[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_13-80-g4945953
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_13-80-g4945953 |
|
Date: |
Wed, 29 Feb 2012 22:15:29 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=4945953627c01aeadd81b54b9295ed3d1115cd60
The branch, master has been updated
via 4945953627c01aeadd81b54b9295ed3d1115cd60 (commit)
via 0fcff28d8ae63334807eccb722af7d378167cf04 (commit)
via c3c6e3a90b4e2c10f19d47c4addd736a8c7877d7 (commit)
via f4ea85c11b4660b29ea52f22e2ca133cb32859a5 (commit)
from 949f6c20e8f96e078474d956581d8e7f7ea2d5ce (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4945953627c01aeadd81b54b9295ed3d1115cd60
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Feb 29 23:21:17 2012 +0100
documented fix
commit 0fcff28d8ae63334807eccb722af7d378167cf04
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Feb 29 23:20:14 2012 +0100
Added test for invalid record packet sizes.
commit c3c6e3a90b4e2c10f19d47c4addd736a8c7877d7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Feb 29 23:18:33 2012 +0100
artistic changes.
commit f4ea85c11b4660b29ea52f22e2ca133cb32859a5
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Feb 29 21:01:58 2012 +0100
corrected copying of buffers.
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 1 +
NEWS | 3 +
lib/gnutls_buffers.c | 2 +-
lib/gnutls_mbuffers.c | 5 +-
lib/gnutls_record.c | 2 +-
tests/Makefile.am | 2 +-
tests/{mini-dtls-rehandshake.c => mini-record.c} | 257 ++++++++++++----------
7 files changed, 148 insertions(+), 124 deletions(-)
copy tests/{mini-dtls-rehandshake.c => mini-record.c} (53%)
diff --git a/.gitignore b/.gitignore
index 9d9be4b..33632d2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -590,3 +590,4 @@ doc/gnutls.epub
doc/gnutls.xml
tests/mini-tdb
tests/resume-dtls
+tests/mini-record
diff --git a/NEWS b/NEWS
index 0bb8f92..40f5b63 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,9 @@ system (the full git repository)
** command line apps: Link with local libopts if the
installed is an old one.
+** libgnutls: Corrections in record packet parsing.
+Reported by Matthew Hall.
+
** libgnutls: Cryptodev updates and fixes.
** libgnutls: Corrected issue with select() that affected
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index bdef974..2d4fdc3 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -439,7 +439,7 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t
total,
return ret;
}
- /* READ DATA - but leave RCVLOWAT bytes in the kernel buffer.
+ /* READ DATA
*/
if (readsize > 0)
{
diff --git a/lib/gnutls_mbuffers.c b/lib/gnutls_mbuffers.c
index 2488865..333ce59 100644
--- a/lib/gnutls_mbuffers.c
+++ b/lib/gnutls_mbuffers.c
@@ -264,7 +264,6 @@ _mbuffer_head_remove_bytes (mbuffer_head_st * buf, size_t
bytes)
left = 0;
}
}
-
return ret;
}
@@ -356,8 +355,8 @@ _mbuffer_linearize (mbuffer_head_st * buf)
for (cur = _mbuffer_head_get_first (buf, &msg);
msg.data != NULL; cur = _mbuffer_head_get_next (cur, &msg))
{
- memcpy (&bufel->msg.data[pos], msg.data, cur->msg.size);
- pos += cur->msg.size;
+ memcpy (&bufel->msg.data[pos], msg.data, msg.size);
+ pos += msg.size;
}
_mbuffer_head_clear (buf);
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 216737c..5a85f2e 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -1031,7 +1031,7 @@ begin:
if (ret >= 0) _mbuffer_set_udata_size(decrypted, ret);
_mbuffer_head_remove_bytes (&session->internals.record_recv_buffer,
- record.header_size + record.length);
+ record.header_size + record.length);
if (ret < 0)
{
gnutls_assert();
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 40ce2c6..634b6b9 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -67,7 +67,7 @@ ctests = mini-deflate simple gc set_pkcs12_cred certder
certuniqueid \
nul-in-x509-names x509_altname pkcs12_encode mini-x509 \
mini-rehandshake rng-fork mini-eagain-dtls resume-dtls \
x509cert x509cert-tl infoaccess rsa-encrypt-decrypt \
- mini-loss-time mini-tdb mini-dtls-rehandshake
+ mini-loss-time mini-tdb mini-dtls-rehandshake mini-record
if ENABLE_OCSP
ctests += ocsp
diff --git a/tests/mini-dtls-rehandshake.c b/tests/mini-record.c
similarity index 53%
copy from tests/mini-dtls-rehandshake.c
copy to tests/mini-record.c
index bc64e65..9d6a09d 100644
--- a/tests/mini-dtls-rehandshake.c
+++ b/tests/mini-record.c
@@ -45,18 +45,20 @@ int main()
#include <unistd.h>
#include <gnutls/gnutls.h>
#include <gnutls/dtls.h>
+#include <signal.h>
#include "utils.h"
static void terminate(void);
-/* This program tests the rehandshake in DTLS
+/* This program tests the robustness of record
+ * decoding.
