diff options
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | configure.in | 5 | ||||
| -rw-r--r-- | lib/crypt.c | 2 | ||||
| -rw-r--r-- | lib/defines.h | 7 | ||||
| -rw-r--r-- | lib/ext_srp.c | 2 | ||||
| -rw-r--r-- | lib/gnutls.c | 18 | ||||
| -rw-r--r-- | lib/gnutls.h.in | 2 | ||||
| -rw-r--r-- | lib/gnutls_cipher.c | 39 | ||||
| -rw-r--r-- | lib/gnutls_handshake.c | 7 | ||||
| -rw-r--r-- | lib/gnutls_num.c | 105 | ||||
| -rw-r--r-- | lib/gnutls_num.h | 19 | ||||
| -rw-r--r-- | lib/gnutls_srp.c | 9 | ||||
| -rw-r--r-- | src/prime.c | 4 | ||||
| -rw-r--r-- | src/tpasswd | 2 |
14 files changed, 137 insertions, 87 deletions
@@ -1,8 +1,9 @@ -Version 0.1.3 +Version 0.1.3 (01/06/2001) - Updated API (and the way it is documented - we use inline documentation) - Added function to access alert messages. - Added support for renegotiating parameters. - Better and Faster Resume Database handling. +- Several bugfixes Version 0.1.2 (14/05/2001) - Updated API diff --git a/configure.in b/configure.in index 7c534c9faa..18001f8a4f 100644 --- a/configure.in +++ b/configure.in @@ -11,7 +11,7 @@ AC_DEFINE_UNQUOTED(T_OS, "$target_os") GNUTLS_MAJOR_VERSION=0 GNUTLS_MINOR_VERSION=1 -GNUTLS_MICRO_VERSION=4 +GNUTLS_MICRO_VERSION=3 GNUTLS_VERSION=$GNUTLS_MAJOR_VERSION.$GNUTLS_MINOR_VERSION.$GNUTLS_MICRO_VERSION AC_DEFINE_UNQUOTED(GNUTLS_VERSION, "$GNUTLS_VERSION") @@ -107,6 +107,7 @@ AC_ARG_WITH( mhash, [ --with-mhash enable mhash support], LIBS="${LIBS} -lmhash")]) if test $ac_cv_c_compiler_gnu != no; then + CFLAGS="" if test $opt_profiler_mode = yes; then CFLAGS="${CFLAGS} -O0 -fprofile-arcs -ftest-coverage -pg" @@ -128,7 +129,7 @@ AC_HEADER_STDC AC_CHECK_HEADERS(unistd.h pwd.h locale.h strings.h stdarg.h) AC_CHECK_HEADERS(sys/stat.h sys/types.h sys/socket.h) AC_CHECK_HEADERS(utime.h zlib.h errno.h) -AC_CHECK_FUNCS(bzero memset fcntl,,) +AC_CHECK_FUNCS(bzero memsetl,,) AC_CHECK_FUNCS(lstat stat umask utime memmove bcopy getpwuid,,) AC_CHECK_LIB(gdbm, gdbm_open,, AC_MSG_WARN("GDBM was not found. You will not be able to use Server side session resuming.")) diff --git a/lib/crypt.c b/lib/crypt.c index e6e9776d12..3fa3153a3d 100644 --- a/lib/crypt.c +++ b/lib/crypt.c @@ -45,11 +45,13 @@ int gnutls_crypt_vrfy(const char* username, const char *passwd, char* salt, MPI switch(salt[1]) { case '2': cr = crypt_bcrypt(passwd, salt, g, n); + if (cr==NULL) return 1; if (strncmp(cr, salt, strlen(cr))==0) return 0; break; } default: cr = crypt_srpsha1(username, passwd, salt, g, n); + if (cr==NULL) return 1; if (strncmp(cr, salt, strlen(cr))==0) return 0; break; } diff --git a/lib/defines.h b/lib/defines.h index 20135db723..7053ef1549 100644 --- a/lib/defines.h +++ b/lib/defines.h @@ -66,13 +66,12 @@ #endif #if SIZEOF_UNSIGNED_LONG_INT == 8 +# define HAVE_UINT64 +/* only used native uint64 in 64 bit machines */ typedef unsigned long int uint64; typedef signed long int sint64; -#elif SIZEOF_UNSIGNED_LONG_LONG == 8 - typedef unsigned long long uint64; - typedef signed long long sint64; #else -# error "Cannot find a 64 bit integer in your system, sorry." +typedef struct { unsigned char