diff options
author | lloyd <[email protected]> | 2012-06-07 23:09:22 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-06-07 23:09:22 +0000 |
commit | 8a7eb1f73c503b289a6f4bc56f5ebef806c9d4e6 (patch) | |
tree | 47fa8d62d571dfc41f9a84ca4b6f715a49525a2f /src | |
parent | d83acdebff0200dc20170eea5844d151785a72b5 (diff) |
Report what we have already received on an unexpected state
transition. That will come in handy someday.
Allow the server to skip sending a session ticket. GnuTLS seems prone
to offering it even if it doesn't have a key handy.
Fix vector/secure_vector conversions in the SQLite session manager.
Diffstat (limited to 'src')
-rw-r--r-- | src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp | 10 | ||||
-rw-r--r-- | src/tls/tls_client.cpp | 5 | ||||
-rw-r--r-- | src/tls/tls_handshake_state.cpp | 5 |
3 files changed, 11 insertions, 9 deletions
diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp index b6aaa3498..24efa74f3 100644 --- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp +++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp @@ -137,10 +137,10 @@ SymmetricKey derive_key(const std::string& passphrase, { std::unique_ptr<PBKDF> pbkdf(get_pbkdf("PBKDF2(SHA-512)")); - std::vector<byte> x = pbkdf->derive_key(32 + 3, - passphrase, - salt, salt_len, - iterations).bits_of(); + secure_vector<byte> x = pbkdf->derive_key(32 + 3, + passphrase, + salt, salt_len, + iterations).bits_of(); check_val = make_u32bit(0, x[0], x[1], x[2]); return SymmetricKey(&x[3], x.size() - 3); @@ -217,7 +217,7 @@ Session_Manager_SQLite::Session_Manager_SQLite(const std::string& passphrase, // new database case - std::vector<byte> salt = rng.random_vec(16); + std::vector<byte> salt = unlock(rng.random_vec(16)); const size_t iterations = 64 * 1024; size_t check_val = 0; diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index 1ca256f3e..ba7738e5c 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -237,10 +237,11 @@ void Client::process_handshake_msg(Handshake_Type type, state->resume_master_secret, true); + // The server is not strictly required to send us a new ticket if(state->server_hello->supports_session_ticket()) state->set_expected_next(NEW_SESSION_TICKET); - else - state->set_expected_next(HANDSHAKE_CCS); + + state->set_expected_next(HANDSHAKE_CCS); } else { diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index 90de7c3f9..7f289c205 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -124,8 +124,9 @@ void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) if(!ok) throw Unexpected_Message("Unexpected state transition in handshake, got " + - std::to_string(handshake_msg) + " mask is " + - std::to_string(hand_expecting_mask)); + std::to_string(handshake_msg) + + " expected " + std::to_string(hand_expecting_mask) + + " recveived " + std::to_string(hand_received_mask)); /* We don't know what to expect next, so force a call to set_expected_next; if it doesn't happen, the next transition |