commit 16abaea132ac90293a868ecb944abce24fd16d9f parent 14a57219373afd8dd110ee8af89b32767c72c1dc Author: lv-426 <oxcafebaby@yahoo.com> Date: Sat, 26 Jul 2008 03:26:56 +0000 'microhttps.h' merge gnutls version added to configure.ac to enable assersion before running curl tests GNUTLS symbol renaming Diffstat:
69 files changed, 1791 insertions(+), 1812 deletions(-)
diff --git a/configure.ac b/configure.ac @@ -124,9 +124,11 @@ LIBS=$SAVE_LIBS # Lib cURL & cURL - OpenSSL versions MHD_REQ_CURL_VERSION=7.16.4 -MHD_REQ_CURL_SSL_VERSION=0.9.8 +MHD_REQ_CURL_OPENSSL_VERSION=0.9.8 +MHD_REQ_CURL_GNUTLS_VERSION=2.2.3 AC_DEFINE_UNQUOTED([MHD_REQ_CURL_VERSION], "$MHD_REQ_CURL_VERSION", [required cURL version to run tests]) -AC_DEFINE_UNQUOTED([MHD_REQ_CURL_SSL_VERSION], "$MHD_REQ_CURL_SSL_VERSION", [required cURL SSL version to run tests]) +AC_DEFINE_UNQUOTED([MHD_REQ_CURL_OPENSSL_VERSION], "$MHD_REQ_CURL_OPENSSL_VERSION", [required cURL SSL version to run tests]) +AC_DEFINE_UNQUOTED([MHD_REQ_CURL_GNUTLS_VERSION], "$MHD_REQ_CURL_GNUTLS_VERSION", [gnuTLS lib version - used in conjunction with cURL]) # large file support (> 4 GB) @@ -302,12 +304,32 @@ AM_CONDITIONAL(HAVE_LD_VERSION_SCRIPT, [test -n "" ] ) AM_CONDITIONAL(ENABLE_INCLUDED_OPENCDK, [test -n "" ] ) # Finally: summary -if test "$curl" != 1 -then - AC_MSG_NOTICE([WARNING: libcurl not found, testcases cannot be built.]) +if test "$curl" != 1 ; then + MSG_CURL="libcurl not found, building test won't be possible" +else + MSG_CURL="${_libcurl_with}/lib" fi if test "$gcrypt" != true then - AC_MSG_NOTICE([WARNING: libgcrypt not found, HTTPS supprot cannot be built.]) + MSG_GCRYPT="libgcrypt not found, HTTPS supprot cannot be built" +else + MSG_GCRYPT="${with_libgcrypt}/lib" fi +AC_MSG_NOTICE([Configured to build curl/libcurl: + Configuration Summery: + + os: ${host_os} + target dir: ${prefix} + messages: ${enable_messages} + HTTPS support: ${enable_HTTPS} + TLS support: ${enable_TLS} + SSLv3 support: ${enable_SSL} + OpenGPG support: ${enable_openpgp} + x509 support: ${enable_x509} + libgcrypt: ${MSG_GCRYPT} + + # Testing + libcurl: ${MSG_CURL} +]) + diff --git a/src/daemon/Makefile.am b/src/daemon/Makefile.am @@ -1,4 +1,5 @@ -SUBDIRS = . +# including '.' mixes up build order when HTTPS is enabled. +SUBDIRS = AM_CPPFLAGS = \ -I$(top_srcdir)/src/include \ @@ -38,8 +39,8 @@ if ENABLE_HTTPS SUBDIRS += https . libmicrohttpd_la_SOURCES += connection_https.c libmicrohttpd_la_LIBADD = \ - https/x509/libx509.la \ https/lgl/liblgl.la \ + https/x509/libx509.la \ https/tls/libtls.la \ https/minitasn1/libasn1.la \ https/opencdk/libopencdk.la \ diff --git a/src/daemon/connection.c b/src/daemon/connection.c @@ -284,9 +284,9 @@ try_ready_normal_body (struct MHD_Connection *connection) ret = response->crc (response->crc_cls, connection->response_write_position, response->data, - MHD_MIN(response->data_buffer_size, - response->total_size - - connection->response_write_position)); + MHD_MIN (response->data_buffer_size, + response->total_size - + connection->response_write_position)); if (ret == -1) { /* either error or http 1.0 transfer, close @@ -323,7 +323,7 @@ try_ready_chunked_body (struct MHD_Connection *connection) char *buf; struct MHD_Response *response; unsigned int size; - char cbuf[10]; /* 10: max strlen of "%x\r\n" */ + char cbuf[10]; /* 10: max strlen of "%x\r\n" */ int cblen; response = connection->response; @@ -354,8 +354,8 @@ try_ready_chunked_body (struct MHD_Connection *connection) ret = response->crc (response->crc_cls, connection->response_write_position, - &connection->write_buffer[sizeof(cbuf)], - connection->write_buffer_size - sizeof(cbuf) - 2); + &connection->write_buffer[sizeof (cbuf)], + connection->write_buffer_size - sizeof (cbuf) - 2); if (ret == -1) { /* end of message, signal other side! */ @@ -372,13 +372,13 @@ try_ready_chunked_body (struct MHD_Connection *connection) } if (ret > 0xFFFFFF) ret = 0xFFFFFF; - cblen = snprintf (cbuf, sizeof(cbuf), "%X\r\n", ret); - EXTRA_CHECK(cblen <= sizeof(cbuf)); - memcpy (&connection->write_buffer[sizeof(cbuf) - cblen], cbuf, cblen); - memcpy (&connection->write_buffer[sizeof(cbuf) + ret], "\r\n", 2); + cblen = snprintf (cbuf, sizeof (cbuf), "%X\r\n", ret); + EXTRA_CHECK (cblen <= sizeof (cbuf)); + memcpy (&connection->write_buffer[sizeof (cbuf) - cblen], cbuf, cblen); + memcpy (&connection->write_buffer[sizeof (cbuf) + ret], "\r\n", 2); connection->response_write_position += ret; - connection->write_buffer_send_offset = sizeof(cbuf) - cblen; - connection->write_buffer_append_offset = sizeof(cbuf) + ret + 2; + connection->write_buffer_send_offset = sizeof (cbuf) - cblen; + connection->write_buffer_append_offset = sizeof (cbuf) + ret + 2; return MHD_YES; } diff --git a/src/daemon/connection_https.c b/src/daemon/connection_https.c @@ -32,7 +32,7 @@ #include "response.h" #include "reason_phrase.h" -#include "microhttpsd.h" +#include "microhttpd.h" /* get opaque type */ #include "gnutls_int.h" #include "gnutls_record.h" @@ -69,8 +69,7 @@ MHD_tls_connection_close_err (struct MHD_Connection *connection) } union MHD_SessionInfo -MHD_get_tls_session_info (struct MHD_Connection *con, - enum MHD_InfoType infoType) +MHD_get_session_info (struct MHD_Connection *con, enum MHD_InfoType infoType) { /* return NULL if this isn't a SSL/TLS type connection */ if (con->tls_session == NULL) diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c @@ -105,9 +105,9 @@ MHDS_init (struct MHD_Daemon *daemon) } else if (daemon->https_mem_cert && daemon->https_mem_key) { - key.data = (char*) daemon->https_mem_key; + key.data = (char *) daemon->https_mem_key; key.size = strlen (daemon->https_mem_key); - cert.data = (char*) daemon->https_mem_cert; + cert.data = (char *) daemon->https_mem_cert; cert.size = strlen (daemon->https_mem_cert); gnutls_certificate_set_x509_key_mem (daemon->x509_cret, &cert, &key, @@ -127,7 +127,7 @@ MHDS_init (struct MHD_Daemon *daemon) { /* initialize Diffie Hellman parameters if necessary */ /* TODO add other cipher suits */ - if (st.priority[i] == GNUTLS_KX_DHE_RSA) + if (st.priority[i] == MHD_GNUTLS_KX_DHE_RSA) { gnutls_dh_params_init (&daemon->dh_params); gnutls_dh_params_generate2 (daemon->dh_params, 1024); @@ -318,7 +318,7 @@ MHDS_handle_connection (void *data) gnutls_priority_set (con->tls_session, con->daemon->priority_cache); /* set needed credentials for certificate authentication. */ - gnutls_credentials_set (con->tls_session, GNUTLS_CRD_CERTIFICATE, + gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_CERTIFICATE, con->daemon->x509_cret); /* TODO avoid gnutls blocking recv / write calls diff --git a/src/daemon/daemon_test.c b/src/daemon/daemon_test.c @@ -25,6 +25,7 @@ */ #include "config.h" +#include "platform.h" #include "microhttpd.h" #include <stdlib.h> #include <string.h> diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h @@ -64,7 +64,7 @@ extern "C" #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128 -#include "microhttpsd.h" +#include "microhttpd.h" typedef enum { @@ -491,10 +491,6 @@ extern "C" void gnutls_handshake_set_max_packet_length (gnutls_session_t session, size_t max); -/* returns libgnutls version (call it with a NULL argument) - */ - const char *gnutls_check_version (const char *req_version); - /* Functions for setting/clearing credentials */ void gnutls_credentials_clear (gnutls_session_t session); diff --git a/src/daemon/https/lgl/gc-gnulib.c b/src/daemon/https/lgl/gc-gnulib.c @@ -67,12 +67,14 @@ #undef open #undef close -Gc_rc gc_init(void) +Gc_rc +gc_init (void) { return GC_OK; } -void gc_done(void) +void +gc_done (void) { return; } @@ -83,85 +85,85 @@ void gc_done(void) static Gc_rc randomize (int level, char *data, size_t datalen) - { - int fd; - const char *device; - size_t len = 0; - int rc; +{ + int fd; + const char *device; + size_t len = 0; + int rc; - switch (level) - { - case 0: - device = NAME_OF_NONCE_DEVICE; - break; + switch (level) + { + case 0: + device = NAME_OF_NONCE_DEVICE; + break; - case 1: - device = NAME_OF_PSEUDO_RANDOM_DEVICE; - break; + case 1: + device = NAME_OF_PSEUDO_RANDOM_DEVICE; + break; - default: - device = NAME_OF_RANDOM_DEVICE; - break; - } + default: + device = NAME_OF_RANDOM_DEVICE; + break; + } - if (strcmp (device, "no") == 0) + if (strcmp (device, "no") == 0) return GC_RANDOM_ERROR; - fd = open (device, O_RDONLY); - if (fd < 0) + fd = open (device, O_RDONLY); + if (fd < 0) return GC_RANDOM_ERROR; - do - { - ssize_t tmp; + do + { + ssize_t tmp; - tmp = read (fd, data, datalen); + tmp = read (fd, data, datalen); - if (tmp < 0) - { - int save_errno = errno; - close (fd); - errno = save_errno; - return GC_RANDOM_ERROR; - } + if (tmp < 0) + { + int save_errno = errno; + close (fd); + errno = save_errno; + return GC_RANDOM_ERROR; + } - len += tmp; - } - while (len < datalen); + len += tmp; + } + while (len < datalen); - rc = close (fd); - if (rc < 0) + rc = close (fd); + if (rc < 0) return GC_RANDOM_ERROR; - return GC_OK; - } + return GC_OK; +} Gc_rc gc_nonce (char *data, size_t datalen) - { - return randomize (0, data, datalen); - } +{ + return randomize (0, data, datalen); +} Gc_rc gc_pseudo_random (char *data, size_t datalen) - { - return randomize (1, data, datalen); - } +{ + return randomize (1, data, datalen); +} Gc_rc gc_random (char *data, size_t datalen) - { - return randomize (2, data, datalen); - } +{ + return randomize (2, data, datalen); +} #endif /* Memory allocation. */ -void gc_set_allocators(gc_malloc_t func_malloc, - gc_malloc_t secure_malloc, - gc_secure_check_t secure_check, - gc_realloc_t func_realloc, - gc_free_t func_free) +void +gc_set_allocators (gc_malloc_t func_malloc, + gc_malloc_t secure_malloc, + gc_secure_check_t secure_check, + gc_realloc_t func_realloc, gc_free_t func_free) { return; } @@ -169,9 +171,9 @@ void gc_set_allocators(gc_malloc_t func_malloc, /* Ciphers. */ typedef struct _gc_cipher_ctx - { - Gc_cipher alg; - Gc_cipher_mode mode; +{ + Gc_cipher alg; + Gc_cipher_mode mode; #ifdef GNULIB_GC_ARCTWO arctwo_context arctwoContext; char arctwoIV[ARCTWO_BLOCK_SIZE]; @@ -187,16 +189,16 @@ typedef struct _gc_cipher_ctx rijndaelKeyInstance aesDecKey; rijndaelCipherInstance aesContext; #endif - } _gc_cipher_ctx; +} _gc_cipher_ctx; -Gc_rc gc_cipher_open(Gc_cipher alg, - Gc_cipher_mode mode, - gc_cipher_handle * outhandle) +Gc_rc +gc_cipher_open (Gc_cipher alg, + Gc_cipher_mode mode, gc_cipher_handle * outhandle) { _gc_cipher_ctx *ctx; Gc_rc rc = GC_OK; - ctx = calloc(sizeof (*ctx), 1); + ctx = calloc (sizeof (*ctx), 1); if (!ctx) return GC_MALLOC_ERROR; @@ -206,344 +208,341 @@ Gc_rc gc_cipher_open(Gc_cipher alg, switch (alg) { #ifdef GNULIB_GC_ARCTWO - case GC_ARCTWO40: - switch (mode) - { - case GC_ECB: - case GC_CBC: - break; + case GC_ARCTWO40: + switch (mode) + { + case GC_ECB: + case GC_CBC: + break; - default: - rc = GC_INVALID_CIPHER; - } - break; + default: + rc = GC_INVALID_CIPHER; + } + break; #endif #ifdef GNULIB_GC_ARCFOUR - case GC_ARCFOUR128: - case GC_ARCFOUR40: - switch (mode) - { - case GC_STREAM: - break; + case GC_ARCFOUR128: + case GC_ARCFOUR40: + switch (mode) + { + case GC_STREAM: + break; - default: - rc = GC_INVALID_CIPHER; - } - break; + default: + rc = GC_INVALID_CIPHER; + } + break; #endif #ifdef GNULIB_GC_DES - case GC_DES: - switch (mode) - { - case GC_ECB: - break; + case GC_DES: + switch (mode) + { + case GC_ECB: + break; - default: - rc = GC_INVALID_CIPHER; - } - break; + default: + rc = GC_INVALID_CIPHER; + } + break; #endif #ifdef GNULIB_GC_RIJNDAEL - case GC_AES128: - case GC_AES192: - case GC_AES256: - switch (mode) - { - case GC_ECB: - case GC_CBC: - break; + case GC_AES128: + case GC_AES192: + case GC_AES256: + switch (mode) + { + case GC_ECB: + case GC_CBC: + break; - default: - rc = GC_INVALID_CIPHER; - } - break; + default: + rc = GC_INVALID_CIPHER; + } + break; #endif - default: - rc = GC_INVALID_CIPHER; + default: + rc = GC_INVALID_CIPHER; } if (rc == GC_OK) *outhandle = ctx; else - free(ctx); + free (ctx); return rc; } -Gc_rc gc_cipher_setkey(gc_cipher_handle handle, - size_t keylen, - const char *key) +Gc_rc +gc_cipher_setkey (gc_cipher_handle handle, size_t keylen, const char *key) { _gc_cipher_ctx *ctx = handle; switch (ctx->alg) { #ifdef GNULIB_GC_ARCTWO - case GC_ARCTWO40: - arctwo_setkey (&ctx->arctwoContext, keylen, key); - break; + case GC_ARCTWO40: + arctwo_setkey (&ctx->arctwoContext, keylen, key); + break; #endif #ifdef GNULIB_GC_ARCFOUR - case GC_ARCFOUR128: - case GC_ARCFOUR40: - arcfour_setkey (&ctx->arcfourContext, key, keylen); - break; + case GC_ARCFOUR128: + case GC_ARCFOUR40: + arcfour_setkey (&ctx->arcfourContext, key, keylen); + break; #endif #ifdef GNULIB_GC_DES - case GC_DES: - if (keylen != 8) - return GC_INVALID_CIPHER; - gl_des_setkey (&ctx->desContext, key); - break; + case GC_DES: + if (keylen != 8) + return GC_INVALID_CIPHER; + gl_des_setkey (&ctx->desContext, key); + break; #endif #ifdef GNULIB_GC_RIJNDAEL - case GC_AES128: - case GC_AES192: - case GC_AES256: - { - rijndael_rc rc; - size_t i; - char keyMaterial[RIJNDAEL_MAX_KEY_SIZE + 1]; + case GC_AES128: + case GC_AES192: + case GC_AES256: + { + rijndael_rc rc; + size_t i; + char keyMaterial[RIJNDAEL_MAX_KEY_SIZE + 1]; - for (i = 0; i < keylen; i++) - sprintf (&keyMaterial[2 * i], "%02x", key[i] & 0xFF); + for (i = 0; i < keylen; i++) + sprintf (&keyMaterial[2 * i], "%02x", key[i] & 0xFF); - rc = rijndaelMakeKey (&ctx->aesEncKey, RIJNDAEL_DIR_ENCRYPT, - keylen * 8, keyMaterial); - if (rc < 0) - return GC_INVALID_CIPHER; + rc = rijndaelMakeKey (&ctx->aesEncKey, RIJNDAEL_DIR_ENCRYPT, + keylen * 8, keyMaterial); + if (rc < 0) + return GC_INVALID_CIPHER; - rc = rijndaelMakeKey (&ctx->aesDecKey, RIJNDAEL_DIR_DECRYPT, - keylen * 8, keyMaterial); - if (rc < 0) - return GC_INVALID_CIPHER; + rc = rijndaelMakeKey (&ctx->aesDecKey, RIJNDAEL_DIR_DECRYPT, + keylen * 8, keyMaterial); + if (rc < 0) + return GC_INVALID_CIPHER; - rc = rijndaelCipherInit (&ctx->aesContext, RIJNDAEL_MODE_ECB, NULL); - if (rc < 0) - return GC_INVALID_CIPHER; - } - break; + rc = rijndaelCipherInit (&ctx->aesContext, RIJNDAEL_MODE_ECB, NULL); + if (rc < 0) + return GC_INVALID_CIPHER; + } + break; #endif - default: - return GC_INVALID_CIPHER; + default: + return GC_INVALID_CIPHER; } return GC_OK; } -Gc_rc gc_cipher_setiv(gc_cipher_handle handle, - size_t ivlen, - const char *iv) +Gc_rc +gc_cipher_setiv (gc_cipher_handle handle, size_t ivlen, const char *iv) { _gc_cipher_ctx *ctx = handle; switch (ctx->alg) { #ifdef GNULIB_GC_ARCTWO - case GC_ARCTWO40: - if (ivlen != ARCTWO_BLOCK_SIZE) - return GC_INVALID_CIPHER; - memcpy (ctx->arctwoIV, iv, ivlen); - break; + case GC_ARCTWO40: + if (ivlen != ARCTWO_BLOCK_SIZE) + return GC_INVALID_CIPHER; + memcpy (ctx->arctwoIV, iv, ivlen); + break; #endif #ifdef GNULIB_GC_RIJNDAEL - case GC_AES128: - case GC_AES192: - case GC_AES256: - switch (ctx->mode) - { - case GC_ECB: - /* Doesn't use IV. */ - break; - - case GC_CBC: + case GC_AES128: + case GC_AES192: + case GC_AES256: + switch (ctx->mode) { - rijndael_rc rc; - size_t i; - char ivMaterial[2 * RIJNDAEL_MAX_IV_SIZE + 1]; + case GC_ECB: + /* Doesn't use IV. */ + break; - for (i = 0; i < ivlen; i++) - sprintf (&ivMaterial[2 * i], "%02x", iv[i] & 0xFF); + case GC_CBC: + { + rijndael_rc rc; + size_t i; + char ivMaterial[2 * RIJNDAEL_MAX_IV_SIZE + 1]; + + for (i = 0; i < ivlen; i++) + sprintf (&ivMaterial[2 * i], "%02x", iv[i] & 0xFF); + + rc = rijndaelCipherInit (&ctx->aesContext, RIJNDAEL_MODE_CBC, + ivMaterial); + if (rc < 0) + return GC_INVALID_CIPHER; + } + break; - rc = rijndaelCipherInit (&ctx->aesContext, RIJNDAEL_MODE_CBC, - ivMaterial); - if (rc < 0) + default: return GC_INVALID_CIPHER; } break; - - default: - return GC_INVALID_CIPHER; - } - break; #endif - default: - return GC_INVALID_CIPHER; + default: + return GC_INVALID_CIPHER; } return GC_OK; } -Gc_rc gc_cipher_encrypt_inline(gc_cipher_handle handle, - size_t len, - char *data) +Gc_rc +gc_cipher_encrypt_inline (gc_cipher_handle handle, size_t len, char *data) { _gc_cipher_ctx *ctx = handle; switch (ctx->alg) { #ifdef GNULIB_GC_ARCTWO - case GC_ARCTWO40: - switch (ctx->mode) - { - case GC_ECB: - arctwo_encrypt (&ctx->arctwoContext, data, data, len); - break; - - case GC_CBC: - for (; len >= ARCTWO_BLOCK_SIZE; len -= ARCTWO_BLOCK_SIZE, - data += ARCTWO_BLOCK_SIZE) + case GC_ARCTWO40: + switch (ctx->mode) { - size_t i; - for (i = 0; i < ARCTWO_BLOCK_SIZE; i++) - data[i] ^= ctx->arctwoIV[i]; - arctwo_encrypt (&ctx->arctwoContext, data, data, - ARCTWO_BLOCK_SIZE); - memcpy (ctx->arctwoIV, data, ARCTWO_BLOCK_SIZE); + case GC_ECB: + arctwo_encrypt (&ctx->arctwoContext, data, data, len); + break; + + case GC_CBC: + for (; len >= ARCTWO_BLOCK_SIZE; len -= ARCTWO_BLOCK_SIZE, + data += ARCTWO_BLOCK_SIZE) + { + size_t i; + for (i = 0; i < ARCTWO_BLOCK_SIZE; i++) + data[i] ^= ctx->arctwoIV[i]; + arctwo_encrypt (&ctx->arctwoContext, data, data, + ARCTWO_BLOCK_SIZE); + memcpy (ctx->arctwoIV, data, ARCTWO_BLOCK_SIZE); + } + break; + + default: + return GC_INVALID_CIPHER; } break; - - default: - return GC_INVALID_CIPHER; - } - break; #endif #ifdef GNULIB_GC_ARCFOUR - case GC_ARCFOUR128: - case GC_ARCFOUR40: - arcfour_stream (&ctx->arcfourContext, data, data, len); - break; + case GC_ARCFOUR128: + case GC_ARCFOUR40: + arcfour_stream (&ctx->arcfourContext, data, data, len); + break; #endif #ifdef GNULIB_GC_DES - case GC_DES: - for (; len >= 8; len -= 8, data += 8) - gl_des_ecb_encrypt (&ctx->desContext, data, data); - break; + case GC_DES: + for (; len >= 8; len -= 8, data += 8) + gl_des_ecb_encrypt (&ctx->desContext, data, data); + break; #endif #ifdef GNULIB_GC_RIJNDAEL - case GC_AES128: - case GC_AES192: - case GC_AES256: - { - int nblocks; + case GC_AES128: + case GC_AES192: + case GC_AES256: + { + int nblocks; - nblocks = rijndaelBlockEncrypt (&ctx->aesContext, &ctx->aesEncKey, - data, 8 * len, data); - if (nblocks < 0) - return GC_INVALID_CIPHER; - } - break; + nblocks = rijndaelBlockEncrypt (&ctx->aesContext, &ctx->aesEncKey, + data, 8 * len, data); + if (nblocks < 0) + return GC_INVALID_CIPHER; + } + break; #endif - default: - return GC_INVALID_CIPHER; + default: + return GC_INVALID_CIPHER; } return GC_OK; } -Gc_rc gc_cipher_decrypt_inline(gc_cipher_handle handle, - size_t len, - char *data) +Gc_rc +gc_cipher_decrypt_inline (gc_cipher_handle handle, size_t len, char *data) { _gc_cipher_ctx *ctx = handle; switch (ctx->alg) { #ifdef GNULIB_GC_ARCTWO - case GC_ARCTWO40: - switch (ctx->mode) - { - case GC_ECB: - arctwo_decrypt (&ctx->arctwoContext, data, data, len); - break; - - case GC_CBC: - for (; len >= ARCTWO_BLOCK_SIZE; len -= ARCTWO_BLOCK_SIZE, - data += ARCTWO_BLOCK_SIZE) + case GC_ARCTWO40: + switch (ctx->mode) { - char tmpIV[ARCTWO_BLOCK_SIZE]; - size_t i; - memcpy (tmpIV, data, ARCTWO_BLOCK_SIZE); - arctwo_decrypt (&ctx->arctwoContext, data, data, - ARCTWO_BLOCK_SIZE); - for (i = 0; i < ARCTWO_BLOCK_SIZE; i++) - data[i] ^= ctx->arctwoIV[i]; - memcpy (ctx->arctwoIV, tmpIV, ARCTWO_BLOCK_SIZE); + case GC_ECB: + arctwo_decrypt (&ctx->arctwoContext, data, data, len); + break; + + case GC_CBC: + for (; len >= ARCTWO_BLOCK_SIZE; len -= ARCTWO_BLOCK_SIZE, + data += ARCTWO_BLOCK_SIZE) + { + char tmpIV[ARCTWO_BLOCK_SIZE]; + size_t i; + memcpy (tmpIV, data, ARCTWO_BLOCK_SIZE); + arctwo_decrypt (&ctx->arctwoContext, data, data, + ARCTWO_BLOCK_SIZE); + for (i = 0; i < ARCTWO_BLOCK_SIZE; i++) + data[i] ^= ctx->arctwoIV[i]; + memcpy (ctx->arctwoIV, tmpIV, ARCTWO_BLOCK_SIZE); + } + break; + + default: + return GC_INVALID_CIPHER; } break; - - default: - return GC_INVALID_CIPHER; - } - break; #endif #ifdef GNULIB_GC_ARCFOUR - case GC_ARCFOUR128: - case GC_ARCFOUR40: - arcfour_stream (&ctx->arcfourContext, data, data, len); - break; + case GC_ARCFOUR128: + case GC_ARCFOUR40: + arcfour_stream (&ctx->arcfourContext, data, data, len); + break; #endif #ifdef GNULIB_GC_DES - case GC_DES: - for (; len >= 8; len -= 8, data += 8) - gl_des_ecb_decrypt (&ctx->desContext, data, data); - break; + case GC_DES: + for (; len >= 8; len -= 8, data += 8) + gl_des_ecb_decrypt (&ctx->desContext, data, data); + break; #endif #ifdef GNULIB_GC_RIJNDAEL - case GC_AES128: - case GC_AES192: - case GC_AES256: - { - int nblocks; + case GC_AES128: + case GC_AES192: + case GC_AES256: + { + int nblocks; - nblocks = rijndaelBlockDecrypt (&ctx->aesContext, &ctx->aesDecKey, - data, 8 * len, data); - if (nblocks < 0) - return GC_INVALID_CIPHER; - } - break; + nblocks = rijndaelBlockDecrypt (&ctx->aesContext, &ctx->aesDecKey, + data, 8 * len, data); + if (nblocks < 0) + return GC_INVALID_CIPHER; + } + break; #endif - default: - return GC_INVALID_CIPHER; + default: + return GC_INVALID_CIPHER; } return GC_OK; } -Gc_rc gc_cipher_close(gc_cipher_handle handle) +Gc_rc +gc_cipher_close (gc_cipher_handle handle) { _gc_cipher_ctx *ctx = handle; if (ctx) - free(ctx); + free (ctx); return GC_OK; } @@ -553,26 +552,25 @@ Gc_rc gc_cipher_close(gc_cipher_handle handle) #define MAX_DIGEST_SIZE 20 typedef struct _gc_hash_ctx - { - Gc_hash alg; - Gc_hash_mode mode; - char hash[MAX_DIGEST_SIZE]; +{ + Gc_hash alg; + Gc_hash_mode mode; + char hash[MAX_DIGEST_SIZE]; #ifdef GNULIB_GC_MD5 struct md5_ctx md5Context; #endif #ifdef GNULIB_GC_SHA1 struct sha1_ctx sha1Context; #endif - } _gc_hash_ctx; +} _gc_hash_ctx; -Gc_rc gc_hash_open(Gc_hash hash, - Gc_hash_mode mode, - gc_hash_handle * outhandle) +Gc_rc +gc_hash_open (Gc_hash hash, Gc_hash_mode mode, gc_hash_handle * outhandle) { _gc_hash_ctx *ctx; Gc_rc rc = GC_OK; - ctx = calloc(sizeof (*ctx), 1); + ctx = calloc (sizeof (*ctx), 1); if (!ctx) return GC_MALLOC_ERROR; @@ -582,169 +580,169 @@ Gc_rc gc_hash_open(Gc_hash hash, switch (hash) { #ifdef GNULIB_GC_MD5 - case GC_MD5: - md5_init_ctx (&ctx->md5Context); - break; + case GC_MD5: + md5_init_ctx (&ctx->md5Context); + break; #endif #ifdef GNULIB_GC_SHA1 - case GC_SHA1: - sha1_init_ctx (&ctx->sha1Context); - break; + case GC_SHA1: + sha1_init_ctx (&ctx->sha1Context); + break; #endif - default: - rc = GC_INVALID_HASH; - break; + default: + rc = GC_INVALID_HASH; + break; } switch (mode) { - case 0: - break; + case 0: + break; - default: - rc = GC_INVALID_HASH; - break; + default: + rc = GC_INVALID_HASH; + break; } if (rc == GC_OK) *outhandle = ctx; else - free(ctx); + free (ctx); return rc; } -Gc_rc gc_hash_clone(gc_hash_handle handle, - gc_hash_handle * outhandle) +Gc_rc +gc_hash_clone (gc_hash_handle handle, gc_hash_handle * outhandle) { _gc_hash_ctx *in = handle; _gc_hash_ctx *out; - *outhandle = out = calloc(sizeof (*out), 1); + *outhandle = out = calloc (sizeof (*out), 1); if (!out) return GC_MALLOC_ERROR; - memcpy(out, in, sizeof (*out)); + memcpy (out, in, sizeof (*out)); return GC_OK; } -size_t gc_hash_digest_length(Gc_hash hash) +size_t +gc_hash_digest_length (Gc_hash hash) { size_t len; switch (hash) { - case GC_MD2: - len = GC_MD2_DIGEST_SIZE; - break; + case GC_MD2: + len = GC_MD2_DIGEST_SIZE; + break; - case GC_MD4: - len = GC_MD4_DIGEST_SIZE; - break; + case GC_MD4: + len = GC_MD4_DIGEST_SIZE; + break; - case GC_MD5: - len = GC_MD5_DIGEST_SIZE; - break; + case GC_MD5: + len = GC_MD5_DIGEST_SIZE; + break; - case GC_RMD160: - len = GC_RMD160_DIGEST_SIZE; - break; + case GC_RMD160: + len = GC_RMD160_DIGEST_SIZE; + break; - case GC_SHA1: - len = GC_SHA1_DIGEST_SIZE; - break; + case GC_SHA1: + len = GC_SHA1_DIGEST_SIZE; + break; - default: - return 0; + default: + return 0; } return len; } -void gc_hash_write(gc_hash_handle handle, - size_t len, - const char *data) +void +gc_hash_write (gc_hash_handle handle, size_t len, const char *data) { _gc_hash_ctx *ctx = handle; switch (ctx->alg) { #ifdef GNULIB_GC_MD5 - case GC_MD5: - md5_process_bytes (data, len, &ctx->md5Context); - break; + case GC_MD5: + md5_process_bytes (data, len, &ctx->md5Context); + break; #endif #ifdef GNULIB_GC_SHA1 - case GC_SHA1: - sha1_process_bytes (data, len, &ctx->sha1Context); - break; + case GC_SHA1: + sha1_process_bytes (data, len, &ctx->sha1Context); + break; #endif - default: - break; + default: + break; } } -const char * gc_hash_read(gc_hash_handle handle) +const char * +gc_hash_read (gc_hash_handle handle) { _gc_hash_ctx *ctx = handle; - const char *ret= NULL; + const char *ret = NULL; switch (ctx->alg) { #ifdef GNULIB_GC_MD5 - case GC_MD5: - md5_finish_ctx (&ctx->md5Context, ctx->hash); - ret = ctx->hash; - break; + case GC_MD5: + md5_finish_ctx (&ctx->md5Context, ctx->hash); + ret = ctx->hash; + break; #endif #ifdef GNULIB_GC_SHA1 - case GC_SHA1: - sha1_finish_ctx (&ctx->sha1Context, ctx->hash); - ret = ctx->hash; - break; + case GC_SHA1: + sha1_finish_ctx (&ctx->sha1Context, ctx->hash); + ret = ctx->hash; + break; #endif - default: - return NULL; + default: + return NULL; } return ret; } -void gc_hash_close(gc_hash_handle handle) +void +gc_hash_close (gc_hash_handle handle) { _gc_hash_ctx *ctx = handle; - free(ctx); + free (ctx); } -Gc_rc gc_hash_buffer(Gc_hash hash, - const void *in, - size_t inlen, - char *resbuf) +Gc_rc +gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *resbuf) { switch (hash) { #ifdef GNULIB_GC_MD5 - case GC_MD5: - md5_buffer (in, inlen, resbuf); - break; + case GC_MD5: + md5_buffer (in, inlen, resbuf); + break; #endif #ifdef GNULIB_GC_SHA1 - case GC_SHA1: - sha1_buffer (in, inlen, resbuf); - break; + case GC_SHA1: + sha1_buffer (in, inlen, resbuf); + break; #endif - default: - return GC_INVALID_HASH; + default: + return GC_INVALID_HASH; } return GC_OK; @@ -753,39 +751,37 @@ Gc_rc gc_hash_buffer(Gc_hash hash, #ifdef GNULIB_GC_MD5 Gc_rc gc_md5 (const void *in, size_t inlen, void *resbuf) - { - md5_buffer (in, inlen, resbuf); - return GC_OK; - } +{ + md5_buffer (in, inlen, resbuf); + return GC_OK; +} #endif #ifdef GNULIB_GC_SHA1 Gc_rc gc_sha1 (const void *in, size_t inlen, void *resbuf) - { - sha1_buffer (in, inlen, resbuf); - return GC_OK; - } +{ + sha1_buffer (in, inlen, resbuf); + return GC_OK; +} #endif #ifdef GNULIB_GC_HMAC_MD5 Gc_rc gc_hmac_md5 (const void *key, size_t keylen, - const void *in, size_t inlen, char *resbuf) - { - hmac_md5 (key, keylen, in, inlen, resbuf); - return GC_OK; - } + const void *in, size_t inlen, char *resbuf) +{ + hmac_md5 (key, keylen, in, inlen, resbuf); + return GC_OK; +} #endif #ifdef GNULIB_GC_HMAC_SHA1 -Gc_rc gc_hmac_sha1(const void *key, - size_t keylen, - const void *in, - size_t inlen, - char *resbuf) +Gc_rc +gc_hmac_sha1 (const void *key, + size_t keylen, const void *in, size_t inlen, char *resbuf) { - hmac_sha1(key, keylen, in, inlen, resbuf); + hmac_sha1 (key, keylen, in, inlen, resbuf); return GC_OK; } #endif diff --git a/src/daemon/https/lgl/gc-libgcrypt.c b/src/daemon/https/lgl/gc-libgcrypt.c @@ -35,24 +35,26 @@ /* Initialization. */ -Gc_rc gc_init(void) +Gc_rc +gc_init (void) { gcry_error_t err; - err = gcry_control(GCRYCTL_ANY_INITIALIZATION_P); + err = gcry_control (GCRYCTL_ANY_INITIALIZATION_P); if (err == GPG_ERR_NO_ERROR) { - if (gcry_check_version(GCRYPT_VERSION) == NULL) + if (gcry_check_version (GCRYPT_VERSION) == NULL) return GC_INIT_ERROR; - err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED, NULL, 0); + err = gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0); if (err != GPG_ERR_NO_ERROR) return GC_INIT_ERROR; } return GC_OK; } -void gc_done(void) +void +gc_done (void) { return; } @@ -63,167 +65,167 @@ void gc_done(void) Gc_rc gc_nonce (char *data, size_t datalen) - { - gcry_create_nonce ((unsigned char *) data, datalen); - return GC_OK; - } +{ + gcry_create_nonce ((unsigned char *) data, datalen); + return GC_OK; +} Gc_rc gc_pseudo_random (char *data, size_t datalen) - { - gcry_randomize ((unsigned char *) data, datalen, GCRY_STRONG_RANDOM); - return GC_OK; - } +{ + gcry_randomize ((unsigned char *) data, datalen, GCRY_STRONG_RANDOM); + return GC_OK; +} Gc_rc gc_random (char *data, size_t datalen) - { - gcry_randomize ((unsigned char *) data, datalen, GCRY_VERY_STRONG_RANDOM); - return GC_OK; - } +{ + gcry_randomize ((unsigned char *) data, datalen, GCRY_VERY_STRONG_RANDOM); + return GC_OK; +} #endif /* Memory allocation. */ -void gc_set_allocators(gc_malloc_t func_malloc, - gc_malloc_t secure_malloc, - gc_secure_check_t secure_check, - gc_realloc_t func_realloc, - gc_free_t func_free) +void +gc_set_allocators (gc_malloc_t func_malloc, + gc_malloc_t secure_malloc, + gc_secure_check_t secure_check, + gc_realloc_t func_realloc, gc_free_t func_free) { - gcry_set_allocation_handler(func_malloc, secure_malloc, secure_check, - func_realloc, func_free); + gcry_set_allocation_handler (func_malloc, secure_malloc, secure_check, + func_realloc, func_free); } /* Ciphers. */ -Gc_rc gc_cipher_open(Gc_cipher alg, - Gc_cipher_mode mode, - gc_cipher_handle * outhandle) +Gc_rc +gc_cipher_open (Gc_cipher alg, + Gc_cipher_mode mode, gc_cipher_handle * outhandle) { int gcryalg, gcrymode; gcry_error_t err; switch (alg) { - case GC_AES128: - gcryalg = GCRY_CIPHER_RIJNDAEL; - break; + case GC_AES128: + gcryalg = GCRY_CIPHER_RIJNDAEL; + break; - case GC_AES192: - gcryalg = GCRY_CIPHER_RIJNDAEL; - break; + case GC_AES192: + gcryalg = GCRY_CIPHER_RIJNDAEL; + break; - case GC_AES256: - gcryalg = GCRY_CIPHER_RIJNDAEL256; - break; + case GC_AES256: + gcryalg = GCRY_CIPHER_RIJNDAEL256; + break; - case GC_3DES: - gcryalg = GCRY_CIPHER_3DES; - break; + case GC_3DES: + gcryalg = GCRY_CIPHER_3DES; + break; - case GC_DES: - gcryalg = GCRY_CIPHER_DES; - break; + case GC_DES: + gcryalg = GCRY_CIPHER_DES; + break; - case GC_ARCFOUR128: - case GC_ARCFOUR40: - gcryalg = GCRY_CIPHER_ARCFOUR; - break; + case GC_ARCFOUR128: + case GC_ARCFOUR40: + gcryalg = GCRY_CIPHER_ARCFOUR; + break; - case GC_ARCTWO40: - gcryalg = GCRY_CIPHER_RFC2268_40; - break; + case GC_ARCTWO40: + gcryalg = GCRY_CIPHER_RFC2268_40; + break; #ifdef ENABLE_CAMELLIA case GC_CAMELLIA128: - gcryalg = GCRY_CIPHER_CAMELLIA128; - break; + gcryalg = GCRY_CIPHER_CAMELLIA128; + break; case GC_CAMELLIA256: - gcryalg = GCRY_CIPHER_CAMELLIA256; - break; + gcryalg = GCRY_CIPHER_CAMELLIA256; + break; #endif - default: - return GC_INVALID_CIPHER; + default: + return GC_INVALID_CIPHER; } switch (mode) { - case GC_ECB: - gcrymode = GCRY_CIPHER_MODE_ECB; - break; + case GC_ECB: + gcrymode = GCRY_CIPHER_MODE_ECB; + break; - case GC_CBC: - gcrymode = GCRY_CIPHER_MODE_CBC; - break; + case GC_CBC: + gcrymode = GCRY_CIPHER_MODE_CBC; + break; - case GC_STREAM: - gcrymode = GCRY_CIPHER_MODE_STREAM; - break; + case GC_STREAM: + gcrymode = GCRY_CIPHER_MODE_STREAM; + break; - default: - return GC_INVALID_CIPHER; + default: + return GC_INVALID_CIPHER; } - err = gcry_cipher_open((gcry_cipher_hd_t *) outhandle, gcryalg, gcrymode, 0); - if (gcry_err_code(err)) + err = + gcry_cipher_open ((gcry_cipher_hd_t *) outhandle, gcryalg, gcrymode, 0); + if (gcry_err_code (err)) return GC_INVALID_CIPHER; return GC_OK; } -Gc_rc gc_cipher_setkey(gc_cipher_handle handle, - size_t keylen, - const char *key) +Gc_rc +gc_cipher_setkey (gc_cipher_handle handle, size_t keylen, const char *key) { gcry_error_t err; err = gcry_cipher_setkey ((gcry_cipher_hd_t) handle, key, keylen); - if (gcry_err_code(err)) + if (gcry_err_code (err)) return GC_INVALID_CIPHER; return GC_OK; } -Gc_rc gc_cipher_setiv(gc_cipher_handle handle, - size_t ivlen, - const char *iv) +Gc_rc +gc_cipher_setiv (gc_cipher_handle handle, size_t ivlen, const char *iv) { gcry_error_t err; err = gcry_cipher_setiv ((gcry_cipher_hd_t) handle, iv, ivlen); - if (gcry_err_code(err)) + if (gcry_err_code (err)) return GC_INVALID_CIPHER; return GC_OK; } -Gc_rc gc_cipher_encrypt_inline(gc_cipher_handle handle, - size_t len, - char *data) +Gc_rc +gc_cipher_encrypt_inline (gc_cipher_handle handle, size_t len, char *data) { - if (gcry_cipher_encrypt((gcry_cipher_hd_t) handle, data, len, NULL, len) != 0) + if (gcry_cipher_encrypt ((gcry_cipher_hd_t) handle, data, len, NULL, len) != + 0) return GC_INVALID_CIPHER; return GC_OK; } -Gc_rc gc_cipher_decrypt_inline(gc_cipher_handle handle, - size_t len, - char *data) +Gc_rc +gc_cipher_decrypt_inline (gc_cipher_handle handle, size_t len, char *data) { - if (gcry_cipher_decrypt((gcry_cipher_hd_t) handle, data, len, NULL, len) != 0) + if (gcry_cipher_decrypt ((gcry_cipher_hd_t) handle, data, len, NULL, len) != + 0) return GC_INVALID_CIPHER; return GC_OK; } -Gc_rc gc_cipher_close(gc_cipher_handle handle) +Gc_rc +gc_cipher_close (gc_cipher_handle handle) { - gcry_cipher_close(handle); + gcry_cipher_close (handle); return GC_OK; } @@ -231,22 +233,21 @@ Gc_rc gc_cipher_close(gc_cipher_handle handle) /* Hashes. */ typedef struct _gc_hash_ctx - { - Gc_hash alg; - Gc_hash_mode mode; - gcry_md_hd_t gch; - } _gc_hash_ctx; - -Gc_rc gc_hash_open(Gc_hash hash, - Gc_hash_mode mode, - gc_hash_handle * outhandle) +{ + Gc_hash alg; + Gc_hash_mode mode; + gcry_md_hd_t gch; +} _gc_hash_ctx; + +Gc_rc +gc_hash_open (Gc_hash hash, Gc_hash_mode mode, gc_hash_handle * outhandle) { _gc_hash_ctx *ctx; int gcryalg = 0, gcrymode = 0; gcry_error_t err; Gc_rc rc = GC_OK; - ctx = calloc(sizeof (*ctx), 1); + ctx = calloc (sizeof (*ctx), 1); if (!ctx) return GC_MALLOC_ERROR; @@ -255,226 +256,225 @@ Gc_rc gc_hash_open(Gc_hash hash, switch (hash) { - case GC_MD2: - gcryalg = GCRY_MD_NONE; - break; + case GC_MD2: + gcryalg = GCRY_MD_NONE; + break; - case GC_MD4: - gcryalg = GCRY_MD_MD4; - break; + case GC_MD4: + gcryalg = GCRY_MD_MD4; + break; - case GC_MD5: - gcryalg = GCRY_MD_MD5; - break; + case GC_MD5: + gcryalg = GCRY_MD_MD5; + break; - case GC_SHA1: - gcryalg = GCRY_MD_SHA1; - break; + case GC_SHA1: + gcryalg = GCRY_MD_SHA1; + break; - case GC_SHA256: - gcryalg = GCRY_MD_SHA256; - break; + case GC_SHA256: + gcryalg = GCRY_MD_SHA256; + break; - case GC_SHA384: - gcryalg = GCRY_MD_SHA384; - break; + case GC_SHA384: + gcryalg = GCRY_MD_SHA384; + break; - case GC_SHA512: - gcryalg = GCRY_MD_SHA512; - break; + case GC_SHA512: + gcryalg = GCRY_MD_SHA512; + break; - case GC_RMD160: - gcryalg = GCRY_MD_RMD160; - break; + case GC_RMD160: + gcryalg = GCRY_MD_RMD160; + break; - default: - rc = GC_INVALID_HASH; + default: + rc = GC_INVALID_HASH; } switch (mode) { - case 0: - gcrymode = 0; - break; + case 0: + gcrymode = 0; + break; - case GC_HMAC: - gcrymode = GCRY_MD_FLAG_HMAC; - break; + case GC_HMAC: + gcrymode = GCRY_MD_FLAG_HMAC; + break; - default: - rc = GC_INVALID_HASH; + default: + rc = GC_INVALID_HASH; } if (rc == GC_OK && gcryalg != GCRY_MD_NONE) { - err = gcry_md_open(&ctx->gch, gcryalg, gcrymode); - if (gcry_err_code(err)) + err = gcry_md_open (&ctx->gch, gcryalg, gcrymode); + if (gcry_err_code (err)) rc = GC_INVALID_HASH; } if (rc == GC_OK) *outhandle = ctx; else - free(ctx); + free (ctx); return rc; } -Gc_rc gc_hash_clone(gc_hash_handle handle, - gc_hash_handle * outhandle) +Gc_rc +gc_hash_clone (gc_hash_handle handle, gc_hash_handle * outhandle) { _gc_hash_ctx *in = handle; _gc_hash_ctx *out; int err; - *outhandle = out = calloc(sizeof (*out), 1); + *outhandle = out = calloc (sizeof (*out), 1); if (!out) return GC_MALLOC_ERROR; - memcpy(out, in, sizeof (*out)); + memcpy (out, in, sizeof (*out)); - err = gcry_md_copy(&out->gch, in->gch); + err = gcry_md_copy (&out->gch, in->gch); if (err) { - free(out); + free (out); return GC_INVALID_HASH; } return GC_OK; } -size_t gc_hash_digest_length(Gc_hash hash) +size_t +gc_hash_digest_length (Gc_hash hash) { size_t len; switch (hash) { - case GC_MD2: - len = GC_MD2_DIGEST_SIZE; - break; + case GC_MD2: + len = GC_MD2_DIGEST_SIZE; + break; - case GC_MD4: - len = GC_MD4_DIGEST_SIZE; - break; + case GC_MD4: + len = GC_MD4_DIGEST_SIZE; + break; - case GC_MD5: - len = GC_MD5_DIGEST_SIZE; - break; + case GC_MD5: + len = GC_MD5_DIGEST_SIZE; + break; - case GC_RMD160: - len = GC_RMD160_DIGEST_SIZE; - break; + case GC_RMD160: + len = GC_RMD160_DIGEST_SIZE; + break; - case GC_SHA1: - len = GC_SHA1_DIGEST_SIZE; - break; + case GC_SHA1: + len = GC_SHA1_DIGEST_SIZE; + break; - case GC_SHA256: - len = GC_SHA256_DIGEST_SIZE; - break; + case GC_SHA256: + len = GC_SHA256_DIGEST_SIZE; + break; - case GC_SHA384: - len = GC_SHA384_DIGEST_SIZE; - break; + case GC_SHA384: + len = GC_SHA384_DIGEST_SIZE; + break; - case GC_SHA512: - len = GC_SHA512_DIGEST_SIZE; - break; + case GC_SHA512: + len = GC_SHA512_DIGEST_SIZE; + break; - default: - return 0; + default: + return 0; } return len; } -void gc_hash_hmac_setkey(gc_hash_handle handle, - size_t len, - const char *key) +void +gc_hash_hmac_setkey (gc_hash_handle handle, size_t len, const char *key) { _gc_hash_ctx *ctx = handle; - gcry_md_setkey(ctx->gch, key, len); + gcry_md_setkey (ctx->gch, key, len); } -void gc_hash_write(gc_hash_handle handle, - size_t len, - const char *data) +void +gc_hash_write (gc_hash_handle handle, size_t len, const char *data) { _gc_hash_ctx *ctx = handle; - gcry_md_write(ctx->gch, data, len); + gcry_md_write (ctx->gch, data, len); } -const char * gc_hash_read(gc_hash_handle handle) +const char * +gc_hash_read (gc_hash_handle handle) { _gc_hash_ctx *ctx = handle; const char *digest; - { - gcry_md_final (ctx->gch); - digest = gcry_md_read(ctx->gch, 0); - } + { + gcry_md_final (ctx->gch); + digest = gcry_md_read (ctx->gch, 0); + } return digest; } -void gc_hash_close(gc_hash_handle handle) +void +gc_hash_close (gc_hash_handle handle) { _gc_hash_ctx *ctx = handle; - gcry_md_close(ctx->gch); + gcry_md_close (ctx->gch); - free(ctx); + free (ctx); } -Gc_rc gc_hash_buffer(Gc_hash hash, - const void *in, - size_t inlen, - char *resbuf) +Gc_rc +gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *resbuf) { int gcryalg; switch (hash) { #ifdef GNULIB_GC_MD5 - case GC_MD5: - gcryalg = GCRY_MD_MD5; - break; + case GC_MD5: + gcryalg = GCRY_MD_MD5; + break; #endif #ifdef GNULIB_GC_SHA1 - case GC_SHA1: - gcryalg = GCRY_MD_SHA1; - break; + case GC_SHA1: + gcryalg = GCRY_MD_SHA1; + break; #endif #ifdef GNULIB_GC_SHA256 - case GC_SHA256: - gcryalg = GCRY_MD_SHA256; - break; + case GC_SHA256: + gcryalg = GCRY_MD_SHA256; + break; #endif #ifdef GNULIB_GC_SHA384 - case GC_SHA384: - gcryalg = GCRY_MD_SHA384; - break; + case GC_SHA384: + gcryalg = GCRY_MD_SHA384; + break; #endif #ifdef GNULIB_GC_SHA512 - case GC_SHA512: - gcryalg = GCRY_MD_SHA512; - break; + case GC_SHA512: + gcryalg = GCRY_MD_SHA512; + break; #endif #ifdef GNULIB_GC_RMD160 - case GC_RMD160: - gcryalg = GCRY_MD_RMD160; - break; + case GC_RMD160: + gcryalg = GCRY_MD_RMD160; + break; #endif - default: - return GC_INVALID_HASH; + default: + return GC_INVALID_HASH; } - gcry_md_hash_buffer(gcryalg, resbuf, in, inlen); + gcry_md_hash_buffer (gcryalg, resbuf, in, inlen); return GC_OK; } @@ -483,144 +483,142 @@ Gc_rc gc_hash_buffer(Gc_hash hash, #ifdef GNULIB_GC_MD5 Gc_rc gc_md5 (const void *in, size_t inlen, void *resbuf) - { - size_t outlen = gcry_md_get_algo_dlen (GCRY_MD_MD5); - gcry_md_hd_t hd; - gpg_error_t err; - unsigned char *p; +{ + size_t outlen = gcry_md_get_algo_dlen (GCRY_MD_MD5); + gcry_md_hd_t hd; + gpg_error_t err; + unsigned char *p; - assert (outlen == GC_MD5_DIGEST_SIZE); + assert (outlen == GC_MD5_DIGEST_SIZE); - err = gcry_md_open (&hd, GCRY_MD_MD5, 0); - if (err != GPG_ERR_NO_ERROR) + err = gcry_md_open (&hd, GCRY_MD_MD5, 0); + if (err != GPG_ERR_NO_ERROR) return GC_INVALID_HASH; - gcry_md_write (hd, in, inlen); + gcry_md_write (hd, in, inlen); - p = gcry_md_read (hd, GCRY_MD_MD5); - if (p == NULL) - { - gcry_md_close (hd); - return GC_INVALID_HASH; - } + p = gcry_md_read (hd, GCRY_MD_MD5); + if (p == NULL) + { + gcry_md_close (hd); + return GC_INVALID_HASH; + } - memcpy (resbuf, p, outlen); + memcpy (resbuf, p, outlen); - gcry_md_close (hd); + gcry_md_close (hd); - return GC_OK; - } + return GC_OK; +} #endif #ifdef GNULIB_GC_SHA1 Gc_rc gc_sha1 (const void *in, size_t inlen, void *resbuf) - { - size_t outlen = gcry_md_get_algo_dlen (GCRY_MD_SHA1); - gcry_md_hd_t hd; - gpg_error_t err; - unsigned char *p; +{ + size_t outlen = gcry_md_get_algo_dlen (GCRY_MD_SHA1); + gcry_md_hd_t hd; + gpg_error_t err; + unsigned char *p; - assert (outlen == GC_SHA1_DIGEST_SIZE); + assert (outlen == GC_SHA1_DIGEST_SIZE); - err = gcry_md_open (&hd, GCRY_MD_SHA1, 0); - if (err != GPG_ERR_NO_ERROR) + err = gcry_md_open (&hd, GCRY_MD_SHA1, 0); + if (err != GPG_ERR_NO_ERROR) return GC_INVALID_HASH; - gcry_md_write (hd, in, inlen); + gcry_md_write (hd, in, inlen); - p = gcry_md_read (hd, GCRY_MD_SHA1); - if (p == NULL) - { - gcry_md_close (hd); - return GC_INVALID_HASH; - } + p = gcry_md_read (hd, GCRY_MD_SHA1); + if (p == NULL) + { + gcry_md_close (hd); + return GC_INVALID_HASH; + } - memcpy (resbuf, p, outlen); + memcpy (resbuf, p, outlen); - gcry_md_close (hd); + gcry_md_close (hd); - return GC_OK; - } + return GC_OK; +} #endif #ifdef GNULIB_GC_HMAC_MD5 Gc_rc gc_hmac_md5 (const void *key, size_t keylen, - const void *in, size_t inlen, char *resbuf) - { - size_t hlen = gcry_md_get_algo_dlen (GCRY_MD_MD5); - gcry_md_hd_t mdh; - unsigned char *hash; - gpg_error_t err; + const void *in, size_t inlen, char *resbuf) +{ + size_t hlen = gcry_md_get_algo_dlen (GCRY_MD_MD5); + gcry_md_hd_t mdh; + unsigned char *hash; + gpg_error_t err; - assert (hlen == 16); + assert (hlen == 16); - err = gcry_md_open (&mdh, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC); - if (err != GPG_ERR_NO_ERROR) + err = gcry_md_open (&mdh, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC); + if (err != GPG_ERR_NO_ERROR) return GC_INVALID_HASH; - err = gcry_md_setkey (mdh, key, keylen); - if (err != GPG_ERR_NO_ERROR) - { - gcry_md_close (mdh); - return GC_INVALID_HASH; - } + err = gcry_md_setkey (mdh, key, keylen); + if (err != GPG_ERR_NO_ERROR) + { + gcry_md_close (mdh); + return GC_INVALID_HASH; + } - gcry_md_write (mdh, in, inlen); + gcry_md_write (mdh, in, inlen); - hash = gcry_md_read (mdh, GCRY_MD_MD5); - if (hash == NULL) - { - gcry_md_close (mdh); - return GC_INVALID_HASH; - } + hash = gcry_md_read (mdh, GCRY_MD_MD5); + if (hash == NULL) + { + gcry_md_close (mdh); + return GC_INVALID_HASH; + } - memcpy (resbuf, hash, hlen); + memcpy (resbuf, hash, hlen); - gcry_md_close (mdh); + gcry_md_close (mdh); - return GC_OK; - } + return GC_OK; +} #endif #ifdef GNULIB_GC_HMAC_SHA1 -Gc_rc gc_hmac_sha1(const void *key, - size_t keylen, - const void *in, - size_t inlen, - char *resbuf) +Gc_rc +gc_hmac_sha1 (const void *key, + size_t keylen, const void *in, size_t inlen, char *resbuf) { - size_t hlen = gcry_md_get_algo_dlen(GCRY_MD_SHA1); + size_t hlen = gcry_md_get_algo_dlen (GCRY_MD_SHA1); gcry_md_hd_t mdh; unsigned char *hash; gpg_error_t err; assert (hlen == GC_SHA1_DIGEST_SIZE); - err = gcry_md_open(&mdh, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); + err = gcry_md_open (&mdh, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); if (err != GPG_ERR_NO_ERROR) return GC_INVALID_HASH; - err = gcry_md_setkey(mdh, key, keylen); + err = gcry_md_setkey (mdh, key, keylen); if (err != GPG_ERR_NO_ERROR) { - gcry_md_close(mdh); + gcry_md_close (mdh); return GC_INVALID_HASH; } - gcry_md_write(mdh, in, inlen); + gcry_md_write (mdh, in, inlen); - hash = gcry_md_read(mdh, GCRY_MD_SHA1); + hash = gcry_md_read (mdh, GCRY_MD_SHA1); if (hash == NULL) { - gcry_md_close(mdh); + gcry_md_close (mdh); return GC_INVALID_HASH; } - memcpy(resbuf, hash, hlen); + memcpy (resbuf, hash, hlen); - gcry_md_close(mdh); + gcry_md_close (mdh); return GC_OK; } diff --git a/src/daemon/https/openpgp/gnutls_extra.c b/src/daemon/https/openpgp/gnutls_extra.c @@ -55,11 +55,6 @@ gnutls_global_init_extra (void) * libextra, then do not initialize the library. * This is because it may break things. */ - if (strcmp (gnutls_check_version (NULL), VERSION) != 0) - { - return GNUTLS_E_LIBRARY_VERSION_MISMATCH; - } - _gnutls_init_extra++; if (_gnutls_init_extra != 1) diff --git a/src/daemon/https/openpgp/gnutls_ia.c b/src/daemon/https/openpgp/gnutls_ia.c @@ -461,7 +461,7 @@ _gnutls_ia_client_handshake (gnutls_session_t session) ssize_t len; int ret; const struct gnutls_ia_client_credentials_st *cred = - _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_IA, NULL); if (cred == NULL) return GNUTLS_E_INTERNAL_ERROR; @@ -529,7 +529,7 @@ _gnutls_ia_server_handshake (gnutls_session_t session) char buf[1024]; int ret; const struct gnutls_ia_server_credentials_st *cred = - _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_IA, NULL); if (cred == NULL) return GNUTLS_E_INTERNAL_ERROR; diff --git a/src/daemon/https/openpgp/gnutls_openpgp.c b/src/daemon/https/openpgp/gnutls_openpgp.c @@ -112,10 +112,10 @@ openpgp_pk_to_gnutls_cert (gnutls_cert * cert, cdk_pkt_pubkey_t pk) return GNUTLS_E_UNWANTED_ALGORITHM; } - algo = GNUTLS_PK_RSA; + algo = MHD_GNUTLS_PK_RSA; cert->subject_pk_algorithm = algo; cert->version = pk->version; - cert->cert_type = GNUTLS_CRT_OPENPGP; + cert->cert_type = MHD_GNUTLS_CRT_OPENPGP; cert->key_usage = 0; if (pk->pubkey_usage & CDK_KEY_USG_SIGN) @@ -247,7 +247,7 @@ _gnutls_openpgp_raw_privkey_to_gkey (gnutls_privkey * pkey, if (is_ELG (pke_algo)) return GNUTLS_E_UNWANTED_ALGORITHM; else if (is_RSA (pke_algo)) - pkey->pk_algorithm = GNUTLS_PK_RSA; + pkey->pk_algorithm = MHD_GNUTLS_PK_RSA; leave: cdk_kbnode_release (snode); @@ -885,7 +885,7 @@ _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert) int ret; memset (gcert, 0, sizeof (gnutls_cert)); - gcert->cert_type = GNUTLS_CRT_OPENPGP; + gcert->cert_type = MHD_GNUTLS_CRT_OPENPGP; ret = gnutls_openpgp_crt_export (cert, GNUTLS_OPENPGP_FMT_RAW, diff --git a/src/daemon/https/openpgp/pgp.c b/src/daemon/https/openpgp/pgp.c @@ -337,7 +337,7 @@ gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key, int algo; if (!key) - return GNUTLS_PK_UNKNOWN; + return MHD_GNUTLS_PK_UNKNOWN; algo = 0; pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); @@ -347,7 +347,7 @@ gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key, *bits = cdk_pk_get_nbits (pkt->pkt.public_key); algo = pkt->pkt.public_key->pubkey_algo; if (is_RSA (algo)) - algo = GNUTLS_PK_RSA; + algo = MHD_GNUTLS_PK_RSA; else algo = GNUTLS_E_UNKNOWN_PK_ALGORITHM; } diff --git a/src/daemon/https/openpgp/pgp_privkey.c b/src/daemon/https/openpgp/pgp_privkey.c @@ -126,7 +126,7 @@ gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key, if (bits) { *bits = 0; - if (pk == GNUTLS_PK_RSA) + if (pk == MHD_GNUTLS_PK_RSA) *bits = _gnutls_mpi_get_nbits (key->pkey.params[0]); } diff --git a/src/daemon/https/tests.c b/src/daemon/https/tests.c @@ -103,19 +103,20 @@ do_handshake (gnutls_session_t session) return TEST_SUCCEED; } -static int protocol_priority[16] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; +static int protocol_priority[16] = { GNUTLS_TLS1, MHD_GNUTLS_SSL3, 0 }; static const int kx_priority[16] = - { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, - GNUTLS_KX_ANON_DH, - GNUTLS_KX_RSA_EXPORT, 0 + { MHD_GNUTLS_KX_RSA, MHD_GNUTLS_KX_DHE_DSS, MHD_GNUTLS_KX_DHE_RSA, + MHD_GNUTLS_KX_ANON_DH, + MHD_GNUTLS_KX_RSA_EXPORT, 0 }; static const int cipher_priority[16] = - { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128, - GNUTLS_CIPHER_ARCFOUR_40, 0 + { MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_CIPHER_ARCFOUR_128, + MHD_GNUTLS_CIPHER_ARCFOUR_40, 0 }; -static const int comp_priority[16] = { GNUTLS_COMP_NULL, 0 }; -static const int mac_priority[16] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, 0 }; -static const int cert_type_priority[16] = { GNUTLS_CRT_X509, 0 }; +static const int comp_priority[16] = { MHD_GNUTLS_COMP_NULL, 0 }; +static const int mac_priority[16] = + { MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_MAC_MD5, 0 }; +static const int cert_type_priority[16] = { MHD_GNUTLS_CRT_X509, 0 }; #define ADD_ALL_CIPHERS(session) gnutls_cipher_set_priority(session, cipher_priority) #define ADD_ALL_COMP(session) gnutls_compression_set_priority(session, comp_priority) @@ -235,13 +236,13 @@ test_srp (gnutls_session_t session) ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); - ADD_KX (session, GNUTLS_KX_SRP); + ADD_KX (session, MHD_GNUTLS_KX_SRP); srp_detected = 0; gnutls_srp_set_client_credentials_function (srp_cred, _test_srp_username_callback); - gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_SRP, srp_cred); ret = do_handshake (session); @@ -274,7 +275,7 @@ test_server (gnutls_session_t session) ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret != TEST_SUCCEED) @@ -321,9 +322,9 @@ test_export (gnutls_session_t session) ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); - ADD_KX (session, GNUTLS_KX_RSA_EXPORT); - ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + ADD_KX (session, MHD_GNUTLS_KX_RSA_EXPORT); + ADD_CIPHER (session, MHD_GNUTLS_CIPHER_ARCFOUR_40); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); @@ -351,9 +352,9 @@ test_export_info (gnutls_session_t session) ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); - ADD_KX (session, GNUTLS_KX_RSA_EXPORT); - ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + ADD_KX (session, MHD_GNUTLS_KX_RSA_EXPORT); + ADD_CIPHER (session, MHD_GNUTLS_CIPHER_ARCFOUR_40); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); @@ -399,8 +400,8 @@ test_dhe (gnutls_session_t session) ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); - ADD_KX2 (session, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + ADD_KX2 (session, MHD_GNUTLS_KX_DHE_RSA, MHD_GNUTLS_KX_DHE_DSS); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); @@ -425,8 +426,8 @@ test_dhe_group (gnutls_session_t session) ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); - ADD_KX2 (session, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + ADD_KX2 (session, MHD_GNUTLS_KX_DHE_RSA, MHD_GNUTLS_KX_DHE_DSS); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); @@ -464,10 +465,10 @@ test_ssl3 (gnutls_session_t session) ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); - ADD_PROTOCOL (session, GNUTLS_SSL3); + ADD_PROTOCOL (session, MHD_GNUTLS_SSL3); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_SUCCEED) @@ -500,7 +501,7 @@ test_bye (gnutls_session_t session) ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_FAILED) @@ -546,13 +547,13 @@ test_code_t test_aes (gnutls_session_t session) { int ret; - ADD_CIPHER (session, GNUTLS_CIPHER_AES_128_CBC); + ADD_CIPHER (session, MHD_GNUTLS_CIPHER_AES_128_CBC); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); return ret; @@ -563,13 +564,13 @@ test_code_t test_camellia (gnutls_session_t session) { int ret; - ADD_CIPHER (session, GNUTLS_CIPHER_CAMELLIA_128_CBC); + ADD_CIPHER (session, MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); return ret; @@ -582,17 +583,17 @@ test_openpgp1 (gnutls_session_t session) int ret; ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); - ADD_CERTTYPE (session, GNUTLS_CRT_OPENPGP); + ADD_CERTTYPE (session, MHD_GNUTLS_CRT_OPENPGP); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_FAILED) return ret; - if (gnutls_certificate_type_get (session) == GNUTLS_CRT_OPENPGP) + if (gnutls_certificate_type_get (session) == MHD_GNUTLS_CRT_OPENPGP) return TEST_SUCCEED; return TEST_FAILED; @@ -603,18 +604,19 @@ test_unknown_ciphersuites (gnutls_session_t session) { int ret; #ifdef ENABLE_CAMELLIA - ADD_CIPHER4 (session, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_CIPHER_ARCFOUR_128); + ADD_CIPHER4 (session, MHD_GNUTLS_CIPHER_AES_128_CBC, + MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, + MHD_GNUTLS_CIPHER_ARCFOUR_128); #else - ADD_CIPHER4 (session, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_ARCFOUR_128, 0); + ADD_CIPHER4 (session, MHD_GNUTLS_CIPHER_AES_128_CBC, + MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_CIPHER_ARCFOUR_128, 0); #endif ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); return ret; @@ -628,9 +630,9 @@ test_md5 (gnutls_session_t session) ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); - ADD_MAC (session, GNUTLS_MAC_MD5); + ADD_MAC (session, MHD_GNUTLS_MAC_MD5); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); return ret; @@ -647,7 +649,7 @@ test_zlib (gnutls_session_t session) ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); return ret; @@ -661,12 +663,12 @@ test_lzo (gnutls_session_t session) gnutls_handshake_set_private_extensions (session, 1); ADD_ALL_CIPHERS (session); - ADD_COMP (session, GNUTLS_COMP_LZO); + ADD_COMP (session, MHD_GNUTLS_COMP_LZO); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); @@ -681,9 +683,9 @@ test_sha (gnutls_session_t session) ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); - ADD_MAC (session, GNUTLS_MAC_SHA1); + ADD_MAC (session, MHD_GNUTLS_MAC_SHA1); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); return ret; @@ -693,13 +695,13 @@ test_code_t test_3des (gnutls_session_t session) { int ret; - ADD_CIPHER (session, GNUTLS_CIPHER_3DES_CBC); + ADD_CIPHER (session, MHD_GNUTLS_CIPHER_3DES_CBC); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); return ret; @@ -709,13 +711,13 @@ test_code_t test_arcfour (gnutls_session_t session) { int ret; - ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_128); + ADD_CIPHER (session, MHD_GNUTLS_CIPHER_ARCFOUR_128); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); return ret; @@ -725,13 +727,13 @@ test_code_t test_arcfour_40 (gnutls_session_t session) { int ret; - ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40); + ADD_CIPHER (session, MHD_GNUTLS_CIPHER_ARCFOUR_40); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); return ret; @@ -747,7 +749,7 @@ test_tls1 (gnutls_session_t session) ADD_PROTOCOL (session, GNUTLS_TLS1); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_SUCCEED) @@ -764,10 +766,10 @@ test_tls1_1 (gnutls_session_t session) ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); - ADD_PROTOCOL (session, GNUTLS_TLS1_1); + ADD_PROTOCOL (session, MHD_GNUTLS_TLS1_1); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_SUCCEED) @@ -787,10 +789,10 @@ test_tls1_1_fallback (gnutls_session_t session) ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); - ADD_PROTOCOL3 (session, GNUTLS_TLS1_1, GNUTLS_TLS1, GNUTLS_SSL3); + ADD_PROTOCOL3 (session, MHD_GNUTLS_TLS1_1, GNUTLS_TLS1, MHD_GNUTLS_SSL3); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret != TEST_SUCCEED) @@ -798,7 +800,7 @@ test_tls1_1_fallback (gnutls_session_t session) if (gnutls_protocol_get_version (session) == GNUTLS_TLS1) return TEST_SUCCEED; - else if (gnutls_protocol_get_version (session) == GNUTLS_SSL3) + else if (gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) return TEST_UNSURE; return TEST_FAILED; @@ -821,7 +823,7 @@ test_tls_disable (gnutls_session_t session) ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_FAILED) @@ -829,7 +831,7 @@ test_tls_disable (gnutls_session_t session) /* disable TLS 1.0 */ if (ssl3_ok != 0) { - protocol_priority[0] = GNUTLS_SSL3; + protocol_priority[0] = MHD_GNUTLS_SSL3; protocol_priority[1] = 0; } } @@ -852,8 +854,8 @@ test_rsa_pms (gnutls_session_t session) ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); - ADD_KX (session, GNUTLS_KX_RSA); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + ADD_KX (session, MHD_GNUTLS_KX_RSA); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_FAILED) @@ -874,7 +876,7 @@ test_max_record_size (gnutls_session_t session) ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); gnutls_record_set_max_size (session, 512); ret = do_handshake (session); @@ -898,7 +900,7 @@ test_hello_extension (gnutls_session_t session) ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); gnutls_record_set_max_size (session, 512); ret = do_handshake (session); @@ -929,14 +931,15 @@ test_version_rollback (gnutls_session_t session) ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); _gnutls_record_set_default_version (session, 3, 0); ret = do_handshake (session); if (ret != TEST_SUCCEED) return ret; - if (tls1_ok != 0 && gnutls_protocol_get_version (session) == GNUTLS_SSL3) + if (tls1_ok != 0 + && gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) return TEST_FAILED; return TEST_SUCCEED; @@ -959,7 +962,7 @@ test_version_oob (gnutls_session_t session) ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); _gnutls_record_set_default_version (session, 5, 5); ret = do_handshake (session); @@ -984,7 +987,7 @@ test_rsa_pms_version_check (gnutls_session_t session) ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); _gnutls_rsa_pms_set_version (session, 5, 5); /* use SSL 5.5 version */ ret = do_handshake (session); @@ -1003,8 +1006,8 @@ test_anonymous (gnutls_session_t session) ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); - ADD_KX (session, GNUTLS_KX_ANON_DH); - gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred); + ADD_KX (session, MHD_GNUTLS_KX_ANON_DH); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_ANON, anon_cred); ret = do_handshake (session); @@ -1032,8 +1035,8 @@ test_session_resume2 (gnutls_session_t session) ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); - gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_ANON, anon_cred); gnutls_session_set_data (session, session_data, session_data_size); @@ -1079,7 +1082,7 @@ test_certificate (gnutls_session_t session) ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_FAILED) @@ -1148,7 +1151,7 @@ test_server_cas (gnutls_session_t session) ADD_ALL_MACS (session); ADD_ALL_KX (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); gnutls_certificate_client_set_retrieve_function (xcred, cert_callback); ret = do_handshake (session); diff --git a/src/daemon/https/tls/auth_anon.c b/src/daemon/https/tls/auth_anon.c @@ -71,7 +71,7 @@ gen_anon_server_kx (gnutls_session_t session, opaque ** data) gnutls_anon_server_credentials_t cred; cred = (gnutls_anon_server_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_ANON, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_ANON, NULL); if (cred == NULL) { gnutls_assert (); @@ -91,7 +91,7 @@ gen_anon_server_kx (gnutls_session_t session, opaque ** data) g = mpis[1]; if ((ret = - _gnutls_auth_info_set (session, GNUTLS_CRD_ANON, + _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, sizeof (anon_auth_info_st), 1)) < 0) { gnutls_assert (); @@ -124,7 +124,7 @@ proc_anon_client_kx (gnutls_session_t session, opaque * data, bits = _gnutls_dh_get_allowed_prime_bits (session); cred = (gnutls_anon_server_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_ANON, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_ANON, NULL); if (cred == NULL) { gnutls_assert (); @@ -158,7 +158,7 @@ proc_anon_server_kx (gnutls_session_t session, opaque * data, /* set auth_info */ if ((ret = - _gnutls_auth_info_set (session, GNUTLS_CRD_ANON, + _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, sizeof (anon_auth_info_st), 1)) < 0) { gnutls_assert (); diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c @@ -277,7 +277,7 @@ _find_openpgp_cert (const gnutls_certificate_credentials_t cred, if ((_gnutls_check_pk_algo_in_list (pk_algos, pk_algos_length, cred->cert_list[i][0].subject_pk_algorithm) == 0) - && (cred->cert_list[i][0].cert_type == GNUTLS_CRT_OPENPGP)) + && (cred->cert_list[i][0].cert_type == MHD_GNUTLS_CRT_OPENPGP)) { *indx = i; break; @@ -350,7 +350,7 @@ get_issuers (gnutls_session_t session, int i; unsigned size; - if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509) + if (gnutls_certificate_type_get (session) != MHD_GNUTLS_CRT_X509) return 0; /* put the requested DNs to req_dn, only in case @@ -398,7 +398,7 @@ call_get_cert_callback (gnutls_session_t session, gnutls_certificate_credentials_t cred; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -435,7 +435,7 @@ call_get_cert_callback (gnutls_session_t session, goto cleanup; } - if (type == GNUTLS_CRT_X509) + if (type == MHD_GNUTLS_CRT_X509) { local_certs = alloc_and_load_x509_certs (st.cert.x509, st.ncerts); if (local_certs != NULL) @@ -465,7 +465,7 @@ call_get_cert_callback (gnutls_session_t session, cleanup: - if (st.type == GNUTLS_CRT_X509) + if (st.type == MHD_GNUTLS_CRT_X509) { if (st.deinit_all) { @@ -517,7 +517,7 @@ _select_client_cert (gnutls_session_t session, gnutls_datum_t *issuers_dn = NULL; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -529,7 +529,7 @@ _select_client_cert (gnutls_session_t session, /* use a callback to get certificate */ - if (session->security_parameters.cert_type != GNUTLS_CRT_X509) + if (session->security_parameters.cert_type != MHD_GNUTLS_CRT_X509) issuers_dn_length = 0; else { @@ -573,12 +573,12 @@ _select_client_cert (gnutls_session_t session, */ result = 0; - if (session->security_parameters.cert_type == GNUTLS_CRT_X509) + if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509) result = _find_x509_cert (cred, _data, _data_size, pk_algos, pk_algos_length, &indx); - if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP) + if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_OPENPGP) result = _find_openpgp_cert (cred, pk_algos, pk_algos_length, &indx); @@ -791,13 +791,13 @@ _gnutls_gen_cert_client_certificate (gnutls_session_t session, opaque ** data) { switch (session->security_parameters.cert_type) { - case GNUTLS_CRT_OPENPGP: + case MHD_GNUTLS_CRT_OPENPGP: if (_gnutls_openpgp_send_fingerprint (session) == 0) return _gnutls_gen_openpgp_certificate (session, data); else return _gnutls_gen_openpgp_certificate_fpr (session, data); - case GNUTLS_CRT_X509: + case MHD_GNUTLS_CRT_X509: return _gnutls_gen_x509_crt (session, data); default: @@ -811,9 +811,9 @@ _gnutls_gen_cert_server_certificate (gnutls_session_t session, opaque ** data) { switch (session->security_parameters.cert_type) { - case GNUTLS_CRT_OPENPGP: + case MHD_GNUTLS_CRT_OPENPGP: return _gnutls_gen_openpgp_certificate (session, data); - case GNUTLS_CRT_X509: + case MHD_GNUTLS_CRT_X509: return _gnutls_gen_x509_crt (session, data); default: gnutls_assert (); @@ -840,7 +840,7 @@ _gnutls_proc_x509_server_certificate (gnutls_session_t session, gnutls_datum_t tmp; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -849,7 +849,7 @@ _gnutls_proc_x509_server_certificate (gnutls_session_t session, if ((ret = - _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE, + _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, sizeof (cert_auth_info_st), 1)) < 0) { gnutls_assert (); @@ -982,7 +982,7 @@ _gnutls_proc_openpgp_server_certificate (gnutls_session_t session, gnutls_datum_t tmp, akey = { NULL, 0 }; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -990,7 +990,7 @@ _gnutls_proc_openpgp_server_certificate (gnutls_session_t session, } if ((ret = - _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE, + _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, sizeof (cert_auth_info_st), 1)) < 0) { gnutls_assert (); @@ -1152,10 +1152,10 @@ _gnutls_proc_cert_server_certificate (gnutls_session_t session, { switch (session->security_parameters.cert_type) { - case GNUTLS_CRT_OPENPGP: + case MHD_GNUTLS_CRT_OPENPGP: return _gnutls_proc_openpgp_server_certificate (session, data, data_size); - case GNUTLS_CRT_X509: + case MHD_GNUTLS_CRT_X509: return _gnutls_proc_x509_server_certificate (session, data, data_size); default: gnutls_assert (); @@ -1178,7 +1178,7 @@ _gnutls_check_supported_sign_algo (CertificateSigType algo) switch (algo) { case RSA_SIGN: - return GNUTLS_PK_RSA; + return MHD_GNUTLS_PK_RSA; } return -1; @@ -1199,7 +1199,7 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session, opaque * data, gnutls_protocol_t ver = gnutls_protocol_get_version (session); cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -1207,7 +1207,7 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session, opaque * data, } if ((ret = - _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE, + _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, sizeof (cert_auth_info_st), 0)) < 0) { gnutls_assert (); @@ -1244,7 +1244,7 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session, opaque * data, return GNUTLS_E_UNKNOWN_PK_ALGORITHM; } - if (ver == GNUTLS_TLS1_2) + if (ver == MHD_GNUTLS_TLS1_2) { /* read supported hashes */ int hash_num; @@ -1262,7 +1262,7 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session, opaque * data, size = _gnutls_read_uint16 (p); p += 2; - if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP + if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_OPENPGP && size != 0) { gnutls_assert (); // size should be zero @@ -1405,7 +1405,7 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data) */ cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -1415,11 +1415,11 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data) size = CERTTYPE_SIZE + 2; /* 2 for gnutls_certificate_type_t + 2 for size of rdn_seq */ - if (session->security_parameters.cert_type == GNUTLS_CRT_X509 && + if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509 && session->internals.ignore_rdn_sequence == 0) size += cred->x509_rdn_sequence.size; - if (ver == GNUTLS_TLS1_2) + if (ver == MHD_GNUTLS_TLS1_2) /* Need at least one byte to announce the number of supported hash functions (see below). */ size += 1; @@ -1439,14 +1439,14 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data) pdata[2] = DSA_SIGN; /* only these for now */ pdata += CERTTYPE_SIZE; - if (ver == GNUTLS_TLS1_2) + if (ver == MHD_GNUTLS_TLS1_2) { /* Supported hashes (nothing for now -- FIXME). */ *pdata = 0; pdata++; } - if (session->security_parameters.cert_type == GNUTLS_CRT_X509 && + if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509 && session->internals.ignore_rdn_sequence == 0) { _gnutls_write_datum16 (pdata, cred->x509_rdn_sequence); @@ -1717,7 +1717,7 @@ _gnutls_server_select_cert (gnutls_session_t session, gnutls_certificate_credentials_t cred; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); diff --git a/src/daemon/https/tls/auth_dhe.c b/src/daemon/https/tls/auth_dhe.c @@ -93,7 +93,7 @@ gen_dhe_server_kx (gnutls_session_t session, opaque ** data) gnutls_dh_params_t dh_params; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -123,7 +123,7 @@ gen_dhe_server_kx (gnutls_session_t session, opaque ** data) p = mpis[0]; g = mpis[1]; - if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE, + if ((ret = _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, sizeof (cert_auth_info_st), 0)) < 0) { gnutls_assert (); @@ -250,7 +250,7 @@ proc_dhe_client_kx (gnutls_session_t session, opaque * data, gnutls_dh_params_t dh_params; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); diff --git a/src/daemon/https/tls/auth_rsa.c b/src/daemon/https/tls/auth_rsa.c @@ -100,7 +100,7 @@ _gnutls_get_public_rsa_params (gnutls_session_t session, /* EXPORT case: */ if (_gnutls_cipher_suite_get_kx_algo (&session->security_parameters.current_cipher_suite) - == GNUTLS_KX_RSA_EXPORT + == MHD_GNUTLS_KX_RSA_EXPORT && _gnutls_mpi_get_nbits (peer_cert.params[0]) > 512) { @@ -155,7 +155,7 @@ _gnutls_get_private_rsa_params (gnutls_session_t session, gnutls_rsa_params_t rsa_params; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -174,7 +174,7 @@ _gnutls_get_private_rsa_params (gnutls_session_t session, if (_gnutls_cipher_suite_get_kx_algo (&session->security_parameters.current_cipher_suite) - == GNUTLS_KX_RSA_EXPORT && bits > 512) + == MHD_GNUTLS_KX_RSA_EXPORT && bits > 512) { rsa_params = @@ -217,7 +217,7 @@ _gnutls_proc_rsa_client_kx (gnutls_session_t session, opaque * data, int randomize_key = 0; ssize_t data_size = _data_size; - if (gnutls_protocol_get_version (session) == GNUTLS_SSL3) + if (gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) { /* SSL 3.0 */ @@ -385,7 +385,7 @@ _gnutls_gen_rsa_client_kx (gnutls_session_t session, opaque ** data) for (i = 0; i < params_len; i++) _gnutls_mpi_release (¶ms[i]); - if (gnutls_protocol_get_version (session) == GNUTLS_SSL3) + if (gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) { /* SSL 3.0 */ *data = sdata.data; diff --git a/src/daemon/https/tls/auth_rsa_export.c b/src/daemon/https/tls/auth_rsa_export.c @@ -81,7 +81,7 @@ gen_rsa_export_server_kx (gnutls_session_t session, opaque ** data) gnutls_certificate_credentials_t cred; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -116,7 +116,7 @@ gen_rsa_export_server_kx (gnutls_session_t session, opaque ** data) return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS; } - if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE, + if ((ret = _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, sizeof (cert_auth_info_st), 0)) < 0) { gnutls_assert (); @@ -213,7 +213,7 @@ _gnutls_peers_cert_less_512 (gnutls_session_t session) return 0; } - if (peer_cert.subject_pk_algorithm != GNUTLS_PK_RSA) + if (peer_cert.subject_pk_algorithm != MHD_GNUTLS_PK_RSA) { gnutls_assert (); _gnutls_gcert_deinit (&peer_cert); diff --git a/src/daemon/https/tls/ext_cert_type.c b/src/daemon/https/tls/ext_cert_type.c @@ -30,13 +30,13 @@ #include "gnutls_errors.h" #include "gnutls_num.h" #include "ext_cert_type.h" -#include <gnutls_state.h> -#include <gnutls_num.h> +#include "gnutls_state.h" +#include "gnutls_num.h" inline static int _gnutls_num2cert_type (int num); inline static int _gnutls_cert_type2num (int record_size); -/* +/* * In case of a server: if a CERT_TYPE extension type is received then it stores * into the session security parameters the new value. The server may use gnutls_session_certificate_type_get(), * to access it. @@ -82,7 +82,7 @@ _gnutls_cert_type_recv_params (gnutls_session_t session, } } else - { /* SERVER SIDE - we must check if the sent cert type is the right one + { /* SERVER SIDE - we must check if the sent cert type is the right one */ if (data_size > 1) { @@ -157,7 +157,7 @@ _gnutls_cert_type_send_params (gnutls_session_t session, opaque * data, if (len == 1 && session->internals.priorities.cert_type.priority[0] == - GNUTLS_CRT_X509) + MHD_GNUTLS_CRT_X509) { /* We don't use this extension if X.509 certificates * are used. @@ -216,9 +216,9 @@ _gnutls_num2cert_type (int num) switch (num) { case 0: - return GNUTLS_CRT_X509; + return MHD_GNUTLS_CRT_X509; case 1: - return GNUTLS_CRT_OPENPGP; + return MHD_GNUTLS_CRT_OPENPGP; default: return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } @@ -232,9 +232,9 @@ _gnutls_cert_type2num (int cert_type) { switch (cert_type) { - case GNUTLS_CRT_X509: + case MHD_GNUTLS_CRT_X509: return 0; - case GNUTLS_CRT_OPENPGP: + case MHD_GNUTLS_CRT_OPENPGP: return 1; default: return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; diff --git a/src/daemon/https/tls/ext_inner_application.c b/src/daemon/https/tls/ext_inner_application.c @@ -77,7 +77,7 @@ _gnutls_inner_application_send_params (gnutls_session_t session, if (session->security_parameters.entity == GNUTLS_CLIENT) { gnutls_ia_client_credentials_t cred = (gnutls_ia_client_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_IA, NULL); if (cred) ext->gnutls_ia_enable = 1; @@ -85,7 +85,7 @@ _gnutls_inner_application_send_params (gnutls_session_t session, else { gnutls_ia_server_credentials_t cred = (gnutls_ia_server_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_IA, NULL); if (cred) ext->gnutls_ia_enable = 1; diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c @@ -42,30 +42,30 @@ typedef struct } gnutls_cred_map; static const gnutls_cred_map cred_mappings[] = { - {GNUTLS_KX_ANON_DH, - GNUTLS_CRD_ANON, - GNUTLS_CRD_ANON}, - {GNUTLS_KX_RSA, - GNUTLS_CRD_CERTIFICATE, - GNUTLS_CRD_CERTIFICATE}, - {GNUTLS_KX_RSA_EXPORT, - GNUTLS_CRD_CERTIFICATE, - GNUTLS_CRD_CERTIFICATE}, - {GNUTLS_KX_DHE_DSS, - GNUTLS_CRD_CERTIFICATE, - GNUTLS_CRD_CERTIFICATE}, - {GNUTLS_KX_DHE_RSA, - GNUTLS_CRD_CERTIFICATE, - GNUTLS_CRD_CERTIFICATE}, - {GNUTLS_KX_SRP, - GNUTLS_CRD_SRP, - GNUTLS_CRD_SRP}, - {GNUTLS_KX_SRP_RSA, - GNUTLS_CRD_SRP, - GNUTLS_CRD_CERTIFICATE}, - {GNUTLS_KX_SRP_DSS, - GNUTLS_CRD_SRP, - GNUTLS_CRD_CERTIFICATE}, + {MHD_GNUTLS_KX_ANON_DH, + MHD_GNUTLS_CRD_ANON, + MHD_GNUTLS_CRD_ANON}, + {MHD_GNUTLS_KX_RSA, + MHD_GNUTLS_CRD_CERTIFICATE, + MHD_GNUTLS_CRD_CERTIFICATE}, + {MHD_GNUTLS_KX_RSA_EXPORT, + MHD_GNUTLS_CRD_CERTIFICATE, + MHD_GNUTLS_CRD_CERTIFICATE}, + {MHD_GNUTLS_KX_DHE_DSS, + MHD_GNUTLS_CRD_CERTIFICATE, + MHD_GNUTLS_CRD_CERTIFICATE}, + {MHD_GNUTLS_KX_DHE_RSA, + MHD_GNUTLS_CRD_CERTIFICATE, + MHD_GNUTLS_CRD_CERTIFICATE}, + {MHD_GNUTLS_KX_SRP, + MHD_GNUTLS_CRD_SRP, + MHD_GNUTLS_CRD_SRP}, + {MHD_GNUTLS_KX_SRP_RSA, + MHD_GNUTLS_CRD_SRP, + MHD_GNUTLS_CRD_CERTIFICATE}, + {MHD_GNUTLS_KX_SRP_DSS, + MHD_GNUTLS_CRD_SRP, + MHD_GNUTLS_CRD_CERTIFICATE}, {0, 0, 0} @@ -101,17 +101,17 @@ typedef struct * use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA. */ static const gnutls_pk_map pk_mappings[] = { - {GNUTLS_KX_RSA, - GNUTLS_PK_RSA, + {MHD_GNUTLS_KX_RSA, + MHD_GNUTLS_PK_RSA, CIPHER_ENCRYPT}, - {GNUTLS_KX_RSA_EXPORT, - GNUTLS_PK_RSA, + {MHD_GNUTLS_KX_RSA_EXPORT, + MHD_GNUTLS_PK_RSA, CIPHER_SIGN}, - {GNUTLS_KX_DHE_RSA, - GNUTLS_PK_RSA, + {MHD_GNUTLS_KX_DHE_RSA, + MHD_GNUTLS_PK_RSA, CIPHER_SIGN}, - {GNUTLS_KX_SRP_RSA, - GNUTLS_PK_RSA, + {MHD_GNUTLS_KX_SRP_RSA, + MHD_GNUTLS_PK_RSA, CIPHER_SIGN}, {0, 0, @@ -138,22 +138,22 @@ typedef struct static const gnutls_version_entry sup_versions[] = { {"SSL3.0", - GNUTLS_SSL3, + MHD_GNUTLS_SSL3, 3, 0, 1}, {"TLS1.0", - GNUTLS_TLS1, + MHD_GNUTLS_TLS1_0, 3, 1, 1}, {"TLS1.1", - GNUTLS_TLS1_1, + MHD_GNUTLS_TLS1_1, 3, 2, 1}, {"TLS1.2", - GNUTLS_TLS1_2, + MHD_GNUTLS_TLS1_2, 3, 3, 1}, @@ -165,10 +165,10 @@ static const gnutls_version_entry sup_versions[] = { }; /* Keep the contents of this struct the same as the previous one. */ -static const gnutls_protocol_t supported_protocols[] = { GNUTLS_SSL3, - GNUTLS_TLS1, - GNUTLS_TLS1_1, - GNUTLS_TLS1_2, +static const gnutls_protocol_t supported_protocols[] = { MHD_GNUTLS_SSL3, + MHD_GNUTLS_TLS1_0, + MHD_GNUTLS_TLS1_1, + MHD_GNUTLS_TLS1_2, 0 }; @@ -198,62 +198,64 @@ typedef struct gnutls_cipher_entry gnutls_cipher_entry; */ static const gnutls_cipher_entry algorithms[] = { {"AES-256-CBC", - GNUTLS_CIPHER_AES_256_CBC, + MHD_GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK, 16, 0}, {"AES-128-CBC", - GNUTLS_CIPHER_AES_128_CBC, + MHD_GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, 16, 0}, {"3DES-CBC", - GNUTLS_CIPHER_3DES_CBC, + MHD_GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 0}, {"DES-CBC", - GNUTLS_CIPHER_DES_CBC, + MHD_GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 0}, {"ARCFOUR-128", - GNUTLS_CIPHER_ARCFOUR_128, + MHD_GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0}, {"ARCFOUR-40", - GNUTLS_CIPHER_ARCFOUR_40, + MHD_GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 1}, {"RC2-40", - GNUTLS_CIPHER_RC2_40_CBC, + MHD_GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 1}, #ifdef ENABLE_CAMELLIA - {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK, + {"CAMELLIA-256-CBC", MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, + CIPHER_BLOCK, 16, 0}, - {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, CIPHER_BLOCK, + {"CAMELLIA-128-CBC", MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, + CIPHER_BLOCK, 16, 0}, #endif {"NULL", - GNUTLS_CIPHER_NULL, + MHD_GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, @@ -270,18 +272,18 @@ static const gnutls_cipher_entry algorithms[] = { /* Keep the contents of this struct the same as the previous one. */ static const gnutls_cipher_algorithm_t supported_ciphers[] = - { GNUTLS_CIPHER_AES_256_CBC, - GNUTLS_CIPHER_AES_128_CBC, - GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_DES_CBC, - GNUTLS_CIPHER_ARCFOUR_128, - GNUTLS_CIPHER_ARCFOUR_40, - GNUTLS_CIPHER_RC2_40_CBC, + { MHD_GNUTLS_CIPHER_AES_256_CBC, + MHD_GNUTLS_CIPHER_AES_128_CBC, + MHD_GNUTLS_CIPHER_3DES_CBC, + MHD_GNUTLS_CIPHER_DES_CBC, + MHD_GNUTLS_CIPHER_ARCFOUR_128, + MHD_GNUTLS_CIPHER_ARCFOUR_40, + MHD_GNUTLS_CIPHER_RC2_40_CBC, #ifdef ENABLE_CAMELLIA - GNUTLS_CIPHER_CAMELLIA_256_CBC, - GNUTLS_CIPHER_CAMELLIA_128_CBC, + MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, + MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, #endif - GNUTLS_CIPHER_NULL, + MHD_GNUTLS_CIPHER_NULL, 0 }; @@ -304,19 +306,19 @@ typedef struct gnutls_hash_entry gnutls_hash_entry; static const gnutls_hash_entry hash_algorithms[] = { {"SHA1", HASH_OID_SHA1, - GNUTLS_MAC_SHA1, + MHD_GNUTLS_MAC_SHA1, 20}, {"MD5", HASH_OID_MD5, - GNUTLS_MAC_MD5, + MHD_GNUTLS_MAC_MD5, 16}, {"SHA256", HASH_OID_SHA256, - GNUTLS_MAC_SHA256, + MHD_GNUTLS_MAC_SHA256, 32}, {"NULL", NULL, - GNUTLS_MAC_NULL, + MHD_GNUTLS_MAC_NULL, 0}, {0, 0, @@ -325,10 +327,10 @@ static const gnutls_hash_entry