diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-30 15:00:23 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-30 15:00:23 +0000 |
commit | eb35719c3e84cf138629681530fb0de58c27e0a5 (patch) | |
tree | 2526fc7706c08bc7a90525268155915d8e352cf4 | |
parent | d92b77866b3bcb9eb1544d86e236a35d295ffe1f (diff) | |
download | gnutls-eb35719c3e84cf138629681530fb0de58c27e0a5.tar.gz |
Some fixes in the certificate authenticated SRP ciphersuites.
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | doc/tex/srp.tex | 15 | ||||
-rw-r--r-- | lib/gnutls_cipher.c | 6 | ||||
-rw-r--r-- | libextra/auth_srp.c | 16 | ||||
-rw-r--r-- | src/cli.c | 5 |
5 files changed, 29 insertions, 14 deletions
@@ -1,5 +1,6 @@ Version 1.0.0 - Exported the static SRP group parameters. +- Some fixes in the certificate authenticated SRP ciphersuites. Version 0.9.99 (28/11/2003) - Some fixes in the gnutls.h header for the gnutls_server_name_set() diff --git a/doc/tex/srp.tex b/doc/tex/srp.tex index d25b41a30f..6d806af19f 100644 --- a/doc/tex/srp.tex +++ b/doc/tex/srp.tex @@ -42,14 +42,23 @@ authenticated using a certificate with RSA parameters. \end{figure} -The default behaviour of \gnutls{} is to read the usernames and -SRP verifiers from password files. These password files are the ones used +If clients supporting SRP know the username and password before the connection, +should initialize the client credentials and call the +function \printfunc{gnutls_srp_set_client_credentials}{gnutls\_srp\_set\_client\_credentials}. +Alternatively they could probe the server for SRP support, by enabling +the SRP key exchange method, and specifying empty credentials. If the server +supports SRP an alert of type GNUTLS\_A\_MISSING\_SRP\_USERNAME will be +received, which allows the client to read the username and password from the +user, set the credentials and repeat the handshake procedure. +\par +In server side the default behaviour of \gnutls{} is to read the usernames +and SRP verifiers from password files. These password files are the ones used by the \emph{srp libraries} and can be specified using the \printfunc{gnutls_srp_set_server_credentials_file}{gnutls\_srp\_set\_server\_credentials\_file}. If a different password file format is to be used, then the function \printfunc{gnutls_srp_set_server_credentials_function}{gnutls\_srp\_set\_server\_credentials\_function}, should be called, in order to set an appropriate callback. - +\par Some helper functions such as \begin{itemize} \item \printfunc{gnutls_srp_verifier}{gnutls\_srp\_verifier} diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 4ac9540eec..3c7eabdd70 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -408,7 +408,6 @@ int _gnutls_ciphertext2compressed(gnutls_session session, if ( ver == GNUTLS_TLS1) for (i=2;i<pad;i++) { if (ciphertext.data[ciphertext.size-i] != ciphertext.data[ciphertext.size - 1]) { - gnutls_assert(); pad_failed = GNUTLS_E_DECRYPTION_FAILED; } } @@ -419,15 +418,14 @@ int _gnutls_ciphertext2compressed(gnutls_session session, return GNUTLS_E_INTERNAL_ERROR; } - /* copy the decrypted stuff to compress_data. */ if (compress_size < length) { gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + return GNUTLS_E_INTERNAL_ERROR; } - memcpy( compress_data, ciphertext.data, length); + memcpy( compress_data, ciphertext.data, length); c_length = _gnutls_conv_uint16((uint16) length); diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c index 9abd02ae60..f887392bda 100644 --- a/libextra/auth_srp.c +++ b/libextra/auth_srp.c @@ -394,9 +394,9 @@ static const unsigned char srp_params_1024[] = { static const unsigned char srp_generator = 0x02; const gnutls_datum gnutls_srp_1024_group_prime = { - srp_params_1024, sizeof(srp_params_1024) }; + (void*)srp_params_1024, sizeof(srp_params_1024) }; const gnutls_datum gnutls_srp_1024_group_generator = { - &srp_generator, sizeof(srp_generator) }; + (void*)&srp_generator, sizeof(srp_generator) }; static const unsigned char srp_params_1536[] = { 0x9D, 0xEF, 0x3C, 0xAF, 0xB9, 0x39, 0x27, 0x7A, 0xB1, @@ -424,9 +424,9 @@ static const unsigned char srp_params_1536[] = { }; const gnutls_datum gnutls_srp_1536_group_prime = { - srp_params_1536, sizeof(srp_params_1536) }; + (void*)srp_params_1536, sizeof(srp_params_1536) }; const gnutls_datum gnutls_srp_1536_group_generator = { - &srp_generator, sizeof(srp_generator) }; + (void*)&srp_generator, sizeof(srp_generator) }; static const unsigned char srp_params_2048[] = { 0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B, 0xF1, @@ -461,9 +461,9 @@ static const unsigned char srp_params_2048[] = { }; const gnutls_datum gnutls_srp_2048_group_prime = { - srp_params_2048, sizeof(srp_params_2048) }; + (void*)srp_params_2048, sizeof(srp_params_2048) }; const gnutls_datum gnutls_srp_2048_group_generator = { - &srp_generator, sizeof(srp_generator) }; + (void*)&srp_generator, sizeof(srp_generator) }; /* Check if G and N are parameters from the SRP draft. @@ -647,7 +647,9 @@ int _gnutls_proc_srp_server_kx(gnutls_session state, opaque * data, size_t _data } - return 0; + return i; /* return the processed data + * needed in auth_srp_rsa. + */ } #endif /* ENABLE_SRP */ @@ -232,6 +232,11 @@ static int handle_error(socket_st hd, int err) if (str == NULL) str = str_unknown; printf("*** Received alert [%d]: %s\n", alert, str); + /* In SRP if the alert is MISSING_SRP_USERNAME, + * we should read the username/password and + * call gnutls_handshake(). This is not implemented + * here. + */ } check_rehandshake(hd, ret); |