commit ae080a12bd1ef55bc799d66bd55304c20139f2b1
parent 83a212aac273569eba363445e02e9989a0761f70
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 16 Nov 2008 09:38:45 +0000
more dce
Diffstat:
10 files changed, 0 insertions(+), 430 deletions(-)
diff --git a/configure.ac b/configure.ac
@@ -292,49 +292,13 @@ fi
AM_CONDITIONAL(MHD_DEBUG_TLS, test "$enable_client_side" != "no")
-# optional: TLS support. Included by default
-AC_MSG_CHECKING(--enable-TLS argument)
-AC_ARG_ENABLE([TLS],
- [AS_HELP_STRING([--enable-TLS],
- [enable TLS support (default is yes)])],
- [enable_TLS=$enableval],
- [enable_TLS="yes"])
-AC_MSG_RESULT($enable_TLS)
-
-
-# optional: SSLv3 support. Exclude by default
-AC_MSG_CHECKING(--enable-SSL argument)
-AC_ARG_ENABLE([SSL],
- [AS_HELP_STRING([--enable-SSL],
- [enable SSLv3 support (default is no)])],
- [enable_SSL=$enableval],
- [enable_SSL="no"])
-AC_MSG_RESULT($enable_SSL)
-
-
-# optional: x509 certificate support. Include by default
-AC_MSG_CHECKING(--enable-x509 argument)
-AC_ARG_ENABLE([x509],
- [AS_HELP_STRING([--enable-x509],
- [enable x509 support (default is yes)])],
- [enable_x509=$enableval],
- [enable_x509="yes"])
-AC_MSG_RESULT($enable_x509)
-
# test for libz (optional feature for HTTPS)
zlib=1
AC_CHECK_LIB(z, compress,,zlib=0)
AM_CONDITIONAL(HAVE_LIBZ, test x$zlib = x1)
# Symbols required by GNU_TLS
-AC_DEFINE([ENABLE_MINITASN1],[1],[Include minitasn1 support])
-AC_DEFINE([GNULIB_GC_HMAC_SHA1],[1],[GNULIB_GC_HMAC_SHA1])
AC_DEFINE([GNULIB_GC_RANDOM],[1],[GNULIB_GC_RANDOM])
-AC_DEFINE([ENABLE_PKI],[0],[Include PKI support])
-# gnutls debug support
-AC_DEFINE([DEBUG],[1],[Include gnutls debug message support])
-AC_DEFINE([C99_MACROS],[1],[Include gnutls debug message support])
-
# gcov compilation
@@ -403,9 +367,6 @@ AC_MSG_NOTICE([Configuration Summary:
if test "$enable_HTTPS" = "yes"
then
AC_MSG_NOTICE([HTTPS subsystem configuration:
- TLS support: ${enable_TLS}
- SSLv3 support: ${enable_SSL}
- x509 support: ${enable_x509}
Client code dep.: ${MSG_CLIENT_SIDE}
])
if test "$zlib" != 1
diff --git a/src/daemon/https/lgl/gc-libgcrypt.c b/src/daemon/https/lgl/gc-libgcrypt.c
@@ -121,16 +121,6 @@ MHD_gc_cipher_open (Gc_cipher alg,
gcryalg = GCRY_CIPHER_RFC2268_40;
break;
-#ifdef ENABLE_CAMELLIA
- case GC_CAMELLIA128:
- gcryalg = GCRY_CIPHER_CAMELLIA128;
- break;
-
- case GC_CAMELLIA256:
- gcryalg = GCRY_CIPHER_CAMELLIA256;
- break;
-#endif
-
default:
return GC_INVALID_CIPHER;
}
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am
@@ -25,7 +25,6 @@ debug.c \
defines.h \
ext_cert_type.c \
ext_max_record.c \
-ext_oprfi.c \
ext_server_name.c \
gnutls_alert.c \
gnutls_algorithms.c \
diff --git a/src/daemon/https/tls/ext_oprfi.c b/src/daemon/https/tls/ext_oprfi.c
@@ -1,217 +0,0 @@
-/*
- * Copyright (C) 2007 Free Software Foundation
- *
- * Author: Simon Josefsson
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* Implementation of Opaque PRF Input:
- * http://tools.ietf.org/id/draft-rescorla-tls-opaque-prf-input-00.txt
- *
- */
-
-#include "MHD_config.h"
-#include <ext_oprfi.h>
-
-#include <gnutls_errors.h>
-#include <gnutls_num.h>
-
-static int
-oprfi_recv_server (MHD_gtls_session_t session,
- const opaque * data, size_t _data_size)
-{
- ssize_t data_size = _data_size;
- uint16_t len;
-
- if (!session->security_parameters.extensions.oprfi_cb)
- {
- MHD_gnutls_assert ();
- return 0;
- }
-
- DECR_LEN (data_size, 2);
- len = MHD_gtls_read_uint16 (data);
- data += 2;
-
- if (len != data_size)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- /* Store incoming data. */