hash_algorithms[] = { }; /* Keep the contents of this struct the same as the previous one. */ -static const gnutls_mac_algorithm_t supported_macs[] = { GNUTLS_MAC_SHA1, - GNUTLS_MAC_MD5, - GNUTLS_MAC_SHA256, - GNUTLS_MAC_NULL, +static const gnutls_mac_algorithm_t supported_macs[] = { MHD_GNUTLS_MAC_SHA1, + MHD_GNUTLS_MAC_MD5, + MHD_GNUTLS_MAC_SHA256, + MHD_GNUTLS_MAC_NULL, 0 }; @@ -349,10 +351,10 @@ const int _gnutls_comp_algorithms_size = MAX_COMP_METHODS; /* the compression entry is defined in gnutls_algorithms.h */ gnutls_compression_entry _gnutls_compression_algorithms[MAX_COMP_METHODS] = - { GNUTLS_COMPRESSION_ENTRY (GNUTLS_COMP_NULL, 0x00, 0, 0, 0), + { GNUTLS_COMPRESSION_ENTRY (MHD_GNUTLS_COMP_NULL, 0x00, 0, 0, 0), #ifdef HAVE_LIBZ /* draft-ietf-tls-compression-02 */ - GNUTLS_COMPRESSION_ENTRY (GNUTLS_COMP_DEFLATE, 0x01, 15, 8, 3), + GNUTLS_COMPRESSION_ENTRY (MHD_GNUTLS_COMP_DEFLATE, 0x01, 15, 8, 3), #endif {0, 0, @@ -364,9 +366,9 @@ gnutls_compression_entry _gnutls_compression_algorithms[MAX_COMP_METHODS] = static const gnutls_compression_method_t supported_compressions[] = { #ifdef HAVE_LIBZ - GNUTLS_COMP_DEFLATE, + MHD_GNUTLS_COMP_DEFLATE, #endif - GNUTLS_COMP_NULL, + MHD_GNUTLS_COMP_NULL, 0 }; @@ -402,33 +404,33 @@ typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry; static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = { #ifdef ENABLE_ANON - {"ANON-DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1, 0}, + {"ANON-DH", MHD_GNUTLS_KX_ANON_DH, &anon_auth_struct, 1, 0}, #endif {"RSA", - GNUTLS_KX_RSA, + MHD_GNUTLS_KX_RSA, &rsa_auth_struct, 0, 0}, {"RSA-EXPORT", - GNUTLS_KX_RSA_EXPORT, + MHD_GNUTLS_KX_RSA_EXPORT, &rsa_export_auth_struct, 0, 1 /* needs RSA params */ }, {"DHE-RSA", - GNUTLS_KX_DHE_RSA, + MHD_GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1, 0}, {"DHE-DSS", - GNUTLS_KX_DHE_DSS, + MHD_GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1, 0}, #ifdef ENABLE_SRP - {"SRP-DSS", GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0, 0}, - {"SRP-RSA", GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0, 0}, - {"SRP", GNUTLS_KX_SRP, &srp_auth_struct, 0, 0}, + {"SRP-DSS", MHD_GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0, 0}, + {"SRP-RSA", MHD_GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0, 0}, + {"SRP", MHD_GNUTLS_KX_SRP, &srp_auth_struct, 0, 0}, #endif #ifdef ENABLE_PSK {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0, 0}, @@ -445,16 +447,16 @@ static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = { /* Keep the contents of this struct the same as the previous one. */ static const gnutls_kx_algorithm_t supported_kxs[] = { #ifdef ENABLE_ANON - GNUTLS_KX_ANON_DH, + MHD_GNUTLS_KX_ANON_DH, #endif - GNUTLS_KX_RSA, - GNUTLS_KX_RSA_EXPORT, - GNUTLS_KX_DHE_RSA, - GNUTLS_KX_DHE_DSS, + MHD_GNUTLS_KX_RSA, + MHD_GNUTLS_KX_RSA_EXPORT, + MHD_GNUTLS_KX_DHE_RSA, + MHD_GNUTLS_KX_DHE_DSS, #ifdef ENABLE_SRP - GNUTLS_KX_SRP_DSS, - GNUTLS_KX_SRP_RSA, - GNUTLS_KX_SRP, + MHD_GNUTLS_KX_SRP_DSS, + MHD_GNUTLS_KX_SRP_RSA, + MHD_GNUTLS_KX_SRP, #endif #ifdef ENABLE_PSK GNUTLS_KX_PSK, @@ -585,139 +587,161 @@ typedef struct static const gnutls_cipher_suite_entry cs_algorithms[] = { /* ANON_DH */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5, - GNUTLS_CIPHER_ARCFOUR_128, - GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5, - GNUTLS_SSL3), + MHD_GNUTLS_CIPHER_ARCFOUR_128, + MHD_GNUTLS_KX_ANON_DH, MHD_GNUTLS_MAC_MD5, + MHD_GNUTLS_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_SSL3), + MHD_GNUTLS_CIPHER_3DES_CBC, + MHD_GNUTLS_KX_ANON_DH, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_SSL3), + MHD_GNUTLS_CIPHER_AES_128_CBC, + MHD_GNUTLS_KX_ANON_DH, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_SSL3), + MHD_GNUTLS_CIPHER_AES_256_CBC, + MHD_GNUTLS_KX_ANON_DH, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, + MHD_GNUTLS_KX_ANON_DH, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_256_CBC, - GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, + MHD_GNUTLS_KX_ANON_DH, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), #endif /* SRP */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_SRP, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_SRP, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_SRP, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_3DES_CBC, + MHD_GNUTLS_KX_SRP_DSS, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_3DES_CBC, + MHD_GNUTLS_KX_SRP_RSA, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_AES_128_CBC, + MHD_GNUTLS_KX_SRP_DSS, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_AES_128_CBC, + MHD_GNUTLS_KX_SRP_RSA, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_AES_256_CBC, + MHD_GNUTLS_KX_SRP_DSS, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_AES_256_CBC, + MHD_GNUTLS_KX_SRP_RSA, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), /* DHE_DSS */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1, - GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_ARCFOUR_128, + MHD_GNUTLS_KX_DHE_DSS, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_SSL3), + MHD_GNUTLS_CIPHER_3DES_CBC, + MHD_GNUTLS_KX_DHE_DSS, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_SSL3), + MHD_GNUTLS_CIPHER_AES_128_CBC, + MHD_GNUTLS_KX_DHE_DSS, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_SSL3), + MHD_GNUTLS_CIPHER_AES_256_CBC, + MHD_GNUTLS_KX_DHE_DSS, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, + MHD_GNUTLS_KX_DHE_DSS, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_256_CBC, - GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, + MHD_GNUTLS_KX_DHE_DSS, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), #endif /* DHE_RSA */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3), + MHD_GNUTLS_CIPHER_3DES_CBC, + MHD_GNUTLS_KX_DHE_RSA, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3), + MHD_GNUTLS_CIPHER_AES_128_CBC, + MHD_GNUTLS_KX_DHE_RSA, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3), + MHD_GNUTLS_CIPHER_AES_256_CBC, + MHD_GNUTLS_KX_DHE_RSA, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, + MHD_GNUTLS_KX_DHE_RSA, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_256_CBC, - GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, + MHD_GNUTLS_KX_DHE_RSA, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), #endif /* RSA */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5, - GNUTLS_CIPHER_NULL, - GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3), + MHD_GNUTLS_CIPHER_NULL, + MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_MD5, + MHD_GNUTLS_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5, - GNUTLS_CIPHER_ARCFOUR_40, - GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5, - GNUTLS_SSL3), + MHD_GNUTLS_CIPHER_ARCFOUR_40, + MHD_GNUTLS_KX_RSA_EXPORT, MHD_GNUTLS_MAC_MD5, + MHD_GNUTLS_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1, - GNUTLS_CIPHER_ARCFOUR_128, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3), + MHD_GNUTLS_CIPHER_ARCFOUR_128, + MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_SHA1, + MHD_GNUTLS_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5, - GNUTLS_CIPHER_ARCFOUR_128, - GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3), + MHD_GNUTLS_CIPHER_ARCFOUR_128, + MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_MD5, + MHD_GNUTLS_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3), + MHD_GNUTLS_CIPHER_3DES_CBC, + MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_SHA1, + MHD_GNUTLS_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3), + MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_RSA, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3), + MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_RSA, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, + MHD_GNUTLS_KX_RSA, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1), + MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, + MHD_GNUTLS_KX_RSA, + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), #endif {0, { @@ -780,7 +804,7 @@ gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm) gnutls_mac_algorithm_t gnutls_mac_get_id (const char *name) { - gnutls_mac_algorithm_t ret = GNUTLS_MAC_UNKNOWN; + gnutls_mac_algorithm_t ret = MHD_GNUTLS_MAC_UNKNOWN; GNUTLS_HASH_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id) ; @@ -847,7 +871,7 @@ _gnutls_x509_oid2mac_algorithm (const char *oid) ; if (ret == 0) - return GNUTLS_MAC_UNKNOWN; + return MHD_GNUTLS_MAC_UNKNOWN; return ret; } @@ -908,7 +932,7 @@ gnutls_compression_get_name (gnutls_compression_method_t algorithm) gnutls_compression_method_t gnutls_compression_get_id (const char *name) { - gnutls_compression_method_t ret = GNUTLS_COMP_UNKNOWN; + gnutls_compression_method_t ret = MHD_GNUTLS_COMP_UNKNOWN; GNUTLS_COMPRESSION_LOOP (if (strcasecmp @@ -1099,7 +1123,7 @@ gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm) gnutls_cipher_algorithm_t gnutls_cipher_get_id (const char *name) { - gnutls_cipher_algorithm_t ret = GNUTLS_CIPHER_UNKNOWN; + gnutls_cipher_algorithm_t ret = MHD_GNUTLS_CIPHER_UNKNOWN; GNUTLS_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id) ; @@ -1190,7 +1214,7 @@ gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm) gnutls_kx_algorithm_t gnutls_kx_get_id (const char *name) { - gnutls_cipher_algorithm_t ret = GNUTLS_KX_UNKNOWN; + gnutls_cipher_algorithm_t ret = MHD_GNUTLS_KX_UNKNOWN; GNUTLS_KX_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->algorithm) ; @@ -1267,7 +1291,7 @@ _gnutls_version_lowest (gnutls_session_t session) if (session->internals.priorities.protocol.priority == NULL) { - return GNUTLS_VERSION_UNKNOWN; + return MHD_GNUTLS_VERSION_UNKNOWN; } else for (i = 0; i < session->internals.priorities.protocol.algorithms; i++) @@ -1277,7 +1301,7 @@ _gnutls_version_lowest (gnutls_session_t session) } if (min == 0xff) - return GNUTLS_VERSION_UNKNOWN; /* unknown version */ + return MHD_GNUTLS_VERSION_UNKNOWN; /* unknown version */ return min; } @@ -1289,7 +1313,7 @@ _gnutls_version_max (gnutls_session_t session) if (session->internals.priorities.protocol.priority == NULL) { - return GNUTLS_VERSION_UNKNOWN; + return MHD_GNUTLS_VERSION_UNKNOWN; } else for (i = 0; i < session->internals.priorities.protocol.algorithms; i++) @@ -1299,7 +1323,7 @@ _gnutls_version_max (gnutls_session_t session) } if (max == 0x00) - return GNUTLS_VERSION_UNKNOWN; /* unknown version */ + return MHD_GNUTLS_VERSION_UNKNOWN; /* unknown version */ return max; } @@ -1333,7 +1357,7 @@ gnutls_protocol_get_name (gnutls_protocol_t version) gnutls_protocol_t gnutls_protocol_get_id (const char *name) { - gnutls_protocol_t ret = GNUTLS_VERSION_UNKNOWN; + gnutls_protocol_t ret = MHD_GNUTLS_VERSION_UNKNOWN; GNUTLS_VERSION_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id) ; @@ -1913,9 +1937,9 @@ gnutls_certificate_type_get_name (gnutls_certificate_type_t type) { const char *ret = NULL; - if (type == GNUTLS_CRT_X509) + if (type == MHD_GNUTLS_CRT_X509) ret = "X.509"; - if (type == GNUTLS_CRT_OPENPGP) + if (type == MHD_GNUTLS_CRT_OPENPGP) ret = "OPENPGP"; return ret; @@ -1933,19 +1957,19 @@ gnutls_certificate_type_get_name (gnutls_certificate_type_t type) gnutls_certificate_type_t gnutls_certificate_type_get_id (const char *name) { - gnutls_certificate_type_t ret = GNUTLS_CRT_UNKNOWN; + gnutls_certificate_type_t ret = MHD_GNUTLS_CRT_UNKNOWN; if (strcasecmp (name, "X.509") == 0 || strcasecmp (name, "X509") == 0) - return GNUTLS_CRT_X509; + return MHD_GNUTLS_CRT_X509; if (strcasecmp (name, "OPENPGP") == 0) - return GNUTLS_CRT_OPENPGP; + return MHD_GNUTLS_CRT_OPENPGP; return ret; } static const gnutls_certificate_type_t supported_certificate_types[] = - { GNUTLS_CRT_X509, - GNUTLS_CRT_OPENPGP, + { MHD_GNUTLS_CRT_X509, + MHD_GNUTLS_CRT_OPENPGP, 0 }; @@ -2006,18 +2030,18 @@ static const gnutls_sign_entry sign_algorithms[] = { {"RSA-SHA", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, - GNUTLS_PK_RSA, - GNUTLS_MAC_SHA1}, + MHD_GNUTLS_PK_RSA, + MHD_GNUTLS_MAC_SHA1}, {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, - GNUTLS_PK_RSA, - GNUTLS_MAC_SHA256}, + MHD_GNUTLS_PK_RSA, + MHD_GNUTLS_MAC_SHA256}, {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, - GNUTLS_PK_RSA, - GNUTLS_MAC_MD5}, + MHD_GNUTLS_PK_RSA, + MHD_GNUTLS_MAC_MD5}, {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, @@ -2123,7 +2147,7 @@ typedef struct gnutls_pk_entry gnutls_pk_entry; static const gnutls_pk_entry pk_algorithms[] = { {"RSA", PK_PKIX1_RSA_OID, - GNUTLS_PK_RSA}, + MHD_GNUTLS_PK_RSA}, {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, 0}, @@ -2161,7 +2185,7 @@ gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm) gnutls_pk_algorithm_t _gnutls_x509_oid2pk_algorithm (const char *oid) { - gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN; + gnutls_pk_algorithm_t ret = MHD_GNUTLS_PK_UNKNOWN; const gnutls_pk_entry *p; for (p = pk_algorithms; p->name != NULL; p++) diff --git a/src/daemon/https/tls/gnutls_auth.c b/src/daemon/https/tls/gnutls_auth.c @@ -297,9 +297,9 @@ _gnutls_free_auth_info (gnutls_session_t session) switch (session->key->auth_info_type) { - case GNUTLS_CRD_SRP: + case MHD_GNUTLS_CRD_SRP: break; - case GNUTLS_CRD_ANON: + case MHD_GNUTLS_CRD_ANON: { anon_auth_info_t info = _gnutls_get_auth_info (session); @@ -310,7 +310,7 @@ _gnutls_free_auth_info (gnutls_session_t session) _gnutls_free_dh_info (dh_info); } break; - case GNUTLS_CRD_CERTIFICATE: + case MHD_GNUTLS_CRD_CERTIFICATE: { unsigned int i; cert_auth_info_t info = _gnutls_get_auth_info (session); diff --git a/src/daemon/https/tls/gnutls_buffers.c b/src/daemon/https/tls/gnutls_buffers.c @@ -87,8 +87,8 @@ * push/pull function, and don't worry about thread conflicts, you can * also use gnutls_transport_set_global_errno(). **/ -void gnutls_transport_set_errno(gnutls_session_t session, - int err) +void +gnutls_transport_set_errno (gnutls_session_t session, int err) { session->internals.errnum = err; } @@ -113,7 +113,8 @@ void gnutls_transport_set_errno(gnutls_session_t session, * a thread-local variable. When feasible, using the guaranteed * thread-safe gnutls_transport_set_errno() may be better. **/ -void gnutls_transport_set_global_errno(int err) +void +gnutls_transport_set_global_errno (int err) { errno = err; } @@ -121,10 +122,10 @@ void gnutls_transport_set_global_errno(int err) /* Buffers received packets of type APPLICATION DATA and * HANDSHAKE DATA. */ -int _gnutls_record_buffer_put(content_type_t type, - gnutls_session_t session, - opaque * data, - size_t length) +int +_gnutls_record_buffer_put (content_type_t type, + gnutls_session_t session, + opaque * data, size_t length) { gnutls_buffer *buf; @@ -133,28 +134,27 @@ int _gnutls_record_buffer_put(content_type_t type, switch (type) { - case GNUTLS_APPLICATION_DATA: - buf = &session->internals.application_data_buffer; - _gnutls_buffers_log ("BUF[REC]: Inserted %d bytes of Data(%d)\n", - length, type); - break; - - case GNUTLS_HANDSHAKE: - buf = &session->internals.handshake_data_buffer; - _gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data(%d)\n", - length, type); - break; - - case GNUTLS_INNER_APPLICATION: - buf = &session->internals.ia_data_buffer; - _gnutls_buffers_log ("BUF[IA]: Inserted %d bytes of Data(%d)\n", length, - type); - break; - - default: - gnutls_assert () - ; - return GNUTLS_E_INVALID_REQUEST; + case GNUTLS_APPLICATION_DATA: + buf = &session->internals.application_data_buffer; + _gnutls_buffers_log ("BUF[REC]: Inserted %d bytes of Data(%d)\n", + length, type); + break; + + case GNUTLS_HANDSHAKE: + buf = &session->internals.handshake_data_buffer; + _gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data(%d)\n", + length, type); + break; + + case GNUTLS_INNER_APPLICATION: + buf = &session->internals.ia_data_buffer; + _gnutls_buffers_log ("BUF[IA]: Inserted %d bytes of Data(%d)\n", length, + type); + break; + + default: + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } if (_gnutls_buffer_append (buf, data, length) < 0) @@ -166,22 +166,22 @@ int _gnutls_record_buffer_put(content_type_t type, return 0; } -int _gnutls_record_buffer_get_size(content_type_t type, - gnutls_session_t session) +int +_gnutls_record_buffer_get_size (content_type_t type, gnutls_session_t session) { switch (type) { - case GNUTLS_APPLICATION_DATA: - return session->internals.application_data_buffer.length; + case GNUTLS_APPLICATION_DATA: + return session->internals.application_data_buffer.length; - case GNUTLS_HANDSHAKE: - return session->internals.handshake_data_buffer.length; + case GNUTLS_HANDSHAKE: + return session->internals.handshake_data_buffer.length; - case GNUTLS_INNER_APPLICATION: - return session->internals.ia_data_buffer.length; + case GNUTLS_INNER_APPLICATION: + return session->internals.ia_data_buffer.length; - default: - return GNUTLS_E_INVALID_REQUEST; + default: + return GNUTLS_E_INVALID_REQUEST; } } @@ -196,15 +196,16 @@ int _gnutls_record_buffer_get_size(content_type_t type, * (gnutls leaves some data in the tcp buffer in order for select * to work). **/ -size_t gnutls_record_check_pending(gnutls_session_t session) +size_t +gnutls_record_check_pending (gnutls_session_t session) { - return _gnutls_record_buffer_get_size(GNUTLS_APPLICATION_DATA, session); + return _gnutls_record_buffer_get_size (GNUTLS_APPLICATION_DATA, session); } -int _gnutls_record_buffer_get(content_type_t type, - gnutls_session_t session, - opaque * data, - size_t length) +int +_gnutls_record_buffer_get (content_type_t type, + gnutls_session_t session, + opaque * data, size_t length) { if (length == 0 || data == NULL) { @@ -214,70 +215,69 @@ int _gnutls_record_buffer_get(content_type_t type, switch (type) { - case GNUTLS_APPLICATION_DATA: + case GNUTLS_APPLICATION_DATA: - if (length > session->internals.application_data_buffer.length) - { - length = session->internals.application_data_buffer.length; - } + if (length > session->internals.application_data_buffer.length) + { + length = session->internals.application_data_buffer.length; + } - _gnutls_buffers_log ("BUFFER[REC][AD]: Read %d bytes of Data(%d)\n", - length, type); + _gnutls_buffers_log ("BUFFER[REC][AD]: Read %d bytes of Data(%d)\n", + length, type); - session->internals.application_data_buffer.length -= length; - memcpy(data, session->internals.application_data_buffer.data, length); + session->internals.application_data_buffer.length -= length; + memcpy (data, session->internals.application_data_buffer.data, length); - /* overwrite buffer */ - memmove(session->internals.application_data_buffer.data, - &session->internals.application_data_buffer.data[length], - session->internals.application_data_buffer.length); + /* overwrite buffer */ + memmove (session->internals.application_data_buffer.data, + &session->internals.application_data_buffer.data[length], + session->internals.application_data_buffer.length); - /* we do no longer realloc the application_data_buffer.data, - * since it serves no practical reason. It also decreases - * performance. - */ - break; + /* we do no longer realloc the application_data_buffer.data, + * since it serves no practical reason. It also decreases + * performance. + */ + break; - case GNUTLS_HANDSHAKE: - if (length > session->internals.handshake_data_buffer.length) - { - length = session->internals.handshake_data_buffer.length; - } + case GNUTLS_HANDSHAKE: + if (length > session->internals.handshake_data_buffer.length) + { + length = session->internals.handshake_data_buffer.length; + } - _gnutls_buffers_log ("BUF[REC][HD]: Read %d bytes of Data(%d)\n", - length, type); + _gnutls_buffers_log ("BUF[REC][HD]: Read %d bytes of Data(%d)\n", + length, type); - session->internals.handshake_data_buffer.length -= length; - memcpy(data, session->internals.handshake_data_buffer.data, length); + session->internals.handshake_data_buffer.length -= length; + memcpy (data, session->internals.handshake_data_buffer.data, length); - /* overwrite buffer */ - memmove(session->internals.handshake_data_buffer.data, - &session->internals.handshake_data_buffer.data[length], - session->internals.handshake_data_buffer.length); + /* overwrite buffer */ + memmove (session->internals.handshake_data_buffer.data, + &session->internals.handshake_data_buffer.data[length], + session->internals.handshake_data_buffer.length); - break; + break; - case GNUTLS_INNER_APPLICATION: - if (length > session->internals.ia_data_buffer.length) - length = session->internals.ia_data_buffer.length; + case GNUTLS_INNER_APPLICATION: + if (length > session->internals.ia_data_buffer.length) + length = session->internals.ia_data_buffer.length; - _gnutls_buffers_log ("BUF[REC][IA]: Read %d bytes of Data(%d)\n", - length, type); + _gnutls_buffers_log ("BUF[REC][IA]: Read %d bytes of Data(%d)\n", + length, type); - session->internals.ia_data_buffer.length -= length; - memcpy(data, session->internals.ia_data_buffer.data, length); + session->internals.ia_data_buffer.length -= length; + memcpy (data, session->internals.ia_data_buffer.data, length); - /* overwrite buffer */ - memmove(session->internals.ia_data_buffer.data, - &session->internals.ia_data_buffer.data[length], - session->internals.ia_data_buffer.length); + /* overwrite buffer */ + memmove (session->internals.ia_data_buffer.data, + &session->internals.ia_data_buffer.data[length], + session->internals.ia_data_buffer.length); - break; + break; - default: - gnutls_assert () - ; - return GNUTLS_E_INVALID_REQUEST; + default: + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } return length; @@ -288,10 +288,9 @@ int _gnutls_record_buffer_get(content_type_t type, * * Flags are only used if the default recv() function is being used. */ -static ssize_t _gnutls_read(gnutls_session_t session, - void *iptr, - size_t sizeOfPtr, - int flags) +static ssize_t +_gnutls_read (gnutls_session_t session, + void *iptr, size_t sizeOfPtr, int flags) { size_t left; ssize_t i = 0; @@ -309,23 +308,23 @@ static ssize_t _gnutls_read(gnutls_session_t session, if (session->internals._gnutls_pull_func == NULL) { - i = recv(GNUTLS_POINTER_TO_INT (fd), &ptr[sizeOfPtr - left], left, - flags); + i = recv (GNUTLS_POINTER_TO_INT (fd), &ptr[sizeOfPtr - left], left, + flags); #if HAVE_WINSOCK if (i < 0) { int tmperr = WSAGetLastError (); switch (tmperr) { - case WSAEWOULDBLOCK: + case WSAEWOULDBLOCK: session->internals.errnum = EAGAIN; break; - case WSAEINTR: + case WSAEINTR: session->internals.errnum = EINTR; break; - default: + default: session->internals.errnum = EIO; break; } @@ -334,16 +333,16 @@ static ssize_t _gnutls_read(gnutls_session_t session, #endif } else - i = session->internals._gnutls_pull_func(fd, &ptr[sizeOfPtr - - left], left); + i = session->internals._gnutls_pull_func (fd, &ptr[sizeOfPtr - + left], left); if (i < 0) { int err = session->internals.errnum ? session->internals.errnum - : errno; + : errno; _gnutls_read_log ("READ: %d returned from %d, errno=%d gerrno=%d\n", - i, fd, errno, session->internals.errnum); + i, fd, errno, session->internals.errnum); if (err == EAGAIN || err == EINTR) { @@ -351,7 +350,7 @@ static ssize_t _gnutls_read(gnutls_session_t session, { _gnutls_read_log ("READ: returning %d bytes from %d\n", - sizeOfPtr - left, fd); + sizeOfPtr - left, fd); goto finish; } @@ -373,14 +372,14 @@ static ssize_t _gnutls_read(gnutls_session_t session, _gnutls_read_log ("READ: Got %d bytes from %d\n", i, fd); if (i == 0) - break; /* EOF */ + break; /* EOF */ } left -= i; } - finish: +finish: if (_gnutls_log_level >= 7) { @@ -388,21 +387,21 @@ static ssize_t _gnutls_read(gnutls_session_t session, char tmp[16]; _gnutls_read_log ("READ: read %d bytes from %d\n", (sizeOfPtr - left), - fd); + fd); for (x = 0; x < ((sizeOfPtr - left) / 16) + 1; x++) { line[0] = 0; - sprintf(tmp, "%.4x - ", x); - _gnutls_str_cat(line, sizeof (line), tmp); + sprintf (tmp, "%.4x - ", x); + _gnutls_str_cat (line, sizeof (line), tmp); for (j = 0; j < 16; j++) { if (sum < (sizeOfPtr - left)) { - sprintf(tmp, "%.2x ", ((unsigned char *) ptr)[sum++]); - _gnutls_str_cat(line, sizeof (line), tmp); + sprintf (tmp, "%.2x ", ((unsigned char *) ptr)[sum++]); + _gnutls_str_cat (line, sizeof (line), tmp); } } _gnutls_read_log ("%s\n", line); @@ -417,7 +416,8 @@ static ssize_t _gnutls_read(gnutls_session_t session, /* This function is only used with berkeley style sockets. * Clears the peeked data (read with MSG_PEEK). */ -int _gnutls_io_clear_peeked_data(gnutls_session_t session) +int +_gnutls_io_clear_peeked_data (gnutls_session_t session) { char *peekdata; int ret, sum; @@ -435,12 +435,13 @@ int _gnutls_io_clear_peeked_data(gnutls_session_t session) /* this was already read by using MSG_PEEK - so it shouldn't fail */ sum = 0; do - { /* we need this to finish now */ - ret = _gnutls_read(session, peekdata, RCVLOWAT - sum, 0); + { /* we need this to finish now */ + ret = _gnutls_read (session, peekdata, RCVLOWAT - sum, 0); if (ret > 0) sum += ret; - } while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN || sum - < RCVLOWAT); + } + while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN || sum + < RCVLOWAT); gnutls_afree (peekdata); @@ -455,7 +456,8 @@ int _gnutls_io_clear_peeked_data(gnutls_session_t session) return 0; } -void _gnutls_io_clear_read_buffer(gnutls_session_t session) +void +_gnutls_io_clear_read_buffer (gnutls_session_t session) { session->internals.record_recv_buffer.length = 0; } @@ -469,10 +471,10 @@ void _gnutls_io_clear_read_buffer(gnutls_session_t session) * which are stored in a local (in the session) buffer. A pointer (iptr) to this buffer is returned. * */ -ssize_t _gnutls_io_read_buffered(gnutls_session_t session, - opaque ** iptr, - size_t sizeOfPtr, - content_type_t recv_type) +ssize_t +_gnutls_io_read_buffered (gnutls_session_t session, + opaque ** iptr, + size_t sizeOfPtr, content_type_t recv_type) { ssize_t ret = 0, ret2 = 0; size_t min; @@ -485,7 +487,7 @@ ssize_t _gnutls_io_read_buffered(gnutls_session_t session, if (sizeOfPtr > MAX_RECV_SIZE || sizeOfPtr == 0) { - gnutls_assert (); /* internal error */ + gnutls_assert (); /* internal error */ return GNUTLS_E_INVALID_REQUEST; } @@ -512,7 +514,7 @@ ssize_t _gnutls_io_read_buffered(gnutls_session_t session, /* calculate the actual size, ie. get the minimum of the * buffered data and the requested data. */ - min = MIN(session->internals.record_recv_buffer.length, sizeOfPtr); + min = MIN (session->internals.record_recv_buffer.length, sizeOfPtr); if (min > 0) { /* if we have enough buffered data @@ -532,9 +534,10 @@ ssize_t _gnutls_io_read_buffered(gnutls_session_t session, /* Check if the previously read data plus the new data to * receive are longer than the maximum receive buffer size. */ - if ((session->internals.record_recv_buffer.length + recvdata) > MAX_RECV_SIZE) + if ((session->internals.record_recv_buffer.length + recvdata) > + MAX_RECV_SIZE) { - gnutls_assert (); /* internal error */ + gnutls_assert (); /* internal error */ return GNUTLS_E_INVALID_REQUEST; } @@ -542,8 +545,8 @@ ssize_t _gnutls_io_read_buffered(gnutls_session_t session, */ alloc_size = recvdata + session->internals.record_recv_buffer.length; session->internals.record_recv_buffer.data - = gnutls_realloc_fast(session->internals.record_recv_buffer.data, - alloc_size); + = gnutls_realloc_fast (session->internals.record_recv_buffer.data, + alloc_size); if (session->internals.record_recv_buffer.data == NULL) { gnutls_assert (); @@ -557,12 +560,12 @@ ssize_t _gnutls_io_read_buffered(gnutls_session_t session, /* READ DATA - but leave RCVLOWAT bytes in the kernel buffer. */ if (recvdata - recvlowat > 0) { - ret = _gnutls_read(session, &buf[buf_pos], recvdata - recvlowat, 0); + ret = _gnutls_read (session, &buf[buf_pos], recvdata - recvlowat, 0); /* return immediately if we got an interrupt or eagain * error. */ - if (ret < 0 && gnutls_error_is_fatal(ret) == 0) + if (ret < 0 && gnutls_error_is_fatal (ret) == 0) { return ret; } @@ -573,7 +576,7 @@ ssize_t _gnutls_io_read_buffered(gnutls_session_t session, if (ret > 0) { _gnutls_read_log ("RB: Have %d bytes into buffer. Adding %d bytes.