i[8]; } uint64; #endif diff --git a/lib/ext_srp.c b/lib/ext_srp.c index e9f99e764a..8d57ca8571 100644 --- a/lib/ext_srp.c +++ b/lib/ext_srp.c @@ -28,7 +28,7 @@ int _gnutls_srp_recv_params( GNUTLS_STATE state, const opaque* data, int data_si uint8 len; if (state->security_parameters.entity == GNUTLS_SERVER) { if (data_size > 0) { - state->gnutls_key->auth_info = gnutls_malloc(sizeof(SRP_AUTH_INFO)); + state->gnutls_key->auth_info = gnutls_calloc(1, sizeof(SRP_AUTH_INFO)); if (state->gnutls_key->auth_info==NULL) return GNUTLS_E_MEMORY_ERROR; if (sizeof( ((SRP_AUTH_INFO*)state->gnutls_key->auth_info)->username) > data_size) { diff --git a/lib/gnutls.c b/lib/gnutls.c index 9a7135a70c..6c93461106 100644 --- a/lib/gnutls.c +++ b/lib/gnutls.c @@ -468,7 +468,7 @@ ssize_t gnutls_send_int(int cd, GNUTLS_STATE state, ContentType type, const void #ifdef HARD_DEBUG fprintf(stderr, "Record: Sending Packet[%d] %s(%d) with length: %d\n", - (int) state->connection_state.read_sequence_number, _gnutls_packet2str(type), type, sizeofdata); + (int) uint64touint32(&state->connection_state.read_sequence_number), _gnutls_packet2str(type), type, sizeofdata); #endif for (i = 0; i < iterations; i++) { @@ -491,10 +491,10 @@ ssize_t gnutls_send_int(int cd, GNUTLS_STATE state, ContentType type, const void } #ifdef HARD_DEBUG fprintf(stderr, "Record: Sended Packet[%d] %s(%d) with length: %d\n", - (int) state->connection_state.read_sequence_number, _gnutls_packet2str(type), type, cipher_size); + (int) uint64touint32(&state->connection_state.read_sequence_number), _gnutls_packet2str(type), type, cipher_size); #endif - state->connection_state.write_sequence_number++; + uint64pp( &state->connection_state.write_sequence_number); } /* rest data */ if (iterations > 1) { @@ -514,7 +514,7 @@ ssize_t gnutls_send_int(int cd, GNUTLS_STATE state, ContentType type, const void return GNUTLS_E_UNABLE_SEND_DATA; } - state->connection_state.write_sequence_number++; + uint64pp( &state->connection_state.write_sequence_number); } ret += sizeofdata; @@ -666,9 +666,9 @@ ssize_t gnutls_recv_int(int cd, GNUTLS_STATE state, ContentType type, char *data #ifdef HARD_DEBUG fprintf(stderr, "Record: Expected Packet[%d] %s(%d) with length: %d\n", - (int) state->connection_state.read_sequence_number, _gnutls_packet2str(type), type, sizeofdata); + (int) uint64touint32(&state->connection_state.read_sequence_number), _gnutls_packet2str(type), type, sizeofdata); fprintf(stderr, "Record: Received Packet[%d] %s(%d) with length: %d\n", - (int) state->connection_state.read_sequence_number, _gnutls_packet2str(recv_type), recv_type, length); + (int) uint64touint32(&state->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, length); #endif if (length > MAX_RECV_SIZE) { @@ -770,7 +770,7 @@ ssize_t gnutls_recv_int(int cd, GNUTLS_STATE state, ContentType type, char *data #ifdef HARD_DEBUG fprintf(stderr, "Record: Decrypted Packet[%d] %s(%d) with length: %d\n", - (int) state->connection_state.read_sequence_number, _gnutls_packet2str(recv_type), recv_type, tmplen); + (int) uint64touint32(&state->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, tmplen); #endif