commit 9ff6d494fa12d1d68ffe8670c31d1e27009bc71a
parent 5acebb923438051ccfa4841341ef4fa882e4d480
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 16 Nov 2008 07:24:34 +0000
fix
Diffstat:
11 files changed, 571 insertions(+), 148 deletions(-)
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h
@@ -227,8 +227,6 @@ extern "C"
int MHD__gnutls_handshake (MHD_gtls_session_t session);
int MHD__gnutls_rehandshake (MHD_gtls_session_t session);
- int MHD_gtls_handshake_client (MHD_gtls_session_t session);
-
MHD_gnutls_alert_description_t MHD_gnutls_alert_get (MHD_gtls_session_t
session);
int MHD__gnutls_alert_send (MHD_gtls_session_t session,
@@ -513,17 +511,6 @@ extern "C"
typedef void (*MHD_gnutls_free_function) (void *);
typedef void *(*MHD_gnutls_realloc_function) (void *, size_t);
- extern void
- MHD_gtls_global_set_mem_functions (MHD_gnutls_alloc_function
- gt_alloc_func,
- MHD_gnutls_alloc_function
- gt_secure_alloc_func,
- MHD_gnutls_is_secure_function
- gt_is_secure_func,
- MHD_gnutls_realloc_function
- gt_realloc_func,
- MHD_gnutls_free_function gt_free_func);
-
/* For use in callbacks */
extern MHD_gnutls_alloc_function MHD_gnutls_malloc;
extern MHD_gnutls_alloc_function MHD_gnutls_secure_malloc;
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am
@@ -17,6 +17,7 @@ libtls_la_LDFLAGS = -lgcrypt
libtls_la_SOURCES = \
auth_cert.c \
+auth_dhe.c \
auth_dh_common.c \
auth_rsa.c \
auth_rsa_export.c \
diff --git a/src/daemon/https/tls/auth_dh_common.c b/src/daemon/https/tls/auth_dh_common.c
@@ -50,3 +50,278 @@ MHD_gtls_free_dh_info (MHD_gtls_dh_info_st * dh)
MHD__gnutls_free_datum (&dh->public_key);
}
+int
+MHD_gtls_proc_dh_common_client_kx (MHD_gtls_session_t session,
+ opaque * data, size_t _data_size,
+ mpi_t g, mpi_t p)
+{
+ uint16_t n_Y;
+ size_t _n_Y;
+ int ret;
+ ssize_t data_size = _data_size;
+
+
+ DECR_LEN (data_size, 2);
+ n_Y = MHD_gtls_read_uint16 (&data[0]);
+ _n_Y = n_Y;
+
+ DECR_LEN (data_size, n_Y);
+ if (MHD_gtls_mpi_scan_nz (&session->key->client_Y, &data[2], &_n_Y))
+ {
+ MHD_gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ MHD_gtls_dh_set_peer_public (session, session->key->client_Y);
+
+ session->key->KEY =
+ MHD_gtls_calc_dh_key (session->key->client_Y, session->key->dh_secret, p);
+
+ if (session->key->KEY == NULL)
+ {
+ MHD_gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ MHD_gtls_mpi_release (&session->key->client_Y);
+ MHD_gtls_mpi_release (&session->key->dh_secret);
+
+ ret = MHD_gtls_mpi_dprint (&session->key->key, session->key->KEY);
+
+ MHD_gtls_mpi_release (&session->key->KEY);
+
+ if (ret < 0)
+ {
+ return ret;
+ }
+
+ return 0;
+}
+
+int
+MHD_gtls_gen_dh_common_client_kx (MHD_gtls_session_t session, opaque ** data)
+{
+ mpi_t x = NULL, X = NULL;
+ size_t n_X;
+ int ret;
+
+ *data = NULL;
+
+ X = MHD_gtls_calc_dh_secret (&x, session->key->client_g,
+ session->key->client_p);
+ if (X == NULL || x == NULL)
+ {
+ MHD_gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ MHD_gtls_dh_set_secret_bits (session, MHD__gnutls_mpi_get_nbits (x));
+
+ MHD_gtls_mpi_print (NULL, &n_X, X);
+ (*data) = MHD_gnutls_malloc (n_X + 2);
+ if (*data == NULL)
+ {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ MHD_gtls_mpi_print (&(*data)[2], &n_X, X);
+ MHD_gtls_mpi_release (&X);
+
+ MHD_gtls_write_uint16 (n_X, &(*data)[0]);
+
