[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-56-gbbc7b93
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-56-gbbc7b93 |
|
Date: |
Thu, 21 Jan 2010 21:33:49 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=bbc7b93c9e17201a0e298a99d875ae54fbad89cb
The branch, master has been updated
via bbc7b93c9e17201a0e298a99d875ae54fbad89cb (commit)
via 1e4981cfbec360a19cfb7470ce96093aaa95b32e (commit)
via 2d303d2076f53ad9b9454f507887839c37665558 (commit)
from d495b8dd52da94f5c655f52ae50689048a177dc0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bbc7b93c9e17201a0e298a99d875ae54fbad89cb
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jan 21 22:20:07 2010 +0100
More carefull copying of data. Check for the malicious case where a server
does initial unsafe negotiation and proceeds with a safe renegotiation.
commit 1e4981cfbec360a19cfb7470ce96093aaa95b32e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jan 21 22:22:09 2010 +0100
Always allow initial negotiation. Disable subsequent unsafe renegotiations.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
commit 2d303d2076f53ad9b9454f507887839c37665558
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jan 21 21:42:07 2010 +0100
Safe renegotiation variable cleanup. No longer clear variables that
should stay across rehandshakes.
-----------------------------------------------------------------------
Summary of changes:
lib/ext_safe_renegotiation.c | 23 ++++++++++++++++++-----
lib/gnutls_handshake.c | 26 +++-----------------------
lib/gnutls_int.h | 3 +--
lib/gnutls_state.c | 1 -
4 files changed, 22 insertions(+), 31 deletions(-)
diff --git a/lib/ext_safe_renegotiation.c b/lib/ext_safe_renegotiation.c
index ca725a7..8a58ecd 100644
--- a/lib/ext_safe_renegotiation.c
+++ b/lib/ext_safe_renegotiation.c
@@ -36,13 +36,24 @@ _gnutls_safe_renegotiation_recv_params (gnutls_session_t
session,
DECR_LEN (data_size, len+1 /* count the first byte and payload */);
+ /* It is not legal to receive this extension on a renegotiation and
+ * not receive it on the initial negotiation.
+ */
+ if (session->internals.initial_negotiation_completed != 0 &&
+ session->internals.connection_using_safe_renegotiation == 0)
+ {
+ gnutls_assert();
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+
if (len > sizeof (ext->ri_extension_data))
{
gnutls_assert();
return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
}
- memcpy (ext->ri_extension_data, &data[1], len);
+ if (len > 0)
+ memcpy (ext->ri_extension_data, &data[1], len);
ext->ri_extension_data_len = len;
/* "safe renegotiation received" means on *this* handshake; "connection using
@@ -50,7 +61,7 @@ _gnutls_safe_renegotiation_recv_params (gnutls_session_t
session,
* indicated safe renegotiation.
*/
session->internals.safe_renegotiation_received = 1;
- ext->connection_using_safe_renegotiation = 1;
+ session->internals.connection_using_safe_renegotiation = 1;
return 0;
}
@@ -71,7 +82,7 @@ _gnutls_safe_renegotiation_send_params (gnutls_session_t
session,
data[0] = 0;
/* Always offer the extension if we're a client */
- if (ext->connection_using_safe_renegotiation ||
+ if (session->internals.connection_using_safe_renegotiation ||
session->security_parameters.entity == GNUTLS_CLIENT)
{
DECR_LEN (data_size, 1);
@@ -79,7 +90,8 @@ _gnutls_safe_renegotiation_send_params (gnutls_session_t
session,
DECR_LEN (data_size, ext->client_verify_data_len);
- memcpy(&data[1],
+ if (ext->client_verify_data_len > 0)
+ memcpy(&data[1],
ext->client_verify_data,
ext->client_verify_data_len);
@@ -89,7 +101,8 @@ _gnutls_safe_renegotiation_send_params (gnutls_session_t
session,
DECR_LEN (data_size, ext->server_verify_data_len);
- memcpy(&data[1 + ext->client_verify_data_len],
+ if (ext->server_verify_data_len > 0)
+ memcpy(&data[1 + ext->client_verify_data_len],
ext->server_verify_data,
ext->server_verify_data_len);
}
