[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-58-g250e4dd
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-58-g250e4dd |
|
Date: |
Thu, 21 Jan 2010 22:30:58 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=250e4ddf478910a645c70235c6e06d76f1b1ea73
The branch, master has been updated
via 250e4ddf478910a645c70235c6e06d76f1b1ea73 (commit)
via 6ded62d3cf180b8905075770916836e00552fb1c (commit)
from bbc7b93c9e17201a0e298a99d875ae54fbad89cb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 250e4ddf478910a645c70235c6e06d76f1b1ea73
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jan 21 23:30:16 2010 +0100
Added safe renegotiation test cases. Added priority string option to
completely disable renegotiation to assist in testing more cases.
commit 6ded62d3cf180b8905075770916836e00552fb1c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jan 21 22:47:53 2010 +0100
Added the --rehandshake option to gnutls-cli to allow connection and
immediate rehandshake.
-----------------------------------------------------------------------
Summary of changes:
lib/ext_safe_renegotiation.c | 10 +-
lib/gnutls_handshake.c | 6 +
lib/gnutls_int.h | 1 +
lib/gnutls_priority.c | 6 +
src/cli-gaa.c | 233 +++++++++++---------
src/cli-gaa.h | 78 ++++----
src/cli.c | 20 ++-
src/cli.gaa | 5 +-
tests/Makefile.am | 2 +-
.../Makefile.am | 10 +-
tests/safe-renegotiation/params.dh | 35 +++
tests/safe-renegotiation/testsrn | 76 +++++++
12 files changed, 332 insertions(+), 150 deletions(-)
copy tests/{pkcs8-decode => safe-renegotiation}/Makefile.am (82%)
create mode 100644 tests/safe-renegotiation/params.dh
create mode 100755 tests/safe-renegotiation/testsrn
diff --git a/lib/ext_safe_renegotiation.c b/lib/ext_safe_renegotiation.c
index 8a58ecd..1f30ec9 100644
--- a/lib/ext_safe_renegotiation.c
+++ b/lib/ext_safe_renegotiation.c
@@ -75,10 +75,16 @@ _gnutls_safe_renegotiation_send_params (gnutls_session_t
session,
* itself; IOW, empty verify data is represented as a length of 0. That means
* the minimum extension is one byte: 0x00.
*/
-
ssize_t data_size = _data_size;
tls_ext_st *ext = &session->security_parameters.extensions;
+
+ if (session->internals.priorities.disable_safe_renegotiation != 0)
+ {
+ gnutls_assert();
+ return 0;
+ }
+
data[0] = 0;
/* Always offer the extension if we're a client */
@@ -107,6 +113,8 @@ _gnutls_safe_renegotiation_send_params (gnutls_session_t
session,
ext->server_verify_data_len);
}
}
+ else
+ return 0;
return 1 + data[0]; /* don't forget the length byte */
}
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 41f64d2..fc9de23 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2374,6 +2374,12 @@ _gnutls_recv_hello (gnutls_session_t session, opaque *
data, int datalen)
return ret;
}
}
+
+ if (session->internals.priorities.disable_safe_renegotiation != 0)
+ {
+ gnutls_assert();
+ return ret;
+ }
/* Safe renegotiation */
ext = &session->security_parameters.extensions;
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 83cd514..f95ec34 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -464,6 +464,7 @@ struct gnutls_priority_st
int no_padding:1;
int unsafe_renegotiation:1;
int initial_safe_renegotiation:1;
+ int disable_safe_renegotiation:1;
int ssl3_record_version;
int additional_verify_flags;
};
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index f12660b..a489166 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -526,6 +526,9 @@ gnutls_priority_set (gnutls_session_t session,
gnutls_priority_t priority)
*
* "%INITIAL_SAFE_RENEGOTIATION" will force initial safe negotiation even if
renegotiation wasn't requested.
*
+ * "%DISABLE_SAFE_RENEGOTIATION" will disable safe renegotiation completely.
Do not use
+ * unless you know what you are doing. Testing purposes only.
+ *
* "%SSL3_RECORD_VERSION" will use SSL3.0 record version in client hello.
*
* "%VERIFY_ALLOW_SIGN_RSA_MD5" will allow RSA-MD5 signatures in
@@ -721,6 +724,9 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
else if (strcasecmp (&broken_list[i][1],
"INITIAL_SAFE_RENEGOTIATION") == 0)
(*priority_cache)->initial_safe_renegotiation = 1;
+ else if (strcasecmp (&broken_list[i][1],
+ "DISABLE_SAFE_RENEGOTIATION") == 0)
+ (*priority_cache)->disable_safe_renegotiation = 1;
else
goto error;
}
diff --git a/src/cli-gaa.c b/src/cli-gaa.c
index 828d7f1..715b43b 100644
--- a/src/cli-gaa.c
+++ b/src/cli-gaa.c
@@ -129,6 +129,7 @@ void gaa_help(void)
printf("GNU TLS test client\nUsage: gnutls-cli [options]
hostname\n\n\n");
