diff options
| -rw-r--r-- | NEWS | 4 | ||||
| -rwxr-xr-x | doc/scripts/gdoc | 8 | ||||
| -rw-r--r-- | lib/auth_x509.c | 36 | ||||
| -rw-r--r-- | lib/gnutls_buffers.c | 14 | ||||
| -rw-r--r-- | lib/gnutls_cert.c | 14 | ||||
| -rw-r--r-- | lib/gnutls_errors.c | 2 | ||||
| -rw-r--r-- | lib/gnutls_errors.h | 8 | ||||
| -rw-r--r-- | lib/x509_extensions.c | 22 | ||||
| -rw-r--r-- | lib/x509_sig_check.c | 11 |
9 files changed, 65 insertions, 54 deletions
@@ -7,6 +7,10 @@ Version ?.?.? - gnutls_anon_set_server_cred() was deprecated by gnutls_dh_set_bits() - gnutls_x509pki_set_trust_(file/mem) can now be called multiple times +Version 0.3.5 +- Corrected the RSA key exchange method, to avoid attacks against + PKCS-1 formating. + Version 0.3.4 (20/01/2002) - Corrected bugs in DHE_RSA key exchange method diff --git a/doc/scripts/gdoc b/doc/scripts/gdoc index 14adad5183..0284baa5c0 100755 --- a/doc/scripts/gdoc +++ b/doc/scripts/gdoc @@ -76,8 +76,12 @@ # '@parameter' - name of a parameter # '%CONST' - name of a constant. -# In tex the symbol '->' will be replaced with rightarrow, -# and 2^5 with ${2}^{5}$. +# +# Extensions for LaTeX: +# +# 1. the symbol '->' will be replaced with a rightarrow +# 2. x^y with ${x}^{y}$. +# # match expressions used to find embedded type information diff --git a/lib/auth_x509.c b/lib/auth_x509.c index f691ae7c3d..d3541d7ba3 100644 --- a/lib/auth_x509.c +++ b/lib/auth_x509.c @@ -939,9 +939,9 @@ int gnutls_x509pki_extract_certificate_dn(const gnutls_datum * cert, result = asn1_get_der(c2, cert->data, cert->size); if (result != ASN_OK) { /* couldn't decode DER */ -#ifdef DEBUG - _gnutls_log("Decoding error %d\n", result); -#endif + + _gnutls_log("X509_auth: Decoding error %d\n", result); + gnutls_assert(); asn1_delete_structure(c2); return GNUTLS_E_ASN1_PARSING_ERROR; @@ -990,9 +990,9 @@ int gnutls_x509pki_extract_certificate_issuer_dn(const gnutls_datum * cert, result = asn1_get_der(c2, cert->data, cert->size); if (result != ASN_OK) { /* couldn't decode DER */ -#ifdef DEBUG - _gnutls_log("Decoding error %d\n", result); -#endif + + _gnutls_log("X509_auth: Decoding error %d\n", result); + gnutls_assert(); asn1_delete_structure(c2); return GNUTLS_E_ASN1_PARSING_ERROR; @@ -1087,9 +1087,9 @@ time_t gnutls_x509pki_extract_certificate_activation_time(const result = asn1_get_der(c2, cert->data, cert->size); if (result != ASN_OK) { /* couldn't decode DER */ -#ifdef DEBUG - _gnutls_log("Decoding error %d\n", result); -#endif + + _gnutls_log("X509_auth: Decoding error %d\n", result); + gnutls_assert(); return -1; } @@ -1129,9 +1129,9 @@ time_t gnutls_x509pki_extract_certificate_expiration_time(const result = asn1_get_der(c2, cert->data, cert->size); if (result != ASN_OK) { /* couldn't decode DER */ -#ifdef DEBUG - _gnutls_log("Decoding error %d\n", result); -#endif + + _gnutls_log("X509_auth: Decoding error %d\n", result); + gnutls_assert(); return -1; } @@ -1167,9 +1167,9 @@ int gnutls_x509pki_extract_certificate_version(const gnutls_datum * cert) result = asn1_get_der(c2, cert->data, cert->size); if (result != ASN_OK) { /* couldn't decode DER */ -#ifdef DEBUG - _gnutls_log("Decoding error %d\n", result); -#endif + + _gnutls_log("X509_auth: Decoding error %d\n", result); + gnutls_assert(); return GNUTLS_E_ASN1_PARSING_ERROR; } @@ -1462,9 +1462,9 @@ int gnutls_x509pki_extract_certificate_serial(const gnutls_datum * cert, char* r ret = asn1_get_der(c2, cert->data, cert->size); if (ret != ASN_OK) { /* couldn't decode DER */ -#ifdef DEBUG - _gnutls_log("Decoding error %d\n", result); -#endif + + _gnutls_log("X509_auth: Decoding error %d\n", result); + gnutls_assert(); return