diff options
author | Christian Grothoff <christian@grothoff.org> | 2008-11-16 08:46:25 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2008-11-16 08:46:25 +0000 |
commit | 570589f3f14045a51dd3e30a6f140bd45a4d0e1d (patch) | |
tree | 01f32d0bf9656ae4561768c46734083959b22aa2 | |
parent | 2d2199d702a434a3e58d672ad213586b5a856e7a (diff) | |
download | libmicrohttpd-570589f3f14045a51dd3e30a6f140bd45a4d0e1d.tar.gz libmicrohttpd-570589f3f14045a51dd3e30a6f140bd45a4d0e1d.zip |
more DCE
29 files changed, 1 insertions, 3086 deletions
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h index 74e62ef4..f779e1b9 100644 --- a/src/daemon/https/gnutls.h +++ b/src/daemon/https/gnutls.h | |||
@@ -239,48 +239,15 @@ extern "C" | |||
239 | 239 | ||
240 | enum MHD_GNUTLS_CompressionMethod | 240 | enum MHD_GNUTLS_CompressionMethod |
241 | MHD_gtls_compression_get (MHD_gtls_session_t session); | 241 | MHD_gtls_compression_get (MHD_gtls_session_t session); |
242 | // enum MHD_GNUTLS_CipherAlgorithm MHD_gnutls_cipher_get (MHD_gtls_session_t session); | ||
243 | // enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gnutls_kx_get (MHD_gtls_session_t session); | ||
244 | // enum MHD_GNUTLS_HashAlgorithm MHD_gnutls_mac_get (MHD_gtls_session_t session); | ||
245 | // enum MHD_GNUTLS_CertificateType MHD_gnutls_certificate_type_get (MHD_gtls_session_t | ||
246 | // session); | ||
247 | |||
248 | size_t MHD__gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm | 242 | size_t MHD__gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm |
249 | algorithm); | 243 | algorithm); |
250 | size_t MHD__gnutls_mac_get_key_size (enum MHD_GNUTLS_HashAlgorithm | ||
251 | algorithm); | ||
252 | 244 | ||
253 | /* the name of the specified algorithms */ | 245 | /* the name of the specified algorithms */ |
254 | const char *MHD__gnutls_cipher_get_name (enum MHD_GNUTLS_CipherAlgorithm | ||
255 | algorithm); | ||
256 | const char *MHD__gnutls_mac_get_name (enum MHD_GNUTLS_HashAlgorithm | ||
257 | algorithm); | ||
258 | const char *MHD_gtls_compression_get_name (enum | 246 | const char *MHD_gtls_compression_get_name (enum |
259 | MHD_GNUTLS_CompressionMethod | 247 | MHD_GNUTLS_CompressionMethod |
260 | algorithm); | 248 | algorithm); |
261 | const char *MHD__gnutls_kx_get_name (enum MHD_GNUTLS_KeyExchangeAlgorithm | ||
262 | algorithm); | ||
263 | const char *MHD__gnutls_certificate_type_get_name (enum | ||
264 | MHD_GNUTLS_CertificateType | ||
265 | type); | ||
266 | |||
267 | enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name); | ||
268 | enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get_id (const char | 249 | enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get_id (const char |
269 | *name); | 250 | *name); |
270 | enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name); | ||
271 | enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char *name); | ||
272 | enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char *name); | ||
273 | enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char | ||
274 | *name); | ||
275 | |||
276 | /* list supported algorithms */ | ||
277 | const enum MHD_GNUTLS_CipherAlgorithm *MHD_gtls_cipher_list (void); | ||
278 | const enum MHD_GNUTLS_HashAlgorithm *MHD_gtls_mac_list (void); | ||
279 | const enum MHD_GNUTLS_CompressionMethod *MHD_gtls_compression_list (void); | ||
280 | const enum MHD_GNUTLS_Protocol *MHD_gtls_protocol_list (void); | ||
281 | const enum MHD_GNUTLS_CertificateType | ||
282 | *MHD_gtls_certificate_type_list (void); | ||
283 | const enum MHD_GNUTLS_KeyExchangeAlgorithm *MHD_gtls_kx_list (void); | ||
284 | 251 | ||
285 | /* error functions */ | 252 | /* error functions */ |
286 | int MHD_gtls_error_is_fatal (int error); | 253 | int MHD_gtls_error_is_fatal (int error); |
@@ -288,8 +255,6 @@ extern "C" | |||
288 | void MHD_gtls_perror (int error); | 255 | void MHD_gtls_perror (int error); |
289 | const char *MHD_gtls_strerror (int error); | 256 | const char *MHD_gtls_strerror (int error); |
290 | 257 | ||
291 | void MHD_gtls_handshake_set_private_extensions (MHD_gtls_session_t session, | ||
292 | int allow); | ||
293 | /* | 258 | /* |
294 | * Record layer functions. | 259 | * Record layer functions. |
295 | */ | 260 | */ |
@@ -299,25 +264,7 @@ extern "C" | |||
299 | size_t sizeofdata); | 264 | size_t sizeofdata); |
300 | 265 | ||
301 | /* provides extra compatibility */ | 266 | /* provides extra compatibility */ |
302 | void MHD_gtls_record_disable_padding (MHD_gtls_session_t session); | ||
303 | size_t MHD_gtls_record_check_pending (MHD_gtls_session_t session); | ||
304 | |||
305 | int MHD__gnutls_record_get_direction (MHD_gtls_session_t session); | 267 | int MHD__gnutls_record_get_direction (MHD_gtls_session_t session); |
306 | size_t MHD__gnutls_record_get_max_size (MHD_gtls_session_t session); | ||
307 | ssize_t MHD__gnutls_record_set_max_size (MHD_gtls_session_t session, | ||
308 | size_t size); | ||
309 | |||
310 | |||
311 | int MHD__gnutls_prf (MHD_gtls_session_t session, | ||
312 | size_t label_size, const char *label, | ||
313 | int server_random_first, | ||
314 | size_t extra_size, const char *extra, | ||
315 | size_t outsize, char *out); | ||
316 | |||
317 | int MHD__gnutls_prf_raw (MHD_gtls_session_t session, | ||
318 | size_t label_size, const char *label, | ||
319 | size_t seed_size, const char *seed, | ||
320 | size_t outsize, char *out); | ||
321 | 268 | ||
322 | /* | 269 | /* |
323 | * TLS Extensions | 270 | * TLS Extensions |
@@ -327,22 +274,10 @@ extern "C" | |||
327 | GNUTLS_NAME_DNS = 1 | 274 | GNUTLS_NAME_DNS = 1 |
328 | } MHD_gnutls_server_name_type_t; | 275 | } MHD_gnutls_server_name_type_t; |
329 | 276 | ||
330 | int MHD__gnutls_server_name_set (MHD_gtls_session_t session, | ||
331 | MHD_gnutls_server_name_type_t type, | ||
332 | const void *name, size_t name_length); | ||
333 | |||
334 | int MHD__gnutls_server_name_get (MHD_gtls_session_t session, | ||
335 | void *data, size_t * data_length, | ||
336 | unsigned int *type, unsigned int indx); | ||
337 | |||
338 | /* Opaque PRF Input | 277 | /* Opaque PRF Input |
339 | * http://tools.ietf.org/id/draft-rescorla-tls-opaque-prf-input-00.txt | 278 | * http://tools.ietf.org/id/draft-rescorla-tls-opaque-prf-input-00.txt |
340 | */ | 279 | */ |
341 | 280 | ||
342 | void | ||
343 | MHD_gtls_oprfi_enable_client (MHD_gtls_session_t session, | ||
344 | size_t len, unsigned char *data); | ||
345 | |||
346 | typedef int (*MHD_gnutls_oprfi_callback_func) (MHD_gtls_session_t session, | 281 | typedef int (*MHD_gnutls_oprfi_callback_func) (MHD_gtls_session_t session, |
347 | void *userdata, | 282 | void *userdata, |
348 | size_t oprfi_len, | 283 | size_t oprfi_len, |
@@ -350,32 +285,12 @@ extern "C" | |||
350 | *in_oprfi, | 285 | *in_oprfi, |
351 | unsigned char *out_oprfi); | 286 | unsigned char *out_oprfi); |
352 | 287 | ||
353 | void | ||
354 | MHD_gtls_oprfi_enable_server (MHD_gtls_session_t session, | ||
355 | MHD_gnutls_oprfi_callback_func cb, | ||
356 | void *userdata); | ||
357 | |||
358 | /* Supplemental data, RFC 4680. */ | 288 | /* Supplemental data, RFC 4680. */ |
359 | typedef enum | 289 | typedef enum |
360 | { | 290 | { |
361 | GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0 | 291 | GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0 |
362 | } MHD_gnutls_supplemental_data_format_type_t; | 292 | } MHD_gnutls_supplemental_data_format_type_t; |
363 | 293 | ||
364 | const char *MHD_gtls_supplemental_get_name | ||
365 | (MHD_gnutls_supplemental_data_format_type_t type); | ||
366 | |||
367 | int MHD__gnutls_cipher_set_priority (MHD_gtls_session_t session, | ||
368 | const int *list); | ||
369 | int MHD__gnutls_mac_set_priority (MHD_gtls_session_t session, | ||
370 | const int *list); | ||
371 | int MHD__gnutls_compression_set_priority (MHD_gtls_session_t session, | ||
372 | const int *list); | ||
373 | int MHD__gnutls_kx_set_priority (MHD_gtls_session_t session, | ||
374 | const int *list); | ||
375 | int MHD__gnutls_protocol_set_priority (MHD_gtls_session_t session, | ||
376 | const int *list); | ||
377 | int MHD__gnutls_certificate_type_set_priority (MHD_gtls_session_t session, | ||
378 | const int *list); | ||
379 | 294 | ||
380 | int MHD_tls_set_default_priority (MHD_gnutls_priority_t *, | 295 | int MHD_tls_set_default_priority (MHD_gnutls_priority_t *, |
381 | const char *priority, | 296 | const char *priority, |
@@ -392,38 +307,8 @@ extern "C" | |||
392 | enum MHD_GNUTLS_Protocol | 307 | enum MHD_GNUTLS_Protocol |
393 | MHD__gnutls_protocol_get_version (MHD_gtls_session_t session); | 308 | MHD__gnutls_protocol_get_version (MHD_gtls_session_t session); |
394 | 309 | ||
395 | const char *MHD__gnutls_protocol_get_name (enum MHD_GNUTLS_Protocol | ||
396 | version); | ||
397 | |||
398 | /* | ||
399 | * get/set session | ||
400 | */ | ||
401 | // int MHD_gnutls_session_set_data (MHD_gtls_session_t session, | ||
402 | // const void *session_data, | ||
403 | // size_t session_data_size); | ||
404 | // int MHD_gnutls_session_get_data (MHD_gtls_session_t session, void *session_data, | ||
405 | // size_t * session_data_size); | ||
406 | // int MHD_gnutls_session_get_data2 (MHD_gtls_session_t session, | ||
407 | // MHD_gnutls_datum_t * data); | ||
408 | |||
409 | int MHD_gtls_session_get_id (MHD_gtls_session_t session, void *session_id, | ||
410 | size_t * session_id_size); | ||
411 | |||
412 | /* returns security values. | ||
413 | * Do not use them unless you know what you're doing. | ||
414 | */ | ||
415 | const void *MHD_gtls_session_get_server_random (MHD_gtls_session_t session); | ||
416 | const void *MHD_gtls_session_get_client_random (MHD_gtls_session_t session); | ||
417 | const void *MHD_gtls_session_get_master_secret (MHD_gtls_session_t session); | ||
418 | |||
419 | int MHD_gtls_session_is_resumed (MHD_gtls_session_t session); | ||
420 | |||
421 | typedef | 310 | typedef |
422 | int (*MHD_gnutls_handshake_post_client_hello_func) (MHD_gtls_session_t); | 311 | int (*MHD_gnutls_handshake_post_client_hello_func) (MHD_gtls_session_t); |
423 | void | ||
424 | MHD__gnutls_handshake_set_post_client_hello_function (MHD_gtls_session_t, | ||
425 | MHD_gnutls_handshake_post_client_hello_func); | ||
426 | |||
427 | void MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t | 312 | void MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t |
428 | session, size_t max); | 313 | session, size_t max); |
429 | 314 | ||
@@ -490,17 +375,6 @@ extern "C" | |||
490 | struct MHD_gnutls_x509_crt_int; | 375 | struct MHD_gnutls_x509_crt_int; |
491 | typedef struct MHD_gnutls_x509_crt_int *MHD_gnutls_x509_crt_t; | 376 | typedef struct MHD_gnutls_x509_crt_int *MHD_gnutls_x509_crt_t; |
492 | 377 | ||
493 | // int MHD_gnutls_certificate_set_x509_key (MHD_gtls_cert_credentials_t res, | ||
494 | // MHD_gnutls_x509_crt_t * cert_list, | ||
495 | // int cert_list_size, | ||
496 | // MHD_gnutls_x509_privkey_t key); | ||
497 | // int MHD_gnutls_certificate_set_x509_trust (MHD_gtls_cert_credentials_t res, | ||
498 | // MHD_gnutls_x509_crt_t * ca_list, | ||
499 | // int ca_list_size); | ||
500 | // int MHD_gnutls_certificate_set_x509_crl (MHD_gtls_cert_credentials_t res, | ||
501 | // MHD_gnutls_x509_crl_t * crl_list, | ||
502 | // int crl_list_size); | ||
503 | |||
504 | /* global state functions | 378 | /* global state functions |
505 | */ | 379 | */ |
506 | 380 | ||
@@ -518,8 +392,6 @@ extern "C" | |||
518 | extern MHD_gnutls_calloc_function MHD_gnutls_calloc; | 392 | extern MHD_gnutls_calloc_function MHD_gnutls_calloc; |
519 | extern MHD_gnutls_free_function MHD_gnutls_free; | 393 | extern MHD_gnutls_free_function MHD_gnutls_free; |
520 | 394 | ||
521 | extern char *(*MHD_gnutls_strdup) (const char *); | ||
522 | |||
523 | typedef void (*MHD_gnutls_log_func) (int, const char *); | 395 | typedef void (*MHD_gnutls_log_func) (int, const char *); |
524 | void MHD_gtls_global_set_log_function (MHD_gnutls_log_func log_func); | 396 | void MHD_gtls_global_set_log_function (MHD_gnutls_log_func log_func); |
525 | void MHD_gtls_global_set_log_level (int level); | 397 | void MHD_gtls_global_set_log_level (int level); |
@@ -549,10 +421,6 @@ extern "C" | |||
549 | const void *, size_t); | 421 | const void *, size_t); |
550 | void MHD__gnutls_transport_set_ptr (MHD_gtls_session_t session, | 422 | void MHD__gnutls_transport_set_ptr (MHD_gtls_session_t session, |
551 | MHD_gnutls_transport_ptr_t ptr); | 423 | MHD_gnutls_transport_ptr_t ptr); |
552 | void MHD__gnutls_transport_set_ptr2 (MHD_gtls_session_t session, | ||
553 | MHD_gnutls_transport_ptr_t recv_ptr, | ||
554 | MHD_gnutls_transport_ptr_t send_ptr); | ||
555 | |||
556 | void MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num); | 424 | void MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num); |
557 | 425 | ||
558 | 426 | ||
@@ -561,15 +429,6 @@ extern "C" | |||
561 | void MHD__gnutls_transport_set_pull_function (MHD_gtls_session_t session, | 429 | void MHD__gnutls_transport_set_pull_function (MHD_gtls_session_t session, |
562 | MHD_gtls_pull_func pull_func); | 430 | MHD_gtls_pull_func pull_func); |
563 | 431 | ||
564 | void MHD__gnutls_transport_set_errno (MHD_gtls_session_t session, int err); | ||
565 | void MHD__gnutls_transport_set_global_errno (int err); | ||
566 | |||
567 | /* | ||
568 | * session specific | ||
569 | */ | ||
570 | void MHD__gnutls_session_set_ptr (MHD_gtls_session_t session, void *ptr); | ||
571 | void *MHD_gtls_session_get_ptr (MHD_gtls_session_t session); | ||
572 | |||
573 | typedef enum MHD_gnutls_x509_subject_alt_name_t | 432 | typedef enum MHD_gnutls_x509_subject_alt_name_t |
574 | { | 433 | { |
575 | GNUTLS_SAN_DNSNAME = 1, | 434 | GNUTLS_SAN_DNSNAME = 1, |
@@ -620,11 +479,6 @@ extern "C" | |||
620 | */ | 479 | */ |
621 | enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_get_type (MHD_gtls_session_t | 480 | enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_get_type (MHD_gtls_session_t |
622 | session); | 481 | session); |
623 | enum MHD_GNUTLS_CredentialsType | ||
624 | MHD_gtls_auth_server_get_type (MHD_gtls_session_t session); | ||
625 | enum MHD_GNUTLS_CredentialsType | ||
626 | MHD_gtls_auth_client_get_type (MHD_gtls_session_t session); | ||
627 | |||
628 | /* | 482 | /* |
629 | * DH | 483 | * DH |
630 | */ | 484 | */ |
@@ -640,25 +494,6 @@ extern "C" | |||
640 | const MHD_gnutls_datum_t * hash, | 494 | const MHD_gnutls_datum_t * hash, |
641 | MHD_gnutls_datum_t * signature); | 495 | MHD_gnutls_datum_t * signature); |
642 | 496 | ||
643 | void MHD_gtls_sign_callback_set (MHD_gtls_session_t session, | ||
644 | MHD_gnutls_sign_func sign_func, | ||
645 | void *userdata); | ||
646 | MHD_gnutls_sign_func MHD_gtls_sign_callback_get (MHD_gtls_session_t session, | ||
647 | void **userdata); | ||
648 | |||
649 | /* These are set on the credentials structure. | ||
650 | */ | ||
651 | void MHD_gtls_certificate_client_set_retrieve_function | ||
652 | (MHD_gtls_cert_credentials_t cred, | ||
653 | MHD_gnutls_certificate_client_retrieve_function * func); | ||
654 | void MHD_gtls_certificate_server_set_retrieve_function | ||
655 | (MHD_gtls_cert_credentials_t cred, | ||
656 | MHD_gnutls_certificate_server_retrieve_function * func); | ||
657 | |||
658 | void MHD_gtls_certificate_server_set_request (MHD_gtls_session_t session, | ||
659 | MHD_gnutls_certificate_request_t | ||
660 | req); | ||
661 | |||
662 | int MHD_gtls_pem_base64_encode (const char *msg, | 497 | int MHD_gtls_pem_base64_encode (const char *msg, |
663 | const MHD_gnutls_datum_t * data, | 498 | const MHD_gnutls_datum_t * data, |
664 | char *result, size_t * result_size); | 499 | char *result, size_t * result_size); |
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am index 77dee4a4..6902fd9b 100644 --- a/src/daemon/https/tls/Makefile.am +++ b/src/daemon/https/tls/Makefile.am | |||
@@ -54,8 +54,6 @@ gnutls_pk.c \ | |||
54 | gnutls_priority.c \ | 54 | gnutls_priority.c \ |
55 | gnutls_record.c \ | 55 | gnutls_record.c \ |
56 | gnutls_rsa_export.c \ | 56 | gnutls_rsa_export.c \ |
57 | gnutls_session.c \ | ||
58 | gnutls_session_pack.c \ | ||
59 | gnutls_sig.c \ | 57 | gnutls_sig.c \ |
60 | gnutls_state.c \ | 58 | gnutls_state.c \ |
61 | gnutls_str.c \ | 59 | gnutls_str.c \ |
@@ -97,7 +95,6 @@ gnutls_num.h \ | |||
97 | gnutls_pk.h \ | 95 | gnutls_pk.h \ |
98 | gnutls_record.h \ | 96 | gnutls_record.h \ |
99 | gnutls_rsa_export.h \ | 97 | gnutls_rsa_export.h \ |
100 | gnutls_session_pack.h \ | ||
101 | gnutls_sig.h \ | 98 | gnutls_sig.h \ |
102 | gnutls_state.h \ | 99 | gnutls_state.h \ |
103 | gnutls_str.h \ | 100 | gnutls_str.h \ |
diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c index d0191f24..7b04e9d4 100644 --- a/src/daemon/https/tls/auth_cert.c +++ b/src/daemon/https/tls/auth_cert.c | |||
@@ -639,7 +639,7 @@ MHD_gtls_gen_cert_server_certificate (MHD_gtls_session_t session, | |||
639 | */ | 639 | */ |
640 | 640 | ||
641 | #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) MHD_gtls_gcert_deinit(&peer_certificate_list[x]) | 641 | #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) MHD_gtls_gcert_deinit(&peer_certificate_list[x]) |
642 | int | 642 | static int |
643 | MHD_gtls_proc_x509_server_certificate (MHD_gtls_session_t session, | 643 | MHD_gtls_proc_x509_server_certificate (MHD_gtls_session_t session, |
644 | opaque * data, size_t data_size) | 644 | opaque * data, size_t data_size) |
645 | { | 645 | { |
diff --git a/src/daemon/https/tls/debug.c b/src/daemon/https/tls/debug.c index a0a4953a..c1634515 100644 --- a/src/daemon/https/tls/debug.c +++ b/src/daemon/https/tls/debug.c | |||
@@ -94,14 +94,3 @@ MHD__gnutls_handshake2str (MHD_gnutls_handshake_description_t handshake) | |||
94 | } | 94 | } |
95 | } | 95 | } |
96 | 96 | ||
97 | void | ||
98 | MHD__gnutls_dump_mpi (const char *prefix, mpi_t a) | ||
99 | { | ||
100 | opaque buf[1024]; | ||
101 | size_t n = sizeof buf; | ||
102 | |||
103 | if (gcry_mpi_print (GCRYMPI_FMT_HEX, buf, n, &n, a)) | ||
104 | strcpy ((char *) buf, "[can't print value]"); /* Flawfinder: ignore */ | ||
105 | MHD__gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (n - 1) / 2, prefix, | ||
106 | buf); | ||
107 | } | ||
diff --git a/src/daemon/https/tls/debug.h b/src/daemon/https/tls/debug.h index 0ecce182..ba1f1006 100644 --- a/src/daemon/https/tls/debug.h +++ b/src/daemon/https/tls/debug.h | |||
@@ -25,4 +25,3 @@ | |||
25 | const char *MHD__gnutls_packet2str (content_type_t packet); | 25 | const char *MHD__gnutls_packet2str (content_type_t packet); |
26 | const char *MHD__gnutls_handshake2str (MHD_gnutls_handshake_description_t | 26 | const char *MHD__gnutls_handshake2str (MHD_gnutls_handshake_description_t |
27 | handshake); | 27 | handshake); |
28 | void MHD__gnutls_dump_mpi (const char *prefix, mpi_t a); | ||
diff --git a/src/daemon/https/tls/ext_oprfi.c b/src/daemon/https/tls/ext_oprfi.c index 8b245404..060155e4 100644 --- a/src/daemon/https/tls/ext_oprfi.c +++ b/src/daemon/https/tls/ext_oprfi.c | |||
@@ -215,52 +215,3 @@ MHD_gtls_oprfi_send_params (MHD_gtls_session_t session, | |||
215 | return oprfi_send_server (session, data, data_size); | 215 | return oprfi_send_server (session, data, data_size); |
216 | } | 216 | } |
217 | 217 | ||
218 | /** | ||
219 | * MHD_gtls_oprfi_enable_client: | ||
220 | * @session: is a #MHD_gtls_session_t structure. | ||
221 | * @len: length of Opaque PRF data to use in client. | ||
222 | * @data: Opaque PRF data to use in client. | ||
223 | * | ||
224 | * Request that the client should attempt to negotiate the Opaque PRF | ||
225 | * Input TLS extension, using the given data as the client's Opaque | ||
226 | * PRF input. | ||
227 | * | ||
228 | * The data is copied into the session context after this call, so you | ||
229 | * may de-allocate it immediately after calling this function. | ||
230 | **/ | ||
231 | void | ||
232 | MHD_gtls_oprfi_enable_client (MHD_gtls_session_t session, | ||
233 | size_t len, unsigned char *data) | ||
234 | { | ||
235 | session->security_parameters.extensions.oprfi_client_len = len; | ||
236 | session->security_parameters.extensions.oprfi_client = data; | ||
237 | } | ||
238 | |||
239 | /** | ||
240 | * MHD_gtls_oprfi_enable_server: | ||
241 | * @session: is a #MHD_gtls_session_t structure. | ||
242 | * @cb: function pointer to Opaque PRF extension server callback. | ||
243 | * @userdata: hook passed to callback function for passing application state. | ||
244 | * | ||
245 | * Request that the server should attempt to accept the Opaque PRF | ||
246 | * Input TLS extension. If the client requests the extension, the | ||
247 | * provided callback @cb will be invoked. The callback must have the | ||
248 | * following prototype: | ||
249 | * | ||
250 | * int callback (MHD_gtls_session_t session, void *userdata, | ||
251 | * size_t oprfi_len, const unsigned char *in_oprfi, | ||
252 | * unsigned char *out_oprfi); | ||
253 | * | ||
254 | * The callback can inspect the client-provided data in the input | ||
255 | * parameters, and specify its own opaque prf input data in the output | ||
256 | * variable. The function must return 0 on success, otherwise the | ||
257 | * handshake will be aborted. | ||
258 | **/ | ||
259 | void | ||
260 | MHD_gtls_oprfi_enable_server (MHD_gtls_session_t session, | ||
261 | MHD_gnutls_oprfi_callback_func cb, | ||
262 | void *userdata) | ||
263 | { | ||
264 | session->security_parameters.extensions.oprfi_cb = cb; | ||
265 | session->security_parameters.extensions.oprfi_userdata = userdata; | ||
266 | } | ||
diff --git a/src/daemon/https/tls/ext_server_name.c b/src/daemon/https/tls/ext_server_name.c index 1e3cab02..d7f945d6 100644 --- a/src/daemon/https/tls/ext_server_name.c +++ b/src/daemon/https/tls/ext_server_name.c | |||
@@ -209,122 +209,3 @@ MHD_gtls_server_name_send_params (MHD_gtls_session_t session, | |||
209 | return total_size; | 209 | return total_size; |
210 | } | 210 | } |
211 | 211 | ||
212 | /** | ||
213 | * MHD__gnutls_server_name_get - Used to get the server name indicator send by a client | ||
214 | * @session: is a #MHD_gtls_session_t structure. | ||
215 | * @data: will hold the data | ||
216 | * @data_length: will hold the data length. Must hold the maximum size of data. | ||
217 | * @type: will hold the server name indicator type | ||
218 | * @indx: is the index of the server_name | ||
219 | * | ||
220 | * This function will allow you to get the name indication (if any), | ||
221 | * a client has sent. The name indication may be any of the enumeration | ||
222 | * MHD_gnutls_server_name_type_t. | ||
223 | * | ||
224 | * If @type is GNUTLS_NAME_DNS, then this function is to be used by servers | ||
225 | * that support virtual hosting, and the data will be a null terminated UTF-8 string. | ||
226 | * | ||
227 | * If @data has not enough size to hold the server name GNUTLS_E_SHORT_MEMORY_BUFFER | ||
228 | * is returned, and @data_length will hold the required size. | ||
229 | * | ||
230 | * @index is used to retrieve more than one server names (if sent by the client). | ||
231 | * The first server name has an index of 0, the second 1 and so on. If no name with the given | ||
232 | * index exists GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. | ||
233 | * | ||
234 | **/ | ||
235 | int | ||
236 | MHD__gnutls_server_name_get (MHD_gtls_session_t session, void *data, | ||
237 | size_t * data_length, | ||
238 | unsigned int *type, unsigned int indx) | ||
239 | { | ||
240 | char *_data = data; | ||
241 | #if MHD_DEBUG_TLS | ||
242 | if (session->security_parameters.entity == GNUTLS_CLIENT) | ||
243 | { | ||
244 | MHD_gnutls_assert (); | ||
245 | return GNUTLS_E_INVALID_REQUEST; | ||
246 | } | ||
247 | #endif | ||
248 | if (indx + 1 > session->security_parameters.extensions.server_names_size) | ||
249 | { | ||
250 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; | ||
251 | } | ||
252 | |||
253 | *type = session->security_parameters.extensions.server_names[indx].type; | ||
254 | |||
255 | if (*data_length > /* greater since we need one extra byte for the null */ | ||
256 | session->security_parameters.extensions.server_names[indx].name_length) | ||
257 | { | ||
258 | *data_length = | ||
259 | session->security_parameters.extensions. | ||
260 | server_names[indx].name_length; | ||
261 | memcpy (data, | ||
262 | session->security_parameters.extensions.server_names[indx].name, | ||
263 | *data_length); | ||
264 | |||
265 | if (*type == GNUTLS_NAME_DNS) /* null terminate */ | ||
266 | _data[(*data_length)] = 0; | ||
267 | |||
268 | } | ||
269 | else | ||
270 | { | ||
271 | *data_length = | ||
272 | session->security_parameters.extensions. | ||
273 | server_names[indx].name_length; | ||
274 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
275 | } | ||
276 | |||
277 | return 0; | ||
278 | } | ||
279 | |||
280 | /** | ||
281 | * MHD__gnutls_server_name_set - Used to set a name indicator to be sent as an extension | ||
282 | * @session: is a #MHD_gtls_session_t structure. | ||
283 | * @type: specifies the indicator type | ||
284 | * @name: is a string that contains the server name. | ||
285 | * @name_length: holds the length of name | ||
286 | * | ||
287 | * This function is to be used by clients that want to inform | ||
288 | * (via a TLS extension mechanism) the server of the name they | ||
289 | * connected to. This should be used by clients that connect | ||
290 | * to servers that do virtual hosting. | ||
291 | * | ||
292 | * The value of @name depends on the @ind type. In case of GNUTLS_NAME_DNS, | ||
293 | * an ASCII or UTF-8 null terminated string, without the trailing dot, is expected. | ||
294 | * IPv4 or IPv6 addresses are not permitted. | ||
295 | * | ||
296 | **/ | ||
297 | int | ||
298 | MHD__gnutls_server_name_set (MHD_gtls_session_t session, | ||
299 | MHD_gnutls_server_name_type_t type, | ||
300 | const void *name, size_t name_length) | ||
301 | { | ||
302 | int server_names; | ||
303 | |||
304 | if (session->security_parameters.entity == GNUTLS_SERVER) | ||
305 | { | ||
306 | MHD_gnutls_assert (); | ||
307 | return GNUTLS_E_INVALID_REQUEST; | ||
308 | } | ||
309 | |||
310 | if (name_length > MAX_SERVER_NAME_SIZE) | ||
311 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
312 | |||
313 | server_names = | ||
314 | session->security_parameters.extensions.server_names_size + 1; | ||
315 | |||
316 | if (server_names > MAX_SERVER_NAME_EXTENSIONS) | ||
317 | server_names = MAX_SERVER_NAME_EXTENSIONS; | ||
318 | |||
319 | session->security_parameters.extensions.server_names[server_names - | ||
320 | 1].type = type; | ||
321 | memcpy (session->security_parameters. | ||
322 | extensions.server_names[server_names - 1].name, name, name_length); | ||
323 | session->security_parameters.extensions.server_names[server_names - | ||
324 | 1].name_length = | ||
325 | name_length; | ||
326 | |||
327 | session->security_parameters.extensions.server_names_size++; | ||
328 | |||
329 | return 0; | ||
330 | } | ||
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c index 02be3637..876d860c 100644 --- a/src/daemon/https/tls/gnutls_algorithms.c +++ b/src/daemon/https/tls/gnutls_algorithms.c | |||
@@ -54,15 +54,6 @@ static const MHD_gnutls_cred_map MHD_gtls_cred_mappings[] = { | |||
54 | {MHD_GNUTLS_KX_DHE_RSA, | 54 | {MHD_GNUTLS_KX_DHE_RSA, |
55 | MHD_GNUTLS_CRD_CERTIFICATE, | 55 | MHD_GNUTLS_CRD_CERTIFICATE, |
56 | MHD_GNUTLS_CRD_CERTIFICATE}, | 56 | MHD_GNUTLS_CRD_CERTIFICATE}, |
57 | {MHD_GNUTLS_KX_SRP, | ||
58 | MHD_GNUTLS_CRD_SRP, | ||
59 | MHD_GNUTLS_CRD_SRP}, | ||
60 | {MHD_GNUTLS_KX_SRP_RSA, | ||
61 | MHD_GNUTLS_CRD_SRP, | ||
62 | MHD_GNUTLS_CRD_CERTIFICATE}, | ||
63 | {MHD_GNUTLS_KX_SRP_DSS, | ||
64 | MHD_GNUTLS_CRD_SRP, | ||
65 | MHD_GNUTLS_CRD_CERTIFICATE}, | ||
66 | {0, | 57 | {0, |
67 | 0, | 58 | 0, |
68 | 0} | 59 | 0} |
@@ -423,17 +414,6 @@ static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = { | |||
423 | &MHD_gtls_dhe_dss_auth_struct, | 414 | &MHD_gtls_dhe_dss_auth_struct, |
424 | 1, | 415 | 1, |
425 | 0}, | 416 | 0}, |
426 | |||
427 | #ifdef ENABLE_SRP | ||
428 | {"SRP-DSS", MHD_GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0, 0}, | ||
429 | {"SRP-RSA", MHD_GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0, 0}, | ||
430 | {"SRP", MHD_GNUTLS_KX_SRP, &srp_auth_struct, 0, 0}, | ||
431 | #endif | ||
432 | #ifdef ENABLE_PSK | ||
433 | {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0, 0}, | ||
434 | {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct, | ||
435 | 1 /* needs DHE params */ , 0}, | ||
436 | #endif | ||
437 | {0, | 417 | {0, |
438 | 0, | 418 | 0, |
439 | 0, | 419 | 0, |
@@ -448,15 +428,6 @@ static const enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_supported_kxs[] = | |||
448 | MHD_GNUTLS_KX_RSA_EXPORT, | 428 | MHD_GNUTLS_KX_RSA_EXPORT, |
449 | MHD_GNUTLS_KX_DHE_RSA, | 429 | MHD_GNUTLS_KX_DHE_RSA, |
450 | MHD_GNUTLS_KX_DHE_DSS, | 430 | MHD_GNUTLS_KX_DHE_DSS, |
451 | #ifdef ENABLE_SRP | ||
452 | MHD_GNUTLS_KX_SRP_DSS, | ||
453 | MHD_GNUTLS_KX_SRP_RSA, | ||
454 | MHD_GNUTLS_KX_SRP, | ||
455 | #endif | ||
456 | #ifdef ENABLE_PSK | ||
457 | GNUTLS_KX_PSK, | ||
458 | GNUTLS_KX_DHE_PSK, | ||
459 | #endif | ||
460 | 0 | 431 | 0 |
461 | }; | 432 | }; |
462 | 433 | ||
@@ -728,105 +699,6 @@ MHD_gtls_mac_priority (MHD_gtls_session_t session, | |||
728 | return -1; | 699 | return -1; |
729 | } | 700 | } |
730 | 701 | ||
731 | /** | ||
732 | * MHD__gnutls_mac_get_name - Returns a string with the name of the specified mac algorithm | ||
733 | * @algorithm: is a MAC algorithm | ||
734 | * | ||
735 | * Returns: a string that contains the name of the specified MAC | ||
736 | * algorithm, or %NULL. | ||
737 | **/ | ||
738 | const char * | ||
739 | MHD__gnutls_mac_get_name (enum MHD_GNUTLS_HashAlgorithm algorithm) | ||
740 | { | ||
741 | const char *ret = NULL; | ||
742 | |||
743 | /* avoid prefix */ | ||
744 | GNUTLS_HASH_ALG_LOOP (ret = p->name); | ||
745 | |||
746 | return ret; | ||
747 | } | ||
748 | |||
749 | /** | ||
750 | * MHD_gtls_mac_get_id - Returns the gnutls id of the specified in string algorithm | ||
751 | * @algorithm: is a MAC algorithm name | ||
752 | * | ||
753 | * Returns: an %enum MHD_GNUTLS_HashAlgorithmid of the specified in a string | ||
754 | * MAC algorithm, or %GNUTLS_MAC_UNKNOWN on failures. The names are | ||
755 | * compared in a case insensitive way. | ||
756 | **/ | ||
757 | enum MHD_GNUTLS_HashAlgorithm | ||
758 | MHD_gtls_mac_get_id (const char *name) | ||
759 | { | ||
760 | enum MHD_GNUTLS_HashAlgorithm ret = MHD_GNUTLS_MAC_UNKNOWN; | ||
761 | |||
762 | GNUTLS_HASH_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id) | ||
763 | ; | ||
764 | |||
765 | return ret; | ||
766 | } | ||
767 | |||
768 | /** | ||
769 | * MHD__gnutls_mac_get_key_size - Returns the length of the MAC's key size | ||
770 | * @algorithm: is an encryption algorithm | ||
771 | * | ||
772 | * Returns: length (in bytes) of the given MAC key size, or 0 if the | ||
773 | * given MAC algorithm is invalid. | ||
774 | * | ||
775 | **/ | ||
776 | size_t | ||
777 | MHD__gnutls_mac_get_key_size (enum MHD_GNUTLS_HashAlgorithm algorithm) | ||
778 | { | ||
779 | size_t ret = 0; | ||
780 | |||
781 | /* avoid prefix */ | ||
782 | GNUTLS_HASH_ALG_LOOP (ret = p->key_size); | ||
783 | |||
784 | return ret; | ||
785 | } | ||
786 | |||
787 | /** | ||
788 | * MHD_gtls_mac_list: | ||
789 | * | ||
790 | * Get a list of hash algorithms for use as MACs. Note that not | ||
791 | * necessarily all MACs are supported in TLS cipher suites. For | ||
792 | * example, MD2 is not supported as a cipher suite, but is supported | ||
793 | * for other purposes (e.g., X.509 signature verification or similar). | ||
794 | * | ||
795 | * Returns: Return a zero-terminated list of %enum MHD_GNUTLS_HashAlgorithm | ||
796 | * integers indicating the available MACs. | ||
797 | **/ | ||
798 | const enum MHD_GNUTLS_HashAlgorithm * | ||
799 | MHD_gtls_mac_list (void) | ||
800 | { | ||
801 | return MHD_gtls_supported_macs; | ||
802 | } | ||
803 | |||
804 | const char * | ||
805 | MHD_gtls_x509_mac_to_oid (enum MHD_GNUTLS_HashAlgorithm algorithm) | ||
806 | { | ||
807 | const char *ret = NULL; | ||
808 | |||
809 | /* avoid prefix */ | ||
810 | GNUTLS_HASH_ALG_LOOP (ret = p->oid); | ||
811 | |||
812 | return ret; | ||
813 | } | ||
814 | |||
815 | enum MHD_GNUTLS_HashAlgorithm | ||
816 | MHD_gtls_x509_oid2mac_algorithm (const char *oid) | ||
817 | { | ||
818 | enum MHD_GNUTLS_HashAlgorithm ret = 0; | ||
819 | |||
820 | GNUTLS_HASH_LOOP (if (p->oid && strcmp (oid, p->oid) == 0) | ||
821 | { | ||
822 | ret = p->id; break;} | ||
823 | ) | ||
824 | ; | ||
825 | |||
826 | if (ret == 0) | ||
827 | return MHD_GNUTLS_MAC_UNKNOWN; | ||
828 | return ret; | ||
829 | } | ||
830 | 702 | ||
831 | int | 703 | int |
832 | MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm) | 704 | MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm) |
@@ -840,20 +712,6 @@ MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm) | |||
840 | return ret; | 712 | return ret; |
841 | } | 713 | } |
842 | 714 | ||
843 | /* Compression Functions */ | ||
844 | int | ||
845 | MHD_gtls_compression_priority (MHD_gtls_session_t session, | ||
846 | enum MHD_GNUTLS_CompressionMethod algorithm) | ||
847 | { /* actually returns the priority */ | ||
848 | unsigned int i; | ||
849 | for (i = 0; i < session->internals.priorities.compression.num_algorithms; | ||
850 | i++) | ||
851 | { | ||
852 | if (session->internals.priorities.compression.priority[i] == algorithm) | ||
853 | return i; | ||
854 | } | ||
855 | return -1; | ||
856 | } | ||
857 | 715 | ||
858 | /** | 716 | /** |
859 | * MHD__gnutls_compression_get_name - Returns a string with the name of the specified compression algorithm | 717 | * MHD__gnutls_compression_get_name - Returns a string with the name of the specified compression algorithm |
@@ -897,21 +755,6 @@ MHD_gtls_compression_get_id (const char *name) | |||
897 | return ret; | 755 | return ret; |
898 | } | 756 | } |
899 | 757 | ||
900 | /** | ||
901 | * MHD_gtls_compression_list: | ||
902 | * | ||
903 | * Get a list of compression methods. Note that to be able to use LZO | ||
904 | * compression, you must link to libgnutls-extra and call | ||
905 | * MHD_gnutls_global_init_extra(). | ||
906 | * | ||
907 | * Returns: a zero-terminated list of %enum MHD_GNUTLS_CompressionMethod | ||
908 | * integers indicating the available compression methods. | ||
909 | **/ | ||
910 | const enum MHD_GNUTLS_CompressionMethod * | ||
911 | MHD_gtls_compression_list (void) | ||
912 | { | ||
913 | return MHD_gtls_supported_compressions; | ||
914 | } | ||
915 | 758 | ||
916 | /* return the tls number of the specified algorithm */ | 759 | /* return the tls number of the specified algorithm */ |
917 | int | 760 | int |
@@ -1048,62 +891,6 @@ MHD_gtls_cipher_get_export_flag (enum MHD_GNUTLS_CipherAlgorithm algorithm) | |||
1048 | 891 | ||
1049 | } | 892 | } |
1050 | 893 | ||
1051 | /** | ||
1052 | * MHD__gnutls_cipher_get_name - Returns a string with the name of the specified cipher algorithm | ||
1053 | * @algorithm: is an encryption algorithm | ||
1054 | * | ||
1055 | * Returns: a pointer to a string that contains the name of the | ||
1056 | * specified cipher, or %NULL. | ||
1057 | **/ | ||
1058 | const char * | ||
1059 | MHD__gnutls_cipher_get_name (enum MHD_GNUTLS_CipherAlgorithm algorithm) | ||
1060 | { | ||
1061 | const char *ret = NULL; | ||
1062 | |||
1063 | /* avoid prefix */ | ||
1064 | GNUTLS_ALG_LOOP (ret = p->name); | ||
1065 | |||
1066 | return ret; | ||
1067 | } | ||
1068 | |||
1069 | /** | ||
1070 | * MHD_gtls_cipher_get_id - Returns the gnutls id of the specified in string algorithm | ||
1071 | * @algorithm: is a MAC algorithm name | ||
1072 | * | ||
1073 | * The names are compared in a case insensitive way. | ||
1074 | * | ||
1075 | * Returns: an id of the specified cipher, or %GNUTLS_CIPHER_UNKNOWN | ||
1076 | * on error. | ||
1077 | * | ||
1078 | **/ | ||
1079 | enum MHD_GNUTLS_CipherAlgorithm | ||
1080 | MHD_gtls_cipher_get_id (const char *name) | ||
1081 | { | ||
1082 | enum MHD_GNUTLS_CipherAlgorithm ret = MHD_GNUTLS_CIPHER_UNKNOWN; | ||
1083 | |||
1084 | GNUTLS_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id) | ||
1085 | ; | ||
1086 | |||
1087 | return ret; | ||
1088 | } | ||
1089 | |||
1090 | /** | ||
1091 | * MHD_gtls_cipher_list: | ||
1092 | * | ||
1093 | * Get a list of supported cipher algorithms. Note that not | ||
1094 | * necessarily all ciphers are supported as TLS cipher suites. For | ||
1095 | * example, DES is not supported as a cipher suite, but is supported | ||
1096 | * for other purposes (e.g., PKCS#8 or similar). | ||
1097 | * | ||
1098 | * Returns: a zero-terminated list of %enum MHD_GNUTLS_CipherAlgorithm | ||
1099 | * integers indicating the available ciphers. | ||
1100 | * | ||
1101 | **/ | ||
1102 | const enum MHD_GNUTLS_CipherAlgorithm * | ||
1103 | MHD_gtls_cipher_list (void) | ||
1104 | { | ||
1105 | return MHD_gtls_supported_ciphers; | ||
1106 | } | ||
1107 | 894 | ||
1108 | int | 895 | int |
1109 | MHD_gtls_cipher_is_ok (enum MHD_GNUTLS_CipherAlgorithm algorithm) | 896 | MHD_gtls_cipher_is_ok (enum MHD_GNUTLS_CipherAlgorithm algorithm) |
@@ -1140,57 +927,6 @@ MHD_gtls_kx_priority (MHD_gtls_session_t session, | |||
1140 | return -1; | 927 | return -1; |
1141 | } | 928 | } |
1142 | 929 | ||
1143 | /** | ||
1144 | * MHD__gnutls_kx_get_name - Returns a string with the name of the specified key exchange algorithm | ||
1145 | * @algorithm: is a key exchange algorithm | ||
1146 | * | ||
1147 | * Returns: a pointer to a string that contains the name of the | ||
1148 | * specified key exchange algorithm, or %NULL. | ||
1149 | **/ | ||
1150 | const char * | ||
1151 | MHD__gnutls_kx_get_name (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) | ||
1152 | { | ||
1153 | const char *ret = NULL; | ||
1154 | |||
1155 | /* avoid prefix */ | ||
1156 | GNUTLS_KX_ALG_LOOP (ret = p->name); | ||
1157 | |||
1158 | return ret; | ||
1159 | } | ||
1160 | |||
1161 | /** | ||
1162 | * MHD_gtls_kx_get_id - Returns the gnutls id of the specified in string algorithm | ||
1163 | * @algorithm: is a KX name | ||
1164 | * | ||
1165 | * The names are compared in a case insensitive way. | ||
1166 | * | ||
1167 | * Returns: an id of the specified KX algorithm, or | ||
1168 | * %GNUTLS_KX_UNKNOWN on error. | ||
1169 | **/ | ||
1170 | enum MHD_GNUTLS_KeyExchangeAlgorithm | ||
1171 | MHD_gtls_kx_get_id (const char *name) | ||
1172 | { | ||
1173 | enum MHD_GNUTLS_CipherAlgorithm ret = MHD_GNUTLS_KX_UNKNOWN; | ||
1174 | |||
1175 | GNUTLS_KX_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->algorithm) | ||
1176 | ; | ||
1177 | |||
1178 | return ret; | ||
1179 | } | ||
1180 | |||
1181 | /** | ||
1182 | * MHD_gtls_kx_list: | ||
1183 | * | ||
1184 | * Get a list of supported key exchange algorithms. | ||
1185 | * | ||
1186 | * Returns: a zero-terminated list of %enum MHD_GNUTLS_KeyExchangeAlgorithm integers | ||
1187 | * indicating the available key exchange algorithms. | ||
1188 | **/ | ||
1189 | const enum MHD_GNUTLS_KeyExchangeAlgorithm * | ||
1190 | MHD_gtls_kx_list (void) | ||
1191 | { | ||
1192 | return MHD_gtls_supported_kxs; | ||
1193 | } | ||
1194 | 930 | ||
1195 | int | 931 | int |
1196 | MHD_gtls_kx_is_ok (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) | 932 | MHD_gtls_kx_is_ok (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) |
@@ -1241,28 +977,6 @@ MHD_gtls_version_priority (MHD_gtls_session_t session, | |||
1241 | return -1; | 977 | return -1; |
1242 | } | 978 | } |
1243 | 979 | ||
1244 | enum MHD_GNUTLS_Protocol | ||
1245 | MHD_gtls_version_lowest (MHD_gtls_session_t session) | ||
1246 | { /* returns the lowest version supported */ | ||
1247 | unsigned int i, min = 0xff; | ||
1248 | |||
1249 | if (session->internals.priorities.protocol.priority == NULL) | ||
1250 | { | ||
1251 | return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; | ||
1252 | } | ||
1253 | else | ||
1254 | for (i = 0; i < session->internals.priorities.protocol.num_algorithms; | ||
1255 | i++) | ||
1256 | { | ||
1257 | if (session->internals.priorities.protocol.priority[i] < min) | ||
1258 | min = session->internals.priorities.protocol.priority[i]; | ||
1259 | } | ||
1260 | |||
1261 | if (min == 0xff) | ||
1262 | return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; /* unknown version */ | ||
1263 | |||
1264 | return min; | ||
1265 | } | ||
1266 | 980 | ||
1267 | enum MHD_GNUTLS_Protocol | 981 | enum MHD_GNUTLS_Protocol |
1268 | MHD_gtls_version_max (MHD_gtls_session_t session) | 982 | MHD_gtls_version_max (MHD_gtls_session_t session) |
@@ -1287,58 +1001,6 @@ MHD_gtls_version_max (MHD_gtls_session_t session) | |||
1287 | return max; | 1001 | return max; |
1288 | } | 1002 | } |
1289 | 1003 | ||
1290 | /** | ||
1291 | * MHD__gnutls_protocol_get_name - Returns a string with the name of the specified SSL/TLS version | ||
1292 | * @version: is a (gnutls) version number | ||
1293 | * | ||
1294 | * Returns: a string that contains the name of the specified TLS | ||
1295 | * version (e.g., "TLS 1.0"), or %NULL. | ||
1296 | **/ | ||
1297 | const char * | ||
1298 | MHD__gnutls_protocol_get_name (enum MHD_GNUTLS_Protocol version) | ||
1299 | { | ||
1300 | const char *ret = NULL; | ||
1301 | |||
1302 | /* avoid prefix */ | ||
1303 | GNUTLS_VERSION_ALG_LOOP (ret = p->name); | ||
1304 | return ret; | ||
1305 | } | ||
1306 | |||
1307 | /** | ||
1308 | * MHD_gtls_protocol_get_id - Returns the gnutls id of the specified in string protocol | ||
1309 | * @algorithm: is a protocol name | ||
1310 | * | ||
1311 | * The names are compared in a case insensitive way. | ||
1312 | * | ||
1313 | * Returns: an id of the specified protocol, or | ||
1314 | * %GNUTLS_VERSION_UNKNOWN on error. | ||
1315 | **/ | ||
1316 | enum MHD_GNUTLS_Protocol | ||
1317 | MHD_gtls_protocol_get_id (const char *name) | ||
1318 | { | ||
1319 | enum MHD_GNUTLS_Protocol ret = MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; | ||
1320 | |||
1321 | GNUTLS_VERSION_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id) | ||
1322 | ; | ||
1323 | |||
1324 | return ret; | ||
1325 | } | ||
1326 | |||
1327 | /** | ||
1328 | * MHD_gtls_protocol_list: | ||
1329 | * | ||
1330 | * Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc. | ||
1331 | * | ||
1332 | * Returns: a zero-terminated list of %enum MHD_GNUTLS_Protocol integers | ||
1333 | * indicating the available protocols. | ||
1334 | * | ||
1335 | **/ | ||
1336 | const enum MHD_GNUTLS_Protocol * | ||
1337 | MHD_gtls_protocol_list (void) | ||
1338 | { | ||
1339 | return MHD_gtls_supported_protocols; | ||
1340 | } | ||
1341 | |||
1342 | int | 1004 | int |
1343 | MHD_gtls_version_get_minor (enum MHD_GNUTLS_Protocol version) | 1005 | MHD_gtls_version_get_minor (enum MHD_GNUTLS_Protocol version) |
1344 | { | 1006 | { |
@@ -1386,23 +1048,6 @@ MHD_gtls_version_is_supported (MHD_gtls_session_t session, | |||
1386 | return 1; | 1048 | return 1; |
1387 | } | 1049 | } |
1388 | 1050 | ||
1389 | /* Type to KX mappings */ | ||
1390 | enum MHD_GNUTLS_KeyExchangeAlgorithm | ||
1391 | MHD_gtls_map_kx_get_kx (enum MHD_GNUTLS_CredentialsType type, int server) | ||
1392 | { | ||
1393 | enum MHD_GNUTLS_KeyExchangeAlgorithm ret = -1; | ||
1394 | |||
1395 | if (server) | ||
1396 | { | ||
1397 | GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm); | ||
1398 | } | ||
1399 | else | ||
1400 | { | ||
1401 | GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm); | ||
1402 | } | ||
1403 | return ret; | ||
1404 | } | ||
1405 | |||
1406 | enum MHD_GNUTLS_CredentialsType | 1051 | enum MHD_GNUTLS_CredentialsType |
1407 | MHD_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm, | 1052 | MHD_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm, |
1408 | int server) | 1053 | int server) |
@@ -1807,62 +1452,12 @@ MHD_gtls_supported_compression_methods (MHD_gtls_session_t session, | |||
1807 | return j; | 1452 | return j; |
1808 | } | 1453 | } |
1809 | 1454 | ||
1810 | /** | ||
1811 | * MHD__gnutls_certificate_type_get_name - Returns a string with the name of the specified certificate type | ||
1812 | * @type: is a certificate type | ||
1813 | * | ||
1814 | * Returns: a string (or %NULL) that contains the name of the | ||
1815 | * specified certificate type. | ||
1816 | **/ | ||
1817 | const char * | ||
1818 | MHD__gnutls_certificate_type_get_name (enum MHD_GNUTLS_CertificateType type) | ||
1819 | { | ||
1820 | const char *ret = NULL; | ||
1821 | |||
1822 | if (type == MHD_GNUTLS_CRT_X509) | ||
1823 | ret = "X.509"; | ||
1824 | return ret; | ||
1825 | } | ||
1826 | |||
1827 | /** | ||
1828 | * MHD_gtls_certificate_type_get_id - Returns the gnutls id of the specified in string type | ||
1829 | * @name: is a certificate type name | ||
1830 | * | ||
1831 | * The names are compared in a case insensitive way. | ||
1832 | * | ||
1833 | * Returns: an id of the specified in a string certificate type, or | ||
1834 | * %GNUTLS_CRT_UNKNOWN on error. | ||
1835 | **/ | ||
1836 | enum MHD_GNUTLS_CertificateType | ||
1837 | MHD_gtls_certificate_type_get_id (const char *name) | ||
1838 | { | ||
1839 | enum MHD_GNUTLS_CertificateType ret = MHD_GNUTLS_CRT_UNKNOWN; | ||
1840 | |||
1841 | if (strcasecmp (name, "X.509") == 0 || strcasecmp (name, "X509") == 0) | ||
1842 | return MHD_GNUTLS_CRT_X509; | ||
1843 | return ret; | ||
1844 | } | ||
1845 | |||
1846 | static const enum MHD_GNUTLS_CertificateType | 1455 | static const enum MHD_GNUTLS_CertificateType |
1847 | MHD_gtls_supported_certificate_types[] = | 1456 | MHD_gtls_supported_certificate_types[] = |
1848 | { MHD_GNUTLS_CRT_X509, | 1457 | { MHD_GNUTLS_CRT_X509, |
1849 | 0 | 1458 | 0 |
1850 | }; | 1459 | }; |
1851 | 1460 | ||
1852 | /** | ||
1853 | * MHD_gtls_certificate_type_list: | ||
1854 | * | ||
1855 | * Get a list of certificate types. | ||
1856 | * | ||
1857 | * Returns: a zero-terminated list of %enum MHD_GNUTLS_CertificateType | ||
1858 | * integers indicating the available certificate types. | ||
1859 | * | ||
1860 | **/ | ||
1861 | const enum MHD_GNUTLS_CertificateType * | ||
1862 | MHD_gtls_certificate_type_list (void) | ||
1863 | { | ||
1864 | return MHD_gtls_supported_certificate_types; | ||
1865 | } | ||
1866 | 1461 | ||
1867 | /* returns the enum MHD_GNUTLS_PublicKeyAlgorithm which is compatible with | 1462 | /* returns the enum MHD_GNUTLS_PublicKeyAlgorithm which is compatible with |
1868 | * the given enum MHD_GNUTLS_KeyExchangeAlgorithm. | 1463 | * the given enum MHD_GNUTLS_KeyExchangeAlgorithm. |
@@ -1942,55 +1537,6 @@ static const MHD_gnutls_sign_entry MHD_gtls_sign_algorithms[] = { | |||
1942 | #define GNUTLS_SIGN_ALG_LOOP(a) \ | 1537 | #define GNUTLS_SIGN_ALG_LOOP(a) \ |
1943 | GNUTLS_SIGN_LOOP( if(p->id && p->id == sign) { a; break; } ) | 1538 | GNUTLS_SIGN_LOOP( if(p->id && p->id == sign) { a; break; } ) |
1944 | 1539 | ||
1945 | MHD_gnutls_sign_algorithm_t | ||
1946 | MHD_gtls_x509_oid2sign_algorithm (const char *oid) | ||
1947 | { | ||
1948 | MHD_gnutls_sign_algorithm_t ret = 0; | ||
1949 | |||
1950 | GNUTLS_SIGN_LOOP (if (strcmp (oid, p->oid) == 0) | ||
1951 | { | ||
1952 | ret = p->id; break;} | ||
1953 | ); | ||
1954 | |||
1955 | if (ret == 0) | ||
1956 | { | ||
1957 | MHD__gnutls_x509_log ("Unknown SIGN OID: '%s'\n", oid); | ||
1958 | return GNUTLS_SIGN_UNKNOWN; | ||
1959 | } | ||
1960 | return ret; | ||
1961 | } | ||
1962 | |||
1963 | MHD_gnutls_sign_algorithm_t | ||
1964 | MHD_gtls_x509_pk_to_sign (enum MHD_GNUTLS_PublicKeyAlgorithm pk, | ||
1965 | enum MHD_GNUTLS_HashAlgorithm mac) | ||
1966 | { | ||
1967 | MHD_gnutls_sign_algorithm_t ret = 0; | ||
1968 | |||
1969 | GNUTLS_SIGN_LOOP (if (pk == p->pk && mac == p->mac) | ||
1970 | { | ||
1971 | ret = p->id; break;} | ||
1972 | ); | ||
1973 | |||
1974 | if (ret == 0) | ||
1975 | return GNUTLS_SIGN_UNKNOWN; | ||
1976 | return ret; | ||
1977 | } | ||
1978 | |||
1979 | const char * | ||
1980 | MHD_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk, | ||
1981 | enum MHD_GNUTLS_HashAlgorithm mac) | ||
1982 | { | ||
1983 | MHD_gnutls_sign_algorithm_t sign; | ||
1984 | const char *ret = NULL; | ||
1985 | |||
1986 | sign = MHD_gtls_x509_pk_to_sign (pk, mac); | ||
1987 | if (sign == GNUTLS_SIGN_UNKNOWN) | ||
1988 | return NULL; | ||
1989 | |||
1990 | GNUTLS_SIGN_ALG_LOOP (ret = p->oid); | ||
1991 | return ret; | ||
1992 | } | ||
1993 | |||
1994 | /* pk algorithms; | 1540 | /* pk algorithms; |
1995 | */ | 1541 | */ |
1996 | struct MHD_gnutls_pk_entry | 1542 | struct MHD_gnutls_pk_entry |
@@ -2032,18 +1578,3 @@ MHD_gtls_x509_oid2pk_algorithm (const char *oid) | |||
2032 | return ret; | 1578 | return ret; |
2033 | } | 1579 | } |
2034 | 1580 | ||
2035 | const char * | ||
2036 | MHD_gtls_x509_pk_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm algorithm) | ||
2037 | { | ||
2038 | const char *ret = NULL; | ||
2039 | const MHD_gnutls_pk_entry *p; | ||
2040 | |||
2041 | for (p = MHD_gtls_pk_algorithms; p->name != NULL; p++) | ||
2042 | if (p->id == algorithm) | ||
2043 | { | ||
2044 | ret = p->oid; | ||
2045 | break; | ||
2046 | } | ||
2047 | |||
2048 | return ret; | ||
2049 | } | ||
diff --git a/src/daemon/https/tls/gnutls_algorithms.h b/src/daemon/https/tls/gnutls_algorithms.h index ba4e83ba..6a4021c7 100644 --- a/src/daemon/https/tls/gnutls_algorithms.h +++ b/src/daemon/https/tls/gnutls_algorithms.h | |||
@@ -28,7 +28,6 @@ | |||
28 | #include "gnutls_auth.h" | 28 | #include "gnutls_auth.h" |
29 | 29 | ||
30 | /* Functions for version handling. */ | 30 | /* Functions for version handling. */ |
31 | enum MHD_GNUTLS_Protocol MHD_gtls_version_lowest (MHD_gtls_session_t session); | ||
32 | enum MHD_GNUTLS_Protocol MHD_gtls_version_max (MHD_gtls_session_t session); | 31 | enum MHD_GNUTLS_Protocol MHD_gtls_version_max (MHD_gtls_session_t session); |
33 | int MHD_gtls_version_priority (MHD_gtls_session_t session, | 32 | int MHD_gtls_version_priority (MHD_gtls_session_t session, |
34 | enum MHD_GNUTLS_Protocol version); | 33 | enum MHD_GNUTLS_Protocol version); |
@@ -40,10 +39,6 @@ enum MHD_GNUTLS_Protocol MHD_gtls_version_get (int major, int minor); | |||
40 | 39 | ||
41 | /* Functions for MACs. */ | 40 | /* Functions for MACs. */ |
42 | int MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm); | 41 | int MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm); |
43 | enum MHD_GNUTLS_HashAlgorithm MHD_gtls_x509_oid2mac_algorithm (const char | ||
44 | *oid); | ||
45 | const char *MHD_gtls_x509_mac_to_oid (enum MHD_GNUTLS_HashAlgorithm mac); | ||
46 | |||
47 | /* Functions for cipher suites. */ | 42 | /* Functions for cipher suites. */ |
48 | int MHD_gtls_supported_ciphersuites (MHD_gtls_session_t session, | 43 | int MHD_gtls_supported_ciphersuites (MHD_gtls_session_t session, |
49 | cipher_suite_st ** ciphers); | 44 | cipher_suite_st ** ciphers); |
@@ -103,10 +98,6 @@ int MHD_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod | |||
103 | algorithm); | 98 | algorithm); |
104 | 99 | ||
105 | /* Type to KX mappings. */ | 100 | /* Type to KX mappings. */ |
106 | enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_map_kx_get_kx (enum | ||
107 | MHD_GNUTLS_CredentialsType | ||
108 | type, | ||
109 | int server); | ||
110 | enum MHD_GNUTLS_CredentialsType MHD_gtls_map_kx_get_cred (enum | 101 | enum MHD_GNUTLS_CredentialsType MHD_gtls_map_kx_get_cred (enum |
111 | MHD_GNUTLS_KeyExchangeAlgorithm | 102 | MHD_GNUTLS_KeyExchangeAlgorithm |
112 | algorithm, | 103 | algorithm, |
@@ -118,8 +109,6 @@ enum MHD_GNUTLS_PublicKeyAlgorithm MHD_gtls_map_pk_get_pk (enum | |||
118 | kx_algorithm); | 109 | kx_algorithm); |
119 | enum MHD_GNUTLS_PublicKeyAlgorithm MHD_gtls_x509_oid2pk_algorithm (const char | 110 | enum MHD_GNUTLS_PublicKeyAlgorithm MHD_gtls_x509_oid2pk_algorithm (const char |
120 | *oid); | 111 | *oid); |
121 | const char *MHD_gtls_x509_pk_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk); | ||
122 | |||
123 | enum encipher_type | 112 | enum encipher_type |
124 | { CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN }; | 113 | { CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN }; |
125 | 114 | ||
@@ -141,16 +130,6 @@ struct MHD_gtls_compression_entry | |||
141 | typedef struct MHD_gtls_compression_entry MHD_gnutls_compression_entry; | 130 | typedef struct MHD_gtls_compression_entry MHD_gnutls_compression_entry; |
142 | 131 | ||
143 | /* Functions for sign algorithms. */ | 132 | /* Functions for sign algorithms. */ |
144 | MHD_gnutls_sign_algorithm_t MHD_gtls_x509_oid2sign_algorithm (const char | ||
145 | *oid); | ||
146 | MHD_gnutls_sign_algorithm_t MHD_gtls_x509_pk_to_sign (enum | ||
147 | MHD_GNUTLS_PublicKeyAlgorithm | ||
148 | pk, | ||
149 | enum | ||
150 | MHD_GNUTLS_HashAlgorithm | ||
151 | mac); | ||
152 | const char *MHD_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm, | ||
153 | enum MHD_GNUTLS_HashAlgorithm mac); | ||
154 | 133 | ||
155 | int MHD_gtls_mac_priority (MHD_gtls_session_t session, | 134 | int MHD_gtls_mac_priority (MHD_gtls_session_t session, |
156 | enum MHD_GNUTLS_HashAlgorithm algorithm); | 135 | enum MHD_GNUTLS_HashAlgorithm algorithm); |
@@ -158,9 +137,6 @@ int MHD_gtls_cipher_priority (MHD_gtls_session_t session, | |||
158 | enum MHD_GNUTLS_CipherAlgorithm algorithm); | 137 | enum MHD_GNUTLS_CipherAlgorithm algorithm); |
159 | int MHD_gtls_kx_priority (MHD_gtls_session_t session, | 138 | int MHD_gtls_kx_priority (MHD_gtls_session_t session, |
160 | enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); | 139 | enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); |
161 | int MHD_gtls_compression_priority (MHD_gtls_session_t session, | ||
162 | enum MHD_GNUTLS_CompressionMethod | ||
163 | algorithm); | ||
164 | 140 | ||
165 | enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name); | 141 | enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name); |
166 | enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name); | 142 | enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name); |
diff --git a/src/daemon/https/tls/gnutls_auth.c b/src/daemon/https/tls/gnutls_auth.c index fcb8ed55..df978ef9 100644 --- a/src/daemon/https/tls/gnutls_auth.c +++ b/src/daemon/https/tls/gnutls_auth.c | |||
@@ -171,43 +171,6 @@ MHD_gtls_auth_get_type (MHD_gtls_session_t session) | |||
171 | server); | 171 | server); |
172 | } | 172 | } |
173 | 173 | ||
174 | /** | ||
175 | * MHD_gtls_auth_server_get_type - Returns the type of credentials for the server authentication schema. | ||
176 | * @session: is a #MHD_gtls_session_t structure. | ||
177 | * | ||
178 | * Returns the type of credentials that were used for server authentication. | ||
179 | * The returned information is to be used to distinguish the function used | ||
180 | * to access authentication data. | ||
181 | * | ||
182 | **/ | ||
183 | enum MHD_GNUTLS_CredentialsType | ||
184 | MHD_gtls_auth_server_get_type (MHD_gtls_session_t session) | ||
185 | { | ||
186 | return | ||
187 | MHD_gtls_map_kx_get_cred (MHD_gtls_cipher_suite_get_kx_algo | ||
188 | (&session-> | ||
189 | security_parameters.current_cipher_suite), 1); | ||
190 | } | ||
191 | |||
192 | /** | ||
193 | * MHD_gtls_auth_client_get_type - Returns the type of credentials for the client authentication schema. | ||
194 | * @session: is a #MHD_gtls_session_t structure. | ||
195 | * | ||
196 | * Returns the type of credentials that were used for client authentication. | ||
197 | * The returned information is to be used to distinguish the function used | ||
198 | * to access authentication data. | ||
199 | * | ||
200 | **/ | ||
201 | enum MHD_GNUTLS_CredentialsType | ||
202 | MHD_gtls_auth_client_get_type (MHD_gtls_session_t session) | ||
203 | { | ||
204 | return | ||
205 | MHD_gtls_map_kx_get_cred (MHD_gtls_cipher_suite_get_kx_algo | ||
206 | (&session-> | ||
207 | security_parameters.current_cipher_suite), 0); | ||
208 | } | ||
209 | |||
210 | |||
211 | /* | 174 | /* |
212 | * This returns a pointer to the linked list. Don't | 175 | * This returns a pointer to the linked list. Don't |
213 | * free that!!! | 176 | * free that!!! |
@@ -294,8 +257,6 @@ MHD_gtls_free_auth_info (MHD_gtls_session_t session) | |||
294 | 257 | ||
295 | switch (session->key->auth_info_type) | 258 | switch (session->key->auth_info_type) |
296 | { | 259 | { |
297 | case MHD_GNUTLS_CRD_SRP: | ||
298 | break; | ||
299 | case MHD_GNUTLS_CRD_CERTIFICATE: | 260 | case MHD_GNUTLS_CRD_CERTIFICATE: |
300 | { | 261 | { |
301 | unsigned int i; | 262 | unsigned int i; |
diff --git a/src/daemon/https/tls/gnutls_buffers.c b/src/daemon/https/tls/gnutls_buffers.c index 8c6bb750..4588e62d 100644 --- a/src/daemon/https/tls/gnutls_buffers.c +++ b/src/daemon/https/tls/gnutls_buffers.c | |||
@@ -67,58 +67,6 @@ | |||
67 | # include <io_debug.h> | 67 | # include <io_debug.h> |
68 | #endif | 68 | #endif |
69 | 69 | ||
70 | /** | ||
71 | * MHD__gnutls_transport_set_errno: | ||
72 | * @session: is a #MHD_gtls_session_t structure. | ||
73 | * @err: error value to store in session-specific errno variable. | ||
74 | * | ||
75 | * Store @err in the session-specific errno variable. Useful values | ||
76 | * for @err is EAGAIN and EINTR, other values are treated will be | ||
77 | * treated as real errors in the push/pull function. | ||
78 | * | ||
79 | * This function is useful in replacement push/pull functions set by | ||
80 | * MHD__gnutls_transport_set_push_function and | ||
81 | * MHD_gnutls_transport_set_pullpush_function under Windows, where the | ||
82 | * replacement push/pull may not have access to the same @errno | ||
83 | * variable that is used by GnuTLS (e.g., the application is linked to | ||
84 | * msvcr71.dll and gnutls is linked to msvcrt.dll). | ||
85 | * | ||
86 | * If you don't have the @session variable easily accessible from the | ||
87 | * push/pull function, and don't worry about thread conflicts, you can | ||
88 | * also use MHD__gnutls_transport_set_global_errno(). | ||
89 | **/ | ||
90 | void | ||
91 | MHD__gnutls_transport_set_errno (MHD_gtls_session_t session, int err) | ||
92 | { | ||
93 | session->internals.errnum = err; | ||
94 | } | ||
95 | |||
96 | /** | ||
97 | * MHD__gnutls_transport_set_global_errno: | ||
98 | * @err: error value to store in global errno variable. | ||
99 | * | ||
100 | * Store @err in the global errno variable. Useful values for @err is | ||
101 | * EAGAIN and EINTR, other values are treated will be treated as real | ||
102 | * errors in the push/pull function. | ||
103 | * | ||
104 | * This function is useful in replacement push/pull functions set by | ||
105 | * MHD__gnutls_transport_set_push_function and | ||
106 | * MHD_gnutls_transport_set_pullpush_function under Windows, where the | ||
107 | * replacement push/pull may not have access to the same @errno | ||
108 | * variable that is used by GnuTLS (e.g., the application is linked to | ||
109 | * msvcr71.dll and gnutls is linked to msvcrt.dll). | ||
110 | * | ||
111 | * Whether this function is thread safe or not depends on whether the | ||
112 | * global variable errno is thread safe, some system libraries make it | ||
113 | * a thread-local variable. When feasible, using the guaranteed | ||
114 | * thread-safe MHD__gnutls_transport_set_errno() may be better. | ||
115 | **/ | ||
116 | void | ||
117 | MHD__gnutls_transport_set_global_errno (int err) | ||
118 | { | ||
119 | errno = err; | ||
120 | } | ||
121 | |||
122 | /* Buffers received packets of type APPLICATION DATA and | 70 | /* Buffers received packets of type APPLICATION DATA and |
123 | * HANDSHAKE DATA. | 71 | * HANDSHAKE DATA. |
124 | */ | 72 | */ |
@@ -186,23 +134,6 @@ MHD_gnutls_record_buffer_get_size (content_type_t type, | |||
186 | } | 134 | } |
187 | } | 135 | } |
188 | 136 | ||
189 | /** | ||
190 | * MHD_gtls_record_check_pending - checks if there are any data to receive in gnutls buffers. | ||
191 | * @session: is a #MHD_gtls_session_t structure. | ||
192 | * | ||
193 | * This function checks if there are any data to receive | ||
194 | * in the gnutls buffers. Returns the size of that data or 0. | ||
195 | * Notice that you may also use select() to check for data in | ||
196 | * a TCP connection, instead of this function. | ||
197 | * (gnutls leaves some data in the tcp buffer in order for select | ||
198 | * to work). | ||
199 | **/ | ||
200 | size_t | ||
201 | MHD_gtls_record_check_pending (MHD_gtls_session_t session) | ||
202 | { | ||
203 | return MHD_gnutls_record_buffer_get_size (GNUTLS_APPLICATION_DATA, session); | ||
204 | } | ||
205 | |||
206 | int | 137 | int |
207 | MHD_gtls_record_buffer_get (content_type_t type, MHD_gtls_session_t session, | 138 | MHD_gtls_record_buffer_get (content_type_t type, MHD_gtls_session_t session, |
208 | opaque * data, size_t length) | 139 | opaque * data, size_t length) |
@@ -1193,31 +1124,6 @@ MHD_gtls_handshake_buffer_put (MHD_gtls_session_t session, opaque * data, | |||
1193 | return 0; | 1124 | return 0; |
1194 | } | 1125 | } |
1195 | 1126 | ||
1196 | int | ||
1197 | MHD_gtls_handshake_buffer_get_size (MHD_gtls_session_t session) | ||
1198 | { | ||
1199 | |||
1200 | return session->internals.handshake_hash_buffer.length; | ||
1201 | } | ||
1202 | |||
1203 | /* this function does not touch the buffer | ||
1204 | * and returns data from it (peek mode!) | ||
1205 | */ | ||
1206 | int | ||
1207 | MHD_gtls_handshake_buffer_peek (MHD_gtls_session_t session, opaque * data, | ||
1208 | size_t length) | ||
1209 | { | ||
1210 | if (length > session->internals.handshake_hash_buffer.length) | ||
1211 | { | ||
1212 | length = session->internals.handshake_hash_buffer.length; | ||
1213 | } | ||
1214 | |||
1215 | MHD__gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", length); | ||
1216 | |||
1217 | memcpy (data, session->internals.handshake_hash_buffer.data, length); | ||
1218 | return length; | ||
1219 | } | ||
1220 | |||
1221 | /* this function does not touch the buffer | 1127 | /* this function does not touch the buffer |
1222 | * and returns data from it (peek mode!) | 1128 | * and returns data from it (peek mode!) |
1223 | */ | 1129 | */ |
diff --git a/src/daemon/https/tls/gnutls_buffers.h b/src/daemon/https/tls/gnutls_buffers.h index 918da673..e09506ac 100644 --- a/src/daemon/https/tls/gnutls_buffers.h +++ b/src/daemon/https/tls/gnutls_buffers.h | |||
@@ -40,9 +40,6 @@ ssize_t MHD_gtls_io_write_buffered (MHD_gtls_session_t, const void *iptr, | |||
40 | ssize_t MHD_gtls_io_write_buffered2 (MHD_gtls_session_t, const void *iptr, | 40 | ssize_t MHD_gtls_io_write_buffered2 (MHD_gtls_session_t, const void *iptr, |
41 | size_t n, const void *iptr2, size_t n2); | 41 | size_t n, const void *iptr2, size_t n2); |
42 | 42 | ||
43 | int MHD_gtls_handshake_buffer_get_size (MHD_gtls_session_t session); | ||
44 | int MHD_gtls_handshake_buffer_peek (MHD_gtls_session_t session, opaque * data, | ||
45 | size_t length); | ||
46 | int MHD_gtls_handshake_buffer_put (MHD_gtls_session_t session, opaque * data, | 43 | int MHD_gtls_handshake_buffer_put (MHD_gtls_session_t session, opaque * data, |
47 | size_t length); | 44 | size_t length); |
48 | int MHD_gtls_handshake_buffer_clear (MHD_gtls_session_t session); | 45 | int MHD_gtls_handshake_buffer_clear (MHD_gtls_session_t session); |
diff --git a/src/daemon/https/tls/gnutls_cert.c b/src/daemon/https/tls/gnutls_cert.c index f0357840..a8353d70 100644 --- a/src/daemon/https/tls/gnutls_cert.c +++ b/src/daemon/https/tls/gnutls_cert.c | |||
@@ -279,87 +279,6 @@ MHD_gtls_selected_cert_supported_kx (MHD_gtls_session_t session, | |||
279 | } | 279 | } |
280 | 280 | ||
281 | 281 | ||
282 | /** | ||
283 | * MHD_gtls_certificate_server_set_request - Used to set whether to request a client certificate | ||
284 | * @session: is an #MHD_gtls_session_t structure. | ||
285 | * @req: is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE | ||
286 | * | ||
287 | * This function specifies if we (in case of a server) are going | ||
288 | * to send a certificate request message to the client. If @req | ||
289 | * is GNUTLS_CERT_REQUIRE then the server will return an error if | ||
290 | * the peer does not provide a certificate. If you do not | ||
291 | * call this function then the client will not be asked to | ||
292 | * send a certificate. | ||
293 | **/ | ||
294 | void | ||
295 | MHD_gtls_certificate_server_set_request (MHD_gtls_session_t session, | ||
296 | MHD_gnutls_certificate_request_t req) | ||
297 | { | ||
298 | session->internals.send_cert_req = req; | ||
299 | } | ||
300 | |||
301 | /** | ||
302 | * MHD_gtls_certificate_client_set_retrieve_function - Used to set a callback to retrieve the certificate | ||
303 | * @cred: is a #MHD_gtls_cert_credentials_t structure. | ||
304 | * @func: is the callback function | ||
305 | * | ||
306 | * This function sets a callback to be called in order to retrieve the certificate | ||
307 | * to be used in the handshake. | ||
308 | * The callback's function prototype is: | ||
309 | * int (*callback)(MHD_gtls_session_t, const MHD_gnutls_datum_t* req_ca_dn, int nreqs, | ||
310 | * const enum MHD_GNUTLS_PublicKeyAlgorithm* pk_algos, int pk_algos_length, MHD_gnutls_retr_st* st); | ||
311 | * | ||
312 | * @req_ca_cert is only used in X.509 certificates. | ||
313 | * Contains a list with the CA names that the server considers trusted. | ||
314 | * Normally we should send a certificate that is signed | ||
315 | * by one of these CAs. These names are DER encoded. To get a more | ||
316 | * meaningful value use the function MHD_gnutls_x509_rdn_get(). | ||
317 | * | ||
318 | * @pk_algos contains a list with server's acceptable signature algorithms. | ||
319 | * The certificate returned should support the server's given algorithms. | ||
320 | * | ||
321 | * @st should contain the certificates and private keys. | ||
322 | * | ||
323 | * If the callback function is provided then gnutls will call it, in the | ||
324 | * handshake, after the certificate request message has been received. | ||
325 | * | ||
326 | * The callback function should set the certificate list to be sent, and | ||
327 | * return 0 on success. If no certificate was selected then the number of certificates | ||
328 | * should be set to zero. The value (-1) indicates error and the handshake | ||
329 | * will be terminated. | ||
330 | **/ | ||
331 | void MHD_gtls_certificate_client_set_retrieve_function | ||
332 | (MHD_gtls_cert_credentials_t cred, | ||
333 | MHD_gnutls_certificate_client_retrieve_function * func) | ||
334 | { | ||
335 | cred->client_get_cert_callback = func; | ||
336 | } | ||
337 | |||
338 | /** | ||
339 | * MHD_gtls_certificate_server_set_retrieve_function - Used to set a callback to retrieve the certificate | ||
340 | * @cred: is a #MHD_gtls_cert_credentials_t structure. | ||
341 | * @func: is the callback function | ||
342 | * | ||
343 | * This function sets a callback to be called in order to retrieve the certificate | ||
344 | * to be used in the handshake. | ||
345 | * The callback's function prototype is: | ||
346 | * int (*callback)(MHD_gtls_session_t, MHD_gnutls_retr_st* st); | ||
347 | * | ||
348 | * @st should contain the certificates and private keys. | ||
349 | * | ||
350 | * If the callback function is provided then gnutls will call it, in the | ||
351 | * handshake, after the certificate request message has been received. | ||
352 | * | ||
353 | * The callback function should set the certificate list to be sent, and | ||
354 | * return 0 on success. The value (-1) indicates error and the handshake | ||
355 | * will be terminated. | ||
356 | **/ | ||
357 | void MHD_gtls_certificate_server_set_retrieve_function | ||
358 | (MHD_gtls_cert_credentials_t cred, | ||
359 | MHD_gnutls_certificate_server_retrieve_function * func) | ||
360 | { | ||
361 | cred->server_get_cert_callback = func; | ||
362 | } | ||
363 | 282 | ||
364 | int | 283 | int |
365 | MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert, | 284 | MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert, |
@@ -377,23 +296,6 @@ MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert, | |||
377 | } | 296 | } |
378 | } | 297 | } |
379 | 298 | ||
380 | int | ||
381 | MHD_gtls_raw_privkey_to_gkey (MHD_gnutls_privkey * key, | ||
382 | enum MHD_GNUTLS_CertificateType type, | ||
383 | const MHD_gnutls_datum_t * raw_key, | ||
384 | int key_enc /* DER or PEM */ ) | ||
385 | { | ||
386 | switch (type) | ||
387 | { | ||
388 | case MHD_GNUTLS_CRT_X509: | ||
389 | return MHD__gnutls_x509_raw_privkey_to_gkey (key, raw_key, key_enc); | ||
390 | default: | ||
391 | MHD_gnutls_assert (); | ||
392 | return GNUTLS_E_INTERNAL_ERROR; | ||
393 | } | ||
394 | } | ||
395 | |||
396 | |||
397 | /* This function will convert a der certificate to a format | 299 | /* This function will convert a der certificate to a format |
398 | * (structure) that gnutls can understand and use. Actually the | 300 | * (structure) that gnutls can understand and use. Actually the |
399 | * important thing on this function is that it extracts the | 301 | * important thing on this function is that it extracts the |
@@ -538,47 +440,3 @@ MHD_gtls_gcert_deinit (MHD_gnutls_cert * cert) | |||
538 | MHD__gnutls_free_datum (&cert->raw); | 440 | MHD__gnutls_free_datum (&cert->raw); |
539 | } | 441 | } |
540 | 442 | ||
541 | /** | ||
542 | * MHD_gtls_sign_callback_set: | ||
543 | * @session: is a gnutls session | ||
544 | * @sign_func: function pointer to application's sign callback. | ||
545 | * @userdata: void pointer that will be passed to sign callback. | ||
546 | * | ||
547 | * Set the callback function. The function must have this prototype: | ||
548 | * | ||
549 | * typedef int (*MHD_gnutls_sign_func) (MHD_gtls_session_t session, | ||
550 | * void *userdata, | ||
551 | * enum MHD_GNUTLS_CertificateType cert_type, | ||
552 | * const MHD_gnutls_datum_t * cert, | ||
553 | * const MHD_gnutls_datum_t * hash, | ||
554 | * MHD_gnutls_datum_t * signature); | ||
555 | * | ||
556 | * The @userdata parameter is passed to the @sign_func verbatim, and | ||
557 | * can be used to store application-specific data needed in the | ||
558 | * callback function. See also MHD_gtls_sign_callback_get(). | ||
559 | **/ | ||
560 | void | ||
561 | MHD_gtls_sign_callback_set (MHD_gtls_session_t session, | ||
562 | MHD_gnutls_sign_func sign_func, void *userdata) | ||
563 | { | ||
564 | session->internals.sign_func = sign_func; | ||
565 | session->internals.sign_func_userdata = userdata; | ||
566 | } | ||
567 | |||
568 | /** | ||
569 | * MHD_gtls_sign_callback_get: | ||
570 | * @session: is a gnutls session | ||
571 | * @userdata: if non-%NULL, will be set to abstract callback pointer. | ||
572 | * | ||
573 | * Retrieve the callback function, and its userdata pointer. | ||
574 | * | ||
575 | * Returns: The function pointer set by MHD_gtls_sign_callback_set(), or | ||
576 | * if not set, %NULL. | ||
577 | **/ | ||
578 | MHD_gnutls_sign_func | ||
579 | MHD_gtls_sign_callback_get (MHD_gtls_session_t session, void **userdata) | ||
580 | { | ||
581 | if (userdata) | ||
582 | *userdata = session->internals.sign_func_userdata; | ||
583 | return session->internals.sign_func; | ||
584 | } | ||
diff --git a/src/daemon/https/tls/gnutls_cert.h b/src/daemon/https/tls/gnutls_cert.h index 0a1a04db..124ac963 100644 --- a/src/daemon/https/tls/gnutls_cert.h +++ b/src/daemon/https/tls/gnutls_cert.h | |||
@@ -124,9 +124,4 @@ int MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert, | |||
124 | enum MHD_GNUTLS_CertificateType type, | 124 | enum MHD_GNUTLS_CertificateType type, |
125 | const MHD_gnutls_datum_t * raw_cert, | 125 | const MHD_gnutls_datum_t * raw_cert, |
126 | int flags /* OR of ConvFlags */ ); | 126 | int flags /* OR of ConvFlags */ ); |
127 | int MHD_gtls_raw_privkey_to_gkey (MHD_gnutls_privkey * key, | ||
128 | enum MHD_GNUTLS_CertificateType type, | ||
129 | const MHD_gnutls_datum_t * raw_key, | ||
130 | int key_enc /* DER or PEM */ ); | ||
131 | |||
132 | #endif | 127 | #endif |
diff --git a/src/daemon/https/tls/gnutls_datum.c b/src/daemon/https/tls/gnutls_datum.c index a62c4204..2f03da3b 100644 --- a/src/daemon/https/tls/gnutls_datum.c +++ b/src/daemon/https/tls/gnutls_datum.c | |||
@@ -49,23 +49,6 @@ MHD_gtls_write_datum24 (opaque * dest, MHD_gnutls_datum_t dat) | |||
49 | memcpy (&dest[3], dat.data, dat.size); | 49 | memcpy (&dest[3], dat.data, dat.size); |
50 | } | 50 | } |
51 | 51 | ||
52 | void | ||
53 | MHD_gtls_write_datum32 (opaque * dest, MHD_gnutls_datum_t dat) | ||
54 | { | ||
55 | MHD_gtls_write_uint32 (dat.size, dest); | ||
56 | if (dat.data != NULL) | ||
57 | memcpy (&dest[4], dat.data, dat.size); | ||
58 | } | ||
59 | |||
60 | void | ||
61 | MHD_gtls_write_datum8 (opaque * dest, MHD_gnutls_datum_t dat) | ||
62 | { | ||
63 | dest[0] = (uint8_t) dat.size; | ||
64 | if (dat.data != NULL) | ||
65 | memcpy (&dest[1], dat.data, dat.size); | ||
66 | } | ||
67 | |||
68 | |||
69 | int | 52 | int |
70 | MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data, | 53 | MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data, |
71 | size_t data_size, MHD_gnutls_alloc_function galloc_func) | 54 | size_t data_size, MHD_gnutls_alloc_function galloc_func) |
@@ -87,22 +70,6 @@ MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data, | |||
87 | return 0; | 70 | return 0; |
88 | } | 71 | } |
89 | 72 | ||
90 | int | ||
91 | MHD_gtls_datum_append_m (MHD_gnutls_datum_t * dst, const void *data, | ||
92 | size_t data_size, | ||
93 | MHD_gnutls_realloc_function grealloc_func) | ||
94 | { | ||
95 | |||
96 | dst->data = grealloc_func (dst->data, data_size + dst->size); | ||
97 | if (dst->data == NULL) | ||
98 | return GNUTLS_E_MEMORY_ERROR; | ||
99 | |||
100 | memcpy (&dst->data[dst->size], data, data_size); | ||
101 | dst->size += data_size; | ||
102 | |||
103 | return 0; | ||
104 | } | ||
105 | |||
106 | void | 73 | void |
107 | MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat, | 74 | MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat, |
108 | MHD_gnutls_free_function gfree_func) | 75 | MHD_gnutls_free_function gfree_func) |
diff --git a/src/daemon/https/tls/gnutls_datum.h b/src/daemon/https/tls/gnutls_datum.h index 3e787318..6160de3d 100644 --- a/src/daemon/https/tls/gnutls_datum.h +++ b/src/daemon/https/tls/gnutls_datum.h | |||
@@ -24,16 +24,12 @@ | |||
24 | 24 | ||
25 | void MHD_gtls_write_datum16 (opaque * dest, MHD_gnutls_datum_t dat); | 25 | void MHD_gtls_write_datum16 (opaque * dest, MHD_gnutls_datum_t dat); |
26 | void MHD_gtls_write_datum24 (opaque * dest, MHD_gnutls_datum_t dat); | 26 | void MHD_gtls_write_datum24 (opaque * dest, MHD_gnutls_datum_t dat); |
27 | void MHD_gtls_write_datum32 (opaque * dest, MHD_gnutls_datum_t dat); | ||
28 | void MHD_gtls_write_datum8 (opaque * dest, MHD_gnutls_datum_t dat); | ||
29 | 27 | ||
30 | int MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data, | 28 | int MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data, |
31 | size_t data_size, MHD_gnutls_alloc_function); | 29 | size_t data_size, MHD_gnutls_alloc_function); |
32 | #define MHD__gnutls_set_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_malloc) | 30 | #define MHD__gnutls_set_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_malloc) |
33 | #define MHD__gnutls_sset_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_secure_malloc) | 31 | #define MHD__gnutls_sset_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_secure_malloc) |
34 | 32 | ||
35 | int MHD_gtls_datum_append_m (MHD_gnutls_datum_t * dat, const void *data, | ||
36 | size_t data_size, MHD_gnutls_realloc_function); | ||
37 | #define MHD__gnutls_datum_append(x,y,z) MHD_gtls_datum_append_m(x,y,z, MHD_gnutls_realloc) | 33 | #define MHD__gnutls_datum_append(x,y,z) MHD_gtls_datum_append_m(x,y,z, MHD_gnutls_realloc) |
38 | 34 | ||
39 | void MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat, | 35 | void MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat, |
diff --git a/src/daemon/https/tls/gnutls_extensions.c b/src/daemon/https/tls/gnutls_extensions.c index b8892324..f6c947cb 100644 --- a/src/daemon/https/tls/gnutls_extensions.c +++ b/src/daemon/https/tls/gnutls_extensions.c | |||
@@ -64,12 +64,6 @@ MHD_gtls_extension_entry MHD_gtls_extensions[MAX_EXT_SIZE] = { | |||
64 | MHD_gtls_oprfi_recv_params, | 64 | MHD_gtls_oprfi_recv_params, |
65 | MHD_gtls_oprfi_send_params), | 65 | MHD_gtls_oprfi_send_params), |
66 | #endif | 66 | #endif |
67 | #ifdef ENABLE_SRP | ||
68 | GNUTLS_EXTENSION_ENTRY (GNUTLS_EXTENSION_SRP, | ||
69 | EXTENSION_TLS, | ||
70 | MHD__gnutls_srp_recv_params, | ||
71 | MHD__gnutls_srp_send_params), | ||
72 | #endif | ||
73 | {0, 0, 0, 0} | 67 | {0, 0, 0, 0} |
74 | }; | 68 | }; |
75 | 69 | ||
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c index a0ea34c8..45041ccd 100644 --- a/src/daemon/https/tls/gnutls_handshake.c +++ b/src/daemon/https/tls/gnutls_handshake.c | |||
@@ -1929,36 +1929,6 @@ MHD__gnutls_send_server_hello (MHD_gtls_session_t session, int again) | |||
1929 | 1929 | ||
1930 | datalen = 0; | 1930 | datalen = 0; |
1931 | 1931 | ||
1932 | #ifdef ENABLE_SRP | ||
1933 | if (IS_SRP_KX | ||
1934 | (MHD_gtls_cipher_suite_get_kx_algo | ||
1935 | (&session->security_parameters.current_cipher_suite))) | ||
1936 | { | ||
1937 | /* While resuming we cannot check the username extension since it is | ||
1938 | * not available at this point. It will be copied on connection | ||
1939 | * state activation. | ||
1940 | */ | ||
1941 | if (session->internals.resumed == RESUME_FALSE && | ||
1942 | session->security_parameters.extensions.srp_username[0] == 0) | ||
1943 | { | ||
1944 | /* The peer didn't send a valid SRP extension with the | ||
1945 | * SRP username. The draft requires that we send a fatal | ||
1946 | * alert and abort. | ||
1947 | */ | ||
1948 | MHD_gnutls_assert (); | ||
1949 | ret = MHD__gnutls_alert_send (session, GNUTLS_AL_FATAL, | ||
1950 | GNUTLS_A_UNKNOWN_PSK_IDENTITY); | ||
1951 | if (ret < 0) | ||
1952 | { | ||
1953 | MHD_gnutls_assert (); | ||
1954 | return ret; | ||
1955 | } | ||
1956 | |||
1957 | return GNUTLS_E_ILLEGAL_SRP_USERNAME; | ||
1958 | } | ||
1959 | } | ||
1960 | #endif | ||
1961 | |||
1962 | if (again == 0) | 1932 | if (again == 0) |
1963 | { | 1933 | { |
1964 | datalen = 2 + session_id_len + 1 + TLS_RANDOM_SIZE + 3; | 1934 | datalen = 2 + session_id_len + 1 + TLS_RANDOM_SIZE + 3; |
@@ -2807,22 +2777,6 @@ check_server_params (MHD_gtls_session_t session, | |||
2807 | if (delete == 1) | 2777 | if (delete == 1) |
2808 | return 1; | 2778 | return 1; |
2809 | 2779 | ||
2810 | #ifdef ENABLE_PSK | ||
2811 | } | ||
2812 | else if (cred_type == MHD_GNUTLS_CRD_PSK) | ||
2813 | { | ||
2814 | MHD_gnutls_psk_server_credentials_t psk_cred = | ||
2815 | (MHD_gnutls_psk_server_credentials_t) MHD_gtls_get_cred (session->key, | ||
2816 | cred_type, | ||
2817 | NULL); | ||
2818 | |||
2819 | if (psk_cred != NULL) | ||
2820 | { | ||
2821 | dh_params = | ||
2822 | MHD_gtls_get_dh_params (psk_cred->dh_params, | ||
2823 | psk_cred->params_func, session); | ||
2824 | } | ||
2825 | #endif | ||
2826 | } | 2780 | } |
2827 | else | 2781 | else |
2828 | return 0; /* no need for params */ | 2782 | return 0; /* no need for params */ |
@@ -2955,7 +2909,6 @@ MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, | |||
2955 | SRP credential too. */ | 2909 | SRP credential too. */ |
2956 | if (kx == MHD_GNUTLS_KX_SRP_RSA || kx == MHD_GNUTLS_KX_SRP_DSS) | 2910 | if (kx == MHD_GNUTLS_KX_SRP_RSA || kx == MHD_GNUTLS_KX_SRP_DSS) |
2957 | { | 2911 | { |
2958 | if (!MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_SRP, NULL)) | ||
2959 | delete = 1; | 2912 | delete = 1; |
2960 | } | 2913 | } |
2961 | 2914 | ||
diff --git a/src/daemon/https/tls/gnutls_mem.c b/src/daemon/https/tls/gnutls_mem.c index 6f6086e5..44f1ccf5 100644 --- a/src/daemon/https/tls/gnutls_mem.c +++ b/src/daemon/https/tls/gnutls_mem.c | |||
@@ -32,7 +32,6 @@ MHD_gnutls_free_function MHD_gnutls_free = free; | |||
32 | MHD_gnutls_realloc_function MHD_gnutls_realloc = realloc; | 32 | MHD_gnutls_realloc_function MHD_gnutls_realloc = realloc; |
33 | 33 | ||
34 | void *(*MHD_gnutls_calloc) (size_t, size_t) = calloc; | 34 | void *(*MHD_gnutls_calloc) (size_t, size_t) = calloc; |
35 | char *(*MHD_gnutls_strdup) (const char *) = MHD_gtls_strdup; | ||
36 | 35 | ||
37 | int | 36 | int |
38 | MHD__gnutls_is_secure_mem_null (const void *ign) | 37 | MHD__gnutls_is_secure_mem_null (const void *ign) |
@@ -64,15 +63,3 @@ MHD_gtls_realloc_fast (void *ptr, size_t size) | |||
64 | 63 | ||
65 | return ret; | 64 | return ret; |
66 | } | 65 | } |
67 | |||
68 | char * | ||
69 | MHD_gtls_strdup (const char *str) | ||
70 | { | ||
71 | size_t siz = strlen (str) + 1; | ||
72 | char *ret; | ||
73 | |||
74 | ret = MHD_gnutls_malloc (siz); | ||
75 | if (ret != NULL) | ||
76 | memcpy (ret, str, siz); | ||
77 | return ret; | ||
78 | } | ||
diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c index 62bf3489..8d7b5269 100644 --- a/src/daemon/https/tls/gnutls_priority.c +++ b/src/daemon/https/tls/gnutls_priority.c | |||
@@ -32,40 +32,6 @@ | |||
32 | 32 | ||
33 | #define MAX_ELEMENTS 48 | 33 | #define MAX_ELEMENTS 48 |
34 | 34 | ||
35 | /** | ||
36 | * MHD__gnutls_cipher_set_priority - Sets the priority on the ciphers supported by gnutls. | ||
37 | * @session: is a #MHD_gtls_session_t structure. | ||
38 | * @list: is a 0 terminated list of enum MHD_GNUTLS_CipherAlgorithm elements. | ||
39 | * | ||
40 | * Sets the priority on the ciphers supported by gnutls. | ||
41 | * Priority is higher for elements specified before others. | ||
42 | * After specifying the ciphers you want, you must append a 0. | ||
43 | * Note that the priority is set on the client. The server does | ||
44 | * not use the algorithm's priority except for disabling | ||
45 | * algorithms that were not specified. | ||
46 | * | ||
47 | * Returns 0 on success. | ||
48 | * | ||
49 | **/ | ||
50 | int | ||
51 | MHD__gnutls_cipher_set_priority (MHD_gtls_session_t session, const int *list) | ||
52 | { | ||
53 | int num = 0, i; | ||
54 | |||
55 | while (list[num] != 0) | ||
56 | num++; | ||
57 | if (num > MAX_ALGOS) | ||
58 | num = MAX_ALGOS; | ||
59 | session->internals.priorities.cipher.num_algorithms = num; | ||
60 | |||
61 | for (i = 0; i < num; i++) | ||
62 | { | ||
63 | session->internals.priorities.cipher.priority[i] = list[i]; | ||
64 | } | ||
65 | |||
66 | return 0; | ||
67 | } | ||
68 | |||
69 | static int | 35 | static int |
70 | _set_priority (MHD_gtls_priority_st * st, const int *list) | 36 | _set_priority (MHD_gtls_priority_st * st, const int *list) |
71 | { | 37 | { |
@@ -78,129 +44,6 @@ _set_priority (MHD_gtls_priority_st * st, const int *list) | |||
78 | return 0; | 44 | return 0; |
79 | } | 45 | } |
80 | 46 | ||
81 | /** | ||
82 | * MHD__gnutls_kx_set_priority - Sets the priority on the key exchange algorithms supported by gnutls. | ||
83 | * @session: is a #MHD_gtls_session_t structure. | ||
84 | * @list: is a 0 terminated list of enum MHD_GNUTLS_KeyExchangeAlgorithm elements. | ||
85 | * | ||
86 | * Sets the priority on the key exchange algorithms supported by gnutls. | ||
87 | * Priority is higher for elements specified before others. | ||
88 | * After specifying the algorithms you want, you must append a 0. | ||
89 | * Note that the priority is set on the client. The server does | ||
90 | * not use the algorithm's priority except for disabling | ||
91 | * algorithms that were not specified. | ||
92 | * | ||
93 | * Returns 0 on success. | ||
94 | * | ||
95 | **/ | ||
96 | int | ||
97 | MHD__gnutls_kx_set_priority (MHD_gtls_session_t session, const int *list) | ||
98 | { | ||
99 | return _set_priority (&session->internals.priorities.kx, list); | ||
100 | } | ||
101 | |||
102 | /** | ||
103 | * MHD__gnutls_mac_set_priority - Sets the priority on the mac algorithms supported by gnutls. | ||
104 | * @session: is a #MHD_gtls_session_t structure. | ||
105 | * @list: is a 0 terminated list of enum MHD_GNUTLS_HashAlgorithm elements. | ||
106 | * | ||
107 | * Sets the priority on the mac algorithms supported by gnutls. | ||
108 | * Priority is higher for elements specified before others. | ||
109 | * After specifying the algorithms you want, you must append a 0. | ||
110 | * Note that the priority is set on the client. The server does | ||
111 | * not use the algorithm's priority except for disabling | ||
112 | * algorithms that were not specified. | ||
113 | * | ||
114 | * Returns 0 on success. | ||
115 | * | ||
116 | **/ | ||
117 | int | ||
118 | MHD__gnutls_mac_set_priority (MHD_gtls_session_t session, const int *list) | ||
119 | { | ||
120 | return _set_priority (&session->internals.priorities.mac, list); | ||
121 | } | ||
122 | |||
123 | /** | ||
124 | * MHD__gnutls_compression_set_priority - Sets the priority on the compression algorithms supported by gnutls. | ||
125 | * @session: is a #MHD_gtls_session_t structure. | ||
126 | * @list: is a 0 terminated list of enum MHD_GNUTLS_CompressionMethod elements. | ||
127 | * | ||
128 | * Sets the priority on the compression algorithms supported by gnutls. | ||
129 | * Priority is higher for elements specified before others. | ||
130 | * After specifying the algorithms you want, you must append a 0. | ||
131 | * Note that the priority is set on the client. The server does | ||
132 | * not use the algorithm's priority except for disabling | ||
133 | * algorithms that were not specified. | ||
134 | * | ||
135 | * TLS 1.0 does not define any compression algorithms except | ||
136 | * NULL. Other compression algorithms are to be considered | ||
137 | * as gnutls extensions. | ||
138 | * | ||
139 | * Returns 0 on success. | ||
140 | * | ||
141 | **/ | ||
142 | int | ||
143 | MHD__gnutls_compression_set_priority (MHD_gtls_session_t session, | ||
144 | const int *list) | ||
145 | { | ||
146 | return _set_priority (&session->internals.priorities.compression, list); | ||
147 | } | ||
148 | |||
149 | /** | ||
150 | * MHD__gnutls_protocol_set_priority - Sets the priority on the protocol versions supported by gnutls. | ||
151 | * @session: is a #MHD_gtls_session_t structure. | ||
152 | * @list: is a 0 terminated list of enum MHD_GNUTLS_Protocol elements. | ||
153 | * | ||
154 | * Sets the priority on the protocol versions supported by gnutls. | ||
155 | * This function actually enables or disables protocols. Newer protocol | ||
156 | * versions always have highest priority. | ||
157 | * | ||
158 | * Returns 0 on success. | ||
159 | * | ||
160 | **/ | ||
161 | int | ||
162 | MHD__gnutls_protocol_set_priority (MHD_gtls_session_t session, | ||
163 | const int *list) | ||
164 | { | ||
165 | int ret; | ||
166 | |||
167 | ret = _set_priority (&session->internals.priorities.protocol, list); | ||
168 | /* set the current version to the first in the chain. | ||
169 | * This will be overridden later. | ||
170 | */ | ||
171 | MHD_gtls_set_current_version (session, list[0]); | ||
172 | |||
173 | return ret; | ||
174 | } | ||
175 | |||
176 | /** | ||
177 | * MHD__gnutls_certificate_type_set_priority - Sets the priority on the certificate types supported by gnutls. | ||
178 | * @session: is a #MHD_gtls_session_t structure. | ||
179 | * @list: is a 0 terminated list of enum MHD_GNUTLS_CertificateType elements. | ||
180 | * | ||
181 | * Sets the priority on the certificate types supported by gnutls. | ||
182 | * Priority is higher for elements specified before others. | ||
183 | * After specifying the types you want, you must append a 0. | ||
184 | * Note that the certificate type priority is set on the client. | ||
185 | * The server does not use the cert type priority except for disabling | ||
186 | * types that were not specified. | ||
187 | * | ||
188 | * Returns 0 on success. | ||
189 | * | ||
190 | **/ | ||
191 | int | ||
192 | MHD__gnutls_certificate_type_set_priority (MHD_gtls_session_t session, | ||
193 | const int *list) | ||
194 | { | ||
195 | #if ENABLE_OPENPGP | ||
196 | return _set_priority (&session->internals.priorities.cert_type, list); | ||
197 | #else | ||
198 | |||
199 | return GNUTLS_E_UNIMPLEMENTED_FEATURE; | ||
200 | |||
201 | #endif | ||
202 | } | ||
203 | |||
204 | static const int MHD_gtls_protocol_priority[] = { MHD_GNUTLS_PROTOCOL_TLS1_1, | 47 | static const int MHD_gtls_protocol_priority[] = { MHD_GNUTLS_PROTOCOL_TLS1_1, |
205 | MHD_GNUTLS_PROTOCOL_TLS1_0, | 48 | MHD_GNUTLS_PROTOCOL_TLS1_0, |
206 | MHD_GNUTLS_PROTOCOL_SSL3, | 49 | MHD_GNUTLS_PROTOCOL_SSL3, |
diff --git a/src/daemon/https/tls/gnutls_record.c b/src/daemon/https/tls/gnutls_record.c index 80d5f70f..e1667105 100644 --- a/src/daemon/https/tls/gnutls_record.c +++ b/src/daemon/https/tls/gnutls_record.c | |||
@@ -81,24 +81,6 @@ MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num) | |||
81 | } | 81 | } |
82 | 82 | ||
83 | /** | 83 | /** |
84 | * MHD_gtls_record_disable_padding - Used to disabled padding in TLS 1.0 and above | ||
85 | * @session: is a #MHD_gtls_session_t structure. | ||
86 | * | ||
87 | * Used to disabled padding in TLS 1.0 and above. Normally you do | ||
88 | * not need to use this function, but there are buggy clients that | ||
89 | * complain if a server pads the encrypted data. This of course will | ||
90 | * disable protection against statistical attacks on the data. | ||
91 | * | ||
92 | * Normally only servers that require maximum compatibility with everything | ||
93 | * out there, need to call this function. | ||
94 | **/ | ||
95 | void | ||
96 | MHD_gtls_record_disable_padding (MHD_gtls_session_t session) | ||
97 | { | ||
98 | session->internals.priorities.no_padding = 1; | ||
99 | } | ||
100 | |||
101 | /** | ||
102 | * MHD__gnutls_transport_set_ptr - Used to set first argument of the transport functions | 84 | * MHD__gnutls_transport_set_ptr - Used to set first argument of the transport functions |
103 | * @session: is a #MHD_gtls_session_t structure. | 85 | * @session: is a #MHD_gtls_session_t structure. |
104 | * @ptr: is the value. | 86 | * @ptr: is the value. |
@@ -116,26 +98,6 @@ MHD__gnutls_transport_set_ptr (MHD_gtls_session_t session, | |||
116 | } | 98 | } |
117 | 99 | ||
118 | /** | 100 | /** |
119 | * MHD__gnutls_transport_set_ptr2 - Used to set first argument of the transport functions | ||
120 | * @session: is a #MHD_gtls_session_t structure. | ||
121 | * @recv_ptr: is the value for the pull function | ||
122 | * @send_ptr: is the value for the push function | ||
123 | * | ||
124 | * Used to set the first argument of the transport function (like | ||
125 | * PUSH and PULL). In berkeley style sockets this function will set | ||
126 | * the connection handle. With this function you can use two | ||
127 | * different pointers for receiving and sending. | ||
128 | **/ | ||
129 | void | ||
130 | MHD__gnutls_transport_set_ptr2 (MHD_gtls_session_t session, | ||
131 | MHD_gnutls_transport_ptr_t recv_ptr, | ||
132 | MHD_gnutls_transport_ptr_t send_ptr) | ||
133 | { | ||
134 | session->internals.transport_send_ptr = send_ptr; | ||
135 | session->internals.transport_recv_ptr = recv_ptr; | ||
136 | } | ||
137 | |||
138 | /** | ||
139 | * MHD__gnutls_bye - This function terminates the current TLS/SSL connection. | 101 | * MHD__gnutls_bye - This function terminates the current TLS/SSL connection. |
140 | * @session: is a #MHD_gtls_session_t structure. | 102 | * @session: is a #MHD_gtls_session_t structure. |
141 | * @how: is an integer | 103 | * @how: is an integer |
@@ -1128,59 +1090,3 @@ MHD__gnutls_record_recv (MHD_gtls_session_t session, void *data, | |||
1128 | sizeofdata); | 1090 | sizeofdata); |
1129 | } | 1091 | } |
1130 | 1092 | ||
1131 | /** | ||
1132 | * MHD__gnutls_record_get_max_size - returns the maximum record size | ||
1133 | * @session: is a #MHD_gtls_session_t structure. | ||
1134 | * | ||
1135 | * This function returns the maximum record packet size in this | ||
1136 | * connection. The maximum record size is negotiated by the client | ||
1137 | * after the first handshake message. | ||
1138 | **/ | ||
1139 | size_t | ||
1140 | MHD__gnutls_record_get_max_size (MHD_gtls_session_t session) | ||
1141 | { | ||
1142 | /* Recv will hold the negotiated max record size | ||
1143 | * always. | ||
1144 | */ | ||
1145 | return session->security_parameters.max_record_recv_size; | ||
1146 | } | ||
1147 | |||
1148 | /** | ||
1149 | * MHD__gnutls_record_set_max_size - sets the maximum record size | ||
1150 | * @session: is a #MHD_gtls_session_t structure. | ||
1151 | * @size: is the new size | ||
1152 | * | ||
1153 | * This function sets the maximum record packet size in this | ||
1154 | * connection. This property can only be set to clients. The server | ||
1155 | * may choose not to accept the requested size. | ||
1156 | * | ||
1157 | * Acceptable values are 512(=2^9), 1024(=2^10), 2048(=2^11) and | ||
1158 | * 4096(=2^12). Returns 0 on success. The requested record size does | ||
1159 | * get in effect immediately only while sending data. The receive | ||
1160 | * part will take effect after a successful handshake. | ||
1161 | * | ||
1162 | * This function uses a TLS extension called 'max record size'. Not | ||
1163 | * all TLS implementations use or even understand this extension. | ||
1164 | **/ | ||
1165 | ssize_t | ||
1166 | MHD__gnutls_record_set_max_size (MHD_gtls_session_t session, size_t size) | ||
1167 | { | ||
1168 | ssize_t new_size; | ||
1169 | |||
1170 | if (session->security_parameters.entity == GNUTLS_SERVER) | ||
1171 | return GNUTLS_E_INVALID_REQUEST; | ||
1172 | |||
1173 | new_size = MHD_gtls_mre_record2num (size); | ||
1174 | |||
1175 | if (new_size < 0) | ||
1176 | { | ||
1177 | MHD_gnutls_assert (); | ||
1178 | return new_size; | ||
1179 | } | ||
1180 | |||
1181 | session->security_parameters.max_record_send_size = size; | ||
1182 | |||
1183 | session->internals.proposed_record_size = size; | ||
1184 | |||
1185 | return 0; | ||
1186 | } | ||
diff --git a/src/daemon/https/tls/gnutls_session.c b/src/daemon/https/tls/gnutls_session.c deleted file mode 100644 index b7ba3764..00000000 --- a/src/daemon/https/tls/gnutls_session.c +++ /dev/null | |||
@@ -1,71 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | #include "gnutls_int.h" | ||
25 | #include "gnutls_errors.h" | ||
26 | #include "debug.h" | ||
27 | #include "gnutls_session_pack.h" | ||
28 | #include <gnutls_datum.h> | ||
29 | |||
30 | /* TODO this file should be removed if session resumption will be abandoned */ | ||
31 | |||
32 | /** | ||
33 | * MHD_gtls_session_get_id - Returns session id. | ||
34 | * @session: is a #MHD_gtls_session_t structure. | ||
35 | * @session_id: is a pointer to space to hold the session id. | ||
36 | * @session_id_size: is the session id's size, or it will be set by the function. | ||
37 | * | ||
38 | * Returns the current session id. This can be used if you want to check if | ||
39 | * the next session you tried to resume was actually resumed. | ||
40 | * This is because resumed sessions have the same sessionID with the | ||
41 | * original session. | ||
42 | * | ||
43 | * Session id is some data set by the server, that identify the current session. | ||
44 | * In TLS 1.0 and SSL 3.0 session id is always less than 32 bytes. | ||
45 | * | ||
46 | * Returns zero on success. | ||
47 | **/ | ||
48 | int | ||
49 | MHD_gtls_session_get_id (MHD_gtls_session_t session, | ||
50 | void *session_id, size_t * session_id_size) | ||
51 | { | ||
52 | size_t given_session_id_size = *session_id_size; | ||
53 | |||
54 | *session_id_size = session->security_parameters.session_id_size; | ||
55 | |||
56 | /* just return the session size */ | ||
57 | if (session_id == NULL) | ||
58 | { | ||
59 | return 0; | ||
60 | } | ||
61 | |||
62 | if (given_session_id_size < session->security_parameters.session_id_size) | ||
63 | { | ||
64 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
65 | } | ||
66 | |||
67 | memcpy (session_id, &session->security_parameters.session_id, | ||
68 | *session_id_size); | ||
69 | |||
70 | return 0; | ||
71 | } | ||
diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c deleted file mode 100644 index be80bfb7..00000000 --- a/src/daemon/https/tls/gnutls_session_pack.c +++ /dev/null | |||
@@ -1,1025 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* Contains functions that are supposed to pack and unpack session data, | ||
26 | * before and after they are sent to the database backend. | ||
27 | */ | ||
28 | |||
29 | #include <gnutls_int.h> | ||
30 | #ifdef ENABLE_SRP | ||
31 | # include <auth_srp.h> | ||
32 | #endif | ||
33 | #ifdef ENABLE_PSK | ||
34 | # include <auth_psk.h> | ||
35 | #endif | ||
36 | #include <auth_cert.h> | ||
37 | #include <gnutls_errors.h> | ||
38 | #include <gnutls_auth_int.h> | ||
39 | #include <gnutls_session_pack.h> | ||
40 | #include <gnutls_datum.h> | ||
41 | #include <gnutls_num.h> | ||
42 | |||
43 | #define PACK_HEADER_SIZE 1 | ||
44 | #define MAX_SEC_PARAMS 7+MAX_SRP_USERNAME+MAX_SERVER_NAME_EXTENSIONS*(3+MAX_SERVER_NAME_SIZE)+165 | ||
45 | static int pack_certificate_auth_info (MHD_gtls_session_t, | ||
46 | MHD_gnutls_datum_t * packed_session); | ||
