[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-221-gd77d792
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-221-gd77d792 |
|
Date: |
Tue, 14 Feb 2012 10:33:14 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=d77d792c4abc6a198309501bd293dbf0252436b8
The branch, master has been updated
via d77d792c4abc6a198309501bd293dbf0252436b8 (commit)
via 90dfb21d9d03a336a4a8ee4b747b2236ac8686ea (commit)
via fe48f95d6b5d9a2e8b51851528685801e27225b6 (commit)
via 1148b8e34f5e0cb408f732f26af8132d88d5ee50 (commit)
via 1d2466e9816a4cd7c1df69c029cbc2ea1eae763a (commit)
from 6d9b794ba08cc26efc2298c9009b0b52d14b7b91 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d77d792c4abc6a198309501bd293dbf0252436b8
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Feb 14 11:38:24 2012 +0100
handle GNUTLS_E_INTERRUPTED when in DTLS mode.
commit 90dfb21d9d03a336a4a8ee4b747b2236ac8686ea
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Feb 14 11:30:20 2012 +0100
added a valid template
commit fe48f95d6b5d9a2e8b51851528685801e27225b6
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Feb 14 11:23:04 2012 +0100
Do not treat any message from the peer as an indication that the last
flight was correctly received.
Verify instead that the received handshake message has an expected sequence
number.
commit 1148b8e34f5e0cb408f732f26af8132d88d5ee50
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Feb 14 11:22:51 2012 +0100
changecipherspec is correctly added into buffers.
commit 1d2466e9816a4cd7c1df69c029cbc2ea1eae763a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Feb 12 19:35:09 2012 +0100
use NEED_LIBOPTS_DIR=true instead of modifying libopts.m4
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 1 +
lib/ext/session_ticket.c | 2 +-
lib/gnutls_buffers.c | 57 ++++++++++++-------------
lib/gnutls_buffers.h | 5 ++-
lib/gnutls_dtls.c | 103 ++++++++++++++++++++++++++++++++++-----------
lib/gnutls_dtls.h | 7 ++-
lib/gnutls_handshake.c | 22 ++++------
lib/gnutls_handshake.h | 5 +--
lib/gnutls_int.h | 3 +-
lib/gnutls_kx.c | 24 +++++-----
lib/gnutls_record.c | 4 +-
src/libopts/m4/libopts.m4 | 3 +-
tests/key-id/key-id | 2 +-
13 files changed, 145 insertions(+), 93 deletions(-)
diff --git a/configure.ac b/configure.ac
index 72f9014..f23c33c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -148,6 +148,7 @@ fi
AM_CONDITIONAL(ENABLE_PKCS11, test "$with_p11_kit" != "no")
dnl Checks for programs in src/
+NEED_LIBOPTS_DIR=true
LIBOPTS_CHECK([src/libopts])
AC_CHECK_TYPE(ssize_t,
diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
index 70f1299..626c976 100644
--- a/lib/ext/session_ticket.c
+++ b/lib/ext/session_ticket.c
@@ -691,7 +691,7 @@ _gnutls_recv_new_session_ticket (gnutls_session_t session)
ret = _gnutls_recv_handshake (session,
GNUTLS_HANDSHAKE_NEW_SESSION_TICKET,
- MANDATORY_PACKET, &buf);
+ 0, &buf);
if (ret < 0)
return gnutls_assert_val_fatal(ret);
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index 755bb4c..80b5b22 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -736,8 +736,8 @@ const handshake_buffer_st* e2 = _e2;
#define SSL2_HEADERS 1
static int
-parse_handshake_header (gnutls_session_t session, mbuffer_st* bufel,
gnutls_handshake_description_t htype,
- handshake_buffer_st* hsk)
+parse_handshake_header (gnutls_session_t session, mbuffer_st* bufel,
+ handshake_buffer_st* hsk)
{
uint8_t *dataptr = NULL; /* for realloc */
size_t handshake_header_size = HANDSHAKE_HEADER_SIZE(session), data_size;
@@ -749,8 +749,7 @@ parse_handshake_header (gnutls_session_t session,
mbuffer_st* bufel, gnutls_hand
dataptr = _mbuffer_get_udata_ptr(bufel);
/* if reading a client hello of SSLv2 */
- if (!IS_DTLS(session) && htype == GNUTLS_HANDSHAKE_CLIENT_HELLO &&
- bufel->htype == GNUTLS_HANDSHAKE_CLIENT_HELLO_V2)
+ if (!IS_DTLS(session) && bufel->htype == GNUTLS_HANDSHAKE_CLIENT_HELLO_V2)
{
handshake_header_size = SSL2_HEADERS; /* we've already read one byte */
@@ -913,7 +912,7 @@ inline static int
cmp_hsk_types(gnutls_handshake_description_t expected, gnutls_
/* returns the last stored handshake packet.
