diff options
| -rw-r--r-- | doc/cha-gtls-app.texi | 2 | ||||
| -rw-r--r-- | doc/cha-intro-tls.texi | 4 | ||||
| -rw-r--r-- | lib/gnutls_range.c | 185 | ||||
| -rw-r--r-- | lib/gnutls_record.c | 33 | ||||
| -rw-r--r-- | lib/gnutls_record.h | 14 | ||||
| -rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 10 | ||||
| -rw-r--r-- | lib/libgnutls.map | 4 | ||||
| -rw-r--r-- | src/cli-args.c | 188 | ||||
| -rw-r--r-- | src/cli-args.def | 4 | ||||
| -rw-r--r-- | src/cli-args.h | 11 | ||||
| -rw-r--r-- | src/cli.c | 18 | ||||
| -rw-r--r-- | src/socket.c | 9 | ||||
| -rw-r--r-- | src/socket.h | 2 |
13 files changed, 263 insertions, 221 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 36cc6ae80b..3a756db149 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1023,7 +1023,7 @@ will use the latest TLS version record version in client hello. @item %NEW_PADDING @tab will enable the new padding extension negotiation. If the new padding extension is negotiated, GnuTLS will use a more efficient length-hiding mechanism. -Use @funcref{gnutls_range_can_use_length_hiding} to check whether length-hiding +Use @funcref{gnutls_record_can_use_length_hiding} to check whether length-hiding can be used in the current session. @end multitable diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi index e4ff89c195..d9c90c963f 100644 --- a/doc/cha-intro-tls.texi +++ b/doc/cha-intro-tls.texi @@ -236,8 +236,8 @@ GnuTLS appears to be one of few implementations that take advantage of this feat the user can provide some plaintext data with a range of lengths she wishes to hide, and GnuTLS adds extra padding to make sure the attacker cannot tell the real plaintext length is in a range smaller than the user-provided one. -Use @funcref{gnutls_range_send_message} to send length-hidden messages and -@funcref{gnutls_range_can_use_length_hiding} to check whether the current +Use @funcref{gnutls_record_send_range} to send length-hidden messages and +@funcref{gnutls_record_can_use_length_hiding} to check whether the current session supports length hiding. Using the standard @funcref{gnutls_record_send} will only add minimal padding. diff --git a/lib/gnutls_range.c b/lib/gnutls_range.c index 88d1d21958..41d4b9ec01 100644 --- a/lib/gnutls_range.c +++ b/lib/gnutls_range.c @@ -26,17 +26,9 @@ #include "gnutls_constate.h" #include "gnutls_record.h" -ssize_t -min (ssize_t a, ssize_t b) -{ - if (a < b) - return a; - else - return b; -} - -void -_gnutls_set_range (gnutls_range_st * dst, const size_t low, const size_t high) +static void +_gnutls_set_range (gnutls_range_st * dst, const size_t low, + const size_t high) { dst->low = low; dst->high = high; @@ -47,8 +39,9 @@ _gnutls_set_range (gnutls_range_st * dst, const size_t low, const size_t high) * Returns how much LH pad we can put in this fragment, given we'll * put at least data_length bytes of user data. */ -ssize_t -_gnutls_range_max_lh_pad (gnutls_session_t session, ssize_t data_length, ssize_t max_frag) +static ssize_t +_gnutls_range_max_lh_pad (gnutls_session_t session, ssize_t data_length, + ssize_t max_frag) { int ret; record_parameters_st *record_params; @@ -56,7 +49,7 @@ _gnutls_range_max_lh_pad (gnutls_session_t session, ssize_t data_length, ssize_t ret = _gnutls_epoch_get (session, EPOCH_WRITE_CURRENT, &record_params); if (ret < 0) { - return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST); + return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST); } ssize_t max_pad; @@ -64,21 +57,21 @@ _gnutls_range_max_lh_pad (gnutls_session_t session, ssize_t data_length, ssize_t if (session->security_parameters.new_record_padding != 0) { - max_pad = MAX_USER_SEND_SIZE (session); - fixed_pad = 2; + max_pad = MAX_USER_SEND_SIZE (session); + fixed_pad = 2; } else { - max_pad = MAX_PAD_SIZE; - fixed_pad = 1; + max_pad = MAX_PAD_SIZE; + fixed_pad = 1; } - ssize_t this_pad = min(max_pad,max_frag - data_length); + ssize_t this_pad = MIN (max_pad, max_frag - data_length); ssize_t block_size = - gnutls_cipher_get_block_size (record_params->cipher_algorithm); + gnutls_cipher_get_block_size (record_params->cipher_algorithm); ssize_t tag_size = - _gnutls_auth_cipher_tag_len (&record_params->write.cipher_state); + _gnutls_auth_cipher_tag_len (&record_params->write.cipher_state); ssize_t overflow; switch (_gnutls_cipher_is_block (record_params->cipher_algorithm)) { @@ -86,37 +79,38 @@ _gnutls_range_max_lh_pad (gnutls_session_t session, ssize_t data_length, ssize_t return this_pad; case CIPHER_BLOCK: - overflow = (data_length + this_pad + tag_size + fixed_pad) % block_size; - if (overflow > this_pad) - { - return this_pad; - } - else - { - return this_pad - overflow; - } + overflow = + (data_length + this_pad + tag_size + fixed_pad) % block_size; + if (overflow > this_pad) + { + return this_pad; + } + else + { + return this_pad - overflow; + } default: return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR); } } /** - * gnutls_range_can_use_length_hiding: + * gnutls_record_can_use_length_hiding: * @session: is a #gnutls_session_t structure. * * Returns true (1) if the current session supports length-hiding * padding, false (0) if the current session does not. Returns * a negative value in case of error. * If the session supports length-hiding padding, you can - * invoke #gnutls_range_send_message to send a message whose + * invoke gnutls_range_send_message() to send a message whose * length is hidden in the given range. If the session does not * support length hiding padding, you can use the standard - * #gnutls_record_send function, or #gnutls_range_send_message + * gnutls_record_send() function, or gnutls_range_send_message() * making sure that the range is the same as the length of the * message you are trying to send. **/ int -gnutls_range_can_use_length_hiding (gnutls_session_t session) +gnutls_record_can_use_length_hiding (gnutls_session_t session) { int ret; record_parameters_st *record_params; @@ -124,18 +118,14 @@ gnutls_range_can_use_length_hiding (gnutls_session_t session) ret = _gnutls_epoch_get (session, EPOCH_WRITE_CURRENT, &record_params); if (ret < 0) { - return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST); + return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST); } if (session->security_parameters.new_record_padding != 0) - { - return 1; - } + return 1; if (session->security_parameters.version == GNUTLS_SSL3) - { - return 0; - } + return 0; switch (_gnutls_cipher_is_block (record_params->cipher_algorithm)) { @@ -148,7 +138,7 @@ gnutls_range_can_use_length_hiding (gnutls_session_t session) } } -ssize_t +static ssize_t _gnutls_range_split (gnutls_session_t session, const gnutls_range_st orig, gnutls_range_st * small_range, @@ -160,113 +150,112 @@ _gnutls_range_split (gnutls_session_t session, ssize_t orig_high = (ssize_t) orig.high; if (orig_high == orig_low) - { - int length = min (orig_high, max_frag); - int rem = orig_high - length; - _gnutls_set_range (small_range, length, length); - _gnutls_set_range (rem_range, rem, rem); - return 0; + { + int length = MIN (orig_high, max_frag); + int rem = orig_high - length; + _gnutls_set_range (small_range, length, length); + _gnutls_set_range (rem_range, rem, rem); + return 0; } else { - if (orig_low >= max_frag) - { - _gnutls_set_range (small_range, max_frag, max_frag); - _gnutls_set_range (rem_range, orig_low - max_frag, - orig_high - max_frag); - } - else - { - ret = _gnutls_range_max_lh_pad(session,orig_low,max_frag); - if (ret < 0) { - return ret; // already gnutls_assert_val'd - } - ssize_t this_pad = min(ret,orig_high - orig_low); + if (orig_low >= max_frag) + { + _gnutls_set_range (small_range, max_frag, max_frag); + _gnutls_set_range (rem_range, orig_low - max_frag, + orig_high - max_frag); + } + else + { + ret = _gnutls_range_max_lh_pad (session, orig_low, max_frag); + if (ret < 0) + { + return ret; /* already gnutls_assert_val'd */ + } + ssize_t this_pad = MIN (ret, orig_high - orig_low); - _gnutls_set_range(small_range, orig_low, orig_low + this_pad); - _gnutls_set_range(rem_range, 0, orig_high - (orig_low + this_pad)); - } + _gnutls_set_range (small_range, orig_low, orig_low + this_pad); + _gnutls_set_range (rem_range, 0, + orig_high - (orig_low + this_pad)); + } return 0; } } -size_t +static size_t _gnutls_range_fragment (size_t data_size, gnutls_range_st cur, gnutls_range_st next) { - return min (cur.high, data_size - next.low); + return MIN (cur.high, data_size - next.low); } /** - * gnutls_range_send_message: + * gnutls_record_send_range: * @session: is a #gnutls_session_t structure. * @data: contains the data to send. * @data_size: is the length of the data. * @range: is the range of lengths in which the real data length must be hidden. * - * This function operates like #gnutls_record_send but, while - * #gnutls_record_send adds minimal padding to each TLS record, + * This function operates like gnutls_record_send() but, while + * gnutls_record_send() adds minimal padding to each TLS record, * this function uses the TLS extra-padding feature to conceal the real * data size within the range of lengths provided. * Some TLS sessions do not support extra padding (e.g. stream ciphers in standard * TLS or SSL3 sessions). To know whether the current session supports extra - * padding, and hence length hiding, use the #gnutls_range_can_use_length_hiding + * padding, and hence length hiding, use the gnutls_record_can_use_length_hiding() * function. * * Returns: The number of bytes sent (that is data_size in a successful invocation), * or a negative error code. **/ ssize_t -gnutls_range_send_message (gnutls_session_t session, const void *data, - size_t data_size, const gnutls_range_st range) +gnutls_record_send_range (gnutls_session_t session, const void *data, + size_t data_size, const gnutls_range_st * range) { size_t sent = 0; size_t next_fragment_length; ssize_t ret; gnutls_range_st cur_range, next_range; - // sanity check on range and data size - if (range.low > range.high || - data_size < range.low || data_size > range.high) + /* sanity check on range and data size */ + if (range->low > range->high || + data_size < range->low || data_size > range->high) { - return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST); + return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST); } - ret = gnutls_range_can_use_length_hiding(session); + ret = gnutls_record_can_use_length_hiding (session); if (ret < 0) - { - return ret; // already gnutls_assert_val'd - } + return ret; /* already gnutls_assert_val'd */ - if (ret == 0 && range.low != range.high) - { - // Cannot use LH, but a range was given - return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST); - } + if (ret == 0 && range->low != range->high) + /* Cannot use LH, but a range was given */ + return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST); - _gnutls_set_range (&cur_range, range.low, range.high); + _gnutls_set_range (&cur_range, range->low, range->high); _gnutls_record_log - ("RANGE: Preparing message with size %d, range (%d,%d)\n", - (int) data_size, (int) range.low, (int) range.high); + ("RANGE: Preparing message with size %d, range (%d,%d)\n", + (int) data_size, (int) range->low, (int) range->high); while (cur_range.high != 0) { ret = - _gnutls_range_split (session, cur_range, &cur_range, - &next_range); + _gnutls_range_split (session, cur_range, &cur_range, + &next_range); if (ret < 0) { - return ret; // already gnutls_assert_val'd + return ret; /* already gnutls_assert_val'd */ } next_fragment_length = - _gnutls_range_fragment (data_size, cur_range, next_range); + _gnutls_range_fragment (data_size, cur_range, next_range); _gnutls_record_log - ("RANGE: Next fragment size: %d (%d,%d); remaining range: (%d,%d)\n", - (int) next_fragment_length, (int) cur_range.low, - (int) cur_range.high, (int) next_range.low, (int) next_range.high); + ("RANGE: Next fragment size: %d (%d,%d); remaining range: (%d,%d)\n", + (int) next_fragment_length, (int) cur_range.low, + (int) cur_range.high, (int) next_range.low, + (int) next_range.high); ret = _gnutls_send_tlen_int (session, GNUTLS_APPLICATION_DATA, -1, EPOCH_WRITE_CURRENT, @@ -275,13 +264,13 @@ gnutls_range_send_message (gnutls_session_t session, const void *data, cur_range.high); if (ret < 0) { - return ret; // already gnutls_assert_val'd + return ret; /* already gnutls_assert_val'd */ } if (ret != (ssize_t) next_fragment_length) { _gnutls_record_log - ("RANGE: ERROR: ret = %d; next_fragment_length = %d\n", (int) ret, - (int) next_fragment_length); + ("RANGE: ERROR: ret = %d; next_fragment_length = %d\n", + (int) ret, (int) next_fragment_length); return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR); } sent += next_fragment_length; diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 5162464fc8..1aa17d6be4 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -65,8 +65,27 @@ struct tls_record_st { /* the data */ }; +/* + * gnutls_record_disable_padding: + * @session: is a #gnutls_session_t structure. + * + * Used to disabled padding in TLS 1.0 and above. Normally you do not + * need to use this function, but there are buggy clients that + * complain if a server pads the encrypted data. This of course will + * disable protection against statistical attacks on the data. + * + * This functions is defunt since 3.1.7. Random padding is disabled + * by default unless requested using gnutls_range_send_message(). + * + **/ +void +gnutls_record_disable_padding (gnutls_session_t session) +{ + return; +} + /** - * gnutls_record_max_empty_records: + * gnutls_record_set_max_empty_records: * @session: is a #gnutls_session_t structure. * @i: is the desired value of maximum empty records that can be accepted in a row. * @@ -79,12 +98,11 @@ struct tls_record_st { * of empty fragments in a row, you can use this function to set the desired value. **/ void -gnutls_record_max_empty_records (gnutls_session_t session, const unsigned int i) +gnutls_record_set_max_empty_records (gnutls_session_t session, const unsigned int i) { session->internals.priorities.max_empty_records = i; } - /** * gnutls_transport_set_ptr: * @session: is a #gnutls_session_t structure. @@ -330,15 +348,6 @@ sequence_increment (gnutls_session_t session, * */ ssize_t -_gnutls_send_int (gnutls_session_t session, content_type_t type, - gnutls_handshake_description_t htype, - unsigned int epoch_rel, const void *_data, - size_t data_size, unsigned int mflags) -{ - return _gnutls_send_tlen_int(session,type,htype,epoch_rel,_data,data_size,mflags,data_size); -} - -ssize_t _gnutls_send_tlen_int (gnutls_session_t session, content_type_t type, gnutls_handshake_description_t htype, unsigned int epoch_rel, const void *_data, diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h index 8db38f290f..fdd182d8da 100644 --- a/lib/gnutls_record.h +++ b/lib/gnutls_record.h @@ -31,10 +31,16 @@ ssize_t _gnutls_send_tlen_int (gnutls_session_t session, content_type_t type, unsigned int epoch_rel, const void *data, size_t sizeofdata, unsigned int mflags, size_t targetlength); -ssize_t _gnutls_send_int (gnutls_session_t session, content_type_t type, - gnutls_handshake_description_t htype, - unsigned int epoch_rel, const void *data, - size_t sizeofdata, unsigned int mflags); + +inline static ssize_t +_gnutls_send_int (gnutls_session_t session, content_type_t type, + gnutls_handshake_description_t htype, + unsigned int epoch_rel, const void *_data, + size_t data_size, unsigned int mflags) +{ + return _gnutls_send_tlen_int(session,type,htype,epoch_rel,_data,data_size,mflags,data_size); +} + ssize_t _gnutls_recv_int (gnutls_session_t session, content_type_t type, gnutls_handshake_description_t, uint8_t * data, size_t sizeofdata, void* seq, unsigned int ms); diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 879340c4be..4504f9adef 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -884,6 +884,7 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session); int gnutls_heartbeat_pong (gnutls_session_t session, unsigned int flags); void gnutls_record_set_timeout (gnutls_session_t session, unsigned int ms); + void gnutls_record_disable_padding (gnutls_session_t session); typedef struct { size_t low; @@ -892,8 +893,8 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session); ssize_t gnutls_record_send (gnutls_session_t session, const void *data, size_t data_size); - ssize_t gnutls_range_send_message (gnutls_session_t session, const void *data, - size_t data_size, gnutls_range_st range); + ssize_t gnutls_record_send_range (gnutls_session_t session, const void *data, + size_t data_size, const gnutls_range_st *range); ssize_t gnutls_record_recv (gnutls_session_t session, void *data, size_t data_size); #define gnutls_read gnutls_record_recv @@ -902,10 +903,9 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session); unsigned char *seq); void