aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-03-05 15:23:58 +0000
committerlloyd <[email protected]>2012-03-05 15:23:58 +0000
commit4e427ceb1518e3a0fb978717a4ec0c7d174b68d5 (patch)
tree83dc49687f84108fd6576601afc9702672f62107 /src
parent0cb5c24b007ba8cea9eb05f31548b078e2b1dea3 (diff)
Add an abstraction for reading handshake messages (as DTLS handles it
quite differently). Avoid using a queue for reading certificates. Hide the version code in the handshake state with a getter and setter.
Diffstat (limited to 'src')
-rw-r--r--src/tls/c_kex.cpp4
-rw-r--r--src/tls/cert_req.cpp35
-rw-r--r--src/tls/cert_ver.cpp4
-rw-r--r--src/tls/finished.cpp4
-rw-r--r--src/tls/info.txt2
-rw-r--r--src/tls/tls_channel.cpp37
-rw-r--r--src/tls/tls_client.cpp18
-rw-r--r--src/tls/tls_handshake_reader.cpp66
-rw-r--r--src/tls/tls_handshake_reader.h58
-rw-r--r--src/tls/tls_handshake_state.cpp37
-rw-r--r--src/tls/tls_handshake_state.h11
-rw-r--r--src/tls/tls_messages.h8
-rw-r--r--src/tls/tls_server.cpp18
-rw-r--r--src/tls/tls_session_key.cpp4
14 files changed, 215 insertions, 91 deletions
diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp
index e0ebfb865..ed571852c 100644
--- a/src/tls/c_kex.cpp
+++ b/src/tls/c_kex.cpp
@@ -201,7 +201,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer,
MemoryVector<byte> encrypted_key = encryptor.encrypt(pre_master, rng);
- if(state->version == Protocol_Version::SSL_V3)
+ if(state->version() == Protocol_Version::SSL_V3)
key_material = encrypted_key; // no length field
else
append_tls_length_value(key_material, encrypted_key, 2);
@@ -245,7 +245,7 @@ Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion<byte>& contents,
try
{
- if(state->version == Protocol_Version::SSL_V3)
+ if(state->version() == Protocol_Version::SSL_V3)
{
pre_master = decryptor.decrypt(contents);
}
diff --git a/src/tls/cert_req.cpp b/src/tls/cert_req.cpp
index 063cc5902..df70cc43d 100644
--- a/src/tls/cert_req.cpp
+++ b/src/tls/cert_req.cpp
@@ -12,7 +12,6 @@
#include <botan/der_enc.h>
#include <botan/ber_dec.h>
#include <botan/loadstor.h>
-#include <botan/secqueue.h>
namespace Botan {
@@ -174,9 +173,9 @@ MemoryVector<byte> Certificate_Req::serialize() const
*/
Certificate::Certificate(Record_Writer& writer,
Handshake_Hash& hash,
- const std::vector<X509_Certificate>& cert_list)
+ const std::vector<X509_Certificate>& cert_list) :
+ m_certs(cert_list)
{
- certs = cert_list;
hash.update(writer.send(*this));
}
@@ -190,27 +189,25 @@ Certificate::Certificate(const MemoryRegion<byte>& buf)
const size_t total_size = make_u32bit(0, buf[0], buf[1], buf[2]);
- SecureQueue queue;
- queue.write(&buf[3], buf.size() - 3);
-
- if(queue.size() != total_size)
+ if(total_size != buf.size() - 3)
throw Decoding_Error("Certificate: Message malformed");
- while(queue.size())
+ const byte* certs = &buf[3];
+
+ while(certs != buf.end())
{
- if(queue.size() < 3)
+ if(buf.end() - certs < 3)
throw Decoding_Error("Certificate: Message malformed");
- byte len[3];
- queue.read(len, 3);
-
- const size_t cert_size = make_u32bit(0, len[0], len[1], len[2]);
- const size_t original_size = queue.size();
+ const size_t cert_size = make_u32bit(0, certs[0], certs[1], certs[2]);
- X509_Certificate cert(queue);
- if(queue.size() + cert_size != original_size)
+ if(buf.end() - certs < (3 + cert_size))
throw Decoding_Error("Certificate: Message malformed");
- certs.push_back(cert);
+
+ DataSource_Memory cert_buf(&certs[3], cert_size);
+ m_certs.push_back(X509_Certificate(cert_buf));
+
+ certs += cert_size + 3;
}
}
@@ -221,9 +218,9 @@ MemoryVector<byte> Certificate::serialize() const
{
MemoryVector<byte> buf(3);
- for(size_t i = 0; i != certs.size(); ++i)
