[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_23-8-g62208
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_23-8-g6220817 |
|
Date: |
Sat, 15 Sep 2012 18:27:07 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=6220817e240ae0da6821f14e8f85b61bfa8b2ee4
The branch, gnutls_3_0_x-2 has been updated
via 6220817e240ae0da6821f14e8f85b61bfa8b2ee4 (commit)
via 142c7b26f5b304032bfdd0b24583b9c04870f8b4 (commit)
via 880f2f951bd6e196debf09ba636729d612d411fb (commit)
via 1b81fafee31153ac2f59070fa6cda02f9721027e (commit)
from 6b085e750c3371e80604dfbd33bdd6b1b191c967 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6220817e240ae0da6821f14e8f85b61bfa8b2ee4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Sep 15 20:26:58 2012 +0200
documented update
commit 142c7b26f5b304032bfdd0b24583b9c04870f8b4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Sep 15 12:25:45 2012 +0200
Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init().
commit 880f2f951bd6e196debf09ba636729d612d411fb
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Sep 15 20:25:23 2012 +0200
documented update
commit 1b81fafee31153ac2f59070fa6cda02f9721027e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Sep 15 20:21:02 2012 +0200
Key usage violations are allowed when the COMPAT keyword is specified.
I've noticed in the SSL observatory data that most key usage bits in
a certificate are set randomly (e.g., there are DSA certificates marked
for encryption, and most RSA certificates marked for signature only are used
for encryption anyway). There is no point of being strict in such
environment.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 13 +++++++++++++
doc/cha-intro-tls.texi | 5 +++++
lib/gnutls_cipher.c | 3 ++-
lib/gnutls_compress.c | 13 +++++++++++--
lib/gnutls_compress.h | 2 +-
lib/gnutls_int.h | 3 +++
lib/gnutls_priority.c | 1 +
lib/gnutls_sig.c | 10 ++++++++--
lib/gnutls_state.c | 6 +++++-
lib/includes/gnutls/gnutls.h.in | 3 ++-
10 files changed, 51 insertions(+), 8 deletions(-)
diff --git a/NEWS b/NEWS
index cbef62e..69ef46a 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,19 @@ GnuTLS NEWS -- History of user-visible changes.
-*- outline -*-
Copyright (C) 2000-2012 Free Software Foundation, Inc.
See the end for copying conditions.
+* Version 3.0.24 (unreleased)
+
+** libgnutls: The %COMPAT keyword, if specified, will tolerate
+key usage violation errors (they are far too common to ignore).
+
+** libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(),
+which provides a tool to counter compression-related attacks where
+parts of the data are controlled by the attacker.
+
+** API and ABI modifications:
+No changes since last version.
+
+
* Version 3.0.23 (released 2012-09-02)
** gnutls-serv: Listens on IPv6. Patch by Bernhard R. Link.
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index 3ab1d65..8b06475 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -188,6 +188,11 @@ on @xcite{RFC3749}. The supported algorithms are shown
below.
@showenumdesc{gnutls_compression_method_t,Supported compression algorithms}
+Note that compression enables attacks such as traffic analysis, or even
+plaintext recovery under certain circumstances. To avoid some of these
+attacks GnuTLS allows each record to be compressed independently (i.e.,
+stateless compression), by using a flag to @funcref{gnutls_init}.
+
@node Weaknesses and countermeasures
@subsection Weaknesses and countermeasures
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 618aab2..73dc387 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -104,7 +104,8 @@ _gnutls_encrypt (gnutls_session_t session, const uint8_t *
headers,
if (comp.data == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- ret = _gnutls_compress( ¶ms->write.compression_state, data,
data_size, comp.data, comp.size);
+ ret = _gnutls_compress(¶ms->write.compression_state, data,
data_size,
+ comp.data, comp.size,
session->internals.stateless_compression);
if (ret < 0)
{
gnutls_free(comp.data);
diff --git a/lib/gnutls_compress.c b/lib/gnutls_compress.c
index 01728ca..9d4380a 100644
--- a/lib/gnutls_compress.c
+++ b/lib/gnutls_compress.c
@@ -330,7 +330,7 @@ _gnutls_comp_deinit (comp_hd_st* handle, int d)
int
_gnutls_compress (comp_hd_st *handle, const uint8_t * plain,
size_t plain_size, uint8_t * compressed,
- size_t max_comp_size)
+ size_t max_comp_size, unsigned int stateless)
{
int compressed_size = GNUTLS_E_COMPRESSION_FAILED;
@@ -349,6 +349,15 @@ _gnutls_compress (comp_hd_st *handle, const uint8_t *
plain,
{
z_stream *zhandle;
int err;
+ int type;
+
+ if (stateless)
+ {
+fprintf(stderr, "FULL FLUSH\n");
+ type = Z_FULL_FLUSH;
+ }
+ else
+ type = Z_SYNC_FLUSH;
