commit 570589f3f14045a51dd3e30a6f140bd45a4d0e1d
parent 2d2199d702a434a3e58d672ad213586b5a856e7a
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 16 Nov 2008 08:46:25 +0000
more DCE
Diffstat:
29 files changed, 1 insertion(+), 3086 deletions(-)
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h
@@ -239,48 +239,15 @@ extern "C"
enum MHD_GNUTLS_CompressionMethod
MHD_gtls_compression_get (MHD_gtls_session_t session);
-// enum MHD_GNUTLS_CipherAlgorithm MHD_gnutls_cipher_get (MHD_gtls_session_t session);
-// enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gnutls_kx_get (MHD_gtls_session_t session);
-// enum MHD_GNUTLS_HashAlgorithm MHD_gnutls_mac_get (MHD_gtls_session_t session);
-// enum MHD_GNUTLS_CertificateType MHD_gnutls_certificate_type_get (MHD_gtls_session_t
-// session);
-
size_t MHD__gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm
algorithm);
- size_t MHD__gnutls_mac_get_key_size (enum MHD_GNUTLS_HashAlgorithm
- algorithm);
/* the name of the specified algorithms */
- const char *MHD__gnutls_cipher_get_name (enum MHD_GNUTLS_CipherAlgorithm
- algorithm);
- const char *MHD__gnutls_mac_get_name (enum MHD_GNUTLS_HashAlgorithm
- algorithm);
const char *MHD_gtls_compression_get_name (enum
MHD_GNUTLS_CompressionMethod
algorithm);
- const char *MHD__gnutls_kx_get_name (enum MHD_GNUTLS_KeyExchangeAlgorithm
- algorithm);
- const char *MHD__gnutls_certificate_type_get_name (enum
- MHD_GNUTLS_CertificateType
- type);
-
- enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name);
enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get_id (const char
*name);
- enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name);
- enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char *name);
- enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char *name);
- enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char
- *name);
-
- /* list supported algorithms */
- const enum MHD_GNUTLS_CipherAlgorithm *MHD_gtls_cipher_list (void);
- const enum MHD_GNUTLS_HashAlgorithm *MHD_gtls_mac_list (void);
- const enum MHD_GNUTLS_CompressionMethod *MHD_gtls_compression_list (void);
- const enum MHD_GNUTLS_Protocol *MHD_gtls_protocol_list (void);
- const enum MHD_GNUTLS_CertificateType
- *MHD_gtls_certificate_type_list (void);
- const enum MHD_GNUTLS_KeyExchangeAlgorithm *MHD_gtls_kx_list (void);
/* error functions */
int MHD_gtls_error_is_fatal (int error);
@@ -288,8 +255,6 @@ extern "C"
void MHD_gtls_perror (int error);
const char *MHD_gtls_strerror (int error);
- void MHD_gtls_handshake_set_private_extensions (MHD_gtls_session_t session,
- int allow);
/*
* Record layer functions.
*/
@@ -299,25 +264,7 @@ extern "C"
size_t sizeofdata);
/* provides extra compatibility */
- void MHD_gtls_record_disable_padding (MHD_gtls_session_t session);
- size_t MHD_gtls_record_check_pending (MHD_gtls_session_t session);
-
int MHD__gnutls_record_get_direction (MHD_gtls_session_t session);
- size_t MHD__gnutls_record_get_max_size (MHD_gtls_session_t session);
- ssize_t MHD__gnutls_record_set_max_size (MHD_gtls_session_t session,
- size_t size);
-
-
- int MHD__gnutls_prf (MHD_gtls_session_t session,
- size_t label_size, const char *label,
- int server_random_first,
- size_t extra_size, const char *extra,
- size_t outsize, char *out);
-
- int MHD__gnutls_prf_raw (MHD_gtls_session_t session,
- size_t label_size, const char *label,
- size_t seed_size, const char *seed,
- size_t outsize, char *out);
/*
* TLS Extensions
@@ -327,22 +274,10 @@ extern "C"
GNUTLS_NAME_DNS = 1
} MHD_gnutls_server_name_type_t;
- int MHD__gnutls_server_name_set (MHD_gtls_session_t session,
- MHD_gnutls_server_name_type_t type,
- const void *name, size_t name_length);
-
- int MHD__gnutls_server_name_get (MHD_gtls_session_t session,
- void *data, size_t * data_length,
- unsigned int *type, unsigned int indx);
-
/* Opaque PRF Input
* http://tools.ietf.org/id/draft-rescorla-tls-opaque-prf-input-00.txt
*/
- void
- MHD_gtls_oprfi_enable_client (MHD_gtls_session_t session,
- size_t len, unsigned char *data);
-
typedef int (*MHD_gnutls_oprfi_callback_func) (MHD_gtls_session_t session,
void *userdata,
size_t oprfi_len,
@@ -350,32 +285,12 @@ extern "C"
*in_oprfi,
unsigned char *out_oprfi);
- void
- MHD_gtls_oprfi_enable_server (MHD_gtls_session_t session,
- MHD_gnutls_oprfi_callback_func cb,
- void *userdata);
-
/* Supplemental data, RFC 4680. */
typedef enum
{
GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
} MHD_gnutls_supplemental_data_format_type_t;
- const char *MHD_gtls_supplemental_get_name
- (MHD_gnutls_supplemental_data_format_type_t type);
-
- int MHD__gnutls_cipher_set_priority (MHD_gtls_session_t session,
- const int *list);
- int MHD__gnutls_mac_set_priority (MHD_gtls_session_t session,
- const int *list);
- int MHD__gnutls_compression_set_priority (MHD_gtls_session_t session,
- const int *list);
- int MHD__gnutls_kx_set_priority (MHD_gtls_session_t session,
- const int *list);
- int MHD__gnutls_protocol_set_priority (MHD_gtls_session_t session,
- const int *list);
- int MHD__gnutls_certificate_type_set_priority (MHD_gtls_session_t session,
- const int *list);
int MHD_tls_set_default_priority (MHD_gnutls_priority_t *,
const char *priority,
@@ -392,38 +307,8 @@ extern "C"
enum MHD_GNUTLS_Protocol
MHD__gnutls_protocol_get_version (MHD_gtls_session_t session);
- const char *MHD__gnutls_protocol_get_name (enum MHD_GNUTLS_Protocol
- version);
-
-/*
- * get/set session
- */
-// int MHD_gnutls_session_set_data (MHD_gtls_session_t session,
-// const void *session_data,
-// size_t session_data_size);
-// int MHD_gnutls_session_get_data (MHD_gtls_session_t session, void *session_data,
-// size_t * session_data_size);
-// int MHD_gnutls_session_get_data2 (MHD_gtls_session_t session,
-// MHD_gnutls_datum_t * data);
-
- int MHD_gtls_session_get_id (MHD_gtls_session_t session, void *session_id,
- size_t * session_id_size);
-
-/* returns security values.
- * Do not use them unless you know what you're doing.
- */
- const void *MHD_gtls_session_get_server_random (MHD_gtls_session_t session);
- const void *MHD_gtls_session_get_client_random (MHD_gtls_session_t session);
- const void *MHD_gtls_session_get_master_secret (MHD_gtls_session_t session);
-
- int MHD_gtls_session_is_resumed (MHD_gtls_session_t session);
-
typedef
int (*MHD_gnutls_handshake_post_client_hello_func) (MHD_gtls_session_t);
- void
- MHD__gnutls_handshake_set_post_client_hello_function (MHD_gtls_session_t,
- MHD_gnutls_handshake_post_client_hello_func);
-
void MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t
session, size_t max);
@@ -490,17 +375,6 @@ extern "C"
struct MHD_gnutls_x509_crt_int;
typedef struct MHD_gnutls_x509_crt_int *MHD_gnutls_x509_crt_t;
-// int MHD_gnutls_certificate_set_x509_key (MHD_gtls_cert_credentials_t res,
-// MHD_gnutls_x509_crt_t * cert_list,
-// int cert_list_size,
-// MHD_gnutls_x509_privkey_t key);
-// int MHD_gnutls_certificate_set_x509_trust (MHD_gtls_cert_credentials_t res,
-// MHD_gnutls_x509_crt_t * ca_list,
-// int ca_list_size);
-// int MHD_gnutls_certificate_set_x509_crl (MHD_gtls_cert_credentials_t res,
-// MHD_gnutls_x509_crl_t * crl_list,
-// int crl_list_size);
-
/* global state functions
*/
@@ -518,8 +392,6 @@ extern "C"
extern MHD_gnutls_calloc_function MHD_gnutls_calloc;
extern MHD_gnutls_free_function MHD_gnutls_free;
- extern char *(*MHD_gnutls_strdup) (const char *);
-
typedef void (*MHD_gnutls_log_func) (int, const char *);
void MHD_gtls_global_set_log_function (MHD_gnutls_log_func log_func);
void MHD_gtls_global_set_log_level (int level);
@@ -549,10 +421,6 @@ extern "C"
const void *, size_t);
void MHD__gnutls_transport_set_ptr (MHD_gtls_session_t session,
MHD_gnutls_transport_ptr_t ptr);
- void MHD__gnutls_transport_set_ptr2 (MHD_gtls_session_t session,
- MHD_gnutls_transport_ptr_t recv_ptr,
- MHD_gnutls_transport_ptr_t send_ptr);
-
void MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num);
@@ -561,15 +429,6 @@ extern "C"
void MHD__gnutls_transport_set_pull_function (MHD_gtls_session_t session,
MHD_gtls_pull_func pull_func);
- void MHD__gnutls_transport_set_errno (MHD_gtls_session_t session, int err);
- void MHD__gnutls_transport_set_global_errno (int err);
-
-/*
- * session specific
- */
- void MHD__gnutls_session_set_ptr (MHD_gtls_session_t session, void *ptr);
- void *MHD_gtls_session_get_ptr (MHD_gtls_session_t session);
-
typedef enum MHD_gnutls_x509_subject_alt_name_t
{
GNUTLS_SAN_DNSNAME = 1,
@@ -620,11 +479,6 @@ extern "C"
*/
enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_get_type (MHD_gtls_session_t
session);
- enum MHD_GNUTLS_CredentialsType
- MHD_gtls_auth_server_get_type (MHD_gtls_session_t session);
- enum MHD_GNUTLS_CredentialsType
- MHD_gtls_auth_client_get_type (MHD_gtls_session_t session);
-
/*
* DH
*/
@@ -640,25 +494,6 @@ extern "C"
const MHD_gnutls_datum_t * hash,
MHD_gnutls_datum_t * signature);
- void MHD_gtls_sign_callback_set (MHD_gtls_session_t session,
- MHD_gnutls_sign_func sign_func,
- void *userdata);
- MHD_gnutls_sign_func MHD_gtls_sign_callback_get (MHD_gtls_session_t session,
- void **userdata);
-
- /* These are set on the credentials structure.
- */
- void MHD_gtls_certificate_client_set_retrieve_function
- (MHD_gtls_cert_credentials_t cred,
- MHD_gnutls_certificate_client_retrieve_function * func);
- void MHD_gtls_certificate_server_set_retrieve_function
- (MHD_gtls_cert_credentials_t cred,
- MHD_gnutls_certificate_server_retrieve_function * func);
-
- void MHD_gtls_certificate_server_set_request (MHD_gtls_session_t session,
- MHD_gnutls_certificate_request_t
- req);
-
int MHD_gtls_pem_base64_encode (const char *msg,
const MHD_gnutls_datum_t * data,
char *result, size_t * result_size);
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am
@@ -54,8 +54,6 @@ gnutls_pk.c \
gnutls_priority.c \
gnutls_record.c \
gnutls_rsa_export.c \
-gnutls_session.c \
-gnutls_session_pack.c \
gnutls_sig.c \
gnutls_state.c \
gnutls_str.c \
@@ -97,7 +95,6 @@ gnutls_num.h \
gnutls_pk.h \
gnutls_record.h \
gnutls_rsa_export.h \
-gnutls_session_pack.h \
gnutls_sig.h \
gnutls_state.h \
gnutls_str.h \
diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c
@@ -639,7 +639,7 @@ MHD_gtls_gen_cert_server_certificate (MHD_gtls_session_t session,
*/
#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) MHD_gtls_gcert_deinit(&peer_certificate_list[x])
-int
+static int
MHD_gtls_proc_x509_server_certificate (MHD_gtls_session_t session,
opaque * data, size_t data_size)
{
diff --git a/src/daemon/https/tls/debug.c b/src/daemon/https/tls/debug.c
@@ -94,14 +94,3 @@ MHD__gnutls_handshake2str (MHD_gnutls_handshake_description_t handshake)
}
}
-void
-MHD__gnutls_dump_mpi (const char *prefix, mpi_t a)
-{
- opaque buf[1024];
- size_t n = sizeof buf;
-
- if (gcry_mpi_print (GCRYMPI_FMT_HEX, buf, n, &n, a))
- strcpy ((char *) buf, "[can't print value]"); /* Flawfinder: ignore */
- MHD__gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (n - 1) / 2, prefix,
- buf);
-}
diff --git a/src/daemon/https/tls/debug.h b/src/daemon/https/tls/debug.h
@@ -25,4 +25,3 @@
const char *MHD__gnutls_packet2str (content_type_t packet);
const char *MHD__gnutls_handshake2str (MHD_gnutls_handshake_description_t
handshake);
-void MHD__gnutls_dump_mpi (const char *prefix, mpi_t a);
diff --git a/src/daemon/https/tls/ext_oprfi.c b/src/daemon/https/tls/ext_oprfi.c
@@ -215,52 +215,3 @@ MHD_gtls_oprfi_send_params (MHD_gtls_session_t session,
return oprfi_send_server (session, data, data_size);
}
-/**
- * MHD_gtls_oprfi_enable_client:
- * @session: is a #MHD_gtls_session_t structure.
- * @len: length of Opaque PRF data to use in client.
- * @data: Opaque PRF data to use in client.
- *
- * Request that the client should attempt to negotiate the Opaque PRF
- * Input TLS extension, using the given data as the client's Opaque
- * PRF input.
