search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
*** empty log message ***
[gnutls.git] / lib / gnutls_state.c
blobe849ddbcdf01b83b64f9832d4503e047578ebb88
1 /*
2 * Copyright (C) 2002 Nikos Mavroyanopoulos
3 *
4 * This file is part of GNUTLS.
5 *
6 * The GNUTLS library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 */
21
22 #include <gnutls_int.h>
23 #include <gnutls_errors.h>
24 #include <gnutls_auth_int.h>
25 #include <gnutls_priority.h>
26 #include <gnutls_num.h>
27 #include "gnutls_datum.h"
28 #include "gnutls_db.h"
29 #include <gnutls_record.h>
30 #include <gnutls_handshake.h>
31 #include <gnutls_dh.h>
32 #include <gnutls_buffers.h>
33 #include <gnutls_state.h>
34 #include <auth_cert.h>
35 #include <auth_anon.h>
36
37 #define CHECK_AUTH(auth, ret) if (gnutls_auth_get_type(state) != auth) { \
38 gnutls_assert(); \
39 return ret; \
40 }
41
42 void _gnutls_state_cert_type_set( GNUTLS_STATE state, CertificateType ct) {
43 state->security_parameters.cert_type = ct;
44 }
45
46 /**
47 * gnutls_cipher_get - Returns the currently used cipher.
48 * @state: is a &GNUTLS_STATE structure.
49 *
50 * Returns the currently used cipher.
51 **/
52 GNUTLS_BulkCipherAlgorithm gnutls_cipher_get( GNUTLS_STATE state) {
53 return state->security_parameters.read_bulk_cipher_algorithm;
54 }
55
56 /**
57 * gnutls_cert_type_get - Returns the currently used certificate type.
58 * @state: is a &GNUTLS_STATE structure.
59 *
60 * Returns the currently used certificate type. The certificate type
61 * is by default X.509, unless it is negotiated as a TLS extension.
62 *
63 **/
64 GNUTLS_CertificateType gnutls_cert_type_get( GNUTLS_STATE state) {
65 return state->security_parameters.cert_type;
66 }
67
68 /**
69 * gnutls_kx_get - Returns the key exchange algorithm.
70 * @state: is a &GNUTLS_STATE structure.
71 *
72 * Returns the key exchange algorithm used in the last handshake.
73 **/
74 GNUTLS_KXAlgorithm gnutls_kx_get( GNUTLS_STATE state) {
75 return state->security_parameters.kx_algorithm;
76 }
77
78 /**
79 * gnutls_mac_get - Returns the currently used mac algorithm.
80 * @state: is a &GNUTLS_STATE structure.
81 *
82 * Returns the currently used mac algorithm.
83 **/
84 GNUTLS_MACAlgorithm gnutls_mac_get( GNUTLS_STATE state) {
85 return state->security_parameters.read_mac_algorithm;
86 }
87
88 /**
89 * gnutls_compression_get - Returns the currently used compression algorithm.
90 * @state: is a &GNUTLS_STATE structure.
91 *
92 * Returns the currently used compression method.
93 **/
94 GNUTLS_CompressionMethod gnutls_compression_get( GNUTLS_STATE state) {
95 return state->security_parameters.read_compression_algorithm;
96 }
97
98 int _gnutls_state_cert_type_supported( GNUTLS_STATE state, CertificateType cert_type) {
99 int i;
100
101 if (state->gnutls_internals.cert_type_priority.algorithms==0 && cert_type ==
102 DEFAULT_CERT_TYPE) return 0;
103
104 for (i=0;i<state->gnutls_internals.cert_type_priority.algorithms;i++) {
105 if (state->gnutls_internals.cert_type_priority.algorithm_priority[i]
106 == cert_type) {
107 return 0; /* ok */
108 }
109 }
110
111 return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
112 }
113
114 /* This function will clear all the variables in gnutls_internals
115 * structure within the state, which depend on the current handshake.
116 * This is used to allow further handshakes.
117 */
118 void _gnutls_handshake_internal_state_clear( GNUTLS_STATE state) {
119 state->gnutls_internals.extensions_sent_size = 0;
120
121 /* by default no selected certificate */
122 state->gnutls_internals.selected_cert_index = -1;
123 state->gnutls_internals.proposed_record_size = DEFAULT_MAX_RECORD_SIZE;
124 state->gnutls_internals.adv_version_major = 0;
125 state->gnutls_internals.adv_version_minor = 0;
126 state->gnutls_internals.v2_hello = 0;
127 memset( &state->gnutls_internals.handshake_header_buffer, 0,
128 sizeof(HANDSHAKE_HEADER_BUFFER));
129 state->gnutls_internals.adv_version_minor = 0;
130 state->gnutls_internals.adv_version_minor = 0;
131
132 state->gnutls_internals.resumable = RESUME_TRUE;
133
134 }
135
136
137 #define _gnutls_free(x) if(x!=NULL) gnutls_free(x)
138 /**
139 * gnutls_init - This function initializes the state to null (null encryption etc...).
140 * @con_end: is used to indicate if this state is to be used for server or
141 * client. Can be one of GNUTLS_CLIENT and GNUTLS_SERVER.
142 * @state: is a pointer to a &GNUTLS_STATE structure.
143 *
144 * This function initializes the current state to null. Every state
145 * must be initialized before use, so internal structures can be allocated.
146 * This function allocates structures which can only be free'd
147 * by calling gnutls_deinit(). Returns zero on success.
148 **/
149 int gnutls_init(GNUTLS_STATE * state, GNUTLS_ConnectionEnd con_end)
150 {
151 int default_protocol_list[] = { GNUTLS_TLS1, 0 };
152
153 *state = gnutls_calloc(1, sizeof(struct GNUTLS_STATE_INT));
154 if (*state==NULL) return GNUTLS_E_MEMORY_ERROR;
155
156 (*state)->security_parameters.entity = con_end;
157
158 /* the default certificate type for TLS */
159 (*state)->security_parameters.cert_type = DEFAULT_CERT_TYPE;
160
161 /* Set the defaults for initial handshake */
162 (*state)->security_parameters.read_bulk_cipher_algorithm =
163 (*state)->security_parameters.write_bulk_cipher_algorithm = GNUTLS_CIPHER_NULL;
164
165 (*state)->security_parameters.read_mac_algorithm =
166 (*state)->security_parameters.write_mac_algorithm = GNUTLS_MAC_NULL;
167
168 (*state)->security_parameters.read_compression_algorithm = GNUTLS_COMP_NULL;
169 (*state)->security_parameters.write_compression_algorithm = GNUTLS_COMP_NULL;
170
171
172 gnutls_protocol_set_priority( *state, default_protocol_list); /* default */
173
174 (*state)->gnutls_key = gnutls_calloc(1, sizeof(struct GNUTLS_KEY_INT));
175 if ( (*state)->gnutls_key == NULL) {
176 gnutls_free( *state);
177 return GNUTLS_E_MEMORY_ERROR;
178 }
179
180 (*state)->gnutls_internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */
181
182 gnutls_dh_set_prime_bits( (*state), MIN_BITS);
183
184 gnutls_transport_set_lowat((*state), DEFAULT_LOWAT); /* the default for tcp */
185
186 gnutls_handshake_set_max_packet_length( (*state), MAX_HANDSHAKE_PACKET_SIZE);
187
188 /* Allocate a minimum size for recv_data
189 * This is allocated in order to avoid small messages, makeing
190 * the receive procedure slow.
191 */
192 (*state)->gnutls_internals.record_recv_buffer.data = gnutls_malloc(INITIAL_RECV_BUFFER_SIZE);
193
194 /* set the default maximum record size for TLS
195 */
196 (*state)->security_parameters.max_record_size = DEFAULT_MAX_RECORD_SIZE;
197
198
199 /* everything else not initialized here is initialized
200 * as NULL or 0. This is why calloc is used.
201 */
202
203 _gnutls_handshake_internal_state_clear( *state);
204
205 return 0;
206 }
207
208 /**
209 * gnutls_deinit - This function clears all buffers associated with the &state
210 * @state: is a &GNUTLS_STATE structure.
211 *
212 * This function clears all buffers associated with the &state.
213 **/
214 void gnutls_deinit(GNUTLS_STATE state)
215 {
216
217 /* remove auth info firstly */
218 _gnutls_free_auth_info(state );
219
220 #ifdef HAVE_LIBGDBM
221 /* close the database - resuming sessions */
222 if ( state->gnutls_internals.db_reader != NULL)
223 gdbm_close(state->gnutls_internals.db_reader);
224 #endif
225
226 _gnutls_handshake_io_buffer_clear( state);
227
228 gnutls_sfree_datum(&state->connection_state.read_mac_secret);
229 gnutls_sfree_datum(&state->connection_state.write_mac_secret);
230
231 _gnutls_free(state->gnutls_internals.application_data_buffer.data);
232 _gnutls_free(state->gnutls_internals.handshake_data_buffer.data);
233 _gnutls_free(state->gnutls_internals.handshake_hash_buffer.data);
234 _gnutls_free(state->gnutls_internals.record_recv_buffer.data);
235 _gnutls_free(state->gnutls_internals.record_send_buffer.data);
236
237 gnutls_clear_creds( state);
238
239 if (state->connection_state.read_cipher_state != NULL)
240 _gnutls_cipher_deinit(state->connection_state.read_cipher_state);
241 if (state->connection_state.write_cipher_state != NULL)
242 _gnutls_cipher_deinit(state->connection_state.write_cipher_state);
243
244 if (state->connection_state.read_compression_state != NULL)
245 _gnutls_comp_deinit(state->connection_state.read_compression_state, 1);
246 if (state->connection_state.write_compression_state != NULL)
247 _gnutls_comp_deinit(state->connection_state.write_compression_state, 0);
248
249 gnutls_sfree_datum( &state->cipher_specs.server_write_mac_secret);
250 gnutls_sfree_datum( &state->cipher_specs.client_write_mac_secret);
251 gnutls_sfree_datum( &state->cipher_specs.server_write_IV);
252 gnutls_sfree_datum( &state->cipher_specs.client_write_IV);
253 gnutls_sfree_datum( &state->cipher_specs.server_write_key);
254 gnutls_sfree_datum( &state->cipher_specs.client_write_key);
255
256 if (state->gnutls_key != NULL) {
257 _gnutls_mpi_release(&state->gnutls_key->KEY);
258 _gnutls_mpi_release(&state->gnutls_key->client_Y);
259 _gnutls_mpi_release(&state->gnutls_key->client_p);
260 _gnutls_mpi_release(&state->gnutls_key->client_g);
261
262 _gnutls_mpi_release(&state->gnutls_key->u);
263 _gnutls_mpi_release(&state->gnutls_key->a);
264 _gnutls_mpi_release(&state->gnutls_key->x);
265 _gnutls_mpi_release(&state->gnutls_key->A);
266 _gnutls_mpi_release(&state->gnutls_key->B);
267 _gnutls_mpi_release(&state->gnutls_key->b);
268
269 _gnutls_mpi_release(&state->gnutls_key->dh_secret);
270 _gnutls_free(state->gnutls_key);
271
272 state->gnutls_key = NULL;
273 }
274
275 _gnutls_free(state->gnutls_internals.db_name);
276
277 memset( state, 0, sizeof(struct GNUTLS_STATE_INT));
278 gnutls_free(state);
279
280 return;
281 }
282
283 int _gnutls_dh_get_prime_bits( GNUTLS_STATE state) {
284 return state->gnutls_internals.dh_prime_bits;
285 }
286
287 int _gnutls_dh_set_peer_public_bits( GNUTLS_STATE state, int bits) {
288 switch( gnutls_auth_get_type( state)) {
289 case GNUTLS_CRD_ANON: {
290 ANON_SERVER_AUTH_INFO info;
291 info = _gnutls_get_auth_info(state);
292 if (info == NULL)
293 return GNUTLS_E_UNKNOWN_ERROR;
294 info->dh_peer_public_bits = bits;
295 break;
296 }
297 case GNUTLS_CRD_CERTIFICATE: {
298 CERTIFICATE_AUTH_INFO info;
299
300 info = _gnutls_get_auth_info(state);
301 if (info == NULL)
302 return GNUTLS_E_UNKNOWN_ERROR;
303
304 info->dh_peer_public_bits = bits;
305 break;
306 }
307 default:
308 gnutls_assert();
309 return GNUTLS_E_UNKNOWN_ERROR;
310 }
311
312 return 0;
313 }
314
315 int _gnutls_dh_set_secret_bits( GNUTLS_STATE state, int bits) {
316 switch( gnutls_auth_get_type( state)) {
317 case GNUTLS_CRD_ANON: {
318 ANON_SERVER_AUTH_INFO info;
319 info = _gnutls_get_auth_info(state);
320 if (info == NULL)
321 return GNUTLS_E_UNKNOWN_ERROR;
322 info->dh_secret_bits = bits;
323 break;
324 }
325 case GNUTLS_CRD_CERTIFICATE: {
326 CERTIFICATE_AUTH_INFO info;
327
328 info = _gnutls_get_auth_info(state);
329 if (info == NULL)
330 return GNUTLS_E_UNKNOWN_ERROR;
331
332 info->dh_secret_bits = bits;
333 break;
334 default:
335 gnutls_assert();
336 return GNUTLS_E_UNKNOWN_ERROR;
337 }
338 }
339
340 return 0;
341 }
342
343 int _gnutls_dh_set_prime_bits( GNUTLS_STATE state, int bits) {
344 switch( gnutls_auth_get_type( state)) {
345 case GNUTLS_CRD_ANON: {
346 ANON_SERVER_AUTH_INFO info;
347 info = _gnutls_get_auth_info(state);
348 if (info == NULL)
349 return GNUTLS_E_UNKNOWN_ERROR;
350 info->dh_prime_bits = bits;
351 break;
352 }
353 case GNUTLS_CRD_CERTIFICATE: {
354 CERTIFICATE_AUTH_INFO info;
355
356 info = _gnutls_get_auth_info(state);
357 if (info == NULL)
358 return GNUTLS_E_UNKNOWN_ERROR;
359
360 info->dh_prime_bits = bits;
361 break;
362 }
363 default:
364 gnutls_assert();
365 return GNUTLS_E_UNKNOWN_ERROR;
366 }
367
368
369 return 0;
370 }
371
372 /**
373 * gnutls_openpgp_send_key - This function will order gnutls to send the openpgp fingerprint instead of the key
374 * @state: is a pointer to a &GNUTLS_STATE structure.
375 * @status: is one of OPENPGP_KEY, or OPENPGP_KEY_FINGERPRINT
376 *
377 * This function will order gnutls to send the key fingerprint instead
378 * of the key in the initial handshake procedure. This should be used
379 * with care and only when there is indication or knowledge that the
380 * server can obtain the client's key.
381 *
382 **/
383 void gnutls_openpgp_send_key(GNUTLS_STATE state, GNUTLS_OpenPGPKeyStatus status) {
384 state->gnutls_internals.pgp_fingerprint = status;
385 }
386
387 int _gnutls_openpgp_send_fingerprint(GNUTLS_STATE state) {
388 return state->gnutls_internals.pgp_fingerprint;
389 }
390
391 /*-
392 * _gnutls_record_set_default_version - Used to set the default version for the first record packet
393 * @state: is a &GNUTLS_STATE structure.
394 * @version: is a tls version
395 *
396 * This function sets the default version that we will use in the first
397 * record packet (client hello). This function is only useful to people
398 * that know TLS internals and want to debug other implementations.
399 *
400 -*/
401 void _gnutls_record_set_default_version(GNUTLS_STATE state, GNUTLS_Version version)
402 {
403 state->gnutls_internals.default_record_version = version;
404 }
405
406 /**
407 * gnutls_record_set_cbc_protection - Used to disable the CBC protection
408 * @state: is a &GNUTLS_STATE structure.
409 * @prot: is an integer (0 or 1)
410 *
411 * A newly discovered attack against the record protocol requires some
412 * counter-measures to be taken. GnuTLS will not enable them by default
413 * thus, sends an empty record packet, before each actual record packet,
414 * in order to assure that the IV is not known to potential attackers.
415 *
416 * This function will enable or disable the chosen plaintext protection
417 * in the TLS record protocol (used with ciphers in CBC mode).
418 * if prot == 0 then protection is disabled (default), otherwise it
419 * is enabled.
420 *
421 * The protection used will slightly decrease performance, and add
422 * 20 or more bytes per record packet.
423 *
424 **/
425 void gnutls_record_set_cbc_protection(GNUTLS_STATE state, int prot)
426 {
427 state->gnutls_internals.cbc_protection_hack = prot;
428 }
429
430 /**
431 * gnutls_handshake_set_rsa_pms_check - Used to disable the RSA PMS check
432 * @state: is a &GNUTLS_STATE structure.
433 * @prot: is an integer (0 or 1)
434 *
435 * The TLS 1.0 handshake protocol includes a check in the in the RSA
436 * encrypted data (only in the case of RSA key exchange), which allows
437 * to detect version roll back attacks.
438 *
439 * However it seems that some broken TLS clients exist which do not
440 * use this check properly. The only solution is to disable this
441 * check completely.
442 *
443 * if check == 0 then the check is enabled (default), otherwise it
444 * is disabled.
445 *
446 * The protection used will slightly decrease performance, and add
447 * 20 or more bytes per record packet.
448 *
449 **/
450 void gnutls_handshake_set_rsa_pms_check(GNUTLS_STATE state, int check)
451 {
452 state->gnutls_internals.rsa_pms_check = check;
453 }
454
455 inline
456 static void _gnutls_cal_PRF_A( MACAlgorithm algorithm, void *secret, int secret_size, void *seed, int seed_size, void* result)
457 {
458 GNUTLS_MAC_HANDLE td1;
459
460 td1 = _gnutls_hmac_init(algorithm, secret, secret_size);
461 _gnutls_hmac(td1, seed, seed_size);
462 _gnutls_hmac_deinit(td1, result);
463
464 return;
465 }
466
467 #define MAX_SEED_SIZE 200
468
469 /* Produces "total_bytes" bytes using the hash algorithm specified.
470 * (used in the PRF function)
471 */
472 static int _gnutls_P_hash( MACAlgorithm algorithm, opaque * secret, int secret_size, opaque * seed, int seed_size, int total_bytes, opaque* ret)
473 {
474
475 GNUTLS_MAC_HANDLE td2;
476 int i = 0, times, how, blocksize, A_size;
477 opaque final[20], Atmp[MAX_SEED_SIZE];
478
479 if (seed_size > MAX_SEED_SIZE || total_bytes<=0) {
480 gnutls_assert();
481 return GNUTLS_E_INTERNAL_ERROR;
482 }
483
484 blocksize = _gnutls_hmac_get_algo_len(algorithm);
485 do {
486 i += blocksize;
487 } while (i < total_bytes);
488
489 /* calculate A(0) */
490
491 memcpy( Atmp, seed, seed_size);
492 A_size = seed_size;
493
494 times = i / blocksize;
495 for (i = 0; i < times; i++) {
496 td2 = _gnutls_hmac_init(algorithm, secret, secret_size);
497
498 /* here we calculate A(i+1) */
499 _gnutls_cal_PRF_A( algorithm, secret, secret_size, Atmp, A_size, Atmp);
500
501 A_size = blocksize;
502
503 _gnutls_hmac(td2, Atmp, A_size);
504 _gnutls_hmac(td2, seed, seed_size);
505 _gnutls_hmac_deinit(td2, final);
506
507 if ( (1+i) * blocksize < total_bytes) {
508 how = blocksize;
509 } else {
510 how = total_bytes - (i) * blocksize;
511 }
512
513 if (how > 0) {
514 memcpy(&ret[i * blocksize], final, how);
515 }
516 }
517
518 return 0;
519 }
520
521 /* Function that xor's buffers using the maximum word size supported
522 * by the system. It should be faster. - only if one / and % are much faster
523 * than the whole xor operation.
