[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-173-gebc0ed0
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-173-gebc0ed0 |
|
Date: |
Fri, 29 Jun 2012 14:40:44 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=ebc0ed0dbbea6926c9345653cf7d5ff4dbcc424f
The branch, master has been updated
via ebc0ed0dbbea6926c9345653cf7d5ff4dbcc424f (commit)
via 4ad2d65a531290119c6467c09683cb9678103207 (commit)
via 3889a91abe842c05c5e79c0650391b979bb99bc0 (commit)
from 43d5826b171937b9415501a5e227c8ec1d24bc71 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ebc0ed0dbbea6926c9345653cf7d5ff4dbcc424f
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jun 29 16:40:30 2012 +0200
cleaned up errno handling.
commit 4ad2d65a531290119c6467c09683cb9678103207
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jun 29 16:36:03 2012 +0200
Added Camellia-192-CBC algorithm identifier.
Based on patch by David Woodhouse.
commit 3889a91abe842c05c5e79c0650391b979bb99bc0
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jun 29 16:27:30 2012 +0200
Included more algorithms in openssl privkey decryption.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 1 +
lib/accelerated/cryptodev.c | 1 +
lib/algorithms/ciphers.c | 2 +
lib/gnutls_buffers.c | 55 ++++++++++++++++++++------------------
lib/includes/gnutls/gnutls.h.in | 2 +
lib/nettle/cipher.c | 3 ++
lib/x509/privkey_openssl.c | 45 ++++++++++++++++++++------------
7 files changed, 66 insertions(+), 43 deletions(-)
diff --git a/NEWS b/NEWS
index 9fb936a..40e3b00 100644
--- a/NEWS
+++ b/NEWS
@@ -43,6 +43,7 @@ by Alexandre Bique.
** API and ABI modifications:
GNUTLS_CERT_SIGNATURE_FAILURE: Added
+GNUTLS_CAMELLIA_192_CBC: Added
gnutls_privkey_import_pkcs11_url: Added
gnutls_privkey_import_openpgp_raw: Added
gnutls_privkey_import_x509_raw: Added
diff --git a/lib/accelerated/cryptodev.c b/lib/accelerated/cryptodev.c
index 8a239d3..822dc14 100644
--- a/lib/accelerated/cryptodev.c
+++ b/lib/accelerated/cryptodev.c
@@ -60,6 +60,7 @@ static const int gnutls_cipher_map[] = {
[GNUTLS_CIPHER_AES_256_CBC] = CRYPTO_AES_CBC,
[GNUTLS_CIPHER_3DES_CBC] = CRYPTO_3DES_CBC,
[GNUTLS_CIPHER_CAMELLIA_128_CBC] = CRYPTO_CAMELLIA_CBC,
+ [GNUTLS_CIPHER_CAMELLIA_192_CBC] = CRYPTO_CAMELLIA_CBC,
[GNUTLS_CIPHER_CAMELLIA_256_CBC] = CRYPTO_CAMELLIA_CBC,
[GNUTLS_CIPHER_DES_CBC] = CRYPTO_DES_CBC,
};
diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
index 7c88231..8e3399f 100644
--- a/lib/algorithms/ciphers.c
+++ b/lib/algorithms/ciphers.c
@@ -54,6 +54,8 @@ static const gnutls_cipher_entry algorithms[] = {
{"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0, 0},
{"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK,
16, 0, 0},
+ {"CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC, 16, 24, CIPHER_BLOCK,
+ 16, 0, 0},
{"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, CIPHER_BLOCK,
16, 0, 0},
{"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 0, 0},
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index cca3a18..5d1f3f5 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -155,6 +155,23 @@ int ret;
return ret;
}
+inline static
+int errno_to_gerr(int err)
+{
+ switch(err)
+ {
+ case EAGAIN:
+ return GNUTLS_E_AGAIN;
+ case EINTR:
+ return GNUTLS_E_INTERRUPTED;
+ case EMSGSIZE:
+ return GNUTLS_E_LARGE_PACKET;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_PUSH_ERROR;
+ }
+}
+
static ssize_t
_gnutls_dgram_read (gnutls_session_t session, mbuffer_st **bufel,
gnutls_pull_func pull_func)
@@ -186,20 +203,7 @@ _gnutls_dgram_read (gnutls_session_t session, mbuffer_st
**bufel,
_gnutls_read_log ("READ: %d returned from %p, errno=%d gerrno=%d\n",
(int) i, fd, errno, session->internals.errnum);
- switch(err)
- {
- case EAGAIN:
- ret = GNUTLS_E_AGAIN;
- goto cleanup;
- case EINTR:
- ret = GNUTLS_E_INTERRUPTED;
- goto cleanup;
- case EMSGSIZE:
- ret = GNUTLS_E_LARGE_PACKET;
- default:
- gnutls_assert ();
- ret = GNUTLS_E_PULL_ERROR;
- }
+ ret = errno_to_gerr(err);
goto cleanup;
}
else
@@ -271,9 +275,7 @@ _gnutls_stream_read (gnutls_session_t session, mbuffer_st
**bufel,
goto finish;
}
- if (err == EAGAIN)
- return GNUTLS_E_AGAIN;
- return GNUTLS_E_INTERRUPTED;
+ return errno_to_gerr(err);
}
else
{
@@ -346,6 +348,7 @@ _gnutls_writev_emu (gnutls_session_t session,
gnutls_transport_ptr_t fd, const g
return ret;
}
+
static ssize_t
_gnutls_writev (gnutls_session_t session, const giovec_t * giovec,
int giovec_cnt)
@@ -364,15 +367,8 @@ _gnutls_writev (gnutls_session_t session, const giovec_t *
giovec,
{
int err = get_errno (session);
_gnutls_debug_log ("errno: %d\n", err);
- if (err == EAGAIN)
- return GNUTLS_E_AGAIN;
- else if (err == EINTR)
- return GNUTLS_E_INTERRUPTED;
- else
- {
- gnutls_assert ();
- return GNUTLS_E_PUSH_ERROR;
- }
+
+ return errno_to_gerr(err);
}
return i;
}
@@ -590,6 +586,13 @@ _gnutls_io_write_flush (gnutls_session_t session)
(int) send_buffer->byte_length);
return ret;
}
+ else if (ret == GNUTLS_E_LARGE_PACKET)
+ {
+ _mbuffer_head_remove_bytes (send_buffer, tosend);
+ _gnutls_write_log ("WRITE cannot send large packet (%u bytes).\n",
+ (unsigned int) tosend);
+ return ret;
+ }
else
{
_gnutls_write_log ("WRITE error: code %d, %d bytes left.\n",
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index d0ff2d0..d27070f 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -76,6 +76,7 @@ extern "C"
* @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
* @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
* @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
+ * @GNUTLS_CIPHER_CAMELLIA_192_CBC: Camellia in CBC mode with 192-bit keys.
* @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
* @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
* @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
@@ -109,6 +110,7 @@ extern "C"
GNUTLS_CIPHER_AES_192_CBC = 92,
GNUTLS_CIPHER_AES_128_GCM = 93,
GNUTLS_CIPHER_AES_256_GCM = 94,
+ GNUTLS_CIPHER_CAMELLIA_192_CBC = 95,
/* used only for PGP internals. Ignored in TLS/SSL
*/
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index 1333cae..2a662c7 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -108,6 +108,7 @@ static int
wrap_nettle_cipher_exists(gnutls_cipher_algorithm_t algo)
case GNUTLS_CIPHER_AES_128_GCM:
case GNUTLS_CIPHER_AES_256_GCM:
case GNUTLS_CIPHER_CAMELLIA_128_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_192_CBC:
case GNUTLS_CIPHER_CAMELLIA_256_CBC:
case GNUTLS_CIPHER_AES_128_CBC:
case GNUTLS_CIPHER_AES_192_CBC:
@@ -151,6 +152,7 @@ wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo,
void **_ctx, int enc)
ctx->block_size = AES_BLOCK_SIZE;
break;
case GNUTLS_CIPHER_CAMELLIA_128_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_192_CBC:
case GNUTLS_CIPHER_CAMELLIA_256_CBC:
ctx->encrypt = cbc_encrypt;
ctx->decrypt = cbc_decrypt;
@@ -234,6 +236,7 @@ wrap_nettle_cipher_setkey (void *_ctx, const void *key,
size_t keysize)
aes_set_decrypt_key (ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_CAMELLIA_128_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_192_CBC:
case GNUTLS_CIPHER_CAMELLIA_256_CBC:
if (ctx->enc)
camellia_set_encrypt_key (ctx->ctx_ptr, keysize, key);
diff --git a/lib/x509/privkey_openssl.c b/lib/x509/privkey_openssl.c
index bbff8b2..1d95e5e 100644
--- a/lib/x509/privkey_openssl.c
+++ b/lib/x509/privkey_openssl.c
@@ -68,7 +68,7 @@ openssl_hash_password (const char *pass, gnutls_datum_t *
key, gnutls_datum_t *
if (err)
goto hash_err;
}
- err = gnutls_hash (hash, salt->data, salt->size);
+ err = gnutls_hash (hash, salt->data, 8);
if (err)
goto hash_err;
@@ -87,6 +87,20 @@ openssl_hash_password (const char *pass, gnutls_datum_t *
key, gnutls_datum_t *
return 0;
}
+static const struct pem_cipher {
+ const char *name;
+ gnutls_cipher_algorithm_t cipher;
+} pem_ciphers[] = {
+ { "DES-CBC", GNUTLS_CIPHER_DES_CBC },
+ { "DES-EDE3-CBC", GNUTLS_CIPHER_3DES_CBC },
+ { "AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC },
+ { "AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC },
+ { "AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC },
+ { "CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC },
+ { "CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC },
+ { "CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC },
+};
+
/**
* gnutls_x509_privkey_import_openssl:
* @key: The structure to store the parsed key
@@ -111,13 +125,13 @@ gnutls_x509_privkey_import_openssl (gnutls_x509_privkey_t
key,
const gnutls_datum_t *data,
gnutls_x509_crt_fmt_t format, const char* password)
{
gnutls_cipher_hd_t handle;
- gnutls_cipher_algorithm_t cipher;
+ gnutls_cipher_algorithm_t cipher = GNUTLS_CIPHER_UNKNOWN;
gnutls_datum_t b64_data;
gnutls_datum_t salt, enc_key;
unsigned char *key_data;
const char *pem_header = (void*)data->data;
int ret, err;
- unsigned int i, iv_size;
+ unsigned int i, iv_size, l;
pem_header = memmem(pem_header, data->size, "DEK-Info: ", 10);
if (pem_header == NULL)
@@ -128,22 +142,19 @@ gnutls_x509_privkey_import_openssl (gnutls_x509_privkey_t
key,
pem_header += 10;
- if (!strncmp (pem_header, "DES-EDE3-CBC,", 13))
+ for (i = 0; i < sizeof(pem_ciphers)/sizeof(pem_ciphers[0]); i++)
{
- pem_header += 13;
- cipher = GNUTLS_CIPHER_3DES_CBC;
- }
- else if (!strncmp (pem_header, "AES-128-CBC,", 12))
- {
- pem_header += 12;
- cipher = GNUTLS_CIPHER_AES_128_CBC;
- }
- else if (!strncmp (pem_header, "AES-256-CBC,", 12))
- {
- pem_header += 12;
- cipher = GNUTLS_CIPHER_AES_256_CBC;
+ l = strlen(pem_ciphers[i].name);
+ if (!strncmp(pem_header, pem_ciphers[i].name, l) &&
+ pem_header[l] == ',')
+ {
+ pem_header += l + 1;
+ cipher = pem_ciphers[i].cipher;
+ break;
+ }
}
- else
+
+ if (cipher == GNUTLS_CIPHER_UNKNOWN)
{
_gnutls_debug_log ("Unsupported PEM encryption type: %.10s\n",
pem_header);
gnutls_assert();
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-173-gebc0ed0,
Nikos Mavrogiannopoulos <=