diff options
| author | lloyd <[email protected]> | 2012-03-05 15:23:58 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-03-05 15:23:58 +0000 |
| commit | 4e427ceb1518e3a0fb978717a4ec0c7d174b68d5 (patch) | |
| tree | 83dc49687f84108fd6576601afc9702672f62107 | |
| parent | 0cb5c24b007ba8cea9eb05f31548b078e2b1dea3 (diff) | |
Add an abstraction for reading handshake messages (as DTLS handles it
quite differently).
Avoid using a queue for reading certificates.
Hide the version code in the handshake state with a getter and setter.
| -rw-r--r-- | src/tls/c_kex.cpp | 4 | ||||
| -rw-r--r-- | src/tls/cert_req.cpp | 35 | ||||
| -rw-r--r-- | src/tls/cert_ver.cpp | 4 | ||||
| -rw-r--r-- | src/tls/finished.cpp | 4 | ||||
| -rw-r--r-- | src/tls/info.txt | 2 | ||||
| -rw-r--r-- | src/tls/tls_channel.cpp | 37 | ||||
| -rw-r--r-- | src/tls/tls_client.cpp | 18 | ||||
| -rw-r--r-- | src/tls/tls_handshake_reader.cpp | 66 | ||||
| -rw-r--r-- | src/tls/tls_handshake_reader.h | 58 | ||||
| -rw-r--r-- | src/tls/tls_handshake_state.cpp | 37 | ||||
| -rw-r--r-- | src/tls/tls_handshake_state.h | 11 | ||||
| -rw-r--r-- | src/tls/tls_messages.h | 8 | ||||
| -rw-r--r-- | src/tls/tls_server.cpp | 18 | ||||
| -rw-r--r-- | src/tls/tls_session_key.cpp | 4 |
14 files changed, 215 insertions, 91 deletions
diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index e0ebfb865..ed571852c 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -201,7 +201,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, MemoryVector<byte> encrypted_key = encryptor.encrypt(pre_master, rng); - if(state->version == Protocol_Version::SSL_V3) + if(state->version() == Protocol_Version::SSL_V3) key_material = encrypted_key; // no length field else append_tls_length_value(key_material, encrypted_key, 2); @@ -245,7 +245,7 @@ Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion<byte>& contents, try { - if(state->version == Protocol_Version::SSL_V3) + if(state->version() == Protocol_Version::SSL_V3) { pre_master = decryptor.decrypt(contents); } diff --git a/src/tls/cert_req.cpp b/src/tls/cert_req.cpp index 063cc5902..df70cc43d 100644 --- a/src/tls/cert_req.cpp +++ b/src/tls/cert_req.cpp @@ -12,7 +12,6 @@ #include <botan/der_enc.h> #include <botan/ber_dec.h> #include <botan/loadstor.h> -#include <botan/secqueue.h> namespace Botan { @@ -174,9 +173,9 @@ MemoryVector<byte> Certificate_Req::serialize() const */ Certificate::Certificate(Record_Writer& writer, Handshake_Hash& hash, - const std::vector<X509_Certificate>& cert_list) + const std::vector<X509_Certificate>& cert_list) : + m_certs(cert_list) { - certs = cert_list; hash.update(writer.send(*this)); } @@ -190,27 +189,25 @@ Certificate::Certificate(const MemoryRegion<byte>& buf) const size_t total_size = make_u32bit(0, buf[0], buf[1], buf[2]); - SecureQueue queue; - queue.write(&buf[3], buf.size() - 3); - - if(queue.size() != total_size) + if(total_size != buf.size() - 3) throw Decoding_Error("Certificate: Message malformed"); - while(queue.size()) + const byte* certs = &buf[3]; + + while(certs != buf.end()) { - if(queue.size() < 3) + if(buf.end() - certs < 3) throw Decoding_Error("Certificate: Message malformed"); - byte len[3]; - queue.read(len, 3); - - const size_t cert_size = make_u32bit(0, len[0], len[1], len[2]); - const size_t original_size = queue.size(); + const size_t cert_size = make_u32bit(0, certs[0], certs[1], certs[2]); - X509_Certificate cert(queue); - if(queue.size() + cert_size != original_size) + if(buf.end() - certs < (3 + cert_size)) throw Decoding_Error("Certificate: Message malformed"); - certs.push_back(cert); + + DataSource_Memory cert_buf(&certs[3], cert_size); + m_certs.push_back(X509_Certificate(cert_buf)); + + certs += cert_size + 3; } } @@ -221,9 +218,9 @@ MemoryVector<byte> Certificate::serialize() const { MemoryVector<byte> buf(3); - for(size_t i = 0; i != certs.size(); ++i) + for(size_t i = 0; i != m_certs.size(); ++i) { - MemoryVector<byte> raw_cert = certs[i].BER_encode(); + MemoryVector<byte> raw_cert = m_certs[i].BER_encode(); const size_t cert_size = raw_cert.size(); for(size_t i = 0; i != 3; ++i) buf.push_back(get_byte<u32bit>(i+1, cert_size)); diff --git a/src/tls/cert_ver.cpp b/src/tls/cert_ver.cpp index 388e16c88..73acf3de1 100644 --- a/src/tls/cert_ver.cpp +++ b/src/tls/cert_ver.cpp @@ -31,7 +31,7 @@ Certificate_Verify::Certificate_Verify(Record_Writer& writer, PK_Signer signer(*priv_key, format.first, format.second); - if(state->version == Protocol_Version::SSL_V3) + if(state->version() == Protocol_Version::SSL_V3) { SecureVector<byte> md5_sha = state->hash.final_ssl3( state->keys.master_secret()); @@ -100,7 +100,7 @@ bool Certificate_Verify::verify(const X509_Certificate& cert, PK_Verifier verifier(*key, format.first, format.second); - if(state->version == Protocol_Version::SSL_V3) + if(state->version() == Protocol_Version::SSL_V3) { SecureVector<byte> md5_sha = state->hash.final_ssl3( state->keys.master_secret()); diff --git a/src/tls/finished.cpp b/src/tls/finished.cpp index 3c1c5684c..a494bf932 100644 --- a/src/tls/finished.cpp +++ b/src/tls/finished.cpp @@ -21,7 +21,7 @@ namespace { MemoryVector<byte> finished_compute_verify(Handshake_State* state, Connection_Side side) { - if(state->version == Protocol_Version::SSL_V3) + if(state->version() == Protocol_Version::SSL_V3) { const byte SSL_CLIENT_LABEL[] = { 0x43, 0x4C, 0x4E, 0x54 }; const byte SSL_SERVER_LABEL[] = { 0x53, 0x52, 0x56, 0x52 }; @@ -55,7 +55,7 @@ MemoryVector<byte> finished_compute_verify(Handshake_State* state, else input += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL)); - input += state->hash.final(state->version, state->suite.mac_algo()); + input += state->hash.final(state->version(), state->suite.mac_algo()); return prf->derive_key(12, state->keys.master_secret(), input); } diff --git a/src/tls/info.txt b/src/tls/info.txt index 31ce43c1e..7b6595154 100644 --- a/src/tls/info.txt +++ b/src/tls/info.txt @@ -25,6 +25,7 @@ tls_version.h <header:internal> tls_extensions.h tls_handshake_hash.h +tls_handshake_reader.h tls_handshake_state.h tls_messages.h tls_reader.h @@ -47,6 +48,7 @@ tls_channel.cpp tls_client.cpp tls_extensions.cpp tls_handshake_hash.cpp +tls_handshake_reader.cpp tls_handshake_state.cpp tls_policy.cpp tls_server.cpp diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp index d737ef237..2d541fbac 100644 --- a/src/tls/tls_channel.cpp +++ b/src/tls/tls_channel.cpp @@ -142,49 +142,38 @@ void Channel::read_handshake(byte rec_type, if(rec_type == HANDSHAKE) { if(!state) - state = new Handshake_State; - state->queue.write(&rec_buf[0], rec_buf.size()); + state = new Handshake_State(new Stream_Handshake_Reader); + state->handshake_reader->add_input(&rec_buf[0], rec_buf.size()); } + BOTAN_ASSERT(state, "Handshake message recieved without state in place"); + while(true) { Handshake_Type type = HANDSHAKE_NONE; - MemoryVector<byte> contents; if(rec_type == HANDSHAKE) { - if(state->queue.size() >= 4) + if(state->handshake_reader->have_full_record()) { - byte head[4] = { 0 }; - state->queue.peek(head, 4); - - const size_t length = make_u32bit(0, head[1], head[2], head[3]); - - if(state->queue.size() >= length + 4) - { - type = static_cast<Handshake_Type>(head[0]); - contents.resize(length); - state->queue.read(head, 4); - state->queue.read(&contents[0], contents.size()); - } + std::pair<Handshake_Type, MemoryVector<byte> > msg = + state->handshake_reader->get_next_record(); + process_handshake_msg(msg.first, msg.second); } + else + break; } else if(rec_type == CHANGE_CIPHER_SPEC) { - if(state->queue.size() == 0 && rec_buf.size() == 1 && rec_buf[0] == 1) - type = HANDSHAKE_CCS; + if(state->handshake_reader->empty() && rec_buf.size() == 1 && rec_buf[0] == 1) + process_handshake_msg(HANDSHAKE_CCS, MemoryVector<byte>()); else throw Decoding_Error("Malformed ChangeCipherSpec message"); } else throw Decoding_Error("Unknown message type in handshake processing"); - if(type == HANDSHAKE_NONE) - break; - - process_handshake_msg(type, contents); - - if(type == HANDSHAKE_CCS || !state) + if(type == HANDSHAKE_CCS || !state || !state->handshake_reader->have_full_record()) break; } } diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index 00e2dc311..02e24a1c9 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -35,7 +35,7 @@ Client::Client(std::tr1::function<void (const byte[], size_t)> output_fn, { writer.set_version(Protocol_Version::SSL_V3); - state = new Handshake_State; + state = new Handshake_State(new Stream_Handshake_Reader); state->set_expected_next(SERVER_HELLO); state->client_npn_cb = next_protocol; @@ -87,7 +87,7 @@ void Client::renegotiate() if(state) return; // currently in handshake - state = new Handshake_State; + state = new Handshake_State(new Stream_Handshake_Reader); state->set_expected_next(SERVER_HELLO); state->client_hello = new Client_Hello(writer, state->hash, policy, rng, @@ -173,10 +173,10 @@ void Client::process_handshake_msg(Handshake_Type type, "Server sent next protocol but we didn't request it"); } - state->version = state->server_hello->version(); + state->set_version(state->server_hello->version()); - writer.set_version(state->version); - reader.set_version(state->version); + writer.set_version(state->version()); + reader.set_version(state->version()); secure_renegotiation.update(state->server_hello); @@ -205,13 +205,13 @@ void Client::process_handshake_msg(Handshake_Type type, { // new session - if(state->version > state->client_hello->version()) + if(state->version() > state->client_hello->version()) { throw TLS_Exception(Alert::HANDSHAKE_FAILURE, "Client: Server replied with bad version"); } - if(state->version < policy.min_version()) + if(state->version() < policy.min_version()) { throw TLS_Exception(Alert::PROTOCOL_VERSION, "Client: Server is too old for specified policy"); @@ -288,7 +288,7 @@ void Client::process_handshake_msg(Handshake_Type type, state->server_kex = new Server_Key_Exchange(contents, state->suite.kex_algo(), state->suite.sig_algo(), - state->version); + state->version()); if(state->suite.sig_algo() != "") { @@ -302,7 +302,7 @@ void Client::process_handshake_msg(Handshake_Type type, else if(type == CERTIFICATE_REQUEST) { state->set_expected_next(SERVER_HELLO_DONE); - state->cert_req = new Certificate_Req(contents, state->version); + state->cert_req = new Certificate_Req(contents, state->version()); } else if(type == SERVER_HELLO_DONE) { diff --git a/src/tls/tls_handshake_reader.cpp b/src/tls/tls_handshake_reader.cpp new file mode 100644 index 000000000..8278a2296 --- /dev/null +++ b/src/tls/tls_handshake_reader.cpp @@ -0,0 +1,66 @@ +/* +* TLS Handshake Reader +* (C) 2012 Jack Lloyd +* +* Released under the terms of the Botan license +*/ + +#include <botan/internal/tls_handshake_reader.h> +#include <botan/exceptn.h> + +namespace Botan { + +namespace TLS { + +void Stream_Handshake_Reader::add_input(const byte record[], + size_t record_size) + { + m_queue.write(record, record_size); + } + +bool Stream_Handshake_Reader::empty() const + { + return