- *
- * The data is copied into the session context after this call, so you
- * may de-allocate it immediately after calling this function.
- **/
-void
-MHD_gtls_oprfi_enable_client (MHD_gtls_session_t session,
- size_t len, unsigned char *data)
-{
- session->security_parameters.extensions.oprfi_client_len = len;
- session->security_parameters.extensions.oprfi_client = data;
-}
-
-/**
- * MHD_gtls_oprfi_enable_server:
- * @session: is a #MHD_gtls_session_t structure.
- * @cb: function pointer to Opaque PRF extension server callback.
- * @userdata: hook passed to callback function for passing application state.
- *
- * Request that the server should attempt to accept the Opaque PRF
- * Input TLS extension. If the client requests the extension, the
- * provided callback @cb will be invoked. The callback must have the
- * following prototype:
- *
- * int callback (MHD_gtls_session_t session, void *userdata,
- * size_t oprfi_len, const unsigned char *in_oprfi,
- * unsigned char *out_oprfi);
- *
- * The callback can inspect the client-provided data in the input
- * parameters, and specify its own opaque prf input data in the output
- * variable. The function must return 0 on success, otherwise the
- * handshake will be aborted.
- **/
-void
-MHD_gtls_oprfi_enable_server (MHD_gtls_session_t session,
- MHD_gnutls_oprfi_callback_func cb,
- void *userdata)
-{
- session->security_parameters.extensions.oprfi_cb = cb;
- session->security_parameters.extensions.oprfi_userdata = userdata;
-}
diff --git a/src/daemon/https/tls/ext_server_name.c b/src/daemon/https/tls/ext_server_name.c
@@ -209,122 +209,3 @@ MHD_gtls_server_name_send_params (MHD_gtls_session_t session,
return total_size;
}
-/**
- * MHD__gnutls_server_name_get - Used to get the server name indicator send by a client
- * @session: is a #MHD_gtls_session_t structure.
- * @data: will hold the data
- * @data_length: will hold the data length. Must hold the maximum size of data.
- * @type: will hold the server name indicator type
- * @indx: is the index of the server_name
- *
- * This function will allow you to get the name indication (if any),
- * a client has sent. The name indication may be any of the enumeration
- * MHD_gnutls_server_name_type_t.
- *
- * If @type is GNUTLS_NAME_DNS, then this function is to be used by servers
- * that support virtual hosting, and the data will be a null terminated UTF-8 string.
- *
- * If @data has not enough size to hold the server name GNUTLS_E_SHORT_MEMORY_BUFFER
- * is returned, and @data_length will hold the required size.
- *
- * @index is used to retrieve more than one server names (if sent by the client).
- * The first server name has an index of 0, the second 1 and so on. If no name with the given
- * index exists GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
- *
- **/
-int
-MHD__gnutls_server_name_get (MHD_gtls_session_t session, void *data,
- size_t * data_length,
- unsigned int *type, unsigned int indx)
-{
- char *_data = data;
-#if MHD_DEBUG_TLS
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-#endif
- if (indx + 1 > session->security_parameters.extensions.server_names_size)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- *type = session->security_parameters.extensions.server_names[indx].type;
-
- if (*data_length > /* greater since we need one extra byte for the null */
- session->security_parameters.extensions.server_names[indx].name_length)
- {
- *data_length =
- session->security_parameters.extensions.
- server_names[indx].name_length;
- memcpy (data,
- session->security_parameters.extensions.server_names[indx].name,
- *data_length);
-
- if (*type == GNUTLS_NAME_DNS) /* null terminate */
- _data[(*data_length)] = 0;
-
- }
- else
- {
- *data_length =
- session->security_parameters.extensions.
- server_names[indx].name_length;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- return 0;
-}
-
-/**
- * MHD__gnutls_server_name_set - Used to set a name indicator to be sent as an extension
- * @session: is a #MHD_gtls_session_t structure.
- * @type: specifies the indicator type
- * @name: is a string that contains the server name.
- * @name_length: holds the length of name
- *
- * This function is to be used by clients that want to inform
- * (via a TLS extension mechanism) the server of the name they
- * connected to. This should be used by clients that connect
- * to servers that do virtual hosting.
- *
- * The value of @name depends on the @ind type. In case of GNUTLS_NAME_DNS,
- * an ASCII or UTF-8 null terminated string, without the trailing dot, is expected.
- * IPv4 or IPv6 addresses are not permitted.
- *
- **/
-int
-MHD__gnutls_server_name_set (MHD_gtls_session_t session,
- MHD_gnutls_server_name_type_t type,
- const void *name, size_t name_length)
-{
- int server_names;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (name_length > MAX_SERVER_NAME_SIZE)
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
-
- server_names =
- session->security_parameters.extensions.server_names_size + 1;
-
- if (server_names > MAX_SERVER_NAME_EXTENSIONS)
- server_names = MAX_SERVER_NAME_EXTENSIONS;
-
- session->security_parameters.extensions.server_names[server_names -
- 1].type = type;
- memcpy (session->security_parameters.
- extensions.server_names[server_names - 1].name, name, name_length);
- session->security_parameters.extensions.server_names[server_names -
- 1].name_length =
- name_length;
-
- session->security_parameters.extensions.server_names_size++;
-
- return 0;
-}
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c
@@ -54,15 +54,6 @@ static const MHD_gnutls_cred_map MHD_gtls_cred_mappings[] = {
{MHD_GNUTLS_KX_DHE_RSA,
MHD_GNUTLS_CRD_CERTIFICATE,
MHD_GNUTLS_CRD_CERTIFICATE},
- {MHD_GNUTLS_KX_SRP,
- MHD_GNUTLS_CRD_SRP,
- MHD_GNUTLS_CRD_SRP},
- {MHD_GNUTLS_KX_SRP_RSA,
- MHD_GNUTLS_CRD_SRP,
- MHD_GNUTLS_CRD_CERTIFICATE},
- {MHD_GNUTLS_KX_SRP_DSS,
- MHD_GNUTLS_CRD_SRP,
- MHD_GNUTLS_CRD_CERTIFICATE},
{0,
0,
0}
@@ -423,17 +414,6 @@ static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = {
&MHD_gtls_dhe_dss_auth_struct,
1,
0},
-
-#ifdef ENABLE_SRP
- {"SRP-DSS", MHD_GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0, 0},
- {"SRP-RSA", MHD_GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0, 0},
- {"SRP", MHD_GNUTLS_KX_SRP, &srp_auth_struct, 0, 0},
-#endif
-#ifdef ENABLE_PSK
- {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0, 0},
- {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
- 1 /* needs DHE params */ , 0},
-#endif
{0,
0,
0,
@@ -448,15 +428,6 @@ static const enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_supported_kxs[] =
MHD_GNUTLS_KX_RSA_EXPORT,
MHD_GNUTLS_KX_DHE_RSA,
MHD_GNUTLS_KX_DHE_DSS,
-#ifdef ENABLE_SRP
- MHD_GNUTLS_KX_SRP_DSS,
- MHD_GNUTLS_KX_SRP_RSA,
- MHD_GNUTLS_KX_SRP,
-#endif
-#ifdef ENABLE_PSK
- GNUTLS_KX_PSK,
- GNUTLS_KX_DHE_PSK,
-#endif
0
};
@@ -728,105 +699,6 @@ MHD_gtls_mac_priority (MHD_gtls_session_t session,
return -1;
}
-/**
- * MHD__gnutls_mac_get_name - Returns a string with the name of the specified mac algorithm
- * @algorithm: is a MAC algorithm
- *
- * Returns: a string that contains the name of the specified MAC
- * algorithm, or %NULL.
- **/
-const char *
-MHD__gnutls_mac_get_name (enum MHD_GNUTLS_HashAlgorithm algorithm)
-{
- const char *ret = NULL;
-
- /* avoid prefix */
- GNUTLS_HASH_ALG_LOOP (ret = p->name);
-
- return ret;
-}
-
-/**
- * MHD_gtls_mac_get_id - Returns the gnutls id of the specified in string algorithm
- * @algorithm: is a MAC algorithm name
- *
- * Returns: an %enum MHD_GNUTLS_HashAlgorithmid of the specified in a string
- * MAC algorithm, or %GNUTLS_MAC_UNKNOWN on failures. The names are
- * compared in a case insensitive way.
- **/
-enum MHD_GNUTLS_HashAlgorithm
-MHD_gtls_mac_get_id (const char *name)
-{
- enum MHD_GNUTLS_HashAlgorithm ret = MHD_GNUTLS_MAC_UNKNOWN;
-
- GNUTLS_HASH_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id)
- ;
-
- return ret;
-}
-
-/**
- * MHD__gnutls_mac_get_key_size - Returns the length of the MAC's key size
- * @algorithm: is an encryption algorithm
- *
- * Returns: length (in bytes) of the given MAC key size, or 0 if the
- * given MAC algorithm is invalid.
- *
- **/
-size_t
-MHD__gnutls_mac_get_key_size (enum MHD_GNUTLS_HashAlgorithm algorithm)
-{
- size_t ret = 0;
-
- /* avoid prefix */
- GNUTLS_HASH_ALG_LOOP (ret = p->key_size);
-
- return ret;
-}
-
-/**
- * MHD_gtls_mac_list:
- *
- * Get a list of hash algorithms for use as MACs. Note that not
- * necessarily all MACs are supported in TLS cipher suites. For
- * example, MD2 is not supported as a cipher suite, but is supported
- * for other purposes (e.g., X.509 signature verification or similar).
- *
- * Returns: Return a zero-terminated list of %enum MHD_GNUTLS_HashAlgorithm
- * integers indicating the available MACs.
- **/
-const enum MHD_GNUTLS_HashAlgorithm *
-MHD_gtls_mac_list (void)
-{
- return MHD_gtls_supported_macs;
-}
-
-const char *
-MHD_gtls_x509_mac_to_oid (enum MHD_GNUTLS_HashAlgorithm algorithm)
-{
- const char *ret = NULL;
-
- /* avoid prefix */
- GNUTLS_HASH_ALG_LOOP (ret = p->oid);
-
- return ret;
-}
-
-enum MHD_GNUTLS_HashAlgorithm
-MHD_gtls_x509_oid2mac_algorithm (const char *oid)
-{
- enum MHD_GNUTLS_HashAlgorithm ret = 0;
-
- GNUTLS_HASH_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
- {
- ret = p->id; break;}
- )
- ;
-
- if (ret == 0)
- return MHD_GNUTLS_MAC_UNKNOWN;
- return ret;
-}
int
MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm)
@@ -840,20 +712,6 @@ MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm)
return ret;
}
-/* Compression Functions */
-int
-MHD_gtls_compression_priority (MHD_gtls_session_t session,
- enum MHD_GNUTLS_CompressionMethod algorithm)
-{ /* actually returns the priority */
- unsigned int i;
- for (i = 0; i < session->internals.priorities.compression.num_algorithms;
- i++)
- {
- if (session->internals.priorities.compression.priority[i] == algorithm)
- return i;
- }
- return -1;
-}
/**
* MHD__gnutls_compression_get_name - Returns a string with the name of the specified compression algorithm
@@ -897,21 +755,6 @@ MHD_gtls_compression_get_id (const char *name)
return ret;
}
-/**
- * MHD_gtls_compression_list:
- *
- * Get a list of compression methods. Note that to be able to use LZO
- * compression, you must link to libgnutls-extra and call
- * MHD_gnutls_global_init_extra().
- *
- * Returns: a zero-terminated list of %enum MHD_GNUTLS_CompressionMethod
- * integers indicating the available compression methods.
- **/
-const enum MHD_GNUTLS_CompressionMethod *
-MHD_gtls_compression_list (void)
-{
- return MHD_gtls_supported_compressions;
-}
/* return the tls number of the specified algorithm */
int
@@ -1048,62 +891,6 @@ MHD_gtls_cipher_get_export_flag (enum MHD_GNUTLS_CipherAlgorithm algorithm)
}
-/**
- * MHD__gnutls_cipher_get_name - Returns a string with the name of the specified cipher algorithm
- * @algorithm: is an encryption algorithm
- *
- * Returns: a pointer to a string that contains the name of the
- * specified cipher, or %NULL.
- **/
-const char *
-MHD__gnutls_cipher_get_name (enum MHD_GNUTLS_CipherAlgorithm algorithm)
-{
- const char *ret = NULL;
-
- /* avoid prefix */
- GNUTLS_ALG_LOOP (ret = p->name);
-
- return ret;
-}
-
-/**
- * MHD_gtls_cipher_get_id - Returns the gnutls id of the specified in string algorithm
- * @algorithm: is a MAC algorithm name
- *
- * The names are compared in a case insensitive way.
- *
- * Returns: an id of the specified cipher, or %GNUTLS_CIPHER_UNKNOWN
- * on error.
- *
- **/
-enum MHD_GNUTLS_CipherAlgorithm
-MHD_gtls_cipher_get_id (const char *name)
-{
- enum MHD_GNUTLS_CipherAlgorithm ret = MHD_GNUTLS_CIPHER_UNKNOWN;
-
- GNUTLS_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id)
- ;
-
- return ret;
-}
-
-/**
- * MHD_gtls_cipher_list:
- *
- * Get a list of supported cipher algorithms. Note that not
- * necessarily all ciphers are supported as TLS cipher suites. For
- * example, DES is not supported as a cipher suite, but is supported
- * for other purposes (e.g., PKCS#8 or similar).
- *
- * Returns: a zero-terminated list of %enum MHD_GNUTLS_CipherAlgorithm
- * integers indicating the available ciphers.
- *
- **/
-const enum MHD_GNUTLS_CipherAlgorithm *
-MHD_gtls_cipher_list (void)
-{
- return MHD_gtls_supported_ciphers;
-}
int
MHD_gtls_cipher_is_ok (enum MHD_GNUTLS_CipherAlgorithm algorithm)
@@ -1140,57 +927,6 @@ MHD_gtls_kx_priority (MHD_gtls_session_t session,
return -1;
}
-/**
- * MHD__gnutls_kx_get_name - Returns a string with the name of the specified key exchange algorithm
- * @algorithm: is a key exchange algorithm
- *
- * Returns: a pointer to a string that contains the name of the
- * specified key exchange algorithm, or %NULL.