*/
static int get_last_packet(gnutls_session_t session,
gnutls_handshake_description_t htype,
- handshake_buffer_st * hsk)
+ handshake_buffer_st * hsk, unsigned int optional)
{
handshake_buffer_st* recv_buf = session->internals.handshake_recv_buffer;
@@ -925,7 +924,10 @@ handshake_buffer_st* recv_buf =
session->internals.handshake_recv_buffer;
if (htype != recv_buf[LAST_ELEMENT].htype)
{
- hsk->htype = recv_buf[LAST_ELEMENT].htype;
+ if (optional == 0)
+ _gnutls_audit_log(session, "Received unexpected handshake message
'%s' (%d). Expected '%s' (%d)\n",
+ _gnutls_handshake2str(recv_buf[0].htype),
(int)recv_buf[0].htype, _gnutls_handshake2str(htype), (int)htype);
+
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET);
}
@@ -947,7 +949,6 @@ handshake_buffer_st* recv_buf =
session->internals.handshake_recv_buffer;
{
if (cmp_hsk_types(htype, recv_buf[0].htype) == 0)
{
- hsk->htype = recv_buf[LAST_ELEMENT].htype;
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET);
}
@@ -960,16 +961,16 @@ handshake_buffer_st* recv_buf =
session->internals.handshake_recv_buffer;
}
timeout:
- RETURN_DTLS_EAGAIN_OR_TIMEOUT(session);
+ RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, 0);
}
/* This is a receive function for the gnutls handshake
* protocol. Makes sure that we have received all data.
+ *
+ * htype is the next handshake packet expected.
*/
-static int
-parse_record_buffered_msgs (gnutls_session_t session,
- gnutls_handshake_description_t htype,
- handshake_buffer_st * hsk)
+int
+_gnutls_parse_record_buffered_msgs (gnutls_session_t session)
{
gnutls_datum_t msg;
mbuffer_st* bufel = NULL, *prev = NULL;
@@ -1011,7 +1012,7 @@ parse_record_buffered_msgs (gnutls_session_t session,
}
else /* received new message */
{
- ret = parse_handshake_header(session, bufel, htype,
&recv_buf[0]);
+ ret = parse_handshake_header(session, bufel, &recv_buf[0]);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -1026,13 +1027,6 @@ parse_record_buffered_msgs (gnutls_session_t session,
return gnutls_assert_val(ret);
_mbuffer_set_uhead_size(bufel, 0);
_mbuffer_head_remove_bytes(&session->internals.record_buffer,
data_size+header_size);
-
- if (cmp_hsk_types(htype, recv_buf[0].htype) == 0)
- { /* an unexpected packet */
- hsk->htype = recv_buf[0].htype;
- return
gnutls_assert_val(GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET);
- }
-
}
/* if packet is complete then return it
@@ -1040,7 +1034,7 @@ parse_record_buffered_msgs (gnutls_session_t session,
if (recv_buf[0].length ==
recv_buf[0].data.length)
{
- return get_last_packet(session, htype, hsk);
+ return 0;
}
bufel = _mbuffer_head_get_first(&session->internals.record_buffer,
&msg);
}
@@ -1073,7 +1067,7 @@ parse_record_buffered_msgs (gnutls_session_t session,
_gnutls_handshake_buffer_init(&tmp);
- ret = parse_handshake_header(session, bufel, htype, &tmp);
+ ret = parse_handshake_header(session, bufel, &tmp);
if (ret < 0)
{
gnutls_assert();
@@ -1115,14 +1109,14 @@ next:
sizeof(recv_buf[0]), handshake_compare);
while(session->internals.handshake_recv_buffer_size > 0 &&