+ for(size_t i = 0; i != m_certs.size(); ++i)
{
- MemoryVector<byte> raw_cert = certs[i].BER_encode();
+ MemoryVector<byte> raw_cert = m_certs[i].BER_encode();
const size_t cert_size = raw_cert.size();
for(size_t i = 0; i != 3; ++i)
buf.push_back(get_byte<u32bit>(i+1, cert_size));
diff --git a/src/tls/cert_ver.cpp b/src/tls/cert_ver.cpp
index 388e16c88..73acf3de1 100644
--- a/src/tls/cert_ver.cpp
+++ b/src/tls/cert_ver.cpp
@@ -31,7 +31,7 @@ Certificate_Verify::Certificate_Verify(Record_Writer& writer,
PK_Signer signer(*priv_key, format.first, format.second);
- if(state->version == Protocol_Version::SSL_V3)
+ if(state->version() == Protocol_Version::SSL_V3)
{
SecureVector<byte> md5_sha = state->hash.final_ssl3(
state->keys.master_secret());
@@ -100,7 +100,7 @@ bool Certificate_Verify::verify(const X509_Certificate& cert,
PK_Verifier verifier(*key, format.first, format.second);
- if(state->version == Protocol_Version::SSL_V3)
+ if(state->version() == Protocol_Version::SSL_V3)
{
SecureVector<byte> md5_sha = state->hash.final_ssl3(
state->keys.master_secret());
diff --git a/src/tls/finished.cpp b/src/tls/finished.cpp
index 3c1c5684c..a494bf932 100644
--- a/src/tls/finished.cpp
+++ b/src/tls/finished.cpp
@@ -21,7 +21,7 @@ namespace {
MemoryVector<byte> finished_compute_verify(Handshake_State* state,
Connection_Side side)
{
- if(state->version == Protocol_Version::SSL_V3)
+ if(state->version() == Protocol_Version::SSL_V3)
{
const byte SSL_CLIENT_LABEL[] = { 0x43, 0x4C, 0x4E, 0x54 };
const byte SSL_SERVER_LABEL[] = { 0x53, 0x52, 0x56, 0x52 };
@@ -55,7 +55,7 @@ MemoryVector<byte> finished_compute_verify(Handshake_State* state,
else
input += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL));
- input += state->hash.final(state->version, state->suite.mac_algo());
+ input += state->hash.final(state->version(), state->suite.mac_algo());
return prf->derive_key(12, state->keys.master_secret(), input);
}
diff --git a/src/tls/info.txt b/src/tls/info.txt
index 31ce43c1e..7b6595154 100644
--- a/src/tls/info.txt
+++ b/src/tls/info.txt
@@ -25,6 +25,7 @@ tls_version.h
<header:internal>
tls_extensions.h
tls_handshake_hash.h
+tls_handshake_reader.h
tls_handshake_state.h
tls_messages.h
tls_reader.h
@@ -47,6 +48,7 @@ tls_channel.cpp
tls_client.cpp
tls_extensions.cpp
tls_handshake_hash.cpp
+tls_handshake_reader.cpp
tls_handshake_state.cpp
tls_policy.cpp
tls_server.cpp
diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp
index d737ef237..2d541fbac 100644
--- a/src/tls/tls_channel.cpp
+++ b/src/tls/tls_channel.cpp
@@ -142,49 +142,38 @@ void Channel::read_handshake(byte rec_type,
if(rec_type == HANDSHAKE)
{
if(!state)
- state = new Handshake_State;
- state->queue.write(&rec_buf[0], rec_buf.size());
+ state = new Handshake_State(new Stream_Handshake_Reader);
+ state->handshake_reader->add_input(&rec_buf[0], rec_buf.size());
}
+ BOTAN_ASSERT(state, "Handshake message recieved without state in place");
+
while(true)
{
Handshake_Type type = HANDSHAKE_NONE;
- MemoryVector<byte> contents;
if(rec_type == HANDSHAKE)
{
- if(state->queue.size() >= 4)
+ if(state->handshake_reader->have_full_record())
{
- byte head[4] = { 0 };
- state->queue.peek(head, 4);
-
- const size_t length = make_u32bit(0, head[1], head[2], head[3]);
-
- if(state->queue.size() >= length + 4)
- {
- type = static_cast<Handshake_Type>(head[0]);
- contents.resize(length);
- state->queue.read(head, 4);
- state->queue.read(&contents[0], contents.size());
- }
+ std::pair<Handshake_Type, MemoryVector<byte> > msg =
+ state->handshake_reader->get_next_record();
+ process_handshake_msg(msg.first, msg.second);
}
+ else
+ break;
}
