[SCM] GNU gnutls branch, master, updated. gnutls_3_0

gnutls-commit
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-186-g2277e84

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-186-g2277e84
Date:	Mon, 02 Jul 2012 17:46:52 +0000
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=2277e84484253cefb44b922d31f922971760a0e3

The branch, master has been updated
       via  2277e84484253cefb44b922d31f922971760a0e3 (commit)
       via  1fc1614eed1f0cfc1aeda1f41ee7ad6e705c0b78 (commit)
       via  a29d5a9c792440d48fd00171ac10264e32241a18 (commit)
       via  8972f5e9304e3683a777570857c88e00e5df03e4 (commit)
      from  4d36d74d99bfc0f12fcd34d093d3c035743e0038 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2277e84484253cefb44b922d31f922971760a0e3
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jul 2 19:46:36 2012 +0200

    Check for PEM headers before DEK-Info.

commit 1fc1614eed1f0cfc1aeda1f41ee7ad6e705c0b78
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jul 2 13:35:12 2012 +0200

    Handle EC DER keys.

commit a29d5a9c792440d48fd00171ac10264e32241a18
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jul 2 19:41:46 2012 +0200

    Added test application that tests GNUTLS_E_LARGE_PACKET and modifies the 
MTU size during handshake.

commit 8972f5e9304e3683a777570857c88e00e5df03e4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat Jun 30 18:54:13 2012 +0200

    added missing function

-----------------------------------------------------------------------

Summary of changes:
 .gitignore                                         |    1 +
 doc/Makefile.am                                    |    1 +
 lib/x509/privkey.c                                 |    7 ++-
 lib/x509/privkey_openssl.c                         |   18 ++++++-
 tests/Makefile.am                                  |    3 +-
 tests/eagain-common.h                              |   46 +++++++++++++++++
 tests/{mini-eagain-dtls.c => mini-emsgsize-dtls.c} |   53 ++++++++++++++++++-
 7 files changed, 122 insertions(+), 7 deletions(-)
 copy tests/{mini-eagain-dtls.c => mini-emsgsize-dtls.c} (76%)

diff --git a/.gitignore b/.gitignore
index 855e338..622cd82 100644
--- a/.gitignore
+++ b/.gitignore
@@ -498,6 +498,7 @@ tests/key-id/Makefile.in
 tests/libutils.la
 tests/mini
 tests/mini-loss
+tests/mini-emsgsize-dtls
 tests/mini-deflate
 tests/mini-eagain
 tests/mini-eagain-dtls
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 174b624..685d387 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -588,6 +588,7 @@ FUNCS += functions/gnutls_dtls_set_timeouts
 FUNCS += functions/gnutls_dtls_get_mtu
 FUNCS += functions/gnutls_dtls_get_data_mtu
 FUNCS += functions/gnutls_dtls_set_mtu
+FUNCS += functions/gnutls_dtls_set_data_mtu
 FUNCS += functions/gnutls_dtls_get_timeout
 FUNCS += functions/gnutls_dtls_cookie_send
 FUNCS += functions/gnutls_dtls_cookie_verify
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 51981ee..8c68ef2 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -524,7 +524,12 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
           key->pk_algorithm = GNUTLS_PK_DSA;
           key->key = decode_dsa_key (&_data, key);
           if (key->key == NULL)
-            gnutls_assert ();
+            {
+              key->pk_algorithm = GNUTLS_PK_EC;
+              key->key = _gnutls_privkey_decode_ecc_key (&_data, key);
+              if (key->key == NULL)
+                gnutls_assert ();
+            }
         }
     }
 
diff --git a/lib/x509/privkey_openssl.c b/lib/x509/privkey_openssl.c
index 1d95e5e..7db3cdd 100644
--- a/lib/x509/privkey_openssl.c
+++ b/lib/x509/privkey_openssl.c
@@ -130,16 +130,30 @@ gnutls_x509_privkey_import_openssl (gnutls_x509_privkey_t 
key,
   gnutls_datum_t salt, enc_key;
   unsigned char *key_data;
   const char *pem_header = (void*)data->data;
+  const char *pem_header_start = (void*)data->data;
+  ssize_t pem_header_size;
   int ret, err;
   unsigned int i, iv_size, l;
 
