[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_2-103-g27a424c
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_2-103-g27a424c |
Date: |
Thu, 16 Jun 2011 18:50:49 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=27a424cf6668b61c8c92ed88d5331b3010be3374
The branch, master has been updated
via 27a424cf6668b61c8c92ed88d5331b3010be3374 (commit)
via 5f3469e81fa14108c5e5acfd7015156603a97fbd (commit)
via 74aa94137cc28a8906e29037279c52f8a46ca716 (commit)
via 923451d4270fc1a2b678d21fa3c1f432f807f48d (commit)
via 774369a90aed872ea37b493cb3724cddcfef3f22 (commit)
via 86a1c9f6a600eeb2e53b43ee13069f7a48e60139 (commit)
via 6098943e5bb4abb1e61682575d998887287c9fd1 (commit)
via e6fb86567b1c73d90aa76e676b2a8be65e741509 (commit)
via 40b105ada8311aa3fd1820e6e118d2c81893077f (commit)
from 9a64508cbdf354bef5616e17dfb7744c895d5f04 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 27a424cf6668b61c8c92ed88d5331b3010be3374
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jun 16 20:50:45 2011 +0200
updated
commit 5f3469e81fa14108c5e5acfd7015156603a97fbd
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jun 16 20:44:19 2011 +0200
removed unneeded test.
commit 74aa94137cc28a8906e29037279c52f8a46ca716
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jun 16 20:42:11 2011 +0200
Enforce the GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO even if
GNUTLS_PKCS11_OBJ_FLAG_LOGIN is specified.
commit 923451d4270fc1a2b678d21fa3c1f432f807f48d
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jun 16 20:39:52 2011 +0200
Use common code for PKCS #11 callbacks across clients.
Require SO login to write a trusted object.
commit 774369a90aed872ea37b493cb3724cddcfef3f22
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jun 16 20:19:30 2011 +0200
bit fields changed to unsigned.
commit 86a1c9f6a600eeb2e53b43ee13069f7a48e60139
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jun 16 20:13:55 2011 +0200
Moved null check before initialization.
commit 6098943e5bb4abb1e61682575d998887287c9fd1
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jun 16 20:09:43 2011 +0200
removed unreachable code warning
commit e6fb86567b1c73d90aa76e676b2a8be65e741509
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jun 16 20:07:39 2011 +0200
eliminated wipemem().
commit 40b105ada8311aa3fd1820e6e118d2c81893077f
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jun 16 20:02:27 2011 +0200
corrected uninitialized variable warning.
-----------------------------------------------------------------------
Summary of changes:
THANKS | 1 +
lib/algorithms/ciphersuites.c | 2 +-
lib/ext/safe_renegotiation.h | 6 ++--
lib/gnutls_pk.c | 2 +-
lib/gnutls_pubkey.c | 4 +-
lib/opencdk/hash.c | 2 +-
lib/opencdk/keydb.c | 2 -
lib/opencdk/main.h | 11 ------
lib/opencdk/stream.c | 4 +-
lib/opencdk/write-packet.c | 2 +-
lib/pkcs11.c | 2 +-
lib/x509/privkey.c | 4 +--
src/Makefile.am | 2 +-
src/p11common.c | 12 +++++--
src/pkcs11.c | 73 ++--------------------------------------
15 files changed, 28 insertions(+), 101 deletions(-)
diff --git a/THANKS b/THANKS
index c01a0ed..fb3c6c4 100644
--- a/THANKS
+++ b/THANKS
@@ -114,6 +114,7 @@ Mark Brand <mabrand [at] mabrand.nl>
Vitaly Kruglikov <vitaly.kruglikov [at] palm.com>
Kalle Olavi Niemitalo <kon [at] iki.fi>
Dash Shendy <admin [at] dash.za.net>
+Rickard Bellgrim <rickard [at] opendnssec.org>
----------------------------------------------------------------------
Copying and distribution of this file, with or without modification,
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index 3946cb7..8245fca 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -52,7 +52,7 @@ typedef struct
* from 'version' and above;
*/
gnutls_protocol_t max_version; /* this cipher suite is not supported
after that */
- int dtls:1; /* whether this ciphersuite is valid in DTLS */
+ unsigned int dtls:1; /* whether this ciphersuite is valid in DTLS */
gnutls_mac_algorithm_t prf;
} gnutls_cipher_suite_entry;
diff --git a/lib/ext/safe_renegotiation.h b/lib/ext/safe_renegotiation.h
index 4cef706..e87134b 100644
--- a/lib/ext/safe_renegotiation.h
+++ b/lib/ext/safe_renegotiation.h
@@ -36,9 +36,9 @@ typedef struct