\n", - session->internals.record_recv_buffer.length, ret); + session->internals.record_recv_buffer.length, ret); _gnutls_read_log ("RB: Requested %d bytes\n", sizeOfPtr); session->internals.record_recv_buffer.length += ret; } @@ -587,9 +590,9 @@ ssize_t _gnutls_io_read_buffered(gnutls_session_t session, */ if (ret == (recvdata - recvlowat) && recvlowat > 0) { - ret2 = _gnutls_read(session, &buf[buf_pos], recvlowat, MSG_PEEK); + ret2 = _gnutls_read (session, &buf[buf_pos], recvlowat, MSG_PEEK); - if (ret2 < 0 && gnutls_error_is_fatal(ret2) == 0) + if (ret2 < 0 && gnutls_error_is_fatal (ret2) == 0) { return ret2; } @@ -598,8 +601,8 @@ ssize_t _gnutls_io_read_buffered(gnutls_session_t session, { _gnutls_read_log ("RB-PEEK: Read %d bytes in PEEK MODE.\n", ret2); _gnutls_read_log - ("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", - session->internals.record_recv_buffer.length, ret2, sizeOfPtr); + ("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", + session->internals.record_recv_buffer.length, ret2, sizeOfPtr); session->internals.have_peeked_data = 1; session->internals.record_recv_buffer.length += ret2; @@ -610,7 +613,7 @@ ssize_t _gnutls_io_read_buffered(gnutls_session_t session, { gnutls_assert (); /* that's because they are initialized to 0 */ - return MIN(ret, ret2); + return MIN (ret, ret2); } ret += ret2; @@ -622,7 +625,7 @@ ssize_t _gnutls_io_read_buffered(gnutls_session_t session, } if (ret == 0) - { /* EOF */ + { /* EOF */ gnutls_assert (); return 0; } @@ -648,12 +651,13 @@ ssize_t _gnutls_io_read_buffered(gnutls_session_t session, #define MEMSUB(x,y) ((ssize_t)((ptrdiff_t)x-(ptrdiff_t)y)) -inline static int _gnutls_buffer_insert(gnutls_buffer * buffer, - const opaque * _data, - size_t data_size) +inline static int +_gnutls_buffer_insert (gnutls_buffer * buffer, + const opaque * _data, size_t data_size) { - if ((MEMSUB (_data, buffer->data) >= 0) && (MEMSUB (_data, buffer->data) < (ssize_t) buffer->length)) + if ((MEMSUB (_data, buffer->data) >= 0) + && (MEMSUB (_data, buffer->data) < (ssize_t) buffer->length)) { /* the given _data is part of the buffer. */ @@ -665,12 +669,12 @@ inline static int _gnutls_buffer_insert(gnutls_buffer * buffer, } if (_data == buffer->data) - { /* then don't even memmove */ + { /* then don't even memmove */ buffer->length = data_size; return 0; } - memmove(buffer->data, _data, data_size); + memmove (buffer->data, _data, data_size); buffer->length = data_size; return 0; @@ -686,9 +690,9 @@ inline static int _gnutls_buffer_insert(gnutls_buffer * buffer, return 0; } -inline static int _gnutls_buffer_get(gnutls_buffer * buffer, - const opaque ** ptr, - size_t * ptr_size) +inline static int +_gnutls_buffer_get (gnutls_buffer * buffer, + const opaque ** ptr, size_t * ptr_size) { *ptr_size = buffer->length; *ptr = buffer->data; @@ -707,9 +711,9 @@ inline static int _gnutls_buffer_get(gnutls_buffer * buffer, * to decrypt and verify the integrity. * */ -ssize_t _gnutls_io_write_buffered(gnutls_session_t session, - const void *iptr, - size_t n) +ssize_t +_gnutls_io_write_buffered (gnutls_session_t session, + const void *iptr, size_t n) { size_t left; unsigned j, x, sum = 0; @@ -740,7 +744,8 @@ ssize_t _gnutls_io_write_buffered(gnutls_session_t session, { /* checking is handled above */ ret - = _gnutls_buffer_get(&session->internals.record_send_buffer, &ptr, &n); + = + _gnutls_buffer_get (&session->internals.record_send_buffer, &ptr, &n); if (ret < 0) { gnutls_assert (); @@ -748,7 +753,7 @@ ssize_t _gnutls_io_write_buffered(gnutls_session_t session, } _gnutls_write_log ("WRITE: Restoring old write. (%d bytes to send)\n", - n); + n); } _gnutls_write_log ("WRITE: Will write %d bytes to %d.\n", n, fd); @@ -762,22 +767,22 @@ ssize_t _gnutls_io_write_buffered(gnutls_session_t session, if (session->internals._gnutls_push_func == NULL) { - i = send(GNUTLS_POINTER_TO_INT (fd), &ptr[n - left], left, 0); + i = send (GNUTLS_POINTER_TO_INT (fd), &ptr[n - left], left, 0); #if HAVE_WINSOCK if (i < 0) { int tmperr = WSAGetLastError (); switch (tmperr) { - case WSAEWOULDBLOCK: + case WSAEWOULDBLOCK: session->internals.errnum = EAGAIN; break; - case WSAEINTR: + case WSAEINTR: session->internals.errnum = EINTR; break; - default: + default: session->internals.errnum = EIO; break; } @@ -786,19 +791,20 @@ ssize_t _gnutls_io_write_buffered(gnutls_session_t session, #endif } else - i = session->internals._gnutls_push_func(fd, &ptr[n - left], left); + i = session->internals._gnutls_push_func (fd, &ptr[n - left], left); if (i == -1) { int err = session->internals.errnum ? session->internals.errnum - : errno; + : errno; if (err == EAGAIN || err == EINTR) { session->internals.record_send_buffer_prev_size += n - left; - retval = _gnutls_buffer_insert(&session->internals. - record_send_buffer, &ptr[n - left], left); + retval = _gnutls_buffer_insert (&session->internals. + record_send_buffer, + &ptr[n - left], left); if (retval < 0) { gnutls_assert (); @@ -806,8 +812,8 @@ ssize_t _gnutls_io_write_buffered(gnutls_session_t session, } _gnutls_write_log - ("WRITE: Interrupted. Stored %d bytes to buffer. Already sent %d bytes.\n", - left, n - left); + ("WRITE: Interrupted. Stored %d bytes to buffer. Already sent %d bytes.\n", + left, n - left); if (err == EAGAIN) return GNUTLS_E_AGAIN; @@ -827,8 +833,8 @@ ssize_t _gnutls_io_write_buffered(gnutls_session_t session, char tmp[16]; _gnutls_write_log - ("WRITE: wrote %d bytes to %d. Left %d bytes. Total %d bytes.\n", - i, fd, left, n); + ("WRITE: wrote %d bytes to %d. Left %d bytes. Total %d bytes.\n", + i, fd, left, n); for (x = 0; x < (unsigned) ((i) / 16) + 1; x++) { line[0] = 0; @@ -836,15 +842,15 @@ ssize_t _gnutls_io_write_buffered(gnutls_session_t session, if (sum > n - left) break; - sprintf(tmp, "%.4x - ", x); - _gnutls_str_cat(line, sizeof (line), tmp); + sprintf (tmp, "%.4x - ", x); + _gnutls_str_cat (line, sizeof (line), tmp); for (j = 0; j < 16; j++) { if (sum < n - left) { - sprintf(tmp, "%.2x ", ((unsigned char *) ptr)[sum++]); - _gnutls_str_cat(line, sizeof (line), tmp); + sprintf (tmp, "%.2x ", ((unsigned char *) ptr)[sum++]); + _gnutls_str_cat (line, sizeof (line), tmp); } else break; @@ -867,16 +873,17 @@ ssize_t _gnutls_io_write_buffered(gnutls_session_t session, * TLS write buffer (ie. because the previous write was * interrupted. */ -ssize_t _gnutls_io_write_flush(gnutls_session_t session) +ssize_t +_gnutls_io_write_flush (gnutls_session_t session) { ssize_t ret; if (session->internals.record_send_buffer.length == 0) - return 0; /* done */ + return 0; /* done */ - ret = _gnutls_io_write_buffered(session, NULL, 0); + ret = _gnutls_io_write_buffered (session, NULL, 0); _gnutls_write_log ("WRITE FLUSH: %d [buffer: %d]\n", ret, - session->internals.record_send_buffer.length); + session->internals.record_send_buffer.length); return ret; } @@ -885,10 +892,11 @@ ssize_t _gnutls_io_write_flush(gnutls_session_t session) * Handshake write buffer (ie. because the previous write was * interrupted. */ -ssize_t _gnutls_handshake_io_write_flush(gnutls_session_t session) +ssize_t +_gnutls_handshake_io_write_flush (gnutls_session_t session) { ssize_t ret; - ret = _gnutls_handshake_io_send_int(session, 0, 0, NULL, 0); + ret = _gnutls_handshake_io_send_int (session, 0, 0, NULL, 0); if (ret < 0) { gnutls_assert (); @@ -909,11 +917,11 @@ ssize_t _gnutls_handshake_io_write_flush(gnutls_session_t session) /* This is a send function for the gnutls handshake * protocol. Just makes sure that all data have been sent. */ -ssize_t _gnutls_handshake_io_send_int(gnutls_session_t session, - content_type_t type, - gnutls_handshake_description_t htype, - const void *iptr, - size_t n) +ssize_t +_gnutls_handshake_io_send_int (gnutls_session_t session, + content_type_t type, + gnutls_handshake_description_t htype, + const void *iptr, size_t n) { size_t left; ssize_t ret = 0; @@ -928,8 +936,9 @@ ssize_t _gnutls_handshake_io_send_int(gnutls_session_t session, /* resuming previously interrupted write */ gnutls_assert (); - ret = _gnutls_buffer_get(&session->internals.handshake_send_buffer, &ptr, - &n); + ret = + _gnutls_buffer_get (&session->internals.handshake_send_buffer, &ptr, + &n); if (ret < 0) { gnutls_assert (); @@ -951,11 +960,11 @@ ssize_t _gnutls_handshake_io_send_int(gnutls_session_t session, size_t sum = 0, x, j; _gnutls_write_log ("HWRITE: will write %d bytes to %d.\n", n, - gnutls_transport_get_ptr (session)); + gnutls_transport_get_ptr (session)); for (x = 0; x < ((n) / 16) + 1; x++) { - if (sum> n) - break; + if (sum > n) + break; _gnutls_write_log ("%.4x - ", x); for (j = 0; j < 16; j++) @@ -965,7 +974,7 @@ ssize_t _gnutls_handshake_io_send_int(gnutls_session_t session, _gnutls_write_log ("%.2x ", ((unsigned char *) ptr)[sum++]); } else - break; + break; } _gnutls_write_log ("\n"); } @@ -974,7 +983,7 @@ ssize_t _gnutls_handshake_io_send_int(gnutls_session_t session, #endif if (n == 0) - { /* if we have no data to send */ + { /* if we have no data to send */ gnutls_assert (); return 0; } @@ -987,7 +996,7 @@ ssize_t _gnutls_handshake_io_send_int(gnutls_session_t session, left = n; while (left > 0) { - ret = _gnutls_send_int(session, type, htype, &ptr[n - left], left); + ret = _gnutls_send_int (session, type, htype, &ptr[n - left], left); if (ret <= 0) { @@ -1002,8 +1011,9 @@ ssize_t _gnutls_handshake_io_send_int(gnutls_session_t session, { gnutls_assert (); - retval = _gnutls_buffer_insert(&session->internals. - handshake_send_buffer, &ptr[n - left], left); + retval = _gnutls_buffer_insert (&session->internals. + handshake_send_buffer, + &ptr[n - left], left); if (retval < 0) { gnutls_assert (); @@ -1040,11 +1050,11 @@ ssize_t _gnutls_handshake_io_send_int(gnutls_session_t session, /* This is a receive function for the gnutls handshake * protocol. Makes sure that we have received all data. */ -ssize_t _gnutls_handshake_io_recv_int(gnutls_session_t session, - content_type_t type, - gnutls_handshake_description_t htype, - void *iptr, - size_t sizeOfPtr) +ssize_t +_gnutls_handshake_io_recv_int (gnutls_session_t session, + content_type_t type, + gnutls_handshake_description_t htype, + void *iptr, size_t sizeOfPtr) { size_t left; ssize_t i; @@ -1068,20 +1078,21 @@ ssize_t _gnutls_handshake_io_recv_int(gnutls_session_t session, /* if requested less data then return it. */ gnutls_assert (); - memcpy(iptr, session->internals.handshake_recv_buffer.data, sizeOfPtr); + memcpy (iptr, session->internals.handshake_recv_buffer.data, + sizeOfPtr); session->internals.handshake_recv_buffer.length -= sizeOfPtr; - memmove(session->internals.handshake_recv_buffer.data, + memmove (session->internals.handshake_recv_buffer.data, &session->internals.handshake_recv_buffer. - data[sizeOfPtr], - session->internals.handshake_recv_buffer.length); + data[sizeOfPtr], + session->internals.handshake_recv_buffer.length); return sizeOfPtr; } gnutls_assert (); - memcpy(iptr, session->internals.handshake_recv_buffer.data, - session->internals.handshake_recv_buffer.length); + memcpy (iptr, session->internals.handshake_recv_buffer.data, + session->internals.handshake_recv_buffer.length); htype = session->internals.handshake_recv_buffer_htype; type = session->internals.handshake_recv_buffer_type; @@ -1094,7 +1105,7 @@ ssize_t _gnutls_handshake_io_recv_int(gnutls_session_t session, while (left > 0) { dsize = sizeOfPtr - left; - i = _gnutls_recv_int(session, type, htype, &ptr[dsize], left); + i = _gnutls_recv_int (session, type, htype, &ptr[dsize], left); if (i < 0) { @@ -1103,15 +1114,16 @@ ssize_t _gnutls_handshake_io_recv_int(gnutls_session_t session, gnutls_assert (); session->internals.handshake_recv_buffer.data - = gnutls_realloc_fast(session->internals. - handshake_recv_buffer.data, dsize); + = gnutls_realloc_fast (session->internals. + handshake_recv_buffer.data, dsize); if (session->internals.handshake_recv_buffer.data == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - memcpy(session->internals.handshake_recv_buffer.data, iptr, dsize); + memcpy (session->internals.handshake_recv_buffer.data, iptr, + dsize); session->internals.handshake_recv_buffer_htype = htype; session->internals.handshake_recv_buffer_type = type; @@ -1128,7 +1140,7 @@ ssize_t _gnutls_handshake_io_recv_int(gnutls_session_t session, else { if (i == 0) - break; /* EOF */ + break; /* EOF */ } left -= i; @@ -1144,21 +1156,22 @@ ssize_t _gnutls_handshake_io_recv_int(gnutls_session_t session, * for finished messages to use them. Used in HMAC calculation * and finished messages. */ -int _gnutls_handshake_buffer_put(gnutls_session_t session, - opaque * data, - size_t length) +int +_gnutls_handshake_buffer_put (gnutls_session_t session, + opaque * data, size_t length) { if (length == 0) return 0; if ((session->internals.max_handshake_data_buffer_size > 0) && ((length - + session-> - internals. - handshake_hash_buffer. - length) > session-> - internals. - max_handshake_data_buffer_size)) + + session-> + internals. + handshake_hash_buffer. + length) > + session-> + internals. + max_handshake_data_buffer_size)) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; @@ -1167,7 +1180,7 @@ int _gnutls_handshake_buffer_put(gnutls_session_t session, _gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data\n", length); if (_gnutls_buffer_append (&session->internals.handshake_hash_buffer, data, - length) < 0) + length) < 0) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; @@ -1176,7 +1189,8 @@ int _gnutls_handshake_buffer_put(gnutls_session_t session, return 0; } -int _gnutls_handshake_buffer_get_size(gnutls_session_t session) +int +_gnutls_handshake_buffer_get_size (gnutls_session_t session) { return session->internals.handshake_hash_buffer.length; @@ -1185,9 +1199,9 @@ int _gnutls_handshake_buffer_get_size(gnutls_session_t session) /* this function does not touch the buffer * and returns data from it (peek mode!) */ -int _gnutls_handshake_buffer_peek(gnutls_session_t session, - opaque * data, - size_t length) +int +_gnutls_handshake_buffer_peek (gnutls_session_t session, + opaque * data, size_t length) { if (length > session->internals.handshake_hash_buffer.length) { @@ -1196,16 +1210,16 @@ int _gnutls_handshake_buffer_peek(gnutls_session_t session, _gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", length); - memcpy(data, session->internals.handshake_hash_buffer.data, length); + memcpy (data, session->internals.handshake_hash_buffer.data, length); return length; } /* this function does not touch the buffer * and returns data from it (peek mode!) */ -int _gnutls_handshake_buffer_get_ptr(gnutls_session_t session, - opaque ** data_ptr, - size_t * length) +int +_gnutls_handshake_buffer_get_ptr (gnutls_session_t session, + opaque ** data_ptr, size_t * length) { if (length != NULL) *length = session->internals.handshake_hash_buffer.length; @@ -1220,7 +1234,8 @@ int _gnutls_handshake_buffer_get_ptr(gnutls_session_t session, /* Does not free the buffer */ -int _gnutls_handshake_buffer_empty(gnutls_session_t session) +int +_gnutls_handshake_buffer_empty (gnutls_session_t session) { _gnutls_buffers_log ("BUF[HSK]: Emptied buffer\n"); @@ -1230,7 +1245,8 @@ int _gnutls_handshake_buffer_empty(gnutls_session_t session) return 0; } -int _gnutls_handshake_buffer_clear(gnutls_session_t session) +int +_gnutls_handshake_buffer_clear (gnutls_session_t session) { _gnutls_buffers_log ("BUF[HSK]: Cleared Data from buffer\n"); diff --git a/src/daemon/https/tls/gnutls_cert.c b/src/daemon/https/tls/gnutls_cert.c @@ -453,14 +453,14 @@ _gnutls_openpgp_crt_verify_peers (gnutls_session_t session, gnutls_certificate_credentials_t cred; int peer_certificate_list_size, ret; - CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); + CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); info = _gnutls_get_auth_info (session); if (info == NULL) return GNUTLS_E_INVALID_REQUEST; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -537,7 +537,7 @@ gnutls_certificate_verify_peers2 (gnutls_session_t session, { cert_auth_info_t info; - CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); + CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); info = _gnutls_get_auth_info (session); if (info == NULL) @@ -550,9 +550,9 @@ gnutls_certificate_verify_peers2 (gnutls_session_t session, switch (gnutls_certificate_type_get (session)) { - case GNUTLS_CRT_X509: + case MHD_GNUTLS_CRT_X509: return _gnutls_x509_cert_verify_peers (session, status); - case GNUTLS_CRT_OPENPGP: + case MHD_GNUTLS_CRT_OPENPGP: return _gnutls_openpgp_crt_verify_peers (session, status); default: return GNUTLS_E_INVALID_REQUEST; @@ -606,7 +606,7 @@ gnutls_certificate_expiration_time_peers (gnutls_session_t session) { cert_auth_info_t info; - CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); + CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); info = _gnutls_get_auth_info (session); if (info == NULL) @@ -622,11 +622,11 @@ gnutls_certificate_expiration_time_peers (gnutls_session_t session) switch (gnutls_certificate_type_get (session)) { - case GNUTLS_CRT_X509: + case MHD_GNUTLS_CRT_X509: return _gnutls_x509_get_raw_crt_expiration_time (&info-> raw_certificate_list [0]); - case GNUTLS_CRT_OPENPGP: + case MHD_GNUTLS_CRT_OPENPGP: if (_E_gnutls_openpgp_get_raw_key_expiration_time == NULL) return (time_t) - 1; return _E_gnutls_openpgp_get_raw_key_expiration_time (&info-> @@ -651,7 +651,7 @@ gnutls_certificate_activation_time_peers (gnutls_session_t session) { cert_auth_info_t info; - CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); + CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); info = _gnutls_get_auth_info (session); if (info == NULL) @@ -667,11 +667,11 @@ gnutls_certificate_activation_time_peers (gnutls_session_t session) switch (gnutls_certificate_type_get (session)) { - case GNUTLS_CRT_X509: + case MHD_GNUTLS_CRT_X509: return _gnutls_x509_get_raw_crt_activation_time (&info-> raw_certificate_list [0]); - case GNUTLS_CRT_OPENPGP: + case MHD_GNUTLS_CRT_OPENPGP: if (_E_gnutls_openpgp_get_raw_key_creation_time == NULL) return (time_t) - 1; return _E_gnutls_openpgp_get_raw_key_creation_time (&info-> @@ -690,9 +690,9 @@ _gnutls_raw_cert_to_gcert (gnutls_cert * gcert, { switch (type) { - case GNUTLS_CRT_X509: + case MHD_GNUTLS_CRT_X509: return _gnutls_x509_raw_cert_to_gcert (gcert, raw_cert, flags); - case GNUTLS_CRT_OPENPGP: + case MHD_GNUTLS_CRT_OPENPGP: if (_E_gnutls_openpgp_raw_key_to_gcert == NULL) { gnutls_assert (); @@ -713,9 +713,9 @@ _gnutls_raw_privkey_to_gkey (gnutls_privkey * key, { switch (type) { - case GNUTLS_CRT_X509: + case MHD_GNUTLS_CRT_X509: return _gnutls_x509_raw_privkey_to_gkey (key, raw_key, key_enc); - case GNUTLS_CRT_OPENPGP: + case MHD_GNUTLS_CRT_OPENPGP: if (_E_gnutls_openpgp_raw_privkey_to_gkey == NULL) { gnutls_assert (); @@ -778,7 +778,7 @@ _gnutls_x509_crt_to_gcert (gnutls_cert * gcert, int ret = 0; memset (gcert, 0, sizeof (gnutls_cert)); - gcert->cert_type = GNUTLS_CRT_X509; + gcert->cert_type = MHD_GNUTLS_CRT_X509; if (!