GNUTLS_E_ASN1_PARSING_ERROR; } diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index 0f3b255dbd..fef3556a56 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -90,7 +90,7 @@ int _gnutls_record_buffer_put(ContentType type, GNUTLS_STATE state, char *data, state->gnutls_internals.handshake_data_buffer.size += length; #ifdef BUFFERS_DEBUG - _gnutls_log( "HANDSHAKE BUFFER: Inserted %d bytes of Data(%d)\n", length, type); + _gnutls_log( "RECORD BUFFER: Inserted %d bytes of Data(%d)\n", length, type); #endif state->gnutls_internals.handshake_data_buffer.data = gnutls_realloc_fast(state->gnutls_internals.handshake_data_buffer.data, @@ -151,7 +151,7 @@ int _gnutls_record_buffer_get(ContentType type, GNUTLS_STATE state, char *data, length = state->gnutls_internals.application_data_buffer.size; } #ifdef BUFFERS_DEBUG - _gnutls_log( "RECORD BUFFER: Read %d bytes of Data(%d)\n", length, type); + _gnutls_log( "RECORD BUFFER(AD): Read %d bytes of Data(%d)\n", length, type); #endif state->gnutls_internals.application_data_buffer.size -= length; memcpy(data, state->gnutls_internals.application_data_buffer.data, length); @@ -170,7 +170,7 @@ int _gnutls_record_buffer_get(ContentType type, GNUTLS_STATE state, char *data, length = state->gnutls_internals.handshake_data_buffer.size; } #ifdef BUFFERS_DEBUG - _gnutls_log( "HANDSHAKE BUFFER: Read %d bytes of Data(%d)\n", length, type); + _gnutls_log( "RECORD BUFFER(HD): Read %d bytes of Data(%d)\n", length, type); #endif state->gnutls_internals.handshake_data_buffer.size -= length; memcpy(data, state->gnutls_internals.handshake_data_buffer.data, length); @@ -885,7 +885,7 @@ int _gnutls_handshake_buffer_put( GNUTLS_STATE state, char *data, int length) } #ifdef BUFFERS_DEBUG - _gnutls_log( "HASH BUFFER: Inserted %d bytes of Data\n", length); + _gnutls_log( "HANDSHAKE BUFFER: Inserted %d bytes of Data\n", length); #endif state->gnutls_internals.handshake_hash_buffer.data = gnutls_realloc_fast(state->gnutls_internals.handshake_hash_buffer.data, @@ -911,7 +911,7 @@ int _gnutls_handshake_buffer_get( GNUTLS_STATE state, char *data, int length) length = state->gnutls_internals.handshake_hash_buffer.size; } #ifdef BUFFERS_DEBUG - _gnutls_log( "HASH BUFFER: Got %d bytes of Data\n", length); + _gnutls_log( "HANDSHAKE BUFFER: Got %d bytes of Data\n", length); #endif state->gnutls_internals.handshake_hash_buffer.size -= length; memcpy(data, state->gnutls_internals.handshake_hash_buffer.data, length); @@ -941,7 +941,7 @@ int _gnutls_handshake_buffer_peek( GNUTLS_STATE state, char *data, int length) length = state->gnutls_internals.handshake_hash_buffer.size; } #ifdef BUFFERS_DEBUG - _gnutls_log( "HASH BUFFER: Read %d bytes of Data\n", length); + _gnutls_log( "HANDSHAKE BUFFER: Read %d bytes of Data\n", length); #endif memcpy(data, state->gnutls_internals.handshake_hash_buffer.data, length); return length; @@ -953,7 +953,7 @@ int _gnutls_handshake_buffer_clear( GNUTLS_STATE state) { #ifdef BUFFERS_DEBUG - _gnutls_log( "HASH BUFFER: Cleared Data from buffer\n"); + _gnutls_log( "HANDSHAKE BUFFER: Cleared Data from buffer\n"); #endif state->gnutls_internals.handshake_hash_buffer.size = 0; if (state->gnutls_internals.handshake_hash_buffer.data!