__gaa_helpsingle('d', "debug", "integer ", "Enable debugging");
__gaa_helpsingle('r', "resume", "", "Connect, establish a session.
Connect again and resume this session.");
+ __gaa_helpsingle('e', "rehandshake", "", "Connect, establish a session
and rehandshake immediately.");
__gaa_helpsingle(0, "noticket", "", "Doen't accept session tickets.");
__gaa_helpsingle('s', "starttls", "", "Connect, establish a plain
session and start TLS when EOF or a SIGALRM is received.");
__gaa_helpsingle(0, "crlf", "", "Send CR LF instead of LF.");
@@ -177,82 +178,84 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 124 "cli.gaa"
+#line 127 "cli.gaa"
char *rest_args;
-#line 116 "cli.gaa"
+#line 119 "cli.gaa"
int insecure;
-#line 113 "cli.gaa"
+#line 116 "cli.gaa"
char *port;
-#line 110 "cli.gaa"
+#line 113 "cli.gaa"
char *opaque_prf_input;
-#line 107 "cli.gaa"
+#line 110 "cli.gaa"
char *psk_key;
-#line 104 "cli.gaa"
+#line 107 "cli.gaa"
char *psk_username;
-#line 101 "cli.gaa"
+#line 104 "cli.gaa"
char *srp_passwd;
-#line 98 "cli.gaa"
+#line 101 "cli.gaa"
char *srp_username;
-#line 95 "cli.gaa"
+#line 98 "cli.gaa"
char *x509_certfile;
-#line 92 "cli.gaa"
+#line 95 "cli.gaa"
char *x509_keyfile;
-#line 89 "cli.gaa"
+#line 92 "cli.gaa"
char *pgp_subkey;
-#line 86 "cli.gaa"
+#line 89 "cli.gaa"
char *pgp_certfile;
-#line 83 "cli.gaa"
+#line 86 "cli.gaa"
char *pgp_keyring;
-#line 80 "cli.gaa"
+#line 83 "cli.gaa"
char *pgp_keyfile;
-#line 77 "cli.gaa"
+#line 80 "cli.gaa"
char *x509_crlfile;
-#line 74 "cli.gaa"
+#line 77 "cli.gaa"
char *x509_cafile;
-#line 71 "cli.gaa"
+#line 74 "cli.gaa"
char *priorities;
-#line 68 "cli.gaa"
+#line 71 "cli.gaa"
char **ctype;
-#line 67 "cli.gaa"
+#line 70 "cli.gaa"
int nctype;
-#line 64 "cli.gaa"
+#line 67 "cli.gaa"
char **kx;
-#line 63 "cli.gaa"
+#line 66 "cli.gaa"
int nkx;
-#line 60 "cli.gaa"
+#line 63 "cli.gaa"
char **macs;
-#line 59 "cli.gaa"
+#line 62 "cli.gaa"
int nmacs;
-#line 56 "cli.gaa"
+#line 59 "cli.gaa"
char **comp;
-#line 55 "cli.gaa"
+#line 58 "cli.gaa"
int ncomp;
-#line 52 "cli.gaa"
+#line 55 "cli.gaa"
char **proto;
-#line 51 "cli.gaa"
+#line 54 "cli.gaa"
int nproto;
-#line 48 "cli.gaa"
+#line 51 "cli.gaa"
char **ciphers;
-#line 47 "cli.gaa"
+#line 50 "cli.gaa"
int nciphers;
-#line 44 "cli.gaa"
+#line 47 "cli.gaa"
int verbose;
-#line 41 "cli.gaa"
+#line 44 "cli.gaa"
int record_size;
-#line 38 "cli.gaa"
+#line 41 "cli.gaa"
int print_cert;
-#line 35 "cli.gaa"
+#line 38 "cli.gaa"
int disable_extensions;
-#line 32 "cli.gaa"
+#line 35 "cli.gaa"
int fingerprint;
-#line 29 "cli.gaa"
+#line 32 "cli.gaa"
int fmtder;
-#line 26 "cli.gaa"
+#line 29 "cli.gaa"
int crlf;
-#line 23 "cli.gaa"
+#line 26 "cli.gaa"
int starttls;
-#line 20 "cli.gaa"
+#line 23 "cli.gaa"
int noticket;
+#line 20 "cli.gaa"
+ int rehandshake;
#line 17 "cli.gaa"
int resume;
#line 14 "cli.gaa"
@@ -311,7 +314,7 @@ static int gaa_error = 0;
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 36
+#define GAA_NB_OPTION 37
#define GAAOPTID_version 1
#define GAAOPTID_help 2
#define GAAOPTID_list 3
@@ -346,8 +349,9 @@ static int gaa_error = 0;
#define GAAOPTID_crlf 32
#define GAAOPTID_starttls 33
#define GAAOPTID_noticket 34
-#define GAAOPTID_resume 35
-#define GAAOPTID_debug 36
+#define GAAOPTID_rehandshake 35
+#define GAAOPTID_resume 36
+#define GAAOPTID_debug 37
#line 168 "gaa.skel"
@@ -507,12 +511,31 @@ static int gaa_getint(char *arg)