m_queue.empty(); + } + +bool Stream_Handshake_Reader::have_full_record() const + { + if(m_queue.size() >= 4) + { + byte head[4] = { 0 }; + m_queue.peek(head, 4); + + const size_t length = make_u32bit(0, head[1], head[2], head[3]); + + return (m_queue.size() >= length + 4); + } + + return false; + } + +std::pair<Handshake_Type, MemoryVector<byte> > Stream_Handshake_Reader::get_next_record() + { + if(m_queue.size() >= 4) + { + byte head[4] = { 0 }; + m_queue.peek(head, 4); + + const size_t length = make_u32bit(0, head[1], head[2], head[3]); + + if(m_queue.size() >= length + 4) + { + Handshake_Type type = static_cast<Handshake_Type>(head[0]); + MemoryVector<byte> contents(length); + m_queue.read(head, 4); // discard + m_queue.read(&contents[0], contents.size()); + + return std::make_pair(type, contents); + } + } + + throw Internal_Error("Stream_Handshake_Reader::get_next_record called without a full record"); + } + +} + +} diff --git a/src/tls/tls_handshake_reader.h b/src/tls/tls_handshake_reader.h new file mode 100644 index 000000000..06a273ced --- /dev/null +++ b/src/tls/tls_handshake_reader.h @@ -0,0 +1,58 @@ +/* +* TLS Handshake Reader +* (C) 2012 Jack Lloyd +* +* Released under the terms of the Botan license +*/ + +#ifndef BOTAN_TLS_HANDSHAKE_READER_H__ +#define BOTAN_TLS_HANDSHAKE_READER_H__ + +#include <botan/tls_magic.h> +#include <botan/secqueue.h> +#include <botan/loadstor.h> +#include <utility> + +namespace Botan { + +namespace TLS { + +/** +* Handshake Reader Interface +*/ +class Handshake_Reader + { + public: + virtual void add_input(const byte record[], size_t record_size) = 0; + + virtual bool empty() const = 0; + + virtual bool have_full_record() const = 0; + + virtual std::pair<Handshake_Type, MemoryVector<byte> > get_next_record() = 0; + + virtual ~Handshake_Reader() {} + }; + +/** +* Reader of TLS handshake messages +*/ +class Stream_Handshake_Reader : public Handshake_Reader + { + public: + void add_input(const byte record[], size_t record_size); + + bool empty() const; + + bool have_full_record() const; + + std::pair<Handshake_Type, MemoryVector<byte> > get_next_record(); + private: + SecureQueue m_queue; + }; + +} + +} + +#endif diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index 9087031b6..3934c30f8 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -76,7 +76,7 @@ u32bit bitmask_for_handshake_type(Handshake_Type type) /* * Initialize the SSL/TLS Handshake State */ -Handshake_State::Handshake_State() +Handshake_State::Handshake_State(Handshake_Reader* reader) { client_hello = 0; server_hello = 0; @@ -92,14 +92,21 @@ Handshake_State::Handshake_State() client_finished = 0; server_finished = 0; + handshake_reader = reader; + server_rsa_kex_key = 0; - version = Protocol_Version::SSL_V3; + m_version = Protocol_Version::SSL_V3; hand_expecting_mask = 0; hand_received_mask = 0; } +void Handshake_State::set_version(const Protocol_Version& version) + { + m_version = version; + } + void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) { const u32bit mask = bitmask_for_handshake_type(handshake_msg); @@ -134,15 +141,15 @@ bool Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) const KDF* Handshake_State::protocol_specific_prf() { - if(version == Protocol_Version::SSL_V3) + if(version() == Protocol_Version::SSL_V3) { return get_kdf("SSL3-PRF"); } - else if(version == Protocol_Version::TLS_V10 || version == Protocol_Version::TLS_V11) + else if(version() == Protocol_Version::TLS_V10 || version() == Protocol_Version::TLS_V11) { return get_kdf("TLS-PRF"); } - else if(version == Protocol_Version::TLS_V12) + else if(version() == Protocol_Version::TLS_V12) { if(suite.mac_algo() == "SHA-1" || suite.mac_algo() == "SHA-256") return