diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-02-27 17:51:57 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-02-27 17:51:57 +0000 |
commit | e491747808c5e1f389433d8869a8f125b2b2021e (patch) | |
tree | c0cf9bbfb931749864ebd7f6ce09aae5c4ad8c88 | |
parent | b0e62fa82305af837cef118da070bf20c1aee3c1 (diff) | |
download | gnutls-e491747808c5e1f389433d8869a8f125b2b2021e.tar.gz |
Corrected bug in mutual certificate authentication in SSL 3.0.
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | includes/gnutls/compat8.h | 2 | ||||
-rw-r--r-- | lib/auth_cert.c | 2 | ||||
-rw-r--r-- | lib/gnutls_cipher.c | 4 | ||||
-rw-r--r-- | lib/gnutls_constate.c | 2 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 41 | ||||
-rw-r--r-- | lib/gnutls_hash_int.c | 1 | ||||
-rw-r--r-- | lib/gnutls_kx.c | 13 | ||||
-rw-r--r-- | lib/gnutls_kx.h | 2 | ||||
-rw-r--r-- | lib/gnutls_sig.c | 28 |
10 files changed, 67 insertions, 31 deletions
@@ -1,3 +1,6 @@ +Version 1.0.8 +- Corrected bug in mutual certificate authentication in SSL 3.0. + Version 1.0.7 (25/02/2004) - Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection hack). diff --git a/includes/gnutls/compat8.h b/includes/gnutls/compat8.h index 3b34f449d3..96dc2c7765 100644 --- a/includes/gnutls/compat8.h +++ b/includes/gnutls/compat8.h @@ -83,4 +83,6 @@ int gnutls_dh_params_generate( gnutls_datum* prime, gnutls_datum* generator, int #define gnutls_certificate_set_rsa_params gnutls_certificate_set_rsa_export_params +#define GNUTLS_CERT_NOT_TRUSTED GNUTLS_CERT_INVALID + #endif diff --git a/lib/auth_cert.c b/lib/auth_cert.c index de770cc358..f35bfaeeef 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -242,7 +242,7 @@ uint size; if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509) return 0; - do { + if (data_size > 0) do { /* This works like DECR_LEN() */ result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 259f7a67a3..487519bede 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -166,6 +166,8 @@ mac_init( gnutls_mac_algorithm mac, opaque* secret, int secret_size, int ver) { GNUTLS_MAC_HANDLE td; + if (mac == GNUTLS_MAC_NULL) return GNUTLS_MAC_FAILED; + if ( ver == GNUTLS_SSL3) { /* SSL 3.0 */ td = _gnutls_mac_init_ssl3( mac, secret, @@ -174,7 +176,7 @@ GNUTLS_MAC_HANDLE td; td = _gnutls_hmac_init( mac, secret, secret_size); } - + return td; } diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index bc7b9ae6da..b951b1325d 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -440,7 +440,7 @@ int _gnutls_connection_state_init(gnutls_session session) /* Setup the master secret */ - if ((ret = _gnutls_generate_master(session)) < 0) { + if ((ret = _gnutls_generate_master(session, 0), 0) < 0) { gnutls_assert(); return ret; } diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 9d9de3d230..aa16bab583 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -60,7 +60,9 @@ #define FALSE 0 int _gnutls_server_select_comp_method(gnutls_session session, - opaque * data, int datalen); + opaque * data, int datalen); +inline static +void _gnutls_ssl3_hash_extra_data( gnutls_session session, int type, GNUTLS_MAC_HANDLE td); /* Clears the handshake hash buffers and handles. @@ -132,15 +134,11 @@ void _gnutls_set_client_random(gnutls_session session, uint8 * random) /* Calculate The SSL3 Finished message */ -#define SSL3_CLIENT_MSG "CLNT" -#define SSL3_SERVER_MSG "SRVR" -#define SSL_MSG_LEN 4 + static int _gnutls_ssl3_finished(gnutls_session session, int type, opaque * ret) { - const int siz = SSL_MSG_LEN; GNUTLS_MAC_HANDLE td_md5; GNUTLS_MAC_HANDLE td_sha; - const char *mesg; td_md5 = _gnutls_hash_copy( session->internals.handshake_mac_handle_md5); if (td_md5 == NULL) { @@ -155,14 +153,8 @@ static int _gnutls_ssl3_finished(gnutls_session session, int type, opaque * ret) return GNUTLS_E_HASH_FAILED; } - if (type == GNUTLS_SERVER) { - mesg = SSL3_SERVER_MSG; - } else { - mesg = SSL3_CLIENT_MSG; - } - - _gnutls_hash(td_md5, mesg, siz); - _gnutls_hash(td_sha, mesg, siz); + _gnutls_ssl3_hash_extra_data( session, type, td_md5); + _gnutls_ssl3_hash_extra_data( session, type, td_sha); _gnutls_mac_deinit_ssl3_handshake(td_md5, ret, session->security_parameters.master_secret, TLS_MASTER_SIZE); _gnutls_mac_deinit_ssl3_handshake(td_sha, &ret[16], session->security_parameters.master_secret, TLS_MASTER_SIZE); @@ -709,7 +701,8 @@ int ret; return ret; } - if ( type != GNUTLS_HELLO_REQUEST) { + if ( type != GNUTLS_HELLO_REQUEST) + { _gnutls_hash( session->internals.handshake_mac_handle_sha, dataptr, datalen); _gnutls_hash( session->internals.handshake_mac_handle_md5, dataptr, datalen); } @@ -2572,3 +2565,21 @@ gnutls_handshake_description