return tmp;
}
+static char gaa_getchar(char *arg)
+{
+ if(strlen(arg) != 1)
+ {
+ printf("Option %s: '%s' isn't an character\n", gaa_current_option,
arg);
+ GAAERROR(-1);
+ }
+ return arg[0];
+}
static char* gaa_getstr(char *arg)
{
return arg;
}
-
+static float gaa_getfloat(char *arg)
+{
+ float tmp;
+ char a;
+ if(sscanf(arg, "%f%c", &tmp, &a) < 1)
+ {
+ printf("Option %s: '%s' isn't a float number\n", gaa_current_option,
arg);
+ GAAERROR(-1);
+ }
+ return tmp;
+}
/* option structures */
struct GAAOPTION_port
@@ -726,6 +749,7 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECK1STR("", GAAOPTID_crlf);
GAA_CHECK1STR("s", GAAOPTID_starttls);
GAA_CHECK1STR("", GAAOPTID_noticket);
+ GAA_CHECK1STR("e", GAAOPTID_rehandshake);
GAA_CHECK1STR("r", GAAOPTID_resume);
#line 277 "gaa.skel"
@@ -765,6 +789,7 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECKSTR("crlf", GAAOPTID_crlf);
GAA_CHECKSTR("starttls", GAAOPTID_starttls);
GAA_CHECKSTR("noticket", GAAOPTID_noticket);
+ GAA_CHECKSTR("rehandshake", GAAOPTID_rehandshake);
GAA_CHECKSTR("resume", GAAOPTID_resume);
GAA_CHECKSTR("debug", GAAOPTID_debug);
@@ -824,28 +849,28 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
{
case GAAOPTID_version:
OK = 0;
-#line 122 "cli.gaa"
+#line 125 "cli.gaa"
{ cli_version(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_help:
OK = 0;
-#line 120 "cli.gaa"
+#line 123 "cli.gaa"
{ gaa_help(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_list:
OK = 0;
-#line 119 "cli.gaa"
+#line 122 "cli.gaa"
{ print_list(gaaval->verbose); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_insecure:
OK = 0;
-#line 117 "cli.gaa"
+#line 120 "cli.gaa"
{ gaaval->insecure = 1 ;};
return GAA_OK;
@@ -855,7 +880,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_port.arg1, gaa_getstr, GAATMP_port.size1);
gaa_index++;
-#line 114 "cli.gaa"
+#line 117 "cli.gaa"
{ gaaval->port = GAATMP_port.arg1 ;};
return GAA_OK;
@@ -865,7 +890,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_opaque_prf_input.arg1, gaa_getstr,
GAATMP_opaque_prf_input.size1);
gaa_index++;
-#line 111 "cli.gaa"
+#line 114 "cli.gaa"
{ gaaval->opaque_prf_input = GAATMP_opaque_prf_input.arg1 ;};
return GAA_OK;
@@ -875,7 +900,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pskkey.arg1, gaa_getstr, GAATMP_pskkey.size1);
gaa_index++;
-#line 108 "cli.gaa"
+#line 111 "cli.gaa"
{ gaaval->psk_key = GAATMP_pskkey.arg1 ;};
return GAA_OK;
@@ -885,7 +910,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pskusername.arg1, gaa_getstr,
GAATMP_pskusername.size1);
gaa_index++;
-#line 105 "cli.gaa"
+#line 108 "cli.gaa"
{ gaaval->psk_username = GAATMP_pskusername.arg1 ;};
return GAA_OK;
@@ -895,7 +920,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_srppasswd.arg1, gaa_getstr,
GAATMP_srppasswd.size1);
gaa_index++;
-#line 102 "cli.gaa"
+#line 105 "cli.gaa"
{ gaaval->srp_passwd = GAATMP_srppasswd.arg1 ;};
return GAA_OK;
@@ -905,7 +930,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_srpusername.arg1, gaa_getstr,
GAATMP_srpusername.size1);
gaa_index++;
-#line 99 "cli.gaa"
+#line 102 "cli.gaa"
{ gaaval->srp_username = GAATMP_srpusername.arg1 ;};
return GAA_OK;
@@ -915,7 +940,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509certfile.arg1, gaa_getstr,
GAATMP_x509certfile.size1);
gaa_index++;
-#line 96 "cli.gaa"
+#line 99 "cli.gaa"
{ gaaval->x509_certfile = GAATMP_x509certfile.arg1 ;};
return GAA_OK;
@@ -925,7 +950,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509keyfile.arg1, gaa_getstr,
GAATMP_x509keyfile.size1);
gaa_index++;
-#line 93 "cli.gaa"
+#line 96 "cli.gaa"
{ gaaval->x509_keyfile = GAATMP_x509keyfile.arg1 ;};
return GAA_OK;
@@ -935,7 +960,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpsubkey.arg1, gaa_getstr,
GAATMP_pgpsubkey.size1);
gaa_index++;
-#line 90 "cli.gaa"
+#line 93 "cli.gaa"
{ gaaval->pgp_subkey = GAATMP_pgpsubkey.arg1 ;};
return GAA_OK;
@@ -945,7 +970,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpcertfile.arg1, gaa_getstr,
GAATMP_pgpcertfile.size1);
gaa_index++;
-#line 87 "cli.gaa"
+#line 90 "cli.gaa"
{ gaaval->pgp_certfile = GAATMP_pgpcertfile.arg1 ;};
return GAA_OK;
@@ -955,7 +980,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpkeyring.arg1, gaa_getstr,
GAATMP_pgpkeyring.size1);
gaa_index++;
-#line 84 "cli.gaa"
+#line 87 "cli.gaa"
{ gaaval->pgp_keyring = GAATMP_pgpkeyring.arg1 ;};
return GAA_OK;
@@ -965,7 +990,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpkeyfile.arg1, gaa_getstr,
GAATMP_pgpkeyfile.size1);
gaa_index++;
-#line 81 "cli.gaa"
+#line 84 "cli.gaa"
{ gaaval->pgp_keyfile = GAATMP_pgpkeyfile.arg1 ;};
return GAA_OK;
@@ -975,7 +1000,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509crlfile.arg1, gaa_getstr,
GAATMP_x509crlfile.size1);
gaa_index++;
-#line 78 "cli.gaa"
+#line 81 "cli.gaa"
{ gaaval->x509_crlfile = GAATMP_x509crlfile.arg1 ;};
return GAA_OK;
@@ -985,7 +1010,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509cafile.arg1, gaa_getstr,
GAATMP_x509cafile.size1);
gaa_index++;
-#line 75 "cli.gaa"
+#line 78 "cli.gaa"
{ gaaval->x509_cafile = GAATMP_x509cafile.arg1 ;};
return GAA_OK;
@@ -995,7 +1020,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_priority.arg1, gaa_getstr,
GAATMP_priority.size1);
gaa_index++;
-#line 72 "cli.gaa"
+#line 75 "cli.gaa"
{ gaaval->priorities = GAATMP_priority.arg1 ;};
return GAA_OK;
@@ -1003,7 +1028,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
case GAAOPTID_ctypes:
OK = 0;
GAA_LIST_FILL(GAATMP_ctypes.arg1, gaa_getstr, char*,
GAATMP_ctypes.size1);
-#line 69 "cli.gaa"
+#line 72 "cli.gaa"
{ gaaval->ctype = GAATMP_ctypes.arg1; gaaval->nctype = GAATMP_ctypes.size1 ;};
return GAA_OK;
@@ -1011,7 +1036,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
case GAAOPTID_kx:
OK = 0;
GAA_LIST_FILL(GAATMP_kx.arg1, gaa_getstr, char*,
GAATMP_kx.size1);
-#line 65 "cli.gaa"
+#line 68 "cli.gaa"
{ gaaval->kx = GAATMP_kx.arg1; gaaval->nkx = GAATMP_kx.size1 ;};
return GAA_OK;
@@ -1019,7 +1044,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
case GAAOPTID_macs:
OK = 0;
GAA_LIST_FILL(GAATMP_macs.arg1, gaa_getstr, char*,
GAATMP_macs.size1);
-#line 61 "cli.gaa"
+#line 64 "cli.gaa"
{ gaaval->macs = GAATMP_macs.arg1; gaaval->nmacs = GAATMP_macs.size1 ;};
return GAA_OK;
@@ -1027,7 +1052,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
case GAAOPTID_comp:
OK = 0;
GAA_LIST_FILL(GAATMP_comp.arg1, gaa_getstr, char*,
GAATMP_comp.size1);
-#line 57 "cli.gaa"
+#line 60 "cli.gaa"
{ gaaval->comp = GAATMP_comp.arg1; gaaval->ncomp = GAATMP_comp.size1 ;};
return GAA_OK;
@@ -1035,7 +1060,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
case GAAOPTID_protocols:
OK = 0;
GAA_LIST_FILL(GAATMP_protocols.arg1, gaa_getstr, char*,
GAATMP_protocols.size1);
-#line 53 "cli.gaa"
+#line 56 "cli.gaa"
{ gaaval->proto = GAATMP_protocols.arg1; gaaval->nproto =
GAATMP_protocols.size1 ;};
return GAA_OK;
@@ -1043,14 +1068,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
case GAAOPTID_ciphers:
OK = 0;
GAA_LIST_FILL(GAATMP_ciphers.arg1, gaa_getstr, char*,
GAATMP_ciphers.size1);
-#line 49 "cli.gaa"
+#line 52 "cli.gaa"
{ gaaval->ciphers = GAATMP_ciphers.arg1; gaaval->nciphers =
GAATMP_ciphers.size1 ;};
return GAA_OK;
break;
case GAAOPTID_verbose:
OK = 0;
-#line 45 "cli.gaa"
+#line 48 "cli.gaa"
{ gaaval->verbose = 1 ;};
return GAA_OK;
@@ -1060,60 +1085,67 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_recordsize.arg1, gaa_getint,
GAATMP_recordsize.size1);
gaa_index++;
-#line 42 "cli.gaa"
+#line 45 "cli.gaa"
{ gaaval->record_size = GAATMP_recordsize.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_print_cert:
OK = 0;
-#line 39 "cli.gaa"
+#line 42 "cli.gaa"
{ gaaval->print_cert = 1 ;};
return GAA_OK;
break;
case GAAOPTID_disable_extensions:
OK = 0;
-#line 36 "cli.gaa"
+#line 39 "cli.gaa"
{ gaaval->disable_extensions = 1 ;};
return GAA_OK;
break;
case GAAOPTID_fingerprint:
OK = 0;
-#line 33 "cli.gaa"
+#line 36 "cli.gaa"
{ gaaval->fingerprint = 1 ;};
return GAA_OK;
break;
case GAAOPTID_x509fmtder:
OK = 0;
-#line 30 "cli.gaa"
+#line 33 "cli.gaa"
{ gaaval->fmtder = 1 ;};
return GAA_OK;
break;
case GAAOPTID_crlf:
OK = 0;
-#line 27 "cli.gaa"
+#line 30 "cli.gaa"
{ gaaval->crlf = 1 ;};
return GAA_OK;
break;
case GAAOPTID_starttls:
OK = 0;
-#line 24 "cli.gaa"
+#line 27 "cli.gaa"
{ gaaval->starttls = 1 ;};
return GAA_OK;
break;
case GAAOPTID_noticket:
OK = 0;
-#line 21 "cli.gaa"
+#line 24 "cli.gaa"
{ gaaval->noticket = 1 ;};
return GAA_OK;
break;
+ case GAAOPTID_rehandshake:
+ OK = 0;
+#line 21 "cli.gaa"
+{ gaaval->rehandshake = 1 ;};
+
+ return GAA_OK;
+ break;
case GAAOPTID_resume:
OK = 0;
#line 18 "cli.gaa"
@@ -1135,7 +1167,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAAREST_tmp.arg1, gaa_getstr, GAAREST_tmp.size1);
gaa_index++;
-#line 125 "cli.gaa"
+#line 128 "cli.gaa"
{ gaaval->rest_args = GAAREST_tmp.arg1; ;};
return GAA_OK;
@@ -1150,24 +1182,21 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
int gaa(int argc, char **argv, gaainfo *gaaval)
{
int tmp1, tmp2;
- int l;
- size_t i, j;
+ int i, j;
char *opt_list;
- i = 0;
-
GAAargv = argv;
GAAargc = argc;
opt_list = (char*) gaa_malloc(GAA_NB_OPTION + 1);
- for(l = 0; l < GAA_NB_OPTION + 1; l++)
- opt_list[l] = 0;
+ for(i = 0; i < GAA_NB_OPTION + 1; i++)
+ opt_list[i] = 0;
/* initialization */
if(inited == 0)
{
-#line 127 "cli.gaa"
+#line 130 "cli.gaa"
{ gaaval->resume=0; gaaval->noticket=0; gaaval->port="443";
gaaval->rest_args=NULL; gaaval->ciphers=NULL;
gaaval->kx=NULL; gaaval->comp=NULL; gaaval->macs=NULL;
gaaval->ctype=NULL; gaaval->nciphers=0;
gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0;
gaaval->record_size=0;
@@ -1177,7 +1206,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
gaaval->srp_username=NULL; gaaval->srp_passwd=NULL; gaaval->fmtder = 0;
gaaval->starttls =0;
gaaval->debug = 0; gaaval->print_cert = 0; gaaval->verbose = 0;
gaaval->psk_key = NULL;
gaaval->psk_username = NULL; gaaval->priorities = NULL;
- gaaval->opaque_prf_input = NULL; gaaval->pgp_subkey = NULL; ;};
+ gaaval->opaque_prf_input = NULL; gaaval->pgp_subkey = NULL;
gaaval->rehandshake = 0; ;};
}
inited = 1;