- recv_buf[LAST_ELEMENT].sequence < session->internals.dtls.hsk_read_seq)
+ recv_buf[LAST_ELEMENT].sequence <
session->internals.dtls.hsk_read_seq)
{
_gnutls_audit_log(session, "Discarded replayed handshake packet with
sequence %d\n", recv_buf[LAST_ELEMENT].sequence);
_gnutls_handshake_buffer_clear(&recv_buf[LAST_ELEMENT]);
session->internals.handshake_recv_buffer_size--;
}
- return get_last_packet(session, htype, hsk);
+ return 0;
}
}
@@ -1132,11 +1126,11 @@ next:
ssize_t
_gnutls_handshake_io_recv_int (gnutls_session_t session,
gnutls_handshake_description_t htype,
- handshake_buffer_st * hsk)
+ handshake_buffer_st * hsk, unsigned int
optional)
{
int ret;
- ret = get_last_packet(session, htype, hsk);
+ ret = get_last_packet(session, htype, hsk, optional);
if (ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED && ret !=
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
{
return gnutls_assert_val(ret);
@@ -1145,7 +1139,10 @@ _gnutls_handshake_io_recv_int (gnutls_session_t session,
/* try using the already existing records before
* trying to receive.
*/
- ret = parse_record_buffered_msgs(session, htype, hsk);
+ ret = _gnutls_parse_record_buffered_msgs(session);
+
+ if (ret == 0) ret = get_last_packet(session, htype, hsk, optional);
+
if (IS_DTLS(session))
{
if (ret >= 0)
@@ -1163,6 +1160,8 @@ _gnutls_handshake_io_recv_int (gnutls_session_t session,
if (ret < 0)
return gnutls_assert_val_fatal(ret);
- return parse_record_buffered_msgs(session, htype, hsk);
+ ret = _gnutls_parse_record_buffered_msgs(session);
+ if (ret == 0) ret = get_last_packet(session, htype, hsk, optional);
+
+ return ret;
}
-
diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h
index 8a738b2..a34cc00 100644
--- a/lib/gnutls_buffers.h
+++ b/lib/gnutls_buffers.h
@@ -50,7 +50,7 @@ int _gnutls_handshake_io_cache_int (gnutls_session_t,
ssize_t
_gnutls_handshake_io_recv_int (gnutls_session_t session,
gnutls_handshake_description_t htype,
- handshake_buffer_st * hsk);
+ handshake_buffer_st * hsk, unsigned int
optional);
ssize_t _gnutls_io_write_flush (gnutls_session_t session);
int
@@ -88,6 +88,9 @@ int i;
session->internals.handshake_recv_buffer_size = 0;
}
+int
+_gnutls_parse_record_buffered_msgs (gnutls_session_t session);
+
ssize_t
_gnutls_recv_in_buffers (gnutls_session_t session, content_type_t type,
gnutls_handshake_description_t htype);
diff --git a/lib/gnutls_dtls.c b/lib/gnutls_dtls.c
index 694d2d0..62ac934 100644
--- a/lib/gnutls_dtls.c
+++ b/lib/gnutls_dtls.c
@@ -134,7 +134,8 @@ static int drop_usage_count(gnutls_session_t session,
mbuffer_head_st *const sen
return 0;
}
-#define RETRANSMIT_WINDOW 2
+/* in ms */
+#define RETRANSMIT_WINDOW 600
/* This function is to be called from record layer once
* a handshake replay is detected. It will make sure
@@ -143,18 +144,33 @@ static int drop_usage_count(gnutls_session_t session,
mbuffer_head_st *const sen
*/
int _dtls_retransmit(gnutls_session_t session)
{
-time_t now = gnutls_time (0);
+ return _dtls_transmit(session);
+}
+
+/* Checks whether the received packet contains a handshake
+ * packet with sequence higher that the previously received.