get_kdf("TLS-12-PRF(SHA-256)"); @@ -150,7 +157,7 @@ KDF* Handshake_State::protocol_specific_prf() return get_kdf("TLS-12-PRF(" + suite.mac_algo() + ")"); } - throw Internal_Error("Unknown version code " + version.to_string()); + throw Internal_Error("Unknown version code " + version().to_string()); } std::pair<std::string, Signature_Format> @@ -175,15 +182,15 @@ Handshake_State::choose_sig_format(const Private_Key* key, } } - if(for_client_auth && this->version == Protocol_Version::SSL_V3) + if(for_client_auth && this->version() == Protocol_Version::SSL_V3) hash_algo = "Raw"; - if(hash_algo == "" && this->version == Protocol_Version::TLS_V12) + if(hash_algo == "" && this->version() == Protocol_Version::TLS_V12) hash_algo = "SHA-1"; // TLS 1.2 but no compatible hashes set (?) BOTAN_ASSERT(hash_algo != "", "Couldn't figure out hash to use"); - if(this->version >= Protocol_Version::TLS_V12) + if(this->version() >= Protocol_Version::TLS_V12) { hash_algo_out = hash_algo; sig_algo_out = sig_algo; @@ -221,7 +228,7 @@ Handshake_State::understand_sig_format(const Public_Key* key, Or not? */ - if(this->version < Protocol_Version::TLS_V12) + if(this->version() < Protocol_Version::TLS_V12) { if(hash_algo != "" || sig_algo != "") throw Decoding_Error("Counterparty sent hash/sig IDs with old version"); @@ -237,11 +244,11 @@ Handshake_State::understand_sig_format(const Public_Key* key, if(algo_name == "RSA") { - if(for_client_auth && this->version == Protocol_Version::SSL_V3) + if(for_client_auth && this->version() == Protocol_Version::SSL_V3) { hash_algo = "Raw"; } - else if(this->version < Protocol_Version::TLS_V12) + else if(this->version() < Protocol_Version::TLS_V12) { hash_algo = "TLS.Digest.0"; } @@ -251,11 +258,11 @@ Handshake_State::understand_sig_format(const Public_Key* key, } else if(algo_name == "DSA" || algo_name == "ECDSA") { - if(algo_name == "DSA" && for_client_auth && this->version == Protocol_Version::SSL_V3) + if(algo_name == "DSA" && for_client_auth && this->version() == Protocol_Version::SSL_V3) { hash_algo = "Raw"; } - else if(this->version < Protocol_Version::TLS_V12) + else if(this->version() < Protocol_Version::TLS_V12) { hash_algo = "SHA-1"; } @@ -286,6 +293,8 @@ Handshake_State::~Handshake_State() delete client_verify; delete client_finished; delete server_finished; + + delete handshake_reader; } } diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h index 5be5c3620..0c1ff6ddb 100644 --- a/src/tls/tls_handshake_state.h +++ b/src/tls/tls_handshake_state.h @@ -9,8 +9,8 @@ #define BOTAN_TLS_HANDSHAKE_STATE_H__ #include <botan/internal/tls_handshake_hash.h> +#include <botan/internal/tls_handshake_reader.h> #include <botan/internal/tls_session_key.h> -#include <botan/secqueue.h> #include <botan/pk_keys.h> #include <botan/pubkey.h> @@ -42,7 +42,7 @@ namespace TLS { class Handshake_State { public: - Handshake_State(); + Handshake_State(Handshake_Reader* reader); ~Handshake_State(); bool received_handshake_msg(Handshake_Type handshake_msg) const; @@ -64,7 +64,9 @@ class Handshake_State KDF* protocol_specific_prf(); - Protocol_Version version; + Protocol_Version version() const { return m_version; } + + void set_version(const Protocol_Version& version); class Client_Hello* client_hello; class Server_Hello* server_hello; @@ -89,7 +91,7 @@ class Handshake_State Session_Keys keys; Handshake_Hash hash; - SecureQueue queue; + Handshake_Reader* handshake_reader; /* * Only used by clients for session resumption @@ -103,6 +105,7 @@ class Handshake_State private: u32bit hand_expecting_mask, hand_received_mask; + Protocol_Version