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 618b20c..41f64d2 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -107,9 +107,6 @@ _gnutls_handshake_hash_buffers_clear (gnutls_session_t
session)
static void
resume_copy_required_values (gnutls_session_t session)
{
- tls_ext_st *newext;
- tls_ext_st *resext;
-
/* get the new random values */
memcpy (session->internals.resumed_security_parameters.server_random,
session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
@@ -146,12 +143,6 @@ resume_copy_required_values (gnutls_session_t session)
session->security_parameters.session_id_size =
session->internals.resumed_security_parameters.session_id_size;
- /* safe renegotiation */
- newext = &session->security_parameters.extensions;
- resext = &session->internals.resumed_security_parameters.extensions;
-
- newext->connection_using_safe_renegotiation =
- resext->connection_using_safe_renegotiation;
}
void
@@ -884,7 +875,7 @@ _gnutls_server_select_suite (gnutls_session_t session,
opaque * data,
{
_gnutls_handshake_log ("HSK[%p]: Received safe renegotiation CS\n",
session);
session->internals.safe_renegotiation_received = 1;
-
session->security_parameters.extensions.connection_using_safe_renegotiation = 1;
+ session->internals.connection_using_safe_renegotiation = 1;
break;
}
}
@@ -1668,8 +1659,6 @@ _gnutls_client_check_if_resuming (gnutls_session_t
session,
opaque * session_id, int session_id_len)
{
opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
- tls_ext_st *newext;
- tls_ext_st *resext;
_gnutls_handshake_log ("HSK[%p]: SessionID length: %d\n", session,
session_id_len);
@@ -1691,13 +1680,6 @@ _gnutls_client_check_if_resuming (gnutls_session_t
session,
session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
session->internals.resumed = RESUME_TRUE; /* we are resuming */
- /* safe renegotiation after resumption */
- newext = &session->security_parameters.extensions;
- resext = &session->internals.resumed_security_parameters.extensions;
-
- newext->connection_using_safe_renegotiation =
- resext->connection_using_safe_renegotiation;
-
return 0;
}
else
@@ -2433,16 +2415,14 @@ _gnutls_recv_hello (gnutls_session_t session, opaque *
data, int datalen)
}
else /* safe renegotiation not received... */
{
- if (ext->connection_using_safe_renegotiation)
+ if (session->internals.connection_using_safe_renegotiation)
{
gnutls_assert();
_gnutls_handshake_log ("Peer previously asked for safe
renegotiation!\n");
return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
}
- /* Clients can't tell if it's an initial negotiation */
- if (session->internals.initial_negotiation_completed ||
- session->security_parameters.entity == GNUTLS_CLIENT)
+ if (session->internals.initial_negotiation_completed != 0)
{
if (session->internals.priorities.unsafe_renegotiation != 0)
{
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 5799d46..83cd514 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -351,8 +351,6 @@ typedef struct
uint8_t ri_extension_data[MAX_VERIFY_DATA_SIZE*2]; /* max signal is 72 bytes
in s->c sslv3 */
size_t ri_extension_data_len;
- int connection_using_safe_renegotiation:1;
-
} tls_ext_st;
/* auth_info_t structures now MAY contain malloced
@@ -743,6 +741,7 @@ typedef struct
int safe_renegotiation_received:1;
int initial_negotiation_completed:1;
+ int connection_using_safe_renegotiation:1;
/* Oprfi */
gnutls_oprfi_callback_func oprfi_cb;
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 0545757..3838efa 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -227,7 +227,6 @@ _gnutls_handshake_internal_state_init (gnutls_session_t
session)
session->internals.adv_version_minor = 0;
session->internals.direction = 0;
session->internals.safe_renegotiation_received = 0;
- session->internals.initial_negotiation_completed = 0;
/* use out of band data for the last
* handshake messages received.
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-56-gbbc7b93,
Nikos Mavrogiannopoulos <=