commit 5acebb923438051ccfa4841341ef4fa882e4d480
parent 31ca44a13c054e7b691d8757a79caffb22b31511
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 16 Nov 2008 06:50:40 +0000
more DCE
Diffstat:
16 files changed, 81 insertions(+), 2250 deletions(-)
diff --git a/README b/README
@@ -79,6 +79,9 @@ Missing features:
instead of linking against it
- Make sure SSL works on non-GNU/Linux platforms
+- MHD_tls_connection_close is not called in any testcase!???
+ (is it used properly in the code!?)
+
Untested features:
==================
@@ -94,6 +97,16 @@ Untested features:
- more testing for SSL support
+Functions not covered by "make check":
+======================================
+- MHD_get_connection_values is not called in any testcase
+- MHD_set_connection_value is not called in any testcase
+- parse_cookie_header is not tested by any testcase
+- parse_arguments is not tested by any testcase
+- MHD_del_response_header is not called by any testcase
+- MHD_get_response_headers is not called by any testcase
+
+
Missing documentation:
======================
diff --git a/src/daemon/Makefile.am b/src/daemon/Makefile.am
@@ -1,19 +1,11 @@
-# including '.' mixes up build order when HTTPS is enabled.
-SUBDIRS =
-
-if USE_COVERAGE
- AM_CFLAGS = -fprofile-arcs -ftest-coverage
-endif
-
AM_CPPFLAGS = \
--I$(top_srcdir)/src/include \
--I$(top_srcdir)/src/daemon \
--I$(top_srcdir)/src/daemon/https/lgl \
--I$(top_srcdir)/src/daemon/https/x509 \
--I$(top_srcdir)/src/daemon/https/minitasn1 \
--I$(top_srcdir)/src/daemon/https/tls \
--I$(top_srcdir)/src/daemon/https \
--I$(GCRYPT_CPPFLAGS)
+ -I$(top_srcdir)/src/include \
+ -I$(top_srcdir)/src/daemon \
+ -I$(top_srcdir)/src/daemon/https/lgl \
+ -I$(top_srcdir)/src/daemon/https/x509 \
+ -I$(top_srcdir)/src/daemon/https/minitasn1 \
+ -I$(top_srcdir)/src/daemon/https/tls \
+ -I$(top_srcdir)/src/daemon/https
if HAVE_GNU_LD
# If you want to debug with gdb, comment out this line:
@@ -26,20 +18,26 @@ lib_LTLIBRARIES = \
libmicrohttpd.la
libmicrohttpd_la_SOURCES = \
-connection.c connection.h \
-reason_phrase.c reason_phrase.h \
-daemon.c \
-internal.c internal.h \
-memorypool.c memorypool.h \
-postprocessor.c \
-response.c response.h
+ connection.c connection.h \
+ reason_phrase.c reason_phrase.h \
+ daemon.c \
+ internal.c internal.h \
+ memorypool.c memorypool.h \
+ postprocessor.c \
+ response.c response.h
libmicrohttpd_la_LDFLAGS = \
- -export-dynamic -version-info 4:3:0 $(retaincommand)
+ -version-info 4:3:0 \
+ -export-dynamic $(retaincommand)
+
+if USE_COVERAGE
+ AM_CFLAGS = --coverage
+endif
if ENABLE_HTTPS
-SUBDIRS += https .
-libmicrohttpd_la_SOURCES += connection_https.c connection_https.h
+SUBDIRS = https .
+libmicrohttpd_la_SOURCES += \
+ connection_https.c connection_https.h
libmicrohttpd_la_LIBADD = \
https/lgl/liblgl.la \
https/x509/libx509.la \
@@ -47,7 +45,6 @@ libmicrohttpd_la_LIBADD = \
https/minitasn1/libasn1.la
endif
-
check_PROGRAMS = \
postprocessor_test \
postprocessor_large_test \
diff --git a/src/daemon/https/lgl/Makefile.am b/src/daemon/https/lgl/Makefile.am
@@ -1,10 +1,5 @@
-SUBDIRS = .
-
-AM_CPPFLAGS = -std=c99 \
--I$(top_srcdir)/src/include \
--I$(GCRYPT_CPPFLAGS)
-
-# gc-gnulib.c
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/include
if USE_COVERAGE
AM_CFLAGS = -fprofile-arcs -ftest-coverage
@@ -13,18 +8,16 @@ endif
noinst_LTLIBRARIES = liblgl.la
liblgl_la_LDFLAGS = -lgcrypt
-# liblgl_la_LIBADD = ./gc-libgcrypt.lo
-
liblgl_la_SOURCES = \
-sha1.c sha1.h \
-gc-libgcrypt.c \
-rijndael-api-fst.c rijndael-api-fst.h \
-gc-pbkdf2-sha1.c gc.h \
-rijndael-alg-fst.c rijndael-alg-fst.h \
-hmac-md5.c hmac.h \
-hmac-sha1.c \
-memxor.c memxor.h\
-strverscmp.c strverscmp.h \
-md5.c md5.h \
-des.c des.h
+ sha1.c sha1.h \
+ gc-libgcrypt.c \
+ rijndael-api-fst.c rijndael-api-fst.h \
+ gc-pbkdf2-sha1.c gc.h \
+ rijndael-alg-fst.c rijndael-alg-fst.h \
+ hmac-md5.c hmac.h \
+ hmac-sha1.c \
+ memxor.c memxor.h\
+ strverscmp.c strverscmp.h \
+ md5.c md5.h
+
diff --git a/src/daemon/https/lgl/des.c b/src/daemon/https/lgl/des.c
@@ -1,559 +0,0 @@
-/* des.c --- DES and Triple-DES encryption/decryption Algorithm
- * Copyright (C) 1998, 1999, 2001, 2002, 2003, 2004, 2005, 2006, 2007
- * Free Software Foundation, Inc.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2.1, or (at your
- * option) any later version.
- *
- * This file is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- *
- */
-
-/* Adapted for gnulib by Simon Josefsson, based on Libgcrypt. */
-
-/*
- * For a description of triple encryption, see:
- * Bruce Schneier: Applied Cryptography. Second Edition.
- * John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
- * This implementation is according to the definition of DES in FIPS
- * PUB 46-2 from December 1993.
- *
- * Written by Michael Roth <mroth@nessie.de>, September 1998
- */
-
-/*
- * U S A G E
- * ===========
- *
- * For DES or Triple-DES encryption/decryption you must initialize a proper
- * encryption context with a key.
- *
- * A DES key is 64bit wide but only 56bits of the key are used. The remaining
- * bits are parity bits and they will _not_ checked in this implementation, but
- * simply ignored.
- *
- * For Triple-DES you could use either two 64bit keys or three 64bit keys.
- * The parity bits will _not_ checked, too.
- *
- * After initializing a context with a key you could use this context to
- * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
- *
- * DES Example
- * -----------
- * unsigned char key[8];
- * unsigned char plaintext[8];
- * unsigned char ciphertext[8];
- * unsigned char recoverd[8];
- * MHD_gl_des_ctx context;
- *
- * // Fill 'key' and 'plaintext' with some data
- * ....
- *
- * // Set up the DES encryption context
- * MHD_gl_des_setkey(&context, key);
- *
- * // Encrypt the plaintext
- * des_ecb_encrypt(&context, plaintext, ciphertext);
- *
- * // To recover the orginal plaintext from ciphertext use:
- * des_ecb_decrypt(&context, ciphertext, recoverd);
- *
- *
- * Triple-DES Example
- * ------------------
- * unsigned char key1[8];
- * unsigned char key2[8];
- * unsigned char key3[8];
- * unsigned char plaintext[8];
- * unsigned char ciphertext[8];
- * unsigned char recoverd[8];
- * MHD_gl_3des_ctx context;
- *
- * // Encrypting plaintext with Triple-DES
- * MHD_gl_3des_ecb_encrypt(&context, plaintext, ciphertext);
- *
- * // Decrypting ciphertext to recover the plaintext with Triple-DES
- * MHD_gl_3des_ecb_decrypt(&context, ciphertext, recoverd);
- */
-
-
-#include "MHD_config.h"
-
-#include "des.h"
-
-#include <stdio.h>
-#include <string.h> /* memcpy, memcmp */
-
-/*
- * The s-box values are permuted according to the 'primitive function P'
- * and are rotated one bit to the left.
- */
-static const uint32_t sbox1[64] = {
- 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404,
- 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400,
- 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400,
- 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
- 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404,
- 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000,
- 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000,
- 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
- 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404,
- 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000,
- 0x00010004, 0x00010400, 0x00000000, 0x01010004
-};
-
-static const uint32_t sbox2[64] = {
- 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020,
- 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000,
- 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020,
- 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
- 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000,
- 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000,
- 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000,
- 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
- 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020,
- 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020,
- 0x80000000, 0x80100020, 0x80108020, 0x00108000
-};
-
-static const uint32_t sbox3[64] = {
- 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000,
- 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000,
- 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008,
- 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
- 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208,
- 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208,
- 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008,
- 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
- 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208,
- 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000,
- 0x00020208, 0x00000008, 0x08020008, 0x00020200
-};
-
-static const uint32_t sbox4[64] = {
- 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081,
- 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081,
- 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000,
- 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
- 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080,
- 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081,
- 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080,
- 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
- 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001,
- 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001,
- 0x00000080, 0x00800000, 0x00002000, 0x00802080
-};
-
-static const uint32_t sbox5[64] = {
- 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100,
- 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100,
- 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000,
- 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
- 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000,
- 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000,
- 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000,
- 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
- 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000,
- 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000,
- 0x00000000, 0x40080000, 0x02080100, 0x40000100
-};
-
-static const uint32_t sbox6[64] = {
- 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010,
- 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010,
- 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010,
- 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
- 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000,
- 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000,
- 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000,
- 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
- 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000,
- 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000,
- 0x20404000, 0x20000000, 0x00400010, 0x20004010
-};
-
-static const uint32_t sbox7[64] = {
- 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802,
- 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002,
- 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802,
- 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
- 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002,
- 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802,
- 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000,
- 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
- 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000,
- 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800,
- 0x04000002, 0x04000800, 0x00000800, 0x00200002
-};
-
-static const uint32_t sbox8[64] = {
- 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040,
- 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000,
- 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040,
- 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
- 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000,
- 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000,
- 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040,
- 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
- 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000,
- 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040,
- 0x00001040, 0x00040040, 0x10000000, 0x10041000
-};
-
-/*
- * These two tables are part of the 'permuted choice 1' function.
- * In this implementation several speed improvements are done.
- */
-static const uint32_t leftkey_swap[16] = {
- 0x00000000, 0x00000001, 0x00000100, 0x00000101,
- 0x00010000, 0x00010001, 0x00010100, 0x00010101,
- 0x01000000, 0x01000001, 0x01000100, 0x01000101,
- 0x01010000, 0x01010001, 0x01010100, 0x01010101
-};
-
-static const uint32_t rightkey_swap[16] = {
- 0x00000000, 0x01000000, 0x00010000, 0x01010000,
- 0x00000100, 0x01000100, 0x00010100, 0x01010100,
- 0x00000001, 0x01000001, 0x00010001, 0x01010001,
- 0x00000101, 0x01000101, 0x00010101, 0x01010101,
-};
-
-/*
- * Numbers of left shifts per round for encryption subkeys. To
- * calculate the decryption subkeys we just reverse the ordering of
- * the calculated encryption subkeys, so there is no need for a
- * decryption rotate tab.
- */
-static const unsigned char encrypt_rotate_tab[16] = {
- 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
-};
-
-/*
- * Table with weak DES keys sorted in ascending order. In DES there
- * are 64 known keys which are weak. They are weak because they
- * produce only one, two or four different subkeys in the subkey
- * scheduling process. The keys in this table have all their parity
- * bits cleared.
- */
-static const unsigned char weak_keys[64][8] = {
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /*w */
- {0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e},
- {0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0},
- {0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe},
- {0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e}, /*sw */
- {0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00},
- {0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe},
- {0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0},
- {0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0}, /*sw */
- {0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe},
- {0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00},
- {0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e},
- {0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe}, /*sw */
- {0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0},
- {0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e},
- {0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00},
- {0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e},
- {0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00}, /*sw */
- {0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe},
- {0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0},
- {0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00},
- {0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e}, /*w */
- {0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0},
- {0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe},
- {0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe},
- {0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0}, /*sw */
- {0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e},
- {0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00},
- {0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0},
- {0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe}, /*sw */
- {0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00},
- {0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e},
- {0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0},
- {0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe},
- {0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00}, /*sw */
- {0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e},
- {0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe},
- {0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0},
- {0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e}, /*sw */
- {0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00},
- {0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00},
- {0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e},
- {0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0}, /*w */
- {0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe},
- {0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e},
- {0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00},
- {0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe}, /*sw */
- {0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0},
- {0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe},
- {0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0},
- {0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e},
- {0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00}, /*sw */
- {0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0},
- {0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe},
- {0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00},
- {0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e}, /*sw */
- {0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e},
- {0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00},
- {0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe},
- {0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0}, /*sw */
- {0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00},
- {0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e},
- {0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0},
- {0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe} /*w */
-};
-
-/*
- * Macro to swap bits across two words.
- */
-#define DO_PERMUTATION(a, temp, b, offset, mask) \
- temp = ((a>>offset) ^ b) & mask; \
- b ^= temp; \
- a ^= temp<<offset;
-
-
-/*
- * This performs the 'initial permutation' of the data to be encrypted
- * or decrypted. Additionally the resulting two words are rotated one bit
- * to the left.
- */
-#define INITIAL_PERMUTATION(left, temp, right) \
- DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) \
- DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
- DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
- DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
- right = (right << 1) | (right >> 31); \
- temp = (left ^ right) & 0xaaaaaaaa; \
- right ^= temp; \
- left ^= temp; \
- left = (left << 1) | (left >> 31);
-
-/*
- * The 'inverse initial permutation'.
- */
-#define FINAL_PERMUTATION(left, temp, right) \
- left = (left << 31) | (left >> 1); \
- temp = (left ^ right) & 0xaaaaaaaa; \
- left ^= temp; \
- right ^= temp; \
- right = (right << 31) | (right >> 1); \
- DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
- DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
- DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
- DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
-
-
-/*
- * A full DES round including 'expansion function', 'sbox substitution'
- * and 'primitive function P' but without swapping the left and right word.
- * Please note: The data in 'from' and 'to' is already rotated one bit to
- * the left, done in the initial permutation.
- */
-#define DES_ROUND(from, to, work, subkey) \
- work = from ^ *subkey++; \
- to ^= sbox8[ work & 0x3f ]; \
- to ^= sbox6[ (work>>8) & 0x3f ]; \
- to ^= sbox4[ (work>>16) & 0x3f ]; \
- to ^= sbox2[ (work>>24) & 0x3f ]; \
- work = ((from << 28) | (from >> 4)) ^ *subkey++; \
- to ^= sbox7[ work & 0x3f ]; \
- to ^= sbox5[ (work>>8) & 0x3f ]; \
- to ^= sbox3[ (work>>16) & 0x3f ]; \
- to ^= sbox1[ (work>>24) & 0x3f ];
-
-/*
- * Macros to convert 8 bytes from/to 32bit words.
- */
-#define READ_64BIT_DATA(data, left, right) \
- left = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; \
- right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];
-
-#define WRITE_64BIT_DATA(data, left, right) \
- data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \
- data[2] = (left >> 8) &0xff; data[3] = left &0xff; \
- data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \
- data[6] = (right >> 8) &0xff; data[7] = right &0xff;
-
-/*
- * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for
- * 16 encryption rounds.
- * To calculate subkeys for decryption the caller
- * have to reorder the generated subkeys.
- *
- * rawkey: 8 Bytes of key data
- * subkey: Array of at least 32 uint32_ts. Will be filled
- * with calculated subkeys.
