[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_17-1-g2e5b2

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_17-1-g2e5b226
Date:	Fri, 02 Mar 2012 22:27:07 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=2e5b226f2eaee6591aae3b35ad8fb0c4cc41a5b4

The branch, gnutls_2_12_x has been updated
       via  2e5b226f2eaee6591aae3b35ad8fb0c4cc41a5b4 (commit)
      from  65090a5baa7f138639342570906fb6843d776531 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2e5b226f2eaee6591aae3b35ad8fb0c4cc41a5b4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Fri Mar 2 23:31:26 2012 +0100

    Corrected SRP-RSA ciphersuites when used under TLS 1.2.

-----------------------------------------------------------------------

Summary of changes:
 NEWS               |    9 +++++++++
 lib/auth_srp_rsa.c |   52 ++++++++++++++++++++++++++++++++++++++++++++++++----
 2 files changed, 57 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index 12e3cc5..5935f79 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,15 @@ Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005,
               2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
 See the end for copying conditions.
 
+Version 2.12.18 (unreleased)
+
+** Corrected SRP-RSA ciphersuites when used under TLS 1.2.
+
+** API and ABI modifications:
+
+No changes since last version.
+
+
 Version 2.12.17 (released 2012-03-02)
 
 ** libgnutls: Corrections in record packet parsing.
diff --git a/lib/auth_srp_rsa.c b/lib/auth_srp_rsa.c
index d926790..4bf0202 100644
--- a/lib/auth_srp_rsa.c
+++ b/lib/auth_srp_rsa.c
@@ -41,6 +41,7 @@
 #include <gnutls_sig.h>
 #include <auth_srp.h>
 #include <gnutls_x509.h>
+#include <gnutls_algorithms.h>
 
 static int gen_srp_cert_server_kx (gnutls_session_t, opaque **);
 static int proc_srp_cert_server_kx (gnutls_session_t, opaque *, size_t);
@@ -89,6 +90,7 @@ gen_srp_cert_server_kx (gnutls_session_t session, opaque ** 
data)
   gnutls_privkey_t apr_pkey;
   int apr_cert_list_length;
   gnutls_sign_algorithm_t sign_algo;
+  gnutls_protocol_t ver = gnutls_protocol_get_version (session);
 
   ret = _gnutls_gen_srp_server_kx (session, data);
 
@@ -126,7 +128,7 @@ gen_srp_cert_server_kx (gnutls_session_t session, opaque ** 
data)
       return ret;
     }
 
-  *data = gnutls_realloc_fast (*data, data_size + signature.size + 2);
+  *data = gnutls_realloc_fast (*data, data_size + signature.size + 4);
   if (*data == NULL)
     {
       _gnutls_free_datum (&signature);
@@ -134,12 +136,37 @@ gen_srp_cert_server_kx (gnutls_session_t session, opaque 
** data)
       return GNUTLS_E_MEMORY_ERROR;
     }
 
+  if (_gnutls_version_has_selectable_sighash (ver))
+    {
+      const sign_algorithm_st *aid;
+
+      if (sign_algo == GNUTLS_SIGN_UNKNOWN)
+        {
+          ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+          goto cleanup;
+        }
+
+      aid = _gnutls_sign_to_tls_aid (sign_algo);
+      if (aid == NULL)
+        {
+          gnutls_assert();
+          ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+          goto cleanup;
+        }
+      
+      (*data)[data_size++] = aid->hash_algorithm;
+      (*data)[data_size++] = aid->sign_algorithm;
+    }
+
   _gnutls_write_datum16 (&(*data)[data_size], signature);
   data_size += signature.size + 2;
 
-  _gnutls_free_datum (&signature);
 
-  return data_size;
+  ret = data_size;
+
+cleanup:
+  _gnutls_free_datum (&signature);
+  return ret;
 
 }
 
@@ -154,6 +181,8 @@ proc_srp_cert_server_kx (gnutls_session_t session, opaque * 
data,
   cert_auth_info_t info;
   gnutls_cert peer_cert;
   opaque *p;
+  gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
+  gnutls_protocol_t ver = gnutls_protocol_get_version (session);
 
   ret = _gnutls_proc_srp_server_kx (session, data, _data_size);
   if (ret < 0)
@@ -175,6 +204,21 @@ proc_srp_cert_server_kx (gnutls_session_t session, opaque 
* data,
   vparams.data = data;
 
   p = &data[vparams.size];
+  if (_gnutls_version_has_selectable_sighash (ver))
+    {
+      sign_algorithm_st aid;
+
+      DECR_LEN (data_size, 1);
+      aid.hash_algorithm = *p++;
+      DECR_LEN (data_size, 1);
+      aid.sign_algorithm = *p++;
+      sign_algo = _gnutls_tls_aid_to_sign (&aid);
+      if (sign_algo == GNUTLS_SIGN_UNKNOWN)
+        {
+          gnutls_assert ();
+          return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+        }
+    }
 
   DECR_LEN (data_size, 2);
   sigsize = _gnutls_read_uint16 (p);
@@ -196,7 +240,7 @@ proc_srp_cert_server_kx (gnutls_session_t session, opaque * 
data,
 
   ret =
     _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature,
-                                   GNUTLS_SIGN_UNKNOWN);
+                                   sign_algo);
 
   _gnutls_gcert_deinit (&peer_cert);
   if (ret < 0)


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_17-1-g2e5b226, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_15-7-g84fdabb
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_15-17-gdf2b654
Previous by thread: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_15-7-g84fdabb
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_15-17-gdf2b654
Index(es):
- Date
- Thread