(flags & CERT_NO_COPY)) { diff --git a/src/daemon/https/tls/gnutls_cipher.c b/src/daemon/https/tls/gnutls_cipher.c @@ -45,7 +45,7 @@ inline static int is_write_comp_null (gnutls_session_t session) { if (session->security_parameters.write_compression_algorithm == - GNUTLS_COMP_NULL) + MHD_GNUTLS_COMP_NULL) return 0; return 1; @@ -55,7 +55,7 @@ inline static int is_read_comp_null (gnutls_session_t session) { if (session->security_parameters.read_compression_algorithm == - GNUTLS_COMP_NULL) + MHD_GNUTLS_COMP_NULL) return 0; return 1; @@ -64,7 +64,7 @@ is_read_comp_null (gnutls_session_t session) /* returns ciphertext which contains the headers too. This also * calculates the size in the header field. - * + * * If random pad != 0 then the random pad data will be appended. */ int @@ -88,7 +88,7 @@ _gnutls_encrypt (gnutls_session_t session, const opaque * headers, } else { - /* Here comp is allocated and must be + /* Here comp is allocated and must be * freed. */ ret = _gnutls_m_plaintext2compressed (session, &comp, &plain); @@ -199,10 +199,10 @@ mac_init (gnutls_mac_algorithm_t mac, opaque * secret, int secret_size, { mac_hd_t td; - if (mac == GNUTLS_MAC_NULL) + if (mac == MHD_GNUTLS_MAC_NULL) return GNUTLS_MAC_FAILED; - if (ver == GNUTLS_SSL3) + if (ver == MHD_GNUTLS_SSL3) { /* SSL 3.0 */ td = _gnutls_mac_init_ssl3 (mac, secret, secret_size); } @@ -217,7 +217,7 @@ mac_init (gnutls_mac_algorithm_t mac, opaque * secret, int secret_size, inline static void mac_deinit (mac_hd_t td, opaque * res, int ver) { - if (ver == GNUTLS_SSL3) + if (ver == MHD_GNUTLS_SSL3) { /* SSL 3.0 */ _gnutls_mac_deinit_ssl3 (td, res); } @@ -251,7 +251,7 @@ calc_enc_length (gnutls_session_t session, int data_size, } /* make rnd a multiple of blocksize */ - if (session->security_parameters.version == GNUTLS_SSL3 || + if (session->security_parameters.version == MHD_GNUTLS_SSL3 || random_pad == 0) { rnd = 0; @@ -271,7 +271,7 @@ calc_enc_length (gnutls_session_t session, int data_size, *pad = (uint8_t) (blocksize - (length % blocksize)) + rnd; length += *pad; - if (session->security_parameters.version >= GNUTLS_TLS1_1) + if (session->security_parameters.version >= MHD_GNUTLS_TLS1_1) length += blocksize; /* for the IV */ break; @@ -283,7 +283,7 @@ calc_enc_length (gnutls_session_t session, int data_size, return length; } -/* This is the actual encryption +/* This is the actual encryption * Encrypts the given compressed datum, and puts the result to cipher_data, * which has cipher_size size. * return the actual encrypted data length. @@ -325,7 +325,8 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, session->connection_state.write_mac_secret.size, ver); if (td == GNUTLS_MAC_FAILED - && session->security_parameters.write_mac_algorithm != GNUTLS_MAC_NULL) + && session->security_parameters.write_mac_algorithm != + MHD_GNUTLS_MAC_NULL) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; @@ -340,7 +341,7 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, write_sequence_number), 8); _gnutls_hmac (td, &type, 1); - if (ver >= GNUTLS_TLS1) + if (ver >= MHD_GNUTLS_TLS1_0) { /* TLS 1.0 or higher */ _gnutls_hmac (td, &major, 1); _gnutls_hmac (td, &minor, 1); @@ -372,7 +373,7 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, data_ptr = cipher_data; if (block_algo == CIPHER_BLOCK && - session->security_parameters.version >= GNUTLS_TLS1_1) + session->security_parameters.version >= MHD_GNUTLS_TLS1_1) { /* copy the random IV. */ @@ -440,14 +441,15 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, blocksize = _gnutls_cipher_get_block_size (session->security_parameters. read_bulk_cipher_algorithm); - /* initialize MAC + /* initialize MAC */ td = mac_init (session->security_parameters.read_mac_algorithm, session->connection_state.read_mac_secret.data, session->connection_state.read_mac_secret.size, ver); if (td == GNUTLS_MAC_FAILED - && session->security_parameters.read_mac_algorithm != GNUTLS_MAC_NULL) + && session->security_parameters.read_mac_algorithm != + MHD_GNUTLS_MAC_NULL) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; @@ -490,7 +492,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, /* ignore the IV in TLS 1.1. */ - if (session->security_parameters.version >= GNUTLS_TLS1_1) + if (session->security_parameters.version >= MHD_GNUTLS_TLS1_1) { ciphertext.size -= blocksize; ciphertext.data += blocksize; @@ -517,7 +519,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, /* Check the pading bytes (TLS 1.x) */ - if (ver >= GNUTLS_TLS1 && pad_failed == 0) + if (ver >= MHD_GNUTLS_TLS1_0 && pad_failed == 0) for (i = 2; i < pad; i++) { if (ciphertext.data[ciphertext.size - i] != @@ -544,7 +546,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, read_sequence_number), 8); _gnutls_hmac (td, &type, 1); - if (ver >= GNUTLS_TLS1) + if (ver >= MHD_GNUTLS_TLS1_0) { /* TLS 1.x */ _gnutls_hmac (td, &major, 1); _gnutls_hmac (td, &minor, 1); @@ -563,7 +565,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, if (pad_failed != 0) return pad_failed; - /* HMAC was not the same. + /* HMAC was not the same. */ if (memcmp (MAC, &ciphertext.data[length], hash_size) != 0) { diff --git a/src/daemon/https/tls/gnutls_cipher_int.c b/src/daemon/https/tls/gnutls_cipher_int.c @@ -36,40 +36,40 @@ _gnutls_cipher_init (gnutls_cipher_algorithm_t cipher, switch (cipher) { - case GNUTLS_CIPHER_AES_128_CBC: + case MHD_GNUTLS_CIPHER_AES_128_CBC: err = gc_cipher_open (GC_AES128, GC_CBC, &ret); break; - case GNUTLS_CIPHER_AES_256_CBC: + case MHD_GNUTLS_CIPHER_AES_256_CBC: err = gc_cipher_open (GC_AES256, GC_CBC, &ret); break; - case GNUTLS_CIPHER_3DES_CBC: + case MHD_GNUTLS_CIPHER_3DES_CBC: err = gc_cipher_open (GC_3DES, GC_CBC, &ret); break; - case GNUTLS_CIPHER_DES_CBC: + case MHD_GNUTLS_CIPHER_DES_CBC: err = gc_cipher_open (GC_DES, GC_CBC, &ret); break; - case GNUTLS_CIPHER_ARCFOUR_128: + case MHD_GNUTLS_CIPHER_ARCFOUR_128: err = gc_cipher_open (GC_ARCFOUR128, GC_STREAM, &ret); break; - case GNUTLS_CIPHER_ARCFOUR_40: + case MHD_GNUTLS_CIPHER_ARCFOUR_40: err = gc_cipher_open (GC_ARCFOUR40, GC_STREAM, &ret); break; - case GNUTLS_CIPHER_RC2_40_CBC: + case MHD_GNUTLS_CIPHER_RC2_40_CBC: err = gc_cipher_open (GC_ARCTWO40, GC_CBC, &ret); break; #ifdef ENABLE_CAMELLIA - case GNUTLS_CIPHER_CAMELLIA_128_CBC: + case MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC: err = gc_cipher_open (GC_CAMELLIA128, GC_CBC, &ret); break; - case GNUTLS_CIPHER_CAMELLIA_256_CBC: + case MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC: err = gc_cipher_open (GC_CAMELLIA256, GC_CBC, &ret); break; #endif @@ -84,7 +84,7 @@ _gnutls_cipher_init (gnutls_cipher_algorithm_t cipher, if (iv->data != NULL && iv->size > 0) gc_cipher_setiv (ret, iv->size, iv->data); } - else if (cipher != GNUTLS_CIPHER_NULL) + else if (cipher != MHD_GNUTLS_CIPHER_NULL) { gnutls_assert (); _gnutls_x509_log ("Crypto cipher[%d] error: %d\n", cipher, err); diff --git a/src/daemon/https/tls/gnutls_compress_int.c b/src/daemon/https/tls/gnutls_compress_int.c @@ -48,7 +48,7 @@ _gnutls_comp_init (gnutls_compression_method_t method, int d) switch (method) { #ifdef HAVE_LIBZ - case GNUTLS_COMP_DEFLATE: + case MHD_GNUTLS_COMP_DEFLATE: { int window_bits, mem_level; int comp_level; @@ -88,7 +88,7 @@ _gnutls_comp_init (gnutls_compression_method_t method, int d) break; } #endif - case GNUTLS_COMP_NULL: + case MHD_GNUTLS_COMP_NULL: break; } return ret; @@ -109,7 +109,7 @@ _gnutls_comp_deinit (comp_hd_t handle, int d) switch (handle->algo) { #ifdef HAVE_LIBZ - case GNUTLS_COMP_DEFLATE: + case MHD_GNUTLS_COMP_DEFLATE: if (d) err = inflateEnd (handle->handle); else @@ -147,7 +147,7 @@ _gnutls_compress (comp_hd_t handle, const opaque * plain, { #ifdef HAVE_LIBZ - case GNUTLS_COMP_DEFLATE: + case MHD_GNUTLS_COMP_DEFLATE: { uLongf size; z_stream *zhandle; @@ -228,7 +228,7 @@ _gnutls_decompress (comp_hd_t handle, opaque * compressed, switch (handle->algo) { #ifdef HAVE_LIBZ - case GNUTLS_COMP_DEFLATE: + case MHD_GNUTLS_COMP_DEFLATE: { uLongf out_size; z_stream *zhandle; diff --git a/src/daemon/https/tls/gnutls_constate.c b/src/daemon/https/tls/gnutls_constate.c @@ -96,7 +96,7 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size, memcpy (&rrnd[TLS_RANDOM_SIZE], session->security_parameters.server_random, TLS_RANDOM_SIZE); - if (session->security_parameters.version == GNUTLS_SSL3) + if (session->security_parameters.version == MHD_GNUTLS_SSL3) { /* SSL 3 */ ret = _gnutls_ssl3_generate_random (session-> @@ -189,7 +189,7 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size, /* generate the final keys */ - if (session->security_parameters.version == GNUTLS_SSL3) + if (session->security_parameters.version == MHD_GNUTLS_SSL3) { /* SSL 3 */ ret = _gnutls_ssl3_hash_md5 (&key_block[pos], @@ -221,7 +221,7 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size, client_write_key_size = EXPORT_FINAL_KEY_SIZE; pos += key_size; - if (session->security_parameters.version == GNUTLS_SSL3) + if (session->security_parameters.version == MHD_GNUTLS_SSL3) { /* SSL 3 */ ret = _gnutls_ssl3_hash_md5 (&key_block[pos], key_size, @@ -323,7 +323,7 @@ _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size, return GNUTLS_E_MEMORY_ERROR; } - if (session->security_parameters.version == GNUTLS_SSL3) + if (session->security_parameters.version == MHD_GNUTLS_SSL3) { /* SSL 3 */ ret = _gnutls_ssl3_hash_md5 ("", 0, rrnd, TLS_RANDOM_SIZE * 2, @@ -596,7 +596,7 @@ _gnutls_read_connection_state_init (gnutls_session_t session) if (session->connection_state.read_cipher_state == GNUTLS_CIPHER_FAILED && session->security_parameters. - read_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) + read_bulk_cipher_algorithm != MHD_GNUTLS_CIPHER_NULL) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; @@ -633,7 +633,7 @@ _gnutls_read_connection_state_init (gnutls_session_t session) if (session->connection_state.read_cipher_state == GNUTLS_CIPHER_FAILED && session->security_parameters. - read_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) + read_bulk_cipher_algorithm != MHD_GNUTLS_CIPHER_NULL) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; @@ -788,7 +788,7 @@ _gnutls_write_connection_state_init (gnutls_session_t session) if (session->connection_state.write_cipher_state == GNUTLS_CIPHER_FAILED && session->security_parameters. - write_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) + write_bulk_cipher_algorithm != MHD_GNUTLS_CIPHER_NULL) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; @@ -827,7 +827,7 @@ _gnutls_write_connection_state_init (gnutls_session_t session) if (session->connection_state.write_cipher_state == GNUTLS_CIPHER_FAILED && session->security_parameters. - write_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) + write_bulk_cipher_algorithm != MHD_GNUTLS_CIPHER_NULL) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; diff --git a/src/daemon/https/tls/gnutls_global.c b/src/daemon/https/tls/gnutls_global.c @@ -35,7 +35,7 @@ #include "internal.h" /* TODO fix : needed by GCRY_THREAD_OPTION_PTHREAD_IMPL but missing otherwise */ -#define ENOMEM 12 /* Out of memory */ +#define ENOMEM 12 /* Out of memory */ #ifdef HAVE_WINSOCK # include <winsock2.h> @@ -53,7 +53,7 @@ extern const ASN1_ARRAY_TYPE gnutls_asn1_tab[]; extern const ASN1_ARRAY_TYPE pkix_asn1_tab[]; LOG_FUNC _gnutls_log_func; -int _gnutls_log_level = 0; /* default log level */ +int _gnutls_log_level = 0; /* default log level */ ASN1_TYPE _gnutls_pkix1_asn; ASN1_TYPE _gnutls_gnutls_asn; @@ -148,7 +148,7 @@ gnutls_global_set_mem_functions (gnutls_alloc_function alloc_func, gnutls_calloc = calloc; } else - { /* use the included ones */ + { /* use the included ones */ gnutls_calloc = _gnutls_calloc; } gnutls_strdup = _gnutls_strdup; @@ -237,20 +237,20 @@ gnutls_global_init (void) const char *p; /* to enable multi-threading this call must precede any other call made to libgcrypt */ - gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); + gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); /* set p to point at the required version of gcrypt */ - p = strchr(MHD_GCRYPT_VERSION, ':'); + p = strchr (MHD_GCRYPT_VERSION, ':'); if (p == NULL) p = MHD_GCRYPT_VERSION; else p++; /* this call initializes libgcrypt */ - if (gcry_check_version(p) == NULL) + if (gcry_check_version (p) == NULL) { - gnutls_assert(); - _gnutls_debug_log("Checking for libgcrypt failed '%s'\n", p); + gnutls_assert (); + _gnutls_debug_log ("Checking for libgcrypt failed '%s'\n", p); return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY; } @@ -279,17 +279,17 @@ gnutls_global_init (void) } #ifdef DEBUG - gnutls_global_set_log_function(MHD_tls_log_func); + gnutls_global_set_log_function (MHD_tls_log_func); #endif /* initialize parser * This should not deal with files in the final * version. */ - res = asn1_array2tree(pkix_asn1_tab, &_gnutls_pkix1_asn, NULL); + res = asn1_array2tree (pkix_asn1_tab, &_gnutls_pkix1_asn, NULL); if (res != ASN1_SUCCESS) { - result = _gnutls_asn2err(res); + result = _gnutls_asn2err (res); return result; } @@ -376,30 +376,3 @@ gnutls_transport_set_push_function (gnutls_session_t session, { session->internals._gnutls_push_func = push_func; } - -#include <strverscmp.h> - -/** - * gnutls_check_version - This function checks the library's version - * @req_version: the version to check - * - * Check that the version of the library is at minimum the requested one - * and return the version string; return NULL if the condition is not - * satisfied. If a NULL is passed to this function, no check is done, - * but the version string is simply returned. - * - * See %LIBGNUTLS_VERSION for a suitable @req_version string. - * - * Return value: Version string of run-time library, or NULL if the - * run-time library does not meet the required version number. If - * %NULL is passed to this function no check is done and only the - * version string is returned. - **/ -const char * -gnutls_check_version (const char *req_version) -{ - if (!req_version || strverscmp (req_version, VERSION) <= 0) - return VERSION; - - return NULL; -} diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c @@ -198,7 +198,7 @@ _gnutls_finished (gnutls_session_t session, int type, void *ret) mac_hd_t td_sha; gnutls_protocol_t ver = gnutls_protocol_get_version (session); - if (ver < GNUTLS_TLS1_2) + if (ver < MHD_GNUTLS_TLS1_2) { td_md5 = _gnutls_hash_copy (session->internals.handshake_mac_handle_md5); @@ -217,7 +217,7 @@ _gnutls_finished (gnutls_session_t session, int type, void *ret) return GNUTLS_E_HASH_FAILED; } - if (ver < GNUTLS_TLS1_2) + if (ver < MHD_GNUTLS_TLS1_2) { _gnutls_hash_deinit (td_md5, concat); _gnutls_hash_deinit (td_sha, &concat[16]); @@ -283,7 +283,7 @@ _gnutls_negotiate_version (gnutls_session_t session, * then we send him the highest we support. */ ret = _gnutls_version_max (session); - if (ret == GNUTLS_VERSION_UNKNOWN) + if (ret == MHD_GNUTLS_VERSION_UNKNOWN) { /* this check is not really needed. */ @@ -423,7 +423,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, /* Parse the extensions (if any) */ - if (neg_version >= GNUTLS_TLS1) + if (neg_version >= MHD_GNUTLS_TLS1_0) { ret = _gnutls_parse_extensions (session, EXTENSION_APPLICATION, &data[pos], len); /* len is the rest of the parsed length */ if (ret < 0) @@ -440,7 +440,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, return ret; } - if (neg_version >= GNUTLS_TLS1) + if (neg_version >= MHD_GNUTLS_TLS1_0) { ret = _gnutls_parse_extensions (session, EXTENSION_TLS, &data[pos], len); /* len is the rest of the parsed length */ if (ret < 0) @@ -530,7 +530,7 @@ _gnutls_send_finished (gnutls_session_t session, int again) return ret; } - if (gnutls_protocol_get_version (session) == GNUTLS_SSL3) + if (gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) { ret = _gnutls_ssl3_finished (session, @@ -582,7 +582,7 @@ _gnutls_recv_finished (gnutls_session_t session) } - if (gnutls_protocol_get_version (session) == GNUTLS_SSL3) + if (gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) { data_size = 36; } @@ -598,7 +598,7 @@ _gnutls_recv_finished (gnutls_session_t session) return GNUTLS_E_ERROR_IN_FINISHED_PACKET; } - if (gnutls_protocol_get_version (session) == GNUTLS_SSL3) + if (gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) { ret = _gnutls_ssl3_finished (session, @@ -653,7 +653,7 @@ _gnutls_server_find_pk_algos_in_ciphersuites (const opaque * memcpy (&cs.suite, &data[j], 2); kx = _gnutls_cipher_suite_get_kx_algo (&cs); - if (_gnutls_map_kx_get_cred (kx, 1) == GNUTLS_CRD_CERTIFICATE) + if (_gnutls_map_kx_get_cred (kx, 1) == MHD_GNUTLS_CRD_CERTIFICATE) { algo = _gnutls_map_pk_get_pk (kx); @@ -848,7 +848,7 @@ _gnutls_server_select_comp_method (gnutls_session_t session, /* This function sends an empty handshake packet. (like hello request). * If the previous _gnutls_send_empty_handshake() returned - * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again + * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again * (until it returns ok), with NULL parameters. */ int @@ -1536,7 +1536,7 @@ _gnutls_read_server_hello (gnutls_session_t session, /* Parse extensions. */ - if (version >= GNUTLS_TLS1) + if (version >= MHD_GNUTLS_TLS1_0) { ret = _gnutls_parse_extensions (session, EXTENSION_ANY, &data[pos], len); /* len is the rest of the parsed length */ if (ret < 0) @@ -1711,7 +1711,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) hver = session->internals.resumed_security_parameters.version; } - if (hver == GNUTLS_VERSION_UNKNOWN || hver == 0) + if (hver == MHD_GNUTLS_VERSION_UNKNOWN || hver == 0) { gnutls_assert (); gnutls_free (data); @@ -1815,7 +1815,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) /* Generate and copy TLS extensions. */ - if (hver >= GNUTLS_TLS1) + if (hver >= MHD_GNUTLS_TLS1_0) { extdatalen = _gnutls_gen_extensions (session, extdata, sizeof (extdata)); @@ -2105,7 +2105,7 @@ _gnutls_handshake_hash_init (gnutls_session_t session) if (session->internals.handshake_mac_handle_md5 == NULL) { session->internals.handshake_mac_handle_md5 = - _gnutls_hash_init (GNUTLS_MAC_MD5); + _gnutls_hash_init (MHD_GNUTLS_MAC_MD5); if (session->internals.handshake_mac_handle_md5 == GNUTLS_HASH_FAILED) { @@ -2117,7 +2117,7 @@ _gnutls_handshake_hash_init (gnutls_session_t session) if (session->internals.handshake_mac_handle_sha == NULL) { session->internals.handshake_mac_handle_sha = - _gnutls_hash_init (GNUTLS_MAC_SHA1); + _gnutls_hash_init (MHD_GNUTLS_MAC_SHA1); if (session->internals.handshake_mac_handle_sha == GNUTLS_HASH_FAILED) { gnutls_assert (); @@ -2717,7 +2717,7 @@ check_server_params (gnutls_session_t session, /* Read the Diffie Hellman parameters, if any. */ - if (cred_type == GNUTLS_CRD_CERTIFICATE) + if (cred_type == MHD_GNUTLS_CRD_CERTIFICATE) { int delete; gnutls_certificate_credentials_t x509_cred = @@ -2753,7 +2753,7 @@ check_server_params (gnutls_session_t session, #ifdef ENABLE_ANON } - else if (cred_type == GNUTLS_CRD_ANON) + else if (cred_type == MHD_GNUTLS_CRD_ANON) { gnutls_anon_server_credentials_t anon_cred = (gnutls_anon_server_credentials_t) _gnutls_get_cred (session->key, @@ -2768,7 +2768,7 @@ check_server_params (gnutls_session_t session, #endif #ifdef ENABLE_PSK } - else if (cred_type == GNUTLS_CRD_PSK) + else if (cred_type == MHD_GNUTLS_CRD_PSK) { gnutls_psk_server_credentials_t psk_cred = (gnutls_psk_server_credentials_t) _gnutls_get_cred (session->key, @@ -2843,7 +2843,7 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, cert_cred = (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key, - GNUTLS_CRD_CERTIFICATE, + MHD_GNUTLS_CRD_CERTIFICATE, NULL); /* If there are certificate credentials, find an appropriate certificate @@ -2909,9 +2909,9 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, (see cred_mappings in gnutls_algorithms.c), but it also requires a SRP credential. Don't use SRP kx unless we have a SRP credential too. */ - if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS) + if (kx == MHD_GNUTLS_KX_SRP_RSA || kx == MHD_GNUTLS_KX_SRP_DSS) { - if (!_gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL)) + if (!_gnutls_get_cred (session->key, MHD_GNUTLS_CRD_SRP, NULL)) delete = 1; } diff --git a/src/daemon/https/tls/gnutls_hash_int.c b/src/daemon/https/tls/gnutls_hash_int.c @@ -35,16 +35,16 @@ _gnutls_mac2gc (gnutls_mac_algorithm_t mac) { switch (mac) { - case GNUTLS_MAC_NULL: + case MHD_GNUTLS_MAC_NULL: return -1; break; - case GNUTLS_MAC_SHA1: + case MHD_GNUTLS_MAC_SHA1: return GC_SHA1; break; - case GNUTLS_MAC_SHA256: + case MHD_GNUTLS_MAC_SHA256: return GC_SHA256; break; - case GNUTLS_MAC_MD5: + case MHD_GNUTLS_MAC_MD5: return GC_MD5; break; default: @@ -193,9 +193,9 @@ get_padsize (gnutls_mac_algorithm_t algorithm) { switch (algorithm) { - case GNUTLS_MAC_MD5: + case MHD_GNUTLS_MAC_MD5: return 48; - case GNUTLS_MAC_SHA1: + case MHD_GNUTLS_MAC_SHA1: return 40; default: return 0; @@ -322,7 +322,7 @@ ssl3_sha (int i, opaque * secret, int secret_len, text1[j] = 65 + i; /* A==65 */ } - td = _gnutls_hash_init (GNUTLS_MAC_SHA1); + td = _gnutls_hash_init (MHD_GNUTLS_MAC_SHA1); if (td == NULL) { gnutls_assert (); @@ -345,7 +345,7 @@ ssl3_md5 (int i, opaque * secret, int secret_len, mac_hd_t td; int ret; - td = _gnutls_hash_init (GNUTLS_MAC_MD5); + td = _gnutls_hash_init (MHD_GNUTLS_MAC_MD5); if (td == NULL) { gnutls_assert (); @@ -362,7 +362,7 @@ ssl3_md5 (int i, opaque * secret, int secret_len, return ret; } - _gnutls_hash (td, tmp, _gnutls_hash_get_algo_len (GNUTLS_MAC_SHA1)); + _gnutls_hash (td, tmp, _gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_SHA1)); _gnutls_hash_deinit (td, digest); return 0; @@ -375,9 +375,9 @@ _gnutls_ssl3_hash_md5 (void *first, int first_len, { opaque digest[MAX_HASH_SIZE]; mac_hd_t td; - int block = _gnutls_hash_get_algo_len (GNUTLS_MAC_MD5); + int block = _gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_MD5); - td = _gnutls_hash_init (GNUTLS_MAC_MD5); + td = _gnutls_hash_init (MHD_GNUTLS_MAC_MD5); if (td == NULL) { gnutls_assert (); @@ -408,7 +408,7 @@ _gnutls_ssl3_generate_random (void *secret, int secret_len, { int i = 0, copy, output_bytes; opaque digest[MAX_HASH_SIZE]; - int block = _gnutls_hash_get_algo_len (GNUTLS_MAC_MD5); + int block = _gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_MD5); int result, times; output_bytes = 0; diff --git a/src/daemon/https/tls/gnutls_int.h b/src/daemon/https/tls/gnutls_int.h @@ -28,7 +28,7 @@ #include <defines.h> #include "gnutls.h" -#include "microhttpsd.h" +#include "microhttpd.h" #include "extra.h" #include "gnutls_mem.h" diff --git a/src/daemon/https/tls/gnutls_kx.c b/src/daemon/https/tls/gnutls_kx.c @@ -71,7 +71,7 @@ generate_normal_master (gnutls_session_t session, int keep_premaster) _gnutls_bin2hex (session->security_parameters. server_random, 32, buf, sizeof (buf))); - if (gnutls_protocol_get_version (session) == GNUTLS_SSL3) + if (gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) { opaque rnd[2 * TLS_RANDOM_SIZE + 1]; @@ -502,7 +502,7 @@ _gnutls_send_client_certificate (gnutls_session_t session, int again) if (again == 0) { - if (gnutls_protocol_get_version (session) != GNUTLS_SSL3 || + if (gnutls_protocol_get_version (session) != MHD_GNUTLS_SSL3 || session->internals.selected_cert_list_length > 0) { /* TLS 1.0 or SSL 3.0 with a valid certificate @@ -523,7 +523,7 @@ _gnutls_send_client_certificate (gnutls_session_t session, int again) * no certificate alert instead of an * empty certificate. */ - if (gnutls_protocol_get_version (session) == GNUTLS_SSL3 && + if (gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3 && session->internals.selected_cert_list_length == 0) { ret = @@ -631,7 +631,7 @@ _gnutls_recv_client_certificate (gnutls_session_t session) */ if (optional == OPTIONAL_PACKET && ret == GNUTLS_E_WARNING_ALERT_RECEIVED && - gnutls_protocol_get_version (session) == GNUTLS_SSL3 && + gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3 && gnutls_alert_get (session) == GNUTLS_A_SSL3_NO_CERTIFICATE) { diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c @@ -208,29 +208,30 @@ gnutls_certificate_type_set_priority (gnutls_session_t session, #endif } -static const int protocol_priority[] = { GNUTLS_TLS1_1, - GNUTLS_TLS1_0, - GNUTLS_SSL3, +static const int protocol_priority[] = { MHD_GNUTLS_TLS1_1, + MHD_GNUTLS_TLS1_0, + MHD_GNUTLS_SSL3, 0 }; -static const int cipher_priority_secure256[] = { GNUTLS_CIPHER_AES_256_CBC, +static const int cipher_priority_secure256[] = + { MHD_GNUTLS_CIPHER_AES_256_CBC, 0 }; -static const int kx_priority_secure[] = { GNUTLS_KX_RSA, +static const int kx_priority_secure[] = { MHD_GNUTLS_KX_RSA, 0 }; -static const int mac_priority_secure[] = { GNUTLS_MAC_SHA1, +static const int mac_priority_secure[] = { MHD_GNUTLS_MAC_SHA1, 0 }; -static int cert_type_priority[] = { GNUTLS_CRT_X509, +static int cert_type_priority[] = { MHD_GNUTLS_CRT_X509, 0 }; -static const int comp_priority[] = { GNUTLS_COMP_NULL, +static const int comp_priority[] = { MHD_GNUTLS_COMP_NULL, 0 }; diff --git a/src/daemon/https/tls/gnutls_record.c b/src/daemon/https/tls/gnutls_record.c @@ -787,7 +787,7 @@ get_temp_recv_buffer (gnutls_session_t session, gnutls_datum_t * tmp) { size_t max_record_size; - if (gnutls_compression_get (session) != GNUTLS_COMP_NULL) + if (gnutls_compression_get (session) != MHD_GNUTLS_COMP_NULL) max_record_size = MAX_RECORD_RECV_SIZE + EXTRA_COMP_SIZE; else max_record_size = MAX_RECORD_RECV_SIZE; diff --git a/src/daemon/https/tls/gnutls_rsa_export.c b/src/daemon/https/tls/gnutls_rsa_export.c @@ -264,7 +264,7 @@ gnutls_rsa_params_cpy (gnutls_rsa_params_t dst, gnutls_rsa_params_t src) int gnutls_rsa_params_generate2 (gnutls_rsa_params_t params, unsigned int bits) { - return gnutls_x509_privkey_generate (params, GNUTLS_PK_RSA, bits, 0); + return gnutls_x509_privkey_generate (params, MHD_GNUTLS_PK_RSA, bits, 0); } /** diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c @@ -79,7 +79,7 @@ _gnutls_session_pack (gnutls_session_t session, switch (gnutls_auth_get_type (session)) { #ifdef ENABLE_SRP - case GNUTLS_CRD_SRP: + case MHD_GNUTLS_CRD_SRP: ret = pack_srp_auth_info (session, packed_session); if (ret < 0) { @@ -89,7 +89,7 @@ _gnutls_session_pack (gnutls_session_t session, break; #endif #ifdef ENABLE_PSK - case GNUTLS_CRD_PSK: + case MHD_GNUTLS_CRD_PSK: ret = pack_psk_auth_info (session, packed_session); if (ret < 0) { @@ -99,7 +99,7 @@ _gnutls_session_pack (gnutls_session_t session, break; #endif #ifdef ENABLE_ANON - case GNUTLS_CRD_ANON: + case MHD_GNUTLS_CRD_ANON: ret = pack_anon_auth_info (session, packed_session); if (ret < 0) { @@ -108,7 +108,7 @@ _gnutls_session_pack (gnutls_session_t session, } break; #endif - case GNUTLS_CRD_CERTIFICATE: + case MHD_GNUTLS_CRD_CERTIFICATE: ret = pack_certificate_auth_info (session, packed_session); if (ret < 0) { @@ -158,7 +158,7 @@ _gnutls_session_unpack (gnutls_session_t session, switch (packed_session->data[0]) { #ifdef ENABLE_SRP - case GNUTLS_CRD_SRP: + case MHD_GNUTLS_CRD_SRP: ret = unpack_srp_auth_info (session, packed_session); if (ret < 0) { @@ -168,7 +168,7 @@ _gnutls_session_unpack (gnutls_session_t session, break; #endif #ifdef ENABLE_PSK - case GNUTLS_CRD_PSK: + case MHD_GNUTLS_CRD_PSK: ret = unpack_psk_auth_info (session, packed_session); if (ret < 0) { @@ -178,7 +178,7 @@ _gnutls_session_unpack (gnutls_session_t session, break; #endif #ifdef ENABLE_ANON - case GNUTLS_CRD_ANON: + case MHD_GNUTLS_CRD_ANON: ret = unpack_anon_auth_info (session, packed_session); if (ret < 0) { @@ -187,7 +187,7 @@ _gnutls_session_unpack (gnutls_session_t session, } break; #endif - case GNUTLS_CRD_CERTIFICATE: + case MHD_GNUTLS_CRD_CERTIFICATE: ret = unpack_certificate_auth_info (session, packed_session); if (ret < 0) { @@ -273,7 +273,7 @@ pack_certificate_auth_info (gnutls_session_t session, return GNUTLS_E_MEMORY_ERROR; } - packed_session->data[0] = GNUTLS_CRD_CERTIFICATE; + packed_session->data[0] = MHD_GNUTLS_CRD_CERTIFICATE; _gnutls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]); pos += 4 + PACK_HEADER_SIZE; @@ -324,7 +324,7 @@ unpack_certificate_auth_info (gnutls_session_t session, size_t pack_size; cert_auth_info_t info; - if (packed_session->data[0] != GNUTLS_CRD_CERTIFICATE) + if (packed_session->data[0] != MHD_GNUTLS_CRD_CERTIFICATE) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; @@ -346,7 +346,7 @@ unpack_certificate_auth_info (gnutls_session_t session, /* client and server have the same auth_info here */ ret = - _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE, + _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, sizeof (cert_auth_info_st), 1); if (ret < 0) { @@ -506,7 +506,7 @@ pack_srp_auth_info (gnutls_session_t session, gnutls_datum_t * packed_session) return GNUTLS_E_MEMORY_ERROR; } - packed_session->data[0] = GNUTLS_CRD_SRP; + packed_session->data[0] = MHD_GNUTLS_CRD_SRP; _gnutls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]); if (pack_size > 0) @@ -525,7 +525,7 @@ unpack_srp_auth_info (gnutls_session_t session, int ret; srp_server_auth_info_t info; - if (packed_session->data[0] != GNUTLS_CRD_SRP) + if (packed_session->data[0] != MHD_GNUTLS_CRD_SRP) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; @@ -545,7 +545,7 @@ unpack_srp_auth_info (gnutls_session_t session, } ret = - _gnutls_auth_info_set (session, GNUTLS_CRD_SRP, + _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_SRP, sizeof (srp_server_auth_info_st), 1); if (ret < 0) { @@ -611,7 +611,7 @@ pack_anon_auth_info (gnutls_session_t session, return GNUTLS_E_MEMORY_ERROR; } - packed_session->data[0] = GNUTLS_CRD_ANON; + packed_session->data[0] = MHD_GNUTLS_CRD_ANON; _gnutls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]); pos += 4 + PACK_HEADER_SIZE; @@ -641,7 +641,7 @@ unpack_anon_auth_info (gnutls_session_t session, int pos = 0, size, ret; anon_auth_info_t info; - if (packed_session->data[0] != GNUTLS_CRD_ANON) + if (packed_session->data[0] != MHD_GNUTLS_CRD_ANON) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; @@ -664,7 +664,7 @@ unpack_anon_auth_info (gnutls_session_t session, /* client and serer have the same auth_info here */ ret = - _gnutls_auth_info_set (session, GNUTLS_CRD_ANON, + _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, sizeof (anon_auth_info_st), 1); if (ret < 0) { @@ -775,7 +775,7 @@ pack_psk_auth_info (gnutls_session_t session, gnutls_datum_t * packed_session) pos = 0; - packed_session->data[pos] = GNUTLS_CRD_PSK; + packed_session->data[pos] = MHD_GNUTLS_CRD_PSK; pos++; _gnutls_write_uint32 (pack_size, &packed_session->data[pos]); @@ -815,7 +815,7 @@ unpack_psk_auth_info (gnutls_session_t session, int pos = 0, size, ret; psk_auth_info_t info; - if (packed_session->data[0] != GNUTLS_CRD_PSK) + if (packed_session->data[0] != MHD_GNUTLS_CRD_PSK) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; @@ -838,7 +838,7 @@ unpack_psk_auth_info (gnutls_session_t session, /* client and serer have the same auth_info here */ ret = - _gnutls_auth_info_set (session, GNUTLS_CRD_PSK, + _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_PSK, sizeof (psk_auth_info_st), 1); if (ret < 0) { diff --git a/src/daemon/https/tls/gnutls_sig.c b/src/daemon/https/tls/gnutls_sig.c @@ -65,7 +65,7 @@ _gnutls_tls_sign_hdata (gnutls_session_t session, return GNUTLS_E_HASH_FAILED; } - if (ver == GNUTLS_SSL3) + if (ver == MHD_GNUTLS_SSL3) { ret = _gnutls_generate_master (session, 1); if (ret < 0) @@ -83,7 +83,7 @@ _gnutls_tls_sign_hdata (gnutls_session_t session, switch (cert->subject_pk_algorithm) { - case GNUTLS_PK_RSA: + case MHD_GNUTLS_PK_RSA: td_md5 = _gnutls_hash_copy (session->internals.handshake_mac_handle_md5); if (td_md5 == NULL) @@ -92,7 +92,7 @@ _gnutls_tls_sign_hdata (gnutls_session_t session, return GNUTLS_E_HASH_FAILED; } - if (ver == GNUTLS_SSL3) + if (ver == MHD_GNUTLS_SSL3) _gnutls_mac_deinit_ssl3_handshake (td_md5, concat, session->security_parameters. master_secret, TLS_MASTER_SIZE); @@ -130,7 +130,7 @@ _gnutls_tls_sign_params (gnutls_session_t session, opaque concat[36]; gnutls_protocol_t ver = gnutls_protocol_get_version (session); - td_sha = _gnutls_hash_init (GNUTLS_MAC_SHA1); + td_sha = _gnutls_hash_init (MHD_GNUTLS_MAC_SHA1); if (td_sha == NULL) { gnutls_assert (); @@ -145,10 +145,10 @@ _gnutls_tls_sign_params (gnutls_session_t session, switch (cert->subject_pk_algorithm) { - case GNUTLS_PK_RSA: - if (ver < GNUTLS_TLS1_2) + case MHD_GNUTLS_PK_RSA: + if (ver < MHD_GNUTLS_TLS1_2) { - mac_hd_t td_md5 = _gnutls_hash_init (GNUTLS_MAC_MD5); + mac_hd_t td_md5 = _gnutls_hash_init (MHD_GNUTLS_MAC_MD5); if (td_md5 == NULL) { gnutls_assert (); @@ -213,7 +213,7 @@ _gnutls_sign (gnutls_pk_algorithm_t algo, switch (algo) { - case GNUTLS_PK_RSA: + case MHD_GNUTLS_PK_RSA: /* encrypt */ if ((ret = _gnutls_pkcs1_rsa_encrypt (signature, data, params, params_size, @@ -301,7 +301,7 @@ _gnutls_verify_sig (gnutls_cert * cert, switch (cert->subject_pk_algorithm) { - case GNUTLS_PK_RSA: + case MHD_GNUTLS_PK_RSA: vdata.data = hash_concat->data; vdata.size = hash_concat->size; @@ -352,7 +352,7 @@ _gnutls_verify_sig_hdata (gnutls_session_t session, return GNUTLS_E_HASH_FAILED; } - if (ver == GNUTLS_SSL3) + if (ver == MHD_GNUTLS_SSL3) { ret = _gnutls_generate_master (session, 1); if (ret < 0) @@ -404,9 +404,9 @@ _gnutls_verify_sig_params (gnutls_session_t session, opaque concat[36]; gnutls_protocol_t ver = gnutls_protocol_get_version (session); - if (ver < GNUTLS_TLS1_2) + if (ver < MHD_GNUTLS_TLS1_2) { - td_md5 = _gnutls_hash_init (GNUTLS_MAC_MD5); + td_md5 = _gnutls_hash_init (MHD_GNUTLS_MAC_MD5); if (td_md5 == NULL) { gnutls_assert (); @@ -420,7 +420,7 @@ _gnutls_verify_sig_params (gnutls_session_t session, _gnutls_hash (td_md5, params->data, params->size); } - td_sha = _gnutls_hash_init (GNUTLS_MAC_SHA1); + td_sha = _gnutls_hash_init (MHD_GNUTLS_MAC_SHA1); if (td_sha == NULL) { gnutls_assert (); @@ -435,7 +435,7 @@ _gnutls_verify_sig_params (gnutls_session_t session, TLS_RANDOM_SIZE); _gnutls_hash (td_sha, params->data, params->size); - if (ver < GNUTLS_TLS1_2) + if (ver < MHD_GNUTLS_TLS1_2) { _gnutls_hash_deinit (td_md5, concat); _gnutls_hash_deinit (td_sha, &concat[16]); diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c @@ -130,7 +130,7 @@ _gnutls_session_cert_type_supported (gnutls_session_t session, { cred = (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key, - GNUTLS_CRD_CERTIFICATE, + MHD_GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) @@ -249,15 +249,15 @@ gnutls_init (gnutls_session_t * session, gnutls_connection_end_t con_end) /* Set the defaults for initial handshake */ (*session)->security_parameters.read_bulk_cipher_algorithm = (*session)->security_parameters.write_bulk_cipher_algorithm = - GNUTLS_CIPHER_NULL; + MHD_GNUTLS_CIPHER_NULL; (*session)->security_parameters.read_mac_algorithm = - (*session)->security_parameters.write_mac_algorithm = GNUTLS_MAC_NULL; + (*session)->security_parameters.write_mac_algorithm = MHD_GNUTLS_MAC_NULL; (*session)->security_parameters.read_compression_algorithm - = GNUTLS_COMP_NULL; + = MHD_GNUTLS_COMP_NULL; (*session)->security_parameters.write_compression_algorithm - = GNUTLS_COMP_NULL; + = MHD_GNUTLS_COMP_NULL; (*session)->internals.enable_private = 0; @@ -435,7 +435,7 @@ _gnutls_dh_set_peer_public (gnutls_session_t session, mpi_t public) switch (gnutls_auth_get_type (session)) { - case GNUTLS_CRD_ANON: + case MHD_GNUTLS_CRD_ANON: { anon_auth_info_t info; info = _gnutls_get_auth_info (session); @@ -445,7 +445,7 @@ _gnutls_dh_set_peer_public (gnutls_session_t session, mpi_t public) dh = &info->dh; break; } - case GNUTLS_CRD_CERTIFICATE: + case MHD_GNUTLS_CRD_CERTIFICATE: { cert_auth_info_t info; @@ -476,7 +476,7 @@ _gnutls_dh_set_secret_bits (gnutls_session_t session, unsigned bits) { switch (gnutls_auth_get_type (session)) { - case GNUTLS_CRD_ANON: + case MHD_GNUTLS_CRD_ANON: { anon_auth_info_t info; info = _gnutls_get_auth_info (session); @@ -485,7 +485,7 @@ _gnutls_dh_set_secret_bits (gnutls_session_t session, unsigned bits) info->dh.secret_bits = bits; break; } - case GNUTLS_CRD_CERTIFICATE: + case MHD_GNUTLS_CRD_CERTIFICATE: { cert_auth_info_t info; @@ -546,7 +546,7 @@ _gnutls_dh_set_group (gnutls_session_t session, mpi_t gen, mpi_t prime) switch (gnutls_auth_get_type (session)) { - case GNUTLS_CRD_ANON: + case MHD_GNUTLS_CRD_ANON: { anon_auth_info_t info; info = _gnutls_get_auth_info (session); @@ -556,7 +556,7 @@ _gnutls_dh_set_group (gnutls_session_t session, mpi_t gen, mpi_t prime) dh = &info->dh; break; } - case GNUTLS_CRD_CERTIFICATE: + case MHD_GNUTLS_CRD_CERTIFICATE: { cert_auth_info_t info; @@ -832,10 +832,11 @@ _gnutls_PRF (gnutls_session_t session, memcpy (s_seed, label, label_size); memcpy (&s_seed[label_size], seed, seed_size); - if (ver >= GNUTLS_TLS1_2) + if (ver >= MHD_GNUTLS_TLS1_2) { - result = _gnutls_P_hash (GNUTLS_MAC_SHA1, secret, secret_size, s_seed, - s_seed_size, total_bytes, ret); + result = + _gnutls_P_hash (MHD_GNUTLS_MAC_SHA1, secret, secret_size, s_seed, + s_seed_size, total_bytes, ret); if (result < 0) { gnutls_assert (); @@ -854,16 +855,18 @@ _gnutls_PRF (gnutls_session_t session, l_s++; } - result = _gnutls_P_hash (GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size, - total_bytes, o1); + result = + _gnutls_P_hash (MHD_GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size, + total_bytes, o1); if (result < 0) { gnutls_assert (); return result; } - result = _gnutls_P_hash (GNUTLS_MAC_SHA1, s2, l_s, s_seed, s_seed_size, - total_bytes, o2); + result = + _gnutls_P_hash (MHD_GNUTLS_MAC_SHA1, s2, l_s, s_seed, s_seed_size, + total_bytes, o2); if (result < 0) { gnutls_assert (); diff --git a/src/daemon/https/tls/gnutls_state.h b/src/daemon/https/tls/gnutls_state.h @@ -69,4 +69,4 @@ int _gnutls_PRF (gnutls_session_t session, int gnutls_init (gnutls_session_t * session, gnutls_connection_end_t con_end); -#define DEFAULT_CERT_TYPE GNUTLS_CRT_X509 +#define DEFAULT_CERT_TYPE MHD_GNUTLS_CRT_X509 diff --git a/src/daemon/https/tls/gnutls_ui.c b/src/daemon/https/tls/gnutls_ui.c @@ -83,13 +83,13 @@ gnutls_dh_get_group (gnutls_session_t session, switch (gnutls_auth_get_type (session)) { - case GNUTLS_CRD_ANON: + case MHD_GNUTLS_CRD_ANON: anon_info = _gnutls_get_auth_info (session); if (anon_info == NULL) return GNUTLS_E_INTERNAL_ERROR; dh = &anon_info->dh; break; - case GNUTLS_CRD_CERTIFICATE: + case MHD_GNUTLS_CRD_CERTIFICATE: cert_info = _gnutls_get_auth_info (session); if (cert_info == NULL) return GNUTLS_E_INTERNAL_ERROR; @@ -140,7 +140,7 @@ gnutls_dh_get_pubkey (gnutls_session_t session, gnutls_datum_t * raw_key) switch (gnutls_auth_get_type (session)) { - case GNUTLS_CRD_ANON: + case MHD_GNUTLS_CRD_ANON: { anon_info = _gnutls_get_auth_info (session); if (anon_info == NULL) @@ -148,7 +148,7 @@ gnutls_dh_get_pubkey (gnutls_session_t session, gnutls_datum_t * raw_key) dh = &anon_info->dh; break; } - case GNUTLS_CRD_PSK: + case MHD_GNUTLS_CRD_PSK: { psk_info = _gnutls_get_auth_info (session); if (psk_info == NULL) @@ -156,7 +156,7 @@ gnutls_dh_get_pubkey (gnutls_session_t session, gnutls_datum_t * raw_key) dh = &psk_info->dh; break; } - case GNUTLS_CRD_CERTIFICATE: + case MHD_GNUTLS_CRD_CERTIFICATE: { cert_info = _gnutls_get_auth_info (session); @@ -195,7 +195,7 @@ gnutls_rsa_export_get_pubkey (gnutls_session_t session, cert_auth_info_t info; int ret; - if (gnutls_auth_get_type (session) == GNUTLS_CRD_CERTIFICATE) + if (gnutls_auth_get_type (session) == MHD_GNUTLS_CRD_CERTIFICATE) { info = _gnutls_get_auth_info (session); if (info == NULL) @@ -238,7 +238,7 @@ gnutls_dh_get_secret_bits (gnutls_session_t session) { switch (gnutls_auth_get_type (session)) { - case GNUTLS_CRD_ANON: + case MHD_GNUTLS_CRD_ANON: { anon_auth_info_t info; @@ -247,7 +247,7 @@ gnutls_dh_get_secret_bits (gnutls_session_t session) return GNUTLS_E_INTERNAL_ERROR; return info->dh.secret_bits; } - case GNUTLS_CRD_CERTIFICATE: + case MHD_GNUTLS_CRD_CERTIFICATE: { cert_auth_info_t info; @@ -279,7 +279,7 @@ gnutls_dh_get_prime_bits (gnutls_session_t session) switch (gnutls_auth_get_type (session)) { - case GNUTLS_CRD_ANON: + case MHD_GNUTLS_CRD_ANON: { anon_auth_info_t info; @@ -289,7 +289,7 @@ gnutls_dh_get_prime_bits (gnutls_session_t session) dh = &info->dh; break; } - case GNUTLS_CRD_CERTIFICATE: + case MHD_GNUTLS_CRD_CERTIFICATE: { cert_auth_info_t info; @@ -346,7 +346,7 @@ gnutls_dh_get_peers_public_bits (gnutls_session_t session) switch (gnutls_auth_get_type (session)) { - case GNUTLS_CRD_ANON: + case MHD_GNUTLS_CRD_ANON: { anon_auth_info_t info; @@ -357,7 +357,7 @@ gnutls_dh_get_peers_public_bits (gnutls_session_t session) dh = &info->dh; break; } - case GNUTLS_CRD_CERTIFICATE: + case MHD_GNUTLS_CRD_CERTIFICATE: { cert_auth_info_t info; @@ -395,11 +395,11 @@ gnutls_certificate_get_ours (gnutls_session_t session) { gnutls_certificate_credentials_t cred; - CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, NULL); + CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL); cred = (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key, - GNUTLS_CRD_CERTIFICATE, + MHD_GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL || cred->cert_list == NULL) { @@ -436,7 +436,7 @@ gnutls_certificate_get_peers (gnutls_session_t { cert_auth_info_t info; - CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, NULL); + CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL); info = _gnutls_get_auth_info (session); if (info == NULL) @@ -460,7 +460,7 @@ gnutls_certificate_client_get_request_status (gnutls_session_t session) { cert_auth_info_t info; - CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, 0); + CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, 0); info = _gnutls_get_auth_info (session); if (info == NULL) diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c @@ -108,7 +108,7 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session, gnutls_x509_crt_t *peer_certificate_list; int peer_certificate_list_size, i, x, ret; - CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); + CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); info = _gnutls_get_auth_info (session); if (info == NULL) @@ -118,7 +118,7 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session, } cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -1054,8 +1054,8 @@ _gnutls_check_key_usage (const gnutls_cert * cert, gnutls_kx_algorithm_t alg) return GNUTLS_E_INTERNAL_ERROR; } - if (_gnutls_map_kx_get_cred (alg, 1) == GNUTLS_CRD_CERTIFICATE || - _gnutls_map_kx_get_cred (alg, 0) == GNUTLS_CRD_CERTIFICATE) + if (_gnutls_map_kx_get_cred (alg, 1) == MHD_GNUTLS_CRD_CERTIFICATE || + _gnutls_map_kx_get_cred (alg, 0) == MHD_GNUTLS_CRD_CERTIFICATE) { key_usage = cert->key_usage; diff --git a/src/daemon/https/x509/common.c b/src/daemon/https/x509/common.c @@ -1244,7 +1244,7 @@ _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, return _gnutls_asn2err (result); } - if (pk_algorithm == GNUTLS_PK_RSA) + if (pk_algorithm == MHD_GNUTLS_PK_RSA) { /* disable parameters, which are not used in RSA. */ @@ -1363,7 +1363,7 @@ _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, switch (algo) { - case GNUTLS_PK_RSA: + case MHD_GNUTLS_PK_RSA: { if ((result = _gnutls_x509_read_rsa_params (str, len, params)) < 0) { diff --git a/src/daemon/https/x509/crl_write.c b/src/daemon/https/x509/crl_write.c @@ -143,7 +143,8 @@ int gnutls_x509_crl_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, gnutls_x509_privkey_t issuer_key) { - return gnutls_x509_crl_sign2 (crl, issuer, issuer_key, GNUTLS_DIG_SHA1, 0); + return gnutls_x509_crl_sign2 (crl, issuer, issuer_key, MHD_GNUTLS_DIG_SHA1, + 0); } /** diff --git a/src/daemon/https/x509/crq.c b/src/daemon/https/x509/crq.c @@ -805,7 +805,7 @@ gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key, int gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) { - return gnutls_x509_crq_sign2 (crq, key, GNUTLS_DIG_SHA1, 0); + return gnutls_x509_crq_sign2 (crq, key, MHD_GNUTLS_DIG_SHA1, 0); } /** diff --git a/src/daemon/https/x509/mpi.c b/src/daemon/https/x509/mpi.c @@ -231,7 +231,7 @@ _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert, switch (pk_algorithm) { - case GNUTLS_PK_RSA: + case MHD_GNUTLS_PK_RSA: /* params[0] is the modulus, * params[1] is the exponent */ @@ -365,7 +365,7 @@ _gnutls_x509_write_sig_params (ASN1_TYPE dst, _gnutls_str_cpy (name, sizeof (name), dst_name); _gnutls_str_cat (name, sizeof (name), ".parameters"); - if (pk_algorithm == GNUTLS_PK_RSA) + if (pk_algorithm == MHD_GNUTLS_PK_RSA) { /* RSA */ result = asn1_write_value (dst, name, NULL, 0); diff --git a/src/daemon/https/x509/output.c b/src/daemon/https/x509/output.c @@ -612,7 +612,7 @@ print_cert (gnutls_string * str, gnutls_x509_crt_t cert, int notsigned) addf (str, _("\tSubject Public Key Algorithm: %s\n"), name); switch (err) { - case GNUTLS_PK_RSA: + case MHD_GNUTLS_PK_RSA: { gnutls_datum_t m, e; @@ -932,7 +932,7 @@ print_fingerprint (gnutls_string * str, gnutls_x509_crt_t cert, return; } - if (algo == GNUTLS_DIG_MD5) + if (algo == MHD_GNUTLS_DIG_MD5) addf (str, _("\tMD5 fingerprint:\n\t\t")); else addf (str, _("\tSHA-1 fingerprint:\n\t\t")); @@ -981,8 +981,8 @@ print_other (gnutls_string * str, gnutls_x509_crt_t cert, int notsigned) { if (!notsigned) { - print_fingerprint (str, cert, GNUTLS_DIG_MD5); - print_fingerprint (str, cert, GNUTLS_DIG_SHA1); + print_fingerprint (str, cert, MHD_GNUTLS_DIG_MD5); + print_fingerprint (str, cert, MHD_GNUTLS_DIG_SHA1); } print_keyid (str, cert); } @@ -1088,7 +1088,7 @@ print_oneline (gnutls_string * str, gnutls_x509_crt_t cert) size_t size = sizeof (buffer); int err; - err = gnutls_x509_crt_get_fingerprint (cert, GNUTLS_DIG_SHA1, + err = gnutls_x509_crt_get_fingerprint (cert, MHD_GNUTLS_DIG_SHA1, buffer, &size); if (err < 0) { diff --git a/src/daemon/https/x509/pkcs12.c b/src/daemon/https/x509/pkcs12.c @@ -924,7 +924,7 @@ gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass) /* MAC the data */ - td1 = _gnutls_hmac_init (GNUTLS_MAC_SHA1, key, sizeof (key)); + td1 = _gnutls_hmac_init (MHD_GNUTLS_MAC_SHA1, key, sizeof (key)); if (td1 == GNUTLS_MAC_FAILED) { gnutls_assert (); @@ -1050,7 +1050,7 @@ gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass) /* MAC the data */ - td1 = _gnutls_hmac_init (GNUTLS_MAC_SHA1, key, sizeof (key)); + td1 = _gnutls_hmac_init (MHD_GNUTLS_MAC_SHA1, key, sizeof (key)); if (td1 == GNUTLS_MAC_FAILED) { gnutls_assert (); diff --git a/src/daemon/https/x509/privkey_pkcs8.c b/src/daemon/https/x509/privkey_pkcs8.c @@ -139,7 +139,7 @@ _encode_privkey (gnutls_x509_privkey pkey, gnutls_datum * raw) switch (pkey->pk_algorithm) { - case GNUTLS_PK_RSA: + case MHD_GNUTLS_PK_RSA: ret = gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, NULL, &size); if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) @@ -196,7 +196,7 @@ encode_to_private_key_info (gnutls_x509_privkey_t pkey, gnutls_datum algo_params = { NULL, 0 }; gnutls_datum algo_privkey = { NULL, 0 }; - if (pkey->pk_algorithm == GNUTLS_PK_RSA) + if (pkey->pk_algorithm == MHD_GNUTLS_PK_RSA) { oid = PK_PKIX1_RSA_OID; /* parameters are null @@ -612,17 +612,17 @@ read_pkcs_schema_params (schema_id schema, const char *password, if ((schema) == PKCS12_3DES_SHA1) { - enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; + enc_params->cipher = MHD_GNUTLS_CIPHER_3DES_CBC; enc_params->iv_size = 8; } else if ((schema) == PKCS12_ARCFOUR_SHA1) { - enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128; + enc_params->cipher = MHD_GNUTLS_CIPHER_ARCFOUR_128; enc_params->iv_size = 0; } else if ((schema) == PKCS12_RC2_40_SHA1) { - enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC; + enc_params->cipher = MHD_GNUTLS_CIPHER_RC2_40_CBC; enc_params->iv_size = 8; } @@ -950,7 +950,7 @@ decode_private_key_info (const gnutls_datum_t * der, /* we only support RSA and DSA private keys. */ if (strcmp (oid, PK_PKIX1_RSA_OID) == 0) - pkey->pk_algorithm = GNUTLS_PK_RSA; + pkey->pk_algorithm = MHD_GNUTLS_PK_RSA; else { gnutls_assert (); @@ -963,7 +963,7 @@ decode_private_key_info (const gnutls_datum_t * der, /* Get the DER encoding of the actual private key. */ - if (pkey->pk_algorithm == GNUTLS_PK_RSA) + if (pkey->pk_algorithm == MHD_GNUTLS_PK_RSA) result = _decode_pkcs8_rsa_key (pkcs8_asn, pkey); if (result < 0) { @@ -1021,7 +1021,7 @@ gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, _data.data = data->data; _data.size = data->size; - key->pk_algorithm = GNUTLS_PK_UNKNOWN; + key->pk_algorithm = MHD_GNUTLS_PK_UNKNOWN; /* If the Certificate is in PEM format then decode it */ @@ -1082,7 +1082,7 @@ gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, return 0; cleanup: - key->pk_algorithm = GNUTLS_PK_UNKNOWN; + key->pk_algorithm = MHD_GNUTLS_PK_UNKNOWN; if (need_free) _gnutls_free_datum (&_data); return result; @@ -1291,13 +1291,13 @@ oid2cipher (const char *oid, gnutls_cipher_algorithm_t * algo) if (strcmp (oid, DES_EDE3_CBC_OID) == 0) { - *algo = GNUTLS_CIPHER_3DES_CBC; + *algo = MHD_GNUTLS_CIPHER_3DES_CBC; return 0; } if (strcmp (oid, DES_CBC_OID) == 0) { - *algo = GNUTLS_CIPHER_DES_CBC; + *algo = MHD_GNUTLS_CIPHER_DES_CBC; return 0; } @@ -1697,11 +1697,11 @@ generate_key (schema_id schema, */ if (schema == PKCS12_ARCFOUR_SHA1) - enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128; + enc_params->cipher = MHD_GNUTLS_CIPHER_ARCFOUR_128; else if (schema == PKCS12_3DES_SHA1) - enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; + enc_params->cipher = MHD_GNUTLS_CIPHER_3DES_CBC; else if (schema == PKCS12_RC2_40_SHA1) - enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC; + enc_params->cipher = MHD_GNUTLS_CIPHER_RC2_40_CBC; if (gc_pseudo_random (rnd, 2) != GC_OK) { diff --git a/src/daemon/https/x509/sign.c b/src/daemon/https/x509/sign.c @@ -162,7 +162,7 @@ pkcs1_rsa_sign (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text, } if ((ret = - _gnutls_sign (GNUTLS_PK_RSA, params, params_len, &info, + _gnutls_sign (MHD_GNUTLS_PK_RSA, params, params_len, &info, signature)) < 0) { gnutls_assert (); @@ -193,7 +193,7 @@ _gnutls_x509_sign (const gnutls_datum_t * tbs, switch (signer->pk_algorithm) { - case GNUTLS_PK_RSA: + case MHD_GNUTLS_PK_RSA: ret = pkcs1_rsa_sign (hash, tbs, signer->params, signer->params_size, signature); diff --git a/src/daemon/https/x509/x509.c b/src/daemon/https/x509/x509.c @@ -2041,7 +2041,7 @@ rsadsa_get_key_id (gnutls_x509_crt_t crt, return result; } - if (pk == GNUTLS_PK_RSA) + if (pk == MHD_GNUTLS_PK_RSA) { result = _gnutls_x509_write_rsa_params (params, params_size, &der); if (result < 0) @@ -2053,7 +2053,7 @@ rsadsa_get_key_id (gnutls_x509_crt_t crt, else return GNUTLS_E_INTERNAL_ERROR; - hd = _gnutls_hash_init (GNUTLS_MAC_SHA1); + hd = _gnutls_hash_init (MHD_GNUTLS_MAC_SHA1); if (hd == GNUTLS_HASH_FAILED) { gnutls_assert (); @@ -2130,7 +2130,7 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, return pk; } - if (pk == GNUTLS_PK_RSA) + if (pk == MHD_GNUTLS_PK_RSA) { /* This is for compatibility with what GnuTLS has printed for RSA/DSA before the code below was added. The code below is @@ -2165,7 +2165,7 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, return _gnutls_asn2err (result); } - result = gnutls_fingerprint (GNUTLS_DIG_SHA1, &pubkey, output_data, + result = gnutls_fingerprint (MHD_GNUTLS_DIG_SHA1, &pubkey, output_data, output_data_size); gnutls_afree (pubkey.data); @@ -2581,7 +2581,7 @@ gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt, } ret = gnutls_x509_crt_get_pk_algorithm (crt, NULL); - if (ret != GNUTLS_PK_RSA) + if (ret != MHD_GNUTLS_PK_RSA) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; diff --git a/src/daemon/https/x509/x509_privkey.c b/src/daemon/https/x509/x509_privkey.c @@ -64,7 +64,7 @@ gnutls_x509_privkey_init (gnutls_x509_privkey_t * key) if (*key) { (*key)->key = ASN1_TYPE_EMPTY; - (*key)->pk_algorithm = GNUTLS_PK_UNKNOWN; + (*key)->pk_algorithm = MHD_GNUTLS_PK_UNKNOWN; return 0; /* success */ } @@ -126,7 +126,7 @@ gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src) { switch (dst->pk_algorithm) { - case GNUTLS_PK_RSA: + case MHD_GNUTLS_PK_RSA: ret = _gnutls_asn1_encode_rsa (&dst->key, dst->params); if (ret < 0) { @@ -355,7 +355,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, _data.data = data->data; _data.size = data->size; - key->pk_algorithm = GNUTLS_PK_UNKNOWN; + key->pk_algorithm = MHD_GNUTLS_PK_UNKNOWN; /* If the Certificate is in PEM format then decode it */ if (format == GNUTLS_X509_FMT_PEM) @@ -365,7 +365,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, /* Try the first header */ result = _gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out); - key->pk_algorithm = GNUTLS_PK_RSA; + key->pk_algorithm = MHD_GNUTLS_PK_RSA; // TODO rm // if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) @@ -390,7 +390,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, need_free = 1; } - if (key->pk_algorithm == GNUTLS_PK_RSA) + if (key->pk_algorithm == MHD_GNUTLS_PK_RSA) { key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key); if (key->key == NULL) @@ -399,7 +399,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, else { /* Try decoding with both, and accept the one that succeeds. */ - key->pk_algorithm = GNUTLS_PK_RSA; + key->pk_algorithm = MHD_GNUTLS_PK_RSA; key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key); // TODO rm @@ -416,7 +416,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, { gnutls_assert (); result = GNUTLS_E_ASN1_DER_ERROR; - key->pk_algorithm = GNUTLS_PK_UNKNOWN; + key->pk_algorithm = MHD_GNUTLS_PK_UNKNOWN; return result; } @@ -539,7 +539,7 @@ gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, } key->params_size = RSA_PRIVATE_PARAMS; - key->pk_algorithm = GNUTLS_PK_RSA; + key->pk_algorithm = MHD_GNUTLS_PK_RSA; return 0; @@ -605,7 +605,7 @@ gnutls_x509_privkey_export (gnutls_x509_privkey_t key, return GNUTLS_E_INVALID_REQUEST; } - if (key->pk_algorithm == GNUTLS_PK_RSA) + if (key->pk_algorithm == MHD_GNUTLS_PK_RSA) msg = PEM_KEY_RSA; else msg = NULL; @@ -615,7 +615,7 @@ gnutls_x509_privkey_export (gnutls_x509_privkey_t key, */ switch (key->pk_algorithm) { - case GNUTLS_PK_RSA: + case MHD_GNUTLS_PK_RSA: ret = _gnutls_asn1_encode_rsa (&key->key, key->params); if (ret < 0) { @@ -1204,7 +1204,7 @@ gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, switch (algo) { - case GNUTLS_PK_RSA: + case MHD_GNUTLS_PK_RSA: ret = _gnutls_rsa_generate_params (key->params, ¶ms_len, bits); if (ret < 0) { @@ -1223,7 +1223,7 @@ gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, } key->params_size = params_len; - key->pk_algorithm = GNUTLS_PK_RSA; + key->pk_algorithm = MHD_GNUTLS_PK_RSA; break; default: @@ -1233,7 +1233,7 @@ gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, return 0; -cleanup:key->pk_algorithm = GNUTLS_PK_UNKNOWN; +cleanup:key->pk_algorithm = MHD_GNUTLS_PK_UNKNOWN; key->params_size = 0; for (i = 0; i < params_len; i++) _gnutls_mpi_release (&key->params[i]); @@ -1287,7 +1287,7 @@ gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key, return GNUTLS_E_SHORT_MEMORY_BUFFER; } - if (key->pk_algorithm == GNUTLS_PK_RSA) + if (key->pk_algorithm == MHD_GNUTLS_PK_RSA) { result = _gnutls_x509_write_rsa_params (key->params, key->params_size, &der); @@ -1300,7 +1300,7 @@ gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key, else return GNUTLS_E_INTERNAL_ERROR; - hd = _gnutls_hash_init (GNUTLS_MAC_SHA1); + hd = _gnutls_hash_init (MHD_GNUTLS_MAC_SHA1); if (hd == GNUTLS_HASH_FAILED) { gnutls_assert (); @@ -1483,7 +1483,7 @@ gnutls_x509_privkey_fix (gnutls_x509_privkey_t key) asn1_delete_structure (&key->key); switch (key->pk_algorithm) { - case GNUTLS_PK_RSA: + case MHD_GNUTLS_PK_RSA: ret = _gnutls_asn1_encode_rsa (&key->key, key->params); if (ret < 0) { diff --git a/src/daemon/https/x509/x509_verify.c b/src/daemon/https/x509/x509_verify.c @@ -500,7 +500,7 @@ decode_ber_digest_info (const gnutls_datum_t * info, *hash = _gnutls_x509_oid2mac_algorithm (str); - if (*hash == GNUTLS_MAC_UNKNOWN) + if (*hash == MHD_GNUTLS_MAC_UNKNOWN) { _gnutls_x509_log ("verify.c: HASH OID: %s\n", str); @@ -547,7 +547,7 @@ _pkcs1_rsa_verify_sig (const gnutls_datum_t * text, const gnutls_datum_t * signature, mpi_t * params, int params_len) { - gnutls_mac_algorithm_t hash = GNUTLS_MAC_UNKNOWN; + gnutls_mac_algorithm_t hash = MHD_GNUTLS_MAC_UNKNOWN; int ret; opaque digest[MAX_HASH_SIZE], md[MAX_HASH_SIZE]; int digest_size; @@ -613,7 +613,7 @@ dsa_verify_sig (const gnutls_datum_t * text, gnutls_datum_t digest; GNUTLS_HASH_HANDLE hd; - hd = _gnutls_hash_init (GNUTLS_MAC_SHA1); + hd = _gnutls_hash_init (MHD_GNUTLS_MAC_SHA1); if (hd == NULL) { gnutls_assert (); @@ -643,7 +643,7 @@ verify_sig (const gnutls_datum_t * tbs, switch (pk) { - case GNUTLS_PK_RSA: + case MHD_GNUTLS_PK_RSA: if (_pkcs1_rsa_verify_sig (tbs, signature, issuer_params, issuer_params_size) != 0) diff --git a/src/daemon/https/x509/x509_write.c b/src/daemon/https/x509/x509_write.c @@ -632,7 +632,8 @@ int gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, gnutls_x509_privkey_t issuer_key) { - return gnutls_x509_crt_sign2 (crt, issuer, issuer_key, GNUTLS_DIG_SHA1, 0); + return gnutls_x509_crt_sign2 (crt, issuer, issuer_key, MHD_GNUTLS_DIG_SHA1, + 0); } /** diff --git a/src/daemon/postprocessor.c b/src/daemon/postprocessor.c @@ -1026,8 +1026,7 @@ MHD_destroy_post_processor (struct MHD_PostProcessor *pp) /* These internal strings need cleaning up since the post-processing may have been interrupted at any stage */ - if ( (pp->xbuf_pos > 0) || - (pp->state != PP_Done) ) + if ((pp->xbuf_pos > 0) || (pp->state != PP_Done)) ret = MHD_NO; else ret = MHD_YES; diff --git a/src/daemon/postprocessor_large_test.c b/src/daemon/postprocessor_large_test.c @@ -24,12 +24,9 @@ * @author Christian Grothoff */ -#include "config.h" +#include "platform.h" #include "microhttpd.h" #include "internal.h" -#include <stdlib.h> -#include <string.h> -#include <stdio.h> #ifndef WINDOWS #include <unistd.h> diff --git a/src/examples/https_server_example.c b/src/examples/https_server_example.c @@ -35,7 +35,7 @@ */ #include "platform.h" -#include <microhttpsd.h> +#include <microhttpd.h> #include <sys/stat.h> #include "gnutls.h" diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h @@ -58,7 +58,7 @@ * All functions are guaranteed to be completely reentrant and * thread-safe.<p> * - * NEW: Before including "microhttpd.h" you should add the + * NEW: Before including "microhttpd.h" you should add the * necessary includes to define the "size_t", "fd_set", "socklen_t" and * "struct sockaddr" data types (which headers are needed may * depend on your platform; for possible suggestions consult @@ -923,6 +923,137 @@ MHD_post_process (struct MHD_PostProcessor *pp, */ int MHD_destroy_post_processor (struct MHD_PostProcessor *pp); +/* + * HTTPS + */ + +typedef enum MHD_GNUTLS_cipher_algorithm +{ + MHD_GNUTLS_CIPHER_UNKNOWN = 0, + MHD_GNUTLS_CIPHER_NULL = 1, + MHD_GNUTLS_CIPHER_ARCFOUR_128, + MHD_GNUTLS_CIPHER_3DES_CBC, + MHD_GNUTLS_CIPHER_AES_128_CBC, + MHD_GNUTLS_CIPHER_AES_256_CBC, + MHD_GNUTLS_CIPHER_ARCFOUR_40, + MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, + MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, + MHD_GNUTLS_CIPHER_RC2_40_CBC = 90, + MHD_GNUTLS_CIPHER_DES_CBC +} gnutls_cipher_algorithm_t; + +typedef enum +{ + MHD_GNUTLS_KX_UNKNOWN = 0, + MHD_GNUTLS_KX_RSA = 1, + MHD_GNUTLS_KX_DHE_DSS, + MHD_GNUTLS_KX_DHE_RSA, + MHD_GNUTLS_KX_ANON_DH, + MHD_GNUTLS_KX_SRP, + MHD_GNUTLS_KX_RSA_EXPORT, + MHD_GNUTLS_KX_SRP_RSA, + MHD_GNUTLS_KX_SRP_DSS +} gnutls_kx_algorithm_t; + +typedef enum +{ + MHD_GNUTLS_CRD_CERTIFICATE = 1, + MHD_GNUTLS_CRD_ANON, + MHD_GNUTLS_CRD_SRP, + MHD_GNUTLS_CRD_PSK, + MHD_GNUTLS_CRD_IA +} gnutls_credentials_type_t; + +typedef enum +{ + MHD_GNUTLS_MAC_UNKNOWN = 0, + MHD_GNUTLS_MAC_NULL = 1, + MHD_GNUTLS_MAC_MD5, + MHD_GNUTLS_MAC_SHA1, + MHD_GNUTLS_MAC_SHA256 + //GNUTLS_MAC_SHA384, + //GNUTLS_MAC_SHA512 +} gnutls_mac_algorithm_t; + + /* The enumerations here should have the same value with + gnutls_mac_algorithm_t. + */ +typedef enum +{ + MHD_GNUTLS_DIG_NULL = MHD_GNUTLS_MAC_NULL, + MHD_GNUTLS_DIG_MD5 = MHD_GNUTLS_MAC_MD5, + MHD_GNUTLS_DIG_SHA1 = MHD_GNUTLS_MAC_SHA1, + MHD_GNUTLS_DIG_SHA256 = MHD_GNUTLS_MAC_SHA256 +} gnutls_digest_algorithm_t; + + +typedef enum +{ + MHD_GNUTLS_COMP_UNKNOWN = 0, + MHD_GNUTLS_COMP_NULL = 1, + MHD_GNUTLS_COMP_DEFLATE, + MHD_GNUTLS_COMP_LZO /* only available if gnutls-extra has + been initialized + */ +} gnutls_compression_method_t; + +typedef enum +{ + MHD_GNUTLS_SSL3 = 1, + MHD_GNUTLS_TLS1_0, + MHD_GNUTLS_TLS1_1, + MHD_GNUTLS_TLS1_2, + MHD_GNUTLS_VERSION_UNKNOWN = 0xff +} gnutls_protocol_t; + +typedef enum +{ + MHD_GNUTLS_CRT_UNKNOWN = 0, + MHD_GNUTLS_CRT_X509 = 1, + MHD_GNUTLS_CRT_OPENPGP +} gnutls_certificate_type_t; + +typedef enum +{ + MHD_GNUTLS_PK_UNKNOWN = 0, + MHD_GNUTLS_PK_RSA = 1 + //GNUTLS_PK_DSA +} gnutls_pk_algorithm_t; + +union MHD_SessionInfo +{ + gnutls_cipher_algorithm_t cipher_algorithm; + gnutls_kx_algorithm_t kx_algorithm; + gnutls_credentials_type_t credentials_type; + gnutls_mac_algorithm_t mac_algorithm; + gnutls_compression_method_t compression_method; + gnutls_protocol_t protocol; + gnutls_certificate_type_t certificate_type; + gnutls_pk_algorithm_t pk_algorithm; + int null_info; +}; + +enum MHD_InfoType +{ + MHS_INFO_CIPHER_ALGO, + MHD_INFO_KX_ALGO, + MHD_INFO_CREDENTIALS_TYPE, + MHD_INFO_MAC_ALGO, + MHD_INFO_COMPRESSION_METHOD, + MHD_INFO_PROTOCOL, + MHD_INFO_CERT_TYPE +}; + +union MHD_SessionInfo MHD_get_session_info (struct MHD_Connection *con, + enum MHD_InfoType infoType); + +/* TODO impl */ +size_t MHDS_get_key_size (struct MHD_Daemon *daemon, + gnutls_cipher_algorithm_t algorithm); +size_t MHDS_get_mac_key_size (struct MHD_Daemon *daemon, + gnutls_mac_algorithm_t algorithm); + + #if 0 /* keep Emacsens' auto-indent happy */ { diff --git a/src/include/microhttpsd.h b/src/include/microhttpsd.h @@ -1,159 +0,0 @@ -/* - This file is part of libmicrohttpd - (C) 2006, 2007, 2008 Christian Grothoff (and other contributing authors) - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - -/** - * @file microhttpsd.h - * @brief public interface to libmicrohttpd - * @author Sagie Amir - * - */ - -#ifndef MHD_MICROHTTPSD_H -#define MHD_MICROHTTPSD_H - -#include "microhttpd.h" - -typedef enum gnutls_cipher_algorithm -{ - GNUTLS_CIPHER_UNKNOWN = 0, - GNUTLS_CIPHER_NULL = 1, - GNUTLS_CIPHER_ARCFOUR_128, - GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_AES_128_CBC, - GNUTLS_CIPHER_AES_256_CBC, - GNUTLS_CIPHER_ARCFOUR_40, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_CIPHER_CAMELLIA_256_CBC, - GNUTLS_CIPHER_RC2_40_CBC = 90, - GNUTLS_CIPHER_DES_CBC -} gnutls_cipher_algorithm_t; - -typedef enum -{ - GNUTLS_KX_UNKNOWN = 0, - GNUTLS_KX_RSA = 1, - GNUTLS_KX_DHE_DSS, - GNUTLS_KX_DHE_RSA, - GNUTLS_KX_ANON_DH, - GNUTLS_KX_SRP, - GNUTLS_KX_RSA_EXPORT, - GNUTLS_KX_SRP_RSA, - GNUTLS_KX_SRP_DSS -} gnutls_kx_algorithm_t; - -typedef enum -{ - GNUTLS_CRD_CERTIFICATE = 1, - GNUTLS_CRD_ANON, - GNUTLS_CRD_SRP, - GNUTLS_CRD_PSK, - GNUTLS_CRD_IA -} gnutls_credentials_type_t; - -typedef enum -{ - GNUTLS_MAC_UNKNOWN = 0, - GNUTLS_MAC_NULL = 1, - GNUTLS_MAC_MD5, - GNUTLS_MAC_SHA1, - GNUTLS_MAC_SHA256 - //GNUTLS_MAC_SHA384, - //GNUTLS_MAC_SHA512 -} gnutls_mac_algorithm_t; - - /* The enumerations here should have the same value with - gnutls_mac_algorithm_t. - */ -typedef enum -{ - GNUTLS_DIG_NULL = GNUTLS_MAC_NULL, - GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5, - GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1, - GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256 -} gnutls_digest_algorithm_t; - - -typedef enum -{ - GNUTLS_COMP_UNKNOWN = 0, - GNUTLS_COMP_NULL = 1, - GNUTLS_COMP_DEFLATE, - GNUTLS_COMP_LZO /* only available if gnutls-extra has - been initialized - */ -} gnutls_compression_method_t; - -#define GNUTLS_TLS1 GNUTLS_TLS1_0 -typedef enum -{ - GNUTLS_SSL3 = 1, - GNUTLS_TLS1_0, - GNUTLS_TLS1_1, - GNUTLS_TLS1_2, - GNUTLS_VERSION_UNKNOWN = 0xff -} gnutls_protocol_t; - -typedef enum -{ - GNUTLS_CRT_UNKNOWN = 0, - GNUTLS_CRT_X509 = 1, - GNUTLS_CRT_OPENPGP -} gnutls_certificate_type_t; - -typedef enum -{ - GNUTLS_PK_UNKNOWN = 0, - GNUTLS_PK_RSA = 1 - //GNUTLS_PK_DSA -} gnutls_pk_algorithm_t; - -union MHD_SessionInfo -{ - gnutls_cipher_algorithm_t cipher_algorithm; - gnutls_kx_algorithm_t kx_algorithm; - gnutls_credentials_type_t credentials_type; - gnutls_mac_algorithm_t mac_algorithm; - gnutls_compression_method_t compression_method; - gnutls_protocol_t protocol; - gnutls_certificate_type_t certificate_type; - gnutls_pk_algorithm_t pk_algorithm; - int null_info; -}; - -enum MHD_InfoType -{ - MHS_INFO_CIPHER_ALGO, - MHD_INFO_KX_ALGO, - MHD_INFO_CREDENTIALS_TYPE, - MHD_INFO_MAC_ALGO, - MHD_INFO_COMPRESSION_METHOD, - MHD_INFO_PROTOCOL, - MHD_INFO_CERT_TYPE -}; - -union MHD_SessionInfo MHD_get_tls_session_info (struct MHD_Connection *con, - enum MHD_InfoType infoType); - -//TODO impl -size_t MHDS_get_key_size (struct MHD_Daemon *daemon, - gnutls_cipher_algorithm_t algorithm); -size_t MHDS_get_mac_key_size (struct MHD_Daemon *daemon, - gnutls_mac_algorithm_t algorithm); - -#endif diff --git a/src/testcurl/Makefile.am b/src/testcurl/Makefile.am @@ -6,7 +6,8 @@ endif AM_CPPFLAGS = \ -I$(top_srcdir)/src/daemon \ --I$(top_srcdir)/src/include +-I$(top_srcdir)/src/include \ +$(LIBCURL_CPPFLAGS) check_PROGRAMS = \ daemontest_get \ @@ -27,6 +28,17 @@ check_PROGRAMS = \ TESTS = $(check_PROGRAMS) +noinst_LIBRARIES = libcurl_version_check.a + +libcurl_version_check_a_SOURCES = \ + curl_version_check.c +libcurl_version_check_a_CPPFLAGS = \ + -I$(top_srcdir)/src/daemon \ + -I$(top_srcdir)/src/include \ + -I$(top_srcdir)/src/daemon/https \ + $(LIBCURL_CPPFLAGS) + + daemontest_get_SOURCES = \ daemontest_get.c daemontest_get_LDADD = \ diff --git a/src/testcurl/curl_version_check.c b/src/testcurl/curl_version_check.c @@ -25,10 +25,9 @@ */ #include "config.h" +#include "platform.h" #include <curl/curl.h> #include <microhttpd.h> -#include <stdlib.h> -#include <string.h> #include "internal.h" #ifndef WINDOWS @@ -87,12 +86,14 @@ curl_check_version (const char *req_version, ...) int rq_major, rq_minor, rq_micro; ver = curl_version (); +#if HAVE_MESSAGES + fprintf (stderr, "curl version: %s\n", ver); +#endif /* * this call relies on the cURL string to be of the format : * 'libcurl/7.16.4 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/0.6.5' */ curl_ver = strchr (ver, '/') + 1; - ssl_ver = strchr (curl_ver, '/') + 1; /* Parse version numbers */ parse_version_string (req_version, &rq_major, &rq_minor, &rq_micro); @@ -112,11 +113,18 @@ curl_check_version (const char *req_version, ...) return -1; } + /* + * enforce required gnutls/openssl version. + * TODO use curl version string to assert use of gnutls + */ #if HTTPS_SUPPORT va_start (ap, req_version); req_ssl_ver = va_arg (ap, void *); parse_version_string (req_ssl_ver, &rq_major, &rq_minor, &rq_micro); + + ssl_ver = strchr (curl_ver, '/') + 1; + parse_version_string (ssl_ver, &loc_major, &loc_minor, &loc_micro); if ((loc_major > rq_major @@ -127,7 +135,7 @@ curl_check_version (const char *req_version, ...) && loc_micro == rq_micro)) == 0) { fprintf (stderr, - "Error: running curl test depends on local libcurl-openssl version > %s\n", + "Error: running curl test depends on local libcurl SSL version > %s\n", req_ssl_ver); return -1; } diff --git a/src/testcurl/https/Makefile.am b/src/testcurl/https/Makefile.am @@ -6,47 +6,48 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/daemon/https/tls \ -I$(top_srcdir)/src/daemon/https/lgl \ -I$(top_srcdir)/src/daemon/https/x509 \ --I$(top_srcdir)/src/daemon +-I$(top_srcdir)/src/daemon \ +$(LIBCURL_CPPFLAGS) check_PROGRAMS = \ - mhds_get_test \ - tls_authentication_test \ - mhds_multi_daemon_test \ - mhds_session_info_test +mhds_get_test \ +tls_authentication_test \ +mhds_multi_daemon_test \ +mhds_session_info_test TESTS = $(check_PROGRAMS) tls_alert_test_SOURCES = \ - tls_alert_test.c \ - $(top_builddir)/src/testcurl/curl_version_check.c + tls_alert_test.c tls_alert_test_LDADD = \ + $(top_builddir)/src/testcurl/libcurl_version_check.a \ $(top_builddir)/src/daemon/libmicrohttpd.la \ @LIBCURL@ tls_authentication_test_SOURCES = \ - tls_authentication_test.c \ - $(top_builddir)/src/testcurl/curl_version_check.c + tls_authentication_test.c tls_authentication_test_LDADD = \ + $(top_builddir)/src/testcurl/libcurl_version_check.a \ $(top_builddir)/src/daemon/libmicrohttpd.la \ @LIBCURL@ mhds_get_test_SOURCES = \ - mhds_get_test.c \ - $(top_builddir)/src/testcurl/curl_version_check.c -mhds_get_test_LDADD = \ + mhds_get_test.c +mhds_get_test_LDADD = \ + $(top_builddir)/src/testcurl/libcurl_version_check.a \ $(top_builddir)/src/daemon/libmicrohttpd.la \ @LIBCURL@ mhds_session_info_test_SOURCES = \ - mhds_session_info_test.c \ - $(top_builddir)/src/testcurl/curl_version_check.c + mhds_session_info_test.c mhds_session_info_test_LDADD = \ + $(top_builddir)/src/testcurl/libcurl_version_check.a \ $(top_builddir)/src/daemon/libmicrohttpd.la \ @LIBCURL@ mhds_multi_daemon_test_SOURCES = \ - mhds_multi_daemon_test.c \ - $(top_builddir)/src/testcurl/curl_version_check.c + mhds_multi_daemon_test.c mhds_multi_daemon_test_LDADD = \ + $(top_builddir)/src/testcurl/libcurl_version_check.a \ $(top_builddir)/src/daemon/libmicrohttpd.la \ @LIBCURL@ diff --git a/src/testcurl/https/mhds_get_test.c b/src/testcurl/https/mhds_get_test.c @@ -24,20 +24,14 @@ * @author Sagie Amir */ -#include "config.h" -#include "plibc.h" -#include "microhttpsd.h" -#include <errno.h> +#include "platform.h" +#include "microhttpd.h" -#include <curl/curl.h> -#include <stdlib.h> -#include <string.h> -#include <time.h> -#include <sys/types.h> -#include <fcntl.h> -#include <unistd.h> #include <sys/stat.h> +#include "gnutls.h" +#include <curl/curl.h> + #define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>" #define MHD_E_MEM "Error: memory error\n" @@ -51,7 +45,7 @@ const char *test_file_name = "https_test_file"; const char test_file_data[] = "Hello World\n"; -extern int curl_check_version (const char *req_version, ...); +int curl_check_version (const char *req_version, ...); struct CBC { @@ -183,14 +177,14 @@ test_daemon_get (FILE * test_fd, char *cipher_suite, int proto_version) #endif curl_easy_setopt (c, CURLOPT_URL, url); curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); - curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L); - curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L); + curl_easy_setopt (c, CURLOPT_TIMEOUT, 2L); + curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 2L); curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); curl_easy_setopt (c, CURLOPT_FILE, &cbc); /* TLS options */ curl_easy_setopt (c, CURLOPT_SSLVERSION, proto_version); - //curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite); + curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite); /* currently skip any peer authentication */ curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0); @@ -308,7 +302,7 @@ test_cipher_option (FILE * test_fd, char *cipher_suite, int proto_version) { int ret; - int ciper[] = { GNUTLS_CIPHER_3DES_CBC, 0 }; + int ciper[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 }; struct MHD_Daemon *d; d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG, 42433, @@ -334,7 +328,8 @@ test_kx_option (FILE * test_fd, char *cipher_suite, int proto_version) { int ret; - int kx[] = { GNUTLS_KX_DHE_RSA, 0 }; + int ciper[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 }; + int kx[] = { MHD_GNUTLS_KX_DHE_RSA, 0 }; struct MHD_Daemon *d; d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | @@ -342,7 +337,8 @@ test_kx_option (FILE * test_fd, char *cipher_suite, int proto_version) NULL, NULL, &http_ahc, NULL, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, - MHD_OPTION_KX_PRIORITY, kx, MHD_OPTION_END); + MHD_OPTION_KX_PRIORITY, kx, + MHD_OPTION_CIPHER_ALGORITHM, ciper, MHD_OPTION_END); if (d == NULL) { @@ -361,7 +357,7 @@ test_mac_option (FILE * test_fd, char *cipher_suite, int proto_version) { int ret; - int mac[] = { GNUTLS_MAC_SHA1, 0 }; + int mac[] = { MHD_GNUTLS_MAC_SHA1, 0 }; struct MHD_Daemon *d; d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | @@ -418,7 +414,9 @@ main (int argc, char *const *argv) FILE *test_fd; unsigned int errorCount = 0; - if (curl_check_version (MHD_REQ_CURL_VERSION, MHD_REQ_CURL_SSL_VERSION)) + /* gnutls_global_set_log_level(11); */ + + if (curl_check_version (MHD_REQ_CURL_VERSION, MHD_REQ_CURL_OPENSSL_VERSION)) { return -1; } @@ -436,16 +434,16 @@ main (int argc, char *const *argv) } errorCount += - test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_SSLv3); + test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1); errorCount += test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_SSLv3); errorCount += test_file_certificates (test_fd, "AES256-SHA", CURL_SSLVERSION_SSLv3); /* TODO resolve cipher setting issue when compiling against GNU TLS */ errorCount += - test_cipher_option (test_fd, "DES-CBC3-SHA", CURL_SSLVERSION_SSLv3); - errorCount += - test_kx_option (test_fd, "EDH-RSA-DES-CBC3-SHA", CURL_SSLVERSION_SSLv3); + test_cipher_option (test_fd, "DES-CBC3-SHA", CURL_SSLVERSION_TLSv1); +/* errorCount += + test_kx_option (test_fd, "EDH-RSA-DES-CBC3-SHA", CURL_SSLVERSION_SSLv3); */ curl_global_cleanup (); diff --git a/src/testcurl/https/mhds_multi_daemon_test.c b/src/testcurl/https/mhds_multi_daemon_test.c @@ -24,18 +24,9 @@ * @author Sagie Amir */ -#include "config.h" -#include "plibc.h" -#include "microhttpsd.h" -#include <errno.h> - +#include "platform.h" +#include "microhttpd.h" #include <curl/curl.h> -#include <stdlib.h> -#include <string.h> -#include <time.h> -#include <sys/types.h> -#include <fcntl.h> -#include <unistd.h> #include <sys/stat.h> #define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>" @@ -302,7 +293,7 @@ main (int argc, char *const *argv) FILE *test_fd; unsigned int errorCount = 0; - if (curl_check_version (MHD_REQ_CURL_VERSION, MHD_REQ_CURL_SSL_VERSION)) + if (curl_check_version (MHD_REQ_CURL_VERSION, MHD_REQ_CURL_OPENSSL_VERSION)) { return -1; } diff --git a/src/testcurl/https/mhds_session_info_test.c b/src/testcurl/https/mhds_session_info_test.c @@ -24,17 +24,9 @@ * @author Sagie Amir */ -#include "config.h" -#include "plibc.h" -#include "microhttpsd.h" -#include <errno.h> - +#include "platform.h" +#include "microhttpd.h" #include <curl/curl.h> -#include <stdlib.h> -#include <string.h> -#include <time.h> -#include <fcntl.h> -#include <unistd.h> #define EMPTY_PAGE "<html><head><title>Empty page</title></head><body>Empty page</body></html>" @@ -77,56 +69,56 @@ query_session_ahc (void *cls, struct MHD_Connection *connection, int ret; /* assert actual connection cipher is the one negotiated */ - if (MHD_get_tls_session_info (connection, MHS_INFO_CIPHER_ALGO). - cipher_algorithm != GNUTLS_CIPHER_AES_256_CBC) + if (MHD_get_session_info (connection, MHS_INFO_CIPHER_ALGO). + cipher_algorithm != MHD_GNUTLS_CIPHER_AES_256_CBC) { fprintf (stderr, "Error: requested cipher mismatch. %s\n", strerror (errno)); return -1; } - if (MHD_get_tls_session_info (connection, MHD_INFO_KX_ALGO).kx_algorithm != - GNUTLS_KX_RSA) + if (MHD_get_session_info (connection, MHD_INFO_KX_ALGO).kx_algorithm != + MHD_GNUTLS_KX_RSA) { fprintf (stderr, "Error: requested key exchange mismatch. %s\n", strerror (errno)); return -1; } - if (MHD_get_tls_session_info (connection, MHD_INFO_MAC_ALGO). - mac_algorithm != GNUTLS_MAC_SHA1) + if (MHD_get_session_info (connection, MHD_INFO_MAC_ALGO). + mac_algorithm != MHD_GNUTLS_MAC_SHA1) { fprintf (stderr, "Error: requested mac algorithm mismatch. %s\n", strerror (errno)); return -1; } - if (MHD_get_tls_session_info (connection, MHD_INFO_COMPRESSION_METHOD). - compression_method != GNUTLS_COMP_NULL) + if (MHD_get_session_info (connection, MHD_INFO_COMPRESSION_METHOD). + compression_method != MHD_GNUTLS_COMP_NULL) { fprintf (stderr, "Error: requested compression mismatch. %s\n", strerror (errno)); return -1; } - if (MHD_get_tls_session_info (connection, MHD_INFO_PROTOCOL).protocol != - GNUTLS_SSL3) + if (MHD_get_session_info (connection, MHD_INFO_PROTOCOL).protocol != + MHD_GNUTLS_SSL3) { fprintf (stderr, "Error: requested compression mismatch. %s\n", strerror (errno)); return -1; } - if (MHD_get_tls_session_info (connection, MHD_INFO_CERT_TYPE). - certificate_type != GNUTLS_CRT_X509) + if (MHD_get_session_info (connection, MHD_INFO_CERT_TYPE). + certificate_type != MHD_GNUTLS_CRT_X509) { fprintf (stderr, "Error: requested certificate mismatch. %s\n", strerror (errno)); return -1; } - if (MHD_get_tls_session_info (connection, MHD_INFO_CREDENTIALS_TYPE). - credentials_type != GNUTLS_CRD_CERTIFICATE) + if (MHD_get_session_info (connection, MHD_INFO_CREDENTIALS_TYPE). + credentials_type != MHD_GNUTLS_CRD_CERTIFICATE) { fprintf (stderr, "Error: requested certificate mismatch. %s\n", strerror (errno)); @@ -215,7 +207,7 @@ main (int argc, char *const *argv) FILE *test_fd; unsigned int errorCount = 0; - if (curl_check_version (MHD_REQ_CURL_VERSION, MHD_REQ_CURL_SSL_VERSION)) + if (curl_check_version (MHD_REQ_CURL_VERSION, MHD_REQ_CURL_OPENSSL_VERSION)) { return -1; } diff --git a/src/testcurl/https/tls_alert_test.c b/src/testcurl/https/tls_alert_test.c @@ -24,30 +24,16 @@ * @author Sagie Amir */ -#include "config.h" -#include "plibc.h" -#include "microhttpsd.h" -#include <errno.h> - +#include "platform.h" +#include "microhttpd.h" #include <curl/curl.h> -#include <stdlib.h> -#include <string.h> -#include <time.h> -#include <sys/stat.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <fcntl.h> -#include <unistd.h> - - -#define MHD_E_MEM "Error: memory error\n" -#define MHD_E_SERVER_INIT "Error: failed to start server\n" - #include "gnutls_int.h" #include "gnutls_datum.h" #include "tls_test_keys.h" +#define MHD_E_MEM "Error: memory error\n" +#define MHD_E_SERVER_INIT "Error: failed to start server\n" + extern int curl_check_version (const char *req_version, ...); const char *ca_cert_file_name = "ca_cert_pem"; @@ -110,7 +96,7 @@ test_alert_response () // ... } - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred); sd = socket (AF_INET, SOCK_STREAM, 0); memset (&sa, '\0', sizeof (struct sockaddr_in)); @@ -161,7 +147,7 @@ main (int argc, char *const *argv) int ret, errorCount = 0;; struct MHD_Daemon *d; - if (curl_check_version (MHD_REQ_CURL_VERSION, MHD_REQ_CURL_SSL_VERSION)) + if (curl_check_version (MHD_REQ_CURL_VERSION, MHD_REQ_CURL_OPENSSL_VERSION)) { return -1; } @@ -182,7 +168,7 @@ main (int argc, char *const *argv) errorCount += test_alert_response (); if (errorCount != 0) - fprintf (stderr, "Error (code: %u)\n", errorCount); + fprintf (stderr, "Error (code: %d)\n", errorCount); MHD_stop_daemon (d); return errorCount != 0; diff --git a/src/testcurl/https/tls_authentication_test.c b/src/testcurl/https/tls_authentication_test.c @@ -24,18 +24,9 @@ * @author Sagie Amir */ -#include "config.h" -#include "plibc.h" -#include "microhttpsd.h" -#include <errno.h> - +#include "platform.h" +#include "microhttpd.h" #include <curl/curl.h> -#include <stdlib.h> -#include <string.h> -#include <time.h> -#include <sys/types.h> -#include <fcntl.h> -#include <unistd.h> #include <sys/stat.h> #define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>" @@ -234,7 +225,7 @@ test_secure_get (FILE * test_fd, char *cipher_suite, int proto_version) int ret; struct MHD_Daemon *d; - int kx[] = { GNUTLS_KX_DHE_RSA, 0 }; + int kx[] = { MHD_GNUTLS_KX_DHE_RSA, 0 }; d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG, 42433, @@ -317,10 +308,10 @@ main (int argc, char *const *argv) FILE *test_fd; unsigned int errorCount = 0; - if (curl_check_version (MHD_REQ_CURL_VERSION, MHD_REQ_CURL_SSL_VERSION)) - { - return -1; - } + if (curl_check_version (MHD_REQ_CURL_VERSION, MHD_REQ_CURL_OPENSSL_VERSION)) + { + return -1; + } if ((test_fd = setupTestFile ()) == NULL) {