[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-276-g3871a9b
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-276-g3871a9b |
|
Date: |
Fri, 11 Mar 2011 19:43:46 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=3871a9b6a7400f45f9c11c49f4c12b1b8f4b7d15
The branch, master has been updated
via 3871a9b6a7400f45f9c11c49f4c12b1b8f4b7d15 (commit)
via 077ebc2979f286ff7671c8baa80cbf69ed5713d6 (commit)
via a2fae2da0c3fd48592c1799a197059a06f3299ae (commit)
from 9ab04f58304603c5c5f2d69e8e51cd378d75e8a7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3871a9b6a7400f45f9c11c49f4c12b1b8f4b7d15
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Mar 11 20:43:40 2011 +0100
properly re-generate headers of fragmented packets.
commit 077ebc2979f286ff7671c8baa80cbf69ed5713d6
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Mar 11 20:27:33 2011 +0100
increased initial retransmission time to 1 sec.
commit a2fae2da0c3fd48592c1799a197059a06f3299ae
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Mar 11 20:21:40 2011 +0100
In DTLS do not hash messages that shouldn't be hashed (i.e. hello verify
request).
-----------------------------------------------------------------------
Summary of changes:
lib/gnutls_buffers.c | 6 ++++-
lib/gnutls_handshake.c | 54 ++++++++++++++++++-----------------------------
lib/gnutls_state.c | 2 +-
3 files changed, 27 insertions(+), 35 deletions(-)
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index 55a7665..5d7612d 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -923,6 +923,7 @@ static void
_gnutls_handshake_buffer_move(handshake_buffer_st* dst, handshake_bu
/* will merge the given handshake_buffer_st to the handshake_recv_buffer
* list. The given hsk packet will be released in any case (success or
failure).
+ * Only used in DTLS.
*/
static int merge_handshake_packet(gnutls_session_t session,
handshake_buffer_st* hsk)
{
@@ -959,11 +960,14 @@ int ret;
}
session->internals.handshake_recv_buffer_size++;
-
_gnutls_handshake_buffer_move(&session->internals.handshake_recv_buffer[pos],
hsk);
/* rewrite headers to make them look as each packet came as a single
fragment */
+ _gnutls_write_uint24(hsk->length, &hsk->header[1]);
_gnutls_write_uint24(0, &hsk->header[6]);
_gnutls_write_uint24(hsk->length, &hsk->header[9]);
+
+
_gnutls_handshake_buffer_move(&session->internals.handshake_recv_buffer[pos],
hsk);
+
}
else
{
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 6b7f1d3..6527ceb 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1216,23 +1216,6 @@ _gnutls_send_handshake (gnutls_session_t session,
mbuffer_st * bufel,
session, _gnutls_handshake2str (type),
(long) datasize);
-
- /* If we send a second or more ClientHello due to a
- HelloVerifyRequest, we only remember the last ClientHello
- sent for hashing purposes. */
- if (_gnutls_is_dtls(session)
- && type == GNUTLS_HANDSHAKE_CLIENT_HELLO
- && (session->internals.last_handshake_out ==
GNUTLS_HANDSHAKE_CLIENT_HELLO
- || session->internals.last_handshake_out == -1))
- {
- _gnutls_handshake_hash_buffers_clear (session);
- if ((ret = _gnutls_handshake_hash_init (session)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
-
/* Here we keep the handshake messages in order to hash them...
*/
if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
@@ -1291,6 +1274,10 @@ _gnutls_handshake_hash_add_recvd (gnutls_session_t
session,
{
int ret;
+ if (recv_type == GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST ||
+ recv_type == GNUTLS_HANDSHAKE_HELLO_REQUEST)
+ return 0;
+
/* The idea here is to hash the previous message we received,
* and add the one we just received into the handshake_hash_buffer.
*/
@@ -1307,25 +1294,21 @@ _gnutls_handshake_hash_add_recvd (gnutls_session_t
session,
}
/* here we buffer the handshake messages - needed at Finished message */
- if (recv_type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
+ if ((ret =
+ _gnutls_handshake_buffer_put (session, header, header_size)) < 0)
{
+ gnutls_assert ();
+ return ret;
+ }
+ if (datalen > 0)
+ {
if ((ret =
- _gnutls_handshake_buffer_put (session, header, header_size)) < 0)
+ _gnutls_handshake_buffer_put (session, dataptr, datalen)) < 0)
{
gnutls_assert ();
return ret;
}
-
- if (datalen > 0)
- {
- if ((ret =
- _gnutls_handshake_buffer_put (session, dataptr, datalen)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
}
return 0;
@@ -1355,15 +1338,16 @@ _gnutls_recv_handshake (gnutls_session_t session,
return 0;
}
- _gnutls_audit_log("Received unexpected handshake message '%s' (%d).
Expected '%s' (%d)\n",
+ if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET)
+ _gnutls_audit_log("Received unexpected handshake message '%s' (%d).
Expected '%s' (%d)\n",
_gnutls_handshake2str(hsk.htype), (int)hsk.htype,
_gnutls_handshake2str(type), (int)type);
return gnutls_assert_val(ret);
}
ret = _gnutls_handshake_hash_add_recvd (session, hsk.htype,
- hsk.header, hsk.header_size,
- hsk.data.data, hsk.data.length);
+ hsk.header, hsk.header_size,
+ hsk.data.data, hsk.data.length);
if (ret < 0)
{
gnutls_assert ();
@@ -2242,6 +2226,7 @@ _gnutls_recv_hello_verify_request (gnutls_session_t
session,
{
ssize_t len = datalen;
size_t pos = 0;
+ int ret;
uint8_t cookie_len;
unsigned int nb_verifs;
@@ -2249,7 +2234,7 @@ _gnutls_recv_hello_verify_request (gnutls_session_t
session,
|| session->security_parameters.entity == GNUTLS_SERVER)
{
gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET;
+ return GNUTLS_E_INTERNAL_ERROR;
}
nb_verifs = ++session->internals.dtls.hsk_hello_verify_requests;
@@ -2288,6 +2273,9 @@ _gnutls_recv_hello_verify_request (gnutls_session_t
session,
return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
}
+ /* reset handshake hash buffers */
+ _gnutls_handshake_buffer_empty (session);
+
return 0;
}
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index e29749e..68dc356 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -402,7 +402,7 @@ gnutls_init_dtls (gnutls_session_t * session,
(*session)->internals.dtls.mtu = DTLS_DEFAULT_MTU;
(*session)->internals.transport = GNUTLS_DGRAM;
- (*session)->internals.dtls.retrans_timeout = 800;
+ (*session)->internals.dtls.retrans_timeout = 1000;
(*session)->internals.dtls.total_timeout = 60000;
(*session)->internals.dtls.record_sw_size = 0;
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-276-g3871a9b,
Nikos Mavrogiannopoulos <=