*/
static void
server_log_func (int level, const char *str)
{
- fprintf (stderr, "server|<%d>| %s", level, str);
+// fprintf (stderr, "server|<%d>| %s", level, str);
}
static void
@@ -65,13 +67,54 @@ client_log_func (int level, const char *str)
fprintf (stderr, "client|<%d>| %s", level, str);
}
+static unsigned char server_cert_pem[] =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+
+const gnutls_datum_t server_cert = { server_cert_pem,
+ sizeof (server_cert_pem)
+};
+
+static unsigned char server_key_pem[] =
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+const gnutls_datum_t server_key = { server_key_pem,
+ sizeof (server_key_pem)
+};
+
+
/* A very basic TLS client, with anonymous authentication.
*/
#define MAX_BUF 1024
-#define MSG "Hello TLS"
-gnutls_session_t session;
+static int to_send = -1;
static ssize_t
push (gnutls_transport_ptr_t tr, const void *data, size_t len)
@@ -81,12 +124,43 @@ int fd = (long int)tr;
return send(fd, data, len, 0);
}
+#define RECORD_HEADER_SIZE (5+8)
+
+static ssize_t
+push_crippled (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+int fd = (long int)tr;
+int _len, ret;
+uint8_t* _data = (void*)data;
+
+ if (to_send == -1)
+ return send(fd, data, len, 0);
+ else
+ {
+// _len = ((uint8_t*)data)[11] << 8 | ((uint8_t*)data)[12];
+//fprintf(stderr, "len : %d\n", (int)_len);
+
+ _len = to_send;
+ _data[11] = _len >> 8;
+ _data[12] = _len;
+
+ /* correct len */
+ ret = send(fd, data, RECORD_HEADER_SIZE+_len, 0);
+
+ if (ret < 0) return ret;
+
+ return len;
+ }
+}
+
static void
-client (int fd, int server_init)
+client (int fd, const char* prio)
{
int ret;
char buffer[MAX_BUF + 1];
gnutls_anon_client_credentials_t anoncred;
+ gnutls_certificate_credentials_t x509_cred;
+ gnutls_session_t session;
/* Need to enable anonymous KX specifically. */
gnutls_global_init ();
@@ -94,10 +168,11 @@ client (int fd, int server_init)
if (debug)
{
gnutls_global_set_log_function (client_log_func);
- gnutls_global_set_log_level (4711);
+ gnutls_global_set_log_level (7);
}
gnutls_anon_allocate_client_credentials (&anoncred);
+ gnutls_certificate_allocate_credentials (&x509_cred);
/* Initialize TLS session
*/
@@ -105,11 +180,12 @@ client (int fd, int server_init)
gnutls_dtls_set_mtu( session, 1500);
/* Use default priorities */
- gnutls_priority_set_direct (session,
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
NULL);
+ gnutls_priority_set_direct (session, prio, NULL);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd);
gnutls_transport_set_push_function (session, push);
@@ -139,27 +215,11 @@ client (int fd, int server_init)
gnutls_protocol_get_name (gnutls_protocol_get_version
(session)));
- if (!server_init)
- {
- if (debug) success("Initiating client rehandshake\n");
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- if (ret < 0)
- {
- fail ("2nd client gnutls_handshake: %s\n", gnutls_strerror(ret));
- terminate();
- }
- }
- else
- {
- do {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
- }
+ do {
+ do {
+ ret = gnutls_record_recv (session, buffer, MAX_BUF);
+ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+ } while( ret > 0);
if (ret == 0)
{
@@ -169,16 +229,6 @@ client (int fd, int server_init)
}
else if (ret < 0)
{
- if (server_init && ret == GNUTLS_E_REHANDSHAKE)
- {
- if (debug) success("Initiating rehandshake due to server request\n");
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- }
-
if (ret != 0)
{
fail ("client: Error: %s\n", gnutls_strerror (ret));
@@ -186,9 +236,6 @@ client (int fd, int server_init)
}
}
- do {
- ret = gnutls_record_send (session, MSG, strlen (MSG));
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
gnutls_bye (session, GNUTLS_SHUT_WR);
end:
@@ -205,10 +252,11 @@ end:
/* These are global */
gnutls_anon_server_credentials_t anoncred;
+gnutls_certificate_credentials_t x509_cred;
pid_t child;
static gnutls_session_t
-initialize_tls_session (void)
+initialize_tls_session (const char* prio)
{
gnutls_session_t session;
@@ -218,30 +266,31 @@ initialize_tls_session (void)
/* avoid calling all the priority functions, since the defaults
* are adequate.
