[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_3-18-g3f86e31
|
From: |
Simon Josefsson |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_3-18-g3f86e31 |
|
Date: |
Fri, 15 Oct 2010 12:37:40 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=3f86e31a554d02a2d92b5423942915554af7fc59
The branch, master has been updated
via 3f86e31a554d02a2d92b5423942915554af7fc59 (commit)
from 3e9cfe6b24e9714f1c2753a836c9de349f5e88e6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3f86e31a554d02a2d92b5423942915554af7fc59
Author: Simon Josefsson <address@hidden>
Date: Fri Oct 15 14:37:36 2010 +0200
Implement RFC 5929 tls-unique channel binding.
-----------------------------------------------------------------------
Summary of changes:
lib/gnutls_handshake.c | 24 ++++++++++++++++++++++++
lib/gnutls_int.h | 3 +++
lib/gnutls_state.c | 18 ++++++++++++++++--
src/common.c | 17 +++++++++++++++++
4 files changed, 60 insertions(+), 2 deletions(-)
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 20b06c4..e88b876 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -710,6 +710,18 @@ _gnutls_send_finished (gnutls_session_t session, int again)
return ret;
}
+ if ((session->internals.resumed == RESUME_FALSE
+ && session->security_parameters.entity == GNUTLS_CLIENT)
+ || (session->internals.resumed == RESUME_TRUE
+ && session->security_parameters.entity == GNUTLS_SERVER))
+ {
+ /* if we are a client not resuming - or we are a server resuming */
+ _gnutls_handshake_log ("HSK[%p]: recording tls-unique CB (send)\n",
+ session);
+ memcpy (session->internals.cb_tls_unique, data, vdata_size);
+ session->internals.cb_tls_unique_len = vdata_size;
+ }
+
ret =
_gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_FINISHED);
}
@@ -795,6 +807,18 @@ _gnutls_recv_finished (gnutls_session_t session)
return ret;
}
+ if ((session->internals.resumed == RESUME_TRUE
+ && session->security_parameters.entity == GNUTLS_CLIENT)
+ || (session->internals.resumed == RESUME_FALSE
+ && session->security_parameters.entity == GNUTLS_SERVER))
+ {
+ /* if we are a client resuming - or we are a server not resuming */
+ _gnutls_handshake_log ("HSK[%p]: recording tls-unique CB (recv)\n",
+ session);
+ memcpy (session->internals.cb_tls_unique, data, data_size);
+ session->internals.cb_tls_unique_len = data_size;
+ }
+
session->internals.initial_negotiation_completed = 1;
return ret;
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 87d8f5c..b97830e 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -727,6 +727,9 @@ typedef struct
int set:1;
} resumed_extension_int_data[MAX_EXT_TYPES];
+ unsigned int cb_tls_unique_len;
+ unsigned char cb_tls_unique[MAX_VERIFY_DATA_SIZE];
+
/* If you add anything here, check _gnutls_handshake_internal_state_clear().
*/
} internals_st;
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 86e3c00..310e143 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -1354,7 +1354,8 @@ gnutls_session_enable_compatibility_mode
(gnutls_session_t session)
* @cbtype: an #gnutls_channel_binding_t enumeration type
* @cb: output buffer array with data
*
- * Extract given channel binding data of the @cbtype type.
+ * Extract given channel binding data of the @cbtype (e.g.,
+ * %GNUTLS_CB_TLS_UNIQUE) type.
*
* Returns: %GNUTLS_E_SUCCESS on success,
* %GNUTLS_E_UNIMPLEMENTED_FEATURE if the @cbtype is unsupported,
@@ -1368,5 +1369,18 @@ gnutls_session_channel_binding (gnutls_session_t session,
gnutls_channel_binding_t cbtype,
gnutls_datum_t *cb)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ if (cbtype != GNUTLS_CB_TLS_UNIQUE)
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+
+ if (!session->internals.initial_negotiation_completed)
+ return GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE;
+
+ cb->size = session->internals.cb_tls_unique_len;
+ cb->data = gnutls_malloc (cb->size);
+ if (cb->data == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ memcpy (cb->data, session->internals.cb_tls_unique, cb->size);
+
+ return 0;
}
diff --git a/src/common.c b/src/common.c
index 51ba946..b270cd5 100644
--- a/src/common.c
+++ b/src/common.c
@@ -488,6 +488,23 @@ print_info (gnutls_session_t session, const char
*hostname, int insecure)
printf ("- Session ID: %s\n", raw_to_string (id, id_size));
}
+ {
+ gnutls_datum cb;
+ int rc;
+
+ rc = gnutls_session_channel_binding (session, GNUTLS_CB_TLS_UNIQUE, &cb);
+ if (rc)
+ fprintf (stderr, "Channel binding error: %s\n", gnutls_strerror (rc));
+ else
+ {
+ size_t i;
+
+ printf ("- Channel binding 'tls-unique': ");
+ for (i = 0; i < cb.size; i++)
+ printf ("%02x", cb.data[i]);
+ printf ("\n");
+ }
+ }
fflush (stdout);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_3-18-g3f86e31,
Simon Josefsson <=