#include <gnutls_mbuffers.h>
#include <gnutls_extensions.h>
#include <gnutls_constate.h>
+#include <gnutls_dtls.h>
#ifdef ENABLE_SESSION_TICKETS
time_t timestamp = gnutls_time(0);
int ret;
- /* Decrypt encrypted_state using 128-bit AES in CBC mode. */
+ /* Decrypt encrypted_state using 128-bit AES in GCM mode. */
key.data = (void *) &priv->key[KEY_POS];
key.size = KEY_SIZE;
IV.data = ticket->IV;
}
_gnutls_cipher_tag(&cipher_hd, final, TAG_SIZE);
- if (memcmp(ticket->tag, final, TAG_SIZE) != 0) {
+ if (gnutls_memcmp(ticket->tag, final, TAG_SIZE) != 0) {
gnutls_assert();
ret = GNUTLS_E_DECRYPTION_FAILED;
goto cleanup;
if (ret < 0) {
return 0;
}
- priv = epriv.ptr;
+ priv = epriv;
if (!priv->session_ticket_enable)
return 0;
if (session->security_parameters.entity == GNUTLS_SERVER) {
struct ticket_st ticket;
const uint8_t *encrypted_state;
- int ret;
/* The client requested a new session ticket. */
if (data_size == 0) {
GNUTLS_EXTENSION_SESSION_TICKET,
&epriv);
if (ret >= 0)
- priv = epriv.ptr;
+ priv = epriv;
if (priv == NULL || !priv->session_ticket_enable)
return 0;
GNUTLS_EXTENSION_SESSION_TICKET,
&epriv);
if (ret >= 0)
- priv = epriv.ptr;
+ priv = epriv;
/* no previous data. Just advertize it */
if (ret < 0)
static void session_ticket_deinit_data(extension_priv_data_t epriv)
{
- session_ticket_ext_st *priv = epriv.ptr;
+ session_ticket_ext_st *priv = epriv;
gnutls_free(priv->session_ticket);
gnutls_free(priv);
static int
session_ticket_pack(extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
- session_ticket_ext_st *priv = epriv.ptr;
+ session_ticket_ext_st *priv = epriv;
int ret;
BUFFER_APPEND_PFX4(ps, priv->session_ticket,
priv->session_ticket_len = ticket.size;
BUFFER_POP_NUM(ps, priv->session_ticket_enable);
- epriv.ptr = priv;
+ epriv = priv;
*_priv = epriv;
return 0;
/**
* gnutls_session_ticket_enable_client:
- * @session: is a #gnutls_session_t structure.
+ * @session: is a #gnutls_session_t type.
*
* Request that the client should attempt session resumption using
* SessionTicket.
return GNUTLS_E_MEMORY_ERROR;
}
priv->session_ticket_enable = 1;
- epriv.ptr = priv;
+ epriv = priv;
_gnutls_ext_set_session_data(session,
GNUTLS_EXTENSION_SESSION_TICKET,
/**
* gnutls_session_ticket_enable_server:
- * @session: is a #gnutls_session_t structure.
+ * @session: is a #gnutls_session_t type.
* @key: key to encrypt session parameters.
*
* Request that the server should attempt session resumption using
* SessionTicket. @key must be initialized with
- * gnutls_session_ticket_key_generate().
+ * gnutls_session_ticket_key_generate(), and should be overwritten
+ * using gnutls_memset() before being released.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
* error code.
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
- epriv.ptr = priv;
+ epriv = priv;
memcpy(&priv->key, key->data, key->size);
priv->session_ticket_enable = 1;
&epriv);
if (ret < 0)
return 0;
- priv = epriv.ptr;
+ priv = epriv;
if (!priv->session_ticket_renew)
return 0;
gnutls_assert();
return 0;
}
- priv = epriv.ptr;
+ priv = epriv;
if (!priv->session_ticket_renew)
return 0;
+ /* This is the last flight and peer cannot be sure
+ * we have received it unless we notify him. So we
+ * wait for a message and retransmit if needed. */
+ if (IS_DTLS(session) && !_dtls_is_async(session) &&
+ (gnutls_record_check_pending(session) +
+ record_check_unprocessed(session)) == 0) {
+ ret = _dtls_wait_and_retransmit(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
ret = _gnutls_recv_handshake(session,
GNUTLS_HANDSHAKE_NEW_SESSION_TICKET,
0, &buf);