-  pem_header = memmem(pem_header, data->size, "DEK-Info: ", 10);
+  pem_header_size = data->size;
+
+  pem_header = memmem(pem_header, pem_header_size, "PRIVATE KEY---", 14);
+  if (pem_header == NULL)
+    {
+      gnutls_assert();
+      return GNUTLS_E_PARSING_ERROR;
+    }
+    
+  pem_header_size -= (ptrdiff_t)(pem_header-pem_header_start);
+
+  pem_header = memmem(pem_header, pem_header_size, "DEK-Info: ", 10);
   if (pem_header == NULL)
     {
       gnutls_assert();
       return GNUTLS_E_PARSING_ERROR;
     }
   
+  pem_header_size = data->size - (ptrdiff_t)(pem_header-pem_header_start) - 10;
   pem_header += 10;
 
   for (i = 0; i < sizeof(pem_ciphers)/sizeof(pem_ciphers[0]); i++) 
@@ -199,7 +213,7 @@ gnutls_x509_privkey_import_openssl (gnutls_x509_privkey_t 
key,
   while (*pem_header == '\n' || *pem_header == '\r')
     pem_header++;
 
-  ret = _gnutls_base64_decode((const void*)pem_header, data->size, &b64_data);
+  ret = _gnutls_base64_decode((const void*)pem_header, pem_header_size, 
&b64_data);
   if (ret < 0)
     {
       gnutls_assert();
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 70b343a..d997018 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -68,7 +68,8 @@ ctests = mini-deflate simple gc set_pkcs12_cred certder 
certuniqueid  \
         mini-rehandshake rng-fork mini-eagain-dtls resume-dtls \
         x509cert x509cert-tl infoaccess rsa-encrypt-decrypt \
         mini-loss-time mini-tdb mini-dtls-rehandshake mini-record \
-        mini-termination mini-x509-cas mini-x509-2 pkcs12_simple
+        mini-termination mini-x509-cas mini-x509-2 pkcs12_simple \
+        mini-emsgsize-dtls
 
 if ENABLE_OCSP
 ctests += ocsp
diff --git a/tests/eagain-common.h b/tests/eagain-common.h
index 7c21836..c9aa032 100644
--- a/tests/eagain-common.h
+++ b/tests/eagain-common.h
@@ -29,6 +29,46 @@ extern const char* side;
 #define HANDSHAKE(c, s) \
   HANDSHAKE_EXPECT(c,s,0,0)
 
+#define HANDSHAKE_DTLS_EXPECT(c, s, clierr, serverr) \
+  sret = cret = GNUTLS_E_LARGE_PACKET; \
+  do \
+    { \
+      if (cret == GNUTLS_E_LARGE_PACKET) \
+        { \
+          unsigned int mtu = gnutls_dtls_get_mtu(s); \
+          gnutls_dtls_set_mtu(s, mtu/2); \
+        } \
+      if (cret < 0 && gnutls_error_is_fatal(cret) == 0) \
+        { \
+          side = "client"; \
+          cret = gnutls_handshake (c); \
+        } \
+      if (sret == GNUTLS_E_LARGE_PACKET) \
+        { \
+          unsigned int mtu = gnutls_dtls_get_mtu(s); \
+          gnutls_dtls_set_mtu(s, mtu/2); \
+        } \
+      if (sret < 0 && gnutls_error_is_fatal(sret) == 0) \
+        { \
+          side = "server"; \
+          sret = gnutls_handshake (s); \
+        } \
+    } \
+  while (((gnutls_error_is_fatal(cret) == 0 && gnutls_error_is_fatal(sret) == 
0)) && (cret < 0 || sret < 0)); \
+  if (cret != clierr || sret != serverr) \
+    { \
+      fprintf(stderr, "client: %s\n", gnutls_strerror(cret)); \
+      fprintf(stderr, "server: %s\n", gnutls_strerror(sret)); \
+      fail("Handshake failed\n"); \
+      exit(1); \
+    }
+
+#define HANDSHAKE_DTLS(c, s) \
+  HANDSHAKE_DTLS_EXPECT(c,s,0,0)
+
+#define HANDSHAKE(c, s) \
+  HANDSHAKE_EXPECT(c,s,0,0)
+
 #define TRANSFER(c, s, msg, msglen, buf, buflen) \
   do \
     { \
@@ -119,6 +159,7 @@ static size_t to_client_len = 0;
 #define RETURN_RND_EAGAIN(session)
 #endif
 
+#ifndef IGNORE_PUSH
 static ssize_t
 client_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
 {
@@ -136,6 +177,8 @@ client_push (gnutls_transport_ptr_t tr, const void *data, 
size_t len)
   return len;
 }
 