gnutls_free(ciphertext); @@ -788,7 +788,7 @@ ssize_t gnutls_recv_int(int cd, GNUTLS_STATE state, ContentType type, char *data /* Increase sequence number * this is needed only here because we return immediately */ - state->connection_state.read_sequence_number++; + uint64pp( &state->connection_state.read_sequence_number); /* if close notify is received and * the alert is not fatal @@ -852,7 +852,7 @@ ssize_t gnutls_recv_int(int cd, GNUTLS_STATE state, ContentType type, char *data /* Increase sequence number */ - state->connection_state.read_sequence_number++; + uint64pp( &state->connection_state.read_sequence_number); /* Get Application data from buffer */ diff --git a/lib/gnutls.h.in b/lib/gnutls.h.in index 437d82ae1c..157224a703 100644 --- a/lib/gnutls.h.in +++ b/lib/gnutls.h.in @@ -120,7 +120,7 @@ typedef struct { } SRP_SERVER_CREDENTIALS; typedef struct { - char* username; + char username[256]; } SRP_AUTH_INFO; /* Credential structures for DH_ANON */ diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 70a1e8938b..a9bf30f9fe 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -225,8 +225,8 @@ int _gnutls_connection_state_init(GNUTLS_STATE state) { int rc, mac_size; - state->connection_state.write_sequence_number = 0; - state->connection_state.read_sequence_number = 0; + uint64zero(&state->connection_state.write_sequence_number); + uint64zero(&state->connection_state.read_sequence_number); /* Update internals from CipherSuite selected. * If we are resuming just copy the connection state @@ -275,13 +275,6 @@ int _gnutls_connection_state_init(GNUTLS_STATE state) fprintf(stderr, "Cipher Suite: %s\n", _gnutls_cipher_suite_get_name(state-> gnutls_internals.current_cipher_suite)); - fprintf(stderr, "Cipher: %s\n", - _gnutls_cipher_get_name(state->security_parameters. - bulk_cipher_algorithm)); - fprintf(stderr, "MAC: %s\n", - _gnutls_mac_get_name(state->security_parameters. - mac_algorithm)); - fprintf(stderr, "Compression: %s\n", _gnutls_compression_get_name(state->security_parameters.compression_algorithm)); #endif if (state->connection_state.write_mac_secret!=NULL) @@ -443,7 +436,7 @@ int _gnutls_TLSCompressed2TLSCiphertext(GNUTLS_STATE state, uint8 *data; uint8 pad; uint8 *rand; - uint64 seq_num; + uint8* seq_num; int length; GNUTLS_MAC_HANDLE td; int blocksize = @@ -483,10 +476,18 @@ int _gnutls_TLSCompressed2TLSCiphertext(GNUTLS_STATE state, c_length = CONVuint16(compressed->length); seq_num = - CONVuint64(state->connection_state.write_sequence_number); + CONVuint64(&state->connection_state.write_sequence_number); + if (seq_num==NULL) { + gnutls_free(*cipher); + gnutls_free(content); + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } if (td != GNUTLS_MAC_FAILED) { /* actually when the algorithm in not the NULL one */ - gnutls_hmac(td, &seq_num, 8); + gnutls_hmac(td, seq_num, 8); + gnutls_free( seq_num); + gnutls_hmac(td, &compressed->type, 1); if (_gnutls_version_ssl3(state->connection_state.version) != 0) { /* TLS 1.0 only */ gnutls_hmac(td, &compressed->version.major, 1); @@ -583,7 +584,7 @@ int _gnutls_TLSCiphertext2TLSCompressed(GNUTLS_STATE state, uint16 c_length; uint8 *data; uint8 pad; - uint64 seq_num; + uint8* seq_num; uint16 length; GNUTLS_MAC_HANDLE td; int blocksize = @@ -673,11 +674,19 @@ int _gnutls_TLSCiphertext2TLSCompressed(GNUTLS_STATE state, return GNUTLS_E_UNKNOWN_CIPHER_TYPE; } - seq_num = CONVuint64(state->connection_state.read_sequence_number); c_length = CONVuint16((uint16) compressed->length); + seq_num = CONVuint64( &state->connection_state.read_sequence_number); + if (seq_num==NULL) { + gnutls_free(*compress); + gnutls_free(content); + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } if (td != GNUTLS_MAC_FAILED) { - gnutls_hmac(td, &seq_num, 8); + gnutls_hmac(td, seq_num, 8); + gnutls_free( seq_num); + gnutls_hmac(td, &compressed->type, 1); if (_gnutls_version_ssl3(state->connection_state.version) != 0) { /* TLS 1.0 only */ gnutls_hmac(td, &compressed->version.major, 1); diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 0cf7c54c28..3a30045ae9 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -1157,13 +1157,12 @@ int gnutls_handshake(int cd, GNUTLS_STATE state) * * This function initiates the handshake of the TLS/SSL protocol. * Here we will receive - if requested and supported by the ciphersuite - - * the peer's certificate. By calling this function you it is your job - * to check the peer's identity (by checking the certificate etc.). + * the peer's certificate. * * This function will fail if any problem in the handshake is encountered. - * However this failure will not be fatal. You may choose to + * However this failure will not be fatal. However you may choose to * continue the handshake - eg. even if the certificate cannot - * be verified- by calling gnutls_handshake_finish() + * be verified- by calling gnutls_handshake_finish(). **/ int gnutls_handshake_begin(int cd, GNUTLS_STATE state) { diff --git a/lib/gnutls_num.c b/lib/gnutls_num.c index e4ed54b273..f9240dfde5 100644 --- a/lib/gnutls_num.c +++ b/lib/gnutls_num.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2000 Nikos Mavroyanopoulos + * Copyright (C) 2000,2001 Nikos Mavroyanopoulos * * This file is part of GNUTLS. * @@ -20,19 +20,43 @@ #include <defines.h> #include <gnutls_int.h> +#include <gnutls_num.h> +#include <gnutls_errors.h> -#define rotl64(x,n) (((x) << ((uint16)(n))) | ((x) >> (64 - (uint16)(n)))) -#define rotr64(x,n) (((x) >> ((uint16)(n))) | ((x) << (64 - (uint16)(n)))) #define rotl32(x,n) (((x) << ((uint16)(n))) | ((x) >> (32 - (uint16)(n)))) #define rotr32(x,n) (((x) >> ((uint16)(n))) | ((x) << (32 - (uint16)(n)))) #define rotl16(x,n) (((x) << ((uint16)(n))) | ((x) >> (16 - (uint16)(n)))) #define rotr16(x,n) (((x) >> ((uint16)(n))) | ((x) << (16 - (uint16)(n)))) #define byteswap16(x) ((rotl16(x, 8) & 0x00ff) | (rotr16(x, 8) & 0xff00)) -#define byteswap32(x) ((rotl32(x, 8) & 0x00ff00ff) | (rotr32(x, 8) & 0xff00ff00)) -#define byteswap64(x) ((rotl64(x, 8) & 0x00ff00ff00ff00ffLL) | (rotr64(x, 8) & 0xff00ff00ff00ff00LL)) +#define byteswap32(x) ((rotl32(x, 8) & 0x00ff00ffU) | (rotr32(x, 8) & 0xff00ff00U)) + +#ifndef HAVE_UINT64 + +int uint64zero( uint64 *x) { + + memset( x->i, 0, 8); + return 0; +} + +int uint64pp( uint64 *x) { +register int i, y = 0; + + for (i=7;i>=0;i--) { + if ( x->i[i] == 0xff) { + x->i[i] = 0; + y = 1; + } else (x->i[i])++; + + if (y==0) break; + else y=0; + } + + return 0; +} + +#endif /* HAVE_UINT64 */ -inline uint32 uint24touint32( uint24 num) { uint32 ret=0; @@ -42,7 +66,6 @@ uint32 ret=0; return ret; } -inline uint24 uint32touint24( uint32 num) { uint24 ret; @@ -54,7 +77,6 @@ uint24 ret; } /* data should be at least 3 bytes */ -inline uint32 READuint24( const opaque* data) { uint32 res; uint24 num; @@ -70,7 +92,6 @@ uint24 num; return res; } -inline void WRITEuint24( uint32 num, opaque* data) { uint24 tmp; @@ -85,7 +106,6 @@ uint24 tmp; return; } -inline uint32 READuint32( const opaque* data) { uint32 res; @@ -96,7 +116,6 @@ uint32 res; return res; } -inline void WRITEuint32( uint32 num, opaque* data) { #ifndef WORDS_BIGENDIAN @@ -106,7 +125,6 @@ void WRITEuint32( uint32 num, opaque* data) { return; } -inline uint16 READuint16( const opaque* data) { uint16 res; memcpy( &res, data, sizeof(uint16)); @@ -116,7 +134,6 @@ uint16 res; return res; } -inline void WRITEuint16( uint16 num, opaque* data) { #ifndef WORDS_BIGENDIAN @@ -126,7 +143,6 @@ void WRITEuint16( uint16 num, opaque* data) { return; } -inline uint32 CONVuint32( uint32 data) { #ifndef WORDS_BIGENDIAN return byteswap32( data); @@ -135,7 +151,6 @@ uint32 CONVuint32( uint32 data) { #endif } -inline uint16 CONVuint16( uint16 data) { #ifndef WORDS_BIGENDIAN return byteswap16( data); @@ -144,32 +159,48 @@ uint16 CONVuint16( uint16 data) { #endif } -inline -uint64 READuint64( const opaque* data) { -uint64 res; - - memcpy( &res, data, sizeof(uint64)); -#ifndef WORDS_BIGENDIAN - res = byteswap64( res); +uint8* CONVuint64( const uint64* data) { +uint8* ret = gnutls_malloc( 8); +#ifdef HAVE_UINT64 +uint64 tmp = *data; #endif -return res; + +if (ret==NULL) { + gnutls_assert(); + return NULL; } -inline -void WRITEuint64( uint64 num, opaque* data) { +#ifdef HAVE_UINT64 +# ifndef WORDS_BIGENDIAN + tmp = byteswap64( tmp); + memcpy( ret, &tmp, 8); + +# else + memcpy( ret, &tmp, 8); -#ifndef WORDS_BIGENDIAN - num = byteswap64( num); -#endif - memcpy( data, &num, sizeof(uint64)); - return; +# endif /* WORDS_BIGENDIAN */ +#else + memcpy( ret, data->i, 8); + +#endif /* HAVE_UINT64 */ + return ret; } -inline -uint64 CONVuint64( uint64 data) { -#ifndef WORDS_BIGENDIAN - return byteswap64( data); -#else - return data; -#endif +uint32 uint64touint32( const uint64* num) { +uint32 ret; + +#ifdef HAVE_UINT64 + ret = (uint32) *num; +#else + memcpy( &ret, &num->i[4], 4); +# ifndef WORDS_BIGENDIAN + ret = byteswap32(ret); +# endif + +#endif /* HAVE_UINT64 */ + + return ret; } + + + diff --git a/lib/gnutls_num.h b/lib/gnutls_num.h index 12842f88fe..1ebbf0771a 100644 --- a/lib/gnutls_num.h +++ b/lib/gnutls_num.h @@ -18,17 +18,30 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ +#include <gnutls_int.h> + uint32 uint24touint32( uint24 num); uint24 uint32touint24( uint32 num); uint32 READuint32( const opaque* data); uint16 READuint16( const