- session->security_parameters.extensions.oprfi_client_len = len;
- session->security_parameters.extensions.oprfi_client =
- MHD_gnutls_malloc (len);
- if (!session->security_parameters.extensions.oprfi_client)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- memcpy (session->security_parameters.extensions.oprfi_client, data, len);
-
- return 0;
-}
-
-#if MHD_DEBUG_TLS
-static int
-oprfi_recv_client (MHD_gtls_session_t session,
- const opaque * data, size_t _data_size)
-{
- ssize_t data_size = _data_size;
- uint16_t len;
-
- if (session->security_parameters.extensions.oprfi_client == NULL)
- {
- MHD_gnutls_assert ();
- return 0;
- }
-
- DECR_LEN (data_size, 2);
- len = MHD_gtls_read_uint16 (data);
- data += 2;
-
- if (len != data_size)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- if (len != session->security_parameters.extensions.oprfi_client_len)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- }
-
- /* Store incoming data. */
- session->security_parameters.extensions.oprfi_server_len = len;
- session->security_parameters.extensions.oprfi_server =
- MHD_gnutls_malloc (len);
- if (!session->security_parameters.extensions.oprfi_server)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- memcpy (session->security_parameters.extensions.oprfi_server, data, len);
-
- return 0;
-}
-#endif
-
-int
-MHD_gtls_oprfi_recv_params (MHD_gtls_session_t session,
- const opaque * data, size_t data_size)
-{
-#if MHD_DEBUG_TLS
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- return oprfi_recv_client (session, data, data_size);
- else
-#endif
- return oprfi_recv_server (session, data, data_size);
-}
-
-#if MHD_DEBUG_TLS
-static int
-oprfi_send_client (MHD_gtls_session_t session, opaque * data,
- size_t _data_size)
-{
- opaque *p = data;
- ssize_t data_size = _data_size;
- int oprf_size = session->security_parameters.extensions.oprfi_client_len;
-
- if (oprf_size == 0)
- return 0;
-
- DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER);
- MHD_gtls_write_uint16 (oprf_size, p);
- p += 2;
-
- DECR_LENGTH_RET (data_size, oprf_size, GNUTLS_E_SHORT_MEMORY_BUFFER);
-
- memcpy (p, session->security_parameters.extensions.oprfi_client, oprf_size);
-
- return 2 + oprf_size;
-}
-#endif
-
-static int
-oprfi_send_server (MHD_gtls_session_t session, opaque * data,
- size_t _data_size)
-{
- opaque *p = data;
- int ret;
- ssize_t data_size = _data_size;
-
- if (!session->security_parameters.extensions.oprfi_client ||
- !session->security_parameters.extensions.oprfi_cb)
- return 0;
-
- /* Allocate buffer for outgoing data. */
- session->security_parameters.extensions.oprfi_server_len =
- session->security_parameters.extensions.oprfi_client_len;
- session->security_parameters.extensions.oprfi_server =
- MHD_gnutls_malloc (session->security_parameters.extensions.
- oprfi_server_len);
- if (!session->security_parameters.extensions.oprfi_server)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* Get outgoing data. */
- ret = session->security_parameters.extensions.oprfi_cb
- (session, session->security_parameters.extensions.oprfi_userdata,
- session->security_parameters.extensions.oprfi_client_len,
- session->security_parameters.extensions.oprfi_client,
- session->security_parameters.extensions.oprfi_server);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- MHD_gnutls_free (session->security_parameters.extensions.oprfi_server);
- return ret;
- }
-
- DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER);
- MHD_gtls_write_uint16 (session->security_parameters.extensions.