zhandle = handle->handle;
@@ -357,7 +366,7 @@ _gnutls_compress (comp_hd_st *handle, const uint8_t * plain,
zhandle->next_out = (Bytef *) compressed;
zhandle->avail_out = max_comp_size;
- err = deflate (zhandle, Z_SYNC_FLUSH);
+ err = deflate (zhandle, type);
if (err != Z_OK || zhandle->avail_in != 0)
return gnutls_assert_val(GNUTLS_E_COMPRESSION_FAILED);
diff --git a/lib/gnutls_compress.h b/lib/gnutls_compress.h
index 151e54f..938c2eb 100644
--- a/lib/gnutls_compress.h
+++ b/lib/gnutls_compress.h
@@ -48,7 +48,7 @@ int _gnutls_decompress (comp_hd_st* handle, uint8_t *
compressed,
size_t compressed_size, uint8_t * plain,
size_t max_plain_size);
int _gnutls_compress (comp_hd_st*, const uint8_t * plain, size_t plain_size,
- uint8_t * compressed, size_t max_comp_size);
+ uint8_t * compressed, size_t max_comp_size, unsigned int
stateless);
struct gnutls_compression_entry
{
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 77705a3..348e3fc 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -578,6 +578,7 @@ struct gnutls_priority_st
safe_renegotiation_t sr;
unsigned int ssl3_record_version:1;
unsigned int server_precedence:1;
+ unsigned int allow_key_usage_violation:1;
unsigned int additional_verify_flags;
};
@@ -868,6 +869,8 @@ typedef struct
/* if set it means that the master key was set using
* gnutls_session_set_master() rather than being negotiated. */
unsigned int premaster_set:1;
+ /* Whether stateless compression will be used */
+ unsigned int stateless_compression:1;
unsigned int cb_tls_unique_len;
unsigned char cb_tls_unique[MAX_VERIFY_DATA_SIZE];
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 52e5209..6008276 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -911,6 +911,7 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
{
(*priority_cache)->no_padding = 1;
(*priority_cache)->allow_large_records = 1;
+ (*priority_cache)->allow_key_usage_violation = 1;
}
else if (strcasecmp (&broken_list[i][1], "NO_EXTENSIONS") == 0)
{
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 5a78e02..1838c25 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -221,7 +221,10 @@ sign_tls_hash (gnutls_session_t session,
gnutls_digest_algorithm_t hash_algo,
if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
{
gnutls_assert ();
- return GNUTLS_E_KEY_USAGE_VIOLATION;
+ if (session->internals.priorities.allow_key_usage_violation == 0)
+ return GNUTLS_E_KEY_USAGE_VIOLATION;
+ else
+ _gnutls_audit_log(session, "Key usage violation was detected
(ignored).\n");
}
/* External signing. Deprecated. To be removed. */
@@ -293,7 +296,10 @@ verify_tls_hash (gnutls_protocol_t ver, gnutls_pcert_st*
cert,
if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
{
gnutls_assert ();
- return GNUTLS_E_KEY_USAGE_VIOLATION;
+ if (session->internals.priorities.allow_key_usage_violation == 0)
+ return GNUTLS_E_KEY_USAGE_VIOLATION;
+ else
+ _gnutls_audit_log(session, "Key usage violation was detected
(ignored).\n");
}
if (pk_algo == GNUTLS_PK_UNKNOWN)
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 01590a4..428c065 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -291,7 +291,8 @@ _gnutls_handshake_internal_state_clear (gnutls_session_t
session)
* @flags can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER. For a DTLS
* entity, the flags %GNUTLS_DATAGRAM and %GNUTLS_NONBLOCK are
* also available. The latter flag will enable a non-blocking
- * operation of the DTLS timers.
+ * operation of the DTLS timers. The flag %GNUTLS_STATELESS_COMPRESSION
+ * would disable keeping state across records when compressing.
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
@@ -390,6 +391,9 @@ gnutls_init (gnutls_session_t * session, unsigned int flags)
else
(*session)->internals.transport = GNUTLS_STREAM;
+ if (flags & GNUTLS_STATELESS_COMPRESSION)
+ (*session)->internals.stateless_compression = 1;
+
if (flags & GNUTLS_NONBLOCK)
(*session)->internals.dtls.blocking = 0;
else
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 02832bf..9494a3f 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -293,13 +293,14 @@ extern "C"
* @GNUTLS_CLIENT: Connection end is a client.
* @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS).
* @GNUTLS_NONBLOCK: Connection should not block (DTLS).
+ * @GNUTLS_STATELESS_COMPRESSION: Compression will be applied independently
on each record.
*
- * Enumeration of different TLS connection end types.
*/
#define GNUTLS_SERVER 1
#define GNUTLS_CLIENT (1<<1)
#define GNUTLS_DATAGRAM (1<<2)
#define GNUTLS_NONBLOCK (1<<3)
+#define GNUTLS_STATELESS_COMPRESSION (1<<4)
/**
* gnutls_alert_level_t:
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_23-8-g6220817,
Nikos Mavrogiannopoulos <=