gnutls_session_enable_compatibility_mode (gnutls_session_t session); + void gnutls_record_set_max_empty_records (gnutls_session_t session, const unsigned int i); - void gnutls_record_max_empty_records (gnutls_session_t session, const unsigned int i); - - int gnutls_range_can_use_length_hiding (gnutls_session_t session); + int gnutls_record_can_use_length_hiding (gnutls_session_t session); int gnutls_record_get_direction (gnutls_session_t session); diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 18b9054d46..8df827aff2 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -885,6 +885,10 @@ GNUTLS_3_1_0 { gnutls_x509_crq_set_dn; gnutls_x509_crt_set_issuer_dn; gnutls_session_force_valid; + gnutls_record_can_use_length_hiding; + gnutls_range_send_message; + gnutls_record_set_max_empty_records; + gnutls_record_send_range; } GNUTLS_3_0_0; GNUTLS_PRIVATE { diff --git a/src/cli-args.c b/src/cli-args.c index 85eb132840..e2906456ed 100644 --- a/src/cli-args.c +++ b/src/cli-args.c @@ -2,11 +2,11 @@ * * DO NOT EDIT THIS FILE (cli-args.c) * - * It has been AutoGen-ed January 22, 2013 at 05:25:25 PM by AutoGen 5.15 + * It has been AutoGen-ed January 23, 2013 at 09:03:04 PM by AutoGen 5.16 * From the definitions cli-args.def * and the template file options * - * Generated from AutoOpts 36:3:11 templates. + * Generated from AutoOpts 36:4:11 templates. * * AutoOpts is a copyrighted work. This source file is not encumbered * by AutoOpts licensing, but is provided under the licensing terms chosen @@ -39,6 +39,7 @@ * with this program. If not, see <http://www.gnu.org/licenses/>. */ +#ifndef __doxygen__ #define OPTION_CODE_COMPILE 1 #include "cli-args.h" #include <sys/types.h> @@ -58,7 +59,6 @@ extern FILE * option_usage_fp; #define zCopyright (gnutls_cli_opt_strs+0) #define zLicenseDescrip (gnutls_cli_opt_strs+281) -extern tUsageProc optionUsage; #ifndef NULL # define NULL 0 @@ -67,7 +67,7 @@ extern tUsageProc optionUsage; /* * gnutls-cli option static const strings */ -static char const gnutls_cli_opt_strs[3868] = +static char const gnutls_cli_opt_strs[3854] = /* 0 */ "gnutls-cli @VERSION@\n" "Copyright (C) 2000-2012 Free Software Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" @@ -196,41 +196,41 @@ static char const gnutls_cli_opt_strs[3868] = /* 2762 */ "Don't abort program if server certificate can't be validated\0" /* 2823 */ "INSECURE\0" /* 2832 */ "insecure\0" -/* 2841 */ "When possible, use length-hiding padding to prevent traffic analysis\0" -/* 2910 */ "RANGES\0" -/* 2917 */ "ranges\0" -/* 2924 */ "Benchmark individual ciphers\0" -/* 2953 */ "BENCHMARK_CIPHERS\0" -/* 2971 */ "benchmark-ciphers\0" -/* 2989 */ "Benchmark individual software ciphers (no hw acceleration)\0" -/* 3048 */ "BENCHMARK_SOFT_CIPHERS\0" -/* 3071 */ "benchmark-soft-ciphers\0" -/* 3094 */ "Benchmark TLS key exchange methods\0" -/* 3129 */ "BENCHMARK_TLS_KX\0" -/* 3146 */ "benchmark-tls-kx\0" -/* 3163 */ "Benchmark TLS ciphers\0" -/* 3185 */ "BENCHMARK_TLS_CIPHERS\0" -/* 3207 */ "benchmark-tls-ciphers\0" -/* 3229 */ "Print a list of the supported algorithms and modes\0" -/* 3280 */ "LIST\0" -/* 3285 */ "list\0" -/* 3290 */ "Display extended usage information and exit\0" -/* 3334 */ "help\0" -/* 3339 */ "Extended usage information passed thru pager\0" -/* 3384 */ "more-help\0" -/* 3394 */ "Output version information and exit\0" -/* 3430 */ "version\0" -/* 3438 */ "GNUTLS_CLI\0" -/* 3449 */ "gnutls-cli - GnuTLS client - Ver. @VERSION@\n" +/* 2841 */ "Use length-hiding padding to prevent traffic analysis\0" +/* 2895 */ "RANGES\0" +/* 2902 */ "ranges\0" +/* 2909 */ "Benchmark individual ciphers\0" +/* 2938 */ "BENCHMARK_CIPHERS\0" +/* 2956 */ "benchmark-ciphers\0" +/* 2974 */ "Benchmark individual software ciphers (no hw acceleration)\0" +/* 3033 */ "BENCHMARK_SOFT_CIPHERS\0" +/* 3056 */ "benchmark-soft-ciphers\0" +/* 3079 */ "Benchmark TLS key exchange methods\0" +/* 3114 */ "BENCHMARK_TLS_KX\0" +/* 3131 */ "benchmark-tls-kx\0" +/* 3148 */ "Benchmark TLS ciphers\0" +/* 3170 */ "BENCHMARK_TLS_CIPHERS\0" +/* 3192 */ "benchmark-tls-ciphers\0" +/* 3214 */ "Print a list of the supported algorithms and modes\0" +/* 3265 */ "LIST\0" +/* 3270 */ "list\0" +/* 3275 */ "Display extended usage information and exit\0" +/* 3319 */ "help\0" +/* 3324 */ "Extended usage information passed thru pager\0" +/* 3369 */ "more-help\0" +/* 3379 */ "Output version information and exit\0" +/* 3415 */ "version\0" +/* 3423 */ "GNUTLS_CLI\0" +/* 3434 */ "gnutls-cli - GnuTLS client - Ver. @VERSION@\n" "USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [hostname]\n\0" -/* 3562 */ "bug-gnutls@gnu.org\0" -/* 3581 */ "\n\n\0" -/* 3584 */ "\n" - "Simple client program to set up a TLS connection to some other computer.