[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_23-27-g5f40
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_23-27-g5f40c3a |
|
Date: |
Fri, 21 Sep 2012 17:37:27 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=5f40c3aa2662f104b7ea4cd501e2473af2e65b30
The branch, gnutls_3_0_x-2 has been updated
via 5f40c3aa2662f104b7ea4cd501e2473af2e65b30 (commit)
via ac05a939835056f2ae09a7450cbe608c335af827 (commit)
from e73c3011949ae2f31829aee1a6a348982ce6d316 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5f40c3aa2662f104b7ea4cd501e2473af2e65b30
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Sep 21 19:36:23 2012 +0200
bumped version
commit ac05a939835056f2ae09a7450cbe608c335af827
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Sep 21 19:05:29 2012 +0200
Correctly restore gnutls_record_recv() in DTLS mode if interrupted during
the retrasmition of handshake data.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 +++
configure.ac | 2 +-
doc/cha-gtls-app.texi | 2 +-
lib/gnutls_dtls.c | 9 ---------
lib/gnutls_dtls.h | 11 ++++++++++-
lib/gnutls_int.h | 10 +++++++++-
lib/gnutls_record.c | 42 ++++++++++++++++++++++++++++--------------
m4/hooks.m4 | 2 +-
8 files changed, 53 insertions(+), 28 deletions(-)
diff --git a/NEWS b/NEWS
index 77ca590..37c7658 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,9 @@ of unsorted certificate chains and is enabled by default for
TLS certificate verification (if gnutls_certificate_set_verify_flags()
does not override it).
+** libgnutls: Correctly restore gnutls_record_recv() in DTLS mode
+if interrupted during the retrasmition of handshake data.
+
** libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(),
which provides a tool to counter compression-related attacks where
parts of the data are controlled by the attacker _and_ placed in
diff --git a/configure.ac b/configure.ac
index 436dfb2..0a3a9aa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -21,7 +21,7 @@ dnl Process this file with autoconf to produce a configure
script.
# USA
AC_PREREQ(2.61)
-AC_INIT([GnuTLS], [3.0.23], address@hidden)
+AC_INIT([GnuTLS], [3.0.24], address@hidden)
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4])
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 2bb872c..9cc50e7 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -660,7 +660,7 @@ function implies to restoring the same function that was
interrupted, in
the DTLS protocol this requirement isn't true.
There are cases where a retransmission is required, which are indicated by
a received message and thus @funcref{gnutls_record_get_direction} must be
called
-to decide which operation to restore, i.e., send or receive.
+to decide which direction to check prior to restoring a function call.
@showfuncdesc{gnutls_record_get_direction}
Moreover, to prevent blocking from DTLS' retransmission timers to block a
diff --git a/lib/gnutls_dtls.c b/lib/gnutls_dtls.c
index ae6faf9..ae68ed5 100644
--- a/lib/gnutls_dtls.c
+++ b/lib/gnutls_dtls.c
@@ -157,15 +157,6 @@ static int drop_usage_count(gnutls_session_t session,
mbuffer_head_st *const sen
return 0;
}
-/* This function is to be called from record layer once
- * a handshake replay is detected. It will make sure
- * it transmits only once per few seconds. Otherwise
- * it is the same as _dtls_transmit().
- */
-int _dtls_retransmit(gnutls_session_t session)
-{
- return _dtls_transmit(session);
-}
/* Checks whether the received packet contains a handshake
* packet with sequence higher that the previously received.
diff --git a/lib/gnutls_dtls.h b/lib/gnutls_dtls.h
index cd15f89..c97d470 100644
--- a/lib/gnutls_dtls.h
+++ b/lib/gnutls_dtls.h
@@ -31,7 +31,6 @@
#include <timespec.h>
int _dtls_transmit(gnutls_session_t session);
-int _dtls_retransmit(gnutls_session_t session);
int _dtls_record_check(struct record_parameters_st *rp, uint64 * _seq);
void _dtls_reset_hsk_state(gnutls_session_t session);
@@ -122,4 +121,14 @@ inline static int
_dtls_async_timer_active(gnutls_session_t session)
return session->internals.dtls.async_term;
}
+/* This function is to be called from record layer once
+ * a handshake replay is detected. It will make sure
+ * it transmits only once per few seconds. Otherwise
+ * it is the same as _dtls_transmit().