@@ -1188,27 +1217,27 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
gaa_arg_used = gaa_malloc(argc * sizeof(char));
}
- for(l = 1; l < argc; l++)
- gaa_arg_used[l] = 0;
- for(l = 1; l < argc; l++)
+ for(i = 1; i < argc; i++)
+ gaa_arg_used[i] = 0;
+ for(i = 1; i < argc; i++)
{
- if(gaa_arg_used[l] == 0)
+ if(gaa_arg_used[i] == 0)
{
j = 0;
- tmp1 = gaa_is_an_argument(GAAargv[l]);
+ tmp1 = gaa_is_an_argument(GAAargv[i]);
switch(tmp1)
{
case GAA_WORD_OPTION:
j++;
case GAA_LETTER_OPTION:
j++;
- tmp2 = gaa_get_option_num(argv[l]+j, tmp1);
+ tmp2 = gaa_get_option_num(argv[i]+j, tmp1);
if(tmp2 == GAA_ERROR_NOMATCH)
{
- printf("Invalid option '%s'\n", argv[l]+j);
+ printf("Invalid option '%s'\n", argv[i]+j);
return 0;
}
- switch(gaa_try(tmp2, l+1, gaaval, opt_list))
+ switch(gaa_try(tmp2, i+1, gaaval, opt_list))
{
case GAA_ERROR_NOTENOUGH_ARGS:
printf("'%s': not enough arguments\n",gaa_current_option);
@@ -1221,18 +1250,18 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
default:
printf("Unknown error\n");
}
- gaa_arg_used[l] = 1;
+ gaa_arg_used[i] = 1;
break;
case GAA_MULTIPLE_OPTION:
- for(j = 1; j < strlen(argv[l]); j++)
+ for(j = 1; j < strlen(argv[i]); j++)
{
- tmp2 = gaa_get_option_num(argv[l]+j, tmp1);
+ tmp2 = gaa_get_option_num(argv[i]+j, tmp1);
if(tmp2 == GAA_ERROR_NOMATCH)
{
- printf("Invalid option '%c'\n", *(argv[l]+j));
+ printf("Invalid option '%c'\n", *(argv[i]+j));
return 0;
}
- switch(gaa_try(tmp2, l+1, gaaval, opt_list))
+ switch(gaa_try(tmp2, i+1, gaaval, opt_list))
{
case GAA_ERROR_NOTENOUGH_ARGS:
printf("'%s': not enough
arguments\n",gaa_current_option);
@@ -1246,7 +1275,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
printf("Unknown error\n");
}
}
- gaa_arg_used[l] = 1;
+ gaa_arg_used[i] = 1;
break;
default: break;
}
@@ -1272,9 +1301,9 @@ if(gaa_processing_file == 0)
}
#endif
}
- for(l = 1; l < argc; l++)
+ for(i = 1; i < argc; i++)
{
- if(gaa_arg_used[l] == 0)
+ if(gaa_arg_used[i] == 0)
{
printf("Too many arguments\n");
return 0;
@@ -1325,7 +1354,7 @@ static int gaa_internal_get_next_str(FILE *file,
gaa_str_node *tmp_str, int argc
len++;
a = fgetc( file);
- if(a==EOF) return 0; /* a = ' '; */
+ if(a==EOF) return 0; //a = ' ';
}
len += 1;
diff --git a/src/cli-gaa.h b/src/cli-gaa.h
index c5c9f4a..2627d4a 100644
--- a/src/cli-gaa.h
+++ b/src/cli-gaa.h
@@ -8,82 +8,84 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 124 "cli.gaa"
+#line 127 "cli.gaa"
char *rest_args;
-#line 116 "cli.gaa"
+#line 119 "cli.gaa"
int insecure;
-#line 113 "cli.gaa"
+#line 116 "cli.gaa"
char *port;
-#line 110 "cli.gaa"
+#line 113 "cli.gaa"
char *opaque_prf_input;
-#line 107 "cli.gaa"
+#line 110 "cli.gaa"
char *psk_key;
-#line 104 "cli.gaa"
+#line 107 "cli.gaa"
char *psk_username;
-#line 101 "cli.gaa"
+#line 104 "cli.gaa"
char *srp_passwd;
-#line 98 "cli.gaa"
+#line 101 "cli.gaa"
char *srp_username;
-#line 95 "cli.gaa"
+#line 98 "cli.gaa"
char *x509_certfile;
-#line 92 "cli.gaa"
+#line 95 "cli.gaa"
char *x509_keyfile;
-#line 89 "cli.gaa"
+#line 92 "cli.gaa"
char *pgp_subkey;
-#line 86 "cli.gaa"
+#line 89 "cli.gaa"
char *pgp_certfile;
-#line 83 "cli.gaa"
+#line 86 "cli.gaa"
char *pgp_keyring;
-#line 80 "cli.gaa"
+#line 83 "cli.gaa"
char *pgp_keyfile;
-#line 77 "cli.gaa"
+#line 80 "cli.gaa"
char *x509_crlfile;
-#line 74 "cli.gaa"
+#line 77 "cli.gaa"
char *x509_cafile;
-#line 71 "cli.gaa"
+#line 74 "cli.gaa"