gnutls_handshake_get_last_out( gnutls_session sessi return session->internals.last_handshake_out; } +/* Appends to a hash handle the data required by the SSL 3.0 + * handshake hash. + */ +#define SSL3_CLIENT_MSG "CLNT" +#define SSL3_SERVER_MSG "SRVR" +#define SSL_MSG_LEN 4 +inline static +void _gnutls_ssl3_hash_extra_data( gnutls_session session, int type, GNUTLS_MAC_HANDLE td) +{ +const char* mesg; + + if (type==GNUTLS_CLIENT) + mesg = SSL3_CLIENT_MSG; + else + mesg = SSL3_SERVER_MSG; + + _gnutls_hash(td, mesg, SSL_MSG_LEN); +} diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index 9877fc46d7..54b4c12c6a 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -427,3 +427,4 @@ int _gnutls_ssl3_generate_random(void *secret, int secret_len, return 0; } + diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index dbb28b10d2..0a2337c5b3 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -41,18 +41,20 @@ */ #define MASTER_SECRET "master secret" -static int generate_normal_master( gnutls_session session); +static int generate_normal_master( gnutls_session session, int); -int _gnutls_generate_master( gnutls_session session) { +int _gnutls_generate_master( gnutls_session session, int keep_premaster) +{ if (session->internals.resumed==RESUME_FALSE) - return generate_normal_master(session); + return generate_normal_master(session, keep_premaster); return 0; } /* here we generate the TLS Master secret. */ #define PREMASTER session->key->key -static int generate_normal_master( gnutls_session session) { +static int generate_normal_master( gnutls_session session, int keep_premaster) +{ int ret = 0; opaque random[2*TLS_RANDOM_SIZE]; char buf[64]; @@ -77,7 +79,8 @@ char buf[64]; random, 2*TLS_RANDOM_SIZE, TLS_MASTER_SIZE, session->security_parameters.master_secret); } - _gnutls_free_datum(&PREMASTER); + + if (!keep_premaster) _gnutls_free_datum(&PREMASTER); if (ret<0) return ret; diff --git a/lib/gnutls_kx.h b/lib/gnutls_kx.h index 4f20271b2c..a2d8eea197 100644 --- a/lib/gnutls_kx.h +++ b/lib/gnutls_kx.h @@ -24,7 +24,7 @@ int _gnutls_recv_server_kx_message( gnutls_session session); int _gnutls_recv_client_kx_message( gnutls_session session); int _gnutls_send_client_certificate_verify( gnutls_session session, int again); int _gnutls_send_server_certificate( gnutls_session session, int again); -int _gnutls_generate_master( gnutls_session session); +int _gnutls_generate_master( gnutls_session session, int keep_premaster); int _gnutls_recv_client_certificate( gnutls_session session); int _gnutls_recv_server_certificate( gnutls_session session); int _gnutls_send_client_certificate( gnutls_session session, int again); diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index bdcc35d135..0d8adfeb0d 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -34,21 +34,22 @@ #include <gnutls_buffers.h> #include <gnutls_sig.h> - static int _gnutls_tls_sign( gnutls_cert* cert, gnutls_privkey* pkey, const gnutls_datum* hash_concat, gnutls_datum *signature); /* Generates a signature of all the previous sent packets in the - * handshake procedure. + * handshake procedure. (20040227: now it works for SSL 3.0 as well) */ -int _gnutls_tls_sign_hdata( gnutls_session session, gnutls_cert* cert, gnutls_privkey* pkey, gnutls_datum *signature) { +int _gnutls_tls_sign_hdata( gnutls_session session, + gnutls_cert* cert, gnutls_privkey* pkey, gnutls_datum *signature) +{ gnutls_datum dconcat; int ret; opaque concat[36]; GNUTLS_MAC_HANDLE td_md5; GNUTLS_MAC_HANDLE td_sha; - +gnutls_protocol_version ver = gnutls_protocol_get_version( session); td_sha = _gnutls_hash_copy( session->internals.handshake_mac_handle_sha); if (td_sha == NULL) { @@ -56,7 +57,16 @@ GNUTLS_MAC_HANDLE td_sha; return GNUTLS_E_HASH_FAILED; } - _gnutls_hash_deinit(td_sha, &concat[16]); + ret = _gnutls_generate_master( session, 1); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + if (ver == GNUTLS_SSL3) + _gnutls_mac_deinit_ssl3_handshake( td_sha, &concat[16], session->security_parameters.master_secret, TLS_MASTER_SIZE); + else + _gnutls_hash_deinit(td_sha, &concat[16]); switch (cert->subject_pk_algorithm) { case GNUTLS_PK_RSA: @@ -65,7 +75,11 @@ GNUTLS_MAC_HANDLE td_sha; gnutls_assert(); return GNUTLS_E_HASH_FAILED; } - _gnutls_hash_deinit(td_md5, concat); + + if (ver == GNUTLS_SSL3) + _gnutls_mac_deinit_ssl3_handshake( td_md5, concat, session->security_parameters.master_secret, TLS_MASTER_SIZE); + else + _gnutls_hash_deinit(td_md5, concat); dconcat.data = concat; dconcat.size = 36; @@ -85,9 +99,9 @@ GNUTLS_MAC_HANDLE td_sha; } return ret; - } + /* Generates a signature of all the random data and the parameters. * Used in DHE_* ciphersuites. */ |