[gnutls-dev] gnutls 1.0.6

Nikos Mavroyanopoulos nmav at gnutls.org
Thu Feb 12 11:20:04 CET 2004


I've just released gnutls 1.0.6 which includes all
the new features of the 1.1.x branch except for TLS 1.1.
Those are:
- Improved gnutls-cli's SRP behaviour in SRP ciphersuites.
  If they are of highest priority then the abbreviated handshake
  is used.
- The error codes GNUTLS_E_NO_TEMPORARY_DH_PARAMS and GNUTLS_E_NO_TEMPORARY_RSA_PARAMS
  are no longer returned by the handshake function. Ciphersuites that
  require temporary parameters are removed when such parameters do not exist.
- Added the callbacks gnutls_certificate_client_retrieve_function() and
  gnutls_certificate_server_retrieve_function(), to allow a client or a server
  to specify certificates for the handshake without storing them to the
  credentials structure.
- Added support for generating and exporting DSA private keys.


TLS 1.1 was not included because I couldn't test it against other
implementations. If you can test it, a patch that enables it is attached.

-- 
Nikos Mavroyanopoulos
-------------- next part --------------
--- gnutls1/lib/gnutls_algorithms.c	Thu Feb 12 11:13:34 2004
+++ gnutls/lib/gnutls_algorithms.c	Tue Jan  6 22:13:48 2004
@@ -109,6 +109,7 @@
 static const gnutls_version_entry sup_versions[] = {
 	{"SSL 3.0", GNUTLS_SSL3, 3, 0, 1},
 	{"TLS 1.0", GNUTLS_TLS1, 3, 1, 1},
+	{"TLS 1.1", GNUTLS_TLS1_1, 3, 2, 1},
 	{0, 0, 0, 0, 0}
 };
 
--- gnutls1/lib/gnutls_cipher.c	Thu Feb 12 11:13:33 2004
+++ gnutls/lib/gnutls_cipher.c	Wed Feb 11 20:51:21 2004
@@ -228,6 +228,9 @@
 		*pad = (uint8) (blocksize - (length % blocksize)) + rand;
 
 		length += *pad;
+		if ( session->security_parameters.version >= GNUTLS_TLS1_1)
+			length += blocksize; /* for the IV */
+
 		break;
 	default:
 		gnutls_assert();
@@ -312,6 +315,17 @@
 	}
 
 	data_ptr = cipher_data;
+	if ( block_algo==CIPHER_BLOCK &&
+		session->security_parameters.version >= GNUTLS_TLS1_1) 
+	{
+		/* copy the random IV.
+		 */
+		if (_gnutls_get_random(data_ptr, blocksize, GNUTLS_WEAK_RANDOM) < 0) {
+			gnutls_assert();
+			return GNUTLS_E_MEMORY_ERROR;
+		}
+		data_ptr += blocksize;
+	}
 
 	memcpy(data_ptr, compressed.data, compressed.size);
 	data_ptr += compressed.size;
@@ -403,6 +417,18 @@
 			      ciphertext.size)) < 0) {
 			gnutls_assert();
 			return ret;
+		}
+
+		/* ignore the IV in TLS 1.1.
+		 */
+		if (session->security_parameters.version >= GNUTLS_TLS1_1) {
+			ciphertext.size -= blocksize;
+			ciphertext.data += blocksize;
+			
+			if (ciphertext.size == 0) {
+				gnutls_assert();
+				return GNUTLS_E_DECRYPTION_FAILED;
+			}
 		}
 
 		pad = ciphertext.data[ciphertext.size - 1] + 1;	/* pad */
--- gnutls1/lib/gnutls.h.in.in	Thu Feb 12 11:12:11 2004
+++ gnutls/lib/gnutls.h.in.in	Tue Feb 10 22:10:06 2004
@@ -148,7 +148,7 @@
 
 #define GNUTLS_TLS1 GNUTLS_TLS1_0
 typedef enum gnutls_protocol_version { GNUTLS_SSL3=1, GNUTLS_TLS1_0,
-	} gnutls_protocol_version;
+	GNUTLS_TLS1_1 } gnutls_protocol_version;
 
 typedef enum gnutls_certificate_type { GNUTLS_CRT_X509=1, GNUTLS_CRT_OPENPGP 
 } gnutls_certificate_type;


More information about the Gnutls-devel mailing list