else if(rec_type == CHANGE_CIPHER_SPEC)
{
- if(state->queue.size() == 0 && rec_buf.size() == 1 && rec_buf[0] == 1)
- type = HANDSHAKE_CCS;
+ if(state->handshake_reader->empty() && rec_buf.size() == 1 && rec_buf[0] == 1)
+ process_handshake_msg(HANDSHAKE_CCS, MemoryVector<byte>());
else
throw Decoding_Error("Malformed ChangeCipherSpec message");
}
else
throw Decoding_Error("Unknown message type in handshake processing");
- if(type == HANDSHAKE_NONE)
- break;
-
- process_handshake_msg(type, contents);
-
- if(type == HANDSHAKE_CCS || !state)
+ if(type == HANDSHAKE_CCS || !state || !state->handshake_reader->have_full_record())
break;
}
}
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index 00e2dc311..02e24a1c9 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -35,7 +35,7 @@ Client::Client(std::tr1::function<void (const byte[], size_t)> output_fn,
{
writer.set_version(Protocol_Version::SSL_V3);
- state = new Handshake_State;
+ state = new Handshake_State(new Stream_Handshake_Reader);
state->set_expected_next(SERVER_HELLO);
state->client_npn_cb = next_protocol;
@@ -87,7 +87,7 @@ void Client::renegotiate()
if(state)
return; // currently in handshake
- state = new Handshake_State;
+ state = new Handshake_State(new Stream_Handshake_Reader);
state->set_expected_next(SERVER_HELLO);
state->client_hello = new Client_Hello(writer, state->hash, policy, rng,
@@ -173,10 +173,10 @@ void Client::process_handshake_msg(Handshake_Type type,
"Server sent next protocol but we didn't request it");
}
- state->version = state->server_hello->version();
+ state->set_version(state->server_hello->version());
- writer.set_version(state->version);
- reader.set_version(state->version);
+ writer.set_version(state->version());
+ reader.set_version(state->version());
secure_renegotiation.update(state->server_hello);
@@ -205,13 +205,13 @@ void Client::process_handshake_msg(Handshake_Type type,
{
// new session
- if(state->version > state->client_hello->version())
+ if(state->version() > state->client_hello->version())
{
throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
"Client: Server replied with bad version");
}
- if(state->version < policy.min_version())
+ if(state->version() < policy.min_version())
{
throw TLS_Exception(Alert::PROTOCOL_VERSION,
"Client: Server is too old for specified policy");
@@ -288,7 +288,7 @@ void Client::process_handshake_msg(Handshake_Type type,
state->server_kex = new Server_Key_Exchange(contents,
state->suite.kex_algo(),
state->suite.sig_algo(),
- state->version);
+ state->version());
if(state->suite.sig_algo() != "")
{
@@ -302,7 +302,7 @@ void Client::process_handshake_msg(Handshake_Type type,
else if(type == CERTIFICATE_REQUEST)
{
state->set_expected_next(SERVER_HELLO_DONE);
- state->cert_req = new Certificate_Req(contents, state->version);
+ state->cert_req = new Certificate_Req(contents, state->version());
}
else if(type == SERVER_HELLO_DONE)
{
diff --git a/src/tls/tls_handshake_reader.cpp b/src/tls/tls_handshake_reader.cpp
new file mode 100644
index 000000000..8278a2296
--- /dev/null
+++ b/src/tls/tls_handshake_reader.cpp
@@ -0,0 +1,66 @@
+/*
+* TLS Handshake Reader
+* (C) 2012 Jack Lloyd
+*
+* Released under the terms of the Botan license
+*/
+
+#include <botan/internal/tls_handshake_reader.h>
+#include <botan/exceptn.h>
+
+namespace Botan {
+
+namespace TLS {
+
+void Stream_Handshake_Reader::add_input(const byte record[],
+ size_t record_size)
+ {
+ m_queue.write(record, record_size);
+ }
+
+bool Stream_Handshake_Reader::empty() const
+ {
+ return m_queue.empty();
+ }
+
+bool Stream_Handshake_Reader::have_full_record() const
+ {
+ if(m_queue.size() >= 4)
+ {
