aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2008-11-16 08:46:25 +0000
committerChristian Grothoff <christian@grothoff.org>2008-11-16 08:46:25 +0000
commit570589f3f14045a51dd3e30a6f140bd45a4d0e1d (patch)
tree01f32d0bf9656ae4561768c46734083959b22aa2
parent2d2199d702a434a3e58d672ad213586b5a856e7a (diff)
downloadlibmicrohttpd-570589f3f14045a51dd3e30a6f140bd45a4d0e1d.tar.gz
libmicrohttpd-570589f3f14045a51dd3e30a6f140bd45a4d0e1d.zip
more DCE
-rw-r--r--src/daemon/https/gnutls.h165
-rw-r--r--src/daemon/https/tls/Makefile.am3
-rw-r--r--src/daemon/https/tls/auth_cert.c2
-rw-r--r--src/daemon/https/tls/debug.c11
-rw-r--r--src/daemon/https/tls/debug.h1
-rw-r--r--src/daemon/https/tls/ext_oprfi.c49
-rw-r--r--src/daemon/https/tls/ext_server_name.c119
-rw-r--r--src/daemon/https/tls/gnutls_algorithms.c469
-rw-r--r--src/daemon/https/tls/gnutls_algorithms.h24
-rw-r--r--src/daemon/https/tls/gnutls_auth.c39
-rw-r--r--src/daemon/https/tls/gnutls_buffers.c94
-rw-r--r--src/daemon/https/tls/gnutls_buffers.h3
-rw-r--r--src/daemon/https/tls/gnutls_cert.c142
-rw-r--r--src/daemon/https/tls/gnutls_cert.h5
-rw-r--r--src/daemon/https/tls/gnutls_datum.c33
-rw-r--r--src/daemon/https/tls/gnutls_datum.h4
-rw-r--r--src/daemon/https/tls/gnutls_extensions.c6
-rw-r--r--src/daemon/https/tls/gnutls_handshake.c47
-rw-r--r--src/daemon/https/tls/gnutls_mem.c13
-rw-r--r--src/daemon/https/tls/gnutls_priority.c157
-rw-r--r--src/daemon/https/tls/gnutls_record.c94
-rw-r--r--src/daemon/https/tls/gnutls_session.c71
-rw-r--r--src/daemon/https/tls/gnutls_session_pack.c1025
-rw-r--r--src/daemon/https/tls/gnutls_session_pack.h28
-rw-r--r--src/daemon/https/tls/gnutls_state.c321
-rw-r--r--src/daemon/https/tls/gnutls_str.c129
-rw-r--r--src/daemon/https/tls/gnutls_str.h11
-rw-r--r--src/daemon/https/tls/gnutls_supplemental.c12
-rw-r--r--src/include/microhttpd.h10
29 files changed, 1 insertions, 3086 deletions
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h
index 74e62ef4..f779e1b9 100644
--- a/src/daemon/https/gnutls.h
+++ b/src/daemon/https/gnutls.h
@@ -239,48 +239,15 @@ extern "C"
239 239
240 enum MHD_GNUTLS_CompressionMethod 240 enum MHD_GNUTLS_CompressionMethod
241 MHD_gtls_compression_get (MHD_gtls_session_t session); 241 MHD_gtls_compression_get (MHD_gtls_session_t session);
242// enum MHD_GNUTLS_CipherAlgorithm MHD_gnutls_cipher_get (MHD_gtls_session_t session);
243// enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gnutls_kx_get (MHD_gtls_session_t session);
244// enum MHD_GNUTLS_HashAlgorithm MHD_gnutls_mac_get (MHD_gtls_session_t session);
245// enum MHD_GNUTLS_CertificateType MHD_gnutls_certificate_type_get (MHD_gtls_session_t
246// session);
247
248 size_t MHD__gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm 242 size_t MHD__gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm
249 algorithm); 243 algorithm);
250 size_t MHD__gnutls_mac_get_key_size (enum MHD_GNUTLS_HashAlgorithm
251 algorithm);
252 244
253/* the name of the specified algorithms */ 245/* the name of the specified algorithms */
254 const char *MHD__gnutls_cipher_get_name (enum MHD_GNUTLS_CipherAlgorithm
255 algorithm);
256 const char *MHD__gnutls_mac_get_name (enum MHD_GNUTLS_HashAlgorithm
257 algorithm);
258 const char *MHD_gtls_compression_get_name (enum 246 const char *MHD_gtls_compression_get_name (enum
259 MHD_GNUTLS_CompressionMethod 247 MHD_GNUTLS_CompressionMethod
260 algorithm); 248 algorithm);
261 const char *MHD__gnutls_kx_get_name (enum MHD_GNUTLS_KeyExchangeAlgorithm
262 algorithm);
263 const char *MHD__gnutls_certificate_type_get_name (enum
264 MHD_GNUTLS_CertificateType
265 type);
266
267 enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name);
268 enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get_id (const char 249 enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get_id (const char
269 *name); 250 *name);
270 enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name);
271 enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char *name);
272 enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char *name);
273 enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char
274 *name);
275
276 /* list supported algorithms */
277 const enum MHD_GNUTLS_CipherAlgorithm *MHD_gtls_cipher_list (void);
278 const enum MHD_GNUTLS_HashAlgorithm *MHD_gtls_mac_list (void);
279 const enum MHD_GNUTLS_CompressionMethod *MHD_gtls_compression_list (void);
280 const enum MHD_GNUTLS_Protocol *MHD_gtls_protocol_list (void);
281 const enum MHD_GNUTLS_CertificateType
282 *MHD_gtls_certificate_type_list (void);
283 const enum MHD_GNUTLS_KeyExchangeAlgorithm *MHD_gtls_kx_list (void);
284 251
285 /* error functions */ 252 /* error functions */
286 int MHD_gtls_error_is_fatal (int error); 253 int MHD_gtls_error_is_fatal (int error);
@@ -288,8 +255,6 @@ extern "C"
288 void MHD_gtls_perror (int error); 255 void MHD_gtls_perror (int error);
289 const char *MHD_gtls_strerror (int error); 256 const char *MHD_gtls_strerror (int error);
290 257
291 void MHD_gtls_handshake_set_private_extensions (MHD_gtls_session_t session,
292 int allow);
293/* 258/*
294 * Record layer functions. 259 * Record layer functions.
295 */ 260 */
@@ -299,25 +264,7 @@ extern "C"
299 size_t sizeofdata); 264 size_t sizeofdata);
300 265
301 /* provides extra compatibility */ 266 /* provides extra compatibility */
302 void MHD_gtls_record_disable_padding (MHD_gtls_session_t session);
303 size_t MHD_gtls_record_check_pending (MHD_gtls_session_t session);
304
305 int MHD__gnutls_record_get_direction (MHD_gtls_session_t session); 267 int MHD__gnutls_record_get_direction (MHD_gtls_session_t session);
306 size_t MHD__gnutls_record_get_max_size (MHD_gtls_session_t session);
307 ssize_t MHD__gnutls_record_set_max_size (MHD_gtls_session_t session,
308 size_t size);
309
310
311 int MHD__gnutls_prf (MHD_gtls_session_t session,
312 size_t label_size, const char *label,
313 int server_random_first,
314 size_t extra_size, const char *extra,
315 size_t outsize, char *out);
316
317 int MHD__gnutls_prf_raw (MHD_gtls_session_t session,
318 size_t label_size, const char *label,
319 size_t seed_size, const char *seed,
320 size_t outsize, char *out);
321 268
322/* 269/*
323 * TLS Extensions 270 * TLS Extensions
@@ -327,22 +274,10 @@ extern "C"
327 GNUTLS_NAME_DNS = 1 274 GNUTLS_NAME_DNS = 1
328 } MHD_gnutls_server_name_type_t; 275 } MHD_gnutls_server_name_type_t;
329 276
330 int MHD__gnutls_server_name_set (MHD_gtls_session_t session,
331 MHD_gnutls_server_name_type_t type,
332 const void *name, size_t name_length);
333
334 int MHD__gnutls_server_name_get (MHD_gtls_session_t session,
335 void *data, size_t * data_length,
336 unsigned int *type, unsigned int indx);
337
338 /* Opaque PRF Input 277 /* Opaque PRF Input
339 * http://tools.ietf.org/id/draft-rescorla-tls-opaque-prf-input-00.txt 278 * http://tools.ietf.org/id/draft-rescorla-tls-opaque-prf-input-00.txt
340 */ 279 */
341 280
342 void
343 MHD_gtls_oprfi_enable_client (MHD_gtls_session_t session,
344 size_t len, unsigned char *data);
345
346 typedef int (*MHD_gnutls_oprfi_callback_func) (MHD_gtls_session_t session, 281 typedef int (*MHD_gnutls_oprfi_callback_func) (MHD_gtls_session_t session,
347 void *userdata, 282 void *userdata,
348 size_t oprfi_len, 283 size_t oprfi_len,
@@ -350,32 +285,12 @@ extern "C"
350 *in_oprfi, 285 *in_oprfi,
351 unsigned char *out_oprfi); 286 unsigned char *out_oprfi);
352 287
353 void
354 MHD_gtls_oprfi_enable_server (MHD_gtls_session_t session,
355 MHD_gnutls_oprfi_callback_func cb,
356 void *userdata);
357
358 /* Supplemental data, RFC 4680. */ 288 /* Supplemental data, RFC 4680. */
359 typedef enum 289 typedef enum
360 { 290 {
361 GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0 291 GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
362 } MHD_gnutls_supplemental_data_format_type_t; 292 } MHD_gnutls_supplemental_data_format_type_t;
363 293
364 const char *MHD_gtls_supplemental_get_name
365 (MHD_gnutls_supplemental_data_format_type_t type);
366
367 int MHD__gnutls_cipher_set_priority (MHD_gtls_session_t session,
368 const int *list);
369 int MHD__gnutls_mac_set_priority (MHD_gtls_session_t session,
370 const int *list);
371 int MHD__gnutls_compression_set_priority (MHD_gtls_session_t session,
372 const int *list);
373 int MHD__gnutls_kx_set_priority (MHD_gtls_session_t session,
374 const int *list);
375 int MHD__gnutls_protocol_set_priority (MHD_gtls_session_t session,
376 const int *list);
377 int MHD__gnutls_certificate_type_set_priority (MHD_gtls_session_t session,
378 const int *list);
379 294
380 int MHD_tls_set_default_priority (MHD_gnutls_priority_t *, 295 int MHD_tls_set_default_priority (MHD_gnutls_priority_t *,
381 const char *priority, 296 const char *priority,
@@ -392,38 +307,8 @@ extern "C"
392 enum MHD_GNUTLS_Protocol 307 enum MHD_GNUTLS_Protocol
393 MHD__gnutls_protocol_get_version (MHD_gtls_session_t session); 308 MHD__gnutls_protocol_get_version (MHD_gtls_session_t session);
394 309
395 const char *MHD__gnutls_protocol_get_name (enum MHD_GNUTLS_Protocol
396 version);
397
398/*
399 * get/set session
400 */
401// int MHD_gnutls_session_set_data (MHD_gtls_session_t session,
402// const void *session_data,
403// size_t session_data_size);
404// int MHD_gnutls_session_get_data (MHD_gtls_session_t session, void *session_data,
405// size_t * session_data_size);
406// int MHD_gnutls_session_get_data2 (MHD_gtls_session_t session,
407// MHD_gnutls_datum_t * data);
408
409 int MHD_gtls_session_get_id (MHD_gtls_session_t session, void *session_id,
410 size_t * session_id_size);
411
412/* returns security values.
413 * Do not use them unless you know what you're doing.
414 */
415 const void *MHD_gtls_session_get_server_random (MHD_gtls_session_t session);
416 const void *MHD_gtls_session_get_client_random (MHD_gtls_session_t session);
417 const void *MHD_gtls_session_get_master_secret (MHD_gtls_session_t session);
418
419 int MHD_gtls_session_is_resumed (MHD_gtls_session_t session);
420
421 typedef 310 typedef
422 int (*MHD_gnutls_handshake_post_client_hello_func) (MHD_gtls_session_t); 311 int (*MHD_gnutls_handshake_post_client_hello_func) (MHD_gtls_session_t);
423 void
424 MHD__gnutls_handshake_set_post_client_hello_function (MHD_gtls_session_t,
425 MHD_gnutls_handshake_post_client_hello_func);
426
427 void MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t 312 void MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t
428 session, size_t max); 313 session, size_t max);
429 314
@@ -490,17 +375,6 @@ extern "C"
490 struct MHD_gnutls_x509_crt_int; 375 struct MHD_gnutls_x509_crt_int;
491 typedef struct MHD_gnutls_x509_crt_int *MHD_gnutls_x509_crt_t; 376 typedef struct MHD_gnutls_x509_crt_int *MHD_gnutls_x509_crt_t;
492 377
493// int MHD_gnutls_certificate_set_x509_key (MHD_gtls_cert_credentials_t res,
494// MHD_gnutls_x509_crt_t * cert_list,
495// int cert_list_size,
496// MHD_gnutls_x509_privkey_t key);
497// int MHD_gnutls_certificate_set_x509_trust (MHD_gtls_cert_credentials_t res,
498// MHD_gnutls_x509_crt_t * ca_list,
499// int ca_list_size);
500// int MHD_gnutls_certificate_set_x509_crl (MHD_gtls_cert_credentials_t res,
501// MHD_gnutls_x509_crl_t * crl_list,
502// int crl_list_size);
503
504/* global state functions 378/* global state functions
505 */ 379 */
506 380
@@ -518,8 +392,6 @@ extern "C"
518 extern MHD_gnutls_calloc_function MHD_gnutls_calloc; 392 extern MHD_gnutls_calloc_function MHD_gnutls_calloc;
519 extern MHD_gnutls_free_function MHD_gnutls_free; 393 extern MHD_gnutls_free_function MHD_gnutls_free;
520 394
521 extern char *(*MHD_gnutls_strdup) (const char *);
522
523 typedef void (*MHD_gnutls_log_func) (int, const char *); 395 typedef void (*MHD_gnutls_log_func) (int, const char *);
524 void MHD_gtls_global_set_log_function (MHD_gnutls_log_func log_func); 396 void MHD_gtls_global_set_log_function (MHD_gnutls_log_func log_func);
525 void MHD_gtls_global_set_log_level (int level); 397 void MHD_gtls_global_set_log_level (int level);
@@ -549,10 +421,6 @@ extern "C"
549 const void *, size_t); 421 const void *, size_t);
550 void MHD__gnutls_transport_set_ptr (MHD_gtls_session_t session, 422 void MHD__gnutls_transport_set_ptr (MHD_gtls_session_t session,
551 MHD_gnutls_transport_ptr_t ptr); 423 MHD_gnutls_transport_ptr_t ptr);
552 void MHD__gnutls_transport_set_ptr2 (MHD_gtls_session_t session,
553 MHD_gnutls_transport_ptr_t recv_ptr,
554 MHD_gnutls_transport_ptr_t send_ptr);
555
556 void MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num); 424 void MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num);
557 425
558 426
@@ -561,15 +429,6 @@ extern "C"
561 void MHD__gnutls_transport_set_pull_function (MHD_gtls_session_t session, 429 void MHD__gnutls_transport_set_pull_function (MHD_gtls_session_t session,
562 MHD_gtls_pull_func pull_func); 430 MHD_gtls_pull_func pull_func);
563 431
564 void MHD__gnutls_transport_set_errno (MHD_gtls_session_t session, int err);
565 void MHD__gnutls_transport_set_global_errno (int err);
566
567/*
568 * session specific
569 */
570 void MHD__gnutls_session_set_ptr (MHD_gtls_session_t session, void *ptr);
571 void *MHD_gtls_session_get_ptr (MHD_gtls_session_t session);
572
573 typedef enum MHD_gnutls_x509_subject_alt_name_t 432 typedef enum MHD_gnutls_x509_subject_alt_name_t
574 { 433 {
575 GNUTLS_SAN_DNSNAME = 1, 434 GNUTLS_SAN_DNSNAME = 1,
@@ -620,11 +479,6 @@ extern "C"
620 */ 479 */
621 enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_get_type (MHD_gtls_session_t 480 enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_get_type (MHD_gtls_session_t
622 session); 481 session);
623 enum MHD_GNUTLS_CredentialsType
624 MHD_gtls_auth_server_get_type (MHD_gtls_session_t session);
625 enum MHD_GNUTLS_CredentialsType
626 MHD_gtls_auth_client_get_type (MHD_gtls_session_t session);
627
628 /* 482 /*
629 * DH 483 * DH
630 */ 484 */
@@ -640,25 +494,6 @@ extern "C"
640 const MHD_gnutls_datum_t * hash, 494 const MHD_gnutls_datum_t * hash,
641 MHD_gnutls_datum_t * signature); 495 MHD_gnutls_datum_t * signature);
642 496
643 void MHD_gtls_sign_callback_set (MHD_gtls_session_t session,
644 MHD_gnutls_sign_func sign_func,
645 void *userdata);
646 MHD_gnutls_sign_func MHD_gtls_sign_callback_get (MHD_gtls_session_t session,
647 void **userdata);
648
649 /* These are set on the credentials structure.