+ /* calculate the key after calculating the message */
+ session->key->KEY =
+ MHD_gtls_calc_dh_key (session->key->client_Y, x, session->key->client_p);
+
+ MHD_gtls_mpi_release (&x);
+ if (session->key->KEY == NULL)
+ {
+ MHD_gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ /* THESE SHOULD BE DISCARDED */
+ MHD_gtls_mpi_release (&session->key->client_Y);
+ MHD_gtls_mpi_release (&session->key->client_p);
+ MHD_gtls_mpi_release (&session->key->client_g);
+
+ ret = MHD_gtls_mpi_dprint (&session->key->key, session->key->KEY);
+
+ MHD_gtls_mpi_release (&session->key->KEY);
+
+ if (ret < 0)
+ {
+ MHD_gnutls_assert ();
+ goto error;
+ }
+
+ return n_X + 2;
+
+error:
+ MHD_gtls_mpi_release (&x);
+ MHD_gtls_mpi_release (&X);
+ MHD_gnutls_free (*data);
+ *data = NULL;
+ return ret;
+}
+
+int
+MHD_gtls_proc_dh_common_server_kx (MHD_gtls_session_t session,
+ opaque * data, size_t _data_size, int psk)
+{
+ uint16_t n_Y, n_g, n_p;
+ size_t _n_Y, _n_g, _n_p;
+ uint8_t *data_p;
+ uint8_t *data_g;
+ uint8_t *data_Y;
+ int i, bits, psk_size, ret;
+ ssize_t data_size = _data_size;
+
+ i = 0;
+
+ if (psk != 0)
+ {
+ DECR_LEN (data_size, 2);
+ psk_size = MHD_gtls_read_uint16 (&data[i]);
+ DECR_LEN (data_size, psk_size);
+ i += 2 + psk_size;
+ }
+
+ DECR_LEN (data_size, 2);
+ n_p = MHD_gtls_read_uint16 (&data[i]);
+ i += 2;
+
+ DECR_LEN (data_size, n_p);
+ data_p = &data[i];
+ i += n_p;
+
+ DECR_LEN (data_size, 2);
+ n_g = MHD_gtls_read_uint16 (&data[i]);
+ i += 2;
+
+ DECR_LEN (data_size, n_g);
+ data_g = &data[i];
+ i += n_g;
+
+ DECR_LEN (data_size, 2);
+ n_Y = MHD_gtls_read_uint16 (&data[i]);
+ i += 2;
+
+ DECR_LEN (data_size, n_Y);
+ data_Y = &data[i];
+ i += n_Y;
+
+ _n_Y = n_Y;
+ _n_g = n_g;
+ _n_p = n_p;
+
+ if (MHD_gtls_mpi_scan_nz (&session->key->client_Y, data_Y, &_n_Y) != 0)
+ {
+ MHD_gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ if (MHD_gtls_mpi_scan_nz (&session->key->client_g, data_g, &_n_g) != 0)
+ {
+ MHD_gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+ if (MHD_gtls_mpi_scan_nz (&session->key->client_p, data_p, &_n_p) != 0)
+ {
+ MHD_gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ bits = MHD_gtls_dh_get_allowed_prime_bits (session);
+ if (bits < 0)
+ {
+ MHD_gnutls_assert ();
+ return bits;
+ }
+
+ if (MHD__gnutls_mpi_get_nbits (session->key->client_p) < (size_t) bits)
+ {
+ /* the prime used by the peer is not acceptable
+ */
+ MHD_gnutls_assert ();
+ return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
+ }
+
+ MHD_gtls_dh_set_group (session, session->key->client_g,
+ session->key->client_p);
+ MHD_gtls_dh_set_peer_public (session, session->key->client_Y);
+
+ ret = n_Y + n_p + n_g + 6;
+ if (psk != 0)
+ ret += 2;
+
+ return ret;
+}
+
+/* If the psk flag is set, then an empty psk_identity_hint will
+ * be inserted */
+int
+MHD_gtls_dh_common_print_server_kx (MHD_gtls_session_t session,
+ mpi_t g, mpi_t p, opaque ** data, int psk)
+{
+ mpi_t x, X;
+ size_t n_X, n_g, n_p;
+ int ret, data_size, pos;
+ uint8_t *pdata;
+
+ X = MHD_gtls_calc_dh_secret (&x, g, p);
+ if (X == NULL || x == NULL)
+ {
+ MHD_gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ session->key->dh_secret = x;
+ MHD_gtls_dh_set_secret_bits (session, MHD__gnutls_mpi_get_nbits (x));
+
+ MHD_gtls_mpi_print (NULL, &n_g, g);
+ MHD_gtls_mpi_print (NULL, &n_p, p);