+ * It must be called only when an actual packet has been
+ * received.
+ *
+ * Returns: 0 if expected, negative value otherwise.
+ */
+static int is_next_hpacket_expected(gnutls_session_t session)
+{
int ret;
- if (now - session->internals.dtls.last_retransmit > RETRANSMIT_WINDOW)
- {
- ret = _dtls_transmit(session);
- session->internals.dtls.last_retransmit = now;
- return ret;
- }
- else
- return 0;
+ /* htype is arbitrary */
+ ret = _gnutls_recv_in_buffers(session, GNUTLS_HANDSHAKE,
GNUTLS_HANDSHAKE_FINISHED);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_parse_record_buffered_msgs(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ if (session->internals.handshake_recv_buffer_size > 0)
+ return 0;
+ else
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET);
}
#define UPDATE_TIMER { \
@@ -216,10 +232,23 @@ unsigned int timeout;
goto nb_timeout;
}
}
- else /* received ack */
+ else /* received something */
{
- ret = 0;
- goto end_flight;
+ if (ret == 0)
+ {
+ ret = is_next_hpacket_expected(session);
+ if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
+ goto nb_timeout;
+ if (ret < 0 && ret != GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+ if (ret == 0) goto end_flight;
+ /* if ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET retransmit
*/
+ }
+ else
+ goto nb_timeout;
}
}
else /* last flight of an async party. Return immediately. */
@@ -236,19 +265,23 @@ unsigned int timeout;
goto end_flight;
}
- _gnutls_dtls_log ("DTLS[%p]: %sStart of flight transmission.\n",
session, (session->internals.dtls.flight_init == 0)?"":"re-");
-
- for (cur = send_buffer->head;
- cur != NULL; cur = cur->next)
+ diff = timespec_sub_ms(&now, &session->internals.dtls.last_retransmit);
+ if (session->internals.dtls.flight_init == 0 || diff >=
RETRANSMIT_WINDOW)
{
- ret = transmit_message (session, cur, &buf);
- if (ret < 0)
+ _gnutls_dtls_log ("DTLS[%p]: %sStart of flight transmission.\n",
session, (session->internals.dtls.flight_init == 0)?"":"re-");
+ for (cur = send_buffer->head;
+ cur != NULL; cur = cur->next)
{
- gnutls_assert();
- goto end_flight;
- }
+ ret = transmit_message (session, cur, &buf);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto end_flight;
+ }
- last_type = cur->htype;
+ last_type = cur->htype;
+ }
+ gettime(&session->internals.dtls.last_retransmit);
}
if (session->internals.dtls.flight_init == 0)
@@ -304,8 +337,28 @@ unsigned int timeout;
goto nb_timeout;
}
}
+
+ if (ret == 0)
+ {
+ ret = is_next_hpacket_expected(session);
+ if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
+ goto nb_timeout;
+
+ if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET)
+ {
+ ret = GNUTLS_E_TIMEDOUT;
+ goto keep_up;
+ }
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+ goto end_flight;
+ }
}
+keep_up:
gettime(&now);
} while(ret == GNUTLS_E_TIMEDOUT);
@@ -335,7 +388,7 @@ nb_timeout:
if (buf != NULL)
gnutls_free(buf);
- RETURN_DTLS_EAGAIN_OR_TIMEOUT(session);
+ RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, ret);
}
/* Waits for the last flight or retransmits
@@ -356,7 +409,7 @@ int ret;
ret = _dtls_retransmit(session);
if (ret == 0)
{
- RETURN_DTLS_EAGAIN_OR_TIMEOUT(session);
+ RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, 0);
}
else
return gnutls_assert_val(ret);
diff --git a/lib/gnutls_dtls.h b/lib/gnutls_dtls.h
index b910d3d..467b3e9 100644
--- a/lib/gnutls_dtls.h
+++ b/lib/gnutls_dtls.h
@@ -42,7 +42,7 @@ inline static unsigned int timespec_sub_ms(struct timespec
*a, struct timespec *
(b->tv_sec * 1000 + b->tv_nsec / (1000 * 1000)));
}
-#define RETURN_DTLS_EAGAIN_OR_TIMEOUT(session) { \
+#define RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, r) { \
struct timespec now; \
unsigned int diff; \
gettime(&now); \
@@ -55,9 +55,12 @@ inline static unsigned int timespec_sub_ms(struct timespec
*a, struct timespec *
} \
else \
{ \
+ int rr; \
+ if (r != GNUTLS_E_INTERRUPTED) rr = GNUTLS_E_AGAIN; \
+ else rr = r; \
if (session->internals.dtls.blocking != 0) \
millisleep(50); \
- return gnutls_assert_val(GNUTLS_E_AGAIN); \
+ return gnutls_assert_val(rr); \
} \
}
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 60434fa..573635a 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -678,7 +678,7 @@ _gnutls_recv_finished (gnutls_session_t session)
ret =
_gnutls_recv_handshake (session, GNUTLS_HANDSHAKE_FINISHED,
- MANDATORY_PACKET, &buf);
+ 0, &buf);
if (ret < 0)
{
ERR ("recv finished int", ret);
@@ -1251,25 +1251,21 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t
session,
int
_gnutls_recv_handshake (gnutls_session_t session,
gnutls_handshake_description_t type,
- optional_t optional, gnutls_buffer_st* buf)
+ unsigned int optional, gnutls_buffer_st* buf)
{
int ret;
handshake_buffer_st hsk;
ret =
- _gnutls_handshake_io_recv_int (session, type, &hsk);
+ _gnutls_handshake_io_recv_int (session, type, &hsk, optional);
if (ret < 0)
{
- if (optional == OPTIONAL_PACKET && ret ==
GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET)
+ if (optional != 0 && ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET)
{
if (buf) _gnutls_buffer_init(buf);
return 0;
}
- if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET)
- _gnutls_audit_log(session, "Received unexpected handshake message '%s'
(%d). Expected '%s' (%d)\n",
- _gnutls_handshake2str(hsk.htype), (int)hsk.htype,
_gnutls_handshake2str(type), (int)type);
-
return gnutls_assert_val_fatal(ret);
}
@@ -2292,7 +2288,7 @@ _gnutls_recv_supplemental (gnutls_session_t session)
_gnutls_debug_log ("EXT[%p]: Expecting supplemental data\n", session);
ret = _gnutls_recv_handshake (session, GNUTLS_HANDSHAKE_SUPPLEMENTAL,
- OPTIONAL_PACKET, &buf);
+ 1, &buf);
if (ret < 0)
{
gnutls_assert ();
@@ -2464,7 +2460,7 @@ _gnutls_handshake_client (gnutls_session_t session)
ret =
_gnutls_recv_handshake (session,
GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST,
- OPTIONAL_PACKET, NULL);
+ 1, NULL);
STATE = STATE11;
IMED_RET ("recv hello verify", ret, 1);
@@ -2479,7 +2475,7 @@ _gnutls_handshake_client (gnutls_session_t session)
ret =
_gnutls_recv_handshake (session,
GNUTLS_HANDSHAKE_SERVER_HELLO,
- MANDATORY_PACKET, NULL);
+ 0, NULL);
STATE = STATE2;
IMED_RET ("recv hello", ret, 1);
@@ -2520,7 +2516,7 @@ _gnutls_handshake_client (gnutls_session_t session)
ret =
_gnutls_recv_handshake (session,
GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
- MANDATORY_PACKET, NULL);
+ 0, NULL);
STATE = STATE6;
IMED_RET ("recv server hello done", ret, 1);
case STATE71:
@@ -2757,7 +2753,7 @@ _gnutls_handshake_server (gnutls_session_t session)
ret =
_gnutls_recv_handshake (session,
GNUTLS_HANDSHAKE_CLIENT_HELLO,
- MANDATORY_PACKET, NULL);
+ 0, NULL);
STATE = STATE1;
IMED_RET ("recv hello", ret, 1);
diff --git a/lib/gnutls_handshake.h b/lib/gnutls_handshake.h
index 42e5b61..39c9c8a 100644
--- a/lib/gnutls_handshake.h
+++ b/lib/gnutls_handshake.h
@@ -23,9 +23,6 @@
#ifndef HANDSHAKE_H
#define HANDSHAKE_H
-typedef enum Optional
-{ OPTIONAL_PACKET, MANDATORY_PACKET } optional_t;
-
int _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel,
gnutls_handshake_description_t type);
int _gnutls_recv_hello_request (gnutls_session_t session, void *data,
@@ -34,7 +31,7 @@ int _gnutls_send_hello (gnutls_session_t session, int again);
int _gnutls_recv_hello (gnutls_session_t session, uint8_t * data, int datalen);
int _gnutls_recv_handshake (gnutls_session_t session,
gnutls_handshake_description_t type,
- optional_t optional, gnutls_buffer_st* buf);
+ unsigned int optional, gnutls_buffer_st* buf);
int _gnutls_generate_session_id (uint8_t * session_id, uint8_t * len);
int _gnutls_handshake_common (gnutls_session_t session);
int _gnutls_handshake_client (gnutls_session_t session);
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 578e355..3069eb9 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -605,6 +605,7 @@ typedef struct
/* For DTLS handshake fragmentation and reassembly. */
uint16_t hsk_write_seq;
+ /* the sequence number of the expected packet */
unsigned int hsk_read_seq;
uint16_t mtu;
@@ -638,7 +639,7 @@ typedef struct
time_t async_term;
/* last retransmission triggered by record layer */
- time_t last_retransmit;
+ struct timespec last_retransmit;
unsigned int packets_dropped;
} dtls_st;
diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c
index fc920b5..6ab71c9 100644
--- a/lib/gnutls_kx.c
+++ b/lib/gnutls_kx.c
@@ -448,7 +448,7 @@ _gnutls_recv_server_kx_message (gnutls_session_t session)
{
gnutls_buffer_st buf;
int ret = 0;
- optional_t optflag = MANDATORY_PACKET;
+ unsigned int optflag = 0;
if (session->internals.auth_struct->gnutls_process_server_kx != NULL)
{
@@ -464,7 +464,7 @@ _gnutls_recv_server_kx_message (gnutls_session_t session)
/* Server key exchange packet is optional for PSK. */
if (_gnutls_session_is_psk (session))
- optflag = OPTIONAL_PACKET;
+ optflag = 1;
ret =
_gnutls_recv_handshake (session,
@@ -505,7 +505,7 @@ _gnutls_recv_server_certificate_request (gnutls_session_t
session)
ret =
_gnutls_recv_handshake (session,
GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
- OPTIONAL_PACKET, &buf);
+ 1, &buf);
if (ret < 0)
return ret;
@@ -541,7 +541,7 @@ _gnutls_recv_client_kx_message (gnutls_session_t session)
ret =
_gnutls_recv_handshake (session,
GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
- MANDATORY_PACKET, &buf);
+ 0, &buf);
if (ret < 0)
return ret;
@@ -578,9 +578,9 @@ _gnutls_recv_client_certificate (gnutls_session_t session)
}
if (session->internals.send_cert_req == GNUTLS_CERT_REQUIRE)
- optional = MANDATORY_PACKET;
+ optional = 0;
else
- optional = OPTIONAL_PACKET;
+ optional = 1;
ret =
_gnutls_recv_handshake (session, GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
@@ -592,7 +592,7 @@ _gnutls_recv_client_certificate (gnutls_session_t session)
* a warning alert instead of an empty certificate to indicate
* no certificate.