- oprfi_server_len, p);
- p += 2;
-
- DECR_LENGTH_RET (data_size,
- session->security_parameters.extensions.oprfi_server_len,
- GNUTLS_E_SHORT_MEMORY_BUFFER);
-
- memcpy (p, session->security_parameters.extensions.oprfi_server,
- session->security_parameters.extensions.oprfi_server_len);
-
- return 2 + session->security_parameters.extensions.oprfi_server_len;
-}
-
-int
-MHD_gtls_oprfi_send_params (MHD_gtls_session_t session,
- opaque * data, size_t data_size)
-{
-#if MHD_DEBUG_TLS
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- return oprfi_send_client (session, data, data_size);
- else
-#endif
- return oprfi_send_server (session, data, data_size);
-}
-
diff --git a/src/daemon/https/tls/ext_oprfi.h b/src/daemon/https/tls/ext_oprfi.h
@@ -1,31 +0,0 @@
-/*
- * Copyright (C) 2007 Free Software Foundation
- *
- * Author: Simon Josefsson
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <gnutls_int.h>
-
-int MHD_gtls_oprfi_recv_params (MHD_gtls_session_t state,
- const opaque * data, size_t data_size);
-
-int MHD_gtls_oprfi_send_params (MHD_gtls_session_t state,
- opaque * data, size_t data_size);
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c
@@ -235,14 +235,6 @@ static const MHD_gnutls_cipher_entry MHD_gtls_algorithms[] = {
CIPHER_BLOCK,
8,
1},
-#ifdef ENABLE_CAMELLIA
- {"CAMELLIA-256-CBC", MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32,
- CIPHER_BLOCK,
- 16, 0},
- {"CAMELLIA-128-CBC", MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16,
- CIPHER_BLOCK,
- 16, 0},
-#endif
{"NULL",
MHD_GNUTLS_CIPHER_NULL,
1,
@@ -268,10 +260,6 @@ static const enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_supported_ciphers[] =
MHD_GNUTLS_CIPHER_ARCFOUR_128,
MHD_GNUTLS_CIPHER_ARCFOUR_40,
MHD_GNUTLS_CIPHER_RC2_40_CBC,
-#ifdef ENABLE_CAMELLIA
- MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC,
- MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
-#endif
MHD_GNUTLS_CIPHER_NULL,
0
};
@@ -595,16 +583,6 @@ static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = {
MHD_GNUTLS_CIPHER_AES_256_CBC,
MHD_GNUTLS_KX_DHE_DSS,
MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
-#ifdef ENABLE_CAMELLIA
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
- MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
- MHD_GNUTLS_KX_DHE_DSS,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
- MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC,
- MHD_GNUTLS_KX_DHE_DSS,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-#endif
/* DHE_RSA */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
MHD_GNUTLS_CIPHER_3DES_CBC,
@@ -618,16 +596,6 @@ static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = {
MHD_GNUTLS_CIPHER_AES_256_CBC,
MHD_GNUTLS_KX_DHE_RSA,
MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
-#ifdef ENABLE_CAMELLIA
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
- MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
- MHD_GNUTLS_KX_DHE_RSA,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
- MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC,
- MHD_GNUTLS_KX_DHE_RSA,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-#endif
/* RSA */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
MHD_GNUTLS_CIPHER_NULL,
@@ -657,16 +625,6 @@ static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = {
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_RSA,
MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
-#ifdef ENABLE_CAMELLIA
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
- MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
- MHD_GNUTLS_KX_RSA,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
- MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC,
- MHD_GNUTLS_KX_RSA,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-#endif
{0,
{
{0,
@@ -1245,39 +1203,11 @@ MHD__gnutls_compare_algo (MHD_gtls_session_t session,
}
}
-#ifdef SORT_DEBUG
-static void
-MHD__gnutls_bsort (MHD_gtls_session_t session, void *_base, size_t nmemb,
