[git] NTBTLS - branch, master, updated. 4e4d5a4c436ecf2d2ae96b61b2c0cfc177f585b7
by Werner Koch
cvs at cvs.gnupg.org
Tue Feb 21 11:07:54 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Not Too Bad TLS".
The branch, master has been updated
via 4e4d5a4c436ecf2d2ae96b61b2c0cfc177f585b7 (commit)
via 59b779b8c0f7bb22c48527f8ed8d1d28acc8bad3 (commit)
from 19d9776ac40e7ff9fcfed7838ff8261ba8d61fac (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4e4d5a4c436ecf2d2ae96b61b2c0cfc177f585b7
Author: Werner Koch <wk at gnupg.org>
Date: Tue Feb 21 11:05:15 2017 +0100
New macro ntbtls_check_context.
* src/ntbtls.h.in (ntbtls_check_context): New macro.
* src/visibility.c (_ntbtls_check_context): New function.
* src/libntbtls.def, src/libntbtls.vers: Add _ntbtls_check_context.
* configure.ac (SIZEOF_UNSIGNED_LONG): Define.
* src/context.h (NTBTLS_CONTEXT_MAGIC): New constant.
(_ntbtls_context_s): New field 'magic'.
* src/debug.c (_ntbtls_debug_bug): Always print a message.
* src/protocol.c (_ntbtls_new): Set MAGIC.
(_ntbtls_release): Test MAGIC.
--
This macro allows to assert that a TLS context, which might have been
conveyed using an opaque pointer, is valid. The function does not
abort but merely logs and returns error.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/configure.ac b/configure.ac
index fec870a..6cb2bd5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -316,6 +316,7 @@ AC_MSG_NOTICE([checking for system characteristics])
AC_C_CONST
AC_C_INLINE
AC_C_VOLATILE
+AC_CHECK_SIZEOF(unsigned long)
AC_TYPE_SIZE_T
AC_TYPE_MODE_T
AC_TYPE_SIGNAL
diff --git a/src/context.h b/src/context.h
index 61616bc..4934c6e 100644
--- a/src/context.h
+++ b/src/context.h
@@ -259,11 +259,20 @@ typedef struct _ntbtls_ticket_keys_s *ticket_keys_t;
+
+#if SIZEOF_UNSIGNED_LONG == 8
+# define NTBTLS_CONTEXT_MAGIC 0x6e7462746c736378 /* "ntbtlscx" */
+#else
+# define NTBTLS_CONTEXT_MAGIC 0x6e746243 /* "ntbC" */
+#endif
+
/*
* The TLS context object.
*/
struct _ntbtls_context_s
{
+ unsigned long magic;
+
/*
* Miscellaneous
*/
diff --git a/src/debug.c b/src/debug.c
index d2b7c59..385953b 100644
--- a/src/debug.c
+++ b/src/debug.c
@@ -110,13 +110,10 @@ _ntbtls_debug_bug (const char *file, int line)
{
const char *s;
- if (!debug_level)
- return;
-
s = strrchr (file, '/');
if (s)
file = s + 1;
- _ntbtls_debug_msg (0, "bug detected at %s:%d\n", file, line);
+ _ntbtls_debug_msg (-1, "bug detected at %s:%d\n", file, line);
}
diff --git a/src/libntbtls.def b/src/libntbtls.def
index 69b3f1d..8526d10 100644
--- a/src/libntbtls.def
+++ b/src/libntbtls.def
@@ -41,4 +41,5 @@ EXPORTS
ntbtls_x509_get_peer_cert @13
ntbtls_set_log_handler @14
ntbtls_get_hostname @15
+ _ntbtls_check_context @16
; END
diff --git a/src/libntbtls.vers b/src/libntbtls.vers
index 0359cec..fa0b175 100644
--- a/src/libntbtls.vers
+++ b/src/libntbtls.vers
@@ -26,6 +26,7 @@ NTBTLS_1.0 {
ntbtls_set_log_handler;
ntbtls_new;
+ _ntbtls_check_context;
ntbtls_release;
ntbtls_set_transport;
ntbtls_get_stream;
diff --git a/src/ntbtls.h.in b/src/ntbtls.h.in
index 1d2486d..f628698 100644
--- a/src/ntbtls.h.in
+++ b/src/ntbtls.h.in
@@ -101,6 +101,10 @@ gpg_error_t ntbtls_new (ntbtls_t *r_tls, unsigned int flags);
/* Destroy a TLS context. */
void ntbtls_release (ntbtls_t tls);
+/* Check that TLS is not NULL and valid. (Use only the macro). */
+gpg_error_t _ntbtls_check_context (ntbtls_t tls, const char *file, int line);
+#define ntbtls_check_context(t) _ntbtls_check_context ((t), __FILE__, __LINE__)
+
/* Create a new X509 certificate chain. */
gpg_error_t ntbtls_x509_cert_new (x509_cert_t *r_cert);
diff --git a/src/protocol.c b/src/protocol.c
index b5dbb51..a931cd0 100644