47 | static int unpack_certificate_auth_info (MHD_gtls_session_t, | ||
48 | const MHD_gnutls_datum_t * | ||
49 | packed_session); | ||
50 | |||
51 | static int unpack_security_parameters (MHD_gtls_session_t session, | ||
52 | const MHD_gnutls_datum_t * | ||
53 | packed_session); | ||
54 | static int pack_security_parameters (MHD_gtls_session_t session, | ||
55 | MHD_gnutls_datum_t * packed_session); | ||
56 | |||
57 | /* Since auth_info structures contain malloced data, this function | ||
58 | * is required in order to pack these structures in a vector in | ||
59 | * order to store them to the DB. | ||
60 | * | ||
61 | * packed_session will contain the session data. | ||
62 | * | ||
63 | * The data will be in a platform independent format. | ||
64 | */ | ||
65 | int | ||
66 | MHD_gtls_session_pack (MHD_gtls_session_t session, | ||
67 | MHD_gnutls_datum_t * packed_session) | ||
68 | { | ||
69 | int ret; | ||
70 | |||
71 | if (packed_session == NULL) | ||
72 | { | ||
73 | MHD_gnutls_assert (); | ||
74 | return GNUTLS_E_INTERNAL_ERROR; | ||
75 | } | ||
76 | |||
77 | |||
78 | switch (MHD_gtls_auth_get_type (session)) | ||
79 | { | ||
80 | #ifdef ENABLE_SRP | ||
81 | case MHD_GNUTLS_CRD_SRP: | ||
82 | ret = pack_srp_auth_info (session, packed_session); | ||
83 | if (ret < 0) | ||
84 | { | ||
85 | MHD_gnutls_assert (); | ||
86 | return ret; | ||
87 | } | ||
88 | break; | ||
89 | #endif | ||
90 | #ifdef ENABLE_PSK | ||
91 | case MHD_GNUTLS_CRD_PSK: | ||
92 | ret = pack_psk_auth_info (session, packed_session); | ||
93 | if (ret < 0) | ||
94 | { | ||
95 | MHD_gnutls_assert (); | ||
96 | return ret; | ||
97 | } | ||
98 | break; | ||
99 | #endif | ||
100 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
101 | ret = pack_certificate_auth_info (session, packed_session); | ||
102 | if (ret < 0) | ||
103 | { | ||
104 | MHD_gnutls_assert (); | ||
105 | return ret; | ||
106 | } | ||
107 | break; | ||
108 | default: | ||
109 | return GNUTLS_E_INTERNAL_ERROR; | ||
110 | |||
111 | } | ||
112 | |||
113 | /* Auth_info structures copied. Now copy MHD_gtls_security_param_st. | ||
114 | * packed_session must have allocated space for the security parameters. | ||
115 | */ | ||
116 | ret = pack_security_parameters (session, packed_session); | ||
117 | if (ret < 0) | ||
118 | { | ||
119 | MHD_gnutls_assert (); | ||
120 | MHD__gnutls_free_datum (packed_session); | ||
121 | return ret; | ||
122 | } | ||
123 | |||
124 | return 0; | ||
125 | } | ||
126 | |||
127 | |||
128 | /* Load session data from a buffer. | ||
129 | */ | ||
130 | int | ||
131 | MHD_gtls_session_unpack (MHD_gtls_session_t session, | ||
132 | const MHD_gnutls_datum_t * packed_session) | ||
133 | { | ||
134 | int ret; | ||
135 | |||
136 | if (packed_session == NULL || packed_session->size == 0) | ||
137 | { | ||
138 | MHD_gnutls_assert (); | ||
139 | return GNUTLS_E_INTERNAL_ERROR; | ||
140 | } | ||
141 | |||
142 | if (MHD_gtls_get_auth_info (session) != NULL) | ||
143 | { | ||
144 | MHD_gtls_free_auth_info (session); | ||
145 | } | ||
146 | |||
147 | switch (packed_session->data[0]) | ||
148 | { | ||
149 | #ifdef ENABLE_SRP | ||
150 | case MHD_GNUTLS_CRD_SRP: | ||
151 | ret = unpack_srp_auth_info (session, packed_session); | ||
152 | if (ret < 0) | ||
153 | { | ||
154 | MHD_gnutls_assert (); | ||
155 | return ret; | ||
156 | } | ||
157 | break; | ||
158 | #endif | ||
159 | #ifdef ENABLE_PSK | ||
160 | case MHD_GNUTLS_CRD_PSK: | ||
161 | ret = unpack_psk_auth_info (session, packed_session); | ||
162 | if (ret < 0) | ||
163 | { | ||
164 | MHD_gnutls_assert (); | ||
165 | return ret; | ||
166 | } | ||
167 | break; | ||
168 | #endif | ||
169 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
170 | ret = unpack_certificate_auth_info (session, packed_session); | ||
171 | if (ret < 0) | ||
172 | { | ||
173 | MHD_gnutls_assert (); | ||
174 | return ret; | ||
175 | } | ||
176 | break; | ||
177 | default: | ||
178 | MHD_gnutls_assert (); | ||
179 | return GNUTLS_E_INTERNAL_ERROR; | ||
180 | |||
181 | } | ||
182 | |||
183 | /* Auth_info structures copied. Now copy MHD_gtls_security_param_st. | ||
184 | * packed_session must have allocated space for the security parameters. | ||
185 | */ | ||
186 | ret = unpack_security_parameters (session, packed_session); | ||
187 | if (ret < 0) | ||
188 | { | ||
189 | MHD_gnutls_assert (); | ||
190 | return ret; | ||
191 | } | ||
192 | |||
193 | return 0; | ||
194 | } | ||
195 | |||
196 | |||
197 | /* Format: | ||
198 | * 1 byte the credentials type | ||
199 | * 4 bytes the size of the whole structure | ||
200 | * DH stuff | ||
201 | * 2 bytes the size of secret key in bits | ||
202 | * 4 bytes the size of the prime | ||
203 | * x bytes the prime | ||
204 | * 4 bytes the size of the generator | ||
205 | * x bytes the generator | ||
206 | * 4 bytes the size of the public key | ||
207 | * x bytes the public key | ||
208 | * RSA stuff | ||
209 | * 4 bytes the size of the modulus | ||
210 | * x bytes the modulus | ||
211 | * 4 bytes the size of the exponent | ||
212 | * x bytes the exponent | ||
213 | * CERTIFICATES | ||
214 | * 4 bytes the length of the certificate list | ||
215 | * 4 bytes the size of first certificate | ||
216 | * x bytes the certificate | ||
217 | * and so on... | ||
218 | */ | ||
219 | static int | ||
220 | pack_certificate_auth_info (MHD_gtls_session_t session, | ||
221 | MHD_gnutls_datum_t * packed_session) | ||
222 | { | ||
223 | unsigned int pos = 0, i; | ||
224 | int cert_size, pack_size; | ||
225 | cert_auth_info_t info = MHD_gtls_get_auth_info (session); | ||
226 | |||
227 | if (info) | ||
228 | { | ||
229 | cert_size = 4; | ||
230 | |||
231 | for (i = 0; i < info->ncerts; i++) | ||
232 | cert_size += 4 + info->raw_certificate_list[i].size; | ||
233 | |||
234 | pack_size = 2 + 4 + info->dh.prime.size + | ||
235 | 4 + info->dh.generator.size + 4 + info->dh.public_key.size + | ||
236 | 4 + info->rsa_export.modulus.size + | ||
237 | 4 + info->rsa_export.exponent.size + cert_size; | ||
238 | } | ||
239 | else | ||
240 | pack_size = 0; | ||
241 | |||
242 | packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t); | ||
243 | |||
244 | /* calculate the size and allocate the data. | ||
245 | */ | ||
246 | packed_session->data = | ||
247 | MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS); | ||
248 | |||
249 | if (packed_session->data == NULL) | ||
250 | { | ||
251 | MHD_gnutls_assert (); | ||
252 | return GNUTLS_E_MEMORY_ERROR; | ||
253 | } | ||
254 | |||
255 | packed_session->data[0] = MHD_GNUTLS_CRD_CERTIFICATE; | ||
256 | MHD_gtls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]); | ||
257 | pos += 4 + PACK_HEADER_SIZE; | ||
258 | |||
259 | |||
260 | if (pack_size > 0) | ||
261 | { | ||
262 | |||
263 | MHD_gtls_write_uint16 (info->dh.secret_bits, | ||
264 | &packed_session->data[pos]); | ||
265 | pos += 2; | ||
266 | |||
267 | MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime); | ||
268 | pos += 4 + info->dh.prime.size; | ||
269 | MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator); | ||
270 | pos += 4 + info->dh.generator.size; | ||
271 | MHD_gtls_write_datum32 (&packed_session->data[pos], | ||
272 | info->dh.public_key); | ||
273 | pos += 4 + info->dh.public_key.size; | ||
274 | |||
275 | MHD_gtls_write_datum32 (&packed_session->data[pos], | ||
276 | info->rsa_export.modulus); | ||
277 | pos += 4 + info->rsa_export.modulus.size; | ||
278 | MHD_gtls_write_datum32 (&packed_session->data[pos], | ||
279 | info->rsa_export.exponent); | ||
280 | pos += 4 + info->rsa_export.exponent.size; | ||
281 | |||
282 | MHD_gtls_write_uint32 (info->ncerts, &packed_session->data[pos]); | ||
283 | pos += 4; | ||
284 | |||
285 | for (i = 0; i < info->ncerts; i++) | ||
286 | { | ||
287 | MHD_gtls_write_datum32 (&packed_session->data[pos], | ||
288 | info->raw_certificate_list[i]); | ||
289 | pos += sizeof (uint32_t) + info->raw_certificate_list[i].size; | ||
290 | } | ||
291 | } | ||
292 | |||
293 | return 0; | ||
294 | } | ||
295 | |||
296 | |||
297 | /* Upack certificate info. | ||
298 | */ | ||
299 | static int | ||
300 | unpack_certificate_auth_info (MHD_gtls_session_t session, | ||
301 | const MHD_gnutls_datum_t * packed_session) | ||
302 | { | ||
303 | int pos = 0, size, ret; | ||
304 | unsigned int i = 0, j; | ||
305 | size_t pack_size; | ||
306 | cert_auth_info_t info; | ||
307 | |||
308 | if (packed_session->data[0] != MHD_GNUTLS_CRD_CERTIFICATE) | ||
309 | { | ||
310 | MHD_gnutls_assert (); | ||
311 | return GNUTLS_E_INVALID_REQUEST; | ||
312 | } | ||
313 | |||
314 | pack_size = MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]); | ||
315 | pos += PACK_HEADER_SIZE + 4; | ||
316 | |||
317 | if (pack_size == 0) | ||
318 | return 0; /* nothing to be done */ | ||
319 | |||
320 | /* a simple check for integrity */ | ||
321 | if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size) | ||
322 | { | ||
323 | MHD_gnutls_assert (); | ||
324 | return GNUTLS_E_INVALID_REQUEST; | ||
325 | } | ||
326 | |||
327 | /* client and server have the same auth_info here | ||
328 | */ | ||
329 | ret = | ||
330 | MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, | ||
331 | sizeof (cert_auth_info_st), 1); | ||
332 | if (ret < 0) | ||
333 | { | ||
334 | MHD_gnutls_assert (); | ||
335 | return ret; | ||
336 | } | ||
337 | |||
338 | info = MHD_gtls_get_auth_info (session); | ||
339 | if (info == NULL) | ||
340 | { | ||
341 | MHD_gnutls_assert (); | ||
342 | return GNUTLS_E_INTERNAL_ERROR; | ||
343 | } | ||
344 | |||
345 | info->dh.secret_bits = MHD_gtls_read_uint16 (&packed_session->data[pos]); | ||
346 | pos += 2; | ||
347 | |||
348 | size = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
349 | pos += 4; | ||
350 | ret = | ||
351 | MHD__gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size); | ||
352 | if (ret < 0) | ||
353 | { | ||
354 | MHD_gnutls_assert (); | ||
355 | goto error; | ||
356 | } | ||
357 | pos += size; | ||
358 | |||
359 | size = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
360 | pos += 4; | ||
361 | ret = | ||
362 | MHD__gnutls_set_datum (&info->dh.generator, &packed_session->data[pos], | ||
363 | size); | ||
364 | if (ret < 0) | ||
365 | { | ||
366 | MHD_gnutls_assert (); | ||
367 | goto error; | ||
368 | } | ||
369 | pos += size; | ||
370 | |||
371 | size = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
372 | pos += 4; | ||
373 | ret = | ||
374 | MHD__gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos], | ||
375 | size); | ||
376 | if (ret < 0) | ||
377 | { | ||
378 | MHD_gnutls_assert (); | ||
379 | goto error; | ||
380 | } | ||
381 | pos += size; | ||
382 | |||
383 | size = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
384 | pos += 4; | ||
385 | ret = | ||
386 | MHD__gnutls_set_datum (&info->rsa_export.modulus, | ||
387 | &packed_session->data[pos], size); | ||
388 | if (ret < 0) | ||
389 | { | ||
390 | MHD_gnutls_assert (); | ||
391 | goto error; | ||
392 | } | ||
393 | pos += size; | ||
394 | |||
395 | size = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
396 | pos += 4; | ||
397 | ret = | ||
398 | MHD__gnutls_set_datum (&info->rsa_export.exponent, | ||
399 | &packed_session->data[pos], size); | ||
400 | if (ret < 0) | ||
401 | { | ||
402 | MHD_gnutls_assert (); | ||
403 | goto error; | ||
404 | } | ||
405 | pos += size; | ||
406 | |||
407 | info->ncerts = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
408 | pos += 4; | ||
409 | |||
410 | if (info->ncerts > 0) | ||
411 | { | ||
412 | info->raw_certificate_list = | ||
413 | MHD_gnutls_calloc (1, sizeof (MHD_gnutls_datum_t) * info->ncerts); | ||
414 | if (info->raw_certificate_list == NULL) | ||
415 | { | ||
416 | MHD_gnutls_assert (); | ||
417 | ret = GNUTLS_E_MEMORY_ERROR; | ||
418 | goto error; | ||
419 | } | ||
420 | } | ||
421 | |||
422 | for (i = 0; i < info->ncerts; i++) | ||
423 | { | ||
424 | size = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
425 | pos += sizeof (uint32_t); | ||
426 | |||
427 | ret = | ||
428 | MHD__gnutls_set_datum (&info->raw_certificate_list[i], | ||
429 | &packed_session->data[pos], size); | ||
430 | pos += size; | ||
431 | |||
432 | if (ret < 0) | ||
433 | { | ||
434 | MHD_gnutls_assert (); | ||
435 | goto error; | ||
436 | } | ||
437 | } | ||
438 | |||
439 | |||
440 | return 0; | ||
441 | |||
442 | error: | ||
443 | MHD__gnutls_free_datum (&info->dh.prime); | ||
444 | MHD__gnutls_free_datum (&info->dh.generator); | ||
445 | MHD__gnutls_free_datum (&info->dh.public_key); | ||
446 | |||
447 | MHD__gnutls_free_datum (&info->rsa_export.modulus); | ||
448 | MHD__gnutls_free_datum (&info->rsa_export.exponent); | ||
449 | |||
450 | for (j = 0; j < i; j++) | ||
451 | MHD__gnutls_free_datum (&info->raw_certificate_list[j]); | ||
452 | |||
453 | MHD_gnutls_free (info->raw_certificate_list); | ||
454 | |||
455 | return ret; | ||
456 | |||
457 | } | ||
458 | |||
459 | #ifdef ENABLE_SRP | ||
460 | /* Packs the SRP session authentication data. | ||
461 | */ | ||
462 | |||
463 | /* Format: | ||
464 | * 1 byte the credentials type | ||
465 | * 4 bytes the size of the SRP username (x) | ||
466 | * x bytes the SRP username | ||
467 | */ | ||
468 | static int | ||
469 | pack_srp_auth_info (MHD_gtls_session_t session, | ||
470 | MHD_gnutls_datum_t * packed_session) | ||
471 | { | ||
472 | srp_server_auth_info_t info = MHD_gtls_get_auth_info (session); | ||
473 | int pack_size; | ||
474 | |||
475 | if (info && info->username) | ||
476 | pack_size = strlen (info->username) + 1; /* include the terminating null */ | ||
477 | else | ||
478 | pack_size = 0; | ||
479 | |||
480 | packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t); | ||
481 | |||
482 | /* calculate the size and allocate the data. | ||
483 | */ | ||
484 | packed_session->data = | ||
485 | MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS); | ||
486 | |||
487 | if (packed_session->data == NULL) | ||
488 | { | ||
489 | MHD_gnutls_assert (); | ||
490 | return GNUTLS_E_MEMORY_ERROR; | ||
491 | } | ||
492 | |||
493 | packed_session->data[0] = MHD_GNUTLS_CRD_SRP; | ||
494 | MHD_gtls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]); | ||
495 | |||
496 | if (pack_size > 0) | ||
497 | memcpy (&packed_session->data[PACK_HEADER_SIZE + sizeof (uint32_t)], | ||
498 | info->username, pack_size + 1); | ||
499 | |||
500 | return 0; | ||
501 | } | ||
502 | |||
503 | |||
504 | static int | ||
505 | unpack_srp_auth_info (MHD_gtls_session_t session, | ||
506 | const MHD_gnutls_datum_t * packed_session) | ||
507 | { | ||
508 | size_t username_size; | ||
509 | int ret; | ||
510 | srp_server_auth_info_t info; | ||
511 | |||
512 | if (packed_session->data[0] != MHD_GNUTLS_CRD_SRP) | ||
513 | { | ||
514 | MHD_gnutls_assert (); | ||
515 | return GNUTLS_E_INVALID_REQUEST; | ||
516 | } | ||
517 | |||
518 | username_size = | ||
519 | MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]); | ||
520 | |||
521 | if (username_size == 0) | ||
522 | return 0; /* nothing to be done */ | ||
523 | |||
524 | /* a simple check for integrity */ | ||
525 | if (username_size + 4 + PACK_HEADER_SIZE > packed_session->size) | ||
526 | { | ||
527 | MHD_gnutls_assert (); | ||
528 | return GNUTLS_E_INVALID_REQUEST; | ||
529 | } | ||
530 | |||
531 | ret = | ||
532 | MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_SRP, | ||
533 | sizeof (srp_server_auth_info_st), 1); | ||
534 | if (ret < 0) | ||
535 | { | ||
536 | MHD_gnutls_assert (); | ||
537 | return ret; | ||
538 | } | ||
539 | |||
540 | info = MHD_gtls_get_auth_info (session); | ||
541 | if (info == NULL) | ||
542 | { | ||
543 | MHD_gnutls_assert (); | ||
544 | return GNUTLS_E_INTERNAL_ERROR; | ||
545 | } | ||
546 | |||
547 | memcpy (info->username, | ||
548 | &packed_session->data[PACK_HEADER_SIZE + sizeof (uint32_t)], | ||
549 | username_size); | ||
550 | |||
551 | return 0; | ||
552 | } | ||
553 | #endif | ||
554 | |||
555 | |||
556 | |||
557 | #ifdef ENABLE_PSK | ||
558 | /* Packs the PSK session authentication data. | ||
559 | */ | ||
560 | |||
561 | /* Format: | ||
562 | * 1 byte the credentials type | ||
563 | * 4 bytes the size of the whole structure | ||
564 | * 4 bytes the size of the PSK username (x) | ||
565 | * x bytes the PSK username | ||
566 | * 2 bytes the size of secret key in bits | ||
567 | * 4 bytes the size of the prime | ||
568 | * x bytes the prime | ||
569 | * 4 bytes the size of the generator | ||
570 | * x bytes the generator | ||
571 | * 4 bytes the size of the public key | ||
572 | * x bytes the public key | ||
573 | */ | ||
574 | static int | ||
575 | pack_psk_auth_info (MHD_gtls_session_t session, | ||
576 | MHD_gnutls_datum_t * packed_session) | ||
577 | { | ||
578 | psk_auth_info_t info; | ||
579 | int pack_size, username_size = 0, pos; | ||
580 | |||
581 | info = MHD_gtls_get_auth_info (session); | ||
582 | |||
583 | if (info) | ||
584 | { | ||
585 | username_size = strlen (info->username) + 1; /* include the terminating null */ | ||
586 | pack_size = username_size + | ||
587 | 2 + 4 * 3 + info->dh.prime.size + info->dh.generator.size + | ||
588 | info->dh.public_key.size; | ||
589 | } | ||
590 | else | ||
591 | pack_size = 0; | ||
592 | |||
593 | packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t); | ||
594 | |||
595 | /* calculate the size and allocate the data. | ||
596 | */ | ||
597 | packed_session->data = | ||
598 | MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS); | ||
599 | |||
600 | if (packed_session->data == NULL) | ||
601 | { | ||
602 | MHD_gnutls_assert (); | ||
603 | return GNUTLS_E_MEMORY_ERROR; | ||
604 | } | ||
605 | |||
606 | pos = 0; | ||
607 | |||
608 | packed_session->data[pos] = MHD_GNUTLS_CRD_PSK; | ||
609 | pos++; | ||
610 | |||
611 | MHD_gtls_write_uint32 (pack_size, &packed_session->data[pos]); | ||
612 | pos += 4; | ||
613 | |||
614 | |||
615 | if (pack_size > 0) | ||
616 | { | ||
617 | MHD_gtls_write_uint32 (username_size, &packed_session->data[pos]); | ||
618 | pos += 4; | ||
619 | |||
620 | memcpy (&packed_session->data[pos], info->username, username_size); | ||
621 | pos += username_size; | ||
622 | |||
623 | MHD_gtls_write_uint16 (info->dh.secret_bits, | ||
624 | &packed_session->data[pos]); | ||
625 | pos += 2; | ||
626 | |||
627 | MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime); | ||
628 | pos += 4 + info->dh.prime.size; | ||
629 | MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator); | ||
630 | pos += 4 + info->dh.generator.size; | ||
631 | MHD_gtls_write_datum32 (&packed_session->data[pos], | ||
632 | info->dh.public_key); | ||
633 | pos += 4 + info->dh.public_key.size; | ||
634 | |||
635 | } | ||
636 | |||
637 | |||
638 | return 0; | ||
639 | } | ||
640 | |||
641 | static int | ||
642 | unpack_psk_auth_info (MHD_gtls_session_t session, | ||
643 | const MHD_gnutls_datum_t * packed_session) | ||
644 | { | ||
645 | size_t username_size; | ||
646 | size_t pack_size; | ||
647 | int pos = 0, size, ret; | ||
648 | psk_auth_info_t info; | ||
649 | |||
650 | if (packed_session->data[0] != MHD_GNUTLS_CRD_PSK) | ||
651 | { | ||
652 | MHD_gnutls_assert (); | ||
653 | return GNUTLS_E_INVALID_REQUEST; | ||
654 | } | ||
655 | |||
656 | pack_size = MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]); | ||
657 | pos += PACK_HEADER_SIZE + 4; | ||
658 | |||
659 | |||
660 | if (pack_size == 0) | ||
661 | return 0; /* nothing to be done */ | ||
662 | |||
663 | /* a simple check for integrity */ | ||