- size_t size, int (*compar) (MHD_gtls_session_t,
- const void *, const void *))
-{
- unsigned int i, j;
- int full = nmemb * size;
- char *base = _base;
- char tmp[MAX_ELEM_SIZE];
-
- for (i = 0; i < full; i += size)
- {
- for (j = 0; j < full; j += size)
- {
- if (compar (session, &base[i], &base[j]) < 0)
- {
- SWAP (&base[j], &base[i]);
- }
- }
- }
-
-}
-#endif
-
int
MHD_gtls_supported_ciphersuites_sorted (MHD_gtls_session_t session,
cipher_suite_st ** ciphers)
{
-#ifdef SORT_DEBUG
- unsigned int i;
-#endif
int count;
count = MHD_gtls_supported_ciphersuites (session, ciphers);
@@ -1286,23 +1216,9 @@ MHD_gtls_supported_ciphersuites_sorted (MHD_gtls_session_t session,
MHD_gnutls_assert ();
return count;
}
-#ifdef SORT_DEBUG
- MHD__gnutls_debug_log ("Unsorted: \n");
- for (i = 0; i < count; i++)
- MHD__gnutls_debug_log ("\t%d: %s\n", i,
- MHD_gtls_cipher_suite_get_name ((*ciphers)[i]));
-#endif
-
MHD__gnutls_qsort (session, *ciphers, count, sizeof (cipher_suite_st),
MHD__gnutls_compare_algo);
-#ifdef SORT_DEBUG
- MHD__gnutls_debug_log ("Sorted: \n");
- for (i = 0; i < count; i++)
- MHD__gnutls_debug_log ("\t%d: %s\n", i,
- MHD_gtls_cipher_suite_get_name ((*ciphers)[i]));
-#endif
-
return count;
}
diff --git a/src/daemon/https/tls/gnutls_cipher_int.c b/src/daemon/https/tls/gnutls_cipher_int.c
@@ -65,16 +65,6 @@ MHD_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher,
err = MHD_gc_cipher_open (GC_ARCTWO40, GC_CBC, &ret);
break;
-#ifdef ENABLE_CAMELLIA
- case MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC:
- err = MHD_gc_cipher_open (GC_CAMELLIA128, GC_CBC, &ret);
- break;
-
- case MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC:
- err = MHD_gc_cipher_open (GC_CAMELLIA256, GC_CBC, &ret);
- break;
-#endif
-
default:
return NULL;
}
diff --git a/src/daemon/https/tls/gnutls_compress_int.c b/src/daemon/https/tls/gnutls_compress_int.c
@@ -190,12 +190,6 @@ MHD_gtls_compress (comp_hd_t handle, const opaque * plain,
return GNUTLS_E_INTERNAL_ERROR;
} /* switch */
-#ifdef COMPRESSION_DEBUG
- MHD__gnutls_debug_log ("Compression ratio: %f\n",
- (float) ((float) compressed_size /
- (float) plain_size));
-#endif
-
if ((size_t) compressed_size > max_comp_size)
{
MHD_gnutls_free (*compressed);
diff --git a/src/daemon/https/tls/gnutls_extensions.c b/src/daemon/https/tls/gnutls_extensions.c
@@ -58,12 +58,6 @@ MHD_gtls_extension_entry MHD_gtls_extensions[MAX_EXT_SIZE] = {
EXTENSION_APPLICATION,
MHD_gtls_server_name_recv_params,
MHD_gtls_server_name_send_params),
-#ifdef ENABLE_OPRFI
- GNUTLS_EXTENSION_ENTRY (GNUTLS_EXTENSION_OPAQUE_PRF_INPUT,
- EXTENSION_TLS,
- MHD_gtls_oprfi_recv_params,
- MHD_gtls_oprfi_send_params),
-#endif
{0, 0, 0, 0}
};
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
@@ -763,20 +763,6 @@ MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data,
MHD_gnutls_assert ();
return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
}
-#ifdef HANDSHAKE_DEBUG
-
- MHD__gnutls_handshake_log ("HSK[%x]: Requested cipher suites: \n", session);
- for (j = 0; j < datalen; j += 2)
- {
- memcpy (&cs.suite, &data[j], 2);
- MHD__gnutls_handshake_log ("\t%s\n",
- MHD_gtls_cipher_suite_get_name (&cs));
- }
- MHD__gnutls_handshake_log ("HSK[%x]: Supported cipher suites: \n", session);
- for (j = 0; j < x; j++)
- MHD__gnutls_handshake_log ("\t%s\n",
- MHD_gtls_cipher_suite_get_name (&ciphers[j]));
-#endif
memset (session->security_parameters.current_cipher_suite.suite, '\0', 2);
retval = GNUTLS_E_UNKNOWN_CIPHER_SUITE;
@@ -2315,18 +2301,6 @@ MHD_gtls_handshake_client (MHD_gtls_session_t session)
{
int ret = 0;
-#ifdef HANDSHAKE_DEBUG
- char buf[64];
-
- if (session->internals.resumed_security_parameters.session_id_size > 0)
- MHD__gnutls_handshake_log ("HSK[%x]: Ask to resume: %s\n", session,
- MHD_gtls_bin2hex (session->
- internals.resumed_security_parameters.session_id,
- session->
- internals.resumed_security_parameters.session_id_size,
- buf, sizeof (buf)));
-#endif
-
switch (STATE)
{
case STATE0:
