[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-244-g72be7ce

[Nikos Mavrogiannopoulos]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=72be7ce01acd06c529be3c4676c64ac155d65140

The branch, master has been updated
       via  72be7ce01acd06c529be3c4676c64ac155d65140 (commit)
       via  3a075f3937ac720dd97acfbd01986d26a8f28e24 (commit)
       via  a4c55866e6cc96d7b9acb76a66d97138d77c6d84 (commit)
       via  101f14567d5b652cb5a1f178748c81ec5fd59ba4 (commit)
       via  72ee34e055b4e998966a115de0c86e39b3831aba (commit)
       via  3a0d45264dd310b3cd64f2cb4f294446a701cfd6 (commit)
      from  e029ff67f2b7ca4e911f95671a66a0937b3b7c60 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 72be7ce01acd06c529be3c4676c64ac155d65140
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat Jun 19 17:03:17 2010 +0200

    Some updates in the PKCS11 text.

commit 3a075f3937ac720dd97acfbd01986d26a8f28e24
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat Jun 19 16:49:51 2010 +0200

    Some updates on renegotiation text

commit a4c55866e6cc96d7b9acb76a66d97138d77c6d84
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat Jun 19 16:37:22 2010 +0200

    Removed links for discussion of the COMPAT topic. I don't think they should 
be in the documentation.

commit 101f14567d5b652cb5a1f178748c81ec5fd59ba4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat Jun 19 16:36:08 2010 +0200

    Corrected example with %COMPAT.

commit 72ee34e055b4e998966a115de0c86e39b3831aba
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat Jun 19 16:32:12 2010 +0200

    Added gnutls_sec_param_to_pk_bits() discussion.

commit 3a0d45264dd310b3cd64f2cb4f294446a701cfd6
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat Jun 19 16:24:21 2010 +0200

    corrected text on AES

-----------------------------------------------------------------------

Summary of changes:
 doc/cha-cert-auth.texi |   65 +++++++++++++++++++++++----------------------
 doc/cha-intro-tls.texi |   68 +++++++++++++++++++++++++++++-------------------
 2 files changed, 74 insertions(+), 59 deletions(-)

diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index 68999e1..b447593 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -331,7 +331,7 @@ operations on a token, as well as to objects residing on 
the token. A token can
 be a real hardware token such as a smart card, or it can be a software 
component
 such as @acronym{Gnome Keyring}. The objects residing on such token can be
 certificates, public keys, private keys or even plain data or  secret keys. Of 
those
-certificates and public/private key pairs can be used with @acronym{GnuTLS}. 
It's
+certificates and public/private key pairs can be used with @acronym{GnuTLS}. 
Its
 main advantage is that it allows operations on private key objects such as 
decryption
 and signing without accessing the key itself.
 
@@ -351,8 +351,8 @@ load=/usr/lib/gnome-keyring/gnome-keyring-pkcs11.so
 @end verbatim
 
 If you use this file, then there is no need for other initialization in
address@hidden, except for the PIN and token functions, to allow retrieving a 
PIN
-when accessing a protected object, such as a private key, or allowing probing
address@hidden, except for the PIN and token functions. Those allow retrieving 
a PIN
+when accessing a protected object, such as a private key, as well as probe
 the user to insert the token. All the initialization functions are below.
 
 @itemize
@@ -429,55 +429,56 @@ The following example will list all tokens.
 int i;
 char* url;
 
-       gnutls_global_init();
+gnutls_global_init();
 
-       for (i=0;;i++) {
-               ret = gnutls_pkcs11_token_get_url(i, &url);
-               if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
-                       break;
+for (i=0;;i++) {
+       ret = gnutls_pkcs11_token_get_url(i, &url);
+       if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+               break;
 
-               if (ret < 0)
-                       exit(1);
+       if (ret < 0)
+               exit(1);
                
-               fprintf(stdout, "Token[%d]: URL: %s\n", i, url);
-       }
-       gnutls_global_deinit();
+       fprintf(stdout, "Token[%d]: URL: %s\n", i, url);
+       gnutls_free(url);
+}
+gnutls_global_deinit();
 @end verbatim
 
 
-The next one will list all objects in a token:
+The next one will list all certificates in a token, that have a corresponding
+private key:
 @verbatim
 gnutls_pkcs11_obj_t *obj_list;
 unsigned int obj_list_size = 0;
 gnutls_datum_t cinfo;
 int i;
 
-       obj_list_size = 0;
-       ret = gnutls_pkcs11_obj_list_import_url( obj_list, NULL, url, \
-                               GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY);
-       if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
-               exit(1);
+obj_list_size = 0;
+ret = gnutls_pkcs11_obj_list_import_url( obj_list, NULL, url, \
+                       GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY);
+if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+       exit(1);
 
-       /* no error checking from now on */
-       obj_list = malloc(sizeof(*obj_list)*obj_list_size);
+/* no error checking from now on */
+obj_list = malloc(sizeof(*obj_list)*obj_list_size);
 
-       gnutls_pkcs11_obj_list_import_url( obj_list, &obj_list_size, url, 
flags);
+gnutls_pkcs11_obj_list_import_url( obj_list, &obj_list_size, url, flags);
 
-       /* now all certificates are in obj_list */
+/* now all certificates are in obj_list */
+for (i=0;i<obj_list_size;i++) {
 
-       for (i=0;i<obj_list_size;i++) {
+       gnutls_x509_crt_init(&xcrt);
 
-               gnutls_x509_crt_init(&xcrt);
+       gnutls_x509_crt_import_pkcs11(xcrt, obj_list[i]);
                
-               gnutls_x509_crt_import_pkcs11(xcrt, obj_list[i]);
-               
-               gnutls_x509_crt_print (xcrt, GNUTLS_CRT_PRINT_FULL, &cinfo);
+       gnutls_x509_crt_print (xcrt, GNUTLS_CRT_PRINT_FULL, &cinfo);
 
-               fprintf(stdout, "cert[%d]:\n %s\n\n", cinfo.data);
+       fprintf(stdout, "cert[%d]:\n %s\n\n", cinfo.data);
 
-               gnutls_free(cinfo.data);
-               gnutls_x509_crt_deinit(&xcrt);
-       }
+       gnutls_free(cinfo.data);
+       gnutls_x509_crt_deinit(&xcrt);
+}
 @end verbatim
 
 
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index b10ca88..a08a2d4 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -167,8 +167,7 @@ which is considered weak.
 
 @item AES_CBC
 AES or RIJNDAEL is the block cipher algorithm that replaces the old
-DES algorithm.  Has 128 bits block size and is used in CBC mode. This
-is not officially supported in TLS.
+DES algorithm.  Has 128 bits block size and is used in CBC mode.
 @end table
 
 Supported MAC algorithms:
@@ -596,6 +595,20 @@ table that extends beyond the key sizes given above.
 
 The recommendations are fairly consistent.
 
+When using @acronym{GnuTLS} and 
+bit sizes are required as input it is recommended to use the following
+functions:
address@hidden
+
address@hidden @ref{gnutls_pk_bits_to_sec_param}
+
address@hidden @ref{gnutls_sec_param_to_pk_bits}
+
address@hidden itemize
+Those functions will convert a human understandable security parameter
+of @code{gnutls_sec_param_t} type, to a number of bits suitable for a public 
+key algorithm.
+
 @node On SSL 2 and older protocols
 @section On SSL 2 and Older Protocols
 @cindex SSL 2
@@ -677,40 +690,41 @@ different incoming IP addresses.
 
 To enable the workaround in the @code{gnutls-cli} client or the
 @code{gnutls-serv} server, for testing of other implementations, use
-the following parameter: @code{--priority "%COMPAT"}.
-
-This problem has been discussed on mailing lists and in bug reports.
-This section tries to collect all pieces of information that we know
-about the problem.  If you wish to go back to the old discussions,
-here are some links:
-
address@hidden://bugs.debian.org/390712}
-
address@hidden://bugs.debian.org/402861}
-
address@hidden://bugs.debian.org/438137}
-
address@hidden://thread.gmane.org/gmane.ietf.tls/3079}
+the following parameter: @code{--priority "NORMAL:%COMPAT"}.
 
 @node Safe Renegotiation
 @section Safe Renegotiation
 @cindex renegotiation
 
-Some application protocols and implementations uses the TLS
-renegotiation feature in a manner that enables attackers to insert
+TLS gives the option to two communicating parties to renegotiate
+and update their security parameters. One useful example of this feature
+was for a client to initially connect using anonymous negotiation to a
+server, and the renegotiate using some authenticated ciphersuite. This occured
+to avoid having the client sending its credentials in the clear.
+
+However this renegotiation, as initially designed would not ensure that
+the party one is renegotiating is the same as the one in the initial 
negotiation.
+For example one server could forward all renegotiation traffic to an other
+server who will see this traffic as an initial negotiation attempt.
+
+This might be seen as a valid design decision, but it seems it was
+not widely known or understood, thus today some application protocols the TLS
+renegotiation feature in a manner that enables a malicious server to insert
 content of his choice in the beginning of a TLS session.
 
-One easy to understand vulnerability is HTTPS when servers request
-client certificates optionally for certain parts of a web site.  The
+The most prominent vulnerability was with HTTPS. There servers request
+a renegotiation to enforce an anonymous user to use a certificate in order
+to access certain parts of a web site.  The
 attack works by having the attacker simulate a client and connect to a
 server, with server-only authentication, and send some data intended
-to cause harm.  When the proper client attempts to contact the server,
-the attacker hijacks that connection and uses the TLS renegotiation
-feature with the server and splices in the client connection to the
-already established connection between the attacker and server.  The
+to cause harm.  The server will then require renegotiation from him
+in order to perform the request. 
+When the proper client attempts to contact the server,
+the attacker hijacks that connection and forwards traffic to
+the initial server that requested renegotiation.  The
 attacker will not be able to read the data exchanged between the
 client and the server.  However, the server will (incorrectly) assume
-that the data sent by the attacker was sent by the now authenticated
+that the initial request sent by the attacker was sent by the now authenticated
 client.  The result is a prefix plain-text injection attack.
 
 The above is just one example.  Other vulnerabilities exists that do
@@ -733,8 +747,8 @@ not support the safe renegotiation extension.  Clients and 
servers
 will refuse renegotiation attempts when the extension has not been
 negotiated.
 
-Note that permitting clients to connect to servers even when the safe
-renegotiation extension is not negotiated open up for some attacks.
+Note that permitting clients to connect to servers when the safe
+renegotiation extension is not enabled, is open up for attacks.
 Changing this default behaviour would prevent interoperability against
 the majority of deployed servers out there.  We will reconsider this
 default behaviour in the future when more servers have been upgraded.


hooks/post-receive
-- 
GNU gnutls