aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-06-07 23:09:22 +0000
committerlloyd <[email protected]>2012-06-07 23:09:22 +0000
commit8a7eb1f73c503b289a6f4bc56f5ebef806c9d4e6 (patch)
tree47fa8d62d571dfc41f9a84ca4b6f715a49525a2f
parentd83acdebff0200dc20170eea5844d151785a72b5 (diff)
Report what we have already received on an unexpected state
transition. That will come in handy someday. Allow the server to skip sending a session ticket. GnuTLS seems prone to offering it even if it doesn't have a key handy. Fix vector/secure_vector conversions in the SQLite session manager.
-rw-r--r--src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp10
-rw-r--r--src/tls/tls_client.cpp5
-rw-r--r--src/tls/tls_handshake_state.cpp5
3 files changed, 11 insertions, 9 deletions
diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp
index b6aaa3498..24efa74f3 100644
--- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp
+++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp
@@ -137,10 +137,10 @@ SymmetricKey derive_key(const std::string& passphrase,
{
std::unique_ptr<PBKDF> pbkdf(get_pbkdf("PBKDF2(SHA-512)"));
- std::vector<byte> x = pbkdf->derive_key(32 + 3,
- passphrase,
- salt, salt_len,
- iterations).bits_of();
+ secure_vector<byte> x = pbkdf->derive_key(32 + 3,
+ passphrase,
+ salt, salt_len,
+ iterations).bits_of();
check_val = make_u32bit(0, x[0], x[1], x[2]);
return SymmetricKey(&x[3], x.size() - 3);
@@ -217,7 +217,7 @@ Session_Manager_SQLite::Session_Manager_SQLite(const std::string& passphrase,
// new database case
- std::vector<byte> salt = rng.random_vec(16);
+ std::vector<byte> salt = unlock(rng.random_vec(16));
const size_t iterations = 64 * 1024;
size_t check_val = 0;
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index 1ca256f3e..ba7738e5c 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -237,10 +237,11 @@ void Client::process_handshake_msg(Handshake_Type type,
state->resume_master_secret,
true);
+ // The server is not strictly required to send us a new ticket
if(state->server_hello->supports_session_ticket())
state->set_expected_next(NEW_SESSION_TICKET);
- else
- state->set_expected_next(HANDSHAKE_CCS);
+
+ state->set_expected_next(HANDSHAKE_CCS);
}
else
{
diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp
index 90de7c3f9..7f289c205 100644
--- a/src/tls/tls_handshake_state.cpp
+++ b/src/tls/tls_handshake_state.cpp
@@ -124,8 +124,9 @@ void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg)
if(!ok)
throw Unexpected_Message("Unexpected state transition in handshake, got " +
- std::to_string(handshake_msg) + " mask is " +
- std::to_string(hand_expecting_mask));
+ std::to_string(handshake_msg) +
+ " expected " + std::to_string(hand_expecting_mask) +
+ " recveived " + std::to_string(hand_received_mask));
/* We don't know what to expect next, so force a call to
set_expected_next; if it doesn't happen, the next transition