- *
- */
-static void
-des_key_schedule (const char *_rawkey, uint32_t * subkey)
-{
- const unsigned char *rawkey = (const unsigned char *) _rawkey;
- uint32_t left, right, work;
- int round;
-
- READ_64BIT_DATA (rawkey, left, right)
- DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
- DO_PERMUTATION (right, work, left, 0, 0x10101010)
- left = ((leftkey_swap[(left >> 0) & 0xf] << 3)
- | (leftkey_swap[(left >> 8) & 0xf] << 2)
- | (leftkey_swap[(left >> 16) & 0xf] << 1)
- | (leftkey_swap[(left >> 24) & 0xf])
- | (leftkey_swap[(left >> 5) & 0xf] << 7)
- | (leftkey_swap[(left >> 13) & 0xf] << 6)
- | (leftkey_swap[(left >> 21) & 0xf] << 5)
- | (leftkey_swap[(left >> 29) & 0xf] << 4));
-
- left &= 0x0fffffff;
-
- right = ((rightkey_swap[(right >> 1) & 0xf] << 3)
- | (rightkey_swap[(right >> 9) & 0xf] << 2)
- | (rightkey_swap[(right >> 17) & 0xf] << 1)
- | (rightkey_swap[(right >> 25) & 0xf])
- | (rightkey_swap[(right >> 4) & 0xf] << 7)
- | (rightkey_swap[(right >> 12) & 0xf] << 6)
- | (rightkey_swap[(right >> 20) & 0xf] << 5)
- | (rightkey_swap[(right >> 28) & 0xf] << 4));
-
- right &= 0x0fffffff;
-
- for (round = 0; round < 16; ++round)
- {
- left = ((left << encrypt_rotate_tab[round])
- | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
- right = ((right << encrypt_rotate_tab[round])
- | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
-
- *subkey++ = (((left << 4) & 0x24000000)
- | ((left << 28) & 0x10000000)
- | ((left << 14) & 0x08000000)
- | ((left << 18) & 0x02080000)
- | ((left << 6) & 0x01000000)
- | ((left << 9) & 0x00200000)
- | ((left >> 1) & 0x00100000)
- | ((left << 10) & 0x00040000)
- | ((left << 2) & 0x00020000)
- | ((left >> 10) & 0x00010000)
- | ((right >> 13) & 0x00002000)
- | ((right >> 4) & 0x00001000)
- | ((right << 6) & 0x00000800)
- | ((right >> 1) & 0x00000400)
- | ((right >> 14) & 0x00000200)
- | (right & 0x00000100)
- | ((right >> 5) & 0x00000020)
- | ((right >> 10) & 0x00000010)
- | ((right >> 3) & 0x00000008)
- | ((right >> 18) & 0x00000004)
- | ((right >> 26) & 0x00000002)
- | ((right >> 24) & 0x00000001));
-
- *subkey++ = (((left << 15) & 0x20000000)
- | ((left << 17) & 0x10000000)
- | ((left << 10) & 0x08000000)
- | ((left << 22) & 0x04000000)
- | ((left >> 2) & 0x02000000)
- | ((left << 1) & 0x01000000)
- | ((left << 16) & 0x00200000)
- | ((left << 11) & 0x00100000)
- | ((left << 3) & 0x00080000)
- | ((left >> 6) & 0x00040000)
- | ((left << 15) & 0x00020000)
- | ((left >> 4) & 0x00010000)
- | ((right >> 2) & 0x00002000)
- | ((right << 8) & 0x00001000)
- | ((right >> 14) & 0x00000808)
- | ((right >> 9) & 0x00000400)
- | ((right) & 0x00000200)
- | ((right << 7) & 0x00000100)
- | ((right >> 7) & 0x00000020)
- | ((right >> 3) & 0x00000011)
- | ((right << 2) & 0x00000004)
- | ((right >> 21) & 0x00000002));
- }
-}
-
-void
-MHD_gl_des_setkey (MHD_gl_des_ctx * ctx, const char *key)
-{
- int i;
-
- des_key_schedule (key, ctx->encrypt_subkeys);
-
- for (i = 0; i < 32; i += 2)
- {
- ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30 - i];
- ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[31 - i];
- }
-}
-
-void
-MHD_gl_des_ecb_crypt (MHD_gl_des_ctx * ctx, const char *_from, char *_to,
- int mode)
-{
- const unsigned char *from = (const unsigned char *) _from;
- unsigned char *to = (unsigned char *) _to;
- uint32_t left, right, work;
- uint32_t *keys;
-
- keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
-
-READ_64BIT_DATA (from, left, right)
- INITIAL_PERMUTATION (left, work, right)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- FINAL_PERMUTATION (right, work, left) WRITE_64BIT_DATA (to, right, left)}
-
-void
-MHD_gl_3des_ecb_crypt (MHD_gl_3des_ctx * ctx, const char *_from, char *_to,
- int mode)
-{
- const unsigned char *from = (const unsigned char *) _from;
- unsigned char *to = (unsigned char *) _to;
- uint32_t left, right, work;
- uint32_t *keys;
-
- keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
-
-READ_64BIT_DATA (from, left, right)
- INITIAL_PERMUTATION (left, work, right)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
- DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
- DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
- DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
- DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
- DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
- DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
- DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
- FINAL_PERMUTATION (right, work, left) WRITE_64BIT_DATA (to, right, left)}
-
diff --git a/src/daemon/https/lgl/des.h b/src/daemon/https/lgl/des.h
@@ -1,113 +0,0 @@
-/* des.h --- DES cipher implementation.
- * Copyright (C) 2005, 2007 Free Software Foundation, Inc.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2.1, or (at your
- * option) any later version.
- *
- * This file is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- *
- */
-
-/* Adapted for gnulib by Simon Josefsson, based on Libgcrypt. */
-
-#ifndef DES_H
-# define DES_H
-
-#include <stddef.h>
-#include <stdint.h>
-#include <stdbool.h>
-
-/*
- * Encryption/Decryption context of DES
- */
-typedef struct
-{
- uint32_t encrypt_subkeys[32];
- uint32_t decrypt_subkeys[32];
-} MHD_gl_des_ctx;
-
-/*
- * Encryption/Decryption context of Triple-DES
- */
-typedef struct
-{
- uint32_t encrypt_subkeys[96];
- uint32_t decrypt_subkeys[96];
-} MHD_gl_3des_ctx;
-
-/* Check whether the 8 byte key is weak. Does not check the parity
- * bits of the key but simple ignore them. */
-extern bool MHD_gl_des_is_weak_key (const char *key);
-
-/*
- * DES
- * ---
- */
-
-/* Fill a DES context CTX with subkeys calculated from 64bit KEY.
- * Does not check parity bits, but simply ignore them. Does not check
- * for weak keys. */
-extern void MHD_gl_des_setkey (MHD_gl_des_ctx * ctx, const char *key);
-
-/* Fill a DES context CTX with subkeys calculated from 64bit KEY, with
- * weak key checking. Does not check parity bits, but simply ignore
- * them. */
-extern bool MHD_gl_des_makekey (MHD_gl_des_ctx * ctx, const char *key,
- size_t keylen);
-
-/* Electronic Codebook Mode DES encryption/decryption of data
- * according to 'mode'. */
-extern void
-MHD_gl_des_ecb_crypt (MHD_gl_des_ctx * ctx, const char *from, char *to,
- int mode);
-
-#define MHD_gl_des_ecb_encrypt(ctx, from, to) MHD_gl_des_ecb_crypt(ctx, from, to, 0)
-#define MHD_gl_des_ecb_decrypt(ctx, from, to) MHD_gl_des_ecb_crypt(ctx, from, to, 1)
-
-/* Triple-DES
- * ----------
- */
-
-/* Fill a Triple-DES context CTX with subkeys calculated from two
- * 64bit keys in KEY1 and KEY2. Does not check the parity bits of the
- * keys, but simply ignore them. Does not check for weak keys. */
-extern void
-MHD_gl_3des_set2keys (MHD_gl_3des_ctx * ctx, const char *key1,
- const char *key2);
-
-/*
- * Fill a Triple-DES context CTX with subkeys calculated from three
- * 64bit keys in KEY1, KEY2 and KEY3. Does not check the parity bits
- * of the keys, but simply ignore them. Does not check for weak
- * keys. */
-extern void
-MHD_gl_3des_set3keys (MHD_gl_3des_ctx * ctx,
- const char *key1, const char *key2, const char *key3);
-
-/* Fill a Triple-DES context CTX with subkeys calculated from three
- * concatenated 64bit keys in KEY, with weak key checking. Does not
- * check the parity bits of the keys, but simply ignore them. */
-extern bool
-MHD_gl_3des_makekey (MHD_gl_3des_ctx * ctx, const char *key, size_t keylen);
-
-/* Electronic Codebook Mode Triple-DES encryption/decryption of data
- * according to 'mode'. Sometimes this mode is named 'EDE' mode
- * (Encryption-Decryption-Encryption). */
-extern void
-MHD_gl_3des_ecb_crypt (MHD_gl_3des_ctx * ctx, const char *from, char *to,
- int mode);
-
-#define MHD_gl_3des_ecb_encrypt(ctx, from, to) MHD_gl_3des_ecb_crypt(ctx,from,to,0)
-#define MHD_gl_3des_ecb_decrypt(ctx, from, to) MHD_gl_3des_ecb_crypt(ctx,from,to,1)
-
-#endif /* DES_H */
diff --git a/src/daemon/https/lgl/gc-gnulib.c b/src/daemon/https/lgl/gc-gnulib.c
@@ -1,779 +0,0 @@
-/* gc-gnulib.c --- Common gnulib internal crypto interface functions
- * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Simon Josefsson
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2.1, or (at your
- * option) any later version.