650 */
651 void MHD_gtls_certificate_client_set_retrieve_function
652 (MHD_gtls_cert_credentials_t cred,
653 MHD_gnutls_certificate_client_retrieve_function * func);
654 void MHD_gtls_certificate_server_set_retrieve_function
655 (MHD_gtls_cert_credentials_t cred,
656 MHD_gnutls_certificate_server_retrieve_function * func);
657
658 void MHD_gtls_certificate_server_set_request (MHD_gtls_session_t session,
659 MHD_gnutls_certificate_request_t
660 req);
661
662 int MHD_gtls_pem_base64_encode (const char *msg, 497 int MHD_gtls_pem_base64_encode (const char *msg,
663 const MHD_gnutls_datum_t * data, 498 const MHD_gnutls_datum_t * data,
664 char *result, size_t * result_size); 499 char *result, size_t * result_size);
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am
index 77dee4a4..6902fd9b 100644
--- a/src/daemon/https/tls/Makefile.am
+++ b/src/daemon/https/tls/Makefile.am
@@ -54,8 +54,6 @@ gnutls_pk.c \
54gnutls_priority.c \ 54gnutls_priority.c \
55gnutls_record.c \ 55gnutls_record.c \
56gnutls_rsa_export.c \ 56gnutls_rsa_export.c \
57gnutls_session.c \
58gnutls_session_pack.c \
59gnutls_sig.c \ 57gnutls_sig.c \
60gnutls_state.c \ 58gnutls_state.c \
61gnutls_str.c \ 59gnutls_str.c \
@@ -97,7 +95,6 @@ gnutls_num.h \
97gnutls_pk.h \ 95gnutls_pk.h \
98gnutls_record.h \ 96gnutls_record.h \
99gnutls_rsa_export.h \ 97gnutls_rsa_export.h \
100gnutls_session_pack.h \
101gnutls_sig.h \ 98gnutls_sig.h \
102gnutls_state.h \ 99gnutls_state.h \
103gnutls_str.h \ 100gnutls_str.h \
diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c
index d0191f24..7b04e9d4 100644
--- a/src/daemon/https/tls/auth_cert.c
+++ b/src/daemon/https/tls/auth_cert.c
@@ -639,7 +639,7 @@ MHD_gtls_gen_cert_server_certificate (MHD_gtls_session_t session,
639 */ 639 */
640 640
641#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) MHD_gtls_gcert_deinit(&peer_certificate_list[x]) 641#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) MHD_gtls_gcert_deinit(&peer_certificate_list[x])
642int 642static int
643MHD_gtls_proc_x509_server_certificate (MHD_gtls_session_t session, 643MHD_gtls_proc_x509_server_certificate (MHD_gtls_session_t session,
644 opaque * data, size_t data_size) 644 opaque * data, size_t data_size)
645{ 645{
diff --git a/src/daemon/https/tls/debug.c b/src/daemon/https/tls/debug.c
index a0a4953a..c1634515 100644
--- a/src/daemon/https/tls/debug.c
+++ b/src/daemon/https/tls/debug.c
@@ -94,14 +94,3 @@ MHD__gnutls_handshake2str (MHD_gnutls_handshake_description_t handshake)
94 } 94 }
95} 95}
96 96
97void
98MHD__gnutls_dump_mpi (const char *prefix, mpi_t a)
99{
100 opaque buf[1024];
101 size_t n = sizeof buf;
102
103 if (gcry_mpi_print (GCRYMPI_FMT_HEX, buf, n, &n, a))
104 strcpy ((char *) buf, "[can't print value]"); /* Flawfinder: ignore */
105 MHD__gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (n - 1) / 2, prefix,
106 buf);
107}
diff --git a/src/daemon/https/tls/debug.h b/src/daemon/https/tls/debug.h
index 0ecce182..ba1f1006 100644
--- a/src/daemon/https/tls/debug.h
+++ b/src/daemon/https/tls/debug.h
@@ -25,4 +25,3 @@
25const char *MHD__gnutls_packet2str (content_type_t packet); 25const char *MHD__gnutls_packet2str (content_type_t packet);
26const char *MHD__gnutls_handshake2str (MHD_gnutls_handshake_description_t 26const char *MHD__gnutls_handshake2str (MHD_gnutls_handshake_description_t
27 handshake); 27 handshake);
28void MHD__gnutls_dump_mpi (const char *prefix, mpi_t a);
diff --git a/src/daemon/https/tls/ext_oprfi.c b/src/daemon/https/tls/ext_oprfi.c
index 8b245404..060155e4 100644
--- a/src/daemon/https/tls/ext_oprfi.c
+++ b/src/daemon/https/tls/ext_oprfi.c
@@ -215,52 +215,3 @@ MHD_gtls_oprfi_send_params (MHD_gtls_session_t session,
215 return oprfi_send_server (session, data, data_size); 215 return oprfi_send_server (session, data, data_size);
216} 216}
217 217
218/**
219 * MHD_gtls_oprfi_enable_client:
220 * @session: is a #MHD_gtls_session_t structure.
221 * @len: length of Opaque PRF data to use in client.
222 * @data: Opaque PRF data to use in client.
223 *
224 * Request that the client should attempt to negotiate the Opaque PRF
225 * Input TLS extension, using the given data as the client's Opaque
226 * PRF input.
227 *
228 * The data is copied into the session context after this call, so you
229 * may de-allocate it immediately after calling this function.
230 **/
231void
232MHD_gtls_oprfi_enable_client (MHD_gtls_session_t session,
233 size_t len, unsigned char *data)
234{
235 session->security_parameters.extensions.oprfi_client_len = len;
236 session->security_parameters.extensions.oprfi_client = data;
237}
238
239/**
240 * MHD_gtls_oprfi_enable_server:
241 * @session: is a #MHD_gtls_session_t structure.
242 * @cb: function pointer to Opaque PRF extension server callback.
243 * @userdata: hook passed to callback function for passing application state.
244 *
245 * Request that the server should attempt to accept the Opaque PRF
246 * Input TLS extension. If the client requests the extension, the
247 * provided callback @cb will be invoked. The callback must have the
248 * following prototype:
249 *
250 * int callback (MHD_gtls_session_t session, void *userdata,
251 * size_t oprfi_len, const unsigned char *in_oprfi,
252 * unsigned char *out_oprfi);
253 *
254 * The callback can inspect the client-provided data in the input
255 * parameters, and specify its own opaque prf input data in the output
256 * variable. The function must return 0 on success, otherwise the
257 * handshake will be aborted.
258 **/
259void
260MHD_gtls_oprfi_enable_server (MHD_gtls_session_t session,
261 MHD_gnutls_oprfi_callback_func cb,
262 void *userdata)
263{
264 session->security_parameters.extensions.oprfi_cb = cb;
265 session->security_parameters.extensions.oprfi_userdata = userdata;
266}
diff --git a/src/daemon/https/tls/ext_server_name.c b/src/daemon/https/tls/ext_server_name.c
index 1e3cab02..d7f945d6 100644
--- a/src/daemon/https/tls/ext_server_name.c
+++ b/src/daemon/https/tls/ext_server_name.c
@@ -209,122 +209,3 @@ MHD_gtls_server_name_send_params (MHD_gtls_session_t session,
209 return total_size; 209 return total_size;
210} 210}
211 211
212/**
213 * MHD__gnutls_server_name_get - Used to get the server name indicator send by a client
214 * @session: is a #MHD_gtls_session_t structure.
215 * @data: will hold the data
216 * @data_length: will hold the data length. Must hold the maximum size of data.
217 * @type: will hold the server name indicator type
218 * @indx: is the index of the server_name
219 *
220 * This function will allow you to get the name indication (if any),
221 * a client has sent. The name indication may be any of the enumeration
222 * MHD_gnutls_server_name_type_t.
223 *
224 * If @type is GNUTLS_NAME_DNS, then this function is to be used by servers
225 * that support virtual hosting, and the data will be a null terminated UTF-8 string.
226 *
227 * If @data has not enough size to hold the server name GNUTLS_E_SHORT_MEMORY_BUFFER
228 * is returned, and @data_length will hold the required size.
229 *
230 * @index is used to retrieve more than one server names (if sent by the client).
231 * The first server name has an index of 0, the second 1 and so on. If no name with the given
232 * index exists GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
233 *
234 **/
235int
236MHD__gnutls_server_name_get (MHD_gtls_session_t session, void *data,
237 size_t * data_length,
238 unsigned int *type, unsigned int indx)
239{
240 char *_data = data;
241#if MHD_DEBUG_TLS
242 if (session->security_parameters.entity == GNUTLS_CLIENT)
243 {
244 MHD_gnutls_assert ();
245 return GNUTLS_E_INVALID_REQUEST;
246 }
247#endif
248 if (indx + 1 > session->security_parameters.extensions.server_names_size)
249 {
250 return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
251 }
252
253 *type = session->security_parameters.extensions.server_names[indx].type;
254
255 if (*data_length > /* greater since we need one extra byte for the null */
256 session->security_parameters.extensions.server_names[indx].name_length)
257 {
258 *data_length =
259 session->security_parameters.extensions.
260 server_names[indx].name_length;
261 memcpy (data,
262 session->security_parameters.extensions.server_names[indx].name,
263 *data_length);
264
265 if (*type == GNUTLS_NAME_DNS) /* null terminate */
266 _data[(*data_length)] = 0;
267
268 }
269 else
270 {
271 *data_length =
272 session->security_parameters.extensions.
273 server_names[indx].name_length;
274 return GNUTLS_E_SHORT_MEMORY_BUFFER;
275 }
276
277 return 0;
278}
279
280/**
281 * MHD__gnutls_server_name_set - Used to set a name indicator to be sent as an extension
282 * @session: is a #MHD_gtls_session_t structure.
283 * @type: specifies the indicator type
284 * @name: is a string that contains the server name.
285 * @name_length: holds the length of name
286 *
287 * This function is to be used by clients that want to inform
288 * (via a TLS extension mechanism) the server of the name they
289 * connected to. This should be used by clients that connect
290 * to servers that do virtual hosting.
291 *
292 * The value of @name depends on the @ind type. In case of GNUTLS_NAME_DNS,
293 * an ASCII or UTF-8 null terminated string, without the trailing dot, is expected.
294 * IPv4 or IPv6 addresses are not permitted.
295 *
296 **/
297int
298MHD__gnutls_server_name_set (MHD_gtls_session_t session,
299 MHD_gnutls_server_name_type_t type,
300 const void *name, size_t name_length)
301{
302 int server_names;
303
304 if (session->security_parameters.entity == GNUTLS_SERVER)
305 {
306 MHD_gnutls_assert ();
307 return GNUTLS_E_INVALID_REQUEST;
308 }
309
310 if (name_length > MAX_SERVER_NAME_SIZE)
311 return GNUTLS_E_SHORT_MEMORY_BUFFER;
312
313 server_names =
314 session->security_parameters.extensions.server_names_size + 1;
315
316 if (server_names > MAX_SERVER_NAME_EXTENSIONS)
317 server_names = MAX_SERVER_NAME_EXTENSIONS;
318
319 session->security_parameters.extensions.server_names[server_names -
320 1].type = type;
321 memcpy (session->security_parameters.
322 extensions.server_names[server_names - 1].name, name, name_length);
323 session->security_parameters.extensions.server_names[server_names -
324 1].name_length =
325 name_length;
326
327 session->security_parameters.extensions.server_names_size++;
328
329 return 0;
330}
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c
index 02be3637..876d860c 100644
--- a/src/daemon/https/tls/gnutls_algorithms.c
+++ b/src/daemon/https/tls/gnutls_algorithms.c
@@ -54,15 +54,6 @@ static const MHD_gnutls_cred_map MHD_gtls_cred_mappings[] = {
54 {MHD_GNUTLS_KX_DHE_RSA, 54 {MHD_GNUTLS_KX_DHE_RSA,
55 MHD_GNUTLS_CRD_CERTIFICATE, 55 MHD_GNUTLS_CRD_CERTIFICATE,
56 MHD_GNUTLS_CRD_CERTIFICATE}, 56 MHD_GNUTLS_CRD_CERTIFICATE},
57 {MHD_GNUTLS_KX_SRP,
58 MHD_GNUTLS_CRD_SRP,
59 MHD_GNUTLS_CRD_SRP},
60 {MHD_GNUTLS_KX_SRP_RSA,
61 MHD_GNUTLS_CRD_SRP,
62 MHD_GNUTLS_CRD_CERTIFICATE},
63 {MHD_GNUTLS_KX_SRP_DSS,
64 MHD_GNUTLS_CRD_SRP,
65 MHD_GNUTLS_CRD_CERTIFICATE},
66 {0, 57 {0,
67 0, 58 0,
68 0} 59 0}
@@ -423,17 +414,6 @@ static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = {
423 &MHD_gtls_dhe_dss_auth_struct, 414 &MHD_gtls_dhe_dss_auth_struct,
424 1, 415 1,
425 0}, 416 0},
426
427#ifdef ENABLE_SRP
428 {"SRP-DSS", MHD_GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0, 0},
429 {"SRP-RSA", MHD_GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0, 0},
430 {"SRP", MHD_GNUTLS_KX_SRP, &srp_auth_struct, 0, 0},
431#endif
432#ifdef ENABLE_PSK
433 {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0, 0},
434 {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
435 1 /* needs DHE params */ , 0},
436#endif
437 {0, 417 {0,
438 0, 418 0,
439 0, 419 0,
@@ -448,15 +428,6 @@ static const enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_supported_kxs[] =
448 MHD_GNUTLS_KX_RSA_EXPORT, 428 MHD_GNUTLS_KX_RSA_EXPORT,
449 MHD_GNUTLS_KX_DHE_RSA, 429 MHD_GNUTLS_KX_DHE_RSA,
450 MHD_GNUTLS_KX_DHE_DSS, 430 MHD_GNUTLS_KX_DHE_DSS,
451#ifdef ENABLE_SRP
452 MHD_GNUTLS_KX_SRP_DSS,
453 MHD_GNUTLS_KX_SRP_RSA,
454 MHD_GNUTLS_KX_SRP,
455#endif
456#ifdef ENABLE_PSK
457 GNUTLS_KX_PSK,
458 GNUTLS_KX_DHE_PSK,
459#endif
460 0 431 0
461}; 432};
462 433
@@ -728,105 +699,6 @@ MHD_gtls_mac_priority (MHD_gtls_session_t session,
728 return -1; 699 return -1;
729} 700}
730 701
731/**
732 * MHD__gnutls_mac_get_name - Returns a string with the name of the specified mac algorithm
733 * @algorithm: is a MAC algorithm
734 *
735 * Returns: a string that contains the name of the specified MAC
736 * algorithm, or %NULL.
737 **/
738const char *
739MHD__gnutls_mac_get_name (enum MHD_GNUTLS_HashAlgorithm algorithm)
740{
741 const char *ret = NULL;
742
743 /* avoid prefix */
744 GNUTLS_HASH_ALG_LOOP (ret = p->name);
745
746 return ret;
747}
748
749/**
750 * MHD_gtls_mac_get_id - Returns the gnutls id of the specified in string algorithm
751 * @algorithm: is a MAC algorithm name
752 *
753 * Returns: an %enum MHD_GNUTLS_HashAlgorithmid of the specified in a string
754 * MAC algorithm, or %GNUTLS_MAC_UNKNOWN on failures. The names are
755 * compared in a case insensitive way.
756 **/
757enum MHD_GNUTLS_HashAlgorithm
758MHD_gtls_mac_get_id (const char *name)
759{
760 enum MHD_GNUTLS_HashAlgorithm ret = MHD_GNUTLS_MAC_UNKNOWN;
761
762 GNUTLS_HASH_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id)
763 ;
764
765 return ret;
766}
767
768/**
769 * MHD__gnutls_mac_get_key_size - Returns the length of the MAC's key size
770 * @algorithm: is an encryption algorithm
771 *
772 * Returns: length (in bytes) of the given MAC key size, or 0 if the
773 * given MAC algorithm is invalid.
774 *
775 **/
776size_t
777MHD__gnutls_mac_get_key_size (enum MHD_GNUTLS_HashAlgorithm algorithm)
778{
779 size_t ret = 0;
780
781 /* avoid prefix */
782 GNUTLS_HASH_ALG_LOOP (ret = p->key_size);
783
784 return ret;
785}
786
787/**
788 * MHD_gtls_mac_list:
789 *
790 * Get a list of hash algorithms for use as MACs. Note that not
791 * necessarily all MACs are supported in TLS cipher suites. For
792 * example, MD2 is not supported as a cipher suite, but is supported
793 * for other purposes (e.g., X.509 signature verification or similar).
794 *
795 * Returns: Return a zero-terminated list of %enum MHD_GNUTLS_HashAlgorithm
796 * integers indicating the available MACs.
797 **/
798const enum MHD_GNUTLS_HashAlgorithm *
799MHD_gtls_mac_list (void)
800{
801 return MHD_gtls_supported_macs;
802}
803
804const char *
805MHD_gtls_x509_mac_to_oid (enum MHD_GNUTLS_HashAlgorithm algorithm)
806{
807 const char *ret = NULL;
808
809 /* avoid prefix */
810 GNUTLS_HASH_ALG_LOOP (ret = p->oid);
811
812 return ret;
813}
814
815enum MHD_GNUTLS_HashAlgorithm
816MHD_gtls_x509_oid2mac_algorithm (const char *oid)
817{
818 enum MHD_GNUTLS_HashAlgorithm ret = 0;
819
820 GNUTLS_HASH_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
821 {
822 ret = p->id; break;}
823 )
824 ;
825
826 if (ret == 0)
827 return MHD_GNUTLS_MAC_UNKNOWN;
828 return ret;
829}
830 702
831int 703int
832MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm) 704MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm)
@@ -840,20 +712,6 @@ MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm)
840 return ret; 712 return ret;
841} 713}
842 714
843/* Compression Functions */
844int
845MHD_gtls_compression_priority (MHD_gtls_session_t session,
846 enum MHD_GNUTLS_CompressionMethod algorithm)
847{ /* actually returns the priority */
848 unsigned int i;
849 for (i = 0; i < session->internals.priorities.compression.num_algorithms;
850 i++)
851 {
852 if (session->internals.priorities.compression.priority[i] == algorithm)
853 return i;
854 }
855 return -1;
856}
857 715
858/** 716/**
859 * MHD__gnutls_compression_get_name - Returns a string with the name of the specified compression algorithm 717 * MHD__gnutls_compression_get_name - Returns a string with the name of the specified compression algorithm
@@ -897,21 +755,6 @@ MHD_gtls_compression_get_id (const char *name)
897 return ret; 755 return ret;
898} 756}
899 757
900/**
901 * MHD_gtls_compression_list:
902 *
903 * Get a list of compression methods. Note that to be able to use LZO
904 * compression, you must link to libgnutls-extra and call
905 * MHD_gnutls_global_init_extra().
906 *
907 * Returns: a zero-terminated list of %enum MHD_GNUTLS_CompressionMethod
908 * integers indicating the available compression methods.
909 **/
910const enum MHD_GNUTLS_CompressionMethod *
911MHD_gtls_compression_list (void)
912{
913 return MHD_gtls_supported_compressions;
914}
915 758
916/* return the tls number of the specified algorithm */ 759/* return the tls number of the specified algorithm */
917int 760int
@@ -1048,62 +891,6 @@ MHD_gtls_cipher_get_export_flag (enum MHD_GNUTLS_CipherAlgorithm algorithm)
1048 891
1049} 892}
1050 893
1051/**
1052 * MHD__gnutls_cipher_get_name - Returns a string with the name of the specified cipher algorithm
1053 * @algorithm: is an encryption algorithm
1054 *
1055 * Returns: a pointer to a string that contains the name of the
1056 * specified cipher, or %NULL.
1057 **/
1058const char *
1059MHD__gnutls_cipher_get_name (enum MHD_GNUTLS_CipherAlgorithm algorithm)
1060{
1061 const char *ret = NULL;
1062
1063 /* avoid prefix */
1064 GNUTLS_ALG_LOOP (ret = p->name);
1065
1066 return ret;
1067}
1068
1069/**
1070 * MHD_gtls_cipher_get_id - Returns the gnutls id of the specified in string algorithm
1071 * @algorithm: is a MAC algorithm name
1072 *
1073 * The names are compared in a case insensitive way.
1074 *
1075 * Returns: an id of the specified cipher, or %GNUTLS_CIPHER_UNKNOWN
1076 * on error.
1077 *
1078 **/
1079enum MHD_GNUTLS_CipherAlgorithm
1080MHD_gtls_cipher_get_id (const char *name)
1081{
1082 enum MHD_GNUTLS_CipherAlgorithm ret = MHD_GNUTLS_CIPHER_UNKNOWN;
1083
1084 GNUTLS_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id)
1085 ;
1086
1087 return ret;
1088}
1089
1090/**
1091 * MHD_gtls_cipher_list:
1092 *
1093 * Get a list of supported cipher algorithms. Note that not
1094 * necessarily all ciphers are supported as TLS cipher suites. For
1095 * example, DES is not supported as a cipher suite, but is supported
1096 * for other purposes (e.g., PKCS#8 or similar).
1097 *
1098 * Returns: a zero-terminated list of %enum MHD_GNUTLS_CipherAlgorithm
1099 * integers indicating the available ciphers.
1100 *
1101 **/
1102const enum MHD_GNUTLS_CipherAlgorithm *
1103MHD_gtls_cipher_list (void)
1104{
1105 return MHD_gtls_supported_ciphers;
1106}
1107 894
1108int 895int
1109MHD_gtls_cipher_is_ok (enum MHD_GNUTLS_CipherAlgorithm algorithm) 896MHD_gtls_cipher_is_ok (enum MHD_GNUTLS_CipherAlgorithm algorithm)
@@ -1140,57 +927,6 @@ MHD_gtls_kx_priority (MHD_gtls_session_t session,
1140 return -1; 927 return -1;
1141} 928}
1142 929
1143/**
1144 * MHD__gnutls_kx_get_name - Returns a string with the name of the specified key exchange algorithm
1145 * @algorithm: is a key exchange algorithm
1146 *
1147 * Returns: a pointer to a string that contains the name of the
1148 * specified key exchange algorithm, or %NULL.
1149 **/
1150const char *
1151MHD__gnutls_kx_get_name (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm)
1152{
1153 const char *ret = NULL;
1154
1155 /* avoid prefix */
1156 GNUTLS_KX_ALG_LOOP (ret = p->name);
1157
1158 return ret;
1159}
1160
1161/**
1162 * MHD_gtls_kx_get_id - Returns the gnutls id of the specified in string algorithm
1163 * @algorithm: is a KX name
1164 *
1165 * The names are compared in a case insensitive way.
1166 *
1167 * Returns: an id of the specified KX algorithm, or
1168 * %GNUTLS_KX_UNKNOWN on error.
1169 **/
1170enum MHD_GNUTLS_KeyExchangeAlgorithm
1171MHD_gtls_kx_get_id (const char *name)
1172{
1173 enum MHD_GNUTLS_CipherAlgorithm ret = MHD_GNUTLS_KX_UNKNOWN;
1174
1175 GNUTLS_KX_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->algorithm)
1176 ;
1177
1178 return ret;
1179}
1180
1181/**
1182 * MHD_gtls_kx_list:
1183 *
1184 * Get a list of supported key exchange algorithms.
1185 *
1186 * Returns: a zero-terminated list of %enum MHD_GNUTLS_KeyExchangeAlgorithm integers
1187 * indicating the available key exchange algorithms.
1188 **/
1189const enum MHD_GNUTLS_KeyExchangeAlgorithm *
1190MHD_gtls_kx_list (void)
1191{
1192 return MHD_gtls_supported_kxs;
1193}
1194 930
1195int 931int
1196MHD_gtls_kx_is_ok (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) 932MHD_gtls_kx_is_ok (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm)
@@ -1241,28 +977,6 @@ MHD_gtls_version_priority (MHD_gtls_session_t session,
1241 return -1; 977 return -1;
1242} 978}
1243 979
1244enum MHD_GNUTLS_Protocol
1245MHD_gtls_version_lowest (MHD_gtls_session_t session)
1246{ /* returns the lowest version supported */
1247 unsigned int i, min = 0xff;
1248
1249 if (session->internals.priorities.protocol.priority == NULL)
1250 {
1251 return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN;
1252 }
1253 else
1254 for (i = 0; i < session->internals.priorities.protocol.num_algorithms;
1255 i++)
1256 {
1257 if (session->internals.priorities.protocol.priority[i] < min)
1258 min = session->internals.priorities.protocol.priority[i];
1259 }
1260
1261 if (min == 0xff)
1262 return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; /* unknown version */
1263
1264 return min;
1265}
1266 980
1267enum MHD_GNUTLS_Protocol 981enum MHD_GNUTLS_Protocol
1268MHD_gtls_version_max (MHD_gtls_session_t session) 982MHD_gtls_version_max (MHD_gtls_session_t session)
@@ -1287,58 +1001,6 @@ MHD_gtls_version_max (MHD_gtls_session_t session)
1287 return max; 1001 return max;
1288} 1002}
1289 1003
1290/**
1291 * MHD__gnutls_protocol_get_name - Returns a string with the name of the specified SSL/TLS version
1292 * @version: is a (gnutls) version number
1293 *
1294 * Returns: a string that contains the name of the specified TLS
1295 * version (e.g., "TLS 1.0"), or %NULL.
1296 **/
1297const char *
1298MHD__gnutls_protocol_get_name (enum MHD_GNUTLS_Protocol version)
1299{
1300 const char *ret = NULL;
1301
1302 /* avoid prefix */
1303 GNUTLS_VERSION_ALG_LOOP (ret = p->name);
1304 return ret;
1305}
1306
1307/**
1308 * MHD_gtls_protocol_get_id - Returns the gnutls id of the specified in string protocol
1309 * @algorithm: is a protocol name
1310 *
1311 * The names are compared in a case insensitive way.
1312 *
1313 * Returns: an id of the specified protocol, or
1314 * %GNUTLS_VERSION_UNKNOWN on error.
1315 **/
1316enum MHD_GNUTLS_Protocol
1317MHD_gtls_protocol_get_id (const char *name)
1318{
1319 enum MHD_GNUTLS_Protocol ret = MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN;
1320
1321 GNUTLS_VERSION_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id)
1322 ;
1323
1324 return ret;
1325}
1326
1327/**
1328 * MHD_gtls_protocol_list:
1329 *
1330 * Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc.
1331 *
1332 * Returns: a zero-terminated list of %enum MHD_GNUTLS_Protocol integers
1333 * indicating the available protocols.
1334 *
1335 **/
1336const enum MHD_GNUTLS_Protocol *
1337MHD_gtls_protocol_list (void)
1338{
1339 return MHD_gtls_supported_protocols;
1340}
1341
1342int 1004int
1343MHD_gtls_version_get_minor (enum MHD_GNUTLS_Protocol version) 1005MHD_gtls_version_get_minor (enum MHD_GNUTLS_Protocol version)
1344{ 1006{
@@ -1386,23 +1048,6 @@ MHD_gtls_version_is_supported (MHD_gtls_session_t session,
1386 return 1; 1048 return 1;
1387} 1049}
1388 1050
1389/* Type to KX mappings */
1390enum MHD_GNUTLS_KeyExchangeAlgorithm
1391MHD_gtls_map_kx_get_kx (enum MHD_GNUTLS_CredentialsType type, int server)
1392{
1393 enum MHD_GNUTLS_KeyExchangeAlgorithm ret = -1;
1394
1395 if (server)
1396 {
1397 GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
1398 }
1399 else
1400 {
1401 GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
1402 }
1403 return ret;
1404}
1405
1406enum MHD_GNUTLS_CredentialsType 1051enum MHD_GNUTLS_CredentialsType
1407MHD_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm, 1052MHD_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm,
1408 int server) 1053 int server)
@@ -1807,62 +1452,12 @@ MHD_gtls_supported_compression_methods (MHD_gtls_session_t session,
1807 return j; 1452 return j;
1808} 1453}
1809 1454
1810/**
1811 * MHD__gnutls_certificate_type_get_name - Returns a string with the name of the specified certificate type
1812 * @type: is a certificate type
1813 *
1814 * Returns: a string (or %NULL) that contains the name of the
1815 * specified certificate type.
1816 **/
1817const char *
1818MHD__gnutls_certificate_type_get_name (enum MHD_GNUTLS_CertificateType type)
1819{
1820 const char *ret = NULL;
1821
1822 if (type == MHD_GNUTLS_CRT_X509)
1823 ret = "X.509";
1824 return ret;
1825}
1826
1827/**
1828 * MHD_gtls_certificate_type_get_id - Returns the gnutls id of the specified in string type
1829 * @name: is a certificate type name
1830 *
1831 * The names are compared in a case insensitive way.
1832 *
1833 * Returns: an id of the specified in a string certificate type, or
1834 * %GNUTLS_CRT_UNKNOWN on error.
1835 **/
1836enum MHD_GNUTLS_CertificateType
1837MHD_gtls_certificate_type_get_id (const char *name)
1838{
1839 enum MHD_GNUTLS_CertificateType ret = MHD_GNUTLS_CRT_UNKNOWN;
1840
1841 if (strcasecmp (name, "X.509") == 0 || strcasecmp (name, "X509") == 0)
1842 return MHD_GNUTLS_CRT_X509;
1843 return ret;
1844}
1845
1846static const enum MHD_GNUTLS_CertificateType 1455static const enum MHD_GNUTLS_CertificateType
1847 MHD_gtls_supported_certificate_types[] = 1456 MHD_gtls_supported_certificate_types[] =
1848{ MHD_GNUTLS_CRT_X509, 1457{ MHD_GNUTLS_CRT_X509,
1849 0 1458 0
1850}; 1459};
1851 1460
1852/**
1853 * MHD_gtls_certificate_type_list:
1854 *
1855 * Get a list of certificate types.
1856 *
1857 * Returns: a zero-terminated list of %enum MHD_GNUTLS_CertificateType
1858 * integers indicating the available certificate types.
1859 *
1860 **/
1861const enum MHD_GNUTLS_CertificateType *
1862MHD_gtls_certificate_type_list (void)
1863{
1864 return MHD_gtls_supported_certificate_types;
1865}
1866 1461
1867/* returns the enum MHD_GNUTLS_PublicKeyAlgorithm which is compatible with 1462/* returns the enum MHD_GNUTLS_PublicKeyAlgorithm which is compatible with
1868 * the given enum MHD_GNUTLS_KeyExchangeAlgorithm. 1463 * the given enum MHD_GNUTLS_KeyExchangeAlgorithm.
@@ -1942,55 +1537,6 @@ static const MHD_gnutls_sign_entry MHD_gtls_sign_algorithms[] = {
1942#define GNUTLS_SIGN_ALG_LOOP(a) \ 1537#define GNUTLS_SIGN_ALG_LOOP(a) \
1943 GNUTLS_SIGN_LOOP( if(p->id && p->id == sign) { a; break; } ) 1538 GNUTLS_SIGN_LOOP( if(p->id && p->id == sign) { a; break; } )
1944 1539
1945MHD_gnutls_sign_algorithm_t
1946MHD_gtls_x509_oid2sign_algorithm (const char *oid)
1947{
1948 MHD_gnutls_sign_algorithm_t ret = 0;
1949
1950 GNUTLS_SIGN_LOOP (if (strcmp (oid, p->oid) == 0)
1951 {
1952 ret = p->id; break;}
1953 );
1954
1955 if (ret == 0)
1956 {
1957 MHD__gnutls_x509_log ("Unknown SIGN OID: '%s'\n", oid);
1958 return GNUTLS_SIGN_UNKNOWN;
1959 }
1960 return ret;
1961}
1962
1963MHD_gnutls_sign_algorithm_t
1964MHD_gtls_x509_pk_to_sign (enum MHD_GNUTLS_PublicKeyAlgorithm pk,
1965 enum MHD_GNUTLS_HashAlgorithm mac)
1966{
1967 MHD_gnutls_sign_algorithm_t ret = 0;
1968
1969 GNUTLS_SIGN_LOOP (if (pk == p->pk && mac == p->mac)
1970 {
1971 ret = p->id; break;}
1972 );
1973
1974 if (ret == 0)
1975 return GNUTLS_SIGN_UNKNOWN;
1976 return ret;
1977}
1978
1979const char *
1980MHD_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk,
1981 enum MHD_GNUTLS_HashAlgorithm mac)
1982{
1983 MHD_gnutls_sign_algorithm_t sign;
1984 const char *ret = NULL;
1985
1986 sign = MHD_gtls_x509_pk_to_sign (pk, mac);
1987 if (sign == GNUTLS_SIGN_UNKNOWN)
1988 return NULL;
1989
1990 GNUTLS_SIGN_ALG_LOOP (ret = p->oid);
1991 return ret;
1992}
1993
1994/* pk algorithms; 1540/* pk algorithms;
1995 */ 1541 */
1996struct MHD_gnutls_pk_entry 1542struct MHD_gnutls_pk_entry
@@ -2032,18 +1578,3 @@ MHD_gtls_x509_oid2pk_algorithm (const char *oid)
2032 return ret; 1578 return ret;
2033} 1579}
2034 1580
2035const char *
2036MHD_gtls_x509_pk_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm algorithm)
2037{
2038 const char *ret = NULL;
2039 const MHD_gnutls_pk_entry *p;
2040
2041 for (p = MHD_gtls_pk_algorithms; p->name != NULL; p++)
2042 if (p->id == algorithm)
2043 {
2044 ret = p->oid;
2045 break;
2046 }
2047
2048 return ret;
2049}
diff --git a/src/daemon/https/tls/gnutls_algorithms.h b/src/daemon/https/tls/gnutls_algorithms.h
index ba4e83ba..6a4021c7 100644
--- a/src/daemon/https/tls/gnutls_algorithms.h
+++ b/src/daemon/https/tls/gnutls_algorithms.h
@@ -28,7 +28,6 @@
28#include "gnutls_auth.h" 28#include "gnutls_auth.h"
29 29
30/* Functions for version handling. */ 30/* Functions for version handling. */
31enum MHD_GNUTLS_Protocol MHD_gtls_version_lowest (MHD_gtls_session_t session);
32enum MHD_GNUTLS_Protocol MHD_gtls_version_max (MHD_gtls_session_t session); 31enum MHD_GNUTLS_Protocol MHD_gtls_version_max (MHD_gtls_session_t session);
33int MHD_gtls_version_priority (MHD_gtls_session_t session, 32int MHD_gtls_version_priority (MHD_gtls_session_t session,
34 enum MHD_GNUTLS_Protocol version); 33 enum MHD_GNUTLS_Protocol version);
@@ -40,10 +39,6 @@ enum MHD_GNUTLS_Protocol MHD_gtls_version_get (int major, int minor);
40 39
41/* Functions for MACs. */ 40/* Functions for MACs. */
42int MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm); 41int MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm);
43enum MHD_GNUTLS_HashAlgorithm MHD_gtls_x509_oid2mac_algorithm (const char
44 *oid);
45const char *MHD_gtls_x509_mac_to_oid (enum MHD_GNUTLS_HashAlgorithm mac);
46
47/* Functions for cipher suites. */ 42/* Functions for cipher suites. */
48int MHD_gtls_supported_ciphersuites (MHD_gtls_session_t session, 43int MHD_gtls_supported_ciphersuites (MHD_gtls_session_t session,
49 cipher_suite_st ** ciphers); 44 cipher_suite_st ** ciphers);
@@ -103,10 +98,6 @@ int MHD_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod
103 algorithm); 98 algorithm);
104 99
105/* Type to KX mappings. */ 100/* Type to KX mappings. */
106enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_map_kx_get_kx (enum
107 MHD_GNUTLS_CredentialsType
108 type,
109 int server);
110enum MHD_GNUTLS_CredentialsType MHD_gtls_map_kx_get_cred (enum 101enum MHD_GNUTLS_CredentialsType MHD_gtls_map_kx_get_cred (enum
111 MHD_GNUTLS_KeyExchangeAlgorithm 102 MHD_GNUTLS_KeyExchangeAlgorithm
112 algorithm, 103 algorithm,
@@ -118,8 +109,6 @@ enum MHD_GNUTLS_PublicKeyAlgorithm MHD_gtls_map_pk_get_pk (enum
118 kx_algorithm); 109 kx_algorithm);
119enum MHD_GNUTLS_PublicKeyAlgorithm MHD_gtls_x509_oid2pk_algorithm (const char 110enum MHD_GNUTLS_PublicKeyAlgorithm MHD_gtls_x509_oid2pk_algorithm (const char
120 *oid); 111 *oid);
121const char *MHD_gtls_x509_pk_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk);
122
123enum encipher_type 112enum encipher_type
124{ CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN }; 113{ CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN };
125 114
@@ -141,16 +130,6 @@ struct MHD_gtls_compression_entry
141typedef struct MHD_gtls_compression_entry MHD_gnutls_compression_entry; 130typedef struct MHD_gtls_compression_entry MHD_gnutls_compression_entry;
142 131
143/* Functions for sign algorithms. */ 132/* Functions for sign algorithms. */
144MHD_gnutls_sign_algorithm_t MHD_gtls_x509_oid2sign_algorithm (const char
145 *oid);
146MHD_gnutls_sign_algorithm_t MHD_gtls_x509_pk_to_sign (enum
147 MHD_GNUTLS_PublicKeyAlgorithm
148 pk,
149 enum
150 MHD_GNUTLS_HashAlgorithm
151 mac);
152const char *MHD_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm,
153 enum MHD_GNUTLS_HashAlgorithm mac);
154 133
155int MHD_gtls_mac_priority (MHD_gtls_session_t session, 134int MHD_gtls_mac_priority (MHD_gtls_session_t session,
156 enum MHD_GNUTLS_HashAlgorithm algorithm); 135 enum MHD_GNUTLS_HashAlgorithm algorithm);
@@ -158,9 +137,6 @@ int MHD_gtls_cipher_priority (MHD_gtls_session_t session,
158 enum MHD_GNUTLS_CipherAlgorithm algorithm); 137 enum MHD_GNUTLS_CipherAlgorithm algorithm);
159int MHD_gtls_kx_priority (MHD_gtls_session_t session, 138int MHD_gtls_kx_priority (MHD_gtls_session_t session,
160 enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); 139 enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm);
161int MHD_gtls_compression_priority (MHD_gtls_session_t session,
162 enum MHD_GNUTLS_CompressionMethod
163 algorithm);
164 140
165enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name); 141enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name);
166enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name); 142enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name);
diff --git a/src/daemon/https/tls/gnutls_auth.c b/src/daemon/https/tls/gnutls_auth.c
index fcb8ed55..df978ef9 100644
--- a/src/daemon/https/tls/gnutls_auth.c
+++ b/src/daemon/https/tls/gnutls_auth.c
@@ -171,43 +171,6 @@ MHD_gtls_auth_get_type (MHD_gtls_session_t session)
171 server); 171 server);
172} 172}
173 173
174/**
175 * MHD_gtls_auth_server_get_type - Returns the type of credentials for the server authentication schema.
176 * @session: is a #MHD_gtls_session_t structure.
177 *
178 * Returns the type of credentials that were used for server authentication.
179 * The returned information is to be used to distinguish the function used
180 * to access authentication data.
181 *
182 **/
183enum MHD_GNUTLS_CredentialsType
184MHD_gtls_auth_server_get_type (MHD_gtls_session_t session)
185{
186 return
187 MHD_gtls_map_kx_get_cred (MHD_gtls_cipher_suite_get_kx_algo
188 (&session->
189 security_parameters.current_cipher_suite), 1);
190}
191
192/**
193 * MHD_gtls_auth_client_get_type - Returns the type of credentials for the client authentication schema.
194 * @session: is a #MHD_gtls_session_t structure.
195 *
196 * Returns the type of credentials that were used for client authentication.
197 * The returned information is to be used to distinguish the function used
198 * to access authentication data.
199 *
200 **/
201enum MHD_GNUTLS_CredentialsType
202MHD_gtls_auth_client_get_type (MHD_gtls_session_t session)
203{
204 return
205 MHD_gtls_map_kx_get_cred (MHD_gtls_cipher_suite_get_kx_algo
206 (&session->
207 security_parameters.current_cipher_suite), 0);
208}
209
210
211/* 174/*
212 * This returns a pointer to the linked list. Don't 175 * This returns a pointer to the linked list. Don't
213 * free that!!! 176 * free that!!!
@@ -294,8 +257,6 @@ MHD_gtls_free_auth_info (MHD_gtls_session_t session)
294 257
295 switch (session->key->auth_info_type) 258 switch (session->key->auth_info_type)
296 { 259 {
297 case MHD_GNUTLS_CRD_SRP:
298 break;
299 case MHD_GNUTLS_CRD_CERTIFICATE: 260 case MHD_GNUTLS_CRD_CERTIFICATE:
300 { 261 {
301 unsigned int i; 262 unsigned int i;
diff --git a/src/daemon/https/tls/gnutls_buffers.c b/src/daemon/https/tls/gnutls_buffers.c
index 8c6bb750..4588e62d 100644
--- a/src/daemon/https/tls/gnutls_buffers.c
+++ b/src/daemon/https/tls/gnutls_buffers.c
@@ -67,58 +67,6 @@
67# include <io_debug.h> 67# include <io_debug.h>
68#endif 68#endif
69 69
70/**
71 * MHD__gnutls_transport_set_errno:
72 * @session: is a #MHD_gtls_session_t structure.
73 * @err: error value to store in session-specific errno variable.
74 *
75 * Store @err in the session-specific errno variable. Useful values
76 * for @err is EAGAIN and EINTR, other values are treated will be
77 * treated as real errors in the push/pull function.
78 *
79 * This function is useful in replacement push/pull functions set by
80 * MHD__gnutls_transport_set_push_function and
81 * MHD_gnutls_transport_set_pullpush_function under Windows, where the
82 * replacement push/pull may not have access to the same @errno
83 * variable that is used by GnuTLS (e.g., the application is linked to
84 * msvcr71.dll and gnutls is linked to msvcrt.dll).
85 *
86 * If you don't have the @session variable easily accessible from the
87 * push/pull function, and don't worry about thread conflicts, you can
88 * also use MHD__gnutls_transport_set_global_errno().
89 **/
90void
91MHD__gnutls_transport_set_errno (MHD_gtls_session_t session, int err)
92{
93 session->internals.errnum = err;
94}
95
96/**
97 * MHD__gnutls_transport_set_global_errno:
98 * @err: error value to store in global errno variable.
99 *
100 * Store @err in the global errno variable. Useful values for @err is
101 * EAGAIN and EINTR, other values are treated will be treated as real
102 * errors in the push/pull function.
103 *
104 * This function is useful in replacement push/pull functions set by
105 * MHD__gnutls_transport_set_push_function and
106 * MHD_gnutls_transport_set_pullpush_function under Windows, where the
107 * replacement push/pull may not have access to the same @errno
108 * variable that is used by GnuTLS (e.g., the application is linked to
109 * msvcr71.dll and gnutls is linked to msvcrt.dll).
110 *
111 * Whether this function is thread safe or not depends on whether the
112 * global variable errno is thread safe, some system libraries make it
113 * a thread-local variable. When feasible, using the guaranteed
114 * thread-safe MHD__gnutls_transport_set_errno() may be better.
115 **/
116void
117MHD__gnutls_transport_set_global_errno (int err)
118{
119 errno = err;
120}
121
122/* Buffers received packets of type APPLICATION DATA and 70/* Buffers received packets of type APPLICATION DATA and
123 * HANDSHAKE DATA. 71 * HANDSHAKE DATA.
124 */ 72 */
@@ -186,23 +134,6 @@ MHD_gnutls_record_buffer_get_size (content_type_t type,
186 } 134 }
187} 135}
188 136
189/**
190 * MHD_gtls_record_check_pending - checks if there are any data to receive in gnutls buffers.
191 * @session: is a #MHD_gtls_session_t structure.
192 *
193 * This function checks if there are any data to receive
194 * in the gnutls buffers. Returns the size of that data or 0.
195 * Notice that you may also use select() to check for data in
196 * a TCP connection, instead of this function.
197 * (gnutls leaves some data in the tcp buffer in order for select
198 * to work).
199 **/
200size_t
201MHD_gtls_record_check_pending (MHD_gtls_session_t session)
202{
203 return MHD_gnutls_record_buffer_get_size (GNUTLS_APPLICATION_DATA, session);
204}
205
206int 137int
207MHD_gtls_record_buffer_get (content_type_t type, MHD_gtls_session_t session, 138MHD_gtls_record_buffer_get (content_type_t type, MHD_gtls_session_t session,
208 opaque * data, size_t length) 139 opaque * data, size_t length)
@@ -1193,31 +1124,6 @@ MHD_gtls_handshake_buffer_put (MHD_gtls_session_t session, opaque * data,
1193 return 0; 1124 return 0;
1194} 1125}
1195 1126
1196int
1197MHD_gtls_handshake_buffer_get_size (MHD_gtls_session_t session)
1198{
1199
1200 return session->internals.handshake_hash_buffer.length;
1201}
1202
1203/* this function does not touch the buffer
1204 * and returns data from it (peek mode!)
1205 */
1206int
1207MHD_gtls_handshake_buffer_peek (MHD_gtls_session_t session, opaque * data,
1208 size_t length)
1209{
1210 if (length > session->internals.handshake_hash_buffer.length)
1211 {
1212 length = session->internals.handshake_hash_buffer.length;
1213 }
1214
1215 MHD__gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", length);
1216
1217 memcpy (data, session->internals.handshake_hash_buffer.data, length);
1218 return length;
1219}
1220
1221/* this function does not touch the buffer 1127/* this function does not touch the buffer
1222 * and returns data from it (peek mode!) 1128 * and returns data from it (peek mode!)
1223 */ 1129 */
diff --git a/src/daemon/https/tls/gnutls_buffers.h b/src/daemon/https/tls/gnutls_buffers.h
index 918da673..e09506ac 100644
--- a/src/daemon/https/tls/gnutls_buffers.h
+++ b/src/daemon/https/tls/gnutls_buffers.h
@@ -40,9 +40,6 @@ ssize_t MHD_gtls_io_write_buffered (MHD_gtls_session_t, const void *iptr,
40ssize_t MHD_gtls_io_write_buffered2 (MHD_gtls_session_t, const void *iptr, 40ssize_t MHD_gtls_io_write_buffered2 (MHD_gtls_session_t, const void *iptr,
41 size_t n, const void *iptr2, size_t n2); 41 size_t n, const void *iptr2, size_t n2);
42 42
43int MHD_gtls_handshake_buffer_get_size (MHD_gtls_session_t session);
44int MHD_gtls_handshake_buffer_peek (MHD_gtls_session_t session, opaque * data,
45 size_t length);
46int MHD_gtls_handshake_buffer_put (MHD_gtls_session_t session, opaque * data, 43int MHD_gtls_handshake_buffer_put (MHD_gtls_session_t session, opaque * data,
47 size_t length); 44 size_t length);
48int MHD_gtls_handshake_buffer_clear (MHD_gtls_session_t session); 45int MHD_gtls_handshake_buffer_clear (MHD_gtls_session_t session);
diff --git a/src/daemon/https/tls/gnutls_cert.c b/src/daemon/https/tls/gnutls_cert.c
index f0357840..a8353d70 100644
--- a/src/daemon/https/tls/gnutls_cert.c
+++ b/src/daemon/https/tls/gnutls_cert.c
@@ -279,87 +279,6 @@ MHD_gtls_selected_cert_supported_kx (MHD_gtls_session_t session,
279} 279}
280 280
281 281
282/**
283 * MHD_gtls_certificate_server_set_request - Used to set whether to request a client certificate
284 * @session: is an #MHD_gtls_session_t structure.
285 * @req: is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE
286 *
287 * This function specifies if we (in case of a server) are going
288 * to send a certificate request message to the client. If @req
289 * is GNUTLS_CERT_REQUIRE then the server will return an error if
290 * the peer does not provide a certificate. If you do not
291 * call this function then the client will not be asked to
292 * send a certificate.
293 **/
294void
295MHD_gtls_certificate_server_set_request (MHD_gtls_session_t session,
296 MHD_gnutls_certificate_request_t req)
297{
298 session->internals.send_cert_req = req;
299}
300
301/**
302 * MHD_gtls_certificate_client_set_retrieve_function - Used to set a callback to retrieve the certificate
303 * @cred: is a #MHD_gtls_cert_credentials_t structure.
304 * @func: is the callback function
305 *
306 * This function sets a callback to be called in order to retrieve the certificate
307 * to be used in the handshake.
308 * The callback's function prototype is:
309 * int (*callback)(MHD_gtls_session_t, const MHD_gnutls_datum_t* req_ca_dn, int nreqs,
310 * const enum MHD_GNUTLS_PublicKeyAlgorithm* pk_algos, int pk_algos_length, MHD_gnutls_retr_st* st);
311 *
312 * @req_ca_cert is only used in X.509 certificates.
313 * Contains a list with the CA names that the server considers trusted.
314 * Normally we should send a certificate that is signed
315 * by one of these CAs. These names are DER encoded. To get a more
316 * meaningful value use the function MHD_gnutls_x509_rdn_get().
317 *
318 * @pk_algos contains a list with server's acceptable signature algorithms.
319 * The certificate returned should support the server's given algorithms.
320 *
321 * @st should contain the certificates and private keys.
322 *
323 * If the callback function is provided then gnutls will call it, in the
324 * handshake, after the certificate request message has been received.
325 *
326 * The callback function should set the certificate list to be sent, and
327 * return 0 on success. If no certificate was selected then the number of certificates
328 * should be set to zero. The value (-1) indicates error and the handshake
329 * will be terminated.
330 **/
331void MHD_gtls_certificate_client_set_retrieve_function
332 (MHD_gtls_cert_credentials_t cred,
333 MHD_gnutls_certificate_client_retrieve_function * func)
334{
335 cred->client_get_cert_callback = func;
336}
337
338/**
339 * MHD_gtls_certificate_server_set_retrieve_function - Used to set a callback to retrieve the certificate
340 * @cred: is a #MHD_gtls_cert_credentials_t structure.
341 * @func: is the callback function
342 *
343 * This function sets a callback to be called in order to retrieve the certificate
344 * to be used in the handshake.
345 * The callback's function prototype is:
346 * int (*callback)(MHD_gtls_session_t, MHD_gnutls_retr_st* st);
347 *
348 * @st should contain the certificates and private keys.
349 *
350 * If the callback function is provided then gnutls will call it, in the
351 * handshake, after the certificate request message has been received.
352 *
353 * The callback function should set the certificate list to be sent, and
354 * return 0 on success. The value (-1) indicates error and the handshake
355 * will be terminated.
356 **/
357void MHD_gtls_certificate_server_set_retrieve_function
358 (MHD_gtls_cert_credentials_t cred,
359 MHD_gnutls_certificate_server_retrieve_function * func)
360{
361 cred->server_get_cert_callback = func;
362}
363 282
364int 283int
365MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert, 284MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert,
@@ -377,23 +296,6 @@ MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert,
377 } 296 }
378} 297}
379 298
380int
381MHD_gtls_raw_privkey_to_gkey (MHD_gnutls_privkey * key,
382 enum MHD_GNUTLS_CertificateType type,
383 const MHD_gnutls_datum_t * raw_key,
384 int key_enc /* DER or PEM */ )
385{
386 switch (type)
387 {
388 case MHD_GNUTLS_CRT_X509:
389 return MHD__gnutls_x509_raw_privkey_to_gkey (key, raw_key, key_enc);
390 default:
391 MHD_gnutls_assert ();
392 return GNUTLS_E_INTERNAL_ERROR;
393 }
394}
395
396
397/* This function will convert a der certificate to a format 299/* This function will convert a der certificate to a format
398 * (structure) that gnutls can understand and use. Actually the 300 * (structure) that gnutls can understand and use. Actually the
399 * important thing on this function is that it extracts the 301 * important thing on this function is that it extracts the
@@ -538,47 +440,3 @@ MHD_gtls_gcert_deinit (MHD_gnutls_cert * cert)
538 MHD__gnutls_free_datum (&cert->raw); 440 MHD__gnutls_free_datum (&cert->raw);
539} 441}
540 442
541/**
542 * MHD_gtls_sign_callback_set:
543 * @session: is a gnutls session
544 * @sign_func: function pointer to application's sign callback.
545 * @userdata: void pointer that will be passed to sign callback.
546 *
547 * Set the callback function. The function must have this prototype:
548 *
549 * typedef int (*MHD_gnutls_sign_func) (MHD_gtls_session_t session,
550 * void *userdata,
551 * enum MHD_GNUTLS_CertificateType cert_type,
552 * const MHD_gnutls_datum_t * cert,
553 * const MHD_gnutls_datum_t * hash,
554 * MHD_gnutls_datum_t * signature);
555 *
556 * The @userdata parameter is passed to the @sign_func verbatim, and
557 * can be used to store application-specific data needed in the
558 * callback function. See also MHD_gtls_sign_callback_get().
559 **/
560void
561MHD_gtls_sign_callback_set (MHD_gtls_session_t session,
562 MHD_gnutls_sign_func sign_func, void *userdata)
563{
564 session->internals.sign_func = sign_func;
565 session->internals.sign_func_userdata = userdata;
566}
567
568/**
569 * MHD_gtls_sign_callback_get:
570 * @session: is a gnutls session
571 * @userdata: if non-%NULL, will be set to abstract callback pointer.
572 *
573 * Retrieve the callback function, and its userdata pointer.
574 *
575 * Returns: The function pointer set by MHD_gtls_sign_callback_set(), or
576 * if not set, %NULL.