+ MHD_gtls_mpi_print (NULL, &n_X, X);
+
+ data_size = n_g + n_p + n_X + 6;
+ if (psk != 0)
+ data_size += 2;
+
+ (*data) = MHD_gnutls_malloc (data_size);
+ if (*data == NULL)
+ {
+ MHD_gtls_mpi_release (&X);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ pos = 0;
+ pdata = *data;
+
+ if (psk != 0)
+ {
+ MHD_gtls_write_uint16 (0, &pdata[pos]);
+ pos += 2;
+ }
+
+ MHD_gtls_mpi_print (&pdata[pos + 2], &n_p, p);
+ MHD_gtls_write_uint16 (n_p, &pdata[pos]);
+
+ pos += n_p + 2;
+
+ MHD_gtls_mpi_print (&pdata[pos + 2], &n_g, g);
+ MHD_gtls_write_uint16 (n_g, &pdata[pos]);
+
+ pos += n_g + 2;
+
+ MHD_gtls_mpi_print (&pdata[pos + 2], &n_X, X);
+ MHD_gtls_mpi_release (&X);
+
+ MHD_gtls_write_uint16 (n_X, &pdata[pos]);
+
+ ret = data_size;
+
+ return ret;
+}
diff --git a/src/daemon/https/tls/auth_dh_common.h b/src/daemon/https/tls/auth_dh_common.h
@@ -35,5 +35,14 @@ typedef struct
} MHD_gtls_dh_info_st;
void MHD_gtls_free_dh_info (MHD_gtls_dh_info_st * dh);
+int MHD_gtls_gen_dh_common_client_kx (MHD_gtls_session_t, opaque **);
+int MHD_gtls_proc_dh_common_client_kx (MHD_gtls_session_t session,
+ opaque * data, size_t _data_size,
+ mpi_t p, mpi_t g);
+int MHD_gtls_dh_common_print_server_kx (MHD_gtls_session_t, mpi_t g, mpi_t p,
+ opaque ** data, int psk);
+int MHD_gtls_proc_dh_common_server_kx (MHD_gtls_session_t session,
+ opaque * data, size_t _data_size,
+ int psk);
#endif
diff --git a/src/daemon/https/tls/auth_dhe.c b/src/daemon/https/tls/auth_dhe.c
@@ -0,0 +1,277 @@
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains everything for the Ephemeral Diffie Hellman (DHE)
+ * key exchange. This is used in the handshake procedure of the certificate
+ * authentication.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_auth_int.h"
+#include "gnutls_errors.h"
+#include "gnutls_dh.h"
+#include "gnutls_num.h"
+#include "gnutls_sig.h"
+#include <gnutls_datum.h>
+#include <auth_cert.h>
+#include <gnutls_x509.h>
+#include <gnutls_state.h>
+#include <auth_dh_common.h>
+
+static int gen_dhe_server_kx (MHD_gtls_session_t, opaque **);
+static int proc_dhe_server_kx (MHD_gtls_session_t, opaque *, size_t);
+static int proc_dhe_client_kx (MHD_gtls_session_t, opaque *, size_t);
+
+const MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct = {
+ "DHE_RSA",
+ MHD_gtls_gen_cert_server_certificate,
+ MHD_gtls_gen_cert_client_certificate,
+ gen_dhe_server_kx,
+ MHD_gtls_gen_dh_common_client_kx,
+ MHD_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
+ MHD_gtls_gen_cert_server_cert_req, /* server cert request */
+
+ MHD_gtls_proc_cert_server_certificate,
+ MHD__gnutls_proc_cert_client_certificate,
+ proc_dhe_server_kx,
+ proc_dhe_client_kx,
+ MHD_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
+ MHD_gtls_proc_cert_cert_req /* proc server cert request */
+};
+
+const MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct = {
+ "DHE_DSS",
+ MHD_gtls_gen_cert_server_certificate,
+ MHD_gtls_gen_cert_client_certificate,
+ gen_dhe_server_kx,
+ MHD_gtls_gen_dh_common_client_kx,
+ MHD_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
+ MHD_gtls_gen_cert_server_cert_req, /* server cert request */
+
+ MHD_gtls_proc_cert_server_certificate,
+ MHD__gnutls_proc_cert_client_certificate,
+ proc_dhe_server_kx,
+ proc_dhe_client_kx,
+ MHD_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