*/
- gnutls_priority_set_direct (session,
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
NULL);
+ gnutls_priority_set_direct (session, prio, NULL);
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
return session;
}
static void terminate(void)
{
-int status;
-
kill(child, SIGTERM);
- wait(&status);
exit(1);
}
static void
-server (int fd, int server_init)
+server (int fd, const char* prio)
{
int ret;
char buffer[MAX_BUF + 1];
+gnutls_session_t session;
+
/* this must be called once in the program
*/
gnutls_global_init ();
+ memset(buffer, 0, sizeof(buffer));
if (debug)
{
@@ -249,12 +298,16 @@ char buffer[MAX_BUF + 1];
gnutls_global_set_log_level (4711);
}
+ gnutls_certificate_allocate_credentials (&x509_cred);
+ gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+
gnutls_anon_allocate_server_credentials (&anoncred);
- session = initialize_tls_session ();
+ session = initialize_tls_session (prio);
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd);
- gnutls_transport_set_push_function (session, push);
+ gnutls_transport_set_push_function (session, push_crippled);
do
{
@@ -275,75 +328,23 @@ char buffer[MAX_BUF + 1];
success ("server: TLS version is: %s\n",
gnutls_protocol_get_name (gnutls_protocol_get_version
(session)));
-
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- if (server_init)
- {
- if (debug) success("server: Sending dummy packet\n");
- ret = gnutls_rehandshake(session);
- if (ret < 0)
- {
- fail ("gnutls_rehandshake: %s\n", gnutls_strerror(ret));
- terminate();
- }
-
- if (debug) success("server: Initiating rehandshake\n");
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
- if (ret < 0)
- {
- fail ("server: 2nd gnutls_handshake: %s\n", gnutls_strerror(ret));
- terminate();
- }
- }
-
- for (;;)
+ do
{
- memset (buffer, 0, MAX_BUF + 1);
-
do {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
+ ret = gnutls_record_send (session, buffer, sizeof (buffer));
} while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+ usleep(400*1000);
- if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
+ if (ret < 0)
{
- if (!server_init && ret == GNUTLS_E_REHANDSHAKE)
- {
- if (debug) success("Initiating rehandshake due to client
request\n");
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
- if (ret == 0) break;
- }
-
- fail ("server: Received corrupted data(%s). Closing...\n",
gnutls_strerror(ret));
+ fail("Error sending %d byte packet\n", to_send);
terminate();
}
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- do {
- ret = gnutls_record_send (session, buffer, strlen (buffer));
- } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
- }
+ to_send++;
}
-
+ while(to_send < 64);
+ to_send = -1;
/* do not wait for the peer to close the connection.
*/
gnutls_bye (session, GNUTLS_SHUT_WR);
@@ -359,7 +360,7 @@ char buffer[MAX_BUF + 1];
success ("server: finished\n");
}
-static void start (int server_initiated)
+static void start (const char* prio)
{
int fd[2];
int ret;
@@ -381,25 +382,45 @@ static void start (int server_initiated)
if (child)
{
- int status;
/* parent */
- server (fd[0], server_initiated);
- wait (&status);
- if (WEXITSTATUS(status) != 0)
- fail("Child died with status %d\n", WEXITSTATUS(status));
+ server (fd[0], prio);
+ kill(child, SIGTERM);
}
else
{
- client (fd[1], server_initiated);
+ client (fd[1], prio);
exit(0);
}
}
+#define AES_CBC
"NONE:+VERS-DTLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"
+#define AES_CBC_SHA256
"NONE:+VERS-DTLS1.0:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"
+#define AES_GCM
"NONE:+VERS-DTLS1.0:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"
+
+static void ch_handler(int sig)
+{
+int status;
+ wait(&status);
+ if (WEXITSTATUS(status) != 0 ||
+ (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV))
+ {
+ if (WIFSIGNALED(status))
+ fail("Child died with sigsegv\n");
+ else
+ fail("Child died with status %d\n", WEXITSTATUS(status));
+ terminate();
+ }
+ return;
+}
+
void
doit (void)
{
- start(0);
- start(1);
+ signal(SIGCHLD, ch_handler);
+
+ start(AES_CBC);
+ start(AES_CBC_SHA256);
+ start(AES_GCM);
}
#endif /* _WIN32 */
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_13-80-g4945953,
Nikos Mavrogiannopoulos <=