[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-28-g502cd0b
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-28-g502cd0b |
|
Date: |
Fri, 13 Apr 2012 18:54:31 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=502cd0be949618aff5ea8877014b0d7bf74d069f
The branch, master has been updated
via 502cd0be949618aff5ea8877014b0d7bf74d069f (commit)
via 4d94d3d5ca1573af70a3638552daa4f1196e4d74 (commit)
via 6e317263a4f5031346a63b0e814192a9e2298609 (commit)
via 8b49373a3a383326cdecd0af5edd31ac06e320d7 (commit)
via 300a55eb94d9ff7ab45916a2422e2495d4caccac (commit)
via 4b9169e8900bfacbc688f4d68911b10f3240cc8a (commit)
from d2568a57b69140d654c5c86660d9cbc246862aba (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 502cd0be949618aff5ea8877014b0d7bf74d069f
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Apr 13 20:53:56 2012 +0200
no abi change in 3.0.19
commit 4d94d3d5ca1573af70a3638552daa4f1196e4d74
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Apr 13 20:53:28 2012 +0200
text for 3.1.0
commit 6e317263a4f5031346a63b0e814192a9e2298609
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Apr 13 20:45:20 2012 +0200
gnutls_record_check_unprocessed is now inline function.
commit 8b49373a3a383326cdecd0af5edd31ac06e320d7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Apr 13 20:41:22 2012 +0200
optimized usage of gnutls_rnd()
-----------------------------------------------------------------------
Summary of changes:
NEWS | 15 ++++-
gl/tests/ioctl.c | 4 +
lib/gnutls_buffers.c | 16 -----
lib/gnutls_buffers.h | 16 +++++
lib/gnutls_cipher.c | 123 ++++++++++++++++++++-------------------
lib/gnutls_handshake.c | 4 +-
lib/includes/gnutls/gnutls.h.in | 1 -
lib/nettle/rnd.c | 27 ++++-----
8 files changed, 107 insertions(+), 99 deletions(-)
diff --git a/NEWS b/NEWS
index fb1b7c2..44de26e 100644
--- a/NEWS
+++ b/NEWS
@@ -2,13 +2,19 @@ GnuTLS NEWS -- History of user-visible changes.
-*- outline -*-
Copyright (C) 2000-2012 Free Software Foundation, Inc.
See the end for copying conditions.
+* Version 3.1.0 (unreleased)
+
+** libgnutls: xxx
+
+** API and ABI modifications:
+No changes since last version.
+
+
* Version 3.0.19 (unreleased)
** libgnutls: gnutls_record_check_pending() no longer
returns unprocessed data, and thus ensure the non-blocking
-of the next call to gnutls_record_recv(). To compensate
-for unprocessed data, the gnutls_record_check_unprocessed()
-was added.
+of the next call to gnutls_record_recv().
** libgnutls: in ECDSA and DSA TLS 1.2 authentication be less
strict in hash selection, and allow a stronger hash to
@@ -19,7 +25,8 @@ with openssl.
in pkcs12 decoding tests.
** API and ABI modifications:
-gnutls_record_check_unprocessed: Added
+No changes since last version.
+
* Version 3.0.18 (released 2012-04-02)
diff --git a/gl/tests/ioctl.c b/gl/tests/ioctl.c
index 2e51c92..4a2fd39 100644
--- a/gl/tests/ioctl.c
+++ b/gl/tests/ioctl.c
@@ -46,6 +46,10 @@ rpl_ioctl (int fd, int request, ... /* {void *,char *} arg
*/)
# include <errno.h>
+/* Get HANDLE. */
+# define WIN32_LEAN_AND_MEAN
+# include <windows.h>
+
# include "fd-hook.h"
/* Get _get_osfhandle. */
# include "msvc-nothrow.h"
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index a7c00ca..d1c2693 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -96,22 +96,6 @@ gnutls_record_check_pending (gnutls_session_t session)
return _gnutls_record_buffer_get_size (session);
}
-/**
- * gnutls_record_check_unprocessed:
- * @session: is a #gnutls_session_t structure.
- *
- * This function checks if there are unprocessed data
- * in the gnutls record buffers. Those data might not
- * be complete records.
- *
- * Returns: Returns the size of the data or zero.