opaque* data); uint32 CONVuint32( uint32 data); uint16 CONVuint16( uint16 data); -uint16 READuint64( const opaque* data); -uint32 CONVuint64( uint64 data); +uint8* CONVuint64( const uint64 *data); /* note: this returns malloced data */ uint32 READuint24( const opaque* data); void WRITEuint24( uint32 num, opaque* data); void WRITEuint32( uint32 num, opaque* data); void WRITEuint16( uint16 num, opaque* data); -void WRITEuint64( uint64 num, opaque* data); +uint32 uint64touint32( const uint64*); + +#ifndef HAVE_UINT64 +int uint64zero( uint64 *); +int uint64pp( uint64 *); +#else + +# define rotl64(x,n) (((x) << ((uint16)(n))) | ((x) >> (64 - (uint16)(n)))) +# define rotr64(x,n) (((x) >> ((uint16)(n))) | ((x) << (64 - (uint16)(n)))) +# define byteswap64(x) ((rotl64(x, 8) & 0x00ff00ff00ff00ffUL) | (rotr64(x, 8) & 0xff00ff00ff00ff00UL)) +# define uint64pp(x) (*x)++ +# define uint64zero(x) (*x) = 0 +#endif diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c index 969865d086..0cb887e07e 100644 --- a/lib/gnutls_srp.c +++ b/lib/gnutls_srp.c @@ -27,12 +27,7 @@ #include "debug.h" /* These should be added in gcrypt.h */ -#define gcry_mpi_add mpi_add -#define gcry_mpi_subm mpi_subm -#define gcry_mpi_addm mpi_addm -#define gcry_mpi_mul mpi_mul -#define gcry_mpi_mulm mpi_mulm -MPI generate_elg_prime( int mode, unsigned pbits, unsigned qbits, +MPI _gcry_generate_elg_prime( int mode, unsigned pbits, unsigned qbits, MPI g, MPI **ret_factors ); /* Here functions for SRP (like g^x mod n) are defined @@ -85,7 +80,7 @@ int _gnutls_srp_gn(opaque ** ret_g, opaque ** ret_n, int bits) if (qbits & 1) /* better have a even one */ qbits++; - prime = generate_elg_prime(0, bits, qbits, g, NULL); + prime = _gcry_generate_elg_prime(0, bits, qbits, g, NULL); } diff --git a/src/prime.c b/src/prime.c index ee62cc26d2..91e14eb10d 100644 --- a/src/prime.c +++ b/src/prime.c @@ -29,7 +29,7 @@ #include "../lib/cert_b64.h" #include "prime-gaa.h" -MPI generate_elg_prime( int mode, unsigned pbits, unsigned qbits, +MPI _gcry_generate_elg_prime( int mode, unsigned pbits, unsigned qbits, MPI g, MPI **ret_factors ); int main(int argc, char **argv) @@ -53,7 +53,7 @@ int main(int argc, char **argv) qbits++; g = mpi_new(16); - prime = generate_elg_prime( 0, info.bits, qbits, g, NULL); + prime = _gcry_generate_elg_prime( 0, info.bits, qbits, g, NULL); /* print generator */ size = 0; diff --git a/src/tpasswd b/src/tpasswd index f5e4096b17..dc04195a86 100644 --- a/src/tpasswd +++ b/src/tpasswd @@ -1,2 +1,2 @@ -test:i6Up8mTyhhysp96btJJGi7BUOdQEmI3kRznnWuovFoXGi12Ayx2gCZ6mDIuQn.6jpdUTwrhOHdf9aoGqCPkaZIE.zEP.PccXfTD/XE2d.bwlcLmkr/AAglwOoEG4cmDGiA/RfueIVCSE7sJYBCWSRMZpVW/vTbSmWOQr1oeW0Bfg:3EkIcF1pNQ4KTvvlXjwJyl:1 +test:Sp2yxWRqT4JkAwpi23/5249384lTEyKSYyqFf41GTmwY6ufidSwC.YAql/scboDjQlyCtc5/RJ89ECOSzlyyMeFX2TgwUedkHrQLvD0FHoyD1kPLSuZ9yu4QkoQRXg/aczDkFsCWyQq/CTowxr5haxjiiZ4L3pedPazxq0AwcR/y:6oMA08xvYxulpRzW7wh97:1 test2:2uTyiMxqKewx.hgReJmKBY6KL/8nZ5CdrKhmySdF/asJkvXzas5nAqSIh0icrlZP4cGgtuzpDaEafqRqAwjNOo/eEbiuYilO6r8DKnVvKrHIDDI8HzVhkoH1FoTkND33qhG3AbGof1gOxgdOOPOCa7MjdebZn.23PNPDY2dueE1rh:3U2EiG0NjswPJlh4rFyMm5:1 |