- **/
-const char *
-MHD__gnutls_kx_get_name (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm)
-{
- const char *ret = NULL;
-
- /* avoid prefix */
- GNUTLS_KX_ALG_LOOP (ret = p->name);
-
- return ret;
-}
-
-/**
- * MHD_gtls_kx_get_id - Returns the gnutls id of the specified in string algorithm
- * @algorithm: is a KX name
- *
- * The names are compared in a case insensitive way.
- *
- * Returns: an id of the specified KX algorithm, or
- * %GNUTLS_KX_UNKNOWN on error.
- **/
-enum MHD_GNUTLS_KeyExchangeAlgorithm
-MHD_gtls_kx_get_id (const char *name)
-{
- enum MHD_GNUTLS_CipherAlgorithm ret = MHD_GNUTLS_KX_UNKNOWN;
-
- GNUTLS_KX_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->algorithm)
- ;
-
- return ret;
-}
-
-/**
- * MHD_gtls_kx_list:
- *
- * Get a list of supported key exchange algorithms.
- *
- * Returns: a zero-terminated list of %enum MHD_GNUTLS_KeyExchangeAlgorithm integers
- * indicating the available key exchange algorithms.
- **/
-const enum MHD_GNUTLS_KeyExchangeAlgorithm *
-MHD_gtls_kx_list (void)
-{
- return MHD_gtls_supported_kxs;
-}
int
MHD_gtls_kx_is_ok (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm)
@@ -1241,28 +977,6 @@ MHD_gtls_version_priority (MHD_gtls_session_t session,
return -1;
}
-enum MHD_GNUTLS_Protocol
-MHD_gtls_version_lowest (MHD_gtls_session_t session)
-{ /* returns the lowest version supported */
- unsigned int i, min = 0xff;
-
- if (session->internals.priorities.protocol.priority == NULL)
- {
- return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN;
- }
- else
- for (i = 0; i < session->internals.priorities.protocol.num_algorithms;
- i++)
- {
- if (session->internals.priorities.protocol.priority[i] < min)
- min = session->internals.priorities.protocol.priority[i];
- }
-
- if (min == 0xff)
- return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; /* unknown version */
-
- return min;
-}
enum MHD_GNUTLS_Protocol
MHD_gtls_version_max (MHD_gtls_session_t session)
@@ -1287,58 +1001,6 @@ MHD_gtls_version_max (MHD_gtls_session_t session)
return max;
}
-/**
- * MHD__gnutls_protocol_get_name - Returns a string with the name of the specified SSL/TLS version
- * @version: is a (gnutls) version number
- *
- * Returns: a string that contains the name of the specified TLS
- * version (e.g., "TLS 1.0"), or %NULL.
- **/
-const char *
-MHD__gnutls_protocol_get_name (enum MHD_GNUTLS_Protocol version)
-{
- const char *ret = NULL;
-
- /* avoid prefix */
- GNUTLS_VERSION_ALG_LOOP (ret = p->name);
- return ret;
-}
-
-/**
- * MHD_gtls_protocol_get_id - Returns the gnutls id of the specified in string protocol
- * @algorithm: is a protocol name
- *
- * The names are compared in a case insensitive way.
- *
- * Returns: an id of the specified protocol, or
- * %GNUTLS_VERSION_UNKNOWN on error.
- **/
-enum MHD_GNUTLS_Protocol
-MHD_gtls_protocol_get_id (const char *name)
-{
- enum MHD_GNUTLS_Protocol ret = MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN;
-
- GNUTLS_VERSION_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id)
- ;
-
- return ret;
-}
-
-/**
- * MHD_gtls_protocol_list:
- *
- * Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc.
- *
- * Returns: a zero-terminated list of %enum MHD_GNUTLS_Protocol integers
- * indicating the available protocols.
- *
- **/
-const enum MHD_GNUTLS_Protocol *
-MHD_gtls_protocol_list (void)
-{
- return MHD_gtls_supported_protocols;
-}
-
int
MHD_gtls_version_get_minor (enum MHD_GNUTLS_Protocol version)
{
@@ -1386,23 +1048,6 @@ MHD_gtls_version_is_supported (MHD_gtls_session_t session,
return 1;
}
-/* Type to KX mappings */
-enum MHD_GNUTLS_KeyExchangeAlgorithm
-MHD_gtls_map_kx_get_kx (enum MHD_GNUTLS_CredentialsType type, int server)
-{
- enum MHD_GNUTLS_KeyExchangeAlgorithm ret = -1;
-
- if (server)
- {
- GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
- }
- else
- {
- GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
- }
- return ret;
-}
-
enum MHD_GNUTLS_CredentialsType
MHD_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm,
int server)
@@ -1807,62 +1452,12 @@ MHD_gtls_supported_compression_methods (MHD_gtls_session_t session,
return j;
}
-/**
- * MHD__gnutls_certificate_type_get_name - Returns a string with the name of the specified certificate type
- * @type: is a certificate type
- *
- * Returns: a string (or %NULL) that contains the name of the
- * specified certificate type.
- **/
-const char *
-MHD__gnutls_certificate_type_get_name (enum MHD_GNUTLS_CertificateType type)
-{
- const char *ret = NULL;
-
- if (type == MHD_GNUTLS_CRT_X509)
- ret = "X.509";
- return ret;
-}
-
-/**
- * MHD_gtls_certificate_type_get_id - Returns the gnutls id of the specified in string type
- * @name: is a certificate type name
- *
- * The names are compared in a case insensitive way.
- *
- * Returns: an id of the specified in a string certificate type, or
- * %GNUTLS_CRT_UNKNOWN on error.
- **/
-enum MHD_GNUTLS_CertificateType
-MHD_gtls_certificate_type_get_id (const char *name)
-{
- enum MHD_GNUTLS_CertificateType ret = MHD_GNUTLS_CRT_UNKNOWN;
-
- if (strcasecmp (name, "X.509") == 0 || strcasecmp (name, "X509") == 0)
- return MHD_GNUTLS_CRT_X509;
- return ret;
-}
-
static const enum MHD_GNUTLS_CertificateType
MHD_gtls_supported_certificate_types[] =
{ MHD_GNUTLS_CRT_X509,
0
};
-/**
- * MHD_gtls_certificate_type_list:
- *
- * Get a list of certificate types.
- *
- * Returns: a zero-terminated list of %enum MHD_GNUTLS_CertificateType
- * integers indicating the available certificate types.
- *
- **/
-const enum MHD_GNUTLS_CertificateType *
-MHD_gtls_certificate_type_list (void)
-{
- return MHD_gtls_supported_certificate_types;
-}
/* returns the enum MHD_GNUTLS_PublicKeyAlgorithm which is compatible with
* the given enum MHD_GNUTLS_KeyExchangeAlgorithm.
@@ -1942,55 +1537,6 @@ static const MHD_gnutls_sign_entry MHD_gtls_sign_algorithms[] = {
#define GNUTLS_SIGN_ALG_LOOP(a) \
GNUTLS_SIGN_LOOP( if(p->id && p->id == sign) { a; break; } )
-MHD_gnutls_sign_algorithm_t
-MHD_gtls_x509_oid2sign_algorithm (const char *oid)
-{
- MHD_gnutls_sign_algorithm_t ret = 0;
-
- GNUTLS_SIGN_LOOP (if (strcmp (oid, p->oid) == 0)
- {
- ret = p->id; break;}
- );
-
- if (ret == 0)
- {
- MHD__gnutls_x509_log ("Unknown SIGN OID: '%s'\n", oid);
- return GNUTLS_SIGN_UNKNOWN;
- }
- return ret;
-}
-
-MHD_gnutls_sign_algorithm_t
-MHD_gtls_x509_pk_to_sign (enum MHD_GNUTLS_PublicKeyAlgorithm pk,
- enum MHD_GNUTLS_HashAlgorithm mac)
-{
- MHD_gnutls_sign_algorithm_t ret = 0;
-
- GNUTLS_SIGN_LOOP (if (pk == p->pk && mac == p->mac)
- {
- ret = p->id; break;}
- );
-
- if (ret == 0)
- return GNUTLS_SIGN_UNKNOWN;
- return ret;
-}
-
-const char *
-MHD_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk,
- enum MHD_GNUTLS_HashAlgorithm mac)
-{
- MHD_gnutls_sign_algorithm_t sign;
- const char *ret = NULL;
-
- sign = MHD_gtls_x509_pk_to_sign (pk, mac);
- if (sign == GNUTLS_SIGN_UNKNOWN)
- return NULL;
-
- GNUTLS_SIGN_ALG_LOOP (ret = p->oid);
- return ret;
-}
-
/* pk algorithms;
*/
struct MHD_gnutls_pk_entry
@@ -2032,18 +1578,3 @@ MHD_gtls_x509_oid2pk_algorithm (const char *oid)
return ret;
}
-const char *
-MHD_gtls_x509_pk_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm algorithm)
-{
- const char *ret = NULL;
- const MHD_gnutls_pk_entry *p;
-
- for (p = MHD_gtls_pk_algorithms; p->name != NULL; p++)
- if (p->id == algorithm)
- {
- ret = p->oid;
- break;
- }
-
- return ret;
-}
diff --git a/src/daemon/https/tls/gnutls_algorithms.h b/src/daemon/https/tls/gnutls_algorithms.h
@@ -28,7 +28,6 @@
#include "gnutls_auth.h"
/* Functions for version handling. */
-enum MHD_GNUTLS_Protocol MHD_gtls_version_lowest (MHD_gtls_session_t session);
enum MHD_GNUTLS_Protocol MHD_gtls_version_max (MHD_gtls_session_t session);
int MHD_gtls_version_priority (MHD_gtls_session_t session,
enum MHD_GNUTLS_Protocol version);
@@ -40,10 +39,6 @@ enum MHD_GNUTLS_Protocol MHD_gtls_version_get (int major, int minor);
/* Functions for MACs. */
int MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm);
-enum MHD_GNUTLS_HashAlgorithm MHD_gtls_x509_oid2mac_algorithm (const char
- *oid);
-const char *MHD_gtls_x509_mac_to_oid (enum MHD_GNUTLS_HashAlgorithm mac);
-
/* Functions for cipher suites. */
int MHD_gtls_supported_ciphersuites (MHD_gtls_session_t session,
cipher_suite_st ** ciphers);
@@ -103,10 +98,6 @@ int MHD_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod
algorithm);
/* Type to KX mappings. */
-enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_map_kx_get_kx (enum
- MHD_GNUTLS_CredentialsType
- type,
- int server);
enum MHD_GNUTLS_CredentialsType MHD_gtls_map_kx_get_cred (enum
MHD_GNUTLS_KeyExchangeAlgorithm
algorithm,
@@ -118,8 +109,6 @@ enum MHD_GNUTLS_PublicKeyAlgorithm MHD_gtls_map_pk_get_pk (enum
kx_algorithm);
enum MHD_GNUTLS_PublicKeyAlgorithm MHD_gtls_x509_oid2pk_algorithm (const char
*oid);
-const char *MHD_gtls_x509_pk_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk);
-
enum encipher_type
{ CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN };
@@ -141,16 +130,6 @@ struct MHD_gtls_compression_entry
typedef struct MHD_gtls_compression_entry MHD_gnutls_compression_entry;
/* Functions for sign algorithms. */
-MHD_gnutls_sign_algorithm_t MHD_gtls_x509_oid2sign_algorithm (const char
- *oid);
-MHD_gnutls_sign_algorithm_t MHD_gtls_x509_pk_to_sign (enum
- MHD_GNUTLS_PublicKeyAlgorithm
- pk,
- enum
- MHD_GNUTLS_HashAlgorithm
- mac);
-const char *MHD_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm,
- enum MHD_GNUTLS_HashAlgorithm mac);
int MHD_gtls_mac_priority (MHD_gtls_session_t session,
enum MHD_GNUTLS_HashAlgorithm algorithm);
@@ -158,9 +137,6 @@ int MHD_gtls_cipher_priority (MHD_gtls_session_t session,
enum MHD_GNUTLS_CipherAlgorithm algorithm);
int MHD_gtls_kx_priority (MHD_gtls_session_t session,
enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm);
-int MHD_gtls_compression_priority (MHD_gtls_session_t session,
- enum MHD_GNUTLS_CompressionMethod
- algorithm);
enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name);
enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name);
diff --git a/src/daemon/https/tls/gnutls_auth.c b/src/daemon/https/tls/gnutls_auth.c
@@ -171,43 +171,6 @@ MHD_gtls_auth_get_type (MHD_gtls_session_t session)
server);
}
-/**
- * MHD_gtls_auth_server_get_type - Returns the type of credentials for the server authentication schema.
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Returns the type of credentials that were used for server authentication.
- * The returned information is to be used to distinguish the function used
- * to access authentication data.
- *
- **/
-enum MHD_GNUTLS_CredentialsType
-MHD_gtls_auth_server_get_type (MHD_gtls_session_t session)
-{
- return
- MHD_gtls_map_kx_get_cred (MHD_gtls_cipher_suite_get_kx_algo
- (&session->
- security_parameters.current_cipher_suite), 1);
-}
-
-/**
- * MHD_gtls_auth_client_get_type - Returns the type of credentials for the client authentication schema.
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Returns the type of credentials that were used for client authentication.
- * The returned information is to be used to distinguish the function used
- * to access authentication data.
- *
- **/
-enum MHD_GNUTLS_CredentialsType
-MHD_gtls_auth_client_get_type (MHD_gtls_session_t session)
-{
- return
- MHD_gtls_map_kx_get_cred (MHD_gtls_cipher_suite_get_kx_algo
- (&session->
- security_parameters.current_cipher_suite), 0);
-}
-
-
/*
* This returns a pointer to the linked list. Don't
* free that!!!
