[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-121-g7808494
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-121-g7808494 |
|
Date: |
Sat, 22 Sep 2012 12:14:33 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=78084940d8bcb03216e92096fcde4738101e8417
The branch, master has been updated
via 78084940d8bcb03216e92096fcde4738101e8417 (commit)
via b20dbf3c15968c670e61eea319794e0abad0dbc1 (commit)
from 6aca5dd7b7adb29d94114cbc0d575cb83a181ddd (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 78084940d8bcb03216e92096fcde4738101e8417
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Sep 22 14:09:49 2012 +0200
doc updates
commit b20dbf3c15968c670e61eea319794e0abad0dbc1
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Sep 22 14:09:25 2012 +0200
Added a test of heartbeat ping exchange.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 2 +-
lib/x509/verify-high.c | 4 +-
tests/Makefile.am | 3 +-
tests/mini-dtls-heartbeat.c | 376 +++++++++++++++++++++++++++++++++++++++++++
4 files changed, 382 insertions(+), 3 deletions(-)
create mode 100644 tests/mini-dtls-heartbeat.c
diff --git a/NEWS b/NEWS
index 7146689..e929d78 100644
--- a/NEWS
+++ b/NEWS
@@ -31,7 +31,7 @@ key usage violation errors (they are far too common to
ignore).
** libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(),
which provides a tool to counter compression-related attacks where
-parts of the data are controlled by the attacker _and_ placed in
+parts of the data are controlled by the attacker _and_ are placed in
separate records (use with care - do not use compression if not sure).
** libgnutls: Depends on libtasn1 2.14 or later.
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index 36bf149..369e79e 100644
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -406,8 +406,10 @@ static int shorten_clist(gnutls_x509_trust_list_t list,
/* Takes a certificate list and orders it with subject, issuer order.
*
- * Returns the size of the ordered list (which is always less or
+ * *clist_size contains the size of the ordered list (which is always less or
* equal to the original).
+ *
+ * Returns the sorted list which may be the original clist.
*/
static gnutls_x509_crt_t* sort_clist(gnutls_x509_crt_t
sorted[DEFAULT_MAX_VERIFY_DEPTH],
gnutls_x509_crt_t * clist,
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 4aff7eb..b118dd4 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -69,7 +69,8 @@ ctests = mini-deflate simple gc set_pkcs12_cred certder
certuniqueid \
x509cert x509cert-tl infoaccess rsa-encrypt-decrypt \
mini-loss-time mini-tdb mini-dtls-rehandshake mini-record \
mini-termination mini-x509-cas mini-x509-2 pkcs12_simple \
- mini-emsgsize-dtls mini-handshake-timeout chainverify-unsorted
+ mini-emsgsize-dtls mini-handshake-timeout chainverify-unsorted \
+ mini-dtls-heartbeat
if ENABLE_OCSP
ctests += ocsp
diff --git a/tests/mini-dtls-heartbeat.c b/tests/mini-dtls-heartbeat.c
new file mode 100644
index 0000000..1d502f9
--- /dev/null
+++ b/tests/mini-dtls-heartbeat.c
@@ -0,0 +1,376 @@
+/*
+ * Copyright (C) 2012 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#if defined(_WIN32)
+
+int
+main ()
+{
+ exit (77);
+}
+
+#else
+
+#include <string.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <arpa/inet.h>
+#include <unistd.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/dtls.h>
+
+#include "utils.h"
+
+static void terminate (void);
+
+/* This program tests the rehandshake in DTLS
+ */
+
+static void
+server_log_func (int level, const char *str)
+{
+ fprintf (stderr, "server|<%d>| %s", level, str);
+}
+
+static void
+client_log_func (int level, const char *str)
+{
+ fprintf (stderr, "client|<%d>| %s", level, str);
+}
+
+/* These are global */
+static pid_t child;
+
+/* A very basic DTLS client, with anonymous authentication, that exchanges
heartbeats.