+#endif
+
 static ssize_t
 client_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
 {
@@ -189,6 +232,7 @@ server_pull (gnutls_transport_ptr_t tr, void *data, size_t 
len)
   return len;
 }
 
+#ifndef IGNORE_PUSH
 static ssize_t
 server_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
 {
@@ -209,6 +253,8 @@ server_push (gnutls_transport_ptr_t tr, const void *data, 
size_t len)
   return len;
 }
 
+#endif
+
 /* inline is used to avoid a gcc warning if used in mini-eagain */
 inline static int server_pull_timeout_func(gnutls_transport_ptr_t ptr, 
unsigned int ms)
 {
diff --git a/tests/mini-eagain-dtls.c b/tests/mini-emsgsize-dtls.c
similarity index 76%
copy from tests/mini-eagain-dtls.c
copy to tests/mini-emsgsize-dtls.c
index f6f65e9..b27f8c7 100644
--- a/tests/mini-eagain-dtls.c
+++ b/tests/mini-emsgsize-dtls.c
@@ -29,9 +29,11 @@
 #include <string.h>
 #include <errno.h>
 #include <gnutls/gnutls.h>
+#include <gnutls/dtls.h>
 #include <gnutls/crypto.h>
 #include "utils.h"
 #define RANDOMIZE
+#define IGNORE_PUSH
 #include "eagain-common.h"
 
 const char* side = "";
@@ -47,6 +49,51 @@ static int handshake = 0;
 #define MAX_BUF 1024
 #define MSG "Hello TLS, and hi and how are you and more data here... and 
more... and even more and even more more data..."
 
+static ssize_t
+client_push_300 (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+  size_t newlen;
+  
+  if (len > 300)
+    {
+      gnutls_transport_set_errno ((gnutls_session_t)tr, EMSGSIZE);
+      return -1;
+    }
+
+  len = min(len, sizeof(to_server)-to_server_len);
+
+  newlen = to_server_len + len;
+  memcpy (to_server + to_server_len, data, len);
+  to_server_len = newlen;
+#ifdef EAGAIN_DEBUG
+  fprintf(stderr, "eagain: pushed %d bytes to server (avail: %d)\n", (int)len, 
(int)to_server_len);
+#endif
+  return len;
+}
+
+static ssize_t
+server_push_300 (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+  size_t newlen;
+
+  if (len > 300)
+    {
+      gnutls_transport_set_errno ((gnutls_session_t)tr, EMSGSIZE);
+      return -1;
+    }
+
+  len = min(len, sizeof(to_client)-to_client_len);
+
+  newlen = to_client_len + len;
+  memcpy (to_client + to_client_len, data, len);
+  to_client_len = newlen;
+#ifdef EAGAIN_DEBUG
+  fprintf(stderr, "eagain: pushed %d bytes to client (avail: %d)\n", (int)len, 
(int)to_client_len);
+#endif
+
+  return len;
+}
+
 void
 doit (void)
 {
@@ -81,7 +128,7 @@ doit (void)
     exit(1);
   gnutls_credentials_set (server, GNUTLS_CRD_ANON, s_anoncred);
   gnutls_dh_set_prime_bits (server, 1024);
-  gnutls_transport_set_push_function (server, server_push);
+  gnutls_transport_set_push_function (server, server_push_300);
   gnutls_transport_set_pull_function (server, server_pull);
   gnutls_transport_set_pull_timeout_function (server, 
server_pull_timeout_func);
   gnutls_transport_set_ptr (server, (gnutls_transport_ptr_t)server);
@@ -93,13 +140,13 @@ doit (void)
   if (cret < 0)
     exit(1);
   gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
-  gnutls_transport_set_push_function (client, client_push);
+  gnutls_transport_set_push_function (client, client_push_300);
   gnutls_transport_set_pull_function (client, client_pull);
   gnutls_transport_set_pull_timeout_function (client, 
client_pull_timeout_func);
   gnutls_transport_set_ptr (client, (gnutls_transport_ptr_t)client);
 
   handshake = 1;
-  HANDSHAKE(client, server);
+  HANDSHAKE_DTLS(client, server);
 
   handshake = 0;
   if (debug)


hooks/post-receive
-- 
GNU gnutls
[Prev in Thread]
Current Thread
[Next in Thread]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-186-g2277e84, Nikos Mavrogiannopoulos <=
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-188-ged3f249
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-188-ged3f249
Index(es):
- Date
- Thread