+ byte head[4] = { 0 };
+ m_queue.peek(head, 4);
+
+ const size_t length = make_u32bit(0, head[1], head[2], head[3]);
+
+ return (m_queue.size() >= length + 4);
+ }
+
+ return false;
+ }
+
+std::pair<Handshake_Type, MemoryVector<byte> > Stream_Handshake_Reader::get_next_record()
+ {
+ if(m_queue.size() >= 4)
+ {
+ byte head[4] = { 0 };
+ m_queue.peek(head, 4);
+
+ const size_t length = make_u32bit(0, head[1], head[2], head[3]);
+
+ if(m_queue.size() >= length + 4)
+ {
+ Handshake_Type type = static_cast<Handshake_Type>(head[0]);
+ MemoryVector<byte> contents(length);
+ m_queue.read(head, 4); // discard
+ m_queue.read(&contents[0], contents.size());
+
+ return std::make_pair(type, contents);
+ }
+ }
+
+ throw Internal_Error("Stream_Handshake_Reader::get_next_record called without a full record");
+ }
+
+}
+
+}
diff --git a/src/tls/tls_handshake_reader.h b/src/tls/tls_handshake_reader.h
new file mode 100644
index 000000000..06a273ced
--- /dev/null
+++ b/src/tls/tls_handshake_reader.h
@@ -0,0 +1,58 @@
+/*
+* TLS Handshake Reader
+* (C) 2012 Jack Lloyd
+*
+* Released under the terms of the Botan license
+*/
+
+#ifndef BOTAN_TLS_HANDSHAKE_READER_H__
+#define BOTAN_TLS_HANDSHAKE_READER_H__
+
+#include <botan/tls_magic.h>
+#include <botan/secqueue.h>
+#include <botan/loadstor.h>
+#include <utility>
+
+namespace Botan {
+
+namespace TLS {
+
+/**
+* Handshake Reader Interface
+*/
+class Handshake_Reader
+ {
+ public:
+ virtual void add_input(const byte record[], size_t record_size) = 0;
+
+ virtual bool empty() const = 0;
+
+ virtual bool have_full_record() const = 0;
+
+ virtual std::pair<Handshake_Type, MemoryVector<byte> > get_next_record() = 0;
+
+ virtual ~Handshake_Reader() {}
+ };
+
+/**
+* Reader of TLS handshake messages
+*/
+class Stream_Handshake_Reader : public Handshake_Reader
+ {
+ public:
+ void add_input(const byte record[], size_t record_size);
+
+ bool empty() const;
+
+ bool have_full_record() const;
+
+ std::pair<Handshake_Type, MemoryVector<byte> > get_next_record();
+ private:
+ SecureQueue m_queue;
+ };
+
+}
+
+}
+
+#endif
diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp
index 9087031b6..3934c30f8 100644
--- a/src/tls/tls_handshake_state.cpp
+++ b/src/tls/tls_handshake_state.cpp
@@ -76,7 +76,7 @@ u32bit bitmask_for_handshake_type(Handshake_Type type)
/*
* Initialize the SSL/TLS Handshake State
*/
-Handshake_State::Handshake_State()
+Handshake_State::Handshake_State(Handshake_Reader* reader)
{
client_hello = 0;
server_hello = 0;
@@ -92,14 +92,21 @@ Handshake_State::Handshake_State()
client_finished = 0;
server_finished = 0;
+ handshake_reader = reader;
+
server_rsa_kex_key = 0;
- version = Protocol_Version::SSL_V3;
+ m_version = Protocol_Version::SSL_V3;
hand_expecting_mask = 0;
hand_received_mask = 0;
}
+void Handshake_State::set_version(const Protocol_Version& version)
+ {
+ m_version = version;
+ }
+
void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg)
{
const u32bit mask = bitmask_for_handshake_type(handshake_msg);
@@ -134,15 +141,15 @@ bool Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) const
KDF* Handshake_State::protocol_specific_prf()
{
- if(version == Protocol_Version::SSL_V3)
+ if(version() == Protocol_Version::SSL_V3)
{
return get_kdf("SSL3-PRF");
}
- else if(version == Protocol_Version::TLS_V10 || version == Protocol_Version::TLS_V11)
+ else if(version() == Protocol_Version::TLS_V10 || version() == Protocol_Version::TLS_V11)
{
return get_kdf("TLS-PRF");
}
- else if(version == Protocol_Version::TLS_V12)
+ else if(version() == Protocol_Version::TLS_V12)
{
if(suite.mac_algo() == "SHA-1" || suite.mac_algo() == "SHA-256")
return get_kdf("TLS-12-PRF(SHA-256)");
