[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-68-g2cc740e
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-68-g2cc740e |
|
Date: |
Sat, 15 Sep 2012 11:43:41 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=2cc740eb52abac318176c49f8e8358666c8457cd
The branch, master has been updated
via 2cc740eb52abac318176c49f8e8358666c8457cd (commit)
via ee0db686e1d6fbe944b703872a600f29826941bc (commit)
from 155bb9fac75701776f277f9b3de317243f576312 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2cc740eb52abac318176c49f8e8358666c8457cd
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Sep 15 13:43:28 2012 +0200
mingw32 support. Based on patch by LRN.
commit ee0db686e1d6fbe944b703872a600f29826941bc
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Sep 15 12:25:45 2012 +0200
Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init().
-----------------------------------------------------------------------
Summary of changes:
doc/cha-intro-tls.texi | 4 ++-
lib/gnutls_cipher.c | 3 +-
lib/gnutls_compress.c | 13 ++++++++-
lib/gnutls_compress.h | 2 +-
lib/gnutls_global.c | 8 ++++++
lib/gnutls_int.h | 4 ++-
lib/gnutls_state.c | 6 ++++-
lib/includes/gnutls/gnutls.h.in | 3 +-
lib/system.c | 50 ++++++++++++++++++++++++++++++++------
lib/system.h | 3 ++
10 files changed, 80 insertions(+), 16 deletions(-)
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index 07ba897..e68058a 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -189,7 +189,9 @@ on @xcite{RFC3749}. The supported algorithms are shown
below.
@showenumdesc{gnutls_compression_method_t,Supported compression algorithms}
Note that compression enables attacks such as traffic analysis, or even
-plaintext recovery under certain circumstances.
+plaintext recovery under certain circumstances. To avoid some of these
+attacks GnuTLS allows each record to be compressed independently (i.e.,
+stateless compression), by using a flag to @funcref{gnutls_init}.
@node Weaknesses and countermeasures
@subsection Weaknesses and countermeasures
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index e791003..5266fbe 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -104,7 +104,8 @@ _gnutls_encrypt (gnutls_session_t session, const uint8_t *
headers,
if (comp.data == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- ret = _gnutls_compress( ¶ms->write.compression_state, data,
data_size, comp.data, comp.size);
+ ret = _gnutls_compress(¶ms->write.compression_state, data,
data_size,
+ comp.data, comp.size,
session->internals.stateless_compression);
if (ret < 0)
{
gnutls_free(comp.data);
diff --git a/lib/gnutls_compress.c b/lib/gnutls_compress.c
index 01728ca..9d4380a 100644
--- a/lib/gnutls_compress.c
+++ b/lib/gnutls_compress.c
@@ -330,7 +330,7 @@ _gnutls_comp_deinit (comp_hd_st* handle, int d)
int
_gnutls_compress (comp_hd_st *handle, const uint8_t * plain,
size_t plain_size, uint8_t * compressed,
- size_t max_comp_size)
+ size_t max_comp_size, unsigned int stateless)
{
int compressed_size = GNUTLS_E_COMPRESSION_FAILED;
@@ -349,6 +349,15 @@ _gnutls_compress (comp_hd_st *handle, const uint8_t *
plain,
{
z_stream *zhandle;
int err;
+ int type;
+
+ if (stateless)
+ {
+fprintf(stderr, "FULL FLUSH\n");
+ type = Z_FULL_FLUSH;
+ }
+ else
+ type = Z_SYNC_FLUSH;
zhandle = handle->handle;
@@ -357,7 +366,7 @@ _gnutls_compress (comp_hd_st *handle, const uint8_t * plain,
zhandle->next_out = (Bytef *) compressed;
zhandle->avail_out = max_comp_size;