\n" - "It sets up a TLS connection and forwards data from the standard input to\n" - "the secured socket and vice versa.\n\0" -/* 3767 */ "gnutls-cli @VERSION@\0" -/* 3788 */ "Usage: gnutls-cli [options] hostname\n" +/* 3547 */ "bug-gnutls@gnu.org\0" +/* 3566 */ "\n\n\0" +/* 3569 */ "\n" + "Simple client program to set up a TLS connection to some other computer. It\n" + "sets up a TLS connection and forwards data from the standard input to the\n" + "secured socket and vice versa.\n\0" +/* 3753 */ "gnutls-cli @VERSION@\0" +/* 3774 */ "Usage: gnutls-cli [options] hostname\n" "gnutls-cli --help for usage instructions.\n"; /* @@ -562,58 +562,58 @@ static char const gnutls_cli_opt_strs[3868] = * ranges option description: */ #define RANGES_DESC (gnutls_cli_opt_strs+2841) -#define RANGES_NAME (gnutls_cli_opt_strs+2910) -#define RANGES_name (gnutls_cli_opt_strs+2917) +#define RANGES_NAME (gnutls_cli_opt_strs+2895) +#define RANGES_name (gnutls_cli_opt_strs+2902) #define RANGES_FLAGS (OPTST_DISABLED) /* * benchmark-ciphers option description: */ -#define BENCHMARK_CIPHERS_DESC (gnutls_cli_opt_strs+2924) -#define BENCHMARK_CIPHERS_NAME (gnutls_cli_opt_strs+2953) -#define BENCHMARK_CIPHERS_name (gnutls_cli_opt_strs+2971) +#define BENCHMARK_CIPHERS_DESC (gnutls_cli_opt_strs+2909) +#define BENCHMARK_CIPHERS_NAME (gnutls_cli_opt_strs+2938) +#define BENCHMARK_CIPHERS_name (gnutls_cli_opt_strs+2956) #define BENCHMARK_CIPHERS_FLAGS (OPTST_DISABLED) /* * benchmark-soft-ciphers option description: */ -#define BENCHMARK_SOFT_CIPHERS_DESC (gnutls_cli_opt_strs+2989) -#define BENCHMARK_SOFT_CIPHERS_NAME (gnutls_cli_opt_strs+3048) -#define BENCHMARK_SOFT_CIPHERS_name (gnutls_cli_opt_strs+3071) +#define BENCHMARK_SOFT_CIPHERS_DESC (gnutls_cli_opt_strs+2974) +#define BENCHMARK_SOFT_CIPHERS_NAME (gnutls_cli_opt_strs+3033) +#define BENCHMARK_SOFT_CIPHERS_name (gnutls_cli_opt_strs+3056) #define BENCHMARK_SOFT_CIPHERS_FLAGS (OPTST_DISABLED) /* * benchmark-tls-kx option description: */ -#define BENCHMARK_TLS_KX_DESC (gnutls_cli_opt_strs+3094) -#define BENCHMARK_TLS_KX_NAME (gnutls_cli_opt_strs+3129) -#define BENCHMARK_TLS_KX_name (gnutls_cli_opt_strs+3146) +#define BENCHMARK_TLS_KX_DESC (gnutls_cli_opt_strs+3079) +#define BENCHMARK_TLS_KX_NAME (gnutls_cli_opt_strs+3114) +#define BENCHMARK_TLS_KX_name (gnutls_cli_opt_strs+3131) #define BENCHMARK_TLS_KX_FLAGS (OPTST_DISABLED) /* * benchmark-tls-ciphers option description: */ -#define BENCHMARK_TLS_CIPHERS_DESC (gnutls_cli_opt_strs+3163) -#define BENCHMARK_TLS_CIPHERS_NAME (gnutls_cli_opt_strs+3185) -#define BENCHMARK_TLS_CIPHERS_name (gnutls_cli_opt_strs+3207) +#define BENCHMARK_TLS_CIPHERS_DESC (gnutls_cli_opt_strs+3148) +#define BENCHMARK_TLS_CIPHERS_NAME (gnutls_cli_opt_strs+3170) +#define BENCHMARK_TLS_CIPHERS_name (gnutls_cli_opt_strs+3192) #define BENCHMARK_TLS_CIPHERS_FLAGS (OPTST_DISABLED) /* * list option description: */ -#define LIST_DESC (gnutls_cli_opt_strs+3229) -#define LIST_NAME (gnutls_cli_opt_strs+3280) -#define LIST_name (gnutls_cli_opt_strs+3285) +#define LIST_DESC (gnutls_cli_opt_strs+3214) +#define LIST_NAME (gnutls_cli_opt_strs+3265) +#define LIST_name (gnutls_cli_opt_strs+3270) #define LIST_FLAGS (OPTST_DISABLED) /* * Help/More_Help/Version option descriptions: */ -#define HELP_DESC (gnutls_cli_opt_strs+3290) -#define HELP_name (gnutls_cli_opt_strs+3334) +#define HELP_DESC (gnutls_cli_opt_strs+3275) +#define HELP_name (gnutls_cli_opt_strs+3319) #ifdef HAVE_WORKING_FORK -#define MORE_HELP_DESC (gnutls_cli_opt_strs+3339) -#define MORE_HELP_name (gnutls_cli_opt_strs+3384) +#define MORE_HELP_DESC (gnutls_cli_opt_strs+3324) +#define MORE_HELP_name (gnutls_cli_opt_strs+3369) #define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT) #else #define MORE_HELP_DESC NULL @@ -626,8 +626,8 @@ static char const gnutls_cli_opt_strs[3868] = # define VER_FLAGS (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \ OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT) #endif -#define VER_DESC (gnutls_cli_opt_strs+3394) -#define VER_name (gnutls_cli_opt_strs+3430) +#define VER_DESC (gnutls_cli_opt_strs+3379) +#define VER_name (gnutls_cli_opt_strs+3415) /* * Declare option callback procedures */ @@ -641,9 +641,11 @@ static tOptProc doOptPgpkeyring, doOptRecordsize, doOptX509crlfile, doUsageOpt; #define VER_PROC optionPrintVersion -/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * - * - * Define the Gnutls_Cli Option Descriptions. +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ +/** + * Define the gnutls-cli Option Descriptions. + * This is an array of OPTION_CT entries, one for each + * option that the gnutls-cli program responds to. */ static tOptDesc optDesc[OPTION_CT] = { { /* entry idx, value */ 0, VALUE_OPT_DEBUG, @@ -1204,17 +1206,17 @@ static tOptDesc optDesc[OPTION_CT] = { /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * - * Define the Gnutls_Cli Option Environment + * Define the gnutls-cli Option Environment */ -#define zPROGNAME (gnutls_cli_opt_strs+3438) -#define zUsageTitle (gnutls_cli_opt_strs+3449) +#define zPROGNAME (gnutls_cli_opt_strs+3423) +#define zUsageTitle (gnutls_cli_opt_strs+3434) #define zRcName NULL #define apzHomeList NULL -#define zBugsAddr (gnutls_cli_opt_strs+3562) -#define zExplain (gnutls_cli_opt_strs+3581) -#define zDetail (gnutls_cli_opt_strs+3584) -#define zFullVersion (gnutls_cli_opt_strs+3767) -/* extracted from optcode.tlib near line 349 */ +#define zBugsAddr (gnutls_cli_opt_strs+3547) +#define zExplain (gnutls_cli_opt_strs+3566) +#define zDetail (gnutls_cli_opt_strs+3569) +#define zFullVersion (gnutls_cli_opt_strs+3753) +/* extracted from optcode.tlib near line 350 */ #if defined(ENABLE_NLS) # define OPTPROC_BASE OPTPROC_TRANSLATE | OPTPROC_NXLAT_OPT @@ -1227,22 +1229,27 @@ static tOptDesc optDesc[OPTION_CT] = { #define gnutls_cli_full_usage (NULL) -#define gnutls_cli_short_usage (gnutls_cli_opt_strs+3788) +#define gnutls_cli_short_usage (gnutls_cli_opt_strs+3774) + +#endif /* not defined __doxygen__ */ /* * Create the static procedure(s) declared above. */ /** - * The callout function that invokes the USAGE() macro. + * The callout function that invokes the optionUsage function. * * @param pOptions the AutoOpts option description structure * @param pOptDesc the descriptor for the "help" (usage) option. + * @noreturn */ static void doUsageOpt(tOptions * pOptions, tOptDesc * pOptDesc) { + optionUsage(&gnutls_cliOptions, GNUTLS_CLI_EXIT_SUCCESS); + /* NOTREACHED */ + (void)pOptDesc; (void)pOptions; - USAGE(GNUTLS_CLI_EXIT_SUCCESS); } /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ @@ -1436,12 +1443,19 @@ doOptPgpcertfile(tOptions* pOptions, tOptDesc* pOptDesc) optionFileCheck(pOptions, pOptDesc, type, mode); } -/* extracted from optmain.tlib near line 1093 */ +/* extracted from optmain.tlib near line 1113 */ +/** + * The directory containing the data associated with gnutls-cli. + */ #ifndef PKGDATADIR # define PKGDATADIR "" #endif +/** + * Information about the person or institution that packaged gnutls-cli + * for the current distribution. + */ #ifndef WITH_PACKAGER # define gnutls_cli_packager_info NULL #else @@ -1457,7 +1471,13 @@ static char const gnutls_cli_packager_info[] = # endif "\n"; #endif +#ifndef __doxygen__ +#endif /* __doxygen__ */ +/** + * The option definitions for gnutls-cli. The one structure that + * binds them all. + */ tOptions gnutls_cliOptions = { OPTIONS_STRUCT_VERSION, 0, NULL, /* original argc + argv */ @@ -1503,7 +1523,16 @@ tOptions gnutls_cliOptions = { static char* AO_gettext(char const* pz); static void coerce_it(void** s); -static char* +/** + * AutoGen specific wrapper function for gettext. + * It relies on the macro _() to convert from English to the target + * language, then strdup-duplicates the result string. + * + * @param[in] pz the input text used as a lookup key. + * @returns the translated text (if there is one), + * or the