[gnutls-dev] gnutls 1.0.6
Nikos Mavroyanopoulos
nmav at gnutls.org
Thu Feb 12 11:20:04 CET 2004
I've just released gnutls 1.0.6 which includes all
the new features of the 1.1.x branch except for TLS 1.1.
Those are:
- Improved gnutls-cli's SRP behaviour in SRP ciphersuites.
If they are of highest priority then the abbreviated handshake
is used.
- The error codes GNUTLS_E_NO_TEMPORARY_DH_PARAMS and GNUTLS_E_NO_TEMPORARY_RSA_PARAMS
are no longer returned by the handshake function. Ciphersuites that
require temporary parameters are removed when such parameters do not exist.
- Added the callbacks gnutls_certificate_client_retrieve_function() and
gnutls_certificate_server_retrieve_function(), to allow a client or a server
to specify certificates for the handshake without storing them to the
credentials structure.
- Added support for generating and exporting DSA private keys.
TLS 1.1 was not included because I couldn't test it against other
implementations. If you can test it, a patch that enables it is attached.
--
Nikos Mavroyanopoulos
-------------- next part --------------
--- gnutls1/lib/gnutls_algorithms.c Thu Feb 12 11:13:34 2004
+++ gnutls/lib/gnutls_algorithms.c Tue Jan 6 22:13:48 2004
@@ -109,6 +109,7 @@
static const gnutls_version_entry sup_versions[] = {
{"SSL 3.0", GNUTLS_SSL3, 3, 0, 1},
{"TLS 1.0", GNUTLS_TLS1, 3, 1, 1},
+ {"TLS 1.1", GNUTLS_TLS1_1, 3, 2, 1},
{0, 0, 0, 0, 0}
};
--- gnutls1/lib/gnutls_cipher.c Thu Feb 12 11:13:33 2004
+++ gnutls/lib/gnutls_cipher.c Wed Feb 11 20:51:21 2004
@@ -228,6 +228,9 @@
*pad = (uint8) (blocksize - (length % blocksize)) + rand;
length += *pad;
+ if ( session->security_parameters.version >= GNUTLS_TLS1_1)
+ length += blocksize; /* for the IV */
+
break;
default:
gnutls_assert();
@@ -312,6 +315,17 @@
}
data_ptr = cipher_data;
+ if ( block_algo==CIPHER_BLOCK &&
+ session->security_parameters.version >= GNUTLS_TLS1_1)
+ {
+ /* copy the random IV.
+ */
+ if (_gnutls_get_random(data_ptr, blocksize, GNUTLS_WEAK_RANDOM) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ data_ptr += blocksize;
+ }
memcpy(data_ptr, compressed.data, compressed.size);
data_ptr += compressed.size;
@@ -403,6 +417,18 @@
ciphertext.size)) < 0) {
gnutls_assert();
return ret;
+ }
+
+ /* ignore the IV in TLS 1.1.
+ */
+ if (session->security_parameters.version >= GNUTLS_TLS1_1) {
+ ciphertext.size -= blocksize;
+ ciphertext.data += blocksize;
+
+ if (ciphertext.size == 0) {
+ gnutls_assert();
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
}
pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */
--- gnutls1/lib/gnutls.h.in.in Thu Feb 12 11:12:11 2004
+++ gnutls/lib/gnutls.h.in.in Tue Feb 10 22:10:06 2004
@@ -148,7 +148,7 @@
#define GNUTLS_TLS1 GNUTLS_TLS1_0
typedef enum gnutls_protocol_version { GNUTLS_SSL3=1, GNUTLS_TLS1_0,
- } gnutls_protocol_version;
+ GNUTLS_TLS1_1 } gnutls_protocol_version;
typedef enum gnutls_certificate_type { GNUTLS_CRT_X509=1, GNUTLS_CRT_OPENPGP
} gnutls_certificate_type;
More information about the Gnutls-devel
mailing list