- err = deflate (zhandle, Z_SYNC_FLUSH);
+ err = deflate (zhandle, type);
if (err != Z_OK || zhandle->avail_in != 0)
return gnutls_assert_val(GNUTLS_E_COMPRESSION_FAILED);
diff --git a/lib/gnutls_compress.h b/lib/gnutls_compress.h
index 151e54f..938c2eb 100644
--- a/lib/gnutls_compress.h
+++ b/lib/gnutls_compress.h
@@ -48,7 +48,7 @@ int _gnutls_decompress (comp_hd_st* handle, uint8_t *
compressed,
size_t compressed_size, uint8_t * plain,
size_t max_plain_size);
int _gnutls_compress (comp_hd_st*, const uint8_t * plain, size_t plain_size,
- uint8_t * compressed, size_t max_comp_size);
+ uint8_t * compressed, size_t max_comp_size, unsigned int
stateless);
struct gnutls_compression_entry
{
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index 8b84f46..4c9eabf 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -270,6 +270,13 @@ gnutls_global_init (void)
goto out;
}
+ result = gnutls_system_global_init ();
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto out;
+ }
+
#ifdef ENABLE_PKCS11
gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
#endif
@@ -302,6 +309,7 @@ gnutls_global_deinit (void)
asn1_delete_structure (&_gnutls_pkix1_asn);
_gnutls_crypto_deregister ();
_gnutls_cryptodev_deinit ();
+ gnutls_system_global_deinit ();
#ifdef ENABLE_PKCS11
gnutls_pkcs11_deinit ();
#endif
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 8e1a811..7ec43af 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -881,6 +881,8 @@ typedef struct
/* if set it means that the master key was set using
* gnutls_session_set_master() rather than being negotiated. */
unsigned int premaster_set:1;
+ /* Whether stateless compression will be used */
+ unsigned int stateless_compression:1;
unsigned int cb_tls_unique_len;
unsigned char cb_tls_unique[MAX_VERIFY_DATA_SIZE];
@@ -889,7 +891,7 @@ typedef struct
unsigned int handshake_timeout_ms; /* timeout in milliseconds */
gnutls_buffer_st heartbeat_payload; /* store in-flight payload for heartbeat
extension*/
-
+
/* If you add anything here, check _gnutls_handshake_internal_state_clear().
*/
} internals_st;
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 349bfa1..26d0ed9 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -293,7 +293,8 @@ _gnutls_handshake_internal_state_clear (gnutls_session_t
session)
* @flags can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER. For a DTLS
* entity, the flags %GNUTLS_DATAGRAM and %GNUTLS_NONBLOCK are
* also available. The latter flag will enable a non-blocking
- * operation of the DTLS timers.
+ * operation of the DTLS timers. The flag %GNUTLS_STATELESS_COMPRESSION
+ * would disable keeping state across records when compressing.
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
@@ -393,6 +394,9 @@ gnutls_init (gnutls_session_t * session, unsigned int flags)
else
(*session)->internals.transport = GNUTLS_STREAM;
+ if (flags & GNUTLS_STATELESS_COMPRESSION)
+ (*session)->internals.stateless_compression = 1;
+
if (flags & GNUTLS_NONBLOCK)
(*session)->internals.dtls.blocking = 0;
else
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 53cdfa9..52bd311 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -295,13 +295,14 @@ extern "C"
* @GNUTLS_CLIENT: Connection end is a client.
* @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS).
* @GNUTLS_NONBLOCK: Connection should not block (DTLS).
+ * @GNUTLS_STATELESS_COMPRESSION: Compression will be applied independently
on each record.
*
- * Enumeration of different TLS connection end types.
*/
#define GNUTLS_SERVER 1
#define GNUTLS_CLIENT (1<<1)
#define GNUTLS_DATAGRAM (1<<2)
#define GNUTLS_NONBLOCK (1<<3)
+#define GNUTLS_STATELESS_COMPRESSION (1<<4)
/**
* gnutls_alert_level_t:
diff --git a/lib/system.c b/lib/system.c
index 067f189..b22e07d 100644
--- a/lib/system.c
+++ b/lib/system.c
@@ -31,6 +31,11 @@
#ifdef _WIN32
# include <windows.h>
# include <wincrypt.h>
+# if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION
<= 3 && __MINGW32_MINOR_VERSION <= 20
+typedef PCCRL_CONTEXT WINAPI (*Type_CertEnumCRLsInStore) (HCERTSTORE
hCertStore, PCCRL_CONTEXT pPrevCrlContext);
+static Type_CertEnumCRLsInStore Loaded_CertEnumCRLsInStore;
+static HMODULE Crypt32_dll;
+# endif
#else
# ifdef HAVE_PTHREAD_LOCKS
@@ -51,10 +56,7 @@
/* System specific function wrappers.
*/
-/* wrappers for write() and writev()
- */
#ifdef _WIN32
-
int
system_errno (gnutls_transport_ptr p)
{
@@ -150,9 +152,6 @@ int fd = GNUTLS_POINTER_TO_INT(ptr);
/* Thread stuff */
#ifdef HAVE_WIN32_LOCKS
-
-
-/* FIXME: win32 locks are untested */
static int
gnutls_system_mutex_init (void **priv)
{
@@ -285,6 +284,41 @@ mutex_deinit_func gnutls_mutex_deinit =
gnutls_system_mutex_deinit;
mutex_lock_func gnutls_mutex_lock = gnutls_system_mutex_lock;
mutex_unlock_func gnutls_mutex_unlock = gnutls_system_mutex_unlock;
+int
+gnutls_system_global_init ()
+{
+#ifdef _WIN32
+# if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION
<= 3 && __MINGW32_MINOR_VERSION <= 20
+ HMODULE crypto;
+ crypto = LoadLibraryA ("Crypt32.dll");
+
+ if (crypto == NULL)
+ return GNUTLS_E_CRYPTO_INIT_FAILED;
+
+ Loaded_CertEnumCRLsInStore = (Type_CertEnumCRLsInStore) GetProcAddress
(crypto, "CertEnumCRLsInStore");
+ if (Loaded_CertEnumCRLsInStore == NULL)
+ {
+ FreeLibrary (crypto);
+ return GNUTLS_E_CRYPTO_INIT_FAILED;
+ }
+
+ Crypt32_dll = crypto;
+# endif
+#endif
+ return 0;
+}
+
+void
+gnutls_system_global_deinit ()
+{
+#ifdef _WIN32
+# if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION
<= 3 && __MINGW32_MINOR_VERSION <= 20
+ FreeLibrary (Crypt32_dll);
+# endif
+#endif
+}
+
+
#define CONFIG_PATH ".gnutls"
/* Returns a path to store user-specific configuration
@@ -392,7 +426,7 @@
gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
if (store == NULL) return GNUTLS_E_FILE_ERROR;
cert = CertEnumCertificatesInStore(store, NULL);
- crl = CertEnumCRLsInStore(store, NULL);
+ crl = Loaded_CertEnumCRLsInStore(store, NULL);
while(cert != NULL)
{
@@ -414,7 +448,7 @@
gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
data.size = crl->cbCrlEncoded;
gnutls_x509_trust_list_add_trust_mem(list, NULL, &data,
GNUTLS_X509_FMT_DER, tl_flags, tl_vflags);
}
- crl = CertEnumCRLsInStore(store, crl);
+ crl = Loaded_CertEnumCRLsInStore(store, crl);
}
CertCloseStore(store, 0);
}
diff --git a/lib/system.h b/lib/system.h
index 0178bd5..0afbdd2 100644
--- a/lib/system.h
+++ b/lib/system.h
@@ -71,4 +71,7 @@ struct timespec ts;
int _gnutls_find_config_path(char* path, size_t max_size);
+int gnutls_system_global_init ();
+void gnutls_system_global_deinit ();
+
#endif /* SYSTEM_H */
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-68-g2cc740e,
Nikos Mavrogiannopoulos <=