- **/
-size_t
-gnutls_record_check_unprocessed (gnutls_session_t session)
-{
- return session->internals.record_recv_buffer.byte_length;
-}
-
int
_gnutls_record_buffer_get (content_type_t type,
gnutls_session_t session, uint8_t * data,
diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h
index a34cc00..04a89eb 100644
--- a/lib/gnutls_buffers.h
+++ b/lib/gnutls_buffers.h
@@ -34,6 +34,22 @@ _gnutls_record_buffer_get_size (gnutls_session_t session)
return session->internals.record_buffer.byte_length;
}
+/*-
+ * record_check_unprocessed:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function checks if there are unprocessed data
+ * in the gnutls record buffers. Those data might not
+ * be complete records.
+ *
+ * Returns: Returns the size of the data or zero.
+ -*/
+inline static size_t
+record_check_unprocessed (gnutls_session_t session)
+{
+ return session->internals.record_recv_buffer.byte_length;
+}
+
int _gnutls_record_buffer_get (content_type_t type,
gnutls_session_t session, uint8_t * data,
size_t length, uint8_t seq[8]);
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 618aab2..e791003 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -194,58 +194,52 @@ leave:
inline static int
-calc_enc_length (gnutls_session_t session, int data_size,
- int hash_size, uint8_t * pad, int random_pad,
- unsigned block_algo, unsigned auth_cipher, uint16_t blocksize)
+calc_enc_length_block (gnutls_session_t session, int data_size,
+ int hash_size, uint8_t * pad,
+ unsigned auth_cipher, uint16_t blocksize)
{
- uint8_t rnd;
+ uint8_t rnd = *pad;
unsigned int length;
- int ret;
*pad = 0;
- switch (block_algo)
+ /* make rnd a multiple of blocksize */
+ if (session->security_parameters.version == GNUTLS_SSL3)
{
- case CIPHER_STREAM:
- length = data_size + hash_size;
- if (auth_cipher)
- length += AEAD_EXPLICIT_DATA_SIZE;
+ rnd = 0;
+ }
+
+ if (rnd > 0)
+ {
+ rnd = (rnd / blocksize) * blocksize;
+ /* added to avoid the case of pad calculated 0
+ * seen below for pad calculation.
+ */
+ if (rnd > blocksize)
+ rnd -= blocksize;
+ }
- break;
- case CIPHER_BLOCK:
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, &rnd, 1);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ length = data_size + hash_size;
- /* make rnd a multiple of blocksize */
- if (session->security_parameters.version == GNUTLS_SSL3 ||
- random_pad == 0)
- {
- rnd = 0;
- }
- else
- {
- rnd = (rnd / blocksize) * blocksize;
- /* added to avoid the case of pad calculated 0
- * seen below for pad calculation.
- */
- if (rnd > blocksize)
- rnd -= blocksize;
- }
+ *pad = (uint8_t) (blocksize - (length % blocksize)) + rnd;
- length = data_size + hash_size;
+ length += *pad;
+ if (_gnutls_version_has_explicit_iv
+ (session->security_parameters.version))
+ length += blocksize; /* for the IV */
- *pad = (uint8_t) (blocksize - (length % blocksize)) + rnd;
+ return length;
+}
- length += *pad;
- if (_gnutls_version_has_explicit_iv
- (session->security_parameters.version))
- length += blocksize; /* for the IV */
+inline static int
+calc_enc_length_stream (gnutls_session_t session, int data_size,
+ int hash_size, unsigned auth_cipher)
+{
+ unsigned int length;
- break;
- default:
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- }
+ length = data_size + hash_size;
+ if (auth_cipher)
+ length += AEAD_EXPLICIT_DATA_SIZE;
return length;
}
@@ -295,7 +289,7 @@ compressed_to_ciphertext (gnutls_session_t session,
record_parameters_st * params)
{
uint8_t * tag_ptr = NULL;
- uint8_t pad;
+ uint8_t pad = 0;
int length, length_to_encrypt, ret;
uint8_t preamble[MAX_PREAMBLE_SIZE];
int preamble_size;
@@ -307,15 +301,9 @@ compressed_to_ciphertext (gnutls_session_t session,
int ver = gnutls_protocol_get_version (session);
int explicit_iv = _gnutls_version_has_explicit_iv
(session->security_parameters.version);
int auth_cipher = _gnutls_auth_cipher_is_aead(¶ms->write.cipher_state);
- int random_pad;
-
- /* We don't use long padding if requested or if we are in DTLS.
