_ANON:
ret = unpack_anon_auth_info (session, packed_session);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
break;
#endif
case GNUTLS_CRD_CERTIFICATE:
ret = unpack_certificate_auth_info (session, packed_session);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
break;
default:
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
/* Auth_info structures copied. Now copy security_parameters_st.
* packed_session must have allocated space for the security parameters.
*/
ret = unpack_security_parameters (session, packed_session);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
return 0;
}