m_version; }; } diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index 3352c2a62..027ac3b49 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -238,10 +238,10 @@ class Certificate : public Handshake_Message { public: Handshake_Type type() const { return CERTIFICATE; } - const std::vector<X509_Certificate>& cert_chain() const { return certs; } + const std::vector<X509_Certificate>& cert_chain() const { return m_certs; } - size_t count() const { return certs.size(); } - bool empty() const { return certs.empty(); } + size_t count() const { return m_certs.size(); } + bool empty() const { return m_certs.empty(); } Certificate(Record_Writer& writer, Handshake_Hash& hash, @@ -251,7 +251,7 @@ class Certificate : public Handshake_Message private: MemoryVector<byte> serialize() const; - std::vector<X509_Certificate> certs; + std::vector<X509_Certificate> m_certs; }; /** diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index c66171657..eacbc02e0 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -112,7 +112,7 @@ void Server::renegotiate() if(state) return; // currently in handshake - state = new Handshake_State; + state = new Handshake_State(new Stream_Handshake_Reader); state->set_expected_next(CLIENT_HELLO); Hello_Request hello_req(writer); } @@ -137,7 +137,7 @@ void Server::read_handshake(byte rec_type, { if(rec_type == HANDSHAKE && !state) { - state = new Handshake_State; + state = new Handshake_State(new Stream_Handshake_Reader); state->set_expected_next(CLIENT_HELLO); } @@ -183,14 +183,14 @@ void Server::process_handshake_msg(Handshake_Type type, "Client version is unacceptable by policy"); if(client_version <= policy.pref_version()) - state->version = client_version; + state->set_version(client_version); else - state->version = policy.pref_version(); + state->set_version(policy.pref_version()); secure_renegotiation.update(state->client_hello); - writer.set_version(state->version); - reader.set_version(state->version); + writer.set_version(state->version()); + reader.set_version(state->version()); Session session_info; const bool resuming = check_for_resume(session_info, @@ -261,7 +261,7 @@ void Server::process_handshake_msg(Handshake_Type type, state->server_hello = new Server_Hello( writer, state->hash, - state->version, + state->version(), *(state->client_hello), available_cert_types, policy, @@ -323,7 +323,7 @@ void Server::process_handshake_msg(Handshake_Type type, state->hash, policy, client_auth_CAs, - state->version); + state->version()); state->set_expected_next(CERTIFICATE); } @@ -364,7 +364,7 @@ void Server::process_handshake_msg(Handshake_Type type, } else if(type == CERTIFICATE_VERIFY) { - state->client_verify = new Certificate_Verify(contents, state->version); + state->client_verify = new Certificate_Verify(contents, state->version()); const std::vector<X509_Certificate>& client_certs = state->client_certs->cert_chain(); diff --git a/src/tls/tls_session_key.cpp b/src/tls/tls_session_key.cpp index 83ac7540b..edd0617bc 100644 --- a/src/tls/tls_session_key.cpp +++ b/src/tls/tls_session_key.cpp @@ -47,7 +47,7 @@ Session_Keys::Session_Keys(Handshake_State* state, { SecureVector<byte> salt; - if(state->version != Protocol_Version::SSL_V3) + if(state->version() != Protocol_Version::SSL_V3) salt += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC)); salt += state->client_hello->random(); @@ -57,7 +57,7 @@ Session_Keys::Session_Keys(Handshake_State* state, } SecureVector<byte> salt; - if(state->version != Protocol_Version::SSL_V3) + if(state->version() != Protocol_Version::SSL_V3) salt += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC)); salt += state->server_hello->random(); salt += state->client_hello->random(); |