[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-42-g525b546
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-42-g525b546 |
Date: |
Thu, 19 Apr 2012 18:48:29 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=525b5464e7f86a403a00b8f1362beed0c23ce576
The branch, master has been updated
via 525b5464e7f86a403a00b8f1362beed0c23ce576 (commit)
via fbe778b60d9cf2f49a61d684df269f03cf1cc71b (commit)
via a95147eda9a37fa3ef5d420ceb23f0d6a5024411 (commit)
from 19b093f07c56747842fd4972232af5623b7d7fe5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 525b5464e7f86a403a00b8f1362beed0c23ce576
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Apr 19 20:32:48 2012 +0200
simplified checks.
commit fbe778b60d9cf2f49a61d684df269f03cf1cc71b
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Apr 19 20:27:25 2012 +0200
Return proper error code if parameter check fails.
commit a95147eda9a37fa3ef5d420ceb23f0d6a5024411
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Apr 19 20:26:50 2012 +0200
Added complete check in SRP parameters.
-----------------------------------------------------------------------
Summary of changes:
lib/auth/dh_common.c | 33 +++++++++++------------------
lib/auth/srp.c | 48 ++++++++++++------------------------------
lib/gnutls_dh.c | 55 +++++++++++++++++++++++++++++--------------------
lib/gnutls_dh.h | 4 +-
4 files changed, 61 insertions(+), 79 deletions(-)
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
index 172c7d4..f4bba1a 100644
--- a/lib/auth/dh_common.c
+++ b/lib/auth/dh_common.c
@@ -74,14 +74,10 @@ _gnutls_proc_dh_common_client_kx (gnutls_session_t session,
_gnutls_dh_set_peer_public (session, session->key->client_Y);
- session->key->KEY =
- gnutls_calc_dh_key (session->key->client_Y, session->key->dh_secret, p);
-
- if (session->key->KEY == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ ret =
+ gnutls_calc_dh_key (&session->key->KEY, session->key->client_Y,
session->key->dh_secret, p);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
_gnutls_mpi_release (&session->key->client_Y);
_gnutls_mpi_release (&session->key->dh_secret);
@@ -127,12 +123,11 @@ _gnutls_gen_dh_common_client_kx_int (gnutls_session_t
session, gnutls_buffer_st*
bigint_t x = NULL, X = NULL;
int ret;
- X = gnutls_calc_dh_secret (&x, session->key->client_g,
+ ret = gnutls_calc_dh_secret (&X, &x, session->key->client_g,
session->key->client_p, 0);
- if (X == NULL || x == NULL)
+ if (ret < 0)
{
gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
goto error;
}
@@ -146,13 +141,11 @@ _gnutls_gen_dh_common_client_kx_int (gnutls_session_t
session, gnutls_buffer_st*
}
/* calculate the key after calculating the message */
- session->key->KEY =
- gnutls_calc_dh_key (session->key->client_Y, x, session->key->client_p);
-
- if (session->key->KEY == NULL)
+ ret =
+ gnutls_calc_dh_key (&session->key->KEY, session->key->client_Y, x,
session->key->client_p);
+ if (ret < 0)
{
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
+ gnutls_assert();
goto error;
}
@@ -291,11 +284,11 @@ _gnutls_dh_common_print_server_kx (gnutls_session_t
session,
int ret;
/* Y=g^x mod p */
- Y = gnutls_calc_dh_secret (&x, g, p, q_bits);
- if (Y == NULL || x == NULL)
+ ret = gnutls_calc_dh_secret (&Y, &x, g, p, q_bits);
+ if (ret < 0)
{
gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
+ return ret;
}
session->key->dh_secret = x;
diff --git a/lib/auth/srp.c b/lib/auth/srp.c
index 2bb6191..29ed633 100644
--- a/lib/auth/srp.c
+++ b/lib/auth/srp.c
@@ -62,18 +62,17 @@ const mod_auth_st srp_auth_struct = {
#define V session->key->x
#define S session->key->KEY
-/* Checks if b%n==0 which is a fatal srp error.
+/* Checks if a%n==0,+1,-1%n which is a fatal srp error.
* Returns a proper error code in that case, and 0 when
* all are ok.
*/
inline static int
-check_b_mod_n (bigint_t b, bigint_t n)
+check_param_mod_n (bigint_t a, bigint_t n, int is_a)
{
- int ret;
+ int ret, err = 0;
bigint_t r;
- r = _gnutls_mpi_mod (b, n);
-
+ r = _gnutls_mpi_mod (a, n);
if (r == NULL)
{
gnutls_assert ();
@@ -81,40 +80,21 @@ check_b_mod_n (bigint_t b, bigint_t n)
}
ret = _gnutls_mpi_cmp_ui (r, 0);
+ if (ret == 0) err = 1;
- _gnutls_mpi_release (&r);
-
- if (ret == 0)
+ if (is_a != 0)
{
- gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- return 0;
-}
-
-/* Checks if a%n==0,+1,-1%n which is a fatal srp error.
- * Returns a proper error code in that case, and 0 when
- * all are ok.
- */
-inline static int
-check_a_mod_n (bigint_t a, bigint_t n)
-{
- int ret;
- bigint_t r;
+ ret = _gnutls_mpi_cmp_ui (r, 1);
+ if (ret == 0) err = 1;
- r = _gnutls_mpi_mod (a, n);
- if (r == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
+ _gnutls_mpi_add_ui(r, r, 1);
+ ret = _gnutls_mpi_cmp (r, n);
+ if (ret == 0) err = 1;
}
- ret = _gnutls_mpi_cmp_ui (r, 0);
-
_gnutls_mpi_release (&r);
- if (ret == 0)
+ if (err != 0)
{
gnutls_assert ();
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
@@ -384,7 +364,7 @@ _gnutls_proc_srp_client_kx (gnutls_session_t session,
uint8_t * data,
/* Checks if A % n == 0.
*/
- if ((ret = check_a_mod_n (A, N)) < 0)
+ if ((ret = check_param_mod_n (A, N, 1)) < 0)
{
gnutls_assert ();
return ret;
@@ -938,7 +918,7 @@ _gnutls_proc_srp_server_kx (gnutls_session_t session,
uint8_t * data,
/* Checks if b % n == 0
*/
- if ((ret = check_b_mod_n (B, N)) < 0)
+ if ((ret = check_param_mod_n (B, N, 0)) < 0)
{
gnutls_assert ();
return ret;
diff --git a/lib/gnutls_dh.c b/lib/gnutls_dh.c
index 48dd092..07e9444 100644
--- a/lib/gnutls_dh.c
+++ b/lib/gnutls_dh.c
@@ -45,28 +45,33 @@
/* returns the public value (X), and the secret (ret_x).
*/
-bigint_t
-gnutls_calc_dh_secret (bigint_t * ret_x, bigint_t g, bigint_t prime,
+int
+gnutls_calc_dh_secret (bigint_t* ret_y, bigint_t * ret_x, bigint_t g, bigint_t
unsigned int q_bits)
{
- bigint_t e, x = NULL;
- int x_size;
+ bigint_t e=NULL, x = NULL;
+ unsigned int x_size;
+ int ret;
if (q_bits == 0)
- x_size = _gnutls_mpi_get_nbits (prime) - 1;
+ {
+ x_size = _gnutls_mpi_get_nbits (prime);
+ if (x_size > 0) x_size--;
+ }
else
x_size = q_bits;
- if (x_size > MAX_BITS || x_size <= 0)
+ if (x_size > MAX_BITS || x_size == 0)
{
gnutls_assert ();
- return NULL;
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
}
x = _gnutls_mpi_new(x_size);
if (x == NULL)
{
gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
goto fail;
}
@@ -74,6 +79,7 @@ gnutls_calc_dh_secret (bigint_t * ret_x, bigint_t g, bigint_t
prime,
if (e == NULL)
{
gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
goto fail;
}
@@ -82,6 +88,7 @@ gnutls_calc_dh_secret (bigint_t * ret_x, bigint_t g, bigint_t
prime,
if (_gnutls_mpi_randomize (x, x_size, GNUTLS_RND_RANDOM) == NULL)
{
gnutls_assert();
+ ret = GNUTLS_E_INTERNAL_ERROR;
goto fail;
}
@@ -89,25 +96,26 @@ gnutls_calc_dh_secret (bigint_t * ret_x, bigint_t g,
bigint_t prime,
}
while(_gnutls_mpi_cmp_ui(e, 1) == 0);
- if (ret_x)
- *ret_x = x;
- else
- _gnutls_mpi_release (&x);
- return e;
+ *ret_x = x;
+ *ret_y = e;
+
+ return 0;
fail:
if (x) _gnutls_mpi_release (&x);
- return NULL;
+ if (e) _gnutls_mpi_release (&e);
+ return ret;
}
/* returns f^x mod prime
*/
-bigint_t
-gnutls_calc_dh_key (bigint_t f, bigint_t x, bigint_t prime)
+int
+gnutls_calc_dh_key (bigint_t *key, bigint_t f, bigint_t x, bigint_t prime)
{
- bigint_t k, ff, ret;
- int bits;
+ bigint_t k, ff;
+ unsigned int bits;
+ int ret;
ff = _gnutls_mpi_mod(f, prime);
_gnutls_mpi_add_ui(ff, ff, 1);
@@ -118,15 +126,15 @@ gnutls_calc_dh_key (bigint_t f, bigint_t x, bigint_t
prime)
(_gnutls_mpi_cmp(ff,prime) == 0))
{
gnutls_assert();
- ret = NULL;
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
goto cleanup;
}
bits = _gnutls_mpi_get_nbits (prime);
- if (bits <= 0 || bits > MAX_BITS)
+ if (bits == 0 || bits > MAX_BITS)
{
gnutls_assert ();
- ret = NULL;
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
goto cleanup;
}
@@ -134,14 +142,15 @@ gnutls_calc_dh_key (bigint_t f, bigint_t x, bigint_t
prime)
if (k == NULL)
{
gnutls_assert();
- ret = NULL;
+ ret = GNUTLS_E_MEMORY_ERROR;
goto cleanup;
}
_gnutls_mpi_powm (k, f, x, prime);
- ret = k;
-
+ *key = k;
+
+ ret = 0;
cleanup:
_gnutls_mpi_release (&ff);
diff --git a/lib/gnutls_dh.h b/lib/gnutls_dh.h
index fdd659e..e0e699b 100644
--- a/lib/gnutls_dh.h
+++ b/lib/gnutls_dh.h
@@ -24,9 +24,9 @@
#define GNUTLS_DH_H
const bigint_t *_gnutls_dh_params_to_mpi (gnutls_dh_params_t);
-bigint_t gnutls_calc_dh_secret (bigint_t * ret_x, bigint_t g, bigint_t prime,
+int gnutls_calc_dh_secret (bigint_t *ret_y, bigint_t * ret_x, bigint_t g, bigin
unsigned int q_bits);
-bigint_t gnutls_calc_dh_key (bigint_t f, bigint_t x, bigint_t prime);
+int gnutls_calc_dh_key (bigint_t* key, bigint_t f, bigint_t x, bigint_t prime);
gnutls_dh_params_t
_gnutls_get_dh_params (gnutls_dh_params_t dh_params,
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-42-g525b546,
Nikos Mavrogiannopoulos <=