original text (if not). + */ +static char * AO_gettext(char const* pz) { char* pzRes; @@ -1523,8 +1552,9 @@ AO_gettext(char const* pz) static void coerce_it(void** s) { *s = AO_gettext(*s); } -/* - * This invokes the translation code (e.g. gettext(3)). +/** + * Translate all the translatable strings in the gnutls_cliOptions + * structure defined above. This is done only once. */ static void translate_option_strings(void) diff --git a/src/cli-args.def b/src/cli-args.def index 2b3e07e7ce..ea976edc00 100644 --- a/src/cli-args.def +++ b/src/cli-args.def @@ -273,8 +273,8 @@ flag = { flag = { name = ranges; - descrip = "When possible, use length-hiding padding to prevent traffic analysis"; - doc = ""; + descrip = "Use length-hiding padding to prevent traffic analysis"; + doc = "When possible (e.g., when %NEW_PADDING is specified), use length-hiding padding to prevent traffic analysis."; }; flag = { diff --git a/src/cli-args.h b/src/cli-args.h index 684e3972ba..e7809f48b9 100644 --- a/src/cli-args.h +++ b/src/cli-args.h @@ -2,11 +2,11 @@ * * DO NOT EDIT THIS FILE (cli-args.h) * - * It has been AutoGen-ed January 22, 2013 at 05:25:25 PM by AutoGen 5.15 + * It has been AutoGen-ed January 23, 2013 at 09:03:04 PM by AutoGen 5.16 * From the definitions cli-args.def * and the template file options * - * Generated from AutoOpts 36:3:11 templates. + * Generated from AutoOpts 36:4:11 templates. * * AutoOpts is a copyrighted work. This header file is not encumbered * by AutoOpts licensing, but is provided under the licensing terms chosen @@ -56,7 +56,7 @@ * tolerable version is at least as old as what was current when the header * template was released. */ -#define AO_TEMPLATE_VERSION 147459 +#define AO_TEMPLATE_VERSION 147460 #if (AO_TEMPLATE_VERSION < OPTIONS_MINIMUM_VERSION) \ || (AO_TEMPLATE_VERSION > OPTIONS_STRUCT_VERSION) # error option template version mismatches autoopts/options.h header @@ -146,7 +146,8 @@ typedef enum { */ typedef enum { GNUTLS_CLI_EXIT_SUCCESS = 0, - GNUTLS_CLI_EXIT_FAILURE = 1 + GNUTLS_CLI_EXIT_FAILURE = 1, + GNUTLS_CLI_EXIT_LIBOPTS_FAILURE = 70 } gnutls_cli_exit_code_t; /* * * * * * * @@ -216,7 +217,7 @@ typedef enum { gnutls_cliOptions.pzCurOpt = NULL) #define START_OPT RESTART_OPT(1) #define USAGE(c) (*gnutls_cliOptions.pUsageProc)(&gnutls_cliOptions, c) -/* extracted from opthead.tlib near line 469 */ +/* extracted from opthead.tlib near line 484 */ #ifdef __cplusplus extern "C" { @@ -1030,14 +1030,18 @@ after_handshake: bytes++; } } - if (ranges && gnutls_range_can_use_length_hiding(hd.session)) { - gnutls_range_st range; - range.low = 0; - range.high = MAX_BUF; - ret = socket_send_range (&hd, buffer, bytes, &range); - } else { + + if (ranges && gnutls_record_can_use_length_hiding(hd.session)) + { + gnutls_range_st range; + range.low = 0; + range.high = MAX_BUF; + ret = socket_send_range (&hd, buffer, bytes, &range); + } + else + { ret = socket_send(&hd, buffer, bytes); - } + } if (ret > 0) { diff --git a/src/socket.c b/src/socket.c index a0c8d64505..c8606a0958 100644 --- a/src/socket.c +++ b/src/socket.c @@ -85,11 +85,10 @@ socket_send_range (const socket_st * socket, const void *buffer, int buffer_size if (socket->secure) do { - if (range == NULL) { - ret = gnutls_record_send (socket->session, buffer, buffer_size); - } else { - ret = gnutls_range_send_message(socket->session, buffer, buffer_size, *range); - } + if (range == NULL) + ret = gnutls_record_send (socket->session, buffer, buffer_size); + else + ret = gnutls_record_send_range(socket->session, buffer, buffer_size, range); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); else diff --git a/src/socket.h b/src/socket.h index ac30d31515..c503aff705 100644 --- a/src/socket.h +++ b/src/socket.h @@ -16,7 +16,7 @@ ssize_t socket_recv (const socket_st * socket, void *buffer, int buffer_size); ssize_t socket_send (const socket_st * socket, const void *buffer, int buffer_size); ssize_t socket_send_range(const socket_st * socket, const void *buffer, - int buffer_size, gnutls_range_st *range); + int buffer_size, gnutls_range_st *range); void socket_open (socket_st * hd, const char *hostname, const char *service, int udp); void socket_bye (socket_st * socket); |