524 */
525 inline static
526 void _gnutls_xor(void* _o1, void* _o2, int _length) {
527 unsigned long int* o1 = _o1;
528 unsigned long int* o2 = _o2;
529 int i, length = _length/sizeof(unsigned long int);
530 int modlen = _length%sizeof(unsigned long int);
531
532 for (i = 0; i < length; i++) {
533 o1[i] ^= o2[i];
534 }
535 i*=sizeof(unsigned long int);
536 for (;i<modlen;i++) {
537 ((unsigned char*)_o1)[i] ^= ((unsigned char*)_o2)[i];
538 }
539 return ;
540 }
541
542
543
544 #define MAX_PRF_BYTES 200
545
546 /* The PRF function expands a given secret
547 * needed by the TLS specification. ret must have a least total_bytes
548 * available.
549 */
550 int _gnutls_PRF( opaque * secret, int secret_size, uint8 * label, int label_size, opaque * seed, int seed_size, int total_bytes, void* ret)
551 {
552 int l_s, s_seed_size;
553 char *s1, *s2;
554 opaque s_seed[MAX_SEED_SIZE];
555 opaque o1[MAX_PRF_BYTES], o2[MAX_PRF_BYTES];
556 int result;
557
558 if (total_bytes > MAX_PRF_BYTES) {
559 gnutls_assert();
560 return GNUTLS_E_INTERNAL_ERROR;
561 }
562 /* label+seed = s_seed */
563 s_seed_size = seed_size + label_size;
564
565 if (s_seed_size > MAX_SEED_SIZE) {
566 gnutls_assert();
567 return GNUTLS_E_INTERNAL_ERROR;
568 }
569
570 memcpy(s_seed, label, label_size);
571 memcpy(&s_seed[label_size], seed, seed_size);
572
573 l_s = secret_size / 2;
574 s1 = &secret[0];
575 s2 = &secret[l_s];
576
577 if (secret_size % 2 != 0) {
578 l_s++;
579 }
580
581 result = _gnutls_P_hash( GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size, total_bytes, o1);
582 if (result<0) {
583 gnutls_assert();
584 return result;
585 }
586
587 result = _gnutls_P_hash( GNUTLS_MAC_SHA, s2, l_s, s_seed, s_seed_size, total_bytes, o2);
588 if (result<0) {
589 gnutls_assert();
590 return result;
591 }
592
593 _gnutls_xor(o1, o2, total_bytes);
594
595 memcpy( ret, o1, total_bytes);
596
597 return 0; /* ok */
598
599 }
600
601 /**
602 * gnutls_session_is_resumed - Used to check whether this session is a resumed one
603 * @state: is a &GNUTLS_STATE structure.
604 *
605 * This function will return non zero if this session is a resumed one,
606 * or a zero if this is a new session.
607 *
608 **/
609 int gnutls_session_is_resumed(GNUTLS_STATE state)
610 {
611 if (state->security_parameters.entity==GNUTLS_CLIENT) {
612 if (memcmp( state->security_parameters.session_id,
613 state->gnutls_internals.resumed_security_parameters.session_id,
614 state->security_parameters.session_id_size)==0)
615 return 1;
616 } else {
617 if (state->gnutls_internals.resumed==RESUME_TRUE)
618 return 1;
619 }
620
621 return 0;
622 }
623
624 /**
625 * gnutls_state_get_ptr - Used to get the user pointer from the state structure
626 * @state: is a &GNUTLS_STATE structure.
627 *
628 * This function will return the user given pointer from the state structure.
629 * This is the pointer set with gnutls_state_set_ptr().
630 *
631 **/
632 void* gnutls_state_get_ptr(GNUTLS_STATE state)
633 {
634 return state->gnutls_internals.user_ptr;
635 }
636
637 /**
638 * gnutls_state_set_ptr - Used to set the user pointer to the state structure
639 * @state: is a &GNUTLS_STATE structure.
640 * @ptr: is the user pointer
641 *
642 * This function will set (assosiate) the user given pointer to the state structure.
643 * This is pointer can be accessed with gnutls_state_get_ptr().
644 *
645 **/
646 void gnutls_state_set_ptr(GNUTLS_STATE state, void* ptr)
647 {
648 state->gnutls_internals.user_ptr = ptr;
649 }
Implementation of the SSL/TLS protocol