+ MHD_gtls_proc_cert_cert_req /* proc server cert request */
+};
+
+
+static int
+gen_dhe_server_kx (MHD_gtls_session_t session, opaque ** data)
+{
+ mpi_t g, p;
+ const mpi_t *mpis;
+ int ret = 0, data_size;
+ int bits;
+ MHD_gnutls_cert *apr_cert_list;
+ MHD_gnutls_privkey *apr_pkey;
+ int apr_cert_list_length;
+ MHD_gnutls_datum_t signature, ddata;
+ MHD_gtls_cert_credentials_t cred;
+ MHD_gtls_dh_params_t dh_params;
+
+ cred = (MHD_gtls_cert_credentials_t)
+ MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL)
+ {
+ MHD_gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ bits = MHD_gtls_dh_get_allowed_prime_bits (session);
+
+ /* find the appropriate certificate */
+ if ((ret =
+ MHD_gtls_get_selected_cert (session, &apr_cert_list,
+ &apr_cert_list_length, &apr_pkey)) < 0)
+ {
+ MHD_gnutls_assert ();
+ return ret;
+ }
+
+ dh_params =
+ MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session);
+ mpis = MHD_gtls_dh_params_to_mpi (dh_params);
+ if (mpis == NULL)
+ {
+ MHD_gnutls_assert ();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ if ((ret = MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
+ sizeof (cert_auth_info_st), 0)) < 0)
+ {
+ MHD_gnutls_assert ();
+ return ret;
+ }
+
+ MHD_gtls_dh_set_group (session, g, p);
+
+ ret = MHD_gtls_dh_common_print_server_kx (session, g, p, data, 0);
+ if (ret < 0)
+ {
+ MHD_gnutls_assert ();
+ return ret;
+ }
+ data_size = ret;
+
+ /* Generate the signature. */
+
+ ddata.data = *data;
+ ddata.size = data_size;
+
+ if (apr_cert_list_length > 0)
+ {
+ if ((ret =
+ MHD_gtls_tls_sign_params (session, &apr_cert_list[0],
+ apr_pkey, &ddata, &signature)) < 0)
+ {
+ MHD_gnutls_assert ();
+ MHD_gnutls_free (*data);
+ return ret;
+ }
+ }
+ else
+ {
+ MHD_gnutls_assert ();
+ return data_size; /* do not put a signature - ILLEGAL! */
+ }
+
+ *data = MHD_gtls_realloc_fast (*data, data_size + signature.size + 2);
+ if (*data == NULL)
+ {
+ MHD__gnutls_free_datum (&signature);
+ MHD_gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ MHD_gtls_write_datum16 (&(*data)[data_size], signature);
+ data_size += signature.size + 2;
+
+ MHD__gnutls_free_datum (&signature);
+
+ return data_size;
+}
+
+static int
+proc_dhe_server_kx (MHD_gtls_session_t session, opaque * data,
+ size_t _data_size)
+{
+ int sigsize;
+ MHD_gnutls_datum_t vparams, signature;
+ int ret;
+ cert_auth_info_t info = MHD_gtls_get_auth_info (session);
+ ssize_t data_size = _data_size;
+ MHD_gnutls_cert peer_cert;
+
+ if (info == NULL || info->ncerts == 0)
+ {
+ MHD_gnutls_assert ();
+ /* we need this in order to get peer's certificate */
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret = MHD_gtls_proc_dh_common_server_kx (session, data, _data_size, 0);
+ if (ret < 0)
+ {
+ MHD_gnutls_assert ();
+ return ret;
+ }
+
+ /* VERIFY SIGNATURE */
+
+ vparams.size = ret;
+ vparams.data = data;
+
+ DECR_LEN (data_size, 2);
+ sigsize = MHD_gtls_read_uint16 (&data[vparams.size]);
+
+ DECR_LEN (data_size, sigsize);
+ signature.data = &data[vparams.size + 2];
+ signature.size = sigsize;
+
+ if ((ret =
+ MHD_gtls_raw_cert_to_gcert (&peer_cert,
+ session->security_parameters.cert_type,
+ &info->raw_certificate_list[0],
+ CERT_NO_COPY)) < 0)
+ {
+ MHD_gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ MHD_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature);