char *priorities;
-#line 68 "cli.gaa"
+#line 71 "cli.gaa"
char **ctype;
-#line 67 "cli.gaa"
+#line 70 "cli.gaa"
int nctype;
-#line 64 "cli.gaa"
+#line 67 "cli.gaa"
char **kx;
-#line 63 "cli.gaa"
+#line 66 "cli.gaa"
int nkx;
-#line 60 "cli.gaa"
+#line 63 "cli.gaa"
char **macs;
-#line 59 "cli.gaa"
+#line 62 "cli.gaa"
int nmacs;
-#line 56 "cli.gaa"
+#line 59 "cli.gaa"
char **comp;
-#line 55 "cli.gaa"
+#line 58 "cli.gaa"
int ncomp;
-#line 52 "cli.gaa"
+#line 55 "cli.gaa"
char **proto;
-#line 51 "cli.gaa"
+#line 54 "cli.gaa"
int nproto;
-#line 48 "cli.gaa"
+#line 51 "cli.gaa"
char **ciphers;
-#line 47 "cli.gaa"
+#line 50 "cli.gaa"
int nciphers;
-#line 44 "cli.gaa"
+#line 47 "cli.gaa"
int verbose;
-#line 41 "cli.gaa"
+#line 44 "cli.gaa"
int record_size;
-#line 38 "cli.gaa"
+#line 41 "cli.gaa"
int print_cert;
-#line 35 "cli.gaa"
+#line 38 "cli.gaa"
int disable_extensions;
-#line 32 "cli.gaa"
+#line 35 "cli.gaa"
int fingerprint;
-#line 29 "cli.gaa"
+#line 32 "cli.gaa"
int fmtder;
-#line 26 "cli.gaa"
+#line 29 "cli.gaa"
int crlf;
-#line 23 "cli.gaa"
+#line 26 "cli.gaa"
int starttls;
-#line 20 "cli.gaa"
+#line 23 "cli.gaa"
int noticket;
+#line 20 "cli.gaa"
+ int rehandshake;
#line 17 "cli.gaa"
int resume;
#line 14 "cli.gaa"
diff --git a/src/cli.c b/src/cli.c
index 2aa2da4..ff34ece 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -53,7 +53,7 @@
#define MAX_BUF 4096
/* global stuff here */
-int resume, starttls, insecure;
+int resume, starttls, insecure, rehandshake;
const char *hostname = NULL;
char *service;
int record_max_size;
@@ -725,6 +725,23 @@ after_handshake:
programs to search for when gnutls-cli has reached this point. */
printf ("\n- Simple Client Mode:\n\n");
+ if (rehandshake)
+ {
+ ret = do_handshake (&hd);
+
+ if (ret < 0)
+ {
+ fprintf (stderr, "*** ReHandshake has failed\n");
+ gnutls_perror (ret);
+ gnutls_deinit (hd.session);
+ return 1;
+ }
+ else
+ {
+ printf ("- ReHandshake was completed\n");
+ }
+ }
+
#ifndef _WIN32
signal (SIGALRM, &starttls_alarm);
#endif
@@ -889,6 +906,7 @@ gaa_parser (int argc, char **argv)
print_cert = info.print_cert;
starttls = info.starttls;
resume = info.resume;
+ rehandshake = info.rehandshake;
insecure = info.insecure;
service = info.port;
record_max_size = info.record_size;
diff --git a/src/cli.gaa b/src/cli.gaa
index 14d7b3d..72502f7 100644
--- a/src/cli.gaa
+++ b/src/cli.gaa
@@ -17,6 +17,9 @@ option (d, debug) INT "integer" { $debug = $1 } "Enable
debugging"
#int resume;
option (r, resume) { $resume = 1 } "Connect, establish a session. Connect
again and resume this session."
+#int rehandshake;
+option (e, rehandshake) { $rehandshake = 1 } "Connect, establish a session and
rehandshake immediately."
+
#int noticket;
option (noticket) { $noticket = 1 } "Doen't accept session tickets."
@@ -133,4 +136,4 @@ init { $resume=0; $noticket=0; $port="443";
$rest_args=NULL; $ciphers=NULL;
$srp_username=NULL; $srp_passwd=NULL; $fmtder = 0; $starttls =0;
$debug = 0; $print_cert = 0; $verbose = 0; $psk_key = NULL;
$psk_username = NULL; $priorities = NULL;
- $opaque_prf_input = NULL; $pgp_subkey = NULL; }
+ $opaque_prf_input = NULL; $pgp_subkey = NULL; $rehandshake = 0; }
diff --git a/tests/Makefile.am b/tests/Makefile.am
index fd9899b..170526f 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -20,7 +20,7 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
