[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_13-73-gb495740
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_13-73-gb495740 |
|
Date: |
Tue, 28 Feb 2012 15:06:02 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=b495740f2ff66550ca9395b3fda3ea32c3acb185
The branch, master has been updated
via b495740f2ff66550ca9395b3fda3ea32c3acb185 (commit)
via 60c62e045245f07798f61ef7f39e8ae84fd9c8e0 (commit)
via e506c4a1a421292dc3d5e6eba7f61f76df25e1e7 (commit)
from 26b01a940e1f1c7a3634b8dbca8ccccc7d03783a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b495740f2ff66550ca9395b3fda3ea32c3acb185
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Feb 28 10:24:47 2012 +0100
changes in packet parsing.
commit 60c62e045245f07798f61ef7f39e8ae84fd9c8e0
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Feb 28 10:00:15 2012 +0100
Do not call gnutls_x509_crt_check_hostname() if hostname eq NULL. Reported
by Matthew Hall.
commit e506c4a1a421292dc3d5e6eba7f61f76df25e1e7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Feb 27 17:40:38 2012 +0100
Updated documentation on gnutls_prf()
-----------------------------------------------------------------------
Summary of changes:
THANKS | 1 +
doc/cha-gtls-app.texi | 9 +++++----
lib/gnutls_cipher.c | 14 ++++++--------
lib/gnutls_state.c | 8 ++++----
src/common.c | 21 ++++++++++++---------
5 files changed, 28 insertions(+), 25 deletions(-)
diff --git a/THANKS b/THANKS
index 32d6bc4..123c733 100644
--- a/THANKS
+++ b/THANKS
@@ -127,6 +127,7 @@ Joseph Graham *joe [at] t67.eu*
Eli Zaretskii *eliz [at] gnu.org*
Patrick Pelletier *code [at] funwithsoftware.org*
Sean Buckheister *s_buckhe [at] cs.uni-kl.de*
+Matthew Hall *mhall [at] mhcomputing.net*
----------------------------------------------------------------------
Copying and distribution of this file, with or without modification,
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 9319f64..c02f095 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1082,9 +1082,10 @@ an alternative interface is available using a callback
function.
@cindex keying material exporters
@cindex exporting keying material
-The TLS PRF can be used by other protocols to derive data. The API to
-use is @funcref{gnutls_prf}. The function needs to be provided with the
-label in the parameter @code{label}, and the extra data to mix in the
+The TLS PRF can be used by other protocols to derive keys based on
+the TLS master secret. The API to use is @funcref{gnutls_prf}. The
+function needs to be provided with the label in the parameter
address@hidden, and the extra data to mix in the
@code{extra} parameter. Depending on whether you want to mix in the
client or server random data first, you can set the
@code{server_random_first} parameter.
@@ -1100,7 +1101,7 @@ rc = gnutls_prf (session, strlen (MYLABEL), MYLABEL, 0,
strlen (MYCONTEXT), MYCONTEXT, 32, out);
@end example
-If you don't want to mix in the client/server random, there is a more
+If you don't want to mix in the client/server random, there is a
low-level TLS PRF interface called @funcref{gnutls_prf_raw}.
@node Channel Bindings
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 04d11f8..618aab2 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -354,7 +354,7 @@ compressed_to_ciphertext (gnutls_session_t session,
ret = _gnutls_rnd (GNUTLS_RND_NONCE, data_ptr, blocksize);
if (ret < 0)
return gnutls_assert_val(ret);
-
+
_gnutls_auth_cipher_setiv(¶ms->write.cipher_state, data_ptr,
blocksize);
data_ptr += blocksize;
@@ -509,7 +509,7 @@ ciphertext_to_compressed (gnutls_session_t session,
break;
case CIPHER_BLOCK:
- if (ciphertext->size < MAX(blocksize, tag_size) || (ciphertext->size %
blocksize != 0))
+ if (ciphertext->size < blocksize || (ciphertext->size % blocksize != 0))
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
/* ignore the IV in TLS 1.1+
@@ -521,14 +521,11 @@ ciphertext_to_compressed (gnutls_session_t session,
ciphertext->size -= blocksize;
ciphertext->data += blocksize;
-
- if (ciphertext->size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_DECRYPTION_FAILED;
- }
}
+ if (ciphertext->size < tag_size)
+ return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+
/* we don't use the auth_cipher interface here, since
* TLS with block ciphers is impossible to be used under such
* an API. (the length of plaintext is required to calculate
@@ -541,6 +538,7 @@ ciphertext_to_compressed (gnutls_session_t session,
pad = ciphertext->data[ciphertext->size - 1] + 1; /* pad */
+
if ((int) pad > (int) ciphertext->size - tag_size)
{
gnutls_assert ();
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index a8d8f0e..c8773c4 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -977,8 +977,8 @@ _gnutls_PRF (gnutls_session_t session,
* @outsize: size of pre-allocated output buffer to hold the output.
* @out: pre-allocate buffer to hold the generated data.
*
- * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
- * on some data.
+ * Apply the TLS Pseudo-Random-Function (PRF) on the master secret
+ * and the provided data.
*
* The @label variable usually contain a string denoting the purpose
* for the generated data. The @seed usually contain data such as the
@@ -1024,8 +1024,8 @@ gnutls_prf_raw (gnutls_session_t session,
* @outsize: size of pre-allocated output buffer to hold the output.
* @out: pre-allocate buffer to hold the generated data.
*
- * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
- * on some data, seeded with the client and server random fields.
+ * Apply the TLS Pseudo-Random-Function (PRF) on the master secret
+ * and the provided data, seeded with the client and server random fields.
*
* The @label variable usually contain a string denoting the purpose
* for the generated data. The @server_random_first indicate whether
diff --git a/src/common.c b/src/common.c
index 65e9c72..48f56bd 100644
--- a/src/common.c
+++ b/src/common.c
@@ -218,18 +218,21 @@ verify_x509_hostname (gnutls_session_t session, const
char *hostname)
/* Check the hostname of the first certificate if it matches
* the name of the host we connected to.
*/
- if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
+ if (hostname != NULL)
{
- printf
+ if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
+ {
+ printf
("- The hostname in the certificate does NOT match '%s'\n",
hostname);
- ret = 0;
- }
- else
- {
- printf ("- The hostname in the certificate matches '%s'.\n",
- hostname);
- ret = 1;
+ ret = 0;
+ }
+ else
+ {
+ printf ("- The hostname in the certificate matches '%s'.\n",
+ hostname);
+ ret = 1;
+ }
}
gnutls_x509_crt_deinit (crt);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_13-73-gb495740,
Nikos Mavrogiannopoulos <=