[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_17-1-g2e5b2
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_17-1-g2e5b226 |
Date: |
Fri, 02 Mar 2012 22:27:07 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=2e5b226f2eaee6591aae3b35ad8fb0c4cc41a5b4
The branch, gnutls_2_12_x has been updated
via 2e5b226f2eaee6591aae3b35ad8fb0c4cc41a5b4 (commit)
from 65090a5baa7f138639342570906fb6843d776531 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2e5b226f2eaee6591aae3b35ad8fb0c4cc41a5b4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Mar 2 23:31:26 2012 +0100
Corrected SRP-RSA ciphersuites when used under TLS 1.2.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 9 +++++++++
lib/auth_srp_rsa.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++----
2 files changed, 57 insertions(+), 4 deletions(-)
diff --git a/NEWS b/NEWS
index 12e3cc5..5935f79 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,15 @@ Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005,
2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
See the end for copying conditions.
+Version 2.12.18 (unreleased)
+
+** Corrected SRP-RSA ciphersuites when used under TLS 1.2.
+
+** API and ABI modifications:
+
+No changes since last version.
+
+
Version 2.12.17 (released 2012-03-02)
** libgnutls: Corrections in record packet parsing.
diff --git a/lib/auth_srp_rsa.c b/lib/auth_srp_rsa.c
index d926790..4bf0202 100644
--- a/lib/auth_srp_rsa.c
+++ b/lib/auth_srp_rsa.c
@@ -41,6 +41,7 @@
#include <gnutls_sig.h>
#include <auth_srp.h>
#include <gnutls_x509.h>
+#include <gnutls_algorithms.h>
static int gen_srp_cert_server_kx (gnutls_session_t, opaque **);
static int proc_srp_cert_server_kx (gnutls_session_t, opaque *, size_t);
@@ -89,6 +90,7 @@ gen_srp_cert_server_kx (gnutls_session_t session, opaque **
data)
gnutls_privkey_t apr_pkey;
int apr_cert_list_length;
gnutls_sign_algorithm_t sign_algo;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
ret = _gnutls_gen_srp_server_kx (session, data);
@@ -126,7 +128,7 @@ gen_srp_cert_server_kx (gnutls_session_t session, opaque **
data)
return ret;
}
- *data = gnutls_realloc_fast (*data, data_size + signature.size + 2);
+ *data = gnutls_realloc_fast (*data, data_size + signature.size + 4);
if (*data == NULL)
{
_gnutls_free_datum (&signature);
@@ -134,12 +136,37 @@ gen_srp_cert_server_kx (gnutls_session_t session, opaque
** data)
return GNUTLS_E_MEMORY_ERROR;
}
+ if (_gnutls_version_has_selectable_sighash (ver))
+ {
+ const sign_algorithm_st *aid;
+
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN)
+ {
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
+ }
+
+ aid = _gnutls_sign_to_tls_aid (sign_algo);
+ if (aid == NULL)
+ {
+ gnutls_assert();
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
+ }
+
+ (*data)[data_size++] = aid->hash_algorithm;
+ (*data)[data_size++] = aid->sign_algorithm;
+ }
+
_gnutls_write_datum16 (&(*data)[data_size], signature);
data_size += signature.size + 2;
- _gnutls_free_datum (&signature);
- return data_size;
+ ret = data_size;
+
+cleanup:
+ _gnutls_free_datum (&signature);
+ return ret;
}
@@ -154,6 +181,8 @@ proc_srp_cert_server_kx (gnutls_session_t session, opaque *
data,
cert_auth_info_t info;
gnutls_cert peer_cert;
opaque *p;
+ gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
ret = _gnutls_proc_srp_server_kx (session, data, _data_size);
if (ret < 0)
@@ -175,6 +204,21 @@ proc_srp_cert_server_kx (gnutls_session_t session, opaque
* data,
vparams.data = data;
p = &data[vparams.size];
+ if (_gnutls_version_has_selectable_sighash (ver))
+ {
+ sign_algorithm_st aid;
+
+ DECR_LEN (data_size, 1);
+ aid.hash_algorithm = *p++;
+ DECR_LEN (data_size, 1);
+ aid.sign_algorithm = *p++;
+ sign_algo = _gnutls_tls_aid_to_sign (&aid);
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ }
+ }
DECR_LEN (data_size, 2);
sigsize = _gnutls_read_uint16 (p);
@@ -196,7 +240,7 @@ proc_srp_cert_server_kx (gnutls_session_t session, opaque *
data,
ret =
_gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature,
- GNUTLS_SIGN_UNKNOWN);
+ sign_algo);
_gnutls_gcert_deinit (&peer_cert);
if (ret < 0)
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_17-1-g2e5b226,
Nikos Mavrogiannopoulos <=