=NULL) diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 9ec5aaac78..69ad95c3c5 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -932,9 +932,9 @@ int _gnutls_cert2gnutlsCert(gnutls_cert * gCert, gnutls_datum derCert) result = asn1_get_der(c2, derCert.data, derCert.size); if (result != ASN_OK) { /* couldn't decode DER */ -#ifdef DEBUG - _gnutls_log("Decoding error %d\n", result); -#endif + + _gnutls_log("CERT: Decoding error %d\n", result); + gnutls_assert(); asn1_delete_structure(c2); gnutls_free_datum( &gCert->raw); @@ -996,11 +996,9 @@ int _gnutls_cert2gnutlsCert(gnutls_cert * gCert, gnutls_datum derCert) * currently not supported */ gnutls_assert(); -#ifdef DEBUG - _gnutls_log("ALGORITHM: %s\n", str); - asn1_delete_structure(c2); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; -#endif + + _gnutls_log("CERT: ALGORITHM: %s\n", str); + gCert->subject_pk_algorithm = GNUTLS_PK_UNKNOWN; } diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c index 5f323d1da6..34ae49e456 100644 --- a/lib/gnutls_errors.c +++ b/lib/gnutls_errors.c @@ -167,6 +167,7 @@ const char* gnutls_strerror(int error) /* this function will output a message using the * caller provided function */ +#ifdef DEBUG void _gnutls_log( const char *fmt, ...) { va_list args; char str[MAX_LOG_SIZE]; @@ -182,3 +183,4 @@ void _gnutls_log( const char *fmt, ...) { return; } +#endif diff --git a/lib/gnutls_errors.h b/lib/gnutls_errors.h index 97e2f6d16f..866852c4fa 100644 --- a/lib/gnutls_errors.h +++ b/lib/gnutls_errors.h @@ -38,4 +38,10 @@ const char* gnutls_strerror(int error); void gnutls_perror(int error); int gnutls_error_is_fatal( int error); -void _gnutls_log( const char *fmt, ...); + +#ifdef DEBUG + void _gnutls_log( const char *fmt, ...); +#else +# define _gnutls_log(...) +#endif + diff --git a/lib/x509_extensions.c b/lib/x509_extensions.c index 48360a8352..7f49791937 100644 --- a/lib/x509_extensions.c +++ b/lib/x509_extensions.c @@ -135,10 +135,8 @@ static int _parse_extension(gnutls_cert * cert, char *extnID, extnValueLen); } -#ifdef DEBUG - _gnutls_log("CERT[%s]: Unsupported Extension: %s, %s\n", + _gnutls_log("X509_ext: CERT[%s]: Unsupported Extension: %s, %s\n", GET_CN(cert->raw), extnID, critical); -#endif if (strcmp(critical, "TRUE") == 0) { gnutls_assert(); @@ -220,11 +218,11 @@ int _gnutls_get_ext_type(node_asn * rasn, char *root, gnutls_cert * cert) else { if (result == ASN_MEM_ERROR && strcmp(critical, "FALSE") == 0) { -#ifdef DEBUG + _gnutls_log - ("Cannot parse extension: %s. Too small buffer.", + ("X509_ext: Cannot parse extension: %s. Too small buffer.", extnID); -#endif + continue; } if (result != ASN_OK) { @@ -280,9 +278,9 @@ int _gnutls_get_extension( const gnutls_datum * cert, const char* extension_id, asn1_get_der(rasn, cert->data, cert->size); if (result != ASN_OK) { /* couldn't decode DER */ -#ifdef DEBUG - _gnutls_log("Decoding error %d\n", result); -#endif + + _gnutls_log("X509_ext: Decoding error %d\n", result); + gnutls_assert(); asn1_delete_structure(rasn); return GNUTLS_E_ASN1_PARSING_ERROR; @@ -349,11 +347,11 @@ int _gnutls_get_extension( const gnutls_datum * cert, const char* extension_id, else { if (result == ASN_MEM_ERROR && strcmp(critical, "FALSE") == 0) { -#ifdef DEBUG + _gnutls_log - ("Cannot parse extension: %s. Too small buffer.", + ("X509_ext: Cannot parse extension: %s. Too small buffer.", extnID); -#endif + continue; } if (result != ASN_OK) { diff --git a/lib/x509_sig_check.c b/lib/x509_sig_check.c index d7620724e3..1649f6d637 100644 --- a/lib/x509_sig_check.c +++ b/lib/x509_sig_check.c @@ -111,9 +111,9 @@ int len; } if (*hash==-1) { -#ifdef DEBUG - _gnutls_log( "HASH OID: %s\n", str); -#endif + + _gnutls_log( "X509_sig: HASH OID: %s\n", str); + gnutls_assert(); return GNUTLS_E_UNIMPLEMENTED_FEATURE; } @@ -203,9 +203,8 @@ gnutls_datum tbs; gnutls_free_datum(&tbs); return GNUTLS_CERT_TRUSTED; } -#ifdef DEBUG - _gnutls_log( "PK: %d\n", issuer->subject_pk_algorithm); -#endif + + _gnutls_log( "X509_sig: PK: %d\n", issuer->subject_pk_algorithm); gnutls_assert(); return GNUTLS_CERT_INVALID; |