/* The size of a handshake message should not
* be larger than this value.
*/
-#define MAX_HANDSHAKE_PACKET_SIZE 48*1024
+#define MAX_HANDSHAKE_PACKET_SIZE 128*1024
#define TLS_MAX_SESSION_ID_SIZE 32
#define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
#define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
+#define GNUTLS_KX_INVALID (-1)
+
typedef struct {
uint8_t pint[3];
} uint24;
typedef struct mac_entry_st {
const char *name;
const char *oid; /* OID of the hash - if it is a hash */
+ const char *mac_oid; /* OID of the MAC algorithm - if it is a MAC */
gnutls_mac_algorithm_t id;
unsigned output_size;
unsigned key_size;
typedef struct {
const char *name;
gnutls_protocol_t id; /* gnutls internal version number */
+ unsigned age; /* internal ordering by protocol age */
uint8_t major; /* defined by the protocol */
uint8_t minor; /* defined by the protocol */
transport_t transport; /* Type of transport, stream or datagram */
bool extensions; /* whether it supports extensions */
bool selectable_sighash; /* whether signatures can be selected */
bool selectable_prf; /* whether the PRF is ciphersuite-defined */
+ bool obsolete; /* Do not use this protocol version as record version */
} version_entry_st;
unsigned int max_empty_records;
unsigned int dumbfw;
safe_renegotiation_t sr;
- bool ssl3_record_version;
+ bool min_record_version;
bool server_precedence;
bool allow_wrong_pms;
/* Whether stateless compression will be used */
struct gnutls_privkey_st *selected_key;
bool selected_need_free;
- /* holds the extensions we sent to the peer
- * (in case of a client)
+ /* In case of a client holds the extensions we sent to the peer;
+ * otherwise the extensions we received from the client.
*/
uint16_t extensions_sent[MAX_EXT_TYPES];
uint16_t extensions_sent_size;
/* DTLS session state */
dtls_st dtls;
+ /* Protect from infinite loops due to GNUTLS_E_LARGE_PACKET non-handling
+ * or due to multiple alerts being received. */
+ unsigned handshake_suspicious_loops;
+ /* should be non-zero when a handshake is in progress */
+ bool handshake_in_progress;
/* if set it means that the master key was set using
* gnutls_session_set_master() rather than being negotiated. */
max = gnutls_dtls_get_data_mtu(session);
else {
max = session->security_parameters.max_record_send_size;
- /* DTLS data MTU accounts for those */
-
- if (_gnutls_cipher_is_block(record_params->cipher))
- max -=
- _gnutls_cipher_get_block_size(record_params->
- cipher);
}
return max;