664 | if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size) | ||
665 | { | ||
666 | MHD_gnutls_assert (); | ||
667 | return GNUTLS_E_INVALID_REQUEST; | ||
668 | } | ||
669 | |||
670 | /* client and serer have the same auth_info here | ||
671 | */ | ||
672 | ret = | ||
673 | MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_PSK, | ||
674 | sizeof (psk_auth_info_st), 1); | ||
675 | if (ret < 0) | ||
676 | { | ||
677 | MHD_gnutls_assert (); | ||
678 | return ret; | ||
679 | } | ||
680 | |||
681 | info = MHD_gtls_get_auth_info (session); | ||
682 | if (info == NULL) | ||
683 | { | ||
684 | MHD_gnutls_assert (); | ||
685 | return GNUTLS_E_INTERNAL_ERROR; | ||
686 | } | ||
687 | |||
688 | username_size = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
689 | pos += 4; | ||
690 | |||
691 | memcpy (info->username, &packed_session->data[pos], username_size); | ||
692 | pos += username_size; | ||
693 | |||
694 | info->dh.secret_bits = MHD_gtls_read_uint16 (&packed_session->data[pos]); | ||
695 | pos += 2; | ||
696 | |||
697 | size = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
698 | pos += 4; | ||
699 | ret = | ||
700 | MHD__gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size); | ||
701 | if (ret < 0) | ||
702 | { | ||
703 | MHD_gnutls_assert (); | ||
704 | goto error; | ||
705 | } | ||
706 | pos += size; | ||
707 | |||
708 | size = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
709 | pos += 4; | ||
710 | ret = | ||
711 | MHD__gnutls_set_datum (&info->dh.generator, &packed_session->data[pos], | ||
712 | size); | ||
713 | if (ret < 0) | ||
714 | { | ||
715 | MHD_gnutls_assert (); | ||
716 | goto error; | ||
717 | } | ||
718 | pos += size; | ||
719 | |||
720 | size = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
721 | pos += 4; | ||
722 | ret = | ||
723 | MHD__gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos], | ||
724 | size); | ||
725 | if (ret < 0) | ||
726 | { | ||
727 | MHD_gnutls_assert (); | ||
728 | goto error; | ||
729 | } | ||
730 | pos += size; | ||
731 | |||
732 | return 0; | ||
733 | |||
734 | error: | ||
735 | MHD__gnutls_free_datum (&info->dh.prime); | ||
736 | MHD__gnutls_free_datum (&info->dh.generator); | ||
737 | MHD__gnutls_free_datum (&info->dh.public_key); | ||
738 | return ret; | ||
739 | } | ||
740 | #endif | ||
741 | |||
742 | |||
743 | /* Packs the security parameters. | ||
744 | */ | ||
745 | |||
746 | /* Format: | ||
747 | * 4 bytes the total security data size | ||
748 | * 1 byte the entity type (client/server) | ||
749 | * 1 byte the key exchange algorithm used | ||
750 | * 1 byte the read cipher algorithm | ||
751 | * 1 byte the read mac algorithm | ||
752 | * 1 byte the read compression algorithm | ||
753 | * | ||
754 | * 1 byte the write cipher algorithm | ||
755 | * 1 byte the write mac algorithm | ||
756 | * 1 byte the write compression algorithm | ||
757 | * | ||
758 | * 1 byte the certificate type | ||
759 | * 1 byte the protocol version | ||
760 | * | ||
761 | * 2 bytes the cipher suite | ||
762 | * | ||
763 | * 48 bytes the master secret | ||
764 | * | ||
765 | * 32 bytes the client random | ||
766 | * 32 bytes the server random | ||
767 | * | ||
768 | * 1 byte the session ID size | ||
769 | * x bytes the session ID (32 bytes max) | ||
770 | * | ||
771 | * 4 bytes a timestamp | ||
772 | * ------------------- | ||
773 | * MAX: 165 bytes | ||
774 | * | ||
775 | * EXTENSIONS: | ||
776 | * 2 bytes the record send size | ||
777 | * 2 bytes the record recv size | ||
778 | * | ||
779 | * 1 byte the SRP username size | ||
780 | * x bytes the SRP username (MAX_SRP_USERNAME) | ||
781 | * | ||
782 | * 2 bytes the number of server name extensions (up to MAX_SERVER_NAME_EXTENSIONS) | ||
783 | * 1 byte the first name type | ||
784 | * 2 bytes the size of the first name | ||
785 | * x bytes the first name (MAX_SERVER_NAME_SIZE) | ||
786 | * and so on... | ||
787 | * | ||
788 | * -------------------- | ||
789 | * MAX: 7+MAX_SRP_USERNAME+MAX_SERVER_NAME_EXTENSIONS*(3+MAX_SERVER_NAME_SIZE) | ||
790 | */ | ||
791 | static int | ||
792 | pack_security_parameters (MHD_gtls_session_t session, | ||
793 | MHD_gnutls_datum_t * packed_session) | ||
794 | { | ||
795 | int pos = 0; | ||
796 | size_t len, init, i; | ||
797 | |||
798 | /* move after the auth info stuff. | ||
799 | */ | ||
800 | init = | ||
801 | MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]) + 4 + | ||
802 | PACK_HEADER_SIZE; | ||
803 | |||
804 | pos = init + 4; /* make some space to write later the size */ | ||
805 | |||
806 | packed_session->data[pos++] = session->security_parameters.entity; | ||
807 | packed_session->data[pos++] = session->security_parameters.kx_algorithm; | ||
808 | packed_session->data[pos++] = | ||
809 | session->security_parameters.read_bulk_cipher_algorithm; | ||
810 | packed_session->data[pos++] = | ||
811 | session->security_parameters.read_mac_algorithm; | ||
812 | packed_session->data[pos++] = | ||
813 | session->security_parameters.read_compression_algorithm; | ||
814 | packed_session->data[pos++] = | ||
815 | session->security_parameters.write_bulk_cipher_algorithm; | ||
816 | packed_session->data[pos++] = | ||
817 | session->security_parameters.write_mac_algorithm; | ||
818 | packed_session->data[pos++] = | ||
819 | session->security_parameters.write_compression_algorithm; | ||
820 | packed_session->data[pos++] = | ||
821 | session->security_parameters.current_cipher_suite.suite[0]; | ||
822 | packed_session->data[pos++] = | ||
823 | session->security_parameters.current_cipher_suite.suite[1]; | ||
824 | |||
825 | packed_session->data[pos++] = session->security_parameters.cert_type; | ||
826 | packed_session->data[pos++] = session->security_parameters.version; | ||
827 | |||
828 | memcpy (&packed_session->data[pos], | ||
829 | session->security_parameters.master_secret, TLS_MASTER_SIZE); | ||
830 | pos += TLS_MASTER_SIZE; | ||
831 | |||
832 | memcpy (&packed_session->data[pos], | ||
833 | session->security_parameters.client_random, TLS_RANDOM_SIZE); | ||
834 | pos += TLS_RANDOM_SIZE; | ||
835 | memcpy (&packed_session->data[pos], | ||
836 | session->security_parameters.server_random, TLS_RANDOM_SIZE); | ||
837 | pos += TLS_RANDOM_SIZE; | ||
838 | |||
839 | packed_session->data[pos++] = session->security_parameters.session_id_size; | ||
840 | memcpy (&packed_session->data[pos], session->security_parameters.session_id, | ||
841 | session->security_parameters.session_id_size); | ||
842 | pos += session->security_parameters.session_id_size; | ||
843 | |||
844 | MHD_gtls_write_uint32 (session->security_parameters.timestamp, | ||
845 | &packed_session->data[pos]); | ||
846 | pos += 4; | ||
847 | |||
848 | /* Extensions */ | ||
849 | MHD_gtls_write_uint16 (session->security_parameters.max_record_send_size, | ||
850 | &packed_session->data[pos]); | ||
851 | pos += 2; | ||
852 | |||
853 | MHD_gtls_write_uint16 (session->security_parameters.max_record_recv_size, | ||
854 | &packed_session->data[pos]); | ||
855 | pos += 2; | ||
856 | |||
857 | /* SRP */ | ||
858 | len = | ||
859 | strlen ((char *) session->security_parameters.extensions.srp_username); | ||
860 | packed_session->data[pos++] = len; | ||
861 | memcpy (&packed_session->data[pos], | ||
862 | session->security_parameters.extensions.srp_username, len); | ||
863 | pos += len; | ||
864 | |||
865 | MHD_gtls_write_uint16 (session->security_parameters. | ||
866 | extensions.server_names_size, | ||
867 | &packed_session->data[pos]); | ||
868 | pos += 2; | ||
869 | |||
870 | for (i = 0; i < session->security_parameters.extensions.server_names_size; | ||
871 | i++) | ||
872 | { | ||
873 | packed_session->data[pos++] = | ||
874 | session->security_parameters.extensions.server_names[i].type; | ||
875 | MHD_gtls_write_uint16 (session->security_parameters. | ||
876 | extensions.server_names[i].name_length, | ||
877 | &packed_session->data[pos]); | ||
878 | pos += 2; | ||
879 | |||
880 | memcpy (&packed_session->data[pos], | ||
881 | session->security_parameters.extensions.server_names[i].name, | ||
882 | session->security_parameters.extensions. | ||
883 | server_names[i].name_length); | ||
884 | pos += | ||
885 | session->security_parameters.extensions.server_names[i].name_length; | ||
886 | } | ||
887 | |||
888 | /* write the total size */ | ||
889 | MHD_gtls_write_uint32 (pos - init - 4, &packed_session->data[init]); | ||
890 | packed_session->size += pos - init; | ||
891 | |||
892 | return 0; | ||
893 | } | ||
894 | |||
895 | |||
896 | static int | ||
897 | unpack_security_parameters (MHD_gtls_session_t session, | ||
898 | const MHD_gnutls_datum_t * packed_session) | ||
899 | { | ||
900 | size_t pack_size, init, i; | ||
901 | int pos = 0, len; | ||
902 | time_t timestamp = time (0); | ||
903 | |||
904 | |||
905 | /* skip the auth info stuff */ | ||
906 | init = | ||
907 | MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]) + 4 + | ||
908 | PACK_HEADER_SIZE; | ||
909 | |||
910 | pos = init; | ||
911 | |||
912 | pack_size = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
913 | pos += 4; | ||
914 | |||
915 | |||
916 | if (pack_size == 0) | ||
917 | return GNUTLS_E_INVALID_REQUEST; | ||
918 | |||
919 | /* a simple check for integrity */ | ||
920 | if (pack_size > MAX_SEC_PARAMS) | ||
921 | { | ||
922 | MHD_gnutls_assert (); | ||
923 | return GNUTLS_E_INVALID_REQUEST; | ||
924 | } | ||
925 | |||
926 | session->internals.resumed_security_parameters.entity = | ||
927 | packed_session->data[pos++]; | ||
928 | session->internals.resumed_security_parameters.kx_algorithm = | ||
929 | packed_session->data[pos++]; | ||
930 | session->internals.resumed_security_parameters.read_bulk_cipher_algorithm = | ||
931 | packed_session->data[pos++]; | ||
932 | session->internals.resumed_security_parameters.read_mac_algorithm = | ||
933 | packed_session->data[pos++]; | ||
934 | session->internals.resumed_security_parameters.read_compression_algorithm = | ||
935 | packed_session->data[pos++]; | ||
936 | session->internals.resumed_security_parameters.write_bulk_cipher_algorithm = | ||
937 | packed_session->data[pos++]; | ||
938 | session->internals.resumed_security_parameters.write_mac_algorithm = | ||
939 | packed_session->data[pos++]; | ||
940 | session->internals.resumed_security_parameters.write_compression_algorithm = | ||
941 | packed_session->data[pos++]; | ||
942 | session->internals.resumed_security_parameters. | ||
943 | current_cipher_suite.suite[0] = packed_session->data[pos++]; | ||
944 | session->internals.resumed_security_parameters. | ||
945 | current_cipher_suite.suite[1] = packed_session->data[pos++]; | ||
946 | |||
947 | session->internals.resumed_security_parameters.cert_type = | ||
948 | packed_session->data[pos++]; | ||
949 | session->internals.resumed_security_parameters.version = | ||
950 | packed_session->data[pos++]; | ||
951 | |||
952 | memcpy (session->internals.resumed_security_parameters.master_secret, | ||
953 | &packed_session->data[pos], TLS_MASTER_SIZE); | ||
954 | pos += TLS_MASTER_SIZE; | ||
955 | |||
956 | memcpy (session->internals.resumed_security_parameters.client_random, | ||
957 | &packed_session->data[pos], TLS_RANDOM_SIZE); | ||
958 | pos += TLS_RANDOM_SIZE; | ||
959 | memcpy (session->internals.resumed_security_parameters.server_random, | ||
960 | &packed_session->data[pos], TLS_RANDOM_SIZE); | ||
961 | pos += TLS_RANDOM_SIZE; | ||
962 | |||
963 | session->internals.resumed_security_parameters.session_id_size = | ||
964 | packed_session->data[pos++]; | ||
965 | memcpy (session->internals.resumed_security_parameters.session_id, | ||
966 | &packed_session->data[pos], | ||
967 | session->internals.resumed_security_parameters.session_id_size); | ||
968 | pos += session->internals.resumed_security_parameters.session_id_size; | ||
969 | |||
970 | session->internals.resumed_security_parameters.timestamp = | ||
971 | MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
972 | pos += 4; | ||
973 | |||
974 | if (timestamp - session->internals.resumed_security_parameters.timestamp > | ||
975 | session->internals.expire_time | ||
976 | || session->internals.resumed_security_parameters.timestamp > timestamp) | ||
977 | { | ||
978 | MHD_gnutls_assert (); | ||
979 | return GNUTLS_E_EXPIRED; | ||
980 | } | ||
981 | |||
982 | /* Extensions */ | ||
983 | session->internals.resumed_security_parameters.max_record_send_size = | ||
984 | MHD_gtls_read_uint16 (&packed_session->data[pos]); | ||
985 | pos += 2; | ||
986 | |||
987 | session->internals.resumed_security_parameters.max_record_recv_size = | ||
988 | MHD_gtls_read_uint16 (&packed_session->data[pos]); | ||
989 | pos += 2; | ||
990 | |||
991 | |||
992 | /* SRP */ | ||
993 | len = packed_session->data[pos++]; /* srp username length */ | ||
994 | memcpy (session->internals.resumed_security_parameters. | ||
995 | extensions.srp_username, &packed_session->data[pos], len); | ||
996 | session->internals.resumed_security_parameters. | ||
997 | extensions.srp_username[len] = 0; | ||
998 | pos += len; | ||
999 | |||
1000 | session->internals.resumed_security_parameters. | ||
1001 | extensions.server_names_size = | ||
1002 | MHD_gtls_read_uint16 (&packed_session->data[pos]); | ||
1003 | pos += 2; | ||
1004 | for (i = 0; | ||
1005 | i < | ||
1006 | session->internals.resumed_security_parameters. | ||
1007 | extensions.server_names_size; i++) | ||
1008 | { | ||
1009 | session->internals.resumed_security_parameters. | ||
1010 | extensions.server_names[i].type = packed_session->data[pos++]; | ||
1011 | session->internals.resumed_security_parameters. | ||
1012 | extensions.server_names[i].name_length = | ||
1013 | MHD_gtls_read_uint16 (&packed_session->data[pos]); | ||
1014 | pos += 2; | ||
1015 | |||
1016 | memcpy (session->internals.resumed_security_parameters. | ||
1017 | extensions.server_names[i].name, &packed_session->data[pos], | ||
1018 | session->internals.resumed_security_parameters. | ||
1019 | extensions.server_names[i].name_length); | ||
1020 | pos += | ||
1021 | session->internals.resumed_security_parameters. | ||
1022 | extensions.server_names[i].name_length; | ||
1023 | } | ||
1024 | return 0; | ||
1025 | } | ||
diff --git a/src/daemon/https/tls/gnutls_session_pack.h b/src/daemon/https/tls/gnutls_session_pack.h deleted file mode 100644 index e327f71f..00000000 --- a/src/daemon/https/tls/gnutls_session_pack.h +++ /dev/null | |||
@@ -1,28 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | int MHD_gtls_session_pack (MHD_gtls_session_t session, | ||
26 | MHD_gnutls_datum_t * packed_session); | ||
27 | int MHD_gtls_session_unpack (MHD_gtls_session_t session, | ||
28 | const MHD_gnutls_datum_t * packed_session); | ||
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c index 0372b0f6..9d819b68 100644 --- a/src/daemon/https/tls/gnutls_state.c +++ b/src/daemon/https/tls/gnutls_state.c | |||
@@ -89,18 +89,6 @@ MHD_gnutls_kx_get (MHD_gtls_session_t session) | |||
89 | } | 89 | } |
90 | 90 | ||
91 | /** | 91 | /** |
92 | * MHD_gnutls_mac_get - Returns the currently used mac algorithm. | ||
93 | * @session: is a #MHD_gtls_session_t structure. | ||
94 | * | ||
95 | * Returns: the currently used mac algorithm. | ||
96 | **/ | ||
97 | enum MHD_GNUTLS_HashAlgorithm | ||
98 | MHD_gnutls_mac_get (MHD_gtls_session_t session) | ||
99 | { | ||
100 | return session->security_parameters.read_mac_algorithm; | ||
101 | } | ||
102 | |||
103 | /** | ||
104 | * MHD_gnutls_compression_get - Returns the currently used compression algorithm. | 92 | * MHD_gnutls_compression_get - Returns the currently used compression algorithm. |
105 | * @session: is a #MHD_gtls_session_t structure. | 93 | * @session: is a #MHD_gtls_session_t structure. |
106 | * | 94 | * |
@@ -322,13 +310,6 @@ MHD__gnutls_init (MHD_gtls_session_t * session, | |||
322 | return 0; | 310 | return 0; |
323 | } | 311 | } |
324 | 312 | ||
325 | /* returns RESUME_FALSE or RESUME_TRUE. | ||
326 | */ | ||
327 | int | ||
328 | MHD_gtls_session_is_resumable (MHD_gtls_session_t session) | ||
329 | { | ||
330 | return session->internals.resumable; | ||
331 | } | ||
332 | 313 | ||
333 | /** | 314 | /** |
334 | * MHD__gnutls_deinit - This function clears all buffers associated with a session | 315 | * MHD__gnutls_deinit - This function clears all buffers associated with a session |
@@ -607,29 +588,6 @@ MHD__gnutls_record_set_default_version (MHD_gtls_session_t session, | |||
607 | session->internals.default_record_version[1] = minor; | 588 | session->internals.default_record_version[1] = minor; |
608 | } | 589 | } |
609 | 590 | ||
610 | /** | ||
611 | * MHD_gtls_handshake_set_private_extensions - Used to enable the private cipher suites | ||
612 | * @session: is a #MHD_gtls_session_t structure. | ||
613 | * @allow: is an integer (0 or 1) | ||
614 | * | ||
615 | * This function will enable or disable the use of private cipher | ||
616 | * suites (the ones that start with 0xFF). By default or if @allow | ||
617 | * is 0 then these cipher suites will not be advertized nor used. | ||
618 | * | ||
619 | * Unless this function is called with the option to allow (1), then | ||
620 | * no compression algorithms, like LZO. That is because these | ||
621 | * algorithms are not yet defined in any RFC or even internet draft. | ||
622 | * | ||
623 | * Enabling the private ciphersuites when talking to other than | ||
624 | * gnutls servers and clients may cause interoperability problems. | ||
625 | **/ | ||
626 | void | ||
627 | MHD_gtls_handshake_set_private_extensions (MHD_gtls_session_t session, | ||
628 | int allow) | ||
629 | { | ||
630 | session->internals.enable_private = allow; | ||
631 | } | ||
632 | |||
633 | inline static int | 591 | inline static int |
634 | MHD__gnutls_cal_PRF_A (enum MHD_GNUTLS_HashAlgorithm algorithm, | 592 | MHD__gnutls_cal_PRF_A (enum MHD_GNUTLS_HashAlgorithm algorithm, |
635 | const void *secret, | 593 | const void *secret, |
@@ -834,208 +792,6 @@ MHD_gtls_PRF (MHD_gtls_session_t session, | |||
834 | 792 | ||
835 | } | 793 | } |
836 | 794 | ||
837 | /** | ||
838 | * MHD__gnutls_prf_raw - access the TLS PRF directly | ||
839 | * @session: is a #MHD_gtls_session_t structure. | ||
840 | * @label_size: length of the @label variable. | ||
841 | * @label: label used in PRF computation, typically a short string. | ||
842 | * @seed_size: length of the @seed variable. | ||
843 | * @seed: optional extra data to seed the PRF with. | ||
844 | * @outsize: size of pre-allocated output buffer to hold the output. | ||
845 | * @out: pre-allocate buffer to hold the generated data. | ||
846 | * | ||
847 | * Apply the TLS Pseudo-Random-Function (PRF) using the master secret | ||
848 | * on some data. | ||
849 | * | ||
850 | * The @label variable usually contain a string denoting the purpose | ||
851 | * for the generated data. The @seed usually contain data such as the | ||
852 | * client and server random, perhaps together with some additional | ||
853 | * data that is added to guarantee uniqueness of the output for a | ||
854 | * particular purpose. | ||
855 | * | ||
856 | * Because the output is not guaranteed to be unique for a particular | ||
857 | * session unless @seed include the client random and server random | ||
858 | * fields (the PRF would output the same data on another connection | ||
859 | * resumed from the first one), it is not recommended to use this | ||
860 | * function directly. The MHD__gnutls_prf() function seed the PRF with the | ||