+ */
+
+#define MAX_BUF 1024
+
+
+static void
+client (int fd, int server_init)
+{
+ gnutls_session_t session;
+ int ret, ret2;
+ char buffer[MAX_BUF + 1];
+ gnutls_anon_client_credentials_t anoncred;
+ /* Need to enable anonymous KX specifically. */
+
+ gnutls_global_init ();
+
+ if (debug)
+ {
+ gnutls_global_set_log_function (client_log_func);
+ gnutls_global_set_log_level (4711);
+ }
+
+ gnutls_anon_allocate_client_credentials (&anoncred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init (&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
+ gnutls_heartbeat_enable (session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
+ gnutls_dtls_set_mtu (session, 1500);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct (session,
+
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd);
+
+ /* Perform the TLS handshake
+ */
+ do
+ {
+ ret = gnutls_handshake (session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
+
+ if (ret < 0)
+ {
+ fail ("client: Handshake failed\n");
+ gnutls_perror (ret);
+ exit (1);
+ }
+ else
+ {
+ if (debug)
+ success ("client: Handshake was completed\n");
+ }
+
+ if (debug)
+ success ("client: DTLS version is: %s\n",
+ gnutls_protocol_get_name (gnutls_protocol_get_version
+ (session)));
+
+ if (!server_init)
+ {
+ do
+ {
+ ret =
+ gnutls_record_recv (session, buffer, sizeof (buffer));
+
+ if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED)
+ {
+ if (debug)
+ success ("Ping received. Replying with pong.\n");
+ ret2 = gnutls_heartbeat_pong (session, 0);
+ if (ret2 < 0)
+ {
+ fail ("pong: %s\n", gnutls_strerror (ret));
+ terminate ();
+ }
+ }
+ }
+ while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED
+ || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
+ }
+ else
+ {
+ do
+ {
+ ret =
+ gnutls_heartbeat_ping (session, 256, 5,
+ GNUTLS_HEARTBEAT_WAIT);
+
+ if (debug)
+ success ("Ping sent.\n");
+ }
+ while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret < 0)
+ {
+ fail ("ping: %s\n", gnutls_strerror (ret));
+ terminate ();
+ }
+ }
+
+ gnutls_bye (session, GNUTLS_SHUT_WR);
+
+ end:
+
+ close (fd);
+
+ gnutls_deinit (session);
+
+ gnutls_anon_free_client_credentials (anoncred);
+
+ gnutls_global_deinit ();
+}
+
+
+
+static gnutls_session_t
+initialize_tls_session (void)
+{
+ gnutls_session_t session;
+
+ gnutls_init (&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
+ gnutls_heartbeat_enable (session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
+ gnutls_dtls_set_mtu (session, 1500);
+
+ /* avoid calling all the priority functions, since the defaults
+ * are adequate.
+ */
+ gnutls_priority_set_direct (session,
+
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+ NULL);
+
+ return session;
+}
+
+static void
+terminate (void)
+{
+ int status;
+
+ kill (child, SIGTERM);
+ wait (&status);
+ exit (1);
+}
+
+static void
+server (int fd, int server_init)
+{
+ int ret, ret2;
+ char buffer[MAX_BUF + 1];
+ gnutls_session_t session;
+ gnutls_anon_server_credentials_t anoncred;
+ /* this must be called once in the program
+ */
+ gnutls_global_init ();
+
+ if (debug)
+ {
+ gnutls_global_set_log_function (server_log_func);
+ gnutls_global_set_log_level (4711);
+ }
+
+ gnutls_anon_allocate_server_credentials (&anoncred);
+
+ session = initialize_tls_session ();
+ gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
+
+ gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd);
+
+ do
+ {
+ ret = gnutls_handshake (session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
+ if (ret < 0)
+ {
+ close (fd);
+ gnutls_deinit (session);
+ fail ("server: Handshake has failed (%s)\n\n",
+ gnutls_strerror (ret));
+ terminate ();
+ }
+ if (debug)
+ success ("server: Handshake was completed\n");
+
+ if (debug)
+ success ("server: TLS version is: %s\n",
+ gnutls_protocol_get_name (gnutls_protocol_get_version
+ (session)));
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ if (server_init)
+ {
+ do
+ {
+ ret =
+ gnutls_record_recv (session, buffer, sizeof (buffer));
+
+ if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED)
+ {
+ if (debug)
+ success ("Ping received. Replying with pong.\n");
+ ret2 = gnutls_heartbeat_pong (session, 0);
+ if (ret2 < 0)
+ {
+ fail ("pong: %s\n", gnutls_strerror (ret));
+ terminate ();
+ }
+ }
+ }
+ while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED
+ || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
+ }
+ else
+ {
+ do
+ {
+ ret =
+ gnutls_heartbeat_ping (session, 256, 5,
+ GNUTLS_HEARTBEAT_WAIT);
+
+ if (debug)
+ success ("Ping sent.\n");
+ }
+ while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret < 0)
+ {
+ fail ("ping: %s\n", gnutls_strerror (ret));
+ terminate ();
+ }
+ }
+
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye (session, GNUTLS_SHUT_WR);
+
+ close (fd);
+ gnutls_deinit (session);
+
+ gnutls_anon_free_server_credentials (anoncred);
+
+ gnutls_global_deinit ();
+
+ if (debug)
+ success ("server: finished\n");
+}
+
+static void
+start (int server_initiated)
+{
+ int fd[2];
+ int ret;
+
+ ret = socketpair (AF_UNIX, SOCK_DGRAM, 0, fd);
+ if (ret < 0)
+ {
+ perror ("socketpair");
+ exit (1);
+ }
+
+ child = fork ();
+ if (child < 0)
+ {
+ perror ("fork");
+ fail ("fork");
+ exit (1);
+ }
+
+ if (child)
+ {
+ int status;
+ /* parent */
+
+ server (fd[0], server_initiated);
+ wait (&status);
+ if (WEXITSTATUS (status) != 0)
+ fail ("Child died with status %d\n", WEXITSTATUS (status));
+ }
+ else
+ {
+ close (fd[0]);
+ client (fd[1], server_initiated);
+ exit (0);
+ }
+}
+
+void
+doit (void)
+{
+ start (0);
+ start (1);
+}
+
+#endif /* _WIN32 */
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-121-g7808494,
Nikos Mavrogiannopoulos <=