+ */
+inline static int _dtls_retransmit(gnutls_session_t session)
+{
+ return _dtls_transmit(session);
+}
+
#endif
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index fec0d3e..fee1401 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -230,6 +230,12 @@ typedef enum handshake_state_t
STATE60 = 60, STATE61, STATE62, STATE70, STATE71
} handshake_state_t;
+typedef enum recv_state_t
+{
+ RECV_STATE_0 = 0,
+ RECV_STATE_DTLS_RETRANSMIT,
+} recv_state_t;
+
#include <gnutls_str.h>
/* This is the maximum number of algorithms (ciphers or macs etc).
@@ -874,7 +880,9 @@ typedef struct
unsigned int cb_tls_unique_len;
unsigned char cb_tls_unique[MAX_VERIFY_DATA_SIZE];
-
+
+ recv_state_t recv_state; /* state of the receive function */
+
/* If you add anything here, check _gnutls_handshake_internal_state_clear().
*/
} internals_st;
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index fbb84a1..e2542ba 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -694,7 +694,7 @@ record_add_to_buffers (gnutls_session_t session,
ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
goto unexpected_packet;
}
-
+
if (_dtls_is_async(session) && _dtls_async_timer_active(session))
{
if (session->security_parameters.entity == GNUTLS_SERVER &&
@@ -705,9 +705,11 @@ record_add_to_buffers (gnutls_session_t session,
}
else
{
+ session->internals.recv_state =
RECV_STATE_DTLS_RETRANSMIT;
ret = _dtls_retransmit(session);
if (ret == 0)
{
+ session->internals.recv_state = RECV_STATE_0;
ret = gnutls_assert_val(GNUTLS_E_AGAIN);
goto unexpected_packet;
}
@@ -1196,21 +1198,33 @@ _gnutls_recv_int (gnutls_session_t session,
content_type_t type,
gnutls_assert ();
return GNUTLS_E_INVALID_SESSION;
}
+
+ switch(session->internals.recv_state)
+ {
+ case RECV_STATE_DTLS_RETRANSMIT:
+ ret = _dtls_retransmit(session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ session->internals.recv_state = RECV_STATE_0;
+ case RECV_STATE_0:
+
+ _dtls_async_timer_check(session);
+ /* If we have enough data in the cache do not bother receiving
+ * a new packet. (in order to flush the cache)
+ */
+ ret = check_buffers (session, type, data, data_size, seq);
+ if (ret != 0)
+ return ret;
- _dtls_async_timer_check(session);
-
- /* If we have enough data in the cache do not bother receiving
- * a new packet. (in order to flush the cache)
- */
- ret = check_buffers (session, type, data, data_size, seq);
- if (ret != 0)
- return ret;
-
- ret = _gnutls_recv_in_buffers(session, type, htype);
- if (ret < 0 && ret != GNUTLS_E_SESSION_EOF)
- return gnutls_assert_val(ret);
+ ret = _gnutls_recv_in_buffers(session, type, htype);
+ if (ret < 0 && ret != GNUTLS_E_SESSION_EOF)
+ return gnutls_assert_val(ret);
- return check_buffers (session, type, data, data_size, seq);
+ return check_buffers (session, type, data, data_size, seq);
+ default:
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
}
diff --git a/m4/hooks.m4 b/m4/hooks.m4
index ba4163b..7b2028a 100644
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -40,7 +40,7 @@ AC_DEFUN([LIBGNUTLS_HOOKS],
# Interfaces added: AGE++
# Interfaces removed: AGE=0
AC_SUBST(LT_CURRENT, 38)
- AC_SUBST(LT_REVISION, 2)
+ AC_SUBST(LT_REVISION, 3)
AC_SUBST(LT_AGE, 10)
AC_SUBST(LT_SSL_CURRENT, 27)
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_23-27-g5f40c3a,
Nikos Mavrogiannopoulos <=