- *
- * This file is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- *
- */
-
-/* Note: This file is only built if GC uses internal functions. */
-
-#include "MHD_config.h"
-
-/* Get prototype. */
-#include "gc.h"
-
-#include <stdlib.h>
-#include <string.h>
-
-/* For randomize. */
-#ifdef GNULIB_GC_RANDOM
-# include <unistd.h>
-# include <sys/types.h>
-# include <sys/stat.h>
-# include <fcntl.h>
-# include <errno.h>
-#endif
-
-/* Hashes. */
-#ifdef GNULIB_GC_MD5
-# include "md5.h"
-#endif
-#ifdef GNULIB_GC_SHA1
-# include "sha1.h"
-#endif
-#if defined(GNULIB_GC_HMAC_MD5) || defined(GNULIB_GC_HMAC_SHA1)
-# include "hmac.h"
-#endif
-
-/* Ciphers. */
-#ifdef GNULIB_GC_ARCFOUR
-# include "arcfour.h"
-#endif
-#ifdef GNULIB_GC_ARCTWO
-# include "arctwo.h"
-#endif
-#ifdef GNULIB_GC_DES
-# include "des.h"
-#endif
-#ifdef GNULIB_GC_RIJNDAEL
-# include "rijndael-api-fst.h"
-#endif
-
-/* The results of open() in this file are not used with fchdir,
- therefore save some unnecessary work in fchdir.c. */
-#undef open
-#undef close
-
-Gc_rc
-MHD_gc_init (void)
-{
- return GC_OK;
-}
-
-void
-MHD_gc_done (void)
-{
- return;
-}
-
-#ifdef GNULIB_GC_RANDOM
-
-/* Randomness. */
-
-static Gc_rc
-randomize (int level, char *data, size_t datalen)
-{
- int fd;
- const char *device;
- size_t len = 0;
- int rc;
-
- switch (level)
- {
- case 0:
- device = NAME_OF_NONCE_DEVICE;
- break;
-
- case 1:
- device = NAME_OF_PSEUDO_RANDOM_DEVICE;
- break;
-
- default:
- device = NAME_OF_RANDOM_DEVICE;
- break;
- }
-
- if (strcmp (device, "no") == 0)
- return GC_RANDOM_ERROR;
-
- fd = open (device, O_RDONLY);
- if (fd < 0)
- return GC_RANDOM_ERROR;
-
- do
- {
- ssize_t tmp;
-
- tmp = read (fd, data, datalen);
-
- if (tmp < 0)
- {
- int save_errno = errno;
- close (fd);
- errno = save_errno;
- return GC_RANDOM_ERROR;
- }
-
- len += tmp;
- }
- while (len < datalen);
-
- rc = close (fd);
- if (rc < 0)
- return GC_RANDOM_ERROR;
-
- return GC_OK;
-}
-
-Gc_rc
-MHD_gc_nonce (char *data, size_t datalen)
-{
- return randomize (0, data, datalen);
-}
-
-Gc_rc
-MHD_gc_pseudo_random (char *data, size_t datalen)
-{
- return randomize (1, data, datalen);
-}
-
-#endif
-/* Ciphers. */
-
-typedef struct _MHD_gc_cipher_ctx
-{
- Gc_cipher alg;
- Gc_cipher_mode mode;
-#ifdef GNULIB_GC_ARCTWO
- arctwo_context arctwoContext;
- char arctwoIV[ARCTWO_BLOCK_SIZE];
-#endif
-#ifdef GNULIB_GC_ARCFOUR
- arcfour_context arcfourContext;
-#endif
-#ifdef GNULIB_GC_DES
- MHD_gl_des_ctx desContext;
-#endif
-#ifdef GNULIB_GC_RIJNDAEL
- rijndaelKeyInstance aesEncKey;
- rijndaelKeyInstance aesDecKey;
- rijndaelCipherInstance aesContext;
-#endif
-} _MHD_gc_cipher_ctx;
-
-Gc_rc
-MHD_gc_cipher_open (Gc_cipher alg,
- Gc_cipher_mode mode, MHD_gc_cipher_handle * outhandle)
-{
- _MHD_gc_cipher_ctx *ctx;
- Gc_rc rc = GC_OK;
-
- ctx = calloc (sizeof (*ctx), 1);
- if (!ctx)
- return GC_MALLOC_ERROR;
-
- ctx->alg = alg;
- ctx->mode = mode;
-
- switch (alg)
- {
-#ifdef GNULIB_GC_ARCTWO
- case GC_ARCTWO40:
- switch (mode)
- {
- case GC_ECB:
- case GC_CBC:
- break;
-
- default:
- rc = GC_INVALID_CIPHER;
- }
- break;
-#endif
-
-#ifdef GNULIB_GC_ARCFOUR
- case GC_ARCFOUR128:
- case GC_ARCFOUR40:
- switch (mode)
- {
- case GC_STREAM:
- break;
-
- default:
- rc = GC_INVALID_CIPHER;
- }
- break;
-#endif
-
-#ifdef GNULIB_GC_DES
- case GC_DES:
- switch (mode)
- {
- case GC_ECB:
- break;
-
- default:
- rc = GC_INVALID_CIPHER;
- }
- break;
-#endif
-
-#ifdef GNULIB_GC_RIJNDAEL
- case GC_AES128:
- case GC_AES192:
- case GC_AES256:
- switch (mode)
- {
- case GC_ECB:
- case GC_CBC:
- break;
-
- default:
- rc = GC_INVALID_CIPHER;
- }
- break;
-#endif
-
- default:
- rc = GC_INVALID_CIPHER;
- }
-
- if (rc == GC_OK)
- *outhandle = ctx;
- else
- free (ctx);
-
- return rc;
-}
-
-Gc_rc
-MHD_gc_cipher_setkey (MHD_gc_cipher_handle handle, size_t keylen,
- const char *key)
-{
- _MHD_gc_cipher_ctx *ctx = handle;
-
- switch (ctx->alg)
- {
-#ifdef GNULIB_GC_ARCTWO
- case GC_ARCTWO40:
- arctwo_setkey (&ctx->arctwoContext, keylen, key);
- break;
-#endif
-
-#ifdef GNULIB_GC_ARCFOUR
- case GC_ARCFOUR128:
- case GC_ARCFOUR40:
- arcfour_setkey (&ctx->arcfourContext, key, keylen);
- break;
-#endif
-
-#ifdef GNULIB_GC_DES
- case GC_DES:
- if (keylen != 8)
- return GC_INVALID_CIPHER;
- MHD_gl_des_setkey (&ctx->desContext, key);
- break;
-#endif
-
-#ifdef GNULIB_GC_RIJNDAEL
- case GC_AES128:
- case GC_AES192:
- case GC_AES256:
- {
- rijndael_rc rc;
- size_t i;
- char keyMaterial[RIJNDAEL_MAX_KEY_SIZE + 1];
-
- for (i = 0; i < keylen; i++)
- sprintf (&keyMaterial[2 * i], "%02x", key[i] & 0xFF);
-
- rc = MHD_rijndaelMakeKey (&ctx->aesEncKey, RIJNDAEL_DIR_ENCRYPT,
- keylen * 8, keyMaterial);
- if (rc < 0)
- return GC_INVALID_CIPHER;
-
- rc = MHD_rijndaelMakeKey (&ctx->aesDecKey, RIJNDAEL_DIR_DECRYPT,
- keylen * 8, keyMaterial);
- if (rc < 0)
- return GC_INVALID_CIPHER;
-
- rc =
- MHD_MHD_rijndaelCipherInit (&ctx->aesContext, RIJNDAEL_MODE_ECB,
- NULL);
- if (rc < 0)
- return GC_INVALID_CIPHER;
- }
- break;
-#endif
-
- default:
- return GC_INVALID_CIPHER;
- }
-
- return GC_OK;
-}
-
-Gc_rc
-MHD_gc_cipher_setiv (MHD_gc_cipher_handle handle, size_t ivlen,
- const char *iv)
-{
- _MHD_gc_cipher_ctx *ctx = handle;
-
- switch (ctx->alg)
- {
-#ifdef GNULIB_GC_ARCTWO
- case GC_ARCTWO40:
- if (ivlen != ARCTWO_BLOCK_SIZE)
- return GC_INVALID_CIPHER;
- memcpy (ctx->arctwoIV, iv, ivlen);
- break;
-#endif
-
-#ifdef GNULIB_GC_RIJNDAEL
- case GC_AES128:
- case GC_AES192:
- case GC_AES256:
- switch (ctx->mode)
- {
- case GC_ECB:
- /* Doesn't use IV. */
- break;
-
- case GC_CBC:
- {
- rijndael_rc rc;
- size_t i;
- char ivMaterial[2 * RIJNDAEL_MAX_IV_SIZE + 1];
-
- for (i = 0; i < ivlen; i++)
- sprintf (&ivMaterial[2 * i], "%02x", iv[i] & 0xFF);
-
- rc =
- MHD_MHD_rijndaelCipherInit (&ctx->aesContext, RIJNDAEL_MODE_CBC,
- ivMaterial);
- if (rc < 0)
- return GC_INVALID_CIPHER;
- }
- break;
-
- default:
- return GC_INVALID_CIPHER;
- }
- break;
-#endif
-
- default:
- return GC_INVALID_CIPHER;
- }
-
- return GC_OK;
-}
-
-Gc_rc
-MHD_gc_cipher_encrypt_inline (MHD_gc_cipher_handle handle, size_t len,
- char *data)
-{
- _MHD_gc_cipher_ctx *ctx = handle;
-
- switch (ctx->alg)
- {
-#ifdef GNULIB_GC_ARCTWO
- case GC_ARCTWO40:
- switch (ctx->mode)
- {
- case GC_ECB:
- arctwo_encrypt (&ctx->arctwoContext, data, data, len);
- break;
-
- case GC_CBC:
- for (; len >= ARCTWO_BLOCK_SIZE; len -= ARCTWO_BLOCK_SIZE,
- data += ARCTWO_BLOCK_SIZE)
- {
- size_t i;
- for (i = 0; i < ARCTWO_BLOCK_SIZE; i++)
- data[i] ^= ctx->arctwoIV[i];
- arctwo_encrypt (&ctx->arctwoContext, data, data,
- ARCTWO_BLOCK_SIZE);
- memcpy (ctx->arctwoIV, data, ARCTWO_BLOCK_SIZE);
- }
- break;
-
- default:
- return GC_INVALID_CIPHER;
- }
- break;
-#endif
-
-#ifdef GNULIB_GC_ARCFOUR
- case GC_ARCFOUR128:
- case GC_ARCFOUR40:
- arcfour_stream (&ctx->arcfourContext, data, data, len);
- break;
-#endif
-
-#ifdef GNULIB_GC_DES
- case GC_DES:
- for (; len >= 8; len -= 8, data += 8)
- MHD_gl_des_ecb_encrypt (&ctx->desContext, data, data);
- break;
-#endif
-
-#ifdef GNULIB_GC_RIJNDAEL
- case GC_AES128:
- case GC_AES192:
- case GC_AES256:
- {
- int nblocks;
-
- nblocks = MHD_rijndaelBlockEncrypt (&ctx->aesContext, &ctx->aesEncKey,
- data, 8 * len, data);
- if (nblocks < 0)
- return GC_INVALID_CIPHER;
- }
- break;
-#endif
-
- default:
- return GC_INVALID_CIPHER;
- }
-
- return GC_OK;
-}
-
-Gc_rc
-MHD_gc_cipher_decrypt_inline (MHD_gc_cipher_handle handle, size_t len,
- char *data)
-{
- _MHD_gc_cipher_ctx *ctx = handle;
-
- switch (ctx->alg)
- {
-#ifdef GNULIB_GC_ARCTWO
- case GC_ARCTWO40:
- switch (ctx->mode)
- {
- case GC_ECB:
- arctwo_decrypt (&ctx->arctwoContext, data, data, len);
- break;
-
- case GC_CBC:
- for (; len >= ARCTWO_BLOCK_SIZE; len -= ARCTWO_BLOCK_SIZE,
- data += ARCTWO_BLOCK_SIZE)
- {
- char tmpIV[ARCTWO_BLOCK_SIZE];
- size_t i;
- memcpy (tmpIV, data, ARCTWO_BLOCK_SIZE);
- arctwo_decrypt (&ctx->arctwoContext, data, data,
- ARCTWO_BLOCK_SIZE);
- for (i = 0; i < ARCTWO_BLOCK_SIZE; i++)
- data[i] ^= ctx->arctwoIV[i];
- memcpy (ctx->arctwoIV, tmpIV, ARCTWO_BLOCK_SIZE);
- }
- break;
-
- default:
- return GC_INVALID_CIPHER;
- }
- break;
-#endif
-
-#ifdef GNULIB_GC_ARCFOUR
- case GC_ARCFOUR128:
- case GC_ARCFOUR40:
- arcfour_stream (&ctx->arcfourContext, data, data, len);
- break;
-#endif
-
-#ifdef GNULIB_GC_DES
- case GC_DES:
- for (; len >= 8; len -= 8, data += 8)
- MHD_gl_des_ecb_decrypt (&ctx->desContext, data, data);
- break;
-#endif
-
-#ifdef GNULIB_GC_RIJNDAEL
- case GC_AES128:
- case GC_AES192:
- case GC_AES256:
- {
- int nblocks;
-
- nblocks = MHD_rijndaelBlockDecrypt (&ctx->aesContext, &ctx->aesDecKey,
- data, 8 * len, data);
- if (nblocks < 0)
- return GC_INVALID_CIPHER;
- }
- break;
-#endif
-
- default:
- return GC_INVALID_CIPHER;
- }
-
- return GC_OK;
-}
-
-Gc_rc
-MHD_gc_cipher_close (MHD_gc_cipher_handle handle)
-{
- _MHD_gc_cipher_ctx *ctx = handle;
-
- if (ctx)
- free (ctx);
-
- return GC_OK;
-}
-
-/* Hashes. */
-
-#define MAX_DIGEST_SIZE 20
-
-typedef struct _MHD_gc_hash_ctx
-{
- Gc_hash alg;
- Gc_hash_mode mode;
- char hash[MAX_DIGEST_SIZE];
-#ifdef GNULIB_GC_MD5
- struct MHD_md5_ctx md5Context;
-#endif
-#ifdef GNULIB_GC_SHA1
- struct MHD_sha1_ctx sha1Context;
-#endif
-} _MHD_gc_hash_ctx;
-
-Gc_rc
-MHD_gc_hash_open (Gc_hash hash, Gc_hash_mode mode,
- MHD_gc_hash_handle * outhandle)
-{
- _MHD_gc_hash_ctx *ctx;
- Gc_rc rc = GC_OK;
-
- ctx = calloc (sizeof (*ctx), 1);
- if (!ctx)
- return GC_MALLOC_ERROR;
-
- ctx->alg = hash;
- ctx->mode = mode;
-
- switch (hash)
- {
-#ifdef GNULIB_GC_MD5
- case GC_MD5:
- MHD_md5_init_ctx (&ctx->md5Context);
- break;
-#endif
-
-#ifdef GNULIB_GC_SHA1
- case GC_SHA1:
- MHD_sha1_init_ctx (&ctx->sha1Context);
- break;
-#endif
-
- default:
- rc = GC_INVALID_HASH;
- break;
- }
-
- switch (mode)
- {
- case 0:
- break;
-
- default:
- rc = GC_INVALID_HASH;
- break;
- }
-
- if (rc == GC_OK)
- *outhandle = ctx;
- else
- free (ctx);
-
- return rc;
-}
-
-Gc_rc
-MHD_gc_hash_clone (MHD_gc_hash_handle handle, MHD_gc_hash_handle * outhandle)
-{
- _MHD_gc_hash_ctx *in = handle;
- _MHD_gc_hash_ctx *out;
-
- *outhandle = out = calloc (sizeof (*out), 1);
- if (!out)
- return GC_MALLOC_ERROR;
-
- memcpy (out, in, sizeof (*out));
-
- return GC_OK;
-}
-
-size_t
-MHD_gc_hash_digest_length (Gc_hash hash)
-{
- size_t len;
-
- switch (hash)
- {
- case GC_MD2:
- len = GC_MD2_DIGEST_SIZE;
- break;
-
- case GC_MD4:
- len = GC_MD4_DIGEST_SIZE;
- break;
-
- case GC_MD5:
- len = GC_MD5_DIGEST_SIZE;
- break;
-
- case GC_RMD160:
- len = GC_RMD160_DIGEST_SIZE;
- break;
-
- case GC_SHA1:
- len = GC_SHA1_DIGEST_SIZE;
- break;
-
- default:
- return 0;
- }
-
- return len;
-}
-
-void
-MHD_gc_hash_write (MHD_gc_hash_handle handle, size_t len, const char *data)
-{
- _MHD_gc_hash_ctx *ctx = handle;
-
- switch (ctx->alg)
- {
-#ifdef GNULIB_GC_MD5
- case GC_MD5:
- MHD_md5_process_bytes (data, len, &ctx->md5Context);
- break;
-#endif
-
-#ifdef GNULIB_GC_SHA1
- case GC_SHA1:
- MHD_sha1_process_bytes (data, len, &ctx->sha1Context);
- break;
-#endif
-
- default:
- break;
- }
-}
-
-const char *
-MHD_gc_hash_read (MHD_gc_hash_handle handle)
-{
- _MHD_gc_hash_ctx *ctx = handle;
- const char *ret = NULL;
-
- switch (ctx->alg)
- {
-#ifdef GNULIB_GC_MD5
- case GC_MD5:
- MHD_md5_finish_ctx (&ctx->md5Context, ctx->hash);
