corrections in SRP and ANON authentication.

Also corrections in the session packing for anonymous auth info.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2001-12-17 15:49:09 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2001-12-17 15:49:09 +0000
commit: 031ba98090dcf9818175c320f761ee294d897894 (patch)
tree: cdfcb3fa0c959b740b0f3be27501446ea5611a49
parent: b2aa28875f2c5d8af89b82e2a067171c679ef317 (diff)
download: gnutls-031ba98090dcf9818175c320f761ee294d897894.tar.gz
5 files changed, 26 insertions, 39 deletions
diff --git a/lib/auth_anon.c b/lib/auth_anon.c
index 54fee1a93e..ba88ca3c78 100644
--- a/lib/auth_anon.c
+++ b/lib/auth_anon.c
@@ -212,10 +212,6 @@ int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) {
 	DECR_LEN( data_size, n_g);
 	data_g = &data[i];
 	i += n_g;
-	if (i > data_size) {
-		gnutls_assert();
-		return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-	}
 	
 	DECR_LEN( data_size, 2);
 	n_Y = READuint16( &data[i]);
@@ -224,10 +220,7 @@ int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) {
 	DECR_LEN( data_size, n_Y);
 	data_Y = &data[i];
 	i += n_Y;
-	if (i > data_size) {
-		gnutls_assert();
-		return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-	}
+
 	_n_Y = n_Y;
 	_n_g = n_g;
 	_n_p = n_p;
@@ -247,10 +240,18 @@ int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) {
 	}
 
 	/* set auth_info */
-	state->gnutls_key->auth_info = gnutls_malloc(sizeof(ANON_CLIENT_AUTH_INFO));
+	if (state->gnutls_key->auth_info==NULL)
+		state->gnutls_key->auth_info = gnutls_malloc(sizeof(ANON_CLIENT_AUTH_INFO));
+	else
+		if (gnutls_auth_get_type( state) != state->gnutls_key->auth_info_type) {
+	        	gnutls_assert();
+	                return GNUTLS_E_INVALID_REQUEST;
+		}	                         	 			 			
+
 	if (state->gnutls_key->auth_info==NULL) return GNUTLS_E_MEMORY_ERROR;
 	((ANON_CLIENT_AUTH_INFO)state->gnutls_key->auth_info)->dh_bits = gcry_mpi_get_nbits(state->gnutls_key->client_p);
 	state->gnutls_key->auth_info_size = sizeof(ANON_CLIENT_AUTH_INFO_INT);
+	state->gnutls_key->auth_info_type = GNUTLS_ANON;
 
 	/* We should check signature in non-anonymous KX 
 	 * this is anonymous however
diff --git a/lib/auth_srp.c b/lib/auth_srp.c
index 61f077baf9..0e67f5aad0 100644
--- a/lib/auth_srp.c
+++ b/lib/auth_srp.c
@@ -346,10 +346,6 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size
 	DECR_LEN( data_size, n_n);
 	data_n = &data[i];
 	i += n_n;
-	if (i > data_size) {
-		gnutls_assert();
-		return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-	}
 	
 	DECR_LEN( data_size, 2);
 	n_s = READuint16( &data[i]);
@@ -358,10 +354,7 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size
 	DECR_LEN( data_size, n_s);
 	data_s = &data[i];
 	i += n_s;
-	if (i > data_size) {
-		gnutls_assert();
-		return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-	}
+
 	_n_s = n_s;
 	_n_g = n_g;
 	_n_n = n_n;
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 0fdff071e7..3f8c0315b7 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -559,7 +559,6 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty
 	}
 
 	if (state->gnutls_internals.valid_connection == VALID_FALSE || state->gnutls_internals.may_write != 0) {
-		gnutls_assert();
 		return GNUTLS_E_INVALID_SESSION;
 	}
 
@@ -716,7 +715,6 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty
 	ret = 0;
 
 	if (sizeofdata == 0 || data == NULL) {
-		gnutls_assert();
 		return GNUTLS_E_INVALID_PARAMETERS;
 	}
 
diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c
index da5cfad1d9..c7f0b25589 100644
--- a/lib/gnutls_session_pack.c
+++ b/lib/gnutls_session_pack.c
@@ -84,12 +84,11 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session)
 			if (info == NULL && state->gnutls_key->auth_info_size!=0)
 				return GNUTLS_E_INVALID_PARAMETERS;
 
-			pack_size = state->gnutls_key->auth_info_size;
 			packed_session->size =
-			    PACK_HEADER_SIZE + pack_size + sizeof(uint32);
+			    PACK_HEADER_SIZE + state->gnutls_key->auth_info_size + sizeof(uint32);
 
 			packed_session->data[0] = GNUTLS_ANON;
-			WRITEuint32(pack_size,
+			WRITEuint32(state->gnutls_key->auth_info_size,
 				    &packed_session->
 				    data[PACK_HEADER_SIZE]);
 			