@@ -294,8 +257,6 @@ MHD_gtls_free_auth_info (MHD_gtls_session_t session)
switch (session->key->auth_info_type)
{
- case MHD_GNUTLS_CRD_SRP:
- break;
case MHD_GNUTLS_CRD_CERTIFICATE:
{
unsigned int i;
diff --git a/src/daemon/https/tls/gnutls_buffers.c b/src/daemon/https/tls/gnutls_buffers.c
@@ -67,58 +67,6 @@
# include <io_debug.h>
#endif
-/**
- * MHD__gnutls_transport_set_errno:
- * @session: is a #MHD_gtls_session_t structure.
- * @err: error value to store in session-specific errno variable.
- *
- * Store @err in the session-specific errno variable. Useful values
- * for @err is EAGAIN and EINTR, other values are treated will be
- * treated as real errors in the push/pull function.
- *
- * This function is useful in replacement push/pull functions set by
- * MHD__gnutls_transport_set_push_function and
- * MHD_gnutls_transport_set_pullpush_function under Windows, where the
- * replacement push/pull may not have access to the same @errno
- * variable that is used by GnuTLS (e.g., the application is linked to
- * msvcr71.dll and gnutls is linked to msvcrt.dll).
- *
- * If you don't have the @session variable easily accessible from the
- * push/pull function, and don't worry about thread conflicts, you can
- * also use MHD__gnutls_transport_set_global_errno().
- **/
-void
-MHD__gnutls_transport_set_errno (MHD_gtls_session_t session, int err)
-{
- session->internals.errnum = err;
-}
-
-/**
- * MHD__gnutls_transport_set_global_errno:
- * @err: error value to store in global errno variable.
- *
- * Store @err in the global errno variable. Useful values for @err is
- * EAGAIN and EINTR, other values are treated will be treated as real
- * errors in the push/pull function.
- *
- * This function is useful in replacement push/pull functions set by
- * MHD__gnutls_transport_set_push_function and
- * MHD_gnutls_transport_set_pullpush_function under Windows, where the
- * replacement push/pull may not have access to the same @errno
- * variable that is used by GnuTLS (e.g., the application is linked to
- * msvcr71.dll and gnutls is linked to msvcrt.dll).
- *
- * Whether this function is thread safe or not depends on whether the
- * global variable errno is thread safe, some system libraries make it
- * a thread-local variable. When feasible, using the guaranteed
- * thread-safe MHD__gnutls_transport_set_errno() may be better.
- **/
-void
-MHD__gnutls_transport_set_global_errno (int err)
-{
- errno = err;
-}
-
/* Buffers received packets of type APPLICATION DATA and
* HANDSHAKE DATA.
*/
@@ -186,23 +134,6 @@ MHD_gnutls_record_buffer_get_size (content_type_t type,
}
}
-/**
- * MHD_gtls_record_check_pending - checks if there are any data to receive in gnutls buffers.
- * @session: is a #MHD_gtls_session_t structure.
- *
- * This function checks if there are any data to receive
- * in the gnutls buffers. Returns the size of that data or 0.
- * Notice that you may also use select() to check for data in
- * a TCP connection, instead of this function.
- * (gnutls leaves some data in the tcp buffer in order for select
- * to work).
- **/
-size_t
-MHD_gtls_record_check_pending (MHD_gtls_session_t session)
-{
- return MHD_gnutls_record_buffer_get_size (GNUTLS_APPLICATION_DATA, session);
-}
-
int
MHD_gtls_record_buffer_get (content_type_t type, MHD_gtls_session_t session,
opaque * data, size_t length)
@@ -1193,31 +1124,6 @@ MHD_gtls_handshake_buffer_put (MHD_gtls_session_t session, opaque * data,
return 0;
}
-int
-MHD_gtls_handshake_buffer_get_size (MHD_gtls_session_t session)
-{
-
- return session->internals.handshake_hash_buffer.length;
-}
-
-/* this function does not touch the buffer
- * and returns data from it (peek mode!)
- */
-int
-MHD_gtls_handshake_buffer_peek (MHD_gtls_session_t session, opaque * data,
- size_t length)
-{
- if (length > session->internals.handshake_hash_buffer.length)
- {
- length = session->internals.handshake_hash_buffer.length;
- }
-
- MHD__gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", length);
-
- memcpy (data, session->internals.handshake_hash_buffer.data, length);
- return length;
-}
-
/* this function does not touch the buffer
* and returns data from it (peek mode!)
*/
diff --git a/src/daemon/https/tls/gnutls_buffers.h b/src/daemon/https/tls/gnutls_buffers.h
@@ -40,9 +40,6 @@ ssize_t MHD_gtls_io_write_buffered (MHD_gtls_session_t, const void *iptr,
ssize_t MHD_gtls_io_write_buffered2 (MHD_gtls_session_t, const void *iptr,
size_t n, const void *iptr2, size_t n2);
-int MHD_gtls_handshake_buffer_get_size (MHD_gtls_session_t session);
-int MHD_gtls_handshake_buffer_peek (MHD_gtls_session_t session, opaque * data,
- size_t length);
int MHD_gtls_handshake_buffer_put (MHD_gtls_session_t session, opaque * data,
size_t length);
int MHD_gtls_handshake_buffer_clear (MHD_gtls_session_t session);
diff --git a/src/daemon/https/tls/gnutls_cert.c b/src/daemon/https/tls/gnutls_cert.c
@@ -279,87 +279,6 @@ MHD_gtls_selected_cert_supported_kx (MHD_gtls_session_t session,
}
-/**
- * MHD_gtls_certificate_server_set_request - Used to set whether to request a client certificate
- * @session: is an #MHD_gtls_session_t structure.
- * @req: is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE
- *
- * This function specifies if we (in case of a server) are going
- * to send a certificate request message to the client. If @req
- * is GNUTLS_CERT_REQUIRE then the server will return an error if
- * the peer does not provide a certificate. If you do not
- * call this function then the client will not be asked to
- * send a certificate.
- **/
-void
-MHD_gtls_certificate_server_set_request (MHD_gtls_session_t session,
- MHD_gnutls_certificate_request_t req)
-{
- session->internals.send_cert_req = req;
-}
-
-/**
- * MHD_gtls_certificate_client_set_retrieve_function - Used to set a callback to retrieve the certificate
- * @cred: is a #MHD_gtls_cert_credentials_t structure.
- * @func: is the callback function
- *
- * This function sets a callback to be called in order to retrieve the certificate
- * to be used in the handshake.
- * The callback's function prototype is:
- * int (*callback)(MHD_gtls_session_t, const MHD_gnutls_datum_t* req_ca_dn, int nreqs,
- * const enum MHD_GNUTLS_PublicKeyAlgorithm* pk_algos, int pk_algos_length, MHD_gnutls_retr_st* st);
- *
- * @req_ca_cert is only used in X.509 certificates.
- * Contains a list with the CA names that the server considers trusted.
- * Normally we should send a certificate that is signed
- * by one of these CAs. These names are DER encoded. To get a more
- * meaningful value use the function MHD_gnutls_x509_rdn_get().
- *
- * @pk_algos contains a list with server's acceptable signature algorithms.
- * The certificate returned should support the server's given algorithms.
- *
- * @st should contain the certificates and private keys.
- *
- * If the callback function is provided then gnutls will call it, in the
- * handshake, after the certificate request message has been received.
- *
- * The callback function should set the certificate list to be sent, and
- * return 0 on success. If no certificate was selected then the number of certificates
- * should be set to zero. The value (-1) indicates error and the handshake
- * will be terminated.
- **/
-void MHD_gtls_certificate_client_set_retrieve_function
- (MHD_gtls_cert_credentials_t cred,
- MHD_gnutls_certificate_client_retrieve_function * func)
-{
- cred->client_get_cert_callback = func;
-}
-
-/**
- * MHD_gtls_certificate_server_set_retrieve_function - Used to set a callback to retrieve the certificate
- * @cred: is a #MHD_gtls_cert_credentials_t structure.
- * @func: is the callback function
- *
- * This function sets a callback to be called in order to retrieve the certificate
- * to be used in the handshake.
- * The callback's function prototype is:
- * int (*callback)(MHD_gtls_session_t, MHD_gnutls_retr_st* st);
- *
- * @st should contain the certificates and private keys.
- *
- * If the callback function is provided then gnutls will call it, in the
- * handshake, after the certificate request message has been received.
- *
- * The callback function should set the certificate list to be sent, and
- * return 0 on success. The value (-1) indicates error and the handshake
- * will be terminated.
- **/
-void MHD_gtls_certificate_server_set_retrieve_function
- (MHD_gtls_cert_credentials_t cred,
- MHD_gnutls_certificate_server_retrieve_function * func)
-{
- cred->server_get_cert_callback = func;
-}
int
MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert,
@@ -377,23 +296,6 @@ MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert,
}
}
-int
-MHD_gtls_raw_privkey_to_gkey (MHD_gnutls_privkey * key,
- enum MHD_GNUTLS_CertificateType type,
- const MHD_gnutls_datum_t * raw_key,
- int key_enc /* DER or PEM */ )
-{
- switch (type)
- {
- case MHD_GNUTLS_CRT_X509:
- return MHD__gnutls_x509_raw_privkey_to_gkey (key, raw_key, key_enc);
- default:
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-}
-
-
/* This function will convert a der certificate to a format
* (structure) that gnutls can understand and use. Actually the
* important thing on this function is that it extracts the
@@ -538,47 +440,3 @@ MHD_gtls_gcert_deinit (MHD_gnutls_cert * cert)
MHD__gnutls_free_datum (&cert->raw);
}
-/**
- * MHD_gtls_sign_callback_set:
- * @session: is a gnutls session
- * @sign_func: function pointer to application's sign callback.
- * @userdata: void pointer that will be passed to sign callback.
- *
- * Set the callback function. The function must have this prototype:
- *
- * typedef int (*MHD_gnutls_sign_func) (MHD_gtls_session_t session,
- * void *userdata,
- * enum MHD_GNUTLS_CertificateType cert_type,
- * const MHD_gnutls_datum_t * cert,
- * const MHD_gnutls_datum_t * hash,
- * MHD_gnutls_datum_t * signature);
- *
- * The @userdata parameter is passed to the @sign_func verbatim, and
- * can be used to store application-specific data needed in the
- * callback function. See also MHD_gtls_sign_callback_get().
- **/
-void
-MHD_gtls_sign_callback_set (MHD_gtls_session_t session,
- MHD_gnutls_sign_func sign_func, void *userdata)
-{
- session->internals.sign_func = sign_func;
- session->internals.sign_func_userdata = userdata;
-}
-
-/**
- * MHD_gtls_sign_callback_get:
- * @session: is a gnutls session
- * @userdata: if non-%NULL, will be set to abstract callback pointer.
- *
- * Retrieve the callback function, and its userdata pointer.
- *
- * Returns: The function pointer set by MHD_gtls_sign_callback_set(), or
- * if not set, %NULL.
- **/
-MHD_gnutls_sign_func
-MHD_gtls_sign_callback_get (MHD_gtls_session_t session, void **userdata)
-{
- if (userdata)
- *userdata = session->internals.sign_func_userdata;
- return session->internals.sign_func;
-}
diff --git a/src/daemon/https/tls/gnutls_cert.h b/src/daemon/https/tls/gnutls_cert.h
@@ -124,9 +124,4 @@ int MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert,
enum MHD_GNUTLS_CertificateType type,
const MHD_gnutls_datum_t * raw_cert,
int flags /* OR of ConvFlags */ );
-int MHD_gtls_raw_privkey_to_gkey (MHD_gnutls_privkey * key,
- enum MHD_GNUTLS_CertificateType type,
- const MHD_gnutls_datum_t * raw_key,
- int key_enc /* DER or PEM */ );
-
#endif
diff --git a/src/daemon/https/tls/gnutls_datum.c b/src/daemon/https/tls/gnutls_datum.c
@@ -49,23 +49,6 @@ MHD_gtls_write_datum24 (opaque * dest, MHD_gnutls_datum_t dat)
memcpy (&dest[3], dat.data, dat.size);
}
-void
-MHD_gtls_write_datum32 (opaque * dest, MHD_gnutls_datum_t dat)
-{
- MHD_gtls_write_uint32 (dat.size, dest);
- if (dat.data != NULL)
- memcpy (&dest[4], dat.data, dat.size);
-}
-
-void
-MHD_gtls_write_datum8 (opaque * dest, MHD_gnutls_datum_t dat)
-{
- dest[0] = (uint8_t) dat.size;
- if (dat.data != NULL)
- memcpy (&dest[1], dat.data, dat.size);
-}
-
-
int
MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data,
size_t data_size, MHD_gnutls_alloc_function galloc_func)
@@ -87,22 +70,6 @@ MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data,
return 0;
}
-int
-MHD_gtls_datum_append_m (MHD_gnutls_datum_t * dst, const void *data,
- size_t data_size,
- MHD_gnutls_realloc_function grealloc_func)
-{
-
- dst->data = grealloc_func (dst->data, data_size + dst->size);
- if (dst->data == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- memcpy (&dst->data[dst->size], data, data_size);
- dst->size += data_size;
-
- return 0;
-}
-
void
MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat,
MHD_gnutls_free_function gfree_func)
diff --git a/src/daemon/https/tls/gnutls_datum.h b/src/daemon/https/tls/gnutls_datum.h
@@ -24,16 +24,12 @@
void MHD_gtls_write_datum16 (opaque * dest, MHD_gnutls_datum_t dat);
void MHD_gtls_write_datum24 (opaque * dest, MHD_gnutls_datum_t dat);
-void MHD_gtls_write_datum32 (opaque * dest, MHD_gnutls_datum_t dat);
-void MHD_gtls_write_datum8 (opaque * dest, MHD_gnutls_datum_t dat);
int MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data,
size_t data_size, MHD_gnutls_alloc_function);
#define MHD__gnutls_set_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_malloc)
#define MHD__gnutls_sset_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_secure_malloc)
-int MHD_gtls_datum_append_m (MHD_gnutls_datum_t * dat, const void *data,
- size_t data_size, MHD_gnutls_realloc_function);
#define MHD__gnutls_datum_append(x,y,z) MHD_gtls_datum_append_m(x,y,z, MHD_gnutls_realloc)
void MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat,
diff --git a/src/daemon/https/tls/gnutls_extensions.c b/src/daemon/https/tls/gnutls_extensions.c
@@ -64,12 +64,6 @@ MHD_gtls_extension_entry MHD_gtls_extensions[MAX_EXT_SIZE] = {
MHD_gtls_oprfi_recv_params,
MHD_gtls_oprfi_send_params),
#endif
-#ifdef ENABLE_SRP
- GNUTLS_EXTENSION_ENTRY (GNUTLS_EXTENSION_SRP,
- EXTENSION_TLS,
- MHD__gnutls_srp_recv_params,
- MHD__gnutls_srp_send_params),
-#endif
{0, 0, 0, 0}
};
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
@@ -1929,36 +1929,6 @@ MHD__gnutls_send_server_hello (MHD_gtls_session_t session, int again)
datalen = 0;
-#ifdef ENABLE_SRP
- if (IS_SRP_KX
- (MHD_gtls_cipher_suite_get_kx_algo
- (&session->security_parameters.current_cipher_suite)))
- {
- /* While resuming we cannot check the username extension since it is
- * not available at this point. It will be copied on connection
- * state activation.
- */
- if (session->internals.resumed == RESUME_FALSE &&
- session->security_parameters.extensions.srp_username[0] == 0)
- {
- /* The peer didn't send a valid SRP extension with the
- * SRP username. The draft requires that we send a fatal
- * alert and abort.
- */
- MHD_gnutls_assert ();
- ret = MHD__gnutls_alert_send (session, GNUTLS_AL_FATAL,
- GNUTLS_A_UNKNOWN_PSK_IDENTITY);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
- }
- }
-#endif
-
if (again == 0)
{
datalen = 2 + session_id_len + 1 + TLS_RANDOM_SIZE + 3;
@@ -2807,22 +2777,6 @@ check_server_params (MHD_gtls_session_t session,
if (delete == 1)
return 1;
-#ifdef ENABLE_PSK
- }
- else if (cred_type == MHD_GNUTLS_CRD_PSK)
- {
- MHD_gnutls_psk_server_credentials_t psk_cred =
- (MHD_gnutls_psk_server_credentials_t) MHD_gtls_get_cred (session->key,
- cred_type,
- NULL);
-
- if (psk_cred != NULL)
- {
- dh_params =
- MHD_gtls_get_dh_params (psk_cred->dh_params,
- psk_cred->params_func, session);
- }
-#endif
}
else
return 0; /* no need for params */
@@ -2955,7 +2909,6 @@ MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session,
SRP credential too. */
if (kx == MHD_GNUTLS_KX_SRP_RSA || kx == MHD_GNUTLS_KX_SRP_DSS)
{
- if (!MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_SRP, NULL))
delete = 1;
}
diff --git a/src/daemon/https/tls/gnutls_mem.c b/src/daemon/https/tls/gnutls_mem.c
@@ -32,7 +32,6 @@ MHD_gnutls_free_function MHD_gnutls_free = free;
MHD_gnutls_realloc_function MHD_gnutls_realloc = realloc;
void *(*MHD_gnutls_calloc) (size_t, size_t) = calloc;
-char *(*MHD_gnutls_strdup) (const char *) = MHD_gtls_strdup;
int
MHD__gnutls_is_secure_mem_null (const void *ign)
@@ -64,15 +63,3 @@ MHD_gtls_realloc_fast (void *ptr, size_t size)
return ret;
}
-
-char *
-MHD_gtls_strdup (const char *str)
-{
- size_t siz = strlen (str) + 1;
- char *ret;
-
- ret = MHD_gnutls_malloc (siz);
- if (ret != NULL)
- memcpy (ret, str, siz);
- return ret;
-}
diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c
@@ -32,40 +32,6 @@
#define MAX_ELEMENTS 48
-/**
- * MHD__gnutls_cipher_set_priority - Sets the priority on the ciphers supported by gnutls.
- * @session: is a #MHD_gtls_session_t structure.
- * @list: is a 0 terminated list of enum MHD_GNUTLS_CipherAlgorithm elements.
- *
- * Sets the priority on the ciphers supported by gnutls.
- * Priority is higher for elements specified before others.
- * After specifying the ciphers you want, you must append a 0.
- * Note that the priority is set on the client. The server does
- * not use the algorithm's priority except for disabling
- * algorithms that were not specified.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD__gnutls_cipher_set_priority (MHD_gtls_session_t session, const int *list)
-{
- int num = 0, i;
-
- while (list[num] != 0)
- num++;
- if (num > MAX_ALGOS)
- num = MAX_ALGOS;
- session->internals.priorities.cipher.num_algorithms = num;
-
- for (i = 0; i < num; i++)
- {
- session->internals.priorities.cipher.priority[i] = list[i];
- }
-
- return 0;
-}
-
static int
_set_priority (MHD_gtls_priority_st * st, const int *list)
{
@@ -78,129 +44,6 @@ _set_priority (MHD_gtls_priority_st * st, const int *list)
return 0;
}
-/**
- * MHD__gnutls_kx_set_priority - Sets the priority on the key exchange algorithms supported by gnutls.
- * @session: is a #MHD_gtls_session_t structure.
- * @list: is a 0 terminated list of enum MHD_GNUTLS_KeyExchangeAlgorithm elements.
- *
- * Sets the priority on the key exchange algorithms supported by gnutls.
- * Priority is higher for elements specified before others.
- * After specifying the algorithms you want, you must append a 0.
- * Note that the priority is set on the client. The server does
- * not use the algorithm's priority except for disabling
- * algorithms that were not specified.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD__gnutls_kx_set_priority (MHD_gtls_session_t session, const int *list)
-{
- return _set_priority (&session->internals.priorities.kx, list);
-}
-
-/**
- * MHD__gnutls_mac_set_priority - Sets the priority on the mac algorithms supported by gnutls.
- * @session: is a #MHD_gtls_session_t structure.
- * @list: is a 0 terminated list of enum MHD_GNUTLS_HashAlgorithm elements.
- *
- * Sets the priority on the mac algorithms supported by gnutls.
- * Priority is higher for elements specified before others.
- * After specifying the algorithms you want, you must append a 0.
- * Note that the priority is set on the client. The server does
- * not use the algorithm's priority except for disabling
- * algorithms that were not specified.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD__gnutls_mac_set_priority (MHD_gtls_session_t session, const int *list)
-{
- return _set_priority (&session->internals.priorities.mac, list);
-}
-
-/**
- * MHD__gnutls_compression_set_priority - Sets the priority on the compression algorithms supported by gnutls.
- * @session: is a #MHD_gtls_session_t structure.
- * @list: is a 0 terminated list of enum MHD_GNUTLS_CompressionMethod elements.
- *
- * Sets the priority on the compression algorithms supported by gnutls.
- * Priority is higher for elements specified before others.
- * After specifying the algorithms you want, you must append a 0.
- * Note that the priority is set on the client. The server does
- * not use the algorithm's priority except for disabling
- * algorithms that were not specified.
- *
- * TLS 1.0 does not define any compression algorithms except
- * NULL. Other compression algorithms are to be considered
- * as gnutls extensions.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD__gnutls_compression_set_priority (MHD_gtls_session_t session,
- const int *list)
-{
- return _set_priority (&session->internals.priorities.compression, list);
-}
-
-/**
- * MHD__gnutls_protocol_set_priority - Sets the priority on the protocol versions supported by gnutls.
- * @session: is a #MHD_gtls_session_t structure.
- * @list: is a 0 terminated list of enum MHD_GNUTLS_Protocol elements.
- *
- * Sets the priority on the protocol versions supported by gnutls.
- * This function actually enables or disables protocols. Newer protocol
- * versions always have highest priority.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD__gnutls_protocol_set_priority (MHD_gtls_session_t session,
- const int *list)
-{
- int ret;
-
- ret = _set_priority (&session->internals.priorities.protocol, list);
- /* set the current version to the first in the chain.
- * This will be overridden later.
- */
- MHD_gtls_set_current_version (session, list[0]);
-
- return ret;
-}
-
-/**
- * MHD__gnutls_certificate_type_set_priority - Sets the priority on the certificate types supported by gnutls.
- * @session: is a #MHD_gtls_session_t structure.
- * @list: is a 0 terminated list of enum MHD_GNUTLS_CertificateType elements.
- *
- * Sets the priority on the certificate types supported by gnutls.
- * Priority is higher for elements specified before others.
- * After specifying the types you want, you must append a 0.
- * Note that the certificate type priority is set on the client.
- * The server does not use the cert type priority except for disabling
- * types that were not specified.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD__gnutls_certificate_type_set_priority (MHD_gtls_session_t session,
- const int *list)
-{
-#if ENABLE_OPENPGP
- return _set_priority (&session->internals.priorities.cert_type, list);
-#else
-
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
-
-#endif
-}
-
static const int MHD_gtls_protocol_priority[] = { MHD_GNUTLS_PROTOCOL_TLS1_1,
MHD_GNUTLS_PROTOCOL_TLS1_0,
MHD_GNUTLS_PROTOCOL_SSL3,
diff --git a/src/daemon/https/tls/gnutls_record.c b/src/daemon/https/tls/gnutls_record.c
@@ -81,24 +81,6 @@ MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num)
}
/**
- * MHD_gtls_record_disable_padding - Used to disabled padding in TLS 1.0 and above
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Used to disabled padding in TLS 1.0 and above. Normally you do
- * not need to use this function, but there are buggy clients that
- * complain if a server pads the encrypted data. This of course will
- * disable protection against statistical attacks on the data.
- *
- * Normally only servers that require maximum compatibility with everything
- * out there, need to call this function.
- **/
-void
-MHD_gtls_record_disable_padding (MHD_gtls_session_t session)
-{
- session->internals.priorities.no_padding = 1;
-}
-
-/**
* MHD__gnutls_transport_set_ptr - Used to set first argument of the transport functions
* @session: is a #MHD_gtls_session_t structure.
* @ptr: is the value.
@@ -116,26 +98,6 @@ MHD__gnutls_transport_set_ptr (MHD_gtls_session_t session,
}
/**
- * MHD__gnutls_transport_set_ptr2 - Used to set first argument of the transport functions
- * @session: is a #MHD_gtls_session_t structure.
- * @recv_ptr: is the value for the pull function
- * @send_ptr: is the value for the push function
- *
- * Used to set the first argument of the transport function (like
- * PUSH and PULL). In berkeley style sockets this function will set
- * the connection handle. With this function you can use two
- * different pointers for receiving and sending.
- **/
-void
-MHD__gnutls_transport_set_ptr2 (MHD_gtls_session_t session,
- MHD_gnutls_transport_ptr_t recv_ptr,
- MHD_gnutls_transport_ptr_t send_ptr)
-{
- session->internals.transport_send_ptr = send_ptr;
- session->internals.transport_recv_ptr = recv_ptr;
-}
-
-/**
* MHD__gnutls_bye - This function terminates the current TLS/SSL connection.
* @session: is a #MHD_gtls_session_t structure.
* @how: is an integer
@@ -1128,59 +1090,3 @@ MHD__gnutls_record_recv (MHD_gtls_session_t session, void *data,
sizeofdata);
}
-/**
- * MHD__gnutls_record_get_max_size - returns the maximum record size
- * @session: is a #MHD_gtls_session_t structure.
- *
- * This function returns the maximum record packet size in this
- * connection. The maximum record size is negotiated by the client
- * after the first handshake message.
- **/
-size_t
-MHD__gnutls_record_get_max_size (MHD_gtls_session_t session)
-{
- /* Recv will hold the negotiated max record size
- * always.
- */
- return session->security_parameters.max_record_recv_size;
-}
-
-/**
- * MHD__gnutls_record_set_max_size - sets the maximum record size
- * @session: is a #MHD_gtls_session_t structure.
- * @size: is the new size
- *
- * This function sets the maximum record packet size in this
- * connection. This property can only be set to clients. The server
- * may choose not to accept the requested size.
- *
- * Acceptable values are 512(=2^9), 1024(=2^10), 2048(=2^11) and
- * 4096(=2^12). Returns 0 on success. The requested record size does
- * get in effect immediately only while sending data. The receive
- * part will take effect after a successful handshake.
- *
- * This function uses a TLS extension called 'max record size'. Not
- * all TLS implementations use or even understand this extension.
- **/
-ssize_t
-MHD__gnutls_record_set_max_size (MHD_gtls_session_t session, size_t size)
-{
- ssize_t new_size;
-
- if (session->security_parameters.entity == GNUTLS_SERVER)
- return GNUTLS_E_INVALID_REQUEST;
-
- new_size = MHD_gtls_mre_record2num (size);
-
- if (new_size < 0)
- {
- MHD_gnutls_assert ();
- return new_size;
- }
-
- session->security_parameters.max_record_send_size = size;
-
- session->internals.proposed_record_size = size;
-
- return 0;
-}
diff --git a/src/daemon/https/tls/gnutls_session.c b/src/daemon/https/tls/gnutls_session.c
@@ -1,71 +0,0 @@
-/*
- * Copyright (C) 2000, 2003, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-#include "gnutls_int.h"
-#include "gnutls_errors.h"
-#include "debug.h"
-#include "gnutls_session_pack.h"
-#include <gnutls_datum.h>
-
-/* TODO this file should be removed if session resumption will be abandoned */
-
-/**
- * MHD_gtls_session_get_id - Returns session id.
- * @session: is a #MHD_gtls_session_t structure.
- * @session_id: is a pointer to space to hold the session id.
- * @session_id_size: is the session id's size, or it will be set by the function.
- *
- * Returns the current session id. This can be used if you want to check if
- * the next session you tried to resume was actually resumed.
- * This is because resumed sessions have the same sessionID with the
- * original session.
- *
- * Session id is some data set by the server, that identify the current session.
- * In TLS 1.0 and SSL 3.0 session id is always less than 32 bytes.
- *
- * Returns zero on success.
- **/
-int
-MHD_gtls_session_get_id (MHD_gtls_session_t session,
- void *session_id, size_t * session_id_size)
-{
- size_t given_session_id_size = *session_id_size;
-
- *session_id_size = session->security_parameters.session_id_size;
-
- /* just return the session size */
- if (session_id == NULL)
- {
- return 0;
- }
-
- if (given_session_id_size < session->security_parameters.session_id_size)
- {
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- memcpy (session_id, &session->security_parameters.session_id,
- *session_id_size);
-
- return 0;
-}
diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c
@@ -1,1025 +0,0 @@
-/*
- * Copyright (C) 2000, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* Contains functions that are supposed to pack and unpack session data,
- * before and after they are sent to the database backend.
- */
-
-#include <gnutls_int.h>
-#ifdef ENABLE_SRP
-# include <auth_srp.h>
-#endif
-#ifdef ENABLE_PSK
-# include <auth_psk.h>
-#endif
-#include <auth_cert.h>
-#include <gnutls_errors.h>
-#include <gnutls_auth_int.h>
-#include <gnutls_session_pack.h>
-#include <gnutls_datum.h>
-#include <gnutls_num.h>
-
-#define PACK_HEADER_SIZE 1
-#define MAX_SEC_PARAMS 7+MAX_SRP_USERNAME+MAX_SERVER_NAME_EXTENSIONS*(3+MAX_SERVER_NAME_SIZE)+165
-static int pack_certificate_auth_info (MHD_gtls_session_t,
- MHD_gnutls_datum_t * packed_session);
-static int unpack_certificate_auth_info (MHD_gtls_session_t,
- const MHD_gnutls_datum_t *
- packed_session);
-
-static int unpack_security_parameters (MHD_gtls_session_t session,
- const MHD_gnutls_datum_t *
- packed_session);
-static int pack_security_parameters (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * packed_session);
-
-/* Since auth_info structures contain malloced data, this function
- * is required in order to pack these structures in a vector in
- * order to store them to the DB.
- *
- * packed_session will contain the session data.
- *
- * The data will be in a platform independent format.
- */
-int
-MHD_gtls_session_pack (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * packed_session)
-{
- int ret;
-
- if (packed_session == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
-
- switch (MHD_gtls_auth_get_type (session))
- {
-#ifdef ENABLE_SRP
- case MHD_GNUTLS_CRD_SRP:
- ret = pack_srp_auth_info (session, packed_session);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
- break;
-#endif
-#ifdef ENABLE_PSK
- case MHD_GNUTLS_CRD_PSK:
- ret = pack_psk_auth_info (session, packed_session);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
- break;
-#endif
- case MHD_GNUTLS_CRD_CERTIFICATE:
- ret = pack_certificate_auth_info (session, packed_session);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
- break;
- default:
- return GNUTLS_E_INTERNAL_ERROR;
-
- }
-
- /* Auth_info structures copied. Now copy MHD_gtls_security_param_st.
- * packed_session must have allocated space for the security parameters.
- */
- ret = pack_security_parameters (session, packed_session);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- MHD__gnutls_free_datum (packed_session);
- return ret;
- }
-
- return 0;
-}
-
-
-/* Load session data from a buffer.
- */
-int
-MHD_gtls_session_unpack (MHD_gtls_session_t session,
- const MHD_gnutls_datum_t * packed_session)
-{
- int ret;
-
- if (packed_session == NULL || packed_session->size == 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (MHD_gtls_get_auth_info (session) != NULL)
- {
- MHD_gtls_free_auth_info (session);
- }
-
- switch (packed_session->data[0])
- {
-#ifdef ENABLE_SRP
- case MHD_GNUTLS_CRD_SRP:
- ret = unpack_srp_auth_info (session, packed_session);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
- break;
-#endif
-#ifdef ENABLE_PSK
- case MHD_GNUTLS_CRD_PSK:
- ret = unpack_psk_auth_info (session, packed_session);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
- break;
-#endif
- case MHD_GNUTLS_CRD_CERTIFICATE:
- ret = unpack_certificate_auth_info (session, packed_session);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
- break;
- default:
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
-
- }
-
- /* Auth_info structures copied. Now copy MHD_gtls_security_param_st.
- * packed_session must have allocated space for the security parameters.
- */
- ret = unpack_security_parameters (session, packed_session);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- return 0;
-}
-
-
-/* Format:
- * 1 byte the credentials type
- * 4 bytes the size of the whole structure
- * DH stuff
- * 2 bytes the size of secret key in bits
- * 4 bytes the size of the prime
- * x bytes the prime
- * 4 bytes the size of the generator
- * x bytes the generator
- * 4 bytes the size of the public key
- * x bytes the public key
- * RSA stuff
- * 4 bytes the size of the modulus
- * x bytes the modulus
- * 4 bytes the size of the exponent
- * x bytes the exponent
- * CERTIFICATES
- * 4 bytes the length of the certificate list
- * 4 bytes the size of first certificate
- * x bytes the certificate
- * and so on...
- */
-static int
-pack_certificate_auth_info (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * packed_session)
-{
- unsigned int pos = 0, i;
- int cert_size, pack_size;
- cert_auth_info_t info = MHD_gtls_get_auth_info (session);
-
- if (info)
- {
- cert_size = 4;
-
- for (i = 0; i < info->ncerts; i++)
- cert_size += 4 + info->raw_certificate_list[i].size;
-
- pack_size = 2 + 4 + info->dh.prime.size +
- 4 + info->dh.generator.size + 4 + info->dh.public_key.size +
- 4 + info->rsa_export.modulus.size +
- 4 + info->rsa_export.exponent.size + cert_size;
- }
- else
- pack_size = 0;
-
- packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
-
- /* calculate the size and allocate the data.
- */
- packed_session->data =
- MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
-
- if (packed_session->data == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- packed_session->data[0] = MHD_GNUTLS_CRD_CERTIFICATE;
- MHD_gtls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]);
- pos += 4 + PACK_HEADER_SIZE;
-
-
- if (pack_size > 0)
- {
-
- MHD_gtls_write_uint16 (info->dh.secret_bits,
- &packed_session->data[pos]);
- pos += 2;
-
- MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime);
- pos += 4 + info->dh.prime.size;
- MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator);
- pos += 4 + info->dh.generator.size;
- MHD_gtls_write_datum32 (&packed_session->data[pos],
- info->dh.public_key);
- pos += 4 + info->dh.public_key.size;
-
- MHD_gtls_write_datum32 (&packed_session->data[pos],
- info->rsa_export.modulus);
- pos += 4 + info->rsa_export.modulus.size;
- MHD_gtls_write_datum32 (&packed_session->data[pos],
- info->rsa_export.exponent);
- pos += 4 + info->rsa_export.exponent.size;
-
- MHD_gtls_write_uint32 (info->ncerts, &packed_session->data[pos]);
- pos += 4;
-
- for (i = 0; i < info->ncerts; i++)
- {
- MHD_gtls_write_datum32 (&packed_session->data[pos],
- info->raw_certificate_list[i]);
- pos += sizeof (uint32_t) + info->raw_certificate_list[i].size;
- }
- }
-
- return 0;
-}
-
-
-/* Upack certificate info.
- */
-static int
-unpack_certificate_auth_info (MHD_gtls_session_t session,
- const MHD_gnutls_datum_t * packed_session)
-{
- int pos = 0, size, ret;
- unsigned int i = 0, j;
- size_t pack_size;
- cert_auth_info_t info;
-
- if (packed_session->data[0] != MHD_GNUTLS_CRD_CERTIFICATE)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- pack_size = MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
- pos += PACK_HEADER_SIZE + 4;
-
- if (pack_size == 0)
- return 0; /* nothing to be done */
-
- /* a simple check for integrity */
- if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* client and server have the same auth_info here
- */
- ret =
- MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 1);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- info->dh.secret_bits = MHD_gtls_read_uint16 (&packed_session->data[pos]);
- pos += 2;
-
- size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
- ret =
- MHD__gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto error;
- }
- pos += size;
-
- size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
- ret =
- MHD__gnutls_set_datum (&info->dh.generator, &packed_session->data[pos],
- size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto error;
- }
- pos += size;
-
- size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
- ret =
- MHD__gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos],
- size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto error;
- }
- pos += size;
-
- size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
- ret =
- MHD__gnutls_set_datum (&info->rsa_export.modulus,
- &packed_session->data[pos], size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto error;
- }
- pos += size;
-
- size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
- ret =
- MHD__gnutls_set_datum (&info->rsa_export.exponent,
- &packed_session->data[pos], size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto error;
- }
- pos += size;
-
- info->ncerts = MHD_gtls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
-
- if (info->ncerts > 0)
- {
- info->raw_certificate_list =
- MHD_gnutls_calloc (1, sizeof (MHD_gnutls_datum_t) * info->ncerts);
- if (info->raw_certificate_list == NULL)
- {
- MHD_gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
- }
-
- for (i = 0; i < info->ncerts; i++)
- {
- size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
- pos += sizeof (uint32_t);
-
- ret =
- MHD__gnutls_set_datum (&info->raw_certificate_list[i],
- &packed_session->data[pos], size);
- pos += size;
-
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto error;
- }
- }
-
-
- return 0;
-
-error:
- MHD__gnutls_free_datum (&info->dh.prime);
- MHD__gnutls_free_datum (&info->dh.generator);
- MHD__gnutls_free_datum (&info->dh.public_key);
-
- MHD__gnutls_free_datum (&info->rsa_export.modulus);
- MHD__gnutls_free_datum (&info->rsa_export.exponent);
-
- for (j = 0; j < i; j++)
- MHD__gnutls_free_datum (&info->raw_certificate_list[j]);
-
- MHD_gnutls_free (info->raw_certificate_list);
-
- return ret;
-
-}
-
-#ifdef ENABLE_SRP
-/* Packs the SRP session authentication data.
- */
-
-/* Format:
- * 1 byte the credentials type
- * 4 bytes the size of the SRP username (x)
- * x bytes the SRP username
- */
-static int
-pack_srp_auth_info (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * packed_session)
-{
- srp_server_auth_info_t info = MHD_gtls_get_auth_info (session);
- int pack_size;
-
- if (info && info->username)
- pack_size = strlen (info->username) + 1; /* include the terminating null */
- else
- pack_size = 0;
-
- packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
-
- /* calculate the size and allocate the data.
- */
- packed_session->data =
- MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
-
- if (packed_session->data == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- packed_session->data[0] = MHD_GNUTLS_CRD_SRP;
- MHD_gtls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]);
-
- if (pack_size > 0)
- memcpy (&packed_session->data[PACK_HEADER_SIZE + sizeof (uint32_t)],
- info->username, pack_size + 1);
-
- return 0;
-}
-
-
-static int
-unpack_srp_auth_info (MHD_gtls_session_t session,
- const MHD_gnutls_datum_t * packed_session)
-{
- size_t username_size;
- int ret;
- srp_server_auth_info_t info;
-
- if (packed_session->data[0] != MHD_GNUTLS_CRD_SRP)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- username_size =
- MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
-
- if (username_size == 0)
- return 0; /* nothing to be done */
-
- /* a simple check for integrity */
- if (username_size + 4 + PACK_HEADER_SIZE > packed_session->size)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret =
- MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_SRP,
- sizeof (srp_server_auth_info_st), 1);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- memcpy (info->username,
- &packed_session->data[PACK_HEADER_SIZE + sizeof (uint32_t)],
- username_size);
-
- return 0;
-}
-#endif
-
-
-
-#ifdef ENABLE_PSK
-/* Packs the PSK session authentication data.
- */
-
-/* Format:
- * 1 byte the credentials type
- * 4 bytes the size of the whole structure
- * 4 bytes the size of the PSK username (x)
- * x bytes the PSK username
- * 2 bytes the size of secret key in bits
- * 4 bytes the size of the prime
- * x bytes the prime
- * 4 bytes the size of the generator
- * x bytes the generator
- * 4 bytes the size of the public key
- * x bytes the public key
- */
-static int
-pack_psk_auth_info (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * packed_session)
-{
- psk_auth_info_t info;
- int pack_size, username_size = 0, pos;
-
- info = MHD_gtls_get_auth_info (session);
-
- if (info)
- {
- username_size = strlen (info->username) + 1; /* include the terminating null */
- pack_size = username_size +
- 2 + 4 * 3 + info->dh.prime.size + info->dh.generator.size +
- info->dh.public_key.size;
- }
- else
- pack_size = 0;
-
- packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
-
- /* calculate the size and allocate the data.
- */
- packed_session->data =
- MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
-
- if (packed_session->data == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- pos = 0;
-
- packed_session->data[pos] = MHD_GNUTLS_CRD_PSK;
- pos++;
-
- MHD_gtls_write_uint32 (pack_size, &packed_session->data[pos]);
- pos += 4;
-
-
- if (pack_size > 0)
- {
- MHD_gtls_write_uint32 (username_size, &packed_session->data[pos]);
- pos += 4;
-
- memcpy (&packed_session->data[pos], info->username, username_size);
- pos += username_size;
-
- MHD_gtls_write_uint16 (info->dh.secret_bits,
- &packed_session->data[pos]);
- pos += 2;
-
- MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime);
- pos += 4 + info->dh.prime.size;
- MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator);
- pos += 4 + info->dh.generator.size;
- MHD_gtls_write_datum32 (&packed_session->data[pos],
- info->dh.public_key);
- pos += 4 + info->dh.public_key.size;
-
- }
-
-
- return 0;
-}
-
-static int
-unpack_psk_auth_info (MHD_gtls_session_t session,
- const MHD_gnutls_datum_t * packed_session)
-{
- size_t username_size;
- size_t pack_size;
- int pos = 0, size, ret;
- psk_auth_info_t info;
-
- if (packed_session->data[0] != MHD_GNUTLS_CRD_PSK)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- pack_size = MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
- pos += PACK_HEADER_SIZE + 4;
-
-
- if (pack_size == 0)
- return 0; /* nothing to be done */
-
- /* a simple check for integrity */
- if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* client and serer have the same auth_info here
- */
- ret =
- MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_PSK,
- sizeof (psk_auth_info_st), 1);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- username_size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
-
- memcpy (info->username, &packed_session->data[pos], username_size);
- pos += username_size;
-
- info->dh.secret_bits = MHD_gtls_read_uint16 (&packed_session->data[pos]);
- pos += 2;
-
- size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
- ret =
- MHD__gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto error;
- }
- pos += size;
-
- size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
- ret =
- MHD__gnutls_set_datum (&info->dh.generator, &packed_session->data[pos],
- size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto error;
- }
- pos += size;
-
- size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
- ret =
- MHD__gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos],
- size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto error;
- }
- pos += size;
-
- return 0;
-
-error:
- MHD__gnutls_free_datum (&info->dh.prime);
- MHD__gnutls_free_datum (&info->dh.generator);
- MHD__gnutls_free_datum (&info->dh.public_key);
- return ret;
-}
-#endif
-
-
-/* Packs the security parameters.