- ret = ctx->hash;
- break;
-#endif
-
-#ifdef GNULIB_GC_SHA1
- case GC_SHA1:
- MHD_sha1_finish_ctx (&ctx->sha1Context, ctx->hash);
- ret = ctx->hash;
- break;
-#endif
-
- default:
- return NULL;
- }
-
- return ret;
-}
-
-void
-MHD_gc_hash_close (MHD_gc_hash_handle handle)
-{
- _MHD_gc_hash_ctx *ctx = handle;
-
- free (ctx);
-}
-
-Gc_rc
-MHD_gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *resbuf)
-{
- switch (hash)
- {
-#ifdef GNULIB_GC_MD5
- case GC_MD5:
- MHD_md5_buffer (in, inlen, resbuf);
- break;
-#endif
-
-#ifdef GNULIB_GC_SHA1
- case GC_SHA1:
- MHD_sha1_buffer (in, inlen, resbuf);
- break;
-#endif
-
- default:
- return GC_INVALID_HASH;
- }
-
- return GC_OK;
-}
-
-#ifdef GNULIB_GC_MD5
-Gc_rc
-MHD_gc_md5 (const void *in, size_t inlen, void *resbuf)
-{
- MHD_md5_buffer (in, inlen, resbuf);
- return GC_OK;
-}
-#endif
-
-#ifdef GNULIB_GC_SHA1
-Gc_rc
-MHD_gc_sha1 (const void *in, size_t inlen, void *resbuf)
-{
- MHD_sha1_buffer (in, inlen, resbuf);
- return GC_OK;
-}
-#endif
-
-#ifdef GNULIB_GC_HMAC_MD5
-Gc_rc
-MHD_gc_MHD_hmac_md5 (const void *key, size_t keylen,
- const void *in, size_t inlen, char *resbuf)
-{
- MHD_hmac_md5 (key, keylen, in, inlen, resbuf);
- return GC_OK;
-}
-#endif
-
-#ifdef GNULIB_GC_HMAC_SHA1
-Gc_rc
-MHD_gc_MHD_hmac_sha1 (const void *key,
- size_t keylen, const void *in, size_t inlen,
- char *resbuf)
-{
- MHD_hmac_sha1 (key, keylen, in, inlen, resbuf);
- return GC_OK;
-}
-#endif
diff --git a/src/daemon/https/lgl/gc-libgcrypt.c b/src/daemon/https/lgl/gc-libgcrypt.c
@@ -416,163 +416,6 @@ MHD_gc_hash_close (MHD_gc_hash_handle handle)
free (ctx);
}
-Gc_rc
-MHD_gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *resbuf)
-{
- int gcryalg;
-
- switch (hash)
- {
-#ifdef GNULIB_GC_MD5
- case GC_MD5:
- gcryalg = GCRY_MD_MD5;
- break;
-#endif
-
-#ifdef GNULIB_GC_SHA1
- case GC_SHA1:
- gcryalg = GCRY_MD_SHA1;
- break;
-#endif
-
-#ifdef GNULIB_GC_SHA256
- case GC_SHA256:
- gcryalg = GCRY_MD_SHA256;
- break;
-#endif
-
-#ifdef GNULIB_GC_SHA384
- case GC_SHA384:
- gcryalg = GCRY_MD_SHA384;
- break;
-#endif
-
-#ifdef GNULIB_GC_SHA512
- case GC_SHA512:
- gcryalg = GCRY_MD_SHA512;
- break;
-#endif
-
-#ifdef GNULIB_GC_RMD160
- case GC_RMD160:
- gcryalg = GCRY_MD_RMD160;
- break;
-#endif
-
- default:
- return GC_INVALID_HASH;
- }
-
- gcry_md_hash_buffer (gcryalg, resbuf, in, inlen);
-
- return GC_OK;
-}
-
-/* One-call interface. */
-#ifdef GNULIB_GC_MD5
-Gc_rc
-MHD_gc_md5 (const void *in, size_t inlen, void *resbuf)
-{
- size_t outlen = gcry_md_get_algo_dlen (GCRY_MD_MD5);
- gcry_md_hd_t hd;
- gpg_error_t err;
- unsigned char *p;
-
- assert (outlen == GC_MD5_DIGEST_SIZE);
-
- err = gcry_md_open (&hd, GCRY_MD_MD5, 0);
- if (err != GPG_ERR_NO_ERROR)
- return GC_INVALID_HASH;
-
- gcry_md_write (hd, in, inlen);
-
- p = gcry_md_read (hd, GCRY_MD_MD5);
- if (p == NULL)
- {
- gcry_md_close (hd);
- return GC_INVALID_HASH;
- }
-
- memcpy (resbuf, p, outlen);
-
- gcry_md_close (hd);
-
- return GC_OK;
-}
-#endif
-
-#ifdef GNULIB_GC_SHA1
-Gc_rc
-MHD_gc_sha1 (const void *in, size_t inlen, void *resbuf)
-{
- size_t outlen = gcry_md_get_algo_dlen (GCRY_MD_SHA1);
- gcry_md_hd_t hd;
- gpg_error_t err;
- unsigned char *p;
-
- assert (outlen == GC_SHA1_DIGEST_SIZE);
-
- err = gcry_md_open (&hd, GCRY_MD_SHA1, 0);
- if (err != GPG_ERR_NO_ERROR)
- return GC_INVALID_HASH;
-
- gcry_md_write (hd, in, inlen);
-
- p = gcry_md_read (hd, GCRY_MD_SHA1);
- if (p == NULL)
- {
- gcry_md_close (hd);
- return GC_INVALID_HASH;
- }
-
- memcpy (resbuf, p, outlen);
-
- gcry_md_close (hd);
-
- return GC_OK;
-}
-#endif
-
-#ifdef GNULIB_GC_HMAC_MD5
-Gc_rc
-MHD_gc_MHD_hmac_md5 (const void *key, size_t keylen,
- const void *in, size_t inlen, char *resbuf)
-{
- size_t hlen = gcry_md_get_algo_dlen (GCRY_MD_MD5);
- gcry_md_hd_t mdh;
- unsigned char *hash;
- gpg_error_t err;
-
- assert (hlen == 16);
-
- err = gcry_md_open (&mdh, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC);
- if (err != GPG_ERR_NO_ERROR)
- return GC_INVALID_HASH;
-
- err = gcry_md_setkey (mdh, key, keylen);
- if (err != GPG_ERR_NO_ERROR)
- {
- gcry_md_close (mdh);
- return GC_INVALID_HASH;
- }
-
- gcry_md_write (mdh, in, inlen);
-
- hash = gcry_md_read (mdh, GCRY_MD_MD5);
- if (hash == NULL)
- {
- gcry_md_close (mdh);
- return GC_INVALID_HASH;
- }
-
- memcpy (resbuf, hash, hlen);
-
- gcry_md_close (mdh);
-
- return GC_OK;
-}
-#endif
-
#ifdef GNULIB_GC_HMAC_SHA1
Gc_rc
MHD_gc_MHD_hmac_sha1 (const void *key,
diff --git a/src/daemon/https/lgl/memxor.c b/src/daemon/https/lgl/memxor.c
@@ -23,7 +23,7 @@
#include "memxor.h"
void *
-MHD_memxor (void *restrict dest, const void *restrict src, size_t n)
+MHD_memxor (void * dest, const void * src, size_t n)
{
char const *s = src;
char *d = dest;
diff --git a/src/daemon/https/lgl/memxor.h b/src/daemon/https/lgl/memxor.h
@@ -26,6 +26,6 @@
/* Compute binary exclusive OR of memory areas DEST and SRC, putting
the result in DEST, of length N bytes. Returns a pointer to
DEST. */
-void *MHD_memxor (void *restrict dest, const void *restrict src, size_t n);
+void *MHD_memxor (void * dest, const void * src, size_t n);
#endif /* MEMXOR_H */
diff --git a/src/daemon/https/minitasn1/Makefile.am b/src/daemon/https/minitasn1/Makefile.am
@@ -1,8 +1,7 @@
-
AM_CPPFLAGS = \
--I$(top_srcdir)/src/include \
--I$(top_srcdir)/src/daemon/https/lgl \
--I$(top_srcdir)/src/daemon/https/tls
+ -I$(top_srcdir)/src/include \
+ -I$(top_srcdir)/src/daemon/https/lgl \
+ -I$(top_srcdir)/src/daemon/https/tls
if USE_COVERAGE
AM_CFLAGS = -fprofile-arcs -ftest-coverage
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am
@@ -1,9 +1,3 @@
-SUBDIRS = .