uint8_t ri_extension_data[MAX_VERIFY_DATA_SIZE * 2]; /* max signal is 72
bytes in s->c sslv3 */
size_t ri_extension_data_len;
- int safe_renegotiation_received:1;
- int initial_negotiation_completed:1;
- int connection_using_safe_renegotiation:1;
+ unsigned int safe_renegotiation_received:1;
+ unsigned int initial_negotiation_completed:1;
+ unsigned int connection_using_safe_renegotiation:1;
} sr_ext_st;
extern extension_entry_st ext_mod_sr;
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index fa72e13..554554f 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -296,7 +296,6 @@ _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext,
_gnutls_free_datum (plaintext);
break;
}
- i++;
if (ret < 0)
{
@@ -305,6 +304,7 @@ _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext,
return GNUTLS_E_DECRYPTION_FAILED;
}
+ i++;
memmove (plaintext->data, &plaintext->data[i], esize - i);
plaintext->size = esize - i;
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index 2a09808..d6beab3 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -1045,14 +1045,14 @@ gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key,
{
size_t siz = 0;
- gnutls_pk_params_init(&key->params);
-
if (key == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
+ gnutls_pk_params_init(&key->params);
+
siz = p->size;
if (_gnutls_mpi_scan_nz (&key->params.params[0], p->data, siz))
{
diff --git a/lib/opencdk/hash.c b/lib/opencdk/hash.c
index 349845d..2e71c7d 100644
--- a/lib/opencdk/hash.c
+++ b/lib/opencdk/hash.c
@@ -68,7 +68,7 @@ hash_encode (void *data, FILE * in, FILE * out)
_gnutls_hash (&mfx->md, buf, nread);
}
- wipemem (buf, sizeof (buf));
+ memset (buf, 0, sizeof (buf));
return 0;
}
diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c
index 5be3129..6dabf93 100644
--- a/lib/opencdk/keydb.c
+++ b/lib/opencdk/keydb.c
@@ -408,8 +408,6 @@ cdk_keydb_new (cdk_keydb_hd_t * r_hd, int type, void *data,
size_t count)
gnutls_assert ();
return CDK_Inv_Mode;
}
- gnutls_assert ();
- return CDK_Inv_Mode;
}
diff --git a/lib/opencdk/main.h b/lib/opencdk/main.h
index 8b785f9..37cc64d 100644
--- a/lib/opencdk/main.h
+++ b/lib/opencdk/main.h
@@ -77,17 +77,6 @@ cdk_error_t map_gnutls_error (int err);
#define KEY_CAN_SIGN(a) ((_cdk_pk_algo_usage ((a))) & CDK_KEY_USG_SIGN)
#define KEY_CAN_AUTH(a) ((_cdk_pk_algo_usage ((a))) & CDK_KEY_USG_AUTH)
-/* Helper macro to make sure the buffer is overwritten. */
-#define wipemem(_ptr,_len) do { \
- volatile char *_vptr = (volatile char *)(_ptr); \
- size_t _vlen = (_len); \
- while (_vlen) \
- { \
- *_vptr = 0; \
- _vptr++; \
- _vlen--; \
- } } while (0)
-
/*-- armor.c --*/
const char *_cdk_armor_get_lineend (void);
diff --git a/lib/opencdk/stream.c b/lib/opencdk/stream.c
index a9e0af3..7e8d51e 100644
--- a/lib/opencdk/stream.c
+++ b/lib/opencdk/stream.c
@@ -1376,7 +1376,7 @@ stream_cache_flush (cdk_stream_t s, FILE * fp)
}
s->cache.size = 0;
s->cache.on = 0;
- wipemem (s->cache.buf, s->cache.alloced);
+ memset (s->cache.buf, 0, s->cache.alloced);
}
return 0;
}
@@ -1416,7 +1416,7 @@ cdk_stream_kick_off (cdk_stream_t inp, cdk_stream_t out)
}
}
- wipemem (buf, sizeof (buf));
+ memset (buf, 0, sizeof (buf));
return rc;
}
diff --git a/lib/opencdk/write-packet.c b/lib/opencdk/write-packet.c
index 12f432e..e8ef87b 100644
--- a/lib/opencdk/write-packet.c
+++ b/lib/opencdk/write-packet.c
@@ -683,7 +683,7 @@ write_literal (cdk_stream_t out, cdk_pkt_literal_t pt, int
old_ctb)
rc = stream_write (out, buf, size);
}
- wipemem (buf, sizeof (buf));
+ memset (buf, 0, sizeof (buf));
return rc;
}
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 3e030a4..41126dd 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -1396,7 +1396,7 @@ pkcs11_obj_flags_to_int (unsigned int flags)
if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN)
ret_flags |= SESSION_LOGIN;
- else if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO)
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO)
ret_flags |= SESSION_LOGIN|SESSION_SO;
return ret_flags;
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 99f626f..5e461a9 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -629,15 +629,13 @@ gnutls_x509_privkey_import_rsa_raw2
(gnutls_x509_privkey_t key,
int ret;
size_t siz = 0;
- gnutls_pk_params_init(&key->params);
-
if (key == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
- key->params.params_nr = 0;
+ gnutls_pk_params_init(&key->params);
siz = m->size;
if (_gnutls_mpi_scan_nz (&key->params.params[0], m->data, siz))
diff --git a/src/Makefile.am b/src/Makefile.am
index 316389f..80b0a0f 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -123,7 +123,7 @@ libcmd_certtool_la_LIBADD += ../gl/libgnu.la
$(INET_PTON_LIB)
if ENABLE_PKCS11
p11tool_gaa_CFLAGS =
-p11tool_SOURCES = p11tool.gaa p11tool.c pkcs11.c certtool-common.c p11tool.h
+p11tool_SOURCES = p11tool.gaa p11tool.c pkcs11.c certtool-common.c p11tool.h
$(PKCS11_SRCS)
p11tool_LDADD = ../lib/libgnutls.la
p11tool_LDADD += libcmd-p11tool.la ../gl/libgnu.la
p11tool_LDADD += $(LTLIBGCRYPT)
diff --git a/src/p11common.c b/src/p11common.c
index 799f866..c866a52 100644
--- a/src/p11common.c
+++ b/src/p11common.c
@@ -36,11 +36,17 @@ pin_callback (void *user, int attempt, const char
*token_url,
size_t pin_max)
{
const char *password;
+ const char * desc;
int len, cache = 1;
/* allow caching of PIN */
static char *cached_url = NULL;
static char cached_pin[32] = "";
+ if (flags & GNUTLS_PKCS11_PIN_SO)
+ desc = "security officer";
+ else
+ desc = "user";
+
if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY)
{
cache = 0;
@@ -67,10 +73,10 @@ pin_callback (void *user, int attempt, const char
*token_url,
}
}
- printf ("PIN required for token '%s' with URL '%s'\n", token_label,
- token_url);
+ printf ("Token '%s' with URL '%s' ", token_label, token_url);
+ printf ("requires %s PIN\n", desc);
- password = getpass ("Enter pin: ");
+ password = getpass ("Enter PIN: ");
if (password == NULL || password[0] == 0)
{
fprintf (stderr, "No password given\n");
diff --git a/src/pkcs11.c b/src/pkcs11.c
index dafabe3..2534106 100644
--- a/src/pkcs11.c
+++ b/src/pkcs11.c
@@ -32,68 +32,7 @@
#include "certtool-common.h"
#include <unistd.h>
#include <string.h>
-
-#define MIN(x,y) ((x)<(y))?(x):(y)
-
-static int
-pin_callback (void *user, int attempt, const char *token_url,
- const char *token_label, unsigned int flags, char *pin,
- size_t pin_max)
-{
- const char *password;
- int len;
-/* allow caching of PIN */
- static char *cached_url = NULL;
- static char cached_pin[32] = "";
-
- printf ("PIN required for token '%s' with URL '%s'\n", token_label,
- token_url);
- if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY)
- printf ("*** This is the final try before locking!\n");
- if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW)
- printf ("*** Only few tries left before locking!\n");
-
- if (flags == 0 && cached_url != NULL)
- {
- if (strcmp (cached_url, token_url) == 0)
- {
- strcpy (pin, cached_pin);
- return 0;
- }
- }
-
- password = getpass ("Enter PIN: ");
- if (password == NULL || password[0] == 0)
- {
- fprintf (stderr, "No PIN given\n");
- exit (1);
- }
-
- len = MIN (pin_max, strlen (password));
- memcpy (pin, password, len);
- pin[len] = 0;
-
- /* cache */
- if (strlen(pin) >= sizeof(cached_pin))
- {
- fprintf (stderr, "Too long PIN given\n");
- exit (1);
- }
-
- strcpy (cached_pin, pin);
- free (cached_url);
- cached_url = strdup (token_url);
-
- return 0;
-}
-
-static void
-pkcs11_common (void)
-{
-
- gnutls_pkcs11_set_pin_function (pin_callback, NULL);
-
-}
+#include <p11common.h>
void
pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login,
@@ -145,12 +84,7 @@ pkcs11_list (FILE * outfile, const char *url, int type,
unsigned int login,
unsigned int obj_flags = 0;
if (login)
- {
- if (type == PKCS11_TYPE_TRUSTED)
- obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO;
- else
- obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
- }
+ obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
pkcs11_common ();
@@ -567,7 +501,8 @@ pkcs11_write (FILE * outfile, const char *url, const char
*label, int trusted,
if (xcrt != NULL)
{
if (trusted)
- flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED;
+ flags |=
GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO;
+
ret = gnutls_pkcs11_copy_x509_crt (url, xcrt, label, flags);
if (ret < 0)
{
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_99_2-103-g27a424c,
Nikos Mavrogiannopoulos <=