@@ -150,7 +157,7 @@ KDF* Handshake_State::protocol_specific_prf()
return get_kdf("TLS-12-PRF(" + suite.mac_algo() + ")");
}
- throw Internal_Error("Unknown version code " + version.to_string());
+ throw Internal_Error("Unknown version code " + version().to_string());
}
std::pair<std::string, Signature_Format>
@@ -175,15 +182,15 @@ Handshake_State::choose_sig_format(const Private_Key* key,
}
}
- if(for_client_auth && this->version == Protocol_Version::SSL_V3)
+ if(for_client_auth && this->version() == Protocol_Version::SSL_V3)
hash_algo = "Raw";
- if(hash_algo == "" && this->version == Protocol_Version::TLS_V12)
+ if(hash_algo == "" && this->version() == Protocol_Version::TLS_V12)
hash_algo = "SHA-1"; // TLS 1.2 but no compatible hashes set (?)
BOTAN_ASSERT(hash_algo != "", "Couldn't figure out hash to use");
- if(this->version >= Protocol_Version::TLS_V12)
+ if(this->version() >= Protocol_Version::TLS_V12)
{
hash_algo_out = hash_algo;
sig_algo_out = sig_algo;
@@ -221,7 +228,7 @@ Handshake_State::understand_sig_format(const Public_Key* key,
Or not?
*/
- if(this->version < Protocol_Version::TLS_V12)
+ if(this->version() < Protocol_Version::TLS_V12)
{
if(hash_algo != "" || sig_algo != "")
throw Decoding_Error("Counterparty sent hash/sig IDs with old version");
@@ -237,11 +244,11 @@ Handshake_State::understand_sig_format(const Public_Key* key,
if(algo_name == "RSA")
{
- if(for_client_auth && this->version == Protocol_Version::SSL_V3)
+ if(for_client_auth && this->version() == Protocol_Version::SSL_V3)
{
hash_algo = "Raw";
}
- else if(this->version < Protocol_Version::TLS_V12)
+ else if(this->version() < Protocol_Version::TLS_V12)
{
hash_algo = "TLS.Digest.0";
}
@@ -251,11 +258,11 @@ Handshake_State::understand_sig_format(const Public_Key* key,
}
else if(algo_name == "DSA" || algo_name == "ECDSA")
{
- if(algo_name == "DSA" && for_client_auth && this->version == Protocol_Version::SSL_V3)
+ if(algo_name == "DSA" && for_client_auth && this->version() == Protocol_Version::SSL_V3)
{
hash_algo = "Raw";
}
- else if(this->version < Protocol_Version::TLS_V12)
+ else if(this->version() < Protocol_Version::TLS_V12)
{
hash_algo = "SHA-1";
}
@@ -286,6 +293,8 @@ Handshake_State::~Handshake_State()
delete client_verify;
delete client_finished;
delete server_finished;
+
+ delete handshake_reader;
}
}
diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h
index 5be5c3620..0c1ff6ddb 100644
--- a/src/tls/tls_handshake_state.h
+++ b/src/tls/tls_handshake_state.h
@@ -9,8 +9,8 @@
#define BOTAN_TLS_HANDSHAKE_STATE_H__
#include <botan/internal/tls_handshake_hash.h>
+#include <botan/internal/tls_handshake_reader.h>
#include <botan/internal/tls_session_key.h>
-#include <botan/secqueue.h>
#include <botan/pk_keys.h>
#include <botan/pubkey.h>
@@ -42,7 +42,7 @@ namespace TLS {
class Handshake_State
{
public:
- Handshake_State();
+ Handshake_State(Handshake_Reader* reader);
~Handshake_State();
bool received_handshake_msg(Handshake_Type handshake_msg) const;
@@ -64,7 +64,9 @@ class Handshake_State
KDF* protocol_specific_prf();
- Protocol_Version version;
+ Protocol_Version version() const { return m_version; }
+
+ void set_version(const Protocol_Version& version);
class Client_Hello* client_hello;
class Server_Hello* server_hello;
@@ -89,7 +91,7 @@ class Handshake_State
Session_Keys keys;
Handshake_Hash hash;
- SecureQueue queue;
+ Handshake_Reader* handshake_reader;
/*
* Only used by clients for session resumption
@@ -103,6 +105,7 @@ class Handshake_State
private:
u32bit hand_expecting_mask, hand_received_mask;
+ Protocol_Version m_version;
};
}
diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h
