[SCM] GNU gnutls branch, master, updated. gnutls_2_9

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-47-gd75ba16

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-47-gd75ba16
Date:	Thu, 14 Jan 2010 17:59:04 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=d75ba16425be5ed98d11ecd1c8fc2f400d8b8792

The branch, master has been updated
       via  d75ba16425be5ed98d11ecd1c8fc2f400d8b8792 (commit)
      from  830f6715779e74501bbbffe395ce7b9264f35ecc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d75ba16425be5ed98d11ecd1c8fc2f400d8b8792
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Thu Jan 14 18:56:29 2010 +0100

    Further cleanup the extension internal structure. Now if values are not
    saved and restored when resumming they will be initialized to zero.

-----------------------------------------------------------------------

Summary of changes:
 lib/ext_session_ticket.c  |    8 ++++----
 lib/gnutls_constate.c     |   15 +++------------
 lib/gnutls_int.h          |    9 +++++----
 lib/gnutls_session_pack.c |    1 +
 4 files changed, 13 insertions(+), 20 deletions(-)

diff --git a/lib/ext_session_ticket.c b/lib/ext_session_ticket.c
index e7a2891..a474ba1 100644
--- a/lib/ext_session_ticket.c
+++ b/lib/ext_session_ticket.c
@@ -87,7 +87,7 @@ decrypt_ticket (gnutls_session_t session, struct ticket 
*ticket)
   int ret;
 
   /* Check the integrity of ticket using HMAC-SHA-256. */
-  mac_secret.data =
+  mac_secret.data = (void*)
     session->security_parameters.extensions.session_ticket_key->mac_secret;
   mac_secret.size = MAC_SECRET_SIZE;
   ret = digest_ticket (&mac_secret, ticket, final);
@@ -104,7 +104,7 @@ decrypt_ticket (gnutls_session_t session, struct ticket 
*ticket)
     }
 
   /* Decrypt encrypted_state using 128-bit AES in CBC mode. */
-  key.data = session->security_parameters.extensions.session_ticket_key->key;
+  key.data = 
(void*)session->security_parameters.extensions.session_ticket_key->key;
   key.size = KEY_SIZE;
   IV.data = ticket->IV;
   IV.size = IV_SIZE;
@@ -177,7 +177,7 @@ encrypt_ticket (gnutls_session_t session, struct ticket 
*ticket)
   _gnutls_free_datum (&state);
 
   /* Encrypt state using 128-bit AES in CBC mode. */
-  key.data = session->security_parameters.extensions.session_ticket_key->key;
+  key.data = 
(void*)session->security_parameters.extensions.session_ticket_key->key;
   key.size = KEY_SIZE;
   IV.data = session->security_parameters.extensions.session_ticket_IV;
   IV.size = IV_SIZE;
@@ -209,7 +209,7 @@ encrypt_ticket (gnutls_session_t session, struct ticket 
*ticket)
   ticket->encrypted_state = encrypted_state.data;
 
   mac_secret.data =
-    session->security_parameters.extensions.session_ticket_key->mac_secret;
+    
(void*)session->security_parameters.extensions.session_ticket_key->mac_secret;
   mac_secret.size = MAC_SECRET_SIZE;
   ret = digest_ticket (&mac_secret, ticket, ticket->mac);
   if (ret < 0)
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index 78a38cc..338c060 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -381,17 +381,8 @@ _gnutls_set_write_keys (gnutls_session_t session)
 }
 
 #define CPY_EXTENSIONS \
-       memcpy(dst->extensions.server_names, src->extensions.server_names, 
sizeof(src->extensions.server_names)); \
-       dst->extensions.server_names_size = src->extensions.server_names_size; \
-       memcpy(dst->extensions.srp_username, src->extensions.srp_username, 
sizeof(src->extensions.srp_username)); \
-       memcpy(dst->extensions.sign_algorithms, 
src->extensions.sign_algorithms, sizeof(src->extensions.sign_algorithms)); \
-       dst->extensions.sign_algorithms_size = 
src->extensions.sign_algorithms_size; \
-       dst->extensions.gnutls_ia_enable = src->extensions.gnutls_ia_enable; \
-       dst->extensions.gnutls_ia_peer_enable = 
src->extensions.gnutls_ia_peer_enable; \
-       dst->extensions.gnutls_ia_allowskip = 
src->extensions.gnutls_ia_allowskip; \
-       dst->extensions.gnutls_ia_peer_allowskip = 
src->extensions.gnutls_ia_peer_allowskip; \
-       dst->extensions.do_recv_supplemental = 
src->extensions.do_recv_supplemental; \
-       dst->extensions.do_send_supplemental = 
src->extensions.do_send_supplemental
+       memcpy(&dst->extensions.server_names, &src->extensions, 
sizeof(src->extensions)); \
+       memset(&src->extensions, 0, sizeof(src->extensions)) /* avoid duplicate 
free's */
 
 #define CPY_COMMON dst->entity = src->entity; \
        dst->kx_algorithm = src->kx_algorithm; \
@@ -406,7 +397,6 @@ _gnutls_set_write_keys (gnutls_session_t session)
        dst->max_record_recv_size = src->max_record_recv_size; \
        dst->max_record_send_size = src->max_record_send_size; \
        dst->version = src->version; \
-       CPY_EXTENSIONS; \
        memcpy( &dst->inner_secret, &src->inner_secret, GNUTLS_MASTER_SIZE)
 
 static void
@@ -425,6 +415,7 @@ _gnutls_cpy_write_security_parameters 
(security_parameters_st *
                                       dst, security_parameters_st * src)
 {
   CPY_COMMON;
+  CPY_EXTENSIONS; /* only do once */
 
   dst->write_bulk_cipher_algorithm = src->write_bulk_cipher_algorithm;
   dst->write_mac_algorithm = src->write_mac_algorithm;
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index fec71a7..df5dc4f 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -331,21 +331,22 @@ typedef struct
   /* Used by extensions that enable supplemental data. */
   int do_recv_supplemental, do_send_supplemental;
 
+  opaque *session_ticket;
+  uint16_t session_ticket_len;
+
   /*** Those below do not get copied when resuming session 
    ***/
 
   /* Opaque PRF input. */
   gnutls_oprfi_callback_func oprfi_cb;
-  void *oprfi_userdata;
+  const void *oprfi_userdata;
   opaque *oprfi_client;
   uint16_t oprfi_client_len;
   opaque *oprfi_server;
   uint16_t oprfi_server_len;
 
   /* Session Ticket */
-  opaque *session_ticket;
-  uint16_t session_ticket_len;
-  struct gnutls_session_ticket_key_st *session_ticket_key;
+  const struct gnutls_session_ticket_key_st *session_ticket_key;
   opaque session_ticket_IV[SESSION_TICKET_IV_SIZE];
 
   /* Safe renegotiation. */
diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c
index 30c9e6b..3d73134 100644
--- a/lib/gnutls_session_pack.c
+++ b/lib/gnutls_session_pack.c
@@ -1133,6 +1133,7 @@ unpack_security_parameters (gnutls_session_t session,
       return GNUTLS_E_INVALID_REQUEST;
     }
 
+  memset(&session->internals.resumed_security_parameters, 0, 
sizeof(session->internals.resumed_security_parameters));
   session->internals.resumed_security_parameters.entity =
     packed_session->data[pos++];
   session->internals.resumed_security_parameters.kx_algorithm =


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-47-gd75ba16, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-46-g830f671
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-48-g2479072
Previous by thread: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-46-g830f671
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-48-g2479072
Index(es):
- Date
- Thread