+
+ MHD_gtls_gcert_deinit (&peer_cert);
+ if (ret < 0)
+ {
+ MHD_gnutls_assert ();
+ return ret;
+ }
+
+ return ret;
+}
+
+
+
+static int
+proc_dhe_client_kx (MHD_gtls_session_t session, opaque * data,
+ size_t _data_size)
+{
+ MHD_gtls_cert_credentials_t cred;
+ int ret;
+ mpi_t p, g;
+ const mpi_t *mpis;
+ MHD_gtls_dh_params_t dh_params;
+
+ cred = (MHD_gtls_cert_credentials_t)
+ MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL)
+ {
+ MHD_gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ dh_params =
+ MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session);
+ mpis = MHD_gtls_dh_params_to_mpi (dh_params);
+ if (mpis == NULL)
+ {
+ MHD_gnutls_assert ();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ ret = MHD_gtls_proc_dh_common_client_kx (session, data, _data_size, g, p);
+
+ return ret;
+
+}
diff --git a/src/daemon/https/tls/gnutls_global.c b/src/daemon/https/tls/gnutls_global.c
@@ -94,57 +94,6 @@ MHD_gtls_global_set_log_level (int level)
int MHD__gnutls_is_secure_mem_null (const void *);
-/**
- * MHD_gtls_global_set_mem_functions - This function sets the memory allocation functions
- * @alloc_func: it's the default memory allocation function. Like malloc().
- * @secure_alloc_func: This is the memory allocation function that will be used for sensitive data.
- * @is_secure_func: a function that returns 0 if the memory given is not secure. May be NULL.
- * @realloc_func: A realloc function
- * @free_func: The function that frees allocated data. Must accept a NULL pointer.
- *
- * This is the function were you set the memory allocation functions gnutls
- * is going to use. By default the libc's allocation functions (malloc(), free()),
- * are used by gnutls, to allocate both sensitive and not sensitive data.
- * This function is provided to set the memory allocation functions to
- * something other than the defaults (ie the gcrypt allocation functions).
- *
- * This function must be called before MHD__gnutls_global_init() is called.
- *
- **/
-void
-MHD_gtls_global_set_mem_functions (MHD_gnutls_alloc_function alloc_func,
- MHD_gnutls_alloc_function
- secure_alloc_func,
- MHD_gnutls_is_secure_function
- is_secure_func,
- MHD_gnutls_realloc_function realloc_func,
- MHD_gnutls_free_function free_func)
-{
- MHD_gnutls_secure_malloc = secure_alloc_func;
- MHD_gnutls_malloc = alloc_func;
- MHD_gnutls_realloc = realloc_func;
- MHD_gnutls_free = free_func;
-
- if (is_secure_func != NULL)
- MHD__gnutls_is_secure_memory = is_secure_func;
- else
- MHD__gnutls_is_secure_memory = MHD__gnutls_is_secure_mem_null;
-
- /* if using the libc's default malloc
- * use libc's calloc as well.
- */
- if (MHD_gnutls_malloc == malloc)
- {
- MHD_gnutls_calloc = calloc;
- }
- else
- { /* use the included ones */
- MHD_gnutls_calloc = MHD_gtls_calloc;
- }
- MHD_gnutls_strdup = MHD_gtls_strdup;
-
-}
-
static int MHD__gnutls_init_level = 0;
/**
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
@@ -1717,6 +1717,14 @@ MHD__gnutls_copy_comp_methods (MHD_gtls_session_t session,
return datalen;
}
+static void
+MHD_gtls_set_adv_version (MHD_gtls_session_t session,
+ enum MHD_GNUTLS_Protocol ver)
+{
+ set_adv_version (session, MHD_gtls_version_get_major (ver),
+ MHD_gtls_version_get_minor (ver));
+}
+
/* This function sends the client hello handshake message.