577 **/
578MHD_gnutls_sign_func
579MHD_gtls_sign_callback_get (MHD_gtls_session_t session, void **userdata)
580{
581 if (userdata)
582 *userdata = session->internals.sign_func_userdata;
583 return session->internals.sign_func;
584}
diff --git a/src/daemon/https/tls/gnutls_cert.h b/src/daemon/https/tls/gnutls_cert.h
index 0a1a04db..124ac963 100644
--- a/src/daemon/https/tls/gnutls_cert.h
+++ b/src/daemon/https/tls/gnutls_cert.h
@@ -124,9 +124,4 @@ int MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert,
124 enum MHD_GNUTLS_CertificateType type, 124 enum MHD_GNUTLS_CertificateType type,
125 const MHD_gnutls_datum_t * raw_cert, 125 const MHD_gnutls_datum_t * raw_cert,
126 int flags /* OR of ConvFlags */ ); 126 int flags /* OR of ConvFlags */ );
127int MHD_gtls_raw_privkey_to_gkey (MHD_gnutls_privkey * key,
128 enum MHD_GNUTLS_CertificateType type,
129 const MHD_gnutls_datum_t * raw_key,
130 int key_enc /* DER or PEM */ );
131
132#endif 127#endif
diff --git a/src/daemon/https/tls/gnutls_datum.c b/src/daemon/https/tls/gnutls_datum.c
index a62c4204..2f03da3b 100644
--- a/src/daemon/https/tls/gnutls_datum.c
+++ b/src/daemon/https/tls/gnutls_datum.c
@@ -49,23 +49,6 @@ MHD_gtls_write_datum24 (opaque * dest, MHD_gnutls_datum_t dat)
49 memcpy (&dest[3], dat.data, dat.size); 49 memcpy (&dest[3], dat.data, dat.size);
50} 50}
51 51
52void
53MHD_gtls_write_datum32 (opaque * dest, MHD_gnutls_datum_t dat)
54{
55 MHD_gtls_write_uint32 (dat.size, dest);
56 if (dat.data != NULL)
57 memcpy (&dest[4], dat.data, dat.size);
58}
59
60void
61MHD_gtls_write_datum8 (opaque * dest, MHD_gnutls_datum_t dat)
62{
63 dest[0] = (uint8_t) dat.size;
64 if (dat.data != NULL)
65 memcpy (&dest[1], dat.data, dat.size);
66}
67
68
69int 52int
70MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data, 53MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data,
71 size_t data_size, MHD_gnutls_alloc_function galloc_func) 54 size_t data_size, MHD_gnutls_alloc_function galloc_func)
@@ -87,22 +70,6 @@ MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data,
87 return 0; 70 return 0;
88} 71}
89 72
90int
91MHD_gtls_datum_append_m (MHD_gnutls_datum_t * dst, const void *data,
92 size_t data_size,
93 MHD_gnutls_realloc_function grealloc_func)
94{
95
96 dst->data = grealloc_func (dst->data, data_size + dst->size);
97 if (dst->data == NULL)
98 return GNUTLS_E_MEMORY_ERROR;
99
100 memcpy (&dst->data[dst->size], data, data_size);
101 dst->size += data_size;
102
103 return 0;
104}
105
106void 73void
107MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat, 74MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat,
108 MHD_gnutls_free_function gfree_func) 75 MHD_gnutls_free_function gfree_func)
diff --git a/src/daemon/https/tls/gnutls_datum.h b/src/daemon/https/tls/gnutls_datum.h
index 3e787318..6160de3d 100644
--- a/src/daemon/https/tls/gnutls_datum.h
+++ b/src/daemon/https/tls/gnutls_datum.h
@@ -24,16 +24,12 @@
24 24
25void MHD_gtls_write_datum16 (opaque * dest, MHD_gnutls_datum_t dat); 25void MHD_gtls_write_datum16 (opaque * dest, MHD_gnutls_datum_t dat);
26void MHD_gtls_write_datum24 (opaque * dest, MHD_gnutls_datum_t dat); 26void MHD_gtls_write_datum24 (opaque * dest, MHD_gnutls_datum_t dat);
27void MHD_gtls_write_datum32 (opaque * dest, MHD_gnutls_datum_t dat);
28void MHD_gtls_write_datum8 (opaque * dest, MHD_gnutls_datum_t dat);
29 27
30int MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data, 28int MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data,
31 size_t data_size, MHD_gnutls_alloc_function); 29 size_t data_size, MHD_gnutls_alloc_function);
32#define MHD__gnutls_set_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_malloc) 30#define MHD__gnutls_set_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_malloc)
33#define MHD__gnutls_sset_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_secure_malloc) 31#define MHD__gnutls_sset_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_secure_malloc)
34 32
35int MHD_gtls_datum_append_m (MHD_gnutls_datum_t * dat, const void *data,
36 size_t data_size, MHD_gnutls_realloc_function);
37#define MHD__gnutls_datum_append(x,y,z) MHD_gtls_datum_append_m(x,y,z, MHD_gnutls_realloc) 33#define MHD__gnutls_datum_append(x,y,z) MHD_gtls_datum_append_m(x,y,z, MHD_gnutls_realloc)
38 34
39void MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat, 35void MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat,
diff --git a/src/daemon/https/tls/gnutls_extensions.c b/src/daemon/https/tls/gnutls_extensions.c
index b8892324..f6c947cb 100644
--- a/src/daemon/https/tls/gnutls_extensions.c
+++ b/src/daemon/https/tls/gnutls_extensions.c
@@ -64,12 +64,6 @@ MHD_gtls_extension_entry MHD_gtls_extensions[MAX_EXT_SIZE] = {
64 MHD_gtls_oprfi_recv_params, 64 MHD_gtls_oprfi_recv_params,
65 MHD_gtls_oprfi_send_params), 65 MHD_gtls_oprfi_send_params),
66#endif 66#endif
67#ifdef ENABLE_SRP
68 GNUTLS_EXTENSION_ENTRY (GNUTLS_EXTENSION_SRP,
69 EXTENSION_TLS,
70 MHD__gnutls_srp_recv_params,
71 MHD__gnutls_srp_send_params),
72#endif
73 {0, 0, 0, 0} 67 {0, 0, 0, 0}
74}; 68};
75 69
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
index a0ea34c8..45041ccd 100644
--- a/src/daemon/https/tls/gnutls_handshake.c
+++ b/src/daemon/https/tls/gnutls_handshake.c
@@ -1929,36 +1929,6 @@ MHD__gnutls_send_server_hello (MHD_gtls_session_t session, int again)
1929 1929
1930 datalen = 0; 1930 datalen = 0;
1931 1931
1932#ifdef ENABLE_SRP
1933 if (IS_SRP_KX
1934 (MHD_gtls_cipher_suite_get_kx_algo
1935 (&session->security_parameters.current_cipher_suite)))
1936 {
1937 /* While resuming we cannot check the username extension since it is
1938 * not available at this point. It will be copied on connection
1939 * state activation.
1940 */
1941 if (session->internals.resumed == RESUME_FALSE &&
1942 session->security_parameters.extensions.srp_username[0] == 0)
1943 {
1944 /* The peer didn't send a valid SRP extension with the
1945 * SRP username. The draft requires that we send a fatal
1946 * alert and abort.
1947 */
1948 MHD_gnutls_assert ();
1949 ret = MHD__gnutls_alert_send (session, GNUTLS_AL_FATAL,
1950 GNUTLS_A_UNKNOWN_PSK_IDENTITY);
1951 if (ret < 0)
1952 {
1953 MHD_gnutls_assert ();
1954 return ret;
1955 }
1956
1957 return GNUTLS_E_ILLEGAL_SRP_USERNAME;
1958 }
1959 }
1960#endif
1961
1962 if (again == 0) 1932 if (again == 0)
1963 { 1933 {
1964 datalen = 2 + session_id_len + 1 + TLS_RANDOM_SIZE + 3; 1934 datalen = 2 + session_id_len + 1 + TLS_RANDOM_SIZE + 3;
@@ -2807,22 +2777,6 @@ check_server_params (MHD_gtls_session_t session,
2807 if (delete == 1) 2777 if (delete == 1)
2808 return 1; 2778 return 1;
2809 2779
2810#ifdef ENABLE_PSK
2811 }
2812 else if (cred_type == MHD_GNUTLS_CRD_PSK)
2813 {
2814 MHD_gnutls_psk_server_credentials_t psk_cred =
2815 (MHD_gnutls_psk_server_credentials_t) MHD_gtls_get_cred (session->key,
2816 cred_type,
2817 NULL);
2818
2819 if (psk_cred != NULL)
2820 {
2821 dh_params =
2822 MHD_gtls_get_dh_params (psk_cred->dh_params,
2823 psk_cred->params_func, session);
2824 }
2825#endif
2826 } 2780 }
2827 else 2781 else
2828 return 0; /* no need for params */ 2782 return 0; /* no need for params */
@@ -2955,7 +2909,6 @@ MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session,
2955 SRP credential too. */ 2909 SRP credential too. */
2956 if (kx == MHD_GNUTLS_KX_SRP_RSA || kx == MHD_GNUTLS_KX_SRP_DSS) 2910 if (kx == MHD_GNUTLS_KX_SRP_RSA || kx == MHD_GNUTLS_KX_SRP_DSS)
2957 { 2911 {
2958 if (!MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_SRP, NULL))
2959 delete = 1; 2912 delete = 1;
2960 } 2913 }
2961 2914
diff --git a/src/daemon/https/tls/gnutls_mem.c b/src/daemon/https/tls/gnutls_mem.c
index 6f6086e5..44f1ccf5 100644
--- a/src/daemon/https/tls/gnutls_mem.c
+++ b/src/daemon/https/tls/gnutls_mem.c
@@ -32,7 +32,6 @@ MHD_gnutls_free_function MHD_gnutls_free = free;
32MHD_gnutls_realloc_function MHD_gnutls_realloc = realloc; 32MHD_gnutls_realloc_function MHD_gnutls_realloc = realloc;
33 33
34void *(*MHD_gnutls_calloc) (size_t, size_t) = calloc; 34void *(*MHD_gnutls_calloc) (size_t, size_t) = calloc;
35char *(*MHD_gnutls_strdup) (const char *) = MHD_gtls_strdup;
36 35
37int 36int
38MHD__gnutls_is_secure_mem_null (const void *ign) 37MHD__gnutls_is_secure_mem_null (const void *ign)
@@ -64,15 +63,3 @@ MHD_gtls_realloc_fast (void *ptr, size_t size)
64 63
65 return ret; 64 return ret;
66} 65}
67
68char *
69MHD_gtls_strdup (const char *str)
70{
71 size_t siz = strlen (str) + 1;
72 char *ret;
73
74 ret = MHD_gnutls_malloc (siz);
75 if (ret != NULL)
76 memcpy (ret, str, siz);
77 return ret;
78}
diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c
index 62bf3489..8d7b5269 100644
--- a/src/daemon/https/tls/gnutls_priority.c
+++ b/src/daemon/https/tls/gnutls_priority.c
@@ -32,40 +32,6 @@
32 32
33#define MAX_ELEMENTS 48 33#define MAX_ELEMENTS 48
34 34
35/**
36 * MHD__gnutls_cipher_set_priority - Sets the priority on the ciphers supported by gnutls.
37 * @session: is a #MHD_gtls_session_t structure.
38 * @list: is a 0 terminated list of enum MHD_GNUTLS_CipherAlgorithm elements.
39 *
40 * Sets the priority on the ciphers supported by gnutls.
41 * Priority is higher for elements specified before others.
42 * After specifying the ciphers you want, you must append a 0.
43 * Note that the priority is set on the client. The server does
44 * not use the algorithm's priority except for disabling
45 * algorithms that were not specified.
46 *
47 * Returns 0 on success.
48 *
49 **/
50int
51MHD__gnutls_cipher_set_priority (MHD_gtls_session_t session, const int *list)
52{
53 int num = 0, i;
54
55 while (list[num] != 0)
56 num++;
57 if (num > MAX_ALGOS)
58 num = MAX_ALGOS;
59 session->internals.priorities.cipher.num_algorithms = num;
60
61 for (i = 0; i < num; i++)
62 {
63 session->internals.priorities.cipher.priority[i] = list[i];
64 }
65
66 return 0;
67}
68
69static int 35static int
70_set_priority (MHD_gtls_priority_st * st, const int *list) 36_set_priority (MHD_gtls_priority_st * st, const int *list)
71{ 37{
@@ -78,129 +44,6 @@ _set_priority (MHD_gtls_priority_st * st, const int *list)
78 return 0; 44 return 0;
79} 45}
80 46
81/**
82 * MHD__gnutls_kx_set_priority - Sets the priority on the key exchange algorithms supported by gnutls.
83 * @session: is a #MHD_gtls_session_t structure.
84 * @list: is a 0 terminated list of enum MHD_GNUTLS_KeyExchangeAlgorithm elements.
85 *
86 * Sets the priority on the key exchange algorithms supported by gnutls.
87 * Priority is higher for elements specified before others.
88 * After specifying the algorithms you want, you must append a 0.
89 * Note that the priority is set on the client. The server does
90 * not use the algorithm's priority except for disabling
91 * algorithms that were not specified.
92 *
93 * Returns 0 on success.
94 *
95 **/
96int
97MHD__gnutls_kx_set_priority (MHD_gtls_session_t session, const int *list)
98{
99 return _set_priority (&session->internals.priorities.kx, list);
100}
101
102/**
103 * MHD__gnutls_mac_set_priority - Sets the priority on the mac algorithms supported by gnutls.
104 * @session: is a #MHD_gtls_session_t structure.
105 * @list: is a 0 terminated list of enum MHD_GNUTLS_HashAlgorithm elements.
106 *
107 * Sets the priority on the mac algorithms supported by gnutls.
108 * Priority is higher for elements specified before others.
109 * After specifying the algorithms you want, you must append a 0.
110 * Note that the priority is set on the client. The server does
111 * not use the algorithm's priority except for disabling
112 * algorithms that were not specified.
113 *
114 * Returns 0 on success.
115 *
116 **/
117int
118MHD__gnutls_mac_set_priority (MHD_gtls_session_t session, const int *list)
119{
120 return _set_priority (&session->internals.priorities.mac, list);
121}
122
123/**
124 * MHD__gnutls_compression_set_priority - Sets the priority on the compression algorithms supported by gnutls.
125 * @session: is a #MHD_gtls_session_t structure.
126 * @list: is a 0 terminated list of enum MHD_GNUTLS_CompressionMethod elements.
127 *
128 * Sets the priority on the compression algorithms supported by gnutls.
129 * Priority is higher for elements specified before others.
130 * After specifying the algorithms you want, you must append a 0.
131 * Note that the priority is set on the client. The server does
132 * not use the algorithm's priority except for disabling
133 * algorithms that were not specified.
134 *
135 * TLS 1.0 does not define any compression algorithms except
136 * NULL. Other compression algorithms are to be considered
137 * as gnutls extensions.
138 *
139 * Returns 0 on success.
140 *
141 **/
142int
143MHD__gnutls_compression_set_priority (MHD_gtls_session_t session,
144 const int *list)
145{
146 return _set_priority (&session->internals.priorities.compression, list);
147}
148
149/**
150 * MHD__gnutls_protocol_set_priority - Sets the priority on the protocol versions supported by gnutls.
151 * @session: is a #MHD_gtls_session_t structure.
152 * @list: is a 0 terminated list of enum MHD_GNUTLS_Protocol elements.
153 *
154 * Sets the priority on the protocol versions supported by gnutls.
155 * This function actually enables or disables protocols. Newer protocol
156 * versions always have highest priority.
157 *
158 * Returns 0 on success.
159 *
160 **/
161int
162MHD__gnutls_protocol_set_priority (MHD_gtls_session_t session,
163 const int *list)
164{
165 int ret;
166
167 ret = _set_priority (&session->internals.priorities.protocol, list);
168 /* set the current version to the first in the chain.
169 * This will be overridden later.
170 */
171 MHD_gtls_set_current_version (session, list[0]);
172
173 return ret;
174}
175
176/**
177 * MHD__gnutls_certificate_type_set_priority - Sets the priority on the certificate types supported by gnutls.
178 * @session: is a #MHD_gtls_session_t structure.
179 * @list: is a 0 terminated list of enum MHD_GNUTLS_CertificateType elements.
180 *
181 * Sets the priority on the certificate types supported by gnutls.
182 * Priority is higher for elements specified before others.
183 * After specifying the types you want, you must append a 0.
184 * Note that the certificate type priority is set on the client.
185 * The server does not use the cert type priority except for disabling
186 * types that were not specified.
187 *
188 * Returns 0 on success.
189 *
190 **/
191int
192MHD__gnutls_certificate_type_set_priority (MHD_gtls_session_t session,
193 const int *list)
194{
195#if ENABLE_OPENPGP
196 return _set_priority (&session->internals.priorities.cert_type, list);
197#else
198
199 return GNUTLS_E_UNIMPLEMENTED_FEATURE;
200
201#endif
202}
203
204static const int MHD_gtls_protocol_priority[] = { MHD_GNUTLS_PROTOCOL_TLS1_1, 47static const int MHD_gtls_protocol_priority[] = { MHD_GNUTLS_PROTOCOL_TLS1_1,
205 MHD_GNUTLS_PROTOCOL_TLS1_0, 48 MHD_GNUTLS_PROTOCOL_TLS1_0,
206 MHD_GNUTLS_PROTOCOL_SSL3, 49 MHD_GNUTLS_PROTOCOL_SSL3,
diff --git a/src/daemon/https/tls/gnutls_record.c b/src/daemon/https/tls/gnutls_record.c
index 80d5f70f..e1667105 100644
--- a/src/daemon/https/tls/gnutls_record.c
+++ b/src/daemon/https/tls/gnutls_record.c
@@ -81,24 +81,6 @@ MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num)
81} 81}
82 82
83/** 83/**
84 * MHD_gtls_record_disable_padding - Used to disabled padding in TLS 1.0 and above
85 * @session: is a #MHD_gtls_session_t structure.
86 *
87 * Used to disabled padding in TLS 1.0 and above. Normally you do
88 * not need to use this function, but there are buggy clients that
89 * complain if a server pads the encrypted data. This of course will
90 * disable protection against statistical attacks on the data.
91 *
92 * Normally only servers that require maximum compatibility with everything
93 * out there, need to call this function.
94 **/
95void
96MHD_gtls_record_disable_padding (MHD_gtls_session_t session)
97{
98 session->internals.priorities.no_padding = 1;
99}
100
101/**
102 * MHD__gnutls_transport_set_ptr - Used to set first argument of the transport functions 84 * MHD__gnutls_transport_set_ptr - Used to set first argument of the transport functions
103 * @session: is a #MHD_gtls_session_t structure. 85 * @session: is a #MHD_gtls_session_t structure.
104 * @ptr: is the value. 86 * @ptr: is the value.
@@ -116,26 +98,6 @@ MHD__gnutls_transport_set_ptr (MHD_gtls_session_t session,
116} 98}
117 99
118/** 100/**
119 * MHD__gnutls_transport_set_ptr2 - Used to set first argument of the transport functions
120 * @session: is a #MHD_gtls_session_t structure.
121 * @recv_ptr: is the value for the pull function
122 * @send_ptr: is the value for the push function
123 *
124 * Used to set the first argument of the transport function (like
125 * PUSH and PULL). In berkeley style sockets this function will set
126 * the connection handle. With this function you can use two
127 * different pointers for receiving and sending.
128 **/
129void
130MHD__gnutls_transport_set_ptr2 (MHD_gtls_session_t session,
131 MHD_gnutls_transport_ptr_t recv_ptr,
132 MHD_gnutls_transport_ptr_t send_ptr)
133{
134 session->internals.transport_send_ptr = send_ptr;
135 session->internals.transport_recv_ptr = recv_ptr;
136}
137
138/**
139 * MHD__gnutls_bye - This function terminates the current TLS/SSL connection. 101 * MHD__gnutls_bye - This function terminates the current TLS/SSL connection.
140 * @session: is a #MHD_gtls_session_t structure. 102 * @session: is a #MHD_gtls_session_t structure.
141 * @how: is an integer 103 * @how: is an integer
@@ -1128,59 +1090,3 @@ MHD__gnutls_record_recv (MHD_gtls_session_t session, void *data,
1128 sizeofdata); 1090 sizeofdata);
1129} 1091}
1130 1092
1131/**
1132 * MHD__gnutls_record_get_max_size - returns the maximum record size
1133 * @session: is a #MHD_gtls_session_t structure.
1134 *
1135 * This function returns the maximum record packet size in this
1136 * connection. The maximum record size is negotiated by the client
1137 * after the first handshake message.
1138 **/
1139size_t
1140MHD__gnutls_record_get_max_size (MHD_gtls_session_t session)
1141{
1142 /* Recv will hold the negotiated max record size
1143 * always.
1144 */
1145 return session->security_parameters.max_record_recv_size;
1146}
1147
1148/**
1149 * MHD__gnutls_record_set_max_size - sets the maximum record size
1150 * @session: is a #MHD_gtls_session_t structure.
1151 * @size: is the new size
1152 *
1153 * This function sets the maximum record packet size in this
1154 * connection. This property can only be set to clients. The server
1155 * may choose not to accept the requested size.
1156 *
1157 * Acceptable values are 512(=2^9), 1024(=2^10), 2048(=2^11) and
1158 * 4096(=2^12). Returns 0 on success. The requested record size does
1159 * get in effect immediately only while sending data. The receive
1160 * part will take effect after a successful handshake.
1161 *
1162 * This function uses a TLS extension called 'max record size'. Not
1163 * all TLS implementations use or even understand this extension.
1164 **/
1165ssize_t
1166MHD__gnutls_record_set_max_size (MHD_gtls_session_t session, size_t size)
1167{
1168 ssize_t new_size;
1169
1170 if (session->security_parameters.entity == GNUTLS_SERVER)
1171 return GNUTLS_E_INVALID_REQUEST;
1172
1173 new_size = MHD_gtls_mre_record2num (size);
1174
1175 if (new_size < 0)
1176 {
1177 MHD_gnutls_assert ();
1178 return new_size;
1179 }
1180
1181 session->security_parameters.max_record_send_size = size;
1182
1183 session->internals.proposed_record_size = size;
1184
1185 return 0;
1186}
diff --git a/src/daemon/https/tls/gnutls_session.c b/src/daemon/https/tls/gnutls_session.c
deleted file mode 100644
index b7ba3764..00000000
--- a/src/daemon/https/tls/gnutls_session.c
+++ /dev/null
@@ -1,71 +0,0 @@
1/*
2 * Copyright (C) 2000, 2003, 2004, 2005, 2007 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24#include "gnutls_int.h"
25#include "gnutls_errors.h"
26#include "debug.h"
27#include "gnutls_session_pack.h"
28#include <gnutls_datum.h>
29
30/* TODO this file should be removed if session resumption will be abandoned */
31
32/**
33 * MHD_gtls_session_get_id - Returns session id.
34 * @session: is a #MHD_gtls_session_t structure.
35 * @session_id: is a pointer to space to hold the session id.
36 * @session_id_size: is the session id's size, or it will be set by the function.
37 *
38 * Returns the current session id. This can be used if you want to check if
39 * the next session you tried to resume was actually resumed.
40 * This is because resumed sessions have the same sessionID with the
41 * original session.
42 *
43 * Session id is some data set by the server, that identify the current session.
44 * In TLS 1.0 and SSL 3.0 session id is always less than 32 bytes.
45 *
46 * Returns zero on success.
47 **/
48int
49MHD_gtls_session_get_id (MHD_gtls_session_t session,
50 void *session_id, size_t * session_id_size)
51{
52 size_t given_session_id_size = *session_id_size;
53
54 *session_id_size = session->security_parameters.session_id_size;
55
56 /* just return the session size */
57 if (session_id == NULL)
58 {
59 return 0;
60 }
61
62 if (given_session_id_size < session->security_parameters.session_id_size)
63 {
64 return GNUTLS_E_SHORT_MEMORY_BUFFER;
65 }
66
67 memcpy (session_id, &session->security_parameters.session_id,
68 *session_id_size);
69
70 return 0;
71}
diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c
deleted file mode 100644
index be80bfb7..00000000
--- a/src/daemon/https/tls/gnutls_session_pack.c
+++ /dev/null
@@ -1,1025 +0,0 @@
1/*
2 * Copyright (C) 2000, 2004, 2005, 2007 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25/* Contains functions that are supposed to pack and unpack session data,
26 * before and after they are sent to the database backend.
27 */
28
29#include <gnutls_int.h>
30#ifdef ENABLE_SRP
31# include <auth_srp.h>
32#endif
33#ifdef ENABLE_PSK
34# include <auth_psk.h>
35#endif
36#include <auth_cert.h>
37#include <gnutls_errors.h>
38#include <gnutls_auth_int.h>
39#include <gnutls_session_pack.h>
40#include <gnutls_datum.h>
41#include <gnutls_num.h>
42
43#define PACK_HEADER_SIZE 1
44#define MAX_SEC_PARAMS 7+MAX_SRP_USERNAME+MAX_SERVER_NAME_EXTENSIONS*(3+MAX_SERVER_NAME_SIZE)+165
45static int pack_certificate_auth_info (MHD_gtls_session_t,
46 MHD_gnutls_datum_t * packed_session);
47static int unpack_certificate_auth_info (MHD_gtls_session_t,
48 const MHD_gnutls_datum_t *
49 packed_session);
50
51static int unpack_security_parameters (MHD_gtls_session_t session,
52 const MHD_gnutls_datum_t *
53 packed_session);
54static int pack_security_parameters (MHD_gtls_session_t session,
55 MHD_gnutls_datum_t * packed_session);
56
57/* Since auth_info structures contain malloced data, this function
58 * is required in order to pack these structures in a vector in
59 * order to store them to the DB.
60 *
61 * packed_session will contain the session data.
62 *
63 * The data will be in a platform independent format.
64 */
65int
66MHD_gtls_session_pack (MHD_gtls_session_t session,
67 MHD_gnutls_datum_t * packed_session)
68{
69 int ret;
70
71 if (packed_session == NULL)
72 {
73 MHD_gnutls_assert ();
74 return GNUTLS_E_INTERNAL_ERROR;
75 }
76
77
78 switch (MHD_gtls_auth_get_type (session))
79 {
80#ifdef ENABLE_SRP
81 case MHD_GNUTLS_CRD_SRP:
82 ret = pack_srp_auth_info (session, packed_session);
83 if (ret < 0)
84 {
85 MHD_gnutls_assert ();
86 return ret;
87 }
88 break;
89#endif
90#ifdef ENABLE_PSK
91 case MHD_GNUTLS_CRD_PSK:
92 ret = pack_psk_auth_info (session, packed_session);
93 if (ret < 0)
94 {
95 MHD_gnutls_assert ();
96 return ret;
97 }
98 break;
99#endif
100 case MHD_GNUTLS_CRD_CERTIFICATE:
101 ret = pack_certificate_auth_info (session, packed_session);
102 if (ret < 0)
103 {
104 MHD_gnutls_assert ();
105 return ret;
106 }
107 break;
108 default:
109 return GNUTLS_E_INTERNAL_ERROR;
110
111 }
112
113 /* Auth_info structures copied. Now copy MHD_gtls_security_param_st.
114 * packed_session must have allocated space for the security parameters.
115 */
116 ret = pack_security_parameters (session, packed_session);
117 if (ret < 0)
118 {
119 MHD_gnutls_assert ();
120 MHD__gnutls_free_datum (packed_session);
121 return ret;
122 }
123
124 return 0;
125}
126
127
128/* Load session data from a buffer.
129 */
130int
131MHD_gtls_session_unpack (MHD_gtls_session_t session,
132 const MHD_gnutls_datum_t * packed_session)
133{
134 int ret;
135
136 if (packed_session == NULL || packed_session->size == 0)
137 {
138 MHD_gnutls_assert ();
139 return GNUTLS_E_INTERNAL_ERROR;
140 }
141
142 if (MHD_gtls_get_auth_info (session) != NULL)
143 {
144 MHD_gtls_free_auth_info (session);
145 }
146
147 switch (packed_session->data[0])
148 {
149#ifdef ENABLE_SRP
150 case MHD_GNUTLS_CRD_SRP:
151 ret = unpack_srp_auth_info (session, packed_session);
152 if (ret < 0)
153 {
154 MHD_gnutls_assert ();
155 return ret;
156 }
157 break;
158#endif
159#ifdef ENABLE_PSK
160 case MHD_GNUTLS_CRD_PSK:
161 ret = unpack_psk_auth_info (session, packed_session);
162 if (ret < 0)
163 {
164 MHD_gnutls_assert ();
165 return ret;
166 }
167 break;
168#endif
169 case MHD_GNUTLS_CRD_CERTIFICATE:
170 ret = unpack_certificate_auth_info (session, packed_session);
171 if (ret < 0)
172 {
173 MHD_gnutls_assert ();
174 return ret;
175 }
176 break;
177 default:
178 MHD_gnutls_assert ();
179 return GNUTLS_E_INTERNAL_ERROR;
180
181 }
182
183 /* Auth_info structures copied. Now copy MHD_gtls_security_param_st.
184 * packed_session must have allocated space for the security parameters.
185 */
186 ret = unpack_security_parameters (session, packed_session);
187 if (ret < 0)
188 {
189 MHD_gnutls_assert ();
190 return ret;
191 }
192
193 return 0;
194}
195
196
197/* Format:
198 * 1 byte the credentials type
199 * 4 bytes the size of the whole structure
200 * DH stuff
201 * 2 bytes the size of secret key in bits
202 * 4 bytes the size of the prime
203 * x bytes the prime
204 * 4 bytes the size of the generator
205 * x bytes the generator
206 * 4 bytes the size of the public key
207 * x bytes the public key
208 * RSA stuff
209 * 4 bytes the size of the modulus
210 * x bytes the modulus
211 * 4 bytes the size of the exponent
212 * x bytes the exponent
213 * CERTIFICATES
214 * 4 bytes the length of the certificate list
215 * 4 bytes the size of first certificate
216 * x bytes the certificate
217 * and so on...
218 */
219static int
220pack_certificate_auth_info (MHD_gtls_session_t session,
221 MHD_gnutls_datum_t * packed_session)
222{
223 unsigned int pos = 0, i;
224 int cert_size, pack_size;
225 cert_auth_info_t info = MHD_gtls_get_auth_info (session);
226
227 if (info)
228 {
229 cert_size = 4;
230
231 for (i = 0; i < info->ncerts; i++)
232 cert_size += 4 + info->raw_certificate_list[i].size;
233
234 pack_size = 2 + 4 + info->dh.prime.size +
235 4 + info->dh.generator.size + 4 + info->dh.public_key.size +
236 4 + info->rsa_export.modulus.size +
237 4 + info->rsa_export.exponent.size + cert_size;
238 }
239 else
240 pack_size = 0;
241
242 packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
243
244 /* calculate the size and allocate the data.
245 */
246 packed_session->data =
247 MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
248
249 if (packed_session->data == NULL)
250 {
251 MHD_gnutls_assert ();
252 return GNUTLS_E_MEMORY_ERROR;
253 }
254
255 packed_session->data[0] = MHD_GNUTLS_CRD_CERTIFICATE;
256 MHD_gtls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]);
257 pos += 4 + PACK_HEADER_SIZE;
258
259
260 if (pack_size > 0)
261 {
262
263 MHD_gtls_write_uint16 (info->dh.secret_bits,
264 &packed_session->data[pos]);
265 pos += 2;
266
267 MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime);
268 pos += 4 + info->dh.prime.size;
269 MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator);
270 pos += 4 + info->dh.generator.size;
271 MHD_gtls_write_datum32 (&packed_session->data[pos],
272 info->dh.public_key);
273 pos += 4 + info->dh.public_key.size;
274
275 MHD_gtls_write_datum32 (&packed_session->data[pos],
276 info->rsa_export.modulus);
277 pos += 4 + info->rsa_export.modulus.size;
278 MHD_gtls_write_datum32 (&packed_session->data[pos],
279 info->rsa_export.exponent);
280 pos += 4 + info->rsa_export.exponent.size;
281
282 MHD_gtls_write_uint32 (info->ncerts, &packed_session->data[pos]);
283 pos += 4;
284
285 for (i = 0; i < info->ncerts; i++)
286 {
287 MHD_gtls_write_datum32 (&packed_session->data[pos],
288 info->raw_certificate_list[i]);
289 pos += sizeof (uint32_t) + info->raw_certificate_list[i].size;
290 }
291 }
292
293 return 0;
294}
295
296
297/* Upack certificate info.
298 */
299static int
300unpack_certificate_auth_info (MHD_gtls_session_t session,
301 const MHD_gnutls_datum_t * packed_session)
302{
303 int pos = 0, size, ret;
304 unsigned int i = 0, j;
305 size_t pack_size;
306 cert_auth_info_t info;
307
308 if (packed_session->data[0] != MHD_GNUTLS_CRD_CERTIFICATE)
309 {
310 MHD_gnutls_assert ();
311 return GNUTLS_E_INVALID_REQUEST;
312 }
313
314 pack_size = MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
315 pos += PACK_HEADER_SIZE + 4;
316
317 if (pack_size == 0)
318 return 0; /* nothing to be done */
319
320 /* a simple check for integrity */
321 if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size)
322 {
323 MHD_gnutls_assert ();
324 return GNUTLS_E_INVALID_REQUEST;
325 }
326
327 /* client and server have the same auth_info here
328 */
329 ret =
330 MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
331 sizeof (cert_auth_info_st), 1);
332 if (ret < 0)
333 {
334 MHD_gnutls_assert ();
335 return ret;
336 }
337
338 info = MHD_gtls_get_auth_info (session);
339 if (info == NULL)
340 {
341 MHD_gnutls_assert ();
342 return GNUTLS_E_INTERNAL_ERROR;
343 }
344
345 info->dh.secret_bits = MHD_gtls_read_uint16 (&packed_session->data[pos]);
346 pos += 2;
347
348 size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
349 pos += 4;
350 ret =
351 MHD__gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size);
352 if (ret < 0)
353 {
354 MHD_gnutls_assert ();
355 goto error;
356 }
357 pos += size;
358
359 size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
360 pos += 4;
361 ret =
362 MHD__gnutls_set_datum (&info->dh.generator, &packed_session->data[pos],
363 size);
364 if (ret < 0)
365 {
366 MHD_gnutls_assert ();
367 goto error;
368 }
369 pos += size;
370
371 size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
372 pos += 4;
373 ret =
374 MHD__gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos],
375 size);
376 if (ret < 0)
377 {
378 MHD_gnutls_assert ();
379 goto error;
380 }
381 pos += size;
382
383 size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
384 pos += 4;
385 ret =
386 MHD__gnutls_set_datum (&info->rsa_export.modulus,
387 &packed_session->data[pos], size);
388 if (ret < 0)
389 {
390 MHD_gnutls_assert ();
391 goto error;
392 }
393 pos += size;
394
395 size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
396 pos += 4;
397 ret =
398 MHD__gnutls_set_datum (&info->rsa_export.exponent,
399 &packed_session->data[pos], size);
400 if (ret < 0)
401 {
402 MHD_gnutls_assert ();
403 goto error;
404 }
405 pos += size;
406
407 info->ncerts = MHD_gtls_read_uint32 (&packed_session->data[pos]);
408 pos += 4;
409
410 if (info->ncerts > 0)
411 {
412 info->raw_certificate_list =
413 MHD_gnutls_calloc (1, sizeof (MHD_gnutls_datum_t) * info->ncerts);
414 if (info->raw_certificate_list == NULL)
415 {
416 MHD_gnutls_assert ();
417 ret = GNUTLS_E_MEMORY_ERROR;
418 goto error;
419 }
420 }
421
422 for (i = 0; i < info->ncerts; i++)
423 {
424 size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
425 pos += sizeof (uint32_t);
426
427 ret =
428 MHD__gnutls_set_datum (&info->raw_certificate_list[i],
429 &packed_session->data[pos], size);
430 pos += size;
431
432 if (ret < 0)
433 {
434 MHD_gnutls_assert ();
435 goto error;
436 }
437 }
438
439
440 return 0;
441
442error:
443 MHD__gnutls_free_datum (&info->dh.prime);
444 MHD__gnutls_free_datum (&info->dh.generator);
445 MHD__gnutls_free_datum (&info->dh.public_key);
446
447 MHD__gnutls_free_datum (&info->rsa_export.modulus);
448 MHD__gnutls_free_datum (&info->rsa_export.exponent);
449
450 for (j = 0; j < i; j++)
451 MHD__gnutls_free_datum (&info->raw_certificate_list[j]);
452
453 MHD_gnutls_free (info->raw_certificate_list);
454
455 return ret;
456
457}
458
459#ifdef ENABLE_SRP
460/* Packs the SRP session authentication data.
461 */
462
463/* Format:
464 * 1 byte the credentials type
465 * 4 bytes the size of the SRP username (x)
466 * x bytes the SRP username
467 */
468static int
469pack_srp_auth_info (MHD_gtls_session_t session,
470 MHD_gnutls_datum_t * packed_session)
471{
472 srp_server_auth_info_t info = MHD_gtls_get_auth_info (session);
473 int pack_size;
474
475 if (info && info->username)
476 pack_size = strlen (info->username) + 1; /* include the terminating null */
477 else
478 pack_size = 0;
479
480 packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
481
482 /* calculate the size and allocate the data.
483 */
484 packed_session->data =
485 MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
486
487 if (packed_session->data == NULL)
488 {
489 MHD_gnutls_assert ();
490 return GNUTLS_E_MEMORY_ERROR;
491 }
492
493 packed_session->data[0] = MHD_GNUTLS_CRD_SRP;
494 MHD_gtls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]);
495
496 if (pack_size > 0)
497 memcpy (&packed_session->data[PACK_HEADER_SIZE + sizeof (uint32_t)],
498 info->username, pack_size + 1);
499
500 return 0;
501}
502
503
504static int
505unpack_srp_auth_info (MHD_gtls_session_t session,
506 const MHD_gnutls_datum_t * packed_session)
507{
508 size_t username_size;
509 int ret;
510 srp_server_auth_info_t info;
511
512 if (packed_session->data[0] != MHD_GNUTLS_CRD_SRP)
513 {
514 MHD_gnutls_assert ();
515 return GNUTLS_E_INVALID_REQUEST;
516 }
517
518 username_size =
519 MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
520
521 if (username_size == 0)
522 return 0; /* nothing to be done */
523
524 /* a simple check for integrity */
525 if (username_size + 4 + PACK_HEADER_SIZE > packed_session->size)
526 {
527 MHD_gnutls_assert ();
528 return GNUTLS_E_INVALID_REQUEST;
529 }
530
531 ret =
532 MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_SRP,
533 sizeof (srp_server_auth_info_st), 1);
534 if (ret < 0)
535 {
536 MHD_gnutls_assert ();
537 return ret;
538 }
539
540 info = MHD_gtls_get_auth_info (session);
541 if (info == NULL)
542 {
543 MHD_gnutls_assert ();
544 return GNUTLS_E_INTERNAL_ERROR;
545 }
546
547 memcpy (info->username,
548 &packed_session->data[PACK_HEADER_SIZE + sizeof (uint32_t)],
549 username_size);
550
551 return 0;
552}
553#endif
554
555
556
557#ifdef ENABLE_PSK
558/* Packs the PSK session authentication data.
559 */
560
561/* Format:
562 * 1 byte the credentials type
563 * 4 bytes the size of the whole structure
564 * 4 bytes the size of the PSK username (x)
565 * x bytes the PSK username
566 * 2 bytes the size of secret key in bits
567 * 4 bytes the size of the prime
568 * x bytes the prime
569 * 4 bytes the size of the generator
570 * x bytes the generator
571 * 4 bytes the size of the public key
572 * x bytes the public key
573 */
574static int
575pack_psk_auth_info (MHD_gtls_session_t session,
576 MHD_gnutls_datum_t * packed_session)
577{
578 psk_auth_info_t info;
579 int pack_size, username_size = 0, pos;
580
581 info = MHD_gtls_get_auth_info (session);
582
583 if (info)
584 {
585 username_size = strlen (info->username) + 1; /* include the terminating null */
586 pack_size = username_size +
587 2 + 4 * 3 + info->dh.prime.size + info->dh.generator.size +
588 info->dh.public_key.size;
589 }
590 else
591 pack_size = 0;
592
593 packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
594
595 /* calculate the size and allocate the data.
596 */
597 packed_session->data =
598 MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
599
600 if (packed_session->data == NULL)
601 {
602 MHD_gnutls_assert ();
603 return GNUTLS_E_MEMORY_ERROR;
604 }
605
606 pos = 0;
607
608 packed_session->data[pos] = MHD_GNUTLS_CRD_PSK;
609 pos++;
610
611 MHD_gtls_write_uint32 (pack_size, &packed_session->data[pos]);
612 pos += 4;
613
614
615 if (pack_size > 0)
616 {
617 MHD_gtls_write_uint32 (username_size, &packed_session->data[pos]);
618 pos += 4;
619
620 memcpy (&packed_session->data[pos], info->username, username_size);
621 pos += username_size;
622
623 MHD_gtls_write_uint16 (info->dh.secret_bits,
624 &packed_session->data[pos]);
625 pos += 2;
626
627 MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime);
628 pos += 4 + info->dh.prime.size;
629 MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator);
630 pos += 4 + info->dh.generator.size;
631 MHD_gtls_write_datum32 (&packed_session->data[pos],
632 info->dh.public_key);
633 pos += 4 + info->dh.public_key.size;
634
635 }
636
637
638 return 0;
639}
640
641static int
642unpack_psk_auth_info (MHD_gtls_session_t session,
643 const MHD_gnutls_datum_t * packed_session)
644{
645 size_t username_size;
646 size_t pack_size;
647 int pos = 0, size, ret;
648 psk_auth_info_t info;
649
650 if (packed_session->data[0] != MHD_GNUTLS_CRD_PSK)
651 {
652 MHD_gnutls_assert ();
653 return GNUTLS_E_INVALID_REQUEST;
654 }
655
656 pack_size = MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
657 pos += PACK_HEADER_SIZE + 4;
658
659
660 if (pack_size == 0)
661 return 0; /* nothing to be done */
662
663 /* a simple check for integrity */
664 if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size)
665 {
666 MHD_gnutls_assert ();
667 return GNUTLS_E_INVALID_REQUEST;
668 }
669
670 /* client and serer have the same auth_info here
671 */
672 ret =
673 MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_PSK,
674 sizeof (psk_auth_info_st), 1);
675 if (ret < 0)
676 {
677 MHD_gnutls_assert ();
678 return ret;
679 }
680
681 info = MHD_gtls_get_auth_info (session);
682 if (info == NULL)
683 {
684 MHD_gnutls_assert ();
685 return GNUTLS_E_INTERNAL_ERROR;
686 }
687
688 username_size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
689 pos += 4;
690
691 memcpy (info->username, &packed_session->data[pos], username_size);
692 pos += username_size;
693
694 info->dh.secret_bits = MHD_gtls_read_uint16 (&packed_session->data[pos]);
695 pos += 2;
696
697 size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
698 pos += 4;
699 ret =
700 MHD__gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size);
701 if (ret < 0)
702 {
703 MHD_gnutls_assert ();
704 goto error;
705 }
706 pos += size;
707
708 size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
709 pos += 4;
710 ret =
711 MHD__gnutls_set_datum (&info->dh.generator, &packed_session->data[pos],
712 size);
713 if (ret < 0)
714 {
715 MHD_gnutls_assert ();
716 goto error;
717 }
718 pos += size;
719
720 size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
721 pos += 4;
722 ret =
723 MHD__gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos],
724 size);
725 if (ret < 0)
726 {
727 MHD_gnutls_assert ();
728 goto error;
729 }
730 pos += size;
731
732 return 0;
733
734error:
735 MHD__gnutls_free_datum (&info->dh.prime);
736 MHD__gnutls_free_datum (&info->dh.generator);
737 MHD__gnutls_free_datum (&info->dh.public_key);
738 return ret;
739}
740#endif
741
742
743/* Packs the security parameters.
744 */
745
746/* Format:
747 * 4 bytes the total security data size
748 * 1 byte the entity type (client/server)
749 * 1 byte the key exchange algorithm used
750 * 1 byte the read cipher algorithm
751 * 1 byte the read mac algorithm
752 * 1 byte the read compression algorithm
753 *
754 * 1 byte the write cipher algorithm
755 * 1 byte the write mac algorithm
756 * 1 byte the write compression algorithm
757 *
758 * 1 byte the certificate type
759 * 1 byte the protocol version
760 *
761 * 2 bytes the cipher suite
762 *
763 * 48 bytes the master secret
764 *
765 * 32 bytes the client random
766 * 32 bytes the server random
767 *
768 * 1 byte the session ID size
769 * x bytes the session ID (32 bytes max)
770 *
771 * 4 bytes a timestamp
772 * -------------------
773 * MAX: 165 bytes
774 *
775 * EXTENSIONS:
776 * 2 bytes the record send size
777 * 2 bytes the record recv size
778 *
779 * 1 byte the SRP username size
780 * x bytes the SRP username (MAX_SRP_USERNAME)
781 *
782 * 2 bytes the number of server name extensions (up to MAX_SERVER_NAME_EXTENSIONS)
783 * 1 byte the first name type
784 * 2 bytes the size of the first name
785 * x bytes the first name (MAX_SERVER_NAME_SIZE)
786 * and so on...
787 *
788 * --------------------
789 * MAX: 7+MAX_SRP_USERNAME+MAX_SERVER_NAME_EXTENSIONS*(3+MAX_SERVER_NAME_SIZE)
790 */
791static int
792pack_security_parameters (MHD_gtls_session_t session,
793 MHD_gnutls_datum_t * packed_session)
794{
795 int pos = 0;
796 size_t len, init, i;
797
798 /* move after the auth info stuff.
799 */
800 init =
801 MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]) + 4 +
802 PACK_HEADER_SIZE;
803
804 pos = init + 4; /* make some space to write later the size */
805
806 packed_session->data[pos++] = session->security_parameters.entity;
807 packed_session->data[pos++] = session->security_parameters.kx_algorithm;
808 packed_session->data[pos++] =
809 session->security_parameters.read_bulk_cipher_algorithm;
810 packed_session->data[pos++] =
811 session->security_parameters.read_mac_algorithm;
812 packed_session->data[pos++] =
813 session->security_parameters.read_compression_algorithm;
814 packed_session->data[pos++] =
815 session->security_parameters.write_bulk_cipher_algorithm;
816 packed_session->data[pos++] =
817 session->security_parameters.write_mac_algorithm;
818 packed_session->data[pos++] =
819 session->security_parameters.write_compression_algorithm;
820 packed_session->data[pos++] =
821 session->security_parameters.current_cipher_suite.suite[0];
822 packed_session->data[pos++] =
823 session->security_parameters.current_cipher_suite.suite[1];
824
825 packed_session->data[pos++] = session->security_parameters.cert_type;
826 packed_session->data[pos++] = session->security_parameters.version;
827
828 memcpy (&packed_session->data[pos],
829 session->security_parameters.master_secret, TLS_MASTER_SIZE);
830 pos += TLS_MASTER_SIZE;
831
832 memcpy (&packed_session->data[pos],
833 session->security_parameters.client_random, TLS_RANDOM_SIZE);
834 pos += TLS_RANDOM_SIZE;
835 memcpy (&packed_session->data[pos],
836 session->security_parameters.server_random, TLS_RANDOM_SIZE);
837 pos += TLS_RANDOM_SIZE;
838
839 packed_session->data[pos++] = session->security_parameters.session_id_size;
840 memcpy (&packed_session->data[pos], session->security_parameters.session_id,
841 session->security_parameters.session_id_size);
842 pos += session->security_parameters.session_id_size;
843
844 MHD_gtls_write_uint32 (session->security_parameters.timestamp,
845 &packed_session->data[pos]);
846 pos += 4;
847
848 /* Extensions */
849 MHD_gtls_write_uint16 (session->security_parameters.max_record_send_size,
850 &packed_session->data[pos]);
851 pos += 2;
852
853 MHD_gtls_write_uint16 (session->security_parameters.max_record_recv_size,
854 &packed_session->data[pos]);
855 pos += 2;
856
857 /* SRP */
858 len =
859 strlen ((char *) session->security_parameters.extensions.srp_username);
860 packed_session->data[pos++] = len;
861 memcpy (&packed_session->data[pos],
862 session->security_parameters.extensions.srp_username, len);
863 pos += len;
864
865 MHD_gtls_write_uint16 (session->security_parameters.
866 extensions.server_names_size,
867 &packed_session->data[pos]);
868 pos += 2;
869
870 for (i = 0; i < session->security_parameters.extensions.server_names_size;
871 i++)
872 {
873 packed_session->data[pos++] =
874 session->security_parameters.extensions.server_names[i].type;
875 MHD_gtls_write_uint16 (session->security_parameters.
876 extensions.server_names[i].name_length,
877 &packed_session->data[pos]);
878 pos += 2;
879
880 memcpy (&packed_session->data[pos],
881 session->security_parameters.extensions.server_names[i].name,
882 session->security_parameters.extensions.
883 server_names[i].name_length);
884 pos +=
885 session->security_parameters.extensions.server_names[i].name_length;
886 }
887
888 /* write the total size */
889 MHD_gtls_write_uint32 (pos - init - 4, &packed_session->data[init]);
890 packed_session->size += pos - init;
891
892 return 0;
893}
894
895
896static int
897unpack_security_parameters (MHD_gtls_session_t session,
898 const MHD_gnutls_datum_t * packed_session)
899{
900 size_t pack_size, init, i;
901 int pos = 0, len;
902 time_t timestamp = time (0);
903
904
905 /* skip the auth info stuff */
906 init =
907 MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]) + 4 +
908 PACK_HEADER_SIZE;
909
910 pos = init;
911
912 pack_size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
913 pos += 4;
914
915
916 if (pack_size == 0)
917 return GNUTLS_E_INVALID_REQUEST;
918
919 /* a simple check for integrity */
920 if (pack_size > MAX_SEC_PARAMS)
921 {
922 MHD_gnutls_assert ();
923 return GNUTLS_E_INVALID_REQUEST;
924 }
925
926 session->internals.resumed_security_parameters.entity =
927 packed_session->data[pos++];
928 session->internals.resumed_security_parameters.kx_algorithm =
929 packed_session->data[pos++];
930 session->internals.resumed_security_parameters.read_bulk_cipher_algorithm =
931 packed_session->data[pos++];
932 session->internals.resumed_security_parameters.read_mac_algorithm =
933 packed_session->data[pos++];
934 session->internals.resumed_security_parameters.read_compression_algorithm =
935 packed_session->data[pos++];
936 session->internals.resumed_security_parameters.write_bulk_cipher_algorithm =
937 packed_session->data[pos++];
938 session->internals.resumed_security_parameters.write_mac_algorithm =
939 packed_session->data[pos++];
940 session->internals.resumed_security_parameters.write_compression_algorithm =
941 packed_session->data[pos++];
942 session->internals.resumed_security_parameters.
943 current_cipher_suite.suite[0] = packed_session->data[pos++];
944 session->internals.resumed_security_parameters.
945 current_cipher_suite.suite[1] = packed_session->data[pos++];
946
947 session->internals.resumed_security_parameters.cert_type =
948 packed_session->data[pos++];
949 session->internals.resumed_security_parameters.version =
950 packed_session->data[pos++];
951
952 memcpy (session->internals.resumed_security_parameters.master_secret,
953 &packed_session->data[pos], TLS_MASTER_SIZE);
954 pos += TLS_MASTER_SIZE;
955
956 memcpy (session->internals.resumed_security_parameters.client_random,
957 &packed_session->data[pos], TLS_RANDOM_SIZE);
958 pos += TLS_RANDOM_SIZE;
959 memcpy (session->internals.resumed_security_parameters.server_random,
960 &packed_session->data[pos], TLS_RANDOM_SIZE);
961 pos += TLS_RANDOM_SIZE;
962
963 session->internals.resumed_security_parameters.session_id_size =
964 packed_session->data[pos++];
965 memcpy (session->internals.resumed_security_parameters.session_id,
966 &packed_session->data[pos],
967 session->internals.resumed_security_parameters.session_id_size);
968 pos += session->internals.resumed_security_parameters.session_id_size;
969
970 session->internals.resumed_security_parameters.timestamp =
971 MHD_gtls_read_uint32 (&packed_session->data[pos]);
972 pos += 4;
973
974 if (timestamp - session->internals.resumed_security_parameters.timestamp >
975 session->internals.expire_time
976 || session->internals.resumed_security_parameters.timestamp > timestamp)
977 {
978 MHD_gnutls_assert ();
979 return GNUTLS_E_EXPIRED;
980 }
981
982 /* Extensions */
983 session->internals.resumed_security_parameters.max_record_send_size =
984 MHD_gtls_read_uint16 (&packed_session->data[pos]);
985 pos += 2;
986
987 session->internals.resumed_security_parameters.max_record_recv_size =
988 MHD_gtls_read_uint16 (&packed_session->data[pos]);
989 pos += 2;
990
991
992 /* SRP */
993 len = packed_session->data[pos++]; /* srp username length */
994 memcpy (session->internals.resumed_security_parameters.
995 extensions.srp_username, &packed_session->data[pos], len);
996 session->internals.resumed_security_parameters.
997 extensions.srp_username[len] = 0;
998 pos += len;
999
1000 session->internals.resumed_security_parameters.
1001 extensions.server_names_size =
1002 MHD_gtls_read_uint16 (&packed_session->data[pos]);
1003 pos += 2;
1004 for (i = 0;
1005 i <
1006 session->internals.resumed_security_parameters.
1007 extensions.server_names_size; i++)
1008 {
1009 session->internals.resumed_security_parameters.
1010 extensions.server_names[i].type = packed_session->data[pos++];
1011 session->internals.resumed_security_parameters.
1012 extensions.server_names[i].name_length =
1013 MHD_gtls_read_uint16 (&packed_session->data[pos]);
1014 pos += 2;
1015
1016 memcpy (session->internals.resumed_security_parameters.
1017 extensions.server_names[i].name, &packed_session->data[pos],
1018 session->internals.resumed_security_parameters.
1019 extensions.server_names[i].name_length);
1020 pos +=
1021 session->internals.resumed_security_parameters.
1022 extensions.server_names[i].name_length;
1023 }
1024 return 0;
1025}
diff --git a/src/daemon/https/tls/gnutls_session_pack.h b/src/daemon/https/tls/gnutls_session_pack.h
deleted file mode 100644
index e327f71f..00000000
--- a/src/daemon/https/tls/gnutls_session_pack.h
+++ /dev/null
@@ -1,28 +0,0 @@
1/*
2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25int MHD_gtls_session_pack (MHD_gtls_session_t session,
26 MHD_gnutls_datum_t * packed_session);
27int MHD_gtls_session_unpack (MHD_gtls_session_t session,
28 const MHD_gnutls_datum_t * packed_session);
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c
index 0372b0f6..9d819b68 100644
--- a/src/daemon/https/tls/gnutls_state.c
+++ b/src/daemon/https/tls/gnutls_state.c
@@ -89,18 +89,6 @@ MHD_gnutls_kx_get (MHD_gtls_session_t session)
89} 89}
90 90
91/** 91/**
92 * MHD_gnutls_mac_get - Returns the currently used mac algorithm.
93 * @session: is a #MHD_gtls_session_t structure.
94 *
95 * Returns: the currently used mac algorithm.
96 **/
97enum MHD_GNUTLS_HashAlgorithm
98MHD_gnutls_mac_get (MHD_gtls_session_t session)
99{
100 return session->security_parameters.read_mac_algorithm;
101}
102
103/**
104 * MHD_gnutls_compression_get - Returns the currently used compression algorithm. 92 * MHD_gnutls_compression_get - Returns the currently used compression algorithm.
105 * @session: is a #MHD_gtls_session_t structure. 93 * @session: is a #MHD_gtls_session_t structure.
106 * 94 *
@@ -322,13 +310,6 @@ MHD__gnutls_init (MHD_gtls_session_t * session,
322 return 0; 310 return 0;
323} 311}
324 312
325/* returns RESUME_FALSE or RESUME_TRUE.
326 */
327int
328MHD_gtls_session_is_resumable (MHD_gtls_session_t session)
329{
330 return session->internals.resumable;
331}
332 313
333/** 314/**
334 * MHD__gnutls_deinit - This function clears all buffers associated with a session 315 * MHD__gnutls_deinit - This function clears all buffers associated with a session
@@ -607,29 +588,6 @@ MHD__gnutls_record_set_default_version (MHD_gtls_session_t session,
607 session->internals.default_record_version[1] = minor; 588 session->internals.default_record_version[1] = minor;
608} 589}
609 590
610/**
611 * MHD_gtls_handshake_set_private_extensions - Used to enable the private cipher suites
612 * @session: is a #MHD_gtls_session_t structure.
613 * @allow: is an integer (0 or 1)
614 *
615 * This function will enable or disable the use of private cipher
616 * suites (the ones that start with 0xFF). By default or if @allow
617 * is 0 then these cipher suites will not be advertized nor used.
618 *
619 * Unless this function is called with the option to allow (1), then
620 * no compression algorithms, like LZO. That is because these
621 * algorithms are not yet defined in any RFC or even internet draft.
622 *
623 * Enabling the private ciphersuites when talking to other than
624 * gnutls servers and clients may cause interoperability problems.
625 **/
626void
627MHD_gtls_handshake_set_private_extensions (MHD_gtls_session_t session,
628 int allow)
629{
630 session->internals.enable_private = allow;
631}
632
633inline static int 591inline static int
634MHD__gnutls_cal_PRF_A (enum MHD_GNUTLS_HashAlgorithm algorithm, 592MHD__gnutls_cal_PRF_A (enum MHD_GNUTLS_HashAlgorithm algorithm,
635 const void *secret, 593 const void *secret,
@@ -834,208 +792,6 @@ MHD_gtls_PRF (MHD_gtls_session_t session,
834 792
835} 793}
836 794
837/**
838 * MHD__gnutls_prf_raw - access the TLS PRF directly
839 * @session: is a #MHD_gtls_session_t structure.
840 * @label_size: length of the @label variable.
841 * @label: label used in PRF computation, typically a short string.
842 * @seed_size: length of the @seed variable.
843 * @seed: optional extra data to seed the PRF with.
844 * @outsize: size of pre-allocated output buffer to hold the output.
845 * @out: pre-allocate buffer to hold the generated data.
846 *
847 * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
848 * on some data.
849 *
850 * The @label variable usually contain a string denoting the purpose
851 * for the generated data. The @seed usually contain data such as the
852 * client and server random, perhaps together with some additional
853 * data that is added to guarantee uniqueness of the output for a
854 * particular purpose.
855 *
856 * Because the output is not guaranteed to be unique for a particular
857 * session unless @seed include the client random and server random
858 * fields (the PRF would output the same data on another connection
859 * resumed from the first one), it is not recommended to use this
860 * function directly. The MHD__gnutls_prf() function seed the PRF with the
861 * client and server random fields directly, and is recommended if you
862 * want to generate pseudo random data unique for each session.
863 *
864 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
865 **/
866int
867MHD__gnutls_prf_raw (MHD_gtls_session_t session,
868 size_t label_size,
869 const char *label,
870 size_t seed_size, const char *seed, size_t outsize,
871 char *out)
872{
873 int ret;
874
875 ret = MHD_gtls_PRF (session, session->security_parameters.master_secret,
876 TLS_MASTER_SIZE, label, label_size, (opaque *) seed,
877 seed_size, outsize, out);
878
879 return ret;
880}
881
882/**
883 * MHD__gnutls_prf - derive pseudo-random data using the TLS PRF
884 * @session: is a #MHD_gtls_session_t structure.
885 * @label_size: length of the @label variable.
886 * @label: label used in PRF computation, typically a short string.
887 * @server_random_first: non-0 if server random field should be first in seed
888 * @extra_size: length of the @extra variable.
889 * @extra: optional extra data to seed the PRF with.
890 * @outsize: size of pre-allocated output buffer to hold the output.
891 * @out: pre-allocate buffer to hold the generated data.
892 *
893 * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
894 * on some data, seeded with the client and server random fields.
895 *
896 * The @label variable usually contain a string denoting the purpose
897 * for the generated data. The @server_random_first indicate whether
898 * the client random field or the server random field should be first
899 * in the seed. Non-0 indicate that the server random field is first,
900 * 0 that the client random field is first.
901 *
902 * The @extra variable can be used to add more data to the seed, after
903 * the random variables. It can be used to tie make sure the
904 * generated output is strongly connected to some additional data
905 * (e.g., a string used in user authentication).
906 *
907 * The output is placed in *@OUT, which must be pre-allocated.
908 *
909 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
910 **/
911int
912MHD__gnutls_prf (MHD_gtls_session_t session,
913 size_t label_size,
914 const char *label,
915 int server_random_first,
916 size_t extra_size, const char *extra, size_t outsize,
917 char *out)
918{
919 int ret;
920 opaque *seed;
921 size_t seedsize = 2 * TLS_RANDOM_SIZE + extra_size;
922
923 seed = MHD_gnutls_malloc (seedsize);
924 if (!seed)
925 {
926 MHD_gnutls_assert ();
927 return GNUTLS_E_MEMORY_ERROR;
928 }
929
930 memcpy (seed,
931 server_random_first ? session->security_parameters.server_random
932 : session->security_parameters.client_random, TLS_RANDOM_SIZE);
933 memcpy (seed + TLS_RANDOM_SIZE,
934 server_random_first ? session->security_parameters.client_random
935 : session->security_parameters.server_random, TLS_RANDOM_SIZE);
936
937 memcpy (seed + 2 * TLS_RANDOM_SIZE, extra, extra_size);
938
939 ret = MHD_gtls_PRF (session, session->security_parameters.master_secret,
940 TLS_MASTER_SIZE, label, label_size, seed, seedsize,
941 outsize, out);
942
943 MHD_gnutls_free (seed);
944
945 return ret;
946}
947
948/**
949 * MHD_gtls_session_get_client_random - get the session's client random value
950 * @session: is a #MHD_gtls_session_t structure.
951 *
952 * Return a pointer to the 32-byte client random field used in the
953 * session. The pointer must not be modified or deallocated.
954 *
955 * If a client random value has not yet been established, the output
956 * will be garbage; in particular, a %NULL return value should not be
957 * expected.
958 *
959 * Returns: pointer to client random data.
960 **/
961const void *
962MHD_gtls_session_get_client_random (MHD_gtls_session_t session)
963{
964 return (char *) session->security_parameters.client_random;
965}
966
967/**
968 * MHD_gtls_session_get_server_random - get the session's server random value
969 * @session: is a #MHD_gtls_session_t structure.
970 *
971 * Return a pointer to the 32-byte server random field used in the
972 * session. The pointer must not be modified or deallocated.
973 *
974 * If a server random value has not yet been established, the output
975 * will be garbage; in particular, a %NULL return value should not be
976 * expected.
977 *
978 * Returns: pointer to server random data.
979 **/
980const void *
981MHD_gtls_session_get_server_random (MHD_gtls_session_t session)
982{
983 return (char *) session->security_parameters.server_random;
984}
985
986/**
987 * MHD_gtls_session_get_master_secret - get the session's master secret value
988 * @session: is a #MHD_gtls_session_t structure.
989 *
990 * Return a pointer to the 48-byte master secret in the session. The
991 * pointer must not be modified or deallocated.
992 *
993 * If a master secret value has not yet been established, the output
994 * will be garbage; in particular, a %NULL return value should not be
995 * expected.
996 *
997 * Consider using MHD__gnutls_prf() rather than extracting the master
998 * secret and use it to derive further data.
999 *
1000 * Returns: pointer to master secret data.
1001 **/
1002const void *
1003MHD_gtls_session_get_master_secret (MHD_gtls_session_t session)
1004{
1005 return (char *) session->security_parameters.master_secret;
1006}
1007
1008/**
1009 * MHD_gtls_session_is_resumed - Used to check whether this session is a resumed one
1010 * @session: is a #MHD_gtls_session_t structure.
1011 *
1012 * Returns: non zero if this session is resumed, or a zero if this is
1013 * a new session.
1014 **/
1015int
1016MHD_gtls_session_is_resumed (MHD_gtls_session_t session)
1017{
1018#if MHD_DEBUG_TLS
1019 if (session->security_parameters.entity == GNUTLS_CLIENT)
1020 {
1021 if (session->security_parameters.session_id_size > 0
1022 && session->security_parameters.session_id_size
1023 == session->internals.resumed_security_parameters.session_id_size
1024 && memcmp (session->security_parameters.session_id,
1025 session->internals.
1026 resumed_security_parameters.session_id,
1027 session->security_parameters.session_id_size) == 0)
1028 return 1;
1029 }
1030 else
1031#endif
1032 {
1033 if (session->internals.resumed == RESUME_TRUE)
1034 return 1;
1035 }
1036
1037 return 0;
1038}
1039 795
1040/*- 796/*-
1041 * MHD_gtls_session_is_export - Used to check whether this session is of export grade 797 * MHD_gtls_session_is_export - Used to check whether this session is of export grade
@@ -1060,34 +816,6 @@ MHD_gtls_session_is_export (MHD_gtls_session_t session)
1060} 816}
1061 817
1062/** 818/**
1063 * MHD_gtls_session_get_ptr - Used to get the user pointer from the session structure
1064 * @session: is a #MHD_gtls_session_t structure.
1065 *
1066 * Returns: the user given pointer from the session structure. This
1067 * is the pointer set with MHD__gnutls_session_set_ptr().
1068 **/
1069void *
1070MHD_gtls_session_get_ptr (MHD_gtls_session_t session)
1071{
1072 return session->internals.user_ptr;
1073}
1074
1075/**
1076 * MHD__gnutls_session_set_ptr - Used to set the user pointer to the session structure
1077 * @session: is a #MHD_gtls_session_t structure.
1078 * @ptr: is the user pointer
1079 *
1080 * This function will set (associate) the user given pointer to the
1081 * session structure. This is pointer can be accessed with
1082 * MHD_gtls_session_get_ptr().
1083 **/
1084void
1085MHD__gnutls_session_set_ptr (MHD_gtls_session_t session, void *ptr)
1086{
1087 session->internals.user_ptr = ptr;
1088}
1089
1090/**
1091 * MHD__gnutls_record_get_direction - This function will return the direction of the last interrupted function call 819 * MHD__gnutls_record_get_direction - This function will return the direction of the last interrupted function call
1092 * @session: is a #MHD_gtls_session_t structure. 820 * @session: is a #MHD_gtls_session_t structure.
1093 * 821 *
@@ -1110,52 +838,3 @@ MHD__gnutls_record_get_direction (MHD_gtls_session_t session)
1110 return session->internals.direction; 838 return session->internals.direction;
1111} 839}
1112 840
1113/*-
1114 * MHD__gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS
1115 * @session: is a #MHD_gtls_session_t structure.
1116 * @major: is the major version to use
1117 * @minor: is the minor version to use
1118 *
1119 * This function will set the given version number to be used at the
1120 * RSA PMS secret. This is only useful to clients, which want to
1121 * test server's capabilities.
1122 *
1123 -*/
1124void
1125MHD__gnutls_rsa_pms_set_version (MHD_gtls_session_t session,
1126 unsigned char major, unsigned char minor)
1127{
1128 session->internals.rsa_pms_version[0] = major;
1129 session->internals.rsa_pms_version[1] = minor;
1130}
1131
1132/**
1133 * MHD__gnutls_handshake_set_post_client_hello_function - This function will a callback to be called after the client hello is received
1134 * @res: is a MHD_gtls_anon_server_credentials_t structure
1135 * @func: is the function to be called
1136 *
1137 * This function will set a callback to be called after the client
1138 * hello has been received (callback valid in server side only). This
1139 * allows the server to adjust settings based on received extensions.
1140 *
1141 * Those settings could be ciphersuites, requesting certificate, or
1142 * anything else except for version negotiation (this is done before
1143 * the hello message is parsed).
1144 *
1145 * This callback must return 0 on success or a gnutls error code to
1146 * terminate the handshake.
1147 *
1148 * NOTE: You should not use this function to terminate the handshake
1149 * based on client input unless you know what you are doing. Before
1150 * the handshake is finished there is no way to know if there is a
1151 * man-in-the-middle attack being performed.
1152 *
1153 **/
1154void
1155MHD__gnutls_handshake_set_post_client_hello_function (MHD_gtls_session_t
1156 session,
1157 MHD_gnutls_handshake_post_client_hello_func
1158 func)
1159{
1160 session->internals.user_hello_func = func;
1161}
diff --git a/src/daemon/https/tls/gnutls_str.c b/src/daemon/https/tls/gnutls_str.c
index 4fc4174b..4f123217 100644
--- a/src/daemon/https/tls/gnutls_str.c
+++ b/src/daemon/https/tls/gnutls_str.c
@@ -73,24 +73,6 @@ MHD_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src)
73} 73}
74 74
75void 75void
76MHD_gtls_mem_cpy (char *dest,
77 size_t dest_tot_size, const char *src, size_t src_size)
78{
79
80 if (dest_tot_size >= src_size)
81 {
82 memcpy (dest, src, src_size);
83 }
84 else
85 {
86 if (dest_tot_size > 0)
87 {
88 memcpy (dest, src, dest_tot_size);
89 }
90 }
91}
92
93void
94MHD_gtls_string_init (MHD_gtls_string * str, 76MHD_gtls_string_init (MHD_gtls_string * str,
95 MHD_gnutls_alloc_function alloc_func, 77 MHD_gnutls_alloc_function alloc_func,
96 MHD_gnutls_realloc_function realloc_func, 78 MHD_gnutls_realloc_function realloc_func,
@@ -117,83 +99,8 @@ MHD_gtls_string_clear (MHD_gtls_string * str)
117 str->length = 0; 99 str->length = 0;
118} 100}
119 101
120/* This one does not copy the string.
121 */
122MHD_gnutls_datum_t
123MHD_gtls_string2datum (MHD_gtls_string * str)
124{
125 MHD_gnutls_datum_t ret;
126
127 ret.data = str->data;
128 ret.size = str->length;
129
130 return ret;
131}
132
133#define MIN_CHUNK 256 102#define MIN_CHUNK 256
134 103
135int
136MHD_gtls_string_copy_str (MHD_gtls_string * dest, const char *src)
137{
138 size_t src_len = strlen (src);
139 size_t max;
140 if (dest->max_length >= src_len)
141 {
142 memcpy (dest->data, src, src_len);
143 dest->length = src_len;
144
145 return src_len;
146 }
147 else
148 {
149 max = (src_len > MIN_CHUNK) ? src_len : MIN_CHUNK;
150 dest->data = dest->realloc_func (dest->data, max);
151 if (dest->data == NULL)
152 {
153 MHD_gnutls_assert ();
154 return GNUTLS_E_MEMORY_ERROR;
155 }
156 dest->max_length = MAX (MIN_CHUNK, src_len);
157
158 memcpy (dest->data, src, src_len);
159 dest->length = src_len;
160
161 return src_len;
162 }
163}
164
165int
166MHD_gtls_string_append_str (MHD_gtls_string * dest, const char *src)
167{
168 size_t src_len = strlen (src);
169 size_t tot_len = src_len + dest->length;
170
171 if (dest->max_length >= tot_len)
172 {
173 memcpy (&dest->data[dest->length], src, src_len);
174 dest->length = tot_len;
175
176 return tot_len;
177 }
178 else
179 {
180 size_t new_len =
181 MAX (src_len, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK);
182
183 dest->data = dest->realloc_func (dest->data, new_len);
184 if (dest->data == NULL)
185 {
186 MHD_gnutls_assert ();
187 return GNUTLS_E_MEMORY_ERROR;
188 }
189 dest->max_length = new_len;
190
191 memcpy (&dest->data[dest->length], src, src_len);
192 dest->length = tot_len;
193
194 return tot_len;
195 }
196}
197 104
198int 105int
199MHD_gtls_string_append_data (MHD_gtls_string * dest, 106MHD_gtls_string_append_data (MHD_gtls_string * dest,
@@ -249,39 +156,3 @@ MHD_gtls_bin2hex (const void *_old,
249 return buffer; 156 return buffer;
250} 157}
251 158
252/* just a hex2bin function.
253 */
254int
255MHD_gtls_hex2bin (const opaque * hex_data,
256 int hex_size, opaque * bin_data, size_t * bin_size)
257{
258 int i, j;
259 opaque hex2_data[3];
260 unsigned long val;
261
262 /* FIXME: we don't handle whitespace.
263 */
264 hex_size /= 2;
265
266 if (*bin_size < (size_t) hex_size)
267 {
268 MHD_gnutls_assert ();
269 return GNUTLS_E_SHORT_MEMORY_BUFFER;
270 }
271
272 for (i = j = 0; j < hex_size; i += 2, j++)
273 {
274 hex2_data[0] = hex_data[i];
275 hex2_data[1] = hex_data[i + 1];
276 hex2_data[2] = 0;
277 val = strtoul ((char *) hex2_data, NULL, 16);
278 if (val == ULONG_MAX)
279 {
280 MHD_gnutls_assert ();
281 return GNUTLS_E_SRP_PWD_PARSING_ERROR;
282 }
283 bin_data[j] = val;
284 }
285
286 return 0;
287}
diff --git a/src/daemon/https/tls/gnutls_str.h b/src/daemon/https/tls/gnutls_str.h
index befa957e..51ed1bd1 100644
--- a/src/daemon/https/tls/gnutls_str.h
+++ b/src/daemon/https/tls/gnutls_str.h
@@ -28,8 +28,6 @@
28#include <gnutls_int.h> 28#include <gnutls_int.h>
29 29
30void MHD_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src); 30void MHD_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src);
31void MHD_gtls_mem_cpy (char *dest, size_t dest_tot_size, const char *src,
32 size_t src_size);
33void MHD_gtls_str_cat (char *dest, size_t dest_tot_size, const char *src); 31void MHD_gtls_str_cat (char *dest, size_t dest_tot_size, const char *src);
34 32
35typedef struct 33typedef struct
@@ -47,18 +45,9 @@ void MHD_gtls_string_init (MHD_gtls_string *, MHD_gnutls_alloc_function,
47 MHD_gnutls_free_function); 45 MHD_gnutls_free_function);
48void MHD_gtls_string_clear (MHD_gtls_string *); 46void MHD_gtls_string_clear (MHD_gtls_string *);
49 47
50/* Beware, do not clear the string, after calling this
51 * function
52 */
53MHD_gnutls_datum_t MHD_gtls_string2datum (MHD_gtls_string * str);
54
55int MHD_gtls_string_copy_str (MHD_gtls_string * dest, const char *src);
56int MHD_gtls_string_append_str (MHD_gtls_string *, const char *str);
57int MHD_gtls_string_append_data (MHD_gtls_string *, const void *data, 48int MHD_gtls_string_append_data (MHD_gtls_string *, const void *data,
58 size_t data_size); 49 size_t data_size);
59char *MHD_gtls_bin2hex (const void *old, size_t oldlen, char *buffer, 50char *MHD_gtls_bin2hex (const void *old, size_t oldlen, char *buffer,
60 size_t buffer_size); 51 size_t buffer_size);
61int MHD_gtls_hex2bin (const opaque * hex_data, int hex_size,
62 opaque * bin_data, size_t * bin_size);
63 52
64#endif 53#endif
diff --git a/src/daemon/https/tls/gnutls_supplemental.c b/src/daemon/https/tls/gnutls_supplemental.c
index 0419917c..3b9641d4 100644
--- a/src/daemon/https/tls/gnutls_supplemental.c
+++ b/src/daemon/https/tls/gnutls_supplemental.c
@@ -67,18 +67,6 @@ MHD_gnutls_supplemental_entry MHD__gnutls_supplemental[] = {
67 {0, 0, 0, 0} 67 {0, 0, 0, 0}
68}; 68};
69 69
70const char *
71MHD_gtls_supplemental_get_name (MHD_gnutls_supplemental_data_format_type_t
72 type)
73{
74 MHD_gnutls_supplemental_entry *p;
75
76 for (p = MHD__gnutls_supplemental; p->name != NULL; p++)
77 if (p->type == type)
78 return p->name;
79
80 return NULL;
81}