index 3352c2a62..027ac3b49 100644
--- a/src/tls/tls_messages.h
+++ b/src/tls/tls_messages.h
@@ -238,10 +238,10 @@ class Certificate : public Handshake_Message
{
public:
Handshake_Type type() const { return CERTIFICATE; }
- const std::vector<X509_Certificate>& cert_chain() const { return certs; }
+ const std::vector<X509_Certificate>& cert_chain() const { return m_certs; }
- size_t count() const { return certs.size(); }
- bool empty() const { return certs.empty(); }
+ size_t count() const { return m_certs.size(); }
+ bool empty() const { return m_certs.empty(); }
Certificate(Record_Writer& writer,
Handshake_Hash& hash,
@@ -251,7 +251,7 @@ class Certificate : public Handshake_Message
private:
MemoryVector<byte> serialize() const;
- std::vector<X509_Certificate> certs;
+ std::vector<X509_Certificate> m_certs;
};
/**
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index c66171657..eacbc02e0 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -112,7 +112,7 @@ void Server::renegotiate()
if(state)
return; // currently in handshake
- state = new Handshake_State;
+ state = new Handshake_State(new Stream_Handshake_Reader);
state->set_expected_next(CLIENT_HELLO);
Hello_Request hello_req(writer);
}
@@ -137,7 +137,7 @@ void Server::read_handshake(byte rec_type,
{
if(rec_type == HANDSHAKE && !state)
{
- state = new Handshake_State;
+ state = new Handshake_State(new Stream_Handshake_Reader);
state->set_expected_next(CLIENT_HELLO);
}
@@ -183,14 +183,14 @@ void Server::process_handshake_msg(Handshake_Type type,
"Client version is unacceptable by policy");
if(client_version <= policy.pref_version())
- state->version = client_version;
+ state->set_version(client_version);
else
- state->version = policy.pref_version();
+ state->set_version(policy.pref_version());
secure_renegotiation.update(state->client_hello);
- writer.set_version(state->version);
- reader.set_version(state->version);
+ writer.set_version(state->version());
+ reader.set_version(state->version());
Session session_info;
const bool resuming = check_for_resume(session_info,
@@ -261,7 +261,7 @@ void Server::process_handshake_msg(Handshake_Type type,
state->server_hello = new Server_Hello(
writer,
state->hash,
- state->version,
+ state->version(),
*(state->client_hello),
available_cert_types,
policy,
@@ -323,7 +323,7 @@ void Server::process_handshake_msg(Handshake_Type type,
state->hash,
policy,
client_auth_CAs,
- state->version);
+ state->version());
state->set_expected_next(CERTIFICATE);
}
@@ -364,7 +364,7 @@ void Server::process_handshake_msg(Handshake_Type type,
}
else if(type == CERTIFICATE_VERIFY)
{
- state->client_verify = new Certificate_Verify(contents, state->version);
+ state->client_verify = new Certificate_Verify(contents, state->version());
const std::vector<X509_Certificate>& client_certs =
state->client_certs->cert_chain();
diff --git a/src/tls/tls_session_key.cpp b/src/tls/tls_session_key.cpp
index 83ac7540b..edd0617bc 100644
--- a/src/tls/tls_session_key.cpp
+++ b/src/tls/tls_session_key.cpp
@@ -47,7 +47,7 @@ Session_Keys::Session_Keys(Handshake_State* state,
{
SecureVector<byte> salt;
- if(state->version != Protocol_Version::SSL_V3)
+ if(state->version() != Protocol_Version::SSL_V3)
salt += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC));
salt += state->client_hello->random();
@@ -57,7 +57,7 @@ Session_Keys::Session_Keys(Handshake_State* state,
}
SecureVector<byte> salt;
- if(state->version != Protocol_Version::SSL_V3)
+ if(state->version() != Protocol_Version::SSL_V3)
salt += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC));
salt += state->server_hello->random();
salt += state->client_hello->random();