- */
-
-/* Format:
- * 4 bytes the total security data size
- * 1 byte the entity type (client/server)
- * 1 byte the key exchange algorithm used
- * 1 byte the read cipher algorithm
- * 1 byte the read mac algorithm
- * 1 byte the read compression algorithm
- *
- * 1 byte the write cipher algorithm
- * 1 byte the write mac algorithm
- * 1 byte the write compression algorithm
- *
- * 1 byte the certificate type
- * 1 byte the protocol version
- *
- * 2 bytes the cipher suite
- *
- * 48 bytes the master secret
- *
- * 32 bytes the client random
- * 32 bytes the server random
- *
- * 1 byte the session ID size
- * x bytes the session ID (32 bytes max)
- *
- * 4 bytes a timestamp
- * -------------------
- * MAX: 165 bytes
- *
- * EXTENSIONS:
- * 2 bytes the record send size
- * 2 bytes the record recv size
- *
- * 1 byte the SRP username size
- * x bytes the SRP username (MAX_SRP_USERNAME)
- *
- * 2 bytes the number of server name extensions (up to MAX_SERVER_NAME_EXTENSIONS)
- * 1 byte the first name type
- * 2 bytes the size of the first name
- * x bytes the first name (MAX_SERVER_NAME_SIZE)
- * and so on...
- *
- * --------------------
- * MAX: 7+MAX_SRP_USERNAME+MAX_SERVER_NAME_EXTENSIONS*(3+MAX_SERVER_NAME_SIZE)
- */
-static int
-pack_security_parameters (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * packed_session)
-{
- int pos = 0;
- size_t len, init, i;
-
- /* move after the auth info stuff.
- */
- init =
- MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]) + 4 +
- PACK_HEADER_SIZE;
-
- pos = init + 4; /* make some space to write later the size */
-
- packed_session->data[pos++] = session->security_parameters.entity;
- packed_session->data[pos++] = session->security_parameters.kx_algorithm;
- packed_session->data[pos++] =
- session->security_parameters.read_bulk_cipher_algorithm;
- packed_session->data[pos++] =
- session->security_parameters.read_mac_algorithm;
- packed_session->data[pos++] =
- session->security_parameters.read_compression_algorithm;
- packed_session->data[pos++] =
- session->security_parameters.write_bulk_cipher_algorithm;
- packed_session->data[pos++] =
- session->security_parameters.write_mac_algorithm;
- packed_session->data[pos++] =
- session->security_parameters.write_compression_algorithm;
- packed_session->data[pos++] =
- session->security_parameters.current_cipher_suite.suite[0];
- packed_session->data[pos++] =
- session->security_parameters.current_cipher_suite.suite[1];
-
- packed_session->data[pos++] = session->security_parameters.cert_type;
- packed_session->data[pos++] = session->security_parameters.version;
-
- memcpy (&packed_session->data[pos],
- session->security_parameters.master_secret, TLS_MASTER_SIZE);
- pos += TLS_MASTER_SIZE;
-
- memcpy (&packed_session->data[pos],
- session->security_parameters.client_random, TLS_RANDOM_SIZE);
- pos += TLS_RANDOM_SIZE;
- memcpy (&packed_session->data[pos],
- session->security_parameters.server_random, TLS_RANDOM_SIZE);
- pos += TLS_RANDOM_SIZE;
-
- packed_session->data[pos++] = session->security_parameters.session_id_size;
- memcpy (&packed_session->data[pos], session->security_parameters.session_id,
- session->security_parameters.session_id_size);
- pos += session->security_parameters.session_id_size;
-
- MHD_gtls_write_uint32 (session->security_parameters.timestamp,
- &packed_session->data[pos]);
- pos += 4;
-
- /* Extensions */
- MHD_gtls_write_uint16 (session->security_parameters.max_record_send_size,
- &packed_session->data[pos]);
- pos += 2;
-
- MHD_gtls_write_uint16 (session->security_parameters.max_record_recv_size,
- &packed_session->data[pos]);
- pos += 2;
-
- /* SRP */
- len =
- strlen ((char *) session->security_parameters.extensions.srp_username);
- packed_session->data[pos++] = len;
- memcpy (&packed_session->data[pos],
- session->security_parameters.extensions.srp_username, len);
- pos += len;
-
- MHD_gtls_write_uint16 (session->security_parameters.
- extensions.server_names_size,
- &packed_session->data[pos]);
- pos += 2;
-
- for (i = 0; i < session->security_parameters.extensions.server_names_size;
- i++)
- {
- packed_session->data[pos++] =
- session->security_parameters.extensions.server_names[i].type;
- MHD_gtls_write_uint16 (session->security_parameters.
- extensions.server_names[i].name_length,
- &packed_session->data[pos]);
- pos += 2;
-
- memcpy (&packed_session->data[pos],
- session->security_parameters.extensions.server_names[i].name,
- session->security_parameters.extensions.
- server_names[i].name_length);
- pos +=
- session->security_parameters.extensions.server_names[i].name_length;
- }
-
- /* write the total size */
- MHD_gtls_write_uint32 (pos - init - 4, &packed_session->data[init]);
- packed_session->size += pos - init;
-
- return 0;
-}
-
-
-static int
-unpack_security_parameters (MHD_gtls_session_t session,
- const MHD_gnutls_datum_t * packed_session)
-{
- size_t pack_size, init, i;
- int pos = 0, len;
- time_t timestamp = time (0);
-
-
- /* skip the auth info stuff */
- init =
- MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]) + 4 +
- PACK_HEADER_SIZE;
-
- pos = init;
-
- pack_size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
-
-
- if (pack_size == 0)
- return GNUTLS_E_INVALID_REQUEST;
-
- /* a simple check for integrity */
- if (pack_size > MAX_SEC_PARAMS)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- session->internals.resumed_security_parameters.entity =
- packed_session->data[pos++];
- session->internals.resumed_security_parameters.kx_algorithm =
- packed_session->data[pos++];
- session->internals.resumed_security_parameters.read_bulk_cipher_algorithm =
- packed_session->data[pos++];
- session->internals.resumed_security_parameters.read_mac_algorithm =
- packed_session->data[pos++];
- session->internals.resumed_security_parameters.read_compression_algorithm =
- packed_session->data[pos++];
- session->internals.resumed_security_parameters.write_bulk_cipher_algorithm =
- packed_session->data[pos++];
- session->internals.resumed_security_parameters.write_mac_algorithm =
- packed_session->data[pos++];
- session->internals.resumed_security_parameters.write_compression_algorithm =
- packed_session->data[pos++];
- session->internals.resumed_security_parameters.
- current_cipher_suite.suite[0] = packed_session->data[pos++];
- session->internals.resumed_security_parameters.
- current_cipher_suite.suite[1] = packed_session->data[pos++];
-
- session->internals.resumed_security_parameters.cert_type =
- packed_session->data[pos++];
- session->internals.resumed_security_parameters.version =
- packed_session->data[pos++];
-
- memcpy (session->internals.resumed_security_parameters.master_secret,
- &packed_session->data[pos], TLS_MASTER_SIZE);
- pos += TLS_MASTER_SIZE;
-
- memcpy (session->internals.resumed_security_parameters.client_random,
- &packed_session->data[pos], TLS_RANDOM_SIZE);
- pos += TLS_RANDOM_SIZE;
- memcpy (session->internals.resumed_security_parameters.server_random,
- &packed_session->data[pos], TLS_RANDOM_SIZE);
- pos += TLS_RANDOM_SIZE;
-
- session->internals.resumed_security_parameters.session_id_size =
- packed_session->data[pos++];
- memcpy (session->internals.resumed_security_parameters.session_id,
- &packed_session->data[pos],
- session->internals.resumed_security_parameters.session_id_size);
- pos += session->internals.resumed_security_parameters.session_id_size;
-
- session->internals.resumed_security_parameters.timestamp =
- MHD_gtls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
-
- if (timestamp - session->internals.resumed_security_parameters.timestamp >
- session->internals.expire_time
- || session->internals.resumed_security_parameters.timestamp > timestamp)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_EXPIRED;
- }
-
- /* Extensions */
- session->internals.resumed_security_parameters.max_record_send_size =
- MHD_gtls_read_uint16 (&packed_session->data[pos]);
- pos += 2;
-
- session->internals.resumed_security_parameters.max_record_recv_size =
- MHD_gtls_read_uint16 (&packed_session->data[pos]);
- pos += 2;
-
-
- /* SRP */
- len = packed_session->data[pos++]; /* srp username length */
- memcpy (session->internals.resumed_security_parameters.
- extensions.srp_username, &packed_session->data[pos], len);
- session->internals.resumed_security_parameters.
- extensions.srp_username[len] = 0;
- pos += len;
-
- session->internals.resumed_security_parameters.
- extensions.server_names_size =
- MHD_gtls_read_uint16 (&packed_session->data[pos]);
- pos += 2;
- for (i = 0;
- i <
- session->internals.resumed_security_parameters.
- extensions.server_names_size; i++)
- {
- session->internals.resumed_security_parameters.
- extensions.server_names[i].type = packed_session->data[pos++];
- session->internals.resumed_security_parameters.
- extensions.server_names[i].name_length =
- MHD_gtls_read_uint16 (&packed_session->data[pos]);
- pos += 2;
-
- memcpy (session->internals.resumed_security_parameters.
- extensions.server_names[i].name, &packed_session->data[pos],
- session->internals.resumed_security_parameters.
- extensions.server_names[i].name_length);
- pos +=
- session->internals.resumed_security_parameters.
- extensions.server_names[i].name_length;
- }
- return 0;
-}
diff --git a/src/daemon/https/tls/gnutls_session_pack.h b/src/daemon/https/tls/gnutls_session_pack.h
@@ -1,28 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-int MHD_gtls_session_pack (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * packed_session);
-int MHD_gtls_session_unpack (MHD_gtls_session_t session,
- const MHD_gnutls_datum_t * packed_session);
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c
@@ -89,18 +89,6 @@ MHD_gnutls_kx_get (MHD_gtls_session_t session)
}
/**
- * MHD_gnutls_mac_get - Returns the currently used mac algorithm.
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Returns: the currently used mac algorithm.
- **/
-enum MHD_GNUTLS_HashAlgorithm
-MHD_gnutls_mac_get (MHD_gtls_session_t session)
-{
- return session->security_parameters.read_mac_algorithm;
-}
-
-/**
* MHD_gnutls_compression_get - Returns the currently used compression algorithm.
* @session: is a #MHD_gtls_session_t structure.
*
@@ -322,13 +310,6 @@ MHD__gnutls_init (MHD_gtls_session_t * session,
return 0;
}
-/* returns RESUME_FALSE or RESUME_TRUE.
- */
-int
-MHD_gtls_session_is_resumable (MHD_gtls_session_t session)
-{
- return session->internals.resumable;
-}
/**
* MHD__gnutls_deinit - This function clears all buffers associated with a session
@@ -607,29 +588,6 @@ MHD__gnutls_record_set_default_version (MHD_gtls_session_t session,
session->internals.default_record_version[1] = minor;
}
-/**
- * MHD_gtls_handshake_set_private_extensions - Used to enable the private cipher suites
- * @session: is a #MHD_gtls_session_t structure.
- * @allow: is an integer (0 or 1)
- *
- * This function will enable or disable the use of private cipher
- * suites (the ones that start with 0xFF). By default or if @allow
- * is 0 then these cipher suites will not be advertized nor used.
- *
- * Unless this function is called with the option to allow (1), then
- * no compression algorithms, like LZO. That is because these
- * algorithms are not yet defined in any RFC or even internet draft.
- *
- * Enabling the private ciphersuites when talking to other than
- * gnutls servers and clients may cause interoperability problems.
- **/
-void
-MHD_gtls_handshake_set_private_extensions (MHD_gtls_session_t session,
- int allow)
-{
- session->internals.enable_private = allow;
-}
-
inline static int
MHD__gnutls_cal_PRF_A (enum MHD_GNUTLS_HashAlgorithm algorithm,
const void *secret,
@@ -834,208 +792,6 @@ MHD_gtls_PRF (MHD_gtls_session_t session,
}
-/**
- * MHD__gnutls_prf_raw - access the TLS PRF directly
- * @session: is a #MHD_gtls_session_t structure.
- * @label_size: length of the @label variable.
- * @label: label used in PRF computation, typically a short string.
- * @seed_size: length of the @seed variable.
- * @seed: optional extra data to seed the PRF with.
- * @outsize: size of pre-allocated output buffer to hold the output.
- * @out: pre-allocate buffer to hold the generated data.
- *
- * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
- * on some data.
- *
- * The @label variable usually contain a string denoting the purpose
- * for the generated data. The @seed usually contain data such as the
- * client and server random, perhaps together with some additional
- * data that is added to guarantee uniqueness of the output for a
- * particular purpose.
