[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-140-g9985aac
|
From: |
Simon Josefsson |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-140-g9985aac |
|
Date: |
Wed, 17 Feb 2010 18:07:11 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=9985aac98be2b0121a681f1690832c6928fdbf00
The branch, master has been updated
via 9985aac98be2b0121a681f1690832c6928fdbf00 (commit)
via 1d6766cda39a57f118afae222e2daa5d91b6e386 (commit)
via 555ddcdcf363ca4f46cb061ccfb66703e9ee0420 (commit)
from d43874e7a4a1daf6a8382c688b56ee76f27673e5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9985aac98be2b0121a681f1690832c6928fdbf00
Author: Simon Josefsson <address@hidden>
Date: Wed Feb 17 19:06:14 2010 +0100
Indent. Don't include fcntl.h and sys/ioctl.h on (for example) Windows.
commit 1d6766cda39a57f118afae222e2daa5d91b6e386
Author: Simon Josefsson <address@hidden>
Date: Wed Feb 17 19:00:21 2010 +0100
Fix objdir != srcdir.
commit 555ddcdcf363ca4f46cb061ccfb66703e9ee0420
Author: Simon Josefsson <address@hidden>
Date: Wed Feb 17 18:59:03 2010 +0100
Drop bashism. Make it work on Windows.
-----------------------------------------------------------------------
Summary of changes:
lib/cryptodev.c | 354 ++++++++++++++++++++-----------------
tests/safe-renegotiation/testsrn | 21 ++-
2 files changed, 203 insertions(+), 172 deletions(-)
diff --git a/lib/cryptodev.c b/lib/cryptodev.c
index 9a36b9d..5402200 100644
--- a/lib/cryptodev.c
+++ b/lib/cryptodev.c
@@ -24,13 +24,13 @@
#include <gnutls_errors.h>
#include <gnutls_int.h>
-#include <sys/ioctl.h>
-#include <fcntl.h>
#include <gnutls/crypto.h>
#include <gnutls_cryptodev.h>
#ifdef ENABLE_CRYPTODEV
+#include <fcntl.h>
+#include <sys/ioctl.h>
#include <crypto/cryptodev.h>
#ifndef CRYPTO_CIPHER_MAX_KEY_LEN
@@ -44,217 +44,245 @@
static int cryptodev_fd = -1;
-struct cryptodev_ctx {
- struct session_op sess;
- struct crypt_op cryp;
- opaque iv[EALG_MAX_BLOCK_LEN];
- opaque key[CRYPTO_CIPHER_MAX_KEY_LEN];
- int cfd;
+struct cryptodev_ctx
+{
+ struct session_op sess;
+ struct crypt_op cryp;
+ opaque iv[EALG_MAX_BLOCK_LEN];
+ opaque key[CRYPTO_CIPHER_MAX_KEY_LEN];
+ int cfd;
};
static const int gnutls_cipher_map[] = {
- [GNUTLS_CIPHER_AES_128_CBC] = CRYPTO_AES_CBC,
- [GNUTLS_CIPHER_AES_192_CBC] = CRYPTO_AES_CBC,
- [GNUTLS_CIPHER_AES_256_CBC] = CRYPTO_AES_CBC,
- [GNUTLS_CIPHER_3DES_CBC] = CRYPTO_3DES_CBC,
- [GNUTLS_CIPHER_CAMELLIA_128_CBC] = CRYPTO_CAMELLIA_CBC,
- [GNUTLS_CIPHER_CAMELLIA_256_CBC] = CRYPTO_CAMELLIA_CBC,
- [GNUTLS_CIPHER_DES_CBC] = CRYPTO_DES_CBC,
+ [GNUTLS_CIPHER_AES_128_CBC] = CRYPTO_AES_CBC,
+ [GNUTLS_CIPHER_AES_192_CBC] = CRYPTO_AES_CBC,
+ [GNUTLS_CIPHER_AES_256_CBC] = CRYPTO_AES_CBC,
+ [GNUTLS_CIPHER_3DES_CBC] = CRYPTO_3DES_CBC,
+ [GNUTLS_CIPHER_CAMELLIA_128_CBC] = CRYPTO_CAMELLIA_CBC,
+ [GNUTLS_CIPHER_CAMELLIA_256_CBC] = CRYPTO_CAMELLIA_CBC,
+ [GNUTLS_CIPHER_DES_CBC] = CRYPTO_DES_CBC,
};
-
-static int cryptodev_cipher_init(gnutls_cipher_algorithm_t algorithm, void**
_ctx)
-{
-struct cryptodev_ctx* ctx;
-int cipher = gnutls_cipher_map[algorithm];
- *_ctx = gnutls_calloc(1, sizeof(struct cryptodev_ctx));
- if (*_ctx == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+static int
+cryptodev_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx)
+{
+ struct cryptodev_ctx *ctx;
+ int cipher = gnutls_cipher_map[algorithm];
+
+ *_ctx = gnutls_calloc (1, sizeof (struct cryptodev_ctx));
+ if (*_ctx == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ctx = *_ctx;
+
+ if (ioctl (cryptodev_fd, CRIOGET, &ctx->cfd))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ if (fcntl (ctx->cfd, F_SETFD, 1) == -1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ ctx->sess.cipher = cipher;
+ ctx->sess.key = ctx->key;
+ ctx->cryp.iv = ctx->iv;
+
+ return 0;
+}
- ctx = *_ctx;
+static int
+cryptodev_setkey (void *_ctx, const void *key, size_t keysize)
+{
+ struct cryptodev_ctx *ctx = _ctx;
- if (ioctl(cryptodev_fd, CRIOGET, &ctx->cfd)) {
- gnutls_assert();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
+ ctx->sess.keylen = keysize;
+ memcpy (ctx->key, key, keysize);
- if (fcntl(ctx->cfd, F_SETFD, 1) == -1) {
- gnutls_assert();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
+ if (ioctl (ctx->cfd, CIOCGSESSION, &ctx->sess))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+ ctx->cryp.ses = ctx->sess.ses;
- ctx->sess.cipher = cipher;
- ctx->sess.key = ctx->key;
- ctx->cryp.iv = ctx->iv;
+ return 0;
- return 0;
}
-static int cryptodev_setkey( void* _ctx, const void *key, size_t keysize)
+static int
+cryptodev_setiv (void *_ctx, const void *iv, size_t iv_size)
{
-struct cryptodev_ctx* ctx = _ctx;
-
- ctx->sess.keylen = keysize;
- memcpy(ctx->key, key, keysize);
-
- if (ioctl(ctx->cfd, CIOCGSESSION, &ctx->sess)) {
- gnutls_assert();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
- ctx->cryp.ses = ctx->sess.ses;
-
- return 0;
-
-}
+ struct cryptodev_ctx *ctx = _ctx;
-static int cryptodev_setiv( void* _ctx, const void* iv, size_t iv_size)
-{
-struct cryptodev_ctx* ctx = _ctx;
+ memcpy (ctx->iv, iv, iv_size);
- memcpy(ctx->iv, iv, iv_size);
-
- return 0;
+ return 0;
}
-static int cryptodev_encrypt(void* _ctx, const void* plain, size_t plainsize,
- void* encr, size_t encrsize)
+static int
+cryptodev_encrypt (void *_ctx, const void *plain, size_t plainsize,
+ void *encr, size_t encrsize)
{
-struct cryptodev_ctx* ctx = _ctx;
- ctx->cryp.len = plainsize;
- ctx->cryp.src = (void*)plain;
- ctx->cryp.dst = encr;
- ctx->cryp.op = COP_ENCRYPT;
- if (ioctl(ctx->cfd, CIOCCRYPT, &ctx->cryp)) {
- gnutls_assert();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
- return 0;
+ struct cryptodev_ctx *ctx = _ctx;
+ ctx->cryp.len = plainsize;
+ ctx->cryp.src = (void *) plain;
+ ctx->cryp.dst = encr;
+ ctx->cryp.op = COP_ENCRYPT;
+ if (ioctl (ctx->cfd, CIOCCRYPT, &ctx->cryp))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+ return 0;
}
-static int cryptodev_decrypt(void* _ctx, const void* encr, size_t encrsize,
- void* plain, size_t plainsize)
+static int
+cryptodev_decrypt (void *_ctx, const void *encr, size_t encrsize,
+ void *plain, size_t plainsize)
{
-struct cryptodev_ctx* ctx = _ctx;
-
- ctx->cryp.len = encrsize;
- ctx->cryp.src = (void*)encr;
- ctx->cryp.dst = plain;
- ctx->cryp.op = COP_DECRYPT;
- if (ioctl(ctx->cfd, CIOCCRYPT, &ctx->cryp)) {
- gnutls_assert();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
- return 0;
-
+ struct cryptodev_ctx *ctx = _ctx;
+
+ ctx->cryp.len = encrsize;
+ ctx->cryp.src = (void *) encr;
+ ctx->cryp.dst = plain;
+ ctx->cryp.op = COP_DECRYPT;
+ if (ioctl (ctx->cfd, CIOCCRYPT, &ctx->cryp))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+ return 0;
+
}
-static void cryptodev_deinit(void* _ctx)
+static void
+cryptodev_deinit (void *_ctx)
{
-struct cryptodev_ctx* ctx = _ctx;
+ struct cryptodev_ctx *ctx = _ctx;
- close(ctx->cfd);
- gnutls_free(ctx);
+ close (ctx->cfd);
+ gnutls_free (ctx);
}
static const gnutls_crypto_cipher_st cipher_struct = {
- .init = cryptodev_cipher_init,
- .setkey = cryptodev_setkey,
- .setiv = cryptodev_setiv,
- .encrypt = cryptodev_encrypt,
- .decrypt = cryptodev_decrypt,
- .deinit = cryptodev_deinit,
+ .init = cryptodev_cipher_init,
+ .setkey = cryptodev_setkey,
+ .setiv = cryptodev_setiv,
+ .encrypt = cryptodev_encrypt,
+ .decrypt = cryptodev_decrypt,
+ .deinit = cryptodev_deinit,
};
-struct cipher_map {
- gnutls_cipher_algorithm_t gnutls_cipher;
- int cryptodev_cipher;
- int keylen;
+struct cipher_map
+{
+ gnutls_cipher_algorithm_t gnutls_cipher;
+ int cryptodev_cipher;
+ int keylen;
};
static const struct cipher_map cipher_map[] = {
- {GNUTLS_CIPHER_3DES_CBC, CRYPTO_3DES_CBC, 21},
- {GNUTLS_CIPHER_AES_128_CBC, CRYPTO_AES_CBC, 16},
- {GNUTLS_CIPHER_AES_192_CBC, CRYPTO_AES_CBC, 24},
- {GNUTLS_CIPHER_AES_256_CBC, CRYPTO_AES_CBC, 32},
- {GNUTLS_CIPHER_CAMELLIA_128_CBC, CRYPTO_CAMELLIA_CBC, 16},
- {GNUTLS_CIPHER_CAMELLIA_256_CBC, CRYPTO_CAMELLIA_CBC, 24},
- {GNUTLS_CIPHER_DES_CBC, CRYPTO_DES_CBC, 8},
- {GNUTLS_CIPHER_UNKNOWN, 0}
+ {GNUTLS_CIPHER_3DES_CBC, CRYPTO_3DES_CBC, 21},
+ {GNUTLS_CIPHER_AES_128_CBC, CRYPTO_AES_CBC, 16},
+ {GNUTLS_CIPHER_AES_192_CBC, CRYPTO_AES_CBC, 24},
+ {GNUTLS_CIPHER_AES_256_CBC, CRYPTO_AES_CBC, 32},
+ {GNUTLS_CIPHER_CAMELLIA_128_CBC, CRYPTO_CAMELLIA_CBC, 16},
+ {GNUTLS_CIPHER_CAMELLIA_256_CBC, CRYPTO_CAMELLIA_CBC, 24},
+ {GNUTLS_CIPHER_DES_CBC, CRYPTO_DES_CBC, 8},
+ {GNUTLS_CIPHER_UNKNOWN, 0}
};
-static int register_crypto(int cfd)
-{
- struct session_op sess;
- char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
- int i=0, ret;
-
- memset(&sess, 0, sizeof(sess));
- do {
- /* test if a cipher is support it and if yes register it */
- sess.cipher = cipher_map[i].cryptodev_cipher;
- sess.keylen = cipher_map[i].keylen;
- sess.key = fake_key;
-
- if (ioctl(cfd, CIOCGSESSION, &sess)) {
- continue;
- }
-
- ret =
gnutls_crypto_single_cipher_register(cipher_map[i].gnutls_cipher, 90,
&cipher_struct);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- } while(cipher_map[i++].gnutls_cipher != GNUTLS_CIPHER_UNKNOWN);
-
- return 0;
-}
-
-int _gnutls_cryptodev_init(void)
+static int
+register_crypto (int cfd)
{
- int cfd = -1, ret;
-
- /* Open the crypto device */
- cryptodev_fd = open("/dev/crypto", O_RDWR, 0);
- if (cryptodev_fd < 0) {
- gnutls_assert();
- return GNUTLS_E_CRYPTODEV_DEVICE_ERROR;
+ struct session_op sess;
+ char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
+ int i = 0, ret;
+
+ memset (&sess, 0, sizeof (sess));
+ do
+ {
+ /* test if a cipher is support it and if yes register it */
+ sess.cipher = cipher_map[i].cryptodev_cipher;
+ sess.keylen = cipher_map[i].keylen;
+ sess.key = fake_key;
+
+ if (ioctl (cfd, CIOCGSESSION, &sess))
+ {
+ continue;
}
- /* Clone file descriptor */
- if (ioctl(cryptodev_fd, CRIOGET, &cfd)) {
- gnutls_assert();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ ret =
+ gnutls_crypto_single_cipher_register (cipher_map[i].gnutls_cipher, 90,
+ &cipher_struct);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- /* Set close-on-exec (not really neede here) */
- if (fcntl(cfd, F_SETFD, 1) == -1) {
- gnutls_assert();
- return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
- }
+ }
+ while (cipher_map[i++].gnutls_cipher != GNUTLS_CIPHER_UNKNOWN);
- /* Run the test itself */
- ret = register_crypto(cfd);
-
- close(cfd);
- return ret;
+ return 0;
+}
+
+int
+_gnutls_cryptodev_init (void)
+{
+ int cfd = -1, ret;
+
+ /* Open the crypto device */
+ cryptodev_fd = open ("/dev/crypto", O_RDWR, 0);
+ if (cryptodev_fd < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_DEVICE_ERROR;
+ }
+
+ /* Clone file descriptor */
+ if (ioctl (cryptodev_fd, CRIOGET, &cfd))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ /* Set close-on-exec (not really neede here) */
+ if (fcntl (cfd, F_SETFD, 1) == -1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ /* Run the test itself */
+ ret = register_crypto (cfd);
+
+ close (cfd);
+ return ret;
}
-void _gnutls_cryptodev_deinit()
+void
+_gnutls_cryptodev_deinit ()
{
- close(cryptodev_fd);
+ close (cryptodev_fd);
}
#else
-int _gnutls_cryptodev_init()
+int
+_gnutls_cryptodev_init ()
{
- return 0;
+ return 0;
}
-void _gnutls_cryptodev_deinit()
+void
+_gnutls_cryptodev_deinit ()
{
- return;
+ return;
}
#endif /* ENABLE_CRYPTODEV */
diff --git a/tests/safe-renegotiation/testsrn b/tests/safe-renegotiation/testsrn
index 877f451..a5ca0cd 100755
--- a/tests/safe-renegotiation/testsrn
+++ b/tests/safe-renegotiation/testsrn
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Copyright (C) 2010 Free Software Foundation, Inc.
#
@@ -21,8 +21,8 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
srcdir="${srcdir:-.}"
-SERV="${SERV:-../../src/gnutls-serv} -q"
-CLI="${CLI:-../../src/gnutls-cli}"
+SERV="${SERV:-../../src/gnutls-serv$EXEEXT} -q"
+CLI="${CLI:-../../src/gnutls-cli$EXEEXT}"
PORT="${PORT:-5558}"
unset RETCODE
@@ -33,7 +33,8 @@ fail() {
echo "Checking Safe renegotiation"
-$SERV -p $PORT --echo --priority NORMAL:+ANON-DH --dhparams params.dh
>/dev/null 2>&1 &
+$SERV -p $PORT --echo --priority NORMAL:+ANON-DH --dhparams $srcdir/params.dh
>/dev/null 2>&1 &
+pid=$!
# give the server a chance to initialize
sleep 2
@@ -50,10 +51,11 @@ $CLI -p $PORT localhost --priority
NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION <
$CLI -p $PORT localhost --rehandshake --priority
NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
fail "4. Unsafe renegotiation should have failed!"
-kill %1
+kill $pid
wait
-$SERV -p $PORT --echo --priority NORMAL:+ANON-DH:%INITIAL_SAFE_RENEGOTIATION
--dhparams params.dh >/dev/null 2>&1 &
+$SERV -p $PORT --echo --priority NORMAL:+ANON-DH:%INITIAL_SAFE_RENEGOTIATION
--dhparams $srcdir/params.dh >/dev/null 2>&1 &
+pid=$!
# give the server a chance to initialize
sleep 2
@@ -70,10 +72,11 @@ $CLI -p $PORT localhost --priority
NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION <
$CLI -p $PORT localhost --rehandshake --priority
NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
fail "8. Unsafe renegotiation should have failed!"
-kill %1
+kill $pid
wait
-$SERV -p $PORT --echo --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION
--dhparams params.dh >/dev/null 2>&1 &
+$SERV -p $PORT --echo --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION
--dhparams $srcdir/params.dh >/dev/null 2>&1 &
+pid=$!
# give the server a chance to initialize
sleep 2
@@ -90,7 +93,7 @@ $CLI -p $PORT localhost --priority
NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION <
$CLI -p $PORT localhost --rehandshake --priority
NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
fail "12. Unsafe renegotiation should have succeeded!"
-kill %1
+kill $pid
wait
exit ${RETCODE:-0}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-140-g9985aac,
Simon Josefsson <=