*/
static int
diff --git a/src/daemon/https/tls/gnutls_int.h b/src/daemon/https/tls/gnutls_int.h
@@ -670,7 +670,6 @@ void MHD_gtls_free_auth_info (MHD_gtls_session_t session);
session->internals.adv_version_major = major; \
session->internals.adv_version_minor = minor
-void MHD_gtls_set_adv_version (MHD_gtls_session_t, enum MHD_GNUTLS_Protocol);
enum MHD_GNUTLS_Protocol MHD_gtls_get_adv_version (MHD_gtls_session_t);
#endif /* GNUTLS_INT_H */
diff --git a/src/daemon/https/tls/gnutls_mem.c b/src/daemon/https/tls/gnutls_mem.c
@@ -44,27 +44,6 @@ int (*MHD__gnutls_is_secure_memory) (const void *) =
MHD__gnutls_is_secure_mem_null;
-void *
-MHD_gtls_calloc (size_t nmemb, size_t size)
-{
- void *ret;
- size *= nmemb;
- ret = MHD_gnutls_malloc (size);
- if (ret != NULL)
- memset (ret, 0, size);
- return ret;
-}
-
-svoid *
-MHD_gtls_secure_calloc (size_t nmemb, size_t size)
-{
- svoid *ret;
- size *= nmemb;
- ret = MHD_gnutls_secure_malloc (size);
- if (ret != NULL)
- memset (ret, 0, size);
- return ret;
-}
/* This realloc will free ptr in case realloc
* fails.
@@ -97,39 +76,3 @@ MHD_gtls_strdup (const char *str)
memcpy (ret, str, siz);
return ret;
}
-
-
-#if 0
-/* don't use them. They are included for documentation.
- */
-
-/**
- * MHD_gnutls_malloc - Allocates and returns data
- *
- * This function will allocate 's' bytes data, and
- * return a pointer to memory. This function is supposed
- * to be used by callbacks.
- *
- * The allocation function used is the one set by MHD_gtls_global_set_mem_functions().
- *
- **/
-void *
-MHD_gnutls_malloc (size_t s)
-{
-}
-
-/**
- * MHD_gnutls_free - Returns a free() like function
- * @d: pointer to memory
- *
- * This function will free data pointed by ptr.
- *
- * The deallocation function used is the one set by MHD_gtls_global_set_mem_functions().
- *
- **/
-void
-MHD_gnutls_free (void *ptr)
-{
-}
-
-#endif
diff --git a/src/daemon/https/tls/gnutls_mpi.c b/src/daemon/https/tls/gnutls_mpi.c
@@ -80,26 +80,6 @@ MHD_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer, size_t * nbytes)
}
int
-MHD_gtls_mpi_scan_pgp (mpi_t * ret_mpi, const opaque * buffer,
- size_t * nbytes)
-{
- int ret;
- ret = gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_PGP, buffer, *nbytes, nbytes);
- if (ret)
- return GNUTLS_E_MPI_SCAN_FAILED;
-
- /* MPIs with 0 bits are illegal
- */
- if (MHD__gnutls_mpi_get_nbits (*ret_mpi) == 0)
- {
- MHD_gtls_mpi_release (ret_mpi);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- return 0;
-}
-
-int
MHD_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a)
{
int ret;
@@ -115,7 +95,7 @@ MHD_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a)
}
/* Always has the first bit zero */
-int
+static int
MHD_gtls_mpi_print_lz (void *buffer, size_t * nbytes, const mpi_t a)
{
int ret;
diff --git a/src/daemon/https/tls/gnutls_mpi.h b/src/daemon/https/tls/gnutls_mpi.h
@@ -64,12 +64,7 @@ int MHD_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer,
size_t * nbytes);
int MHD_gtls_mpi_scan (mpi_t * ret_mpi, const opaque * buffer,
size_t * nbytes);
-int MHD_gtls_mpi_scan_pgp (mpi_t * ret_mpi, const opaque * buffer,
- size_t * nbytes);
-
int MHD_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a);
-int MHD_gtls_mpi_print_lz (void *buffer, size_t * nbytes, const mpi_t a);
-
int MHD_gtls_mpi_dprint_lz (MHD_gnutls_datum_t * dest, const mpi_t a);
int MHD_gtls_mpi_dprint (MHD_gnutls_datum_t * dest, const mpi_t a);