@@ -97,7 +96,7 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session)
 				memcpy(&packed_session->
 				       data[PACK_HEADER_SIZE + sizeof(uint32)],
 				       info, state->gnutls_key->auth_info_size);
-
+			
 		}
 		break;
 	case GNUTLS_X509PKI:{
@@ -196,9 +195,8 @@ int _gnutls_session_unpack(GNUTLS_STATE state,
 			}
 			
 			state->gnutls_key->auth_info =
-			    gnutls_calloc(1,
-					  sizeof
-					  (SRP_SERVER_AUTH_INFO_INT));
+			    gnutls_malloc( pack_size);
+
 			if (state->gnutls_key->auth_info == NULL) {
 				gnutls_assert();
 				return GNUTLS_E_MEMORY_ERROR;
@@ -210,7 +208,7 @@ int _gnutls_session_unpack(GNUTLS_STATE state,
 			memcpy(state->gnutls_key->auth_info,
 			       &packed_session->data[PACK_HEADER_SIZE +
 						     sizeof(uint32)],
-			       sizeof(SRP_SERVER_AUTH_INFO_INT));
+			       pack_size);
 		}
 		break;
 	case GNUTLS_ANON:{
@@ -226,19 +224,17 @@ int _gnutls_session_unpack(GNUTLS_STATE state,
 			}
 
 			state->gnutls_key->auth_info =
-			    gnutls_calloc(1,
-					  sizeof
-					  (ANON_CLIENT_AUTH_INFO_INT));
+			    gnutls_malloc( pack_size);
+
 			if (state->gnutls_key->auth_info == NULL) {
 				gnutls_assert();
 				return GNUTLS_E_MEMORY_ERROR;
 			}
-			state->gnutls_key->auth_info_size =
-			    sizeof(ANON_CLIENT_AUTH_INFO_INT);
+			state->gnutls_key->auth_info_size = pack_size;
 
 			memcpy(state->gnutls_key->auth_info,
-			       &packed_session->data[PACK_HEADER_SIZE],
-			       sizeof(ANON_CLIENT_AUTH_INFO_INT));
+			       &packed_session->data[PACK_HEADER_SIZE + sizeof(uint32)],
+			       pack_size);
 		}
 		break;
 	case GNUTLS_X509PKI:{
@@ -254,8 +250,8 @@ int _gnutls_session_unpack(GNUTLS_STATE state,
 			}
 
 			state->gnutls_key->auth_info =
-			    gnutls_calloc(1,
-					  sizeof(X509PKI_AUTH_INFO_INT));
+			    gnutls_malloc( sizeof(X509PKI_AUTH_INFO_INT));
+			    
 			if (state->gnutls_key->auth_info == NULL) {
 				gnutls_assert();
 				return GNUTLS_E_MEMORY_ERROR;
diff --git a/src/cli.c b/src/cli.c
index 350df43208..f44e49c305 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -69,7 +69,7 @@ int cert_list_size = 0;
 		case GNUTLS_ANON:
 			printf("- Anonymous DH using prime of %d bits\n",
 			       gnutls_anon_client_get_dh_bits( state));
-
+			break;
 		case GNUTLS_X509PKI:
 			cert_list = gnutls_x509pki_client_get_peer_certificate_list( state, &cert_list_size);
 			status = gnutls_x509pki_client_get_peer_certificate_status( state);
@@ -149,8 +149,7 @@ static int cert_callback( GNUTLS_STATE state, const gnutls_datum *client_certs,
 }
 
 const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
-//const int kx_priority[] = { GNUTLS_KX_X509PKI_RSA, GNUTLS_KX_X509PKI_DHE_RSA, GNUTLS_KX_SRP, GNUTLS_KX_ANON_DH, 0 };
-const int kx_priority[] = { GNUTLS_KX_SRP, GNUTLS_KX_ANON_DH, 0 };
+const int kx_priority[] = { GNUTLS_KX_X509PKI_RSA, GNUTLS_KX_X509PKI_DHE_RSA, GNUTLS_KX_SRP, GNUTLS_KX_ANON_DH, 0 };
 const int cipher_priority[] = { GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0};
 const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
 const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2001-12-17 15:49:09 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2001-12-17 15:49:09 +0000
commit	031ba98090dcf9818175c320f761ee294d897894 (patch)
tree	cdfcb3fa0c959b740b0f3be27501446ea5611a49
parent	b2aa28875f2c5d8af89b82e2a067171c679ef317 (diff)
download	gnutls-031ba98090dcf9818175c320f761ee294d897894.tar.gz