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -2627,6 +2627,8 @@ _ntbtls_new (ntbtls_t *r_tls, unsigned int flags)
if (!tls)
return gpg_error_from_syserror (); /* Return immediately. */
+ tls->magic = NTBTLS_CONTEXT_MAGIC;
+
tls->min_major_ver = TLS_MIN_MAJOR_VERSION;
tls->min_minor_ver = TLS_MIN_MINOR_VERSION;
tls->max_major_ver = TLS_MAX_MAJOR_VERSION;
@@ -2719,6 +2721,8 @@ _ntbtls_release (ntbtls_t tls)
return;
debug_msg (2, "release");
+ if (tls->magic != NTBTLS_CONTEXT_MAGIC)
+ debug_bug ();
if (tls->out_ctr)
{
diff --git a/src/visibility.c b/src/visibility.c
index 0ab8b4a..40cb3ee 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -52,6 +52,21 @@ ntbtls_new (ntbtls_t *r_tls, unsigned int flags)
}
+/* Check that TLS is valid. FILE and LINE are printed in case of a
+ * failure. Returns True on failure. This should be called using the
+ * corresponding macro. */
+gpg_error_t
+_ntbtls_check_context (ntbtls_t tls, const char *file, int line)
+{
+ if (!tls || tls->magic != NTBTLS_CONTEXT_MAGIC)
+ {
+ _ntbtls_debug_bug (file, line);
+ return gpg_error (GPG_ERR_BUG);
+ }
+ return 0;
+}
+
+
void
ntbtls_release (ntbtls_t tls)
{
diff --git a/src/visibility.h b/src/visibility.h
index 249d9d2..8ac6c9e 100644
--- a/src/visibility.h
+++ b/src/visibility.h
@@ -45,6 +45,7 @@ MARK_VISIBLE (ntbtls_check_version)
MARK_VISIBLE (ntbtls_set_debug)
MARK_VISIBLE (ntbtls_set_log_handler)
MARK_VISIBLE (ntbtls_new)
+MARK_VISIBLE (_ntbtls_check_context)
MARK_VISIBLE (ntbtls_release)
MARK_VISIBLE (ntbtls_set_transport)
MARK_VISIBLE (ntbtls_get_stream)
commit 59b779b8c0f7bb22c48527f8ed8d1d28acc8bad3
Author: Werner Koch <wk at gnupg.org>
Date: Tue Feb 21 09:47:39 2017 +0100
New function ntbtls_get_hostname.
* src/ntbtls.h.in (ntbtls_get_hostname): New.
* src/protocol.c (_ntbtls_get_hostname): New.
* src/visibility.c, src/visibility.h: Export ntbtls_get_hostname.
* src/libntbtls.def, src/libntbtls.vers: Ditto.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/src/ciphersuites.c b/src/ciphersuites.c
index a93c347..68c4108 100644
--- a/src/ciphersuites.c
+++ b/src/ciphersuites.c
@@ -1390,7 +1390,7 @@ _ntbtls_ciphersuite_get_sig_pk_alg (ciphersuite_t suite)
return GCRY_PK_RSA;
case KEY_EXCHANGE_ECDHE_ECDSA:
- return GCRY_PK_ECC; /* Actuall ECDSA */
+ return GCRY_PK_ECC; /* Actually ECDSA */
case KEY_EXCHANGE_ECDH_RSA:
case KEY_EXCHANGE_ECDH_ECDSA:
diff --git a/src/libntbtls.def b/src/libntbtls.def
index 637de78..69b3f1d 100644
--- a/src/libntbtls.def
+++ b/src/libntbtls.def
@@ -40,4 +40,5 @@ EXPORTS
ntbtls_x509_get_peer_cert @13
ntbtls_set_log_handler @14
+ ntbtls_get_hostname @15
; END
diff --git a/src/libntbtls.vers b/src/libntbtls.vers
index 47f3c69..0359cec 100644
--- a/src/libntbtls.vers
+++ b/src/libntbtls.vers
@@ -30,6 +30,7 @@ NTBTLS_1.0 {
ntbtls_set_transport;
ntbtls_get_stream;
ntbtls_set_hostname;
+ ntbtls_get_hostname;
ntbtls_handshake;
diff --git a/src/ntbtls-int.h b/src/ntbtls-int.h
index 7a17323..e12f592 100644
--- a/src/ntbtls-int.h
+++ b/src/ntbtls-int.h
@@ -330,6 +330,7 @@ gpg_error_t _ntbtls_set_verify_cb (ntbtls_t tls,
ntbtls_verify_cb_t cb, void *cb_value);
gpg_error_t _ntbtls_set_hostname (ntbtls_t tls, const char *hostname);
+const char *_ntbtls_get_hostname (ntbtls_t tls);
gpg_error_t _ntbtls_handshake (ntbtls_t tls);
diff --git a/src/ntbtls.h.in b/src/ntbtls.h.in
index b887b0a..1d2486d 100644
--- a/src/ntbtls.h.in
+++ b/src/ntbtls.h.in
@@ -129,6 +129,11 @@ gpg_error_t ntbtls_set_verify_cb (ntbtls_t tls,
It is used for SNI, too. */
gpg_error_t ntbtls_set_hostname (ntbtls_t tls, const char *hostname);
+/* Return the hostname which has been set with ntbtls_set_hostname.