861 | * client and server random fields directly, and is recommended if you | ||
862 | * want to generate pseudo random data unique for each session. | ||
863 | * | ||
864 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code. | ||
865 | **/ | ||
866 | int | ||
867 | MHD__gnutls_prf_raw (MHD_gtls_session_t session, | ||
868 | size_t label_size, | ||
869 | const char *label, | ||
870 | size_t seed_size, const char *seed, size_t outsize, | ||
871 | char *out) | ||
872 | { | ||
873 | int ret; | ||
874 | |||
875 | ret = MHD_gtls_PRF (session, session->security_parameters.master_secret, | ||
876 | TLS_MASTER_SIZE, label, label_size, (opaque *) seed, | ||
877 | seed_size, outsize, out); | ||
878 | |||
879 | return ret; | ||
880 | } | ||
881 | |||
882 | /** | ||
883 | * MHD__gnutls_prf - derive pseudo-random data using the TLS PRF | ||
884 | * @session: is a #MHD_gtls_session_t structure. | ||
885 | * @label_size: length of the @label variable. | ||
886 | * @label: label used in PRF computation, typically a short string. | ||
887 | * @server_random_first: non-0 if server random field should be first in seed | ||
888 | * @extra_size: length of the @extra variable. | ||
889 | * @extra: optional extra data to seed the PRF with. | ||
890 | * @outsize: size of pre-allocated output buffer to hold the output. | ||
891 | * @out: pre-allocate buffer to hold the generated data. | ||
892 | * | ||
893 | * Apply the TLS Pseudo-Random-Function (PRF) using the master secret | ||
894 | * on some data, seeded with the client and server random fields. | ||
895 | * | ||
896 | * The @label variable usually contain a string denoting the purpose | ||
897 | * for the generated data. The @server_random_first indicate whether | ||
898 | * the client random field or the server random field should be first | ||
899 | * in the seed. Non-0 indicate that the server random field is first, | ||
900 | * 0 that the client random field is first. | ||
901 | * | ||
902 | * The @extra variable can be used to add more data to the seed, after | ||
903 | * the random variables. It can be used to tie make sure the | ||
904 | * generated output is strongly connected to some additional data | ||
905 | * (e.g., a string used in user authentication). | ||
906 | * | ||
907 | * The output is placed in *@OUT, which must be pre-allocated. | ||
908 | * | ||
909 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code. | ||
910 | **/ | ||
911 | int | ||
912 | MHD__gnutls_prf (MHD_gtls_session_t session, | ||
913 | size_t label_size, | ||
914 | const char *label, | ||
915 | int server_random_first, | ||
916 | size_t extra_size, const char *extra, size_t outsize, | ||
917 | char *out) | ||
918 | { | ||
919 | int ret; | ||
920 | opaque *seed; | ||
921 | size_t seedsize = 2 * TLS_RANDOM_SIZE + extra_size; | ||
922 | |||
923 | seed = MHD_gnutls_malloc (seedsize); | ||
924 | if (!seed) | ||
925 | { | ||
926 | MHD_gnutls_assert (); | ||
927 | return GNUTLS_E_MEMORY_ERROR; | ||
928 | } | ||
929 | |||
930 | memcpy (seed, | ||
931 | server_random_first ? session->security_parameters.server_random | ||
932 | : session->security_parameters.client_random, TLS_RANDOM_SIZE); | ||
933 | memcpy (seed + TLS_RANDOM_SIZE, | ||
934 | server_random_first ? session->security_parameters.client_random | ||
935 | : session->security_parameters.server_random, TLS_RANDOM_SIZE); | ||
936 | |||
937 | memcpy (seed + 2 * TLS_RANDOM_SIZE, extra, extra_size); | ||
938 | |||
939 | ret = MHD_gtls_PRF (session, session->security_parameters.master_secret, | ||
940 | TLS_MASTER_SIZE, label, label_size, seed, seedsize, | ||
941 | outsize, out); | ||
942 | |||
943 | MHD_gnutls_free (seed); | ||
944 | |||
945 | return ret; | ||
946 | } | ||
947 | |||
948 | /** | ||
949 | * MHD_gtls_session_get_client_random - get the session's client random value | ||
950 | * @session: is a #MHD_gtls_session_t structure. | ||
951 | * | ||
952 | * Return a pointer to the 32-byte client random field used in the | ||
953 | * session. The pointer must not be modified or deallocated. | ||
954 | * | ||
955 | * If a client random value has not yet been established, the output | ||
956 | * will be garbage; in particular, a %NULL return value should not be | ||
957 | * expected. | ||
958 | * | ||
959 | * Returns: pointer to client random data. | ||
960 | **/ | ||
961 | const void * | ||
962 | MHD_gtls_session_get_client_random (MHD_gtls_session_t session) | ||
963 | { | ||
964 | return (char *) session->security_parameters.client_random; | ||
965 | } | ||
966 | |||
967 | /** | ||
968 | * MHD_gtls_session_get_server_random - get the session's server random value | ||
969 | * @session: is a #MHD_gtls_session_t structure. | ||
970 | * | ||
971 | * Return a pointer to the 32-byte server random field used in the | ||
972 | * session. The pointer must not be modified or deallocated. | ||
973 | * | ||
974 | * If a server random value has not yet been established, the output | ||
975 | * will be garbage; in particular, a %NULL return value should not be | ||
976 | * expected. | ||
977 | * | ||
978 | * Returns: pointer to server random data. | ||
979 | **/ | ||
980 | const void * | ||
981 | MHD_gtls_session_get_server_random (MHD_gtls_session_t session) | ||
982 | { | ||
983 | return (char *) session->security_parameters.server_random; | ||
984 | } | ||
985 | |||
986 | /** | ||
987 | * MHD_gtls_session_get_master_secret - get the session's master secret value | ||
988 | * @session: is a #MHD_gtls_session_t structure. | ||
989 | * | ||
990 | * Return a pointer to the 48-byte master secret in the session. The | ||
991 | * pointer must not be modified or deallocated. | ||
992 | * | ||
993 | * If a master secret value has not yet been established, the output | ||
994 | * will be garbage; in particular, a %NULL return value should not be | ||
995 | * expected. | ||
996 | * | ||
997 | * Consider using MHD__gnutls_prf() rather than extracting the master | ||
998 | * secret and use it to derive further data. | ||
999 | * | ||
1000 | * Returns: pointer to master secret data. | ||
1001 | **/ | ||
1002 | const void * | ||
1003 | MHD_gtls_session_get_master_secret (MHD_gtls_session_t session) | ||
1004 | { | ||
1005 | return (char *) session->security_parameters.master_secret; | ||
1006 | } | ||
1007 | |||
1008 | /** | ||
1009 | * MHD_gtls_session_is_resumed - Used to check whether this session is a resumed one | ||
1010 | * @session: is a #MHD_gtls_session_t structure. | ||
1011 | * | ||
1012 | * Returns: non zero if this session is resumed, or a zero if this is | ||
1013 | * a new session. | ||
1014 | **/ | ||
1015 | int | ||
1016 | MHD_gtls_session_is_resumed (MHD_gtls_session_t session) | ||
1017 | { | ||
1018 | #if MHD_DEBUG_TLS | ||
1019 | if (session->security_parameters.entity == GNUTLS_CLIENT) | ||
1020 | { | ||
1021 | if (session->security_parameters.session_id_size > 0 | ||
1022 | && session->security_parameters.session_id_size | ||
1023 | == session->internals.resumed_security_parameters.session_id_size | ||
1024 | && memcmp (session->security_parameters.session_id, | ||
1025 | session->internals. | ||
1026 | resumed_security_parameters.session_id, | ||
1027 | session->security_parameters.session_id_size) == 0) | ||
1028 | return 1; | ||
1029 | } | ||
1030 | else | ||
1031 | #endif | ||
1032 | { | ||
1033 | if (session->internals.resumed == RESUME_TRUE) | ||
1034 | return 1; | ||
1035 | } | ||
1036 | |||
1037 | return 0; | ||
1038 | } | ||
1039 | 795 | ||
1040 | /*- | 796 | /*- |
1041 | * MHD_gtls_session_is_export - Used to check whether this session is of export grade | 797 | * MHD_gtls_session_is_export - Used to check whether this session is of export grade |
@@ -1060,34 +816,6 @@ MHD_gtls_session_is_export (MHD_gtls_session_t session) | |||
1060 | } | 816 | } |
1061 | 817 | ||
1062 | /** | 818 | /** |
1063 | * MHD_gtls_session_get_ptr - Used to get the user pointer from the session structure | ||
1064 | * @session: is a #MHD_gtls_session_t structure. | ||
1065 | * | ||
1066 | * Returns: the user given pointer from the session structure. This | ||
1067 | * is the pointer set with MHD__gnutls_session_set_ptr(). | ||
1068 | **/ | ||
1069 | void * | ||
1070 | MHD_gtls_session_get_ptr (MHD_gtls_session_t session) | ||
1071 | { | ||
1072 | return session->internals.user_ptr; | ||
1073 | } | ||
1074 | |||
1075 | /** | ||
1076 | * MHD__gnutls_session_set_ptr - Used to set the user pointer to the session structure | ||
1077 | * @session: is a #MHD_gtls_session_t structure. | ||
1078 | * @ptr: is the user pointer | ||
1079 | * | ||
1080 | * This function will set (associate) the user given pointer to the | ||
1081 | * session structure. This is pointer can be accessed with | ||
1082 | * MHD_gtls_session_get_ptr(). | ||
1083 | **/ | ||
1084 | void | ||
1085 | MHD__gnutls_session_set_ptr (MHD_gtls_session_t session, void *ptr) | ||
1086 | { | ||
1087 | session->internals.user_ptr = ptr; | ||
1088 | } | ||
1089 | |||
1090 | /** | ||
1091 | * MHD__gnutls_record_get_direction - This function will return the direction of the last interrupted function call | 819 | * MHD__gnutls_record_get_direction - This function will return the direction of the last interrupted function call |
1092 | * @session: is a #MHD_gtls_session_t structure. | 820 | * @session: is a #MHD_gtls_session_t structure. |
1093 | * | 821 | * |
@@ -1110,52 +838,3 @@ MHD__gnutls_record_get_direction (MHD_gtls_session_t session) | |||
1110 | return session->internals.direction; | 838 | return session->internals.direction; |
1111 | } | 839 | } |
1112 | 840 | ||
1113 | /*- | ||
1114 | * MHD__gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS | ||
1115 | * @session: is a #MHD_gtls_session_t structure. | ||
1116 | * @major: is the major version to use | ||
1117 | * @minor: is the minor version to use | ||
1118 | * | ||
1119 | * This function will set the given version number to be used at the | ||
1120 | * RSA PMS secret. This is only useful to clients, which want to | ||
1121 | * test server's capabilities. | ||
1122 | * | ||
1123 | -*/ | ||
1124 | void | ||
1125 | MHD__gnutls_rsa_pms_set_version (MHD_gtls_session_t session, | ||
1126 | unsigned char major, unsigned char minor) | ||
1127 | { | ||
1128 | session->internals.rsa_pms_version[0] = major; | ||
1129 | session->internals.rsa_pms_version[1] = minor; | ||
1130 | } | ||
1131 | |||
1132 | /** | ||
1133 | * MHD__gnutls_handshake_set_post_client_hello_function - This function will a callback to be called after the client hello is received | ||
1134 | * @res: is a MHD_gtls_anon_server_credentials_t structure | ||
1135 | * @func: is the function to be called | ||
1136 | * | ||
1137 | * This function will set a callback to be called after the client | ||
1138 | * hello has been received (callback valid in server side only). This | ||
1139 | * allows the server to adjust settings based on received extensions. | ||
1140 | * | ||
1141 | * Those settings could be ciphersuites, requesting certificate, or | ||
1142 | * anything else except for version negotiation (this is done before | ||
1143 | * the hello message is parsed). | ||
1144 | * | ||
1145 | * This callback must return 0 on success or a gnutls error code to | ||
1146 | * terminate the handshake. | ||
1147 | * | ||
1148 | * NOTE: You should not use this function to terminate the handshake | ||
1149 | * based on client input unless you know what you are doing. Before | ||
1150 | * the handshake is finished there is no way to know if there is a | ||
1151 | * man-in-the-middle attack being performed. | ||
1152 | * | ||
1153 | **/ | ||
1154 | void | ||
1155 | MHD__gnutls_handshake_set_post_client_hello_function (MHD_gtls_session_t | ||
1156 | session, | ||
1157 | MHD_gnutls_handshake_post_client_hello_func | ||
1158 | func) | ||
1159 | { | ||
1160 | session->internals.user_hello_func = func; | ||
1161 | } | ||
diff --git a/src/daemon/https/tls/gnutls_str.c b/src/daemon/https/tls/gnutls_str.c index 4fc4174b..4f123217 100644 --- a/src/daemon/https/tls/gnutls_str.c +++ b/src/daemon/https/tls/gnutls_str.c | |||
@@ -73,24 +73,6 @@ MHD_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src) | |||
73 | } | 73 | } |
74 | 74 | ||
75 | void | 75 | void |
76 | MHD_gtls_mem_cpy (char *dest, | ||
77 | size_t dest_tot_size, const char *src, size_t src_size) | ||
78 | { | ||
79 | |||
80 | if (dest_tot_size >= src_size) | ||
81 | { | ||
82 | memcpy (dest, src, src_size); | ||
83 | } | ||
84 | else | ||
85 | { | ||
86 | if (dest_tot_size > 0) | ||
87 | { | ||
88 | memcpy (dest, src, dest_tot_size); | ||
89 | } | ||
90 | } | ||
91 | } | ||
92 | |||
93 | void | ||
94 | MHD_gtls_string_init (MHD_gtls_string * str, | 76 | MHD_gtls_string_init (MHD_gtls_string * str, |
95 | MHD_gnutls_alloc_function alloc_func, | 77 | MHD_gnutls_alloc_function alloc_func, |
96 | MHD_gnutls_realloc_function realloc_func, | 78 | MHD_gnutls_realloc_function realloc_func, |
@@ -117,83 +99,8 @@ MHD_gtls_string_clear (MHD_gtls_string * str) | |||
117 | str->length = 0; | 99 | str->length = 0; |
118 | } | 100 | } |
119 | 101 | ||
120 | /* This one does not copy the string. | ||
121 | */ | ||
122 | MHD_gnutls_datum_t | ||
123 | MHD_gtls_string2datum (MHD_gtls_string * str) | ||
124 | { | ||
125 | MHD_gnutls_datum_t ret; | ||
126 | |||
127 | ret.data = str->data; | ||
128 | ret.size = str->length; | ||
129 | |||
130 | return ret; | ||
131 | } | ||
132 | |||
133 | #define MIN_CHUNK 256 | 102 | #define MIN_CHUNK 256 |
134 | 103 | ||
135 | int | ||
136 | MHD_gtls_string_copy_str (MHD_gtls_string * dest, const char *src) | ||
137 | { | ||
138 | size_t src_len = strlen (src); | ||
139 | size_t max; | ||
140 | if (dest->max_length >= src_len) | ||
141 | { | ||
142 | memcpy (dest->data, src, src_len); | ||
143 | dest->length = src_len; | ||
144 | |||
145 | return src_len; | ||
146 | } | ||
147 | else | ||
148 | { | ||
149 | max = (src_len > MIN_CHUNK) ? src_len : MIN_CHUNK; | ||
150 | dest->data = dest->realloc_func (dest->data, max); | ||
151 | if (dest->data == NULL) | ||
152 | { | ||
153 | MHD_gnutls_assert (); | ||
154 | return GNUTLS_E_MEMORY_ERROR; | ||
155 | } | ||
156 | dest->max_length = MAX (MIN_CHUNK, src_len); | ||
157 | |||
158 | memcpy (dest->data, src, src_len); | ||
159 | dest->length = src_len; | ||
160 | |||
161 | return src_len; | ||
162 | } | ||
163 | } | ||
164 | |||
165 | int | ||
166 | MHD_gtls_string_append_str (MHD_gtls_string * dest, const char *src) | ||
167 | { | ||
168 | size_t src_len = strlen (src); | ||
169 | size_t tot_len = src_len + dest->length; | ||
170 | |||
171 | if (dest->max_length >= tot_len) | ||
172 | { | ||
173 | memcpy (&dest->data[dest->length], src, src_len); | ||
174 | dest->length = tot_len; | ||
175 | |||
176 | return tot_len; | ||
177 | } | ||
178 | else | ||
179 | { | ||
180 | size_t new_len = | ||
181 | MAX (src_len, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK); | ||
182 | |||
183 | dest->data = dest->realloc_func (dest->data, new_len); | ||
184 | if (dest->data == NULL) | ||
185 | { | ||
186 | MHD_gnutls_assert (); | ||
187 | return GNUTLS_E_MEMORY_ERROR; | ||
188 | } | ||
189 | dest->max_length = new_len; | ||
190 | |||
191 | memcpy (&dest->data[dest->length], src, src_len); | ||
192 | dest->length = tot_len; | ||
193 | |||
194 | return tot_len; | ||
195 | } | ||
196 | } | ||
197 | 104 | ||
198 | int | 105 | int |
199 | MHD_gtls_string_append_data (MHD_gtls_string * dest, | 106 | MHD_gtls_string_append_data (MHD_gtls_string * dest, |
@@ -249,39 +156,3 @@ MHD_gtls_bin2hex (const void *_old, | |||
249 | return buffer; | 156 | return buffer; |
250 | } | 157 | } |
251 | 158 | ||
252 | /* just a hex2bin function. | ||
253 | */ | ||
254 | int | ||
255 | MHD_gtls_hex2bin (const opaque * hex_data, | ||
256 | int hex_size, opaque * bin_data, size_t * bin_size) | ||
257 | { | ||
258 | int i, j; | ||
259 | opaque hex2_data[3]; | ||
260 | unsigned long val; | ||
261 | |||
262 | /* FIXME: we don't handle whitespace. | ||
263 | */ | ||
264 | hex_size /= 2; | ||
265 | |||
266 | if (*bin_size < (size_t) hex_size) | ||
267 | { | ||
268 | MHD_gnutls_assert (); | ||
269 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
270 | } | ||
271 | |||
272 | for (i = j = 0; j < hex_size; i += 2, j++) | ||
273 | { | ||
274 | hex2_data[0] = hex_data[i]; | ||
275 | hex2_data[1] = hex_data[i + 1]; | ||
276 | hex2_data[2] = 0; | ||
277 | val = strtoul ((char *) hex2_data, NULL, 16); | ||
278 | if (val == ULONG_MAX) | ||
279 | { | ||
280 | MHD_gnutls_assert (); | ||
281 | return GNUTLS_E_SRP_PWD_PARSING_ERROR; | ||
282 | } | ||
283 | bin_data[j] = val; | ||
284 | } | ||
285 | |||
286 | return 0; | ||
287 | } | ||
diff --git a/src/daemon/https/tls/gnutls_str.h b/src/daemon/https/tls/gnutls_str.h index befa957e..51ed1bd1 100644 --- a/src/daemon/https/tls/gnutls_str.h +++ b/src/daemon/https/tls/gnutls_str.h | |||
@@ -28,8 +28,6 @@ | |||
28 | #include <gnutls_int.h> | 28 | #include <gnutls_int.h> |
29 | 29 | ||
30 | void MHD_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src); | 30 | void MHD_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src); |
31 | void MHD_gtls_mem_cpy (char *dest, size_t dest_tot_size, const char *src, | ||
32 | size_t src_size); | ||
33 | void MHD_gtls_str_cat (char *dest, size_t dest_tot_size, const char *src); | 31 | void MHD_gtls_str_cat (char *dest, size_t dest_tot_size, const char *src); |
34 | 32 | ||
35 | typedef struct | 33 | typedef struct |
@@ -47,18 +45,9 @@ void MHD_gtls_string_init (MHD_gtls_string *, MHD_gnutls_alloc_function, | |||
47 | MHD_gnutls_free_function); | 45 | MHD_gnutls_free_function); |
48 | void MHD_gtls_string_clear (MHD_gtls_string *); | 46 | void MHD_gtls_string_clear (MHD_gtls_string *); |
49 | 47 | ||
50 | /* Beware, do not clear the string, after calling this | ||
51 | * function | ||
52 | */ | ||
53 | MHD_gnutls_datum_t MHD_gtls_string2datum (MHD_gtls_string * str); | ||
54 | |||
55 | int MHD_gtls_string_copy_str (MHD_gtls_string * dest, const char *src); | ||
56 | int MHD_gtls_string_append_str (MHD_gtls_string *, const char *str); | ||
57 | int MHD_gtls_string_append_data (MHD_gtls_string *, const void *data, | 48 | int MHD_gtls_string_append_data (MHD_gtls_string *, const void *data, |
58 | size_t data_size); | 49 | size_t data_size); |
59 | char *MHD_gtls_bin2hex (const void *old, size_t oldlen, char *buffer, | 50 | char *MHD_gtls_bin2hex (const void *old, size_t oldlen, char *buffer, |
60 | size_t buffer_size); | 51 | size_t buffer_size); |
61 | int MHD_gtls_hex2bin (const opaque * hex_data, int hex_size, | ||
62 | opaque * bin_data, size_t * bin_size); | ||
63 | 52 | ||
64 | #endif | 53 | #endif |
diff --git a/src/daemon/https/tls/gnutls_supplemental.c b/src/daemon/https/tls/gnutls_supplemental.c index 0419917c..3b9641d4 100644 --- a/src/daemon/https/tls/gnutls_supplemental.c +++ b/src/daemon/https/tls/gnutls_supplemental.c | |||
@@ -67,18 +67,6 @@ MHD_gnutls_supplemental_entry MHD__gnutls_supplemental[] = { | |||
67 | {0, 0, 0, 0} | 67 | {0, 0, 0, 0} |
68 | }; | 68 | }; |
69 | 69 | ||
70 | const char * | ||
71 | MHD_gtls_supplemental_get_name (MHD_gnutls_supplemental_data_format_type_t | ||
72 | type) | ||
73 | { | ||
74 | MHD_gnutls_supplemental_entry *p; | ||
75 | |||
76 | for (p = MHD__gnutls_supplemental; p->name != NULL; p++) | ||
77 | if (p->type == type) | ||
78 | return p->name; | ||
79 | |||
80 | return NULL; | ||
81 | } |