SUBDIRS = . rsa-md5-collision pkcs1-padding pkcs8-decode pkcs12-decode \
- userid pathlen key-id sha2
+ userid pathlen key-id sha2 safe-renegotiation
if ENABLE_OPENPGP
SUBDIRS += openpgp-certs
diff --git a/tests/pkcs8-decode/Makefile.am
b/tests/safe-renegotiation/Makefile.am
similarity index 82%
copy from tests/pkcs8-decode/Makefile.am
copy to tests/safe-renegotiation/Makefile.am
index 4f29e5d..651c7e6 100644
--- a/tests/pkcs8-decode/Makefile.am
+++ b/tests/safe-renegotiation/Makefile.am
@@ -1,7 +1,5 @@
## Process this file with automake to produce Makefile.in
-# Copyright (C) 2006 Free Software Foundation
-#
-# Author: Simon Josefsson
+# Copyright (C) 2010 Free Software Foundation
#
# This file is part of GNUTLS.
#
@@ -19,8 +17,8 @@
# along with this file; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-EXTRA_DIST = encpkcs8.pem unencpkcs8.pem enc2pkcs8.pem
+EXTRA_DIST = params.dh
-dist_check_SCRIPTS = pkcs8
+dist_check_SCRIPTS = testsrn
+TESTS = testsrn
-TESTS = pkcs8
diff --git a/tests/safe-renegotiation/params.dh
b/tests/safe-renegotiation/params.dh
new file mode 100644
index 0000000..51185ec
--- /dev/null
+++ b/tests/safe-renegotiation/params.dh
@@ -0,0 +1,35 @@
+
+Generator: 05
+
+Prime: c9:e9:2d:fc:94:15:1a:10:4f:3c:b5:16
+ 7e:34:10:7d:eb:3d:d5:7d:61:ff:b0:ce
+ da:7f:6e:0c:ea:db:b4:87:f6:c6:34:a8
+ 3c:f8:84:52:14:59:ab:17:5c:d0:f0:86
+ c4:02:93:dc:09:83:57:16:98:21:d0:42
+ 8e:33:fc:48:69:e6:04:0d:4e:50:09:33
+ 2e:28:60:4f:05:08:7c:ce:2f:a6:1a:4c
+ 41:d1:a3:dd:f6:37:56:44:1d:b0:54:af
+ f7:4a:a0:c2:19:5d:ce:62:b0:7a:1b:e1
+ 5c:7f:bb:4d:7e:9e:28:48:00:a4:9a:86
+ 3e:6e:6e:9c:57:41:c7:ec:bf:7f:09:fc
+ da:25:c2:1e:e0:52:dc:65:8c:40:a3:6e
+ bd:99:4e:0b:1a:04:e0:23:20:46:5a:d0
+ 3f:b3:a4:d6:76:73:b7:cc:61:33:11:54
+ a6:32:ff:94:08:d5:66:36:fd:99:69:21
+ cc:28:5d:11:52:32:48:b6:a5:b5:c3:b0
+ 21:3f:f9:69:25:83:b1:3d:79:a6:ed:ae
+ db:95:62:fc:72:ca:ad:46:fc:b6:b1:ea
+ 98:68:97:ba:f2:54:aa:86:ed:62:b1:78
+ 5f:d5:19:80:ce:41:ee:98:a1:71:9f:fa
+ 5b:6b:d8:5e:7e:b3:18:0a:f0:4c:96:76
+ 6c:0c:b0:a3
+
+
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAyekt/JQVGhBPPLUWfjQQfes91X1h/7DO2n9uDOrbtIf2xjSoPPiE
+UhRZqxdc0PCGxAKT3AmDVxaYIdBCjjP8SGnmBA1OUAkzLihgTwUIfM4vphpMQdGj
+3fY3VkQdsFSv90qgwhldzmKwehvhXH+7TX6eKEgApJqGPm5unFdBx+y/fwn82iXC
+HuBS3GWMQKNuvZlOCxoE4CMgRlrQP7Ok1nZzt8xhMxFUpjL/lAjVZjb9mWkhzChd
+EVIySLaltcOwIT/5aSWDsT15pu2u25Vi/HLKrUb8trHqmGiXuvJUqobtYrF4X9UZ
+gM5B7pihcZ/6W2vYXn6zGArwTJZ2bAywowIBBQ==
+-----END DH PARAMETERS-----
diff --git a/tests/safe-renegotiation/testsrn b/tests/safe-renegotiation/testsrn
new file mode 100755
index 0000000..a926245
--- /dev/null
+++ b/tests/safe-renegotiation/testsrn
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+srcdir="${srcdir:-.}"
+SERV="${SERV:-../../src/gnutls-serv} -q"
+CLI="${CLI:-../../src/gnutls-cli}"
+PORT="${PORT:-5558}"
+unset RETCODE
+
+fail() {
+ echo "Failure: $1" >&2
+ RETCODE=${RETCODE:-${2:-1}}
+}
+
+echo "Checking Safe renegotiation"
+
+$SERV -p $PORT --echo --priority NORMAL:+ANON-DH --dhparams params.dh
>/dev/null 2>&1 &
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT localhost --rehandshake --priority NORMAL:+ANON-DH </dev/null
>/dev/null 2>&1 || \
+ fail "1. Safe rehandshake should have succeeded!"
+
+$CLI -p $PORT localhost --rehandshake --priority
NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail "2. Unsafe rehandshake should have succeeded!"
+
+$CLI -p $PORT localhost --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION
</dev/null >/dev/null 2>&1 || \
+ fail "3. Unsafe negotiation should have succeeded!"
+
+$CLI -p $PORT localhost --rehandshake --priority
NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+ fail "4. Unsafe renegotiation should have failed!"
+
+kill %1
+wait
+
+$SERV -p $PORT --echo --priority NORMAL:+ANON-DH:%INITIAL_SAFE_RENEGOTIATION
--dhparams params.dh >/dev/null 2>&1 &
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT localhost --rehandshake --priority NORMAL:+ANON-DH </dev/null
>/dev/null 2>&1 || \
+ fail "5. Safe rehandshake should have succeeded!"
+
+$CLI -p $PORT localhost --rehandshake --priority
NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail "6. Unsafe rehandshake should have succeeded!"
+
+$CLI -p $PORT localhost --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION
</dev/null >/dev/null 2>&1 && \
+ fail "7. Unsafe negotiation should have failed!"
+
+$CLI -p $PORT localhost --rehandshake --priority
NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+ fail "8. Unsafe renegotiation should have failed!"
+
+kill %1
+wait
+
+$SERV -p $PORT --echo --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION
--dhparams params.dh >/dev/null 2>&1 &
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT localhost --rehandshake --priority NORMAL:+ANON-DH </dev/null
>/dev/null 2>&1 && \
+ fail "9. Safe rehandshake should have failed!"
+
+$CLI -p $PORT localhost --rehandshake --priority
NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail "10. Unsafe rehandshake should have succeeded!"
+
+$CLI -p $PORT localhost --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION
</dev/null >/dev/null 2>&1 || \
+ fail "11. Unsafe negotiation should have succeeded!"
+
+$CLI -p $PORT localhost --rehandshake --priority
NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail "12. Unsafe renegotiation should have succeeded!"
+
+kill %1
+wait
+
+exit ${RETCODE:-0}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-58-g250e4dd,
Nikos Mavrogiannopoulos <=