-
-if USE_COVERAGE
- AM_CFLAGS = -fprofile-arcs -ftest-coverage
-endif
-
AM_CPPFLAGS = \
-I$(top_srcdir)/src/include \
-I$(top_srcdir)/src/daemon/ \
@@ -11,18 +5,19 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/daemon/https/tls \
-I$(top_srcdir)/src/daemon/https/lgl \
-I$(top_srcdir)/src/daemon/https/minitasn1 \
--I$(top_srcdir)/src/daemon/https/x509 \
--I$(GCRYPT_CPPFLAGS)
+-I$(top_srcdir)/src/daemon/https/x509
+
+if USE_COVERAGE
+ AM_CFLAGS = -fprofile-arcs -ftest-coverage
+endif
noinst_LTLIBRARIES = libtls.la
-libtls_la_LDFLAGS = \
- -L$(GCRYPT_LIB_PATH)
+libtls_la_LDFLAGS = -lgcrypt
libtls_la_SOURCES = \
auth_cert.c \
auth_dh_common.c \
-auth_dhe.c \
auth_rsa.c \
auth_rsa_export.c \
debug.c \
diff --git a/src/daemon/https/tls/auth_dh_common.c b/src/daemon/https/tls/auth_dh_common.c
@@ -50,278 +50,3 @@ MHD_gtls_free_dh_info (MHD_gtls_dh_info_st * dh)
MHD__gnutls_free_datum (&dh->public_key);
}
-int
-MHD_gtls_proc_dh_common_client_kx (MHD_gtls_session_t session,
- opaque * data, size_t _data_size,
- mpi_t g, mpi_t p)
-{
- uint16_t n_Y;
- size_t _n_Y;
- int ret;
- ssize_t data_size = _data_size;
-
-
- DECR_LEN (data_size, 2);
- n_Y = MHD_gtls_read_uint16 (&data[0]);
- _n_Y = n_Y;
-
- DECR_LEN (data_size, n_Y);
- if (MHD_gtls_mpi_scan_nz (&session->key->client_Y, &data[2], &_n_Y))
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- MHD_gtls_dh_set_peer_public (session, session->key->client_Y);
-
- session->key->KEY =
- MHD_gtls_calc_dh_key (session->key->client_Y, session->key->dh_secret, p);
-
- if (session->key->KEY == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- MHD_gtls_mpi_release (&session->key->client_Y);
- MHD_gtls_mpi_release (&session->key->dh_secret);
-
- ret = MHD_gtls_mpi_dprint (&session->key->key, session->key->KEY);
-
- MHD_gtls_mpi_release (&session->key->KEY);
-
- if (ret < 0)
- {
- return ret;
- }
-
- return 0;
-}
-
-int
-MHD_gtls_gen_dh_common_client_kx (MHD_gtls_session_t session, opaque ** data)
-{
- mpi_t x = NULL, X = NULL;
- size_t n_X;
- int ret;
-
- *data = NULL;
-
- X = MHD_gtls_calc_dh_secret (&x, session->key->client_g,
- session->key->client_p);
- if (X == NULL || x == NULL)
- {
- MHD_gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- MHD_gtls_dh_set_secret_bits (session, MHD__gnutls_mpi_get_nbits (x));
-
- MHD_gtls_mpi_print (NULL, &n_X, X);
- (*data) = MHD_gnutls_malloc (n_X + 2);
- if (*data == NULL)
- {
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- MHD_gtls_mpi_print (&(*data)[2], &n_X, X);
- MHD_gtls_mpi_release (&X);
-
- MHD_gtls_write_uint16 (n_X, &(*data)[0]);
-
- /* calculate the key after calculating the message */
- session->key->KEY =
- MHD_gtls_calc_dh_key (session->key->client_Y, x, session->key->client_p);
-
- MHD_gtls_mpi_release (&x);
- if (session->key->KEY == NULL)
- {
- MHD_gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
- }
-
- /* THESE SHOULD BE DISCARDED */
- MHD_gtls_mpi_release (&session->key->client_Y);
- MHD_gtls_mpi_release (&session->key->client_p);
- MHD_gtls_mpi_release (&session->key->client_g);
-
- ret = MHD_gtls_mpi_dprint (&session->key->key, session->key->KEY);
-
- MHD_gtls_mpi_release (&session->key->KEY);
-
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto error;
- }
-
- return n_X + 2;
-
-error:
- MHD_gtls_mpi_release (&x);
- MHD_gtls_mpi_release (&X);
- MHD_gnutls_free (*data);
- *data = NULL;
- return ret;
-}
-
-int
-MHD_gtls_proc_dh_common_server_kx (MHD_gtls_session_t session,
- opaque * data, size_t _data_size, int psk)
-{
- uint16_t n_Y, n_g, n_p;
- size_t _n_Y, _n_g, _n_p;
- uint8_t *data_p;
- uint8_t *data_g;
- uint8_t *data_Y;
- int i, bits, psk_size, ret;
- ssize_t data_size = _data_size;
-
- i = 0;
-
- if (psk != 0)
- {
- DECR_LEN (data_size, 2);
- psk_size = MHD_gtls_read_uint16 (&data[i]);
- DECR_LEN (data_size, psk_size);
- i += 2 + psk_size;
- }
-
- DECR_LEN (data_size, 2);
- n_p = MHD_gtls_read_uint16 (&data[i]);
- i += 2;
-
- DECR_LEN (data_size, n_p);
- data_p = &data[i];
- i += n_p;
-
- DECR_LEN (data_size, 2);
- n_g = MHD_gtls_read_uint16 (&data[i]);
- i += 2;
-
- DECR_LEN (data_size, n_g);
- data_g = &data[i];
- i += n_g;
-
- DECR_LEN (data_size, 2);
- n_Y = MHD_gtls_read_uint16 (&data[i]);
- i += 2;
-
- DECR_LEN (data_size, n_Y);
- data_Y = &data[i];
- i += n_Y;
-
- _n_Y = n_Y;
- _n_g = n_g;
- _n_p = n_p;
-
- if (MHD_gtls_mpi_scan_nz (&session->key->client_Y, data_Y, &_n_Y) != 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- if (MHD_gtls_mpi_scan_nz (&session->key->client_g, data_g, &_n_g) != 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
- if (MHD_gtls_mpi_scan_nz (&session->key->client_p, data_p, &_n_p) != 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- bits = MHD_gtls_dh_get_allowed_prime_bits (session);
- if (bits < 0)
- {
- MHD_gnutls_assert ();
- return bits;
- }
-
- if (MHD__gnutls_mpi_get_nbits (session->key->client_p) < (size_t) bits)
- {
- /* the prime used by the peer is not acceptable
- */
- MHD_gnutls_assert ();
- return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
- }
-
- MHD_gtls_dh_set_group (session, session->key->client_g,
- session->key->client_p);
- MHD_gtls_dh_set_peer_public (session, session->key->client_Y);
-
- ret = n_Y + n_p + n_g + 6;
- if (psk != 0)
- ret += 2;
-
- return ret;
-}
-
-/* If the psk flag is set, then an empty psk_identity_hint will
- * be inserted */
-int
-MHD_gtls_dh_common_print_server_kx (MHD_gtls_session_t session,
- mpi_t g, mpi_t p, opaque ** data, int psk)
-{
- mpi_t x, X;
- size_t n_X, n_g, n_p;
- int ret, data_size, pos;
- uint8_t *pdata;
-
- X = MHD_gtls_calc_dh_secret (&x, g, p);
- if (X == NULL || x == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- session->key->dh_secret = x;
- MHD_gtls_dh_set_secret_bits (session, MHD__gnutls_mpi_get_nbits (x));
-
- MHD_gtls_mpi_print (NULL, &n_g, g);
- MHD_gtls_mpi_print (NULL, &n_p, p);
- MHD_gtls_mpi_print (NULL, &n_X, X);
-
- data_size = n_g + n_p + n_X + 6;
- if (psk != 0)
- data_size += 2;
-
- (*data) = MHD_gnutls_malloc (data_size);
- if (*data == NULL)
- {
- MHD_gtls_mpi_release (&X);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- pos = 0;
- pdata = *data;
-
- if (psk != 0)
- {
- MHD_gtls_write_uint16 (0, &pdata[pos]);
- pos += 2;
- }
-
- MHD_gtls_mpi_print (&pdata[pos + 2], &n_p, p);
- MHD_gtls_write_uint16 (n_p, &pdata[pos]);
-
- pos += n_p + 2;
-
- MHD_gtls_mpi_print (&pdata[pos + 2], &n_g, g);
- MHD_gtls_write_uint16 (n_g, &pdata[pos]);
-
- pos += n_g + 2;
-
- MHD_gtls_mpi_print (&pdata[pos + 2], &n_X, X);
- MHD_gtls_mpi_release (&X);
-
- MHD_gtls_write_uint16 (n_X, &pdata[pos]);
-
- ret = data_size;
-
- return ret;
-}
diff --git a/src/daemon/https/tls/auth_dh_common.h b/src/daemon/https/tls/auth_dh_common.h
@@ -35,14 +35,5 @@ typedef struct
} MHD_gtls_dh_info_st;
void MHD_gtls_free_dh_info (MHD_gtls_dh_info_st * dh);
-int MHD_gtls_gen_dh_common_client_kx (MHD_gtls_session_t, opaque **);
-int MHD_gtls_proc_dh_common_client_kx (MHD_gtls_session_t session,
- opaque * data, size_t _data_size,
- mpi_t p, mpi_t g);
-int MHD_gtls_dh_common_print_server_kx (MHD_gtls_session_t, mpi_t g, mpi_t p,
- opaque ** data, int psk);
-int MHD_gtls_proc_dh_common_server_kx (MHD_gtls_session_t session,
- opaque * data, size_t _data_size,
- int psk);
#endif
diff --git a/src/daemon/https/tls/auth_dhe.c b/src/daemon/https/tls/auth_dhe.c
@@ -1,277 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains everything for the Ephemeral Diffie Hellman (DHE)
- * key exchange. This is used in the handshake procedure of the certificate
- * authentication.
- */
-
-#include "gnutls_int.h"
-#include "gnutls_auth_int.h"
-#include "gnutls_errors.h"
-#include "gnutls_dh.h"
-#include "gnutls_num.h"
-#include "gnutls_sig.h"
-#include <gnutls_datum.h>
-#include <auth_cert.h>
-#include <gnutls_x509.h>
-#include <gnutls_state.h>
-#include <auth_dh_common.h>
-
-static int gen_dhe_server_kx (MHD_gtls_session_t, opaque **);
-static int proc_dhe_server_kx (MHD_gtls_session_t, opaque *, size_t);
-static int proc_dhe_client_kx (MHD_gtls_session_t, opaque *, size_t);
-
-const MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct = {
- "DHE_RSA",
- MHD_gtls_gen_cert_server_certificate,
- MHD_gtls_gen_cert_client_certificate,
- gen_dhe_server_kx,
- MHD_gtls_gen_dh_common_client_kx,
- MHD_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
- MHD_gtls_gen_cert_server_cert_req, /* server cert request */
-
- MHD_gtls_proc_cert_server_certificate,
- MHD__gnutls_proc_cert_client_certificate,
- proc_dhe_server_kx,
- proc_dhe_client_kx,
- MHD_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
- MHD_gtls_proc_cert_cert_req /* proc server cert request */
-};
-
-const MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct = {
- "DHE_DSS",
- MHD_gtls_gen_cert_server_certificate,
- MHD_gtls_gen_cert_client_certificate,
- gen_dhe_server_kx,
- MHD_gtls_gen_dh_common_client_kx,
- MHD_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
- MHD_gtls_gen_cert_server_cert_req, /* server cert request */
-
- MHD_gtls_proc_cert_server_certificate,
- MHD__gnutls_proc_cert_client_certificate,
- proc_dhe_server_kx,
- proc_dhe_client_kx,
- MHD_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
- MHD_gtls_proc_cert_cert_req /* proc server cert request */
-};
-
-
-static int
-gen_dhe_server_kx (MHD_gtls_session_t session, opaque ** data)
-{
- mpi_t g, p;
- const mpi_t *mpis;
- int ret = 0, data_size;
- int bits;
- MHD_gnutls_cert *apr_cert_list;
- MHD_gnutls_privkey *apr_pkey;
- int apr_cert_list_length;
- MHD_gnutls_datum_t signature, ddata;
- MHD_gtls_cert_credentials_t cred;
- MHD_gtls_dh_params_t dh_params;
-
- cred = (MHD_gtls_cert_credentials_t)
- MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- bits = MHD_gtls_dh_get_allowed_prime_bits (session);
-
- /* find the appropriate certificate */
- if ((ret =
- MHD_gtls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- dh_params =
- MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session);
- mpis = MHD_gtls_dh_params_to_mpi (dh_params);
- if (mpis == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
-
- p = mpis[0];
- g = mpis[1];
-
- if ((ret = MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 0)) < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- MHD_gtls_dh_set_group (session, g, p);
-
- ret = MHD_gtls_dh_common_print_server_kx (session, g, p, data, 0);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
- data_size = ret;
-
- /* Generate the signature. */
-
- ddata.data = *data;
- ddata.size = data_size;
-
- if (apr_cert_list_length > 0)
- {
- if ((ret =
- MHD_gtls_tls_sign_params (session, &apr_cert_list[0],
- apr_pkey, &ddata, &signature)) < 0)
- {
- MHD_gnutls_assert ();
- MHD_gnutls_free (*data);
- return ret;
- }
- }
- else
- {
- MHD_gnutls_assert ();
- return data_size; /* do not put a signature - ILLEGAL! */
- }
-
- *data = MHD_gtls_realloc_fast (*data, data_size + signature.size + 2);
- if (*data == NULL)
- {
- MHD__gnutls_free_datum (&signature);
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- MHD_gtls_write_datum16 (&(*data)[data_size], signature);
- data_size += signature.size + 2;
-
- MHD__gnutls_free_datum (&signature);
-
- return data_size;
-}
-
-static int
-proc_dhe_server_kx (MHD_gtls_session_t session, opaque * data,
- size_t _data_size)
-{
- int sigsize;
- MHD_gnutls_datum_t vparams, signature;
- int ret;
- cert_auth_info_t info = MHD_gtls_get_auth_info (session);
- ssize_t data_size = _data_size;
- MHD_gnutls_cert peer_cert;
-
- if (info == NULL || info->ncerts == 0)
- {
- MHD_gnutls_assert ();
- /* we need this in order to get peer's certificate */
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- ret = MHD_gtls_proc_dh_common_server_kx (session, data, _data_size, 0);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- /* VERIFY SIGNATURE */
-
- vparams.size = ret;
- vparams.data = data;
-
- DECR_LEN (data_size, 2);
- sigsize = MHD_gtls_read_uint16 (&data[vparams.size]);
-
- DECR_LEN (data_size, sigsize);
- signature.data = &data[vparams.size + 2];
- signature.size = sigsize;
-
- if ((ret =
- MHD_gtls_raw_cert_to_gcert (&peer_cert,
- session->security_parameters.cert_type,
- &info->raw_certificate_list[0],
- CERT_NO_COPY)) < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- ret =
- MHD_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature);
-
- MHD_gtls_gcert_deinit (&peer_cert);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- return ret;
-}
-
-
-
-static int
-proc_dhe_client_kx (MHD_gtls_session_t session, opaque * data,
- size_t _data_size)
-{
- MHD_gtls_cert_credentials_t cred;
- int ret;
- mpi_t p, g;
- const mpi_t *mpis;
- MHD_gtls_dh_params_t dh_params;
-
- cred = (MHD_gtls_cert_credentials_t)
- MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- dh_params =
- MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session);
- mpis = MHD_gtls_dh_params_to_mpi (dh_params);
- if (mpis == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
-
- p = mpis[0];
- g = mpis[1];
-
- ret = MHD_gtls_proc_dh_common_client_kx (session, data, _data_size, g, p);
-
- return ret;
-
-}
diff --git a/src/daemon/https/x509/Makefile.am b/src/daemon/https/x509/Makefile.am
@@ -1,26 +1,25 @@
-SUBDIRS = .
-
-if USE_COVERAGE
- AM_CFLAGS = -fprofile-arcs -ftest-coverage
-endif
-
AM_CPPFLAGS = \
--I$(top_srcdir)/src/include \
--I$(top_srcdir)/src/daemon/https \
--I$(top_srcdir)/src/daemon/https/minitasn1 \
--I$(top_srcdir)/src/daemon/https/lgl \
--I$(top_srcdir)/src/daemon/https/x509 \
--I$(top_srcdir)/src/daemon/https/tls
+ -I$(top_srcdir)/src/include \
+ -I$(top_srcdir)/src/daemon/https \
+ -I$(top_srcdir)/src/daemon/https/minitasn1 \
+ -I$(top_srcdir)/src/daemon/https/lgl \
+ -I$(top_srcdir)/src/daemon/https/tls \
+ -I$(top_srcdir)/src/daemon/https/x509
noinst_LTLIBRARIES = libx509.la
libx509_la_LDFLAGS = -lgcrypt
+if USE_COVERAGE
+ AM_CFLAGS = -fprofile-arcs -ftest-coverage
+endif
+
+
libx509_la_SOURCES = \
-common.c common.h \
-extensions.c extensions.h \
-mpi.c mpi.h \
-pkcs12.h \
-x509_privkey.c privkey.h \
-x509.c x509.h
+ common.c common.h \
+ extensions.c extensions.h \
+ mpi.c mpi.h \
+ pkcs12.h \
+ x509_privkey.c privkey.h \
+ x509.c x509.h
diff --git a/src/examples/Makefile.am b/src/examples/Makefile.am
@@ -4,6 +4,10 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/include \
-I$(top_srcdir)/src/daemon/https
+if USE_COVERAGE
+ AM_CFLAGS = --coverage
+endif
+
# example programs
noinst_PROGRAMS = \
authorization_example \
