aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2008-11-16 07:24:34 +0000
committerChristian Grothoff <christian@grothoff.org>2008-11-16 07:24:34 +0000
commit9ff6d494fa12d1d68ffe8670c31d1e27009bc71a (patch)
tree910d9b45984d6eb7d3e89e3b6ef7f16dbdc92fdf
parent5acebb923438051ccfa4841341ef4fa882e4d480 (diff)
downloadlibmicrohttpd-9ff6d494fa12d1d68ffe8670c31d1e27009bc71a.tar.gz
libmicrohttpd-9ff6d494fa12d1d68ffe8670c31d1e27009bc71a.zip
fix
-rw-r--r--src/daemon/https/gnutls.h13
-rw-r--r--src/daemon/https/tls/Makefile.am1
-rw-r--r--src/daemon/https/tls/auth_dh_common.c275
-rw-r--r--src/daemon/https/tls/auth_dh_common.h9
-rw-r--r--src/daemon/https/tls/auth_dhe.c277
-rw-r--r--src/daemon/https/tls/gnutls_global.c51
-rw-r--r--src/daemon/https/tls/gnutls_handshake.c8
-rw-r--r--src/daemon/https/tls/gnutls_int.h1
-rw-r--r--src/daemon/https/tls/gnutls_mem.c57
-rw-r--r--src/daemon/https/tls/gnutls_mpi.c22
-rw-r--r--src/daemon/https/tls/gnutls_mpi.h5
11 files changed, 571 insertions, 148 deletions
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h
index c2d5b45e..74e62ef4 100644
--- a/src/daemon/https/gnutls.h
+++ b/src/daemon/https/gnutls.h
@@ -227,8 +227,6 @@ extern "C"
227 int MHD__gnutls_handshake (MHD_gtls_session_t session); 227 int MHD__gnutls_handshake (MHD_gtls_session_t session);
228 int MHD__gnutls_rehandshake (MHD_gtls_session_t session); 228 int MHD__gnutls_rehandshake (MHD_gtls_session_t session);
229 229
230 int MHD_gtls_handshake_client (MHD_gtls_session_t session);
231
232 MHD_gnutls_alert_description_t MHD_gnutls_alert_get (MHD_gtls_session_t 230 MHD_gnutls_alert_description_t MHD_gnutls_alert_get (MHD_gtls_session_t
233 session); 231 session);
234 int MHD__gnutls_alert_send (MHD_gtls_session_t session, 232 int MHD__gnutls_alert_send (MHD_gtls_session_t session,
@@ -513,17 +511,6 @@ extern "C"
513 typedef void (*MHD_gnutls_free_function) (void *); 511 typedef void (*MHD_gnutls_free_function) (void *);
514 typedef void *(*MHD_gnutls_realloc_function) (void *, size_t); 512 typedef void *(*MHD_gnutls_realloc_function) (void *, size_t);
515 513
516 extern void
517 MHD_gtls_global_set_mem_functions (MHD_gnutls_alloc_function
518 gt_alloc_func,
519 MHD_gnutls_alloc_function
520 gt_secure_alloc_func,
521 MHD_gnutls_is_secure_function
522 gt_is_secure_func,
523 MHD_gnutls_realloc_function
524 gt_realloc_func,
525 MHD_gnutls_free_function gt_free_func);
526
527/* For use in callbacks */ 514/* For use in callbacks */
528 extern MHD_gnutls_alloc_function MHD_gnutls_malloc; 515 extern MHD_gnutls_alloc_function MHD_gnutls_malloc;
529 extern MHD_gnutls_alloc_function MHD_gnutls_secure_malloc; 516 extern MHD_gnutls_alloc_function MHD_gnutls_secure_malloc;
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am
index c807d1c7..77dee4a4 100644
--- a/src/daemon/https/tls/Makefile.am
+++ b/src/daemon/https/tls/Makefile.am
@@ -17,6 +17,7 @@ libtls_la_LDFLAGS = -lgcrypt
17 17
18libtls_la_SOURCES = \ 18libtls_la_SOURCES = \
19auth_cert.c \ 19auth_cert.c \
20auth_dhe.c \
20auth_dh_common.c \ 21auth_dh_common.c \
21auth_rsa.c \ 22auth_rsa.c \
22auth_rsa_export.c \ 23auth_rsa_export.c \
diff --git a/src/daemon/https/tls/auth_dh_common.c b/src/daemon/https/tls/auth_dh_common.c
index 0957f81b..8fc6e391 100644
--- a/src/daemon/https/tls/auth_dh_common.c
+++ b/src/daemon/https/tls/auth_dh_common.c
@@ -50,3 +50,278 @@ MHD_gtls_free_dh_info (MHD_gtls_dh_info_st * dh)
50 MHD__gnutls_free_datum (&dh->public_key); 50 MHD__gnutls_free_datum (&dh->public_key);
51} 51}
52 52
53int
54MHD_gtls_proc_dh_common_client_kx (MHD_gtls_session_t session,
55 opaque * data, size_t _data_size,
56 mpi_t g, mpi_t p)
57{
58 uint16_t n_Y;
59 size_t _n_Y;
60 int ret;
61 ssize_t data_size = _data_size;
62
63
64 DECR_LEN (data