+ * The returned value is valid as long as TLS is valid and
+ * ntbtls_set_hostname has not been used again. */
+const char *ntbtls_get_hostname (ntbtls_t tls);
+
/* Perform the handshake with the peer. The transport streams must be
connected before starting this handshake. */
gpg_error_t ntbtls_handshake (ntbtls_t tls);
diff --git a/src/protocol.c b/src/protocol.c
index 4f3ee4a..b5dbb51 100644
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -3254,6 +3254,16 @@ _ntbtls_set_hostname (ntbtls_t tls, const char *hostname)
}
+/* Return the hostname which has been set with ntbtls_set_hostname.
+ * The returned value is valid as long as TLS is valid and
+ * ntbtls_set_hostname has not been used again. */
+const char *
+_ntbtls_get_hostname (ntbtls_t tls)
+{
+ return tls ? tls->hostname : NULL;
+}
+
+
/* void */
/* ssl_set_sni (ntbtls_t ssl, */
/* int (*f_sni) (void *, ntbtls_t, */
diff --git a/src/visibility.c b/src/visibility.c
index 73f2452..0ab8b4a 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -82,6 +82,13 @@ ntbtls_set_hostname (ntbtls_t tls, const char *hostname)
}
+const char *
+ntbtls_get_hostname (ntbtls_t tls)
+{
+ return _ntbtls_get_hostname (tls);
+}
+
+
gpg_error_t
ntbtls_handshake (ntbtls_t tls)
{
diff --git a/src/visibility.h b/src/visibility.h
index 7f6db83..249d9d2 100644
--- a/src/visibility.h
+++ b/src/visibility.h
@@ -49,6 +49,7 @@ MARK_VISIBLE (ntbtls_release)
MARK_VISIBLE (ntbtls_set_transport)
MARK_VISIBLE (ntbtls_get_stream)
MARK_VISIBLE (ntbtls_set_hostname)
+MARK_VISIBLE (ntbtls_get_hostname)
MARK_VISIBLE (ntbtls_handshake)
MARK_VISIBLE (ntbtls_set_verify_cb)
@@ -74,6 +75,7 @@ MARK_VISIBLE (ntbtls_x509_get_peer_cert)
#define ntbtls_set_transport _ntbtls_USE_THE_UNDERSCORED_FUNCTION
#define ntbtls_get_stream _ntbtls_USE_THE_UNDERSCORED_FUNCTION
#define ntbtls_set_hostname _ntbtls_USE_THE_UNDERSCORED_FUNCTION
+#define ntbtls_get_hostname _ntbtls_USE_THE_UNDERSCORED_FUNCTION
#define ntbtls_handshake _ntbtls_USE_THE_UNDERSCORED_FUNCTION
#define ntbtls_set_verify_cb _ntbtls_USE_THE_UNDERSCORED_FUNCTION
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 1 +
src/ciphersuites.c | 2 +-
src/context.h | 9 +++++++++
src/debug.c | 5 +----
src/libntbtls.def | 2 ++
src/libntbtls.vers | 2 ++
src/ntbtls-int.h | 1 +
src/ntbtls.h.in | 9 +++++++++
src/protocol.c | 14 ++++++++++++++
src/visibility.c | 22 ++++++++++++++++++++++
src/visibility.h | 3 +++
11 files changed, 65 insertions(+), 5 deletions(-)
hooks/post-receive
--
Not Too Bad TLS
http://git.gnupg.org
More information about the Gnupg-commits
mailing list