- *
- * Because the output is not guaranteed to be unique for a particular
- * session unless @seed include the client random and server random
- * fields (the PRF would output the same data on another connection
- * resumed from the first one), it is not recommended to use this
- * function directly. The MHD__gnutls_prf() function seed the PRF with the
- * client and server random fields directly, and is recommended if you
- * want to generate pseudo random data unique for each session.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
- **/
-int
-MHD__gnutls_prf_raw (MHD_gtls_session_t session,
- size_t label_size,
- const char *label,
- size_t seed_size, const char *seed, size_t outsize,
- char *out)
-{
- int ret;
-
- ret = MHD_gtls_PRF (session, session->security_parameters.master_secret,
- TLS_MASTER_SIZE, label, label_size, (opaque *) seed,
- seed_size, outsize, out);
-
- return ret;
-}
-
-/**
- * MHD__gnutls_prf - derive pseudo-random data using the TLS PRF
- * @session: is a #MHD_gtls_session_t structure.
- * @label_size: length of the @label variable.
- * @label: label used in PRF computation, typically a short string.
- * @server_random_first: non-0 if server random field should be first in seed
- * @extra_size: length of the @extra variable.
- * @extra: optional extra data to seed the PRF with.
- * @outsize: size of pre-allocated output buffer to hold the output.
- * @out: pre-allocate buffer to hold the generated data.
- *
- * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
- * on some data, seeded with the client and server random fields.
- *
- * The @label variable usually contain a string denoting the purpose
- * for the generated data. The @server_random_first indicate whether
- * the client random field or the server random field should be first
- * in the seed. Non-0 indicate that the server random field is first,
- * 0 that the client random field is first.
- *
- * The @extra variable can be used to add more data to the seed, after
- * the random variables. It can be used to tie make sure the
- * generated output is strongly connected to some additional data
- * (e.g., a string used in user authentication).
- *
- * The output is placed in *@OUT, which must be pre-allocated.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
- **/
-int
-MHD__gnutls_prf (MHD_gtls_session_t session,
- size_t label_size,
- const char *label,
- int server_random_first,
- size_t extra_size, const char *extra, size_t outsize,
- char *out)
-{
- int ret;
- opaque *seed;
- size_t seedsize = 2 * TLS_RANDOM_SIZE + extra_size;
-
- seed = MHD_gnutls_malloc (seedsize);
- if (!seed)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- memcpy (seed,
- server_random_first ? session->security_parameters.server_random
- : session->security_parameters.client_random, TLS_RANDOM_SIZE);
- memcpy (seed + TLS_RANDOM_SIZE,
- server_random_first ? session->security_parameters.client_random
- : session->security_parameters.server_random, TLS_RANDOM_SIZE);
-
- memcpy (seed + 2 * TLS_RANDOM_SIZE, extra, extra_size);
-
- ret = MHD_gtls_PRF (session, session->security_parameters.master_secret,
- TLS_MASTER_SIZE, label, label_size, seed, seedsize,
- outsize, out);
-
- MHD_gnutls_free (seed);
-
- return ret;
-}
-
-/**
- * MHD_gtls_session_get_client_random - get the session's client random value
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Return a pointer to the 32-byte client random field used in the
- * session. The pointer must not be modified or deallocated.
- *
- * If a client random value has not yet been established, the output
- * will be garbage; in particular, a %NULL return value should not be
- * expected.
- *
- * Returns: pointer to client random data.
- **/
-const void *
-MHD_gtls_session_get_client_random (MHD_gtls_session_t session)
-{
- return (char *) session->security_parameters.client_random;
-}
-
-/**
- * MHD_gtls_session_get_server_random - get the session's server random value
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Return a pointer to the 32-byte server random field used in the
- * session. The pointer must not be modified or deallocated.
- *
- * If a server random value has not yet been established, the output
- * will be garbage; in particular, a %NULL return value should not be
- * expected.
- *
- * Returns: pointer to server random data.
- **/
-const void *
-MHD_gtls_session_get_server_random (MHD_gtls_session_t session)
-{
- return (char *) session->security_parameters.server_random;
-}
-
-/**
- * MHD_gtls_session_get_master_secret - get the session's master secret value
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Return a pointer to the 48-byte master secret in the session. The
- * pointer must not be modified or deallocated.
- *
- * If a master secret value has not yet been established, the output
- * will be garbage; in particular, a %NULL return value should not be
- * expected.
- *
- * Consider using MHD__gnutls_prf() rather than extracting the master
- * secret and use it to derive further data.
- *
- * Returns: pointer to master secret data.
- **/
-const void *
-MHD_gtls_session_get_master_secret (MHD_gtls_session_t session)
-{
- return (char *) session->security_parameters.master_secret;
-}
-
-/**
- * MHD_gtls_session_is_resumed - Used to check whether this session is a resumed one
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Returns: non zero if this session is resumed, or a zero if this is
- * a new session.
- **/
-int
-MHD_gtls_session_is_resumed (MHD_gtls_session_t session)
-{
-#if MHD_DEBUG_TLS
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- if (session->security_parameters.session_id_size > 0
- && session->security_parameters.session_id_size
- == session->internals.resumed_security_parameters.session_id_size
- && memcmp (session->security_parameters.session_id,
- session->internals.
- resumed_security_parameters.session_id,
- session->security_parameters.session_id_size) == 0)
- return 1;
- }
- else
-#endif
- {
- if (session->internals.resumed == RESUME_TRUE)
- return 1;
- }
-
- return 0;
-}
/*-
* MHD_gtls_session_is_export - Used to check whether this session is of export grade
@@ -1060,34 +816,6 @@ MHD_gtls_session_is_export (MHD_gtls_session_t session)
}
/**
- * MHD_gtls_session_get_ptr - Used to get the user pointer from the session structure
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Returns: the user given pointer from the session structure. This
- * is the pointer set with MHD__gnutls_session_set_ptr().
- **/
-void *
-MHD_gtls_session_get_ptr (MHD_gtls_session_t session)
-{
- return session->internals.user_ptr;
-}
-
-/**
- * MHD__gnutls_session_set_ptr - Used to set the user pointer to the session structure
- * @session: is a #MHD_gtls_session_t structure.
- * @ptr: is the user pointer
- *
- * This function will set (associate) the user given pointer to the
- * session structure. This is pointer can be accessed with
- * MHD_gtls_session_get_ptr().
- **/
-void
-MHD__gnutls_session_set_ptr (MHD_gtls_session_t session, void *ptr)
-{
- session->internals.user_ptr = ptr;
-}
-
-/**
* MHD__gnutls_record_get_direction - This function will return the direction of the last interrupted function call
* @session: is a #MHD_gtls_session_t structure.
*
@@ -1110,52 +838,3 @@ MHD__gnutls_record_get_direction (MHD_gtls_session_t session)
return session->internals.direction;
}
-/*-
- * MHD__gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS
- * @session: is a #MHD_gtls_session_t structure.
- * @major: is the major version to use
- * @minor: is the minor version to use
- *
- * This function will set the given version number to be used at the
- * RSA PMS secret. This is only useful to clients, which want to
- * test server's capabilities.
- *
- -*/
-void
-MHD__gnutls_rsa_pms_set_version (MHD_gtls_session_t session,
- unsigned char major, unsigned char minor)
-{
- session->internals.rsa_pms_version[0] = major;
- session->internals.rsa_pms_version[1] = minor;
-}
-
-/**
- * MHD__gnutls_handshake_set_post_client_hello_function - This function will a callback to be called after the client hello is received
- * @res: is a MHD_gtls_anon_server_credentials_t structure
- * @func: is the function to be called
- *
- * This function will set a callback to be called after the client
- * hello has been received (callback valid in server side only). This
- * allows the server to adjust settings based on received extensions.
- *
- * Those settings could be ciphersuites, requesting certificate, or
- * anything else except for version negotiation (this is done before
- * the hello message is parsed).
- *
- * This callback must return 0 on success or a gnutls error code to
- * terminate the handshake.
- *
- * NOTE: You should not use this function to terminate the handshake
- * based on client input unless you know what you are doing. Before
- * the handshake is finished there is no way to know if there is a
- * man-in-the-middle attack being performed.
- *
- **/
-void
-MHD__gnutls_handshake_set_post_client_hello_function (MHD_gtls_session_t
- session,
- MHD_gnutls_handshake_post_client_hello_func
- func)
-{
- session->internals.user_hello_func = func;
-}
diff --git a/src/daemon/https/tls/gnutls_str.c b/src/daemon/https/tls/gnutls_str.c
@@ -73,24 +73,6 @@ MHD_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src)
}
void
-MHD_gtls_mem_cpy (char *dest,
- size_t dest_tot_size, const char *src, size_t src_size)
-{
-
- if (dest_tot_size >= src_size)
- {
- memcpy (dest, src, src_size);
- }
- else
- {
- if (dest_tot_size > 0)
- {
- memcpy (dest, src, dest_tot_size);
- }
- }
-}
-
-void
MHD_gtls_string_init (MHD_gtls_string * str,
MHD_gnutls_alloc_function alloc_func,
MHD_gnutls_realloc_function realloc_func,
@@ -117,83 +99,8 @@ MHD_gtls_string_clear (MHD_gtls_string * str)
str->length = 0;
}
-/* This one does not copy the string.
- */
-MHD_gnutls_datum_t
-MHD_gtls_string2datum (MHD_gtls_string * str)
-{
- MHD_gnutls_datum_t ret;
-
- ret.data = str->data;
- ret.size = str->length;
-
- return ret;
-}
-
#define MIN_CHUNK 256
-int
-MHD_gtls_string_copy_str (MHD_gtls_string * dest, const char *src)
-{
- size_t src_len = strlen (src);
- size_t max;
- if (dest->max_length >= src_len)
- {
- memcpy (dest->data, src, src_len);
- dest->length = src_len;
-
- return src_len;
- }
- else
- {
- max = (src_len > MIN_CHUNK) ? src_len : MIN_CHUNK;
- dest->data = dest->realloc_func (dest->data, max);
- if (dest->data == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- dest->max_length = MAX (MIN_CHUNK, src_len);
-
- memcpy (dest->data, src, src_len);
- dest->length = src_len;
-
- return src_len;
- }
-}
-
-int
-MHD_gtls_string_append_str (MHD_gtls_string * dest, const char *src)
-{
- size_t src_len = strlen (src);
- size_t tot_len = src_len + dest->length;
-
- if (dest->max_length >= tot_len)
- {
- memcpy (&dest->data[dest->length], src, src_len);
- dest->length = tot_len;
-
- return tot_len;
- }
- else
- {
- size_t new_len =
- MAX (src_len, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK);
-
- dest->data = dest->realloc_func (dest->data, new_len);
- if (dest->data == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- dest->max_length = new_len;
-
- memcpy (&dest->data[dest->length], src, src_len);
- dest->length = tot_len;
-
- return tot_len;
- }
-}
int
MHD_gtls_string_append_data (MHD_gtls_string * dest,
@@ -249,39 +156,3 @@ MHD_gtls_bin2hex (const void *_old,
return buffer;
}
-/* just a hex2bin function.
- */
-int
-MHD_gtls_hex2bin (const opaque * hex_data,
- int hex_size, opaque * bin_data, size_t * bin_size)
-{
- int i, j;
- opaque hex2_data[3];
- unsigned long val;
-
- /* FIXME: we don't handle whitespace.
- */
- hex_size /= 2;
-
- if (*bin_size < (size_t) hex_size)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- for (i = j = 0; j < hex_size; i += 2, j++)
- {
- hex2_data[0] = hex_data[i];
- hex2_data[1] = hex_data[i + 1];
- hex2_data[2] = 0;
- val = strtoul ((char *) hex2_data, NULL, 16);
- if (val == ULONG_MAX)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_SRP_PWD_PARSING_ERROR;
- }
- bin_data[j] = val;
- }
-
- return 0;
-}
diff --git a/src/daemon/https/tls/gnutls_str.h b/src/daemon/https/tls/gnutls_str.h
@@ -28,8 +28,6 @@
#include <gnutls_int.h>
void MHD_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src);
-void MHD_gtls_mem_cpy (char *dest, size_t dest_tot_size, const char *src,
- size_t src_size);
void MHD_gtls_str_cat (char *dest, size_t dest_tot_size, const char *src);
typedef struct
@@ -47,18 +45,9 @@ void MHD_gtls_string_init (MHD_gtls_string *, MHD_gnutls_alloc_function,
MHD_gnutls_free_function);
void MHD_gtls_string_clear (MHD_gtls_string *);
-/* Beware, do not clear the string, after calling this
- * function
- */
-MHD_gnutls_datum_t MHD_gtls_string2datum (MHD_gtls_string * str);
-
-int MHD_gtls_string_copy_str (MHD_gtls_string * dest, const char *src);
-int MHD_gtls_string_append_str (MHD_gtls_string *, const char *str);
int MHD_gtls_string_append_data (MHD_gtls_string *, const void *data,
size_t data_size);
char *MHD_gtls_bin2hex (const void *old, size_t oldlen, char *buffer,
size_t buffer_size);
-int MHD_gtls_hex2bin (const opaque * hex_data, int hex_size,
- opaque * bin_data, size_t * bin_size);
#endif
diff --git a/src/daemon/https/tls/gnutls_supplemental.c b/src/daemon/https/tls/gnutls_supplemental.c
@@ -67,18 +67,6 @@ MHD_gnutls_supplemental_entry MHD__gnutls_supplemental[] = {
{0, 0, 0, 0}
};
-const char *
-MHD_gtls_supplemental_get_name (MHD_gnutls_supplemental_data_format_type_t
- type)
-{
- MHD_gnutls_supplemental_entry *p;
-
- for (p = MHD__gnutls_supplemental; p->name != NULL; p++)
- if (p->type == type)
- return p->name;
-
- return NULL;
-}
static supp_recv_func
get_supp_func_recv (MHD_gnutls_supplemental_data_format_type_t type)
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
@@ -547,16 +547,6 @@ enum MHD_GNUTLS_CredentialsType
*/
MHD_GNUTLS_CRD_CERTIFICATE = 1,
- /**
- * Use SRP (password-based authentication).
- */
- MHD_GNUTLS_CRD_SRP,
-
- /**
- * Use PSK (pre-shared keys).
- */
- MHD_GNUTLS_CRD_PSK,
-
};
/**
