[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-commit-watchers
Subject: [gnutls-commits]cvs: gnutls /lib gnutls_handshake.c gnutls_record.c
From: "Nikos Mavroyanopoulos" <nmav () gnutls ! org>
Date: 2002-05-28 17:29:41
[Download RAW message or body]
nmav Tue May 28 19:29:41 2002 EDT
Modified files:
/gnutls/lib gnutls_handshake.c gnutls_record.c
Log:
Index: gnutls/lib/gnutls_handshake.c
diff -u gnutls/lib/gnutls_handshake.c:2.150 gnutls/lib/gnutls_handshake.c:2.151
--- gnutls/lib/gnutls_handshake.c:2.150 Wed May 22 21:29:37 2002
+++ gnutls/lib/gnutls_handshake.c Tue May 28 19:29:41 2002
@@ -124,7 +124,8 @@
TLS_RANDOM_SIZE);
}
-/* Calculate The SSL3 Finished message */
+/* Calculate The SSL3 Finished message
+ */
#define SSL3_CLIENT_MSG "CLNT"
#define SSL3_SERVER_MSG "SRVR"
#define SSL_MSG_LEN 4
@@ -163,7 +164,8 @@
return 0;
}
-/* Hash the handshake messages as required by TLS 1.0 */
+/* Hash the handshake messages as required by TLS 1.0
+ */
#define SERVER_MSG "server finished"
#define CLIENT_MSG "client finished"
#define TLS_MSG_LEN 15
@@ -226,12 +228,12 @@
return 0;
}
-/* Read a client hello
- * client hello must be a known version client hello
+
+/* Read a client hello packet.
+ * A client hello must be a known version client hello
* or version 2.0 client hello (only for compatibility
* since SSL version 2.0 is not supported).
*/
-
int _gnutls_read_client_hello(GNUTLS_STATE state, opaque * data,
int datalen)
{
@@ -622,7 +624,8 @@
}
-/* This selects the best supported compression method from the ones provided */
+/* This selects the best supported compression method from the ones provided
+ */
int _gnutls_server_select_comp_method(GNUTLS_STATE state, opaque * data,
int datalen)
{
@@ -1026,35 +1029,27 @@
case GNUTLS_CLIENT_HELLO:
case GNUTLS_SERVER_HELLO:
ret = _gnutls_recv_hello(state, dataptr, length32);
- /* dataptr is freed because the called does not
+ /* dataptr is freed because the caller does not
* need it */
gnutls_free(dataptr);
- break;
- case GNUTLS_CERTIFICATE_PKT:
- ret = length32;
+ *data = NULL;
break;
case GNUTLS_SERVER_HELLO_DONE:
if (length32==0) ret = 0;
else ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
break;
+ case GNUTLS_CERTIFICATE_PKT:
case GNUTLS_FINISHED:
- ret = length32;
- break;
case GNUTLS_SERVER_KEY_EXCHANGE:
- ret = length32;
- break;
case GNUTLS_CLIENT_KEY_EXCHANGE:
- ret = length32;
- break;
case GNUTLS_CERTIFICATE_REQUEST:
- ret = length32;
- break;
case GNUTLS_CERTIFICATE_VERIFY:
ret = length32;
break;
default:
gnutls_assert();
gnutls_free(dataptr);
+ *data = NULL;
ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
}
Index: gnutls/lib/gnutls_record.c
diff -u gnutls/lib/gnutls_record.c:2.114 gnutls/lib/gnutls_record.c:2.115
--- gnutls/lib/gnutls_record.c:2.114 Thu May 23 12:55:21 2002
+++ gnutls/lib/gnutls_record.c Tue May 28 19:29:41 2002
@@ -766,13 +766,13 @@
gnutls_afree(tmpdata);
if (ret==GNUTLS_E_INT_RET_0) return 0;
-
gnutls_assert();
return ret;
}
gnutls_afree(tmpdata);
- /* Get Application data from buffer */
+ /* Get Application data from buffer
+ */
if ((type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE) && (recv_type == type)) {
ret = _gnutls_record_buffer_get(type, state, data, sizeofdata);
@@ -788,7 +788,6 @@
return ret2;
}
}
-
} else {
gnutls_assert();
ret = GNUTLS_E_UNEXPECTED_PACKET;
@@ -796,7 +795,12 @@
*/
}
- /* TLS 1.0 CBC protection. Read the next fragment.
+ /* TLS 1.0 CBC protection.
+ * Actually this code is called if we just received
+ * an empty packet. An empty TLS packet is usually
+ * sent to protect some vulnerabilities in the CBC mode.
+ * In that case we go to the begining and start reading
+ * the next packet.
*/
if (ret==0) {
empty_packet++;
@@ -825,6 +829,8 @@
}
+/* The parse version functions were copied from libgcrypt.
+ */
static const char *
parse_version_string( const char *s, int *major, int *minor, int *micro )
{
_______________________________________________
Gnutls-commits mailing list
Gnutls-commits@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnutls-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic