[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Problem with anonymous authentication
|
From: |
Alexei Boyarchenko |
|
Subject: |
Re: [Help-gnutls] Problem with anonymous authentication |
|
Date: |
Tue, 8 Jun 2004 14:59:46 +0400 (MSD) |
> This shouldn't have happened. Could you trace where this happens?
Sorry for my bad English again!!!!
I think i've found a bug! (maybe i am right maybe not :) )
Version: gnutls-1.0.9
Look!
if after initialisation we have:
&anon_serv_cred = 0x0053a754
and at that adress we have 0x00935610 -- adress of anon_serv_cred
anon_serv_cred = 0x00935610
and at that adress we have 0x00935420 -- adress of global_dh_params
0x00000000 -- NULL !!!!!!!!!!
global_dh_params = 0x00935420
and at that adress we have 0x00935420 -- not NULL! adress of
global_dh_params->params[0]
0x00952620 -- not NULL! adress of
global_dh_params->params[1]
when we call function check_server_params in gnutls_handshake.c
.......
else if ( cred_type == GNUTLS_CRD_ANON) {
anon_cred =
_gnutls_get_cred(session->key, cred_type, NULL); //!!!!!
if (anon_cred != NULL) {
dh_params = anon_cred->dh_params; //!!
}
} else return 0; /* no need for params */
/* If the key exchange method needs RSA or DH params,
* but they are not set then remove it.
*/
if (_gnutls_kx_needs_rsa_params( kx) != 0) {
/* needs rsa params. */
if (_gnutls_get_rsa_params( rsa_params)==NULL)
return 1;
}
if (_gnutls_kx_needs_dh_params( kx) != 0) {
/* needs DH params. */
if (_gnutls_get_dh_params( dh_params)==NULL)
return 1;
}
.....
we get anon_cred = &anon_serv_cred = 0x0053a754
and at that adress we have 0x00935610 adress of anon_serv_cred (but not
global_dh_params!!!)
so when we do
if (anon_cred != NULL) {
dh_params = anon_cred->dh_params; //!!
}
dh_params = 0x00935610 but this is adress of anon_serv_cred and not adress
of global_dh_params !!!!
And we get dh_params = anon_serv_cred = 0x00935610
at that adress we have 0x00935420 -- adress of global_dh_params
0x00000000 -- NULL !!!!!!!!!!
So we get _gnutls_get_dh_params( dh_params)==NULL !!!!!!!!!
I changed this code in this way:
void** MyTmp;
.....
else if ( cred_type == GNUTLS_CRD_ANON) {
MyTmp =
_gnutls_get_cred(session->key, cred_type, NULL);
if (MyTmp != NULL) {
anon_cred = *MyTmp;
dh_params = anon_cred->dh_params;
}
} else return 0; /* no need for params */
/* If the key exchange method needs RSA or DH params,
* but they are not set then remove it.
*/
if (_gnutls_kx_needs_rsa_params( kx) != 0) {
/* needs rsa params. */
if (_gnutls_get_rsa_params( rsa_params)==NULL)
return 1;
}
if (_gnutls_kx_needs_dh_params( kx) != 0) {
/* needs DH params. */
if (_gnutls_get_dh_params( dh_params)==NULL)
return 1;
}
......
and it works fine!!!
Also i had to correct function gen_anon_server_kx in anon_auth.c :
....
gnutls_dh_params dh_params;
const gnutls_anon_server_credentials cred;
void** MyTmp;
MyTmp = _gnutls_get_cred(session->key, GNUTLS_CRD_ANON, NULL);
if (MyTmp == NULL) {
gnutls_assert();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
cred = *MyTmp;
dh_params = _gnutls_anon_get_dh_params( cred, session);
....
And eventually I recieved completely working server with anonymous
authentication.