- */
- if (session->internals.priorities.no_padding == 0 && (!IS_DTLS(session)))
- random_pad = 1;
- else
- random_pad = 0;
-
+ uint8_t nonce[MAX_CIPHER_BLOCK_SIZE+1];
+
+
_gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n",
session, gnutls_cipher_get_name(params->cipher_algorithm),
gnutls_mac_get_name(params->mac_algorithm),
(unsigned int)params->epoch);
@@ -327,9 +315,28 @@ compressed_to_ciphertext (gnutls_session_t session,
/* Calculate the encrypted length (padding etc.)
*/
- length_to_encrypt = length =
- calc_enc_length (session, compressed->size, tag_size, &pad,
- random_pad, block_algo, auth_cipher, blocksize);
+ if (block_algo == CIPHER_BLOCK)
+ {
+ /* Call _gnutls_rnd() once. Get data used for the IV + 1 for
+ * the random padding.
+ */
+ ret = _gnutls_rnd (GNUTLS_RND_NONCE, nonce, blocksize+1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* We don't use long padding if requested or if we are in DTLS.
+ */
+ if (session->internals.priorities.no_padding == 0 && !IS_DTLS(session))
+ pad = nonce[blocksize];
+
+ length_to_encrypt = length =
+ calc_enc_length_block (session, compressed->size, tag_size, &pad,
+ auth_cipher, blocksize);
+ }
+ else
+ length_to_encrypt = length =
+ calc_enc_length_stream (session, compressed->size, tag_size,
+ auth_cipher);
if (length < 0)
{
return gnutls_assert_val(length);
@@ -346,15 +353,11 @@ compressed_to_ciphertext (gnutls_session_t session,
if (explicit_iv)
{
-
if (block_algo == CIPHER_BLOCK)
{
/* copy the random IV.
*/
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, data_ptr, blocksize);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
+ memcpy(data_ptr, nonce, blocksize);
_gnutls_auth_cipher_setiv(¶ms->write.cipher_state, data_ptr,
blocksize);
data_ptr += blocksize;
@@ -363,8 +366,6 @@ compressed_to_ciphertext (gnutls_session_t session,
}
else if (auth_cipher)
{
- uint8_t nonce[blocksize];
-
/* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
*/
if (params->write.IV.data == NULL || params->write.IV.size !=
AEAD_IMPLICIT_DATA_SIZE)
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 8dc3264..25520c4 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2682,7 +2682,7 @@ _gnutls_recv_handshake_final (gnutls_session_t session,
int init)
* wait for a message and retransmit if needed. */
if (IS_DTLS(session) && !_dtls_is_async(session) &&
(gnutls_record_check_pending (session) +
- gnutls_record_check_unprocessed (session)) == 0)
+ record_check_unprocessed (session)) == 0)
{
ret = _dtls_wait_and_retransmit(session);
if (ret < 0)
@@ -2720,7 +2720,7 @@ _gnutls_recv_handshake_final (gnutls_session_t session,
int init)
if (IS_DTLS(session) && !_dtls_is_async(session) &&
(gnutls_record_check_pending( session) +
- gnutls_record_check_unprocessed (session)) == 0)
+ record_check_unprocessed (session)) == 0)
{
ret = _dtls_wait_and_retransmit(session);
if (ret < 0)
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index be85dc9..035f638 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -857,7 +857,6 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
ssize_t gnutls_record_set_max_size (gnutls_session_t session, size_t size);
size_t gnutls_record_check_pending (gnutls_session_t session);
- size_t gnutls_record_check_unprocessed (gnutls_session_t session);
int gnutls_prf (gnutls_session_t session,
size_t label_size, const char *label,
diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c
index bdc723f..c00726e 100644
--- a/lib/nettle/rnd.c
+++ b/lib/nettle/rnd.c
@@ -447,23 +447,20 @@ wrap_nettle_rnd (void *_ctx, int level, void *data,
size_t datasize)
RND_LOCK;
- if (level != GNUTLS_RND_NONCE)
+ ret = do_trivia_source (0);
+ if (ret < 0)
{
- ret = do_trivia_source (0);
- if (ret < 0)
- {
- RND_UNLOCK;
- gnutls_assert ();
- return ret;
- }
+ RND_UNLOCK;
+ gnutls_assert ();
+ return ret;
+ }
- ret = do_device_source (0);
- if (ret < 0)
- {
- RND_UNLOCK;
- gnutls_assert ();
- return ret;
- }
+ ret = do_device_source (0);
+ if (ret < 0)
+ {
+ RND_UNLOCK;
+ gnutls_assert ();
+ return ret;
}
yarrow256_random (&yctx, datasize, data);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-28-g502cd0b,
Nikos Mavrogiannopoulos <=