*/
- if (optional == OPTIONAL_PACKET &&
+ if (optional != 0 &&
ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
gnutls_protocol_get_version (session) == GNUTLS_SSL3 &&
gnutls_alert_get (session) == GNUTLS_A_SSL3_NO_CERTIFICATE)
@@ -609,7 +609,7 @@ _gnutls_recv_client_certificate (gnutls_session_t session)
*/
if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED
|| ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
- && optional == MANDATORY_PACKET)
+ && optional == 0)
{
gnutls_assert ();
return GNUTLS_E_NO_CERTIFICATE_FOUND;
@@ -618,7 +618,7 @@ _gnutls_recv_client_certificate (gnutls_session_t session)
return ret;
}
- if (ret == 0 && buf.length == 0 && optional == OPTIONAL_PACKET)
+ if (ret == 0 && buf.length == 0 && optional != 0)
{
/* Client has not sent the certificate message.
* well I'm not sure we should accept this
@@ -641,7 +641,7 @@ _gnutls_recv_client_certificate (gnutls_session_t session)
/* ok we should expect a certificate verify message now
*/
- if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional == OPTIONAL_PACKET)
+ if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional != 0)
ret = 0;
else
session->key->certificate_requested = 1;
@@ -664,7 +664,7 @@ _gnutls_recv_server_certificate (gnutls_session_t session)
ret =
_gnutls_recv_handshake (session,
GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
- MANDATORY_PACKET, &buf);
+ 0, &buf);
if (ret < 0)
{
gnutls_assert ();
@@ -709,7 +709,7 @@ _gnutls_recv_client_certificate_verify_message
(gnutls_session_t session)
ret =
_gnutls_recv_handshake (session,
GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY,
- OPTIONAL_PACKET, &buf);
+ 1, &buf);
if (ret < 0)
return ret;
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index d55fb04..ebe1b1a 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -627,7 +627,7 @@ record_add_to_buffers (gnutls_session_t session,
if (!(IS_DTLS(session)))
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
- _gnutls_record_buffer_put (session, type, seq, bufel);
+ _gnutls_record_buffer_put (session, recv->type, seq, bufel);
break;
case GNUTLS_APPLICATION_DATA:
@@ -731,7 +731,7 @@ unexpected_packet:
if (IS_DTLS(session) && ret != GNUTLS_E_REHANDSHAKE)
{
_mbuffer_xfree(&bufel);
- RETURN_DTLS_EAGAIN_OR_TIMEOUT(session);
+ RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, ret);
}
cleanup:
diff --git a/src/libopts/m4/libopts.m4 b/src/libopts/m4/libopts.m4
index c8f89ec..1f981aa 100644
--- a/src/libopts/m4/libopts.m4
+++ b/src/libopts/m4/libopts.m4
@@ -574,9 +574,8 @@ AC_DEFUN([LIBOPTS_CHECK], [
LIBOPTS_CHECK_COMMON(AO_Libopts_Dir)
AM_COND_IF([NEED_LIBOPTS], [
INVOKE_LIBOPTS_MACROS
+ AC_CONFIG_FILES(AO_Libopts_Dir/Makefile)
])dnl
-
- AC_CONFIG_FILES(AO_Libopts_Dir/Makefile)
m4_popdef([AO_Libopts_Dir])dnl
# end of AC_DEFUN of LIBOPTS_CHECK
])
diff --git a/tests/key-id/key-id b/tests/key-id/key-id
index 2bee9b8..9bad211 100755
--- a/tests/key-id/key-id
+++ b/tests/key-id/key-id
@@ -27,7 +27,7 @@ CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
PARAMS="--generate-certificate --load-privkey $srcdir/key-user.pem
--load-ca-privkey $srcdir/key-ca.pem --template tmpl"
-echo "#empty" > tmpl
+echo "serial = 0" > tmpl
#$CERTTOOL $PARAMS --load-ca-certificate $srcdir/ca-gnutls-keyid.pem \
# --outfile user-gnutls-keyid.pem 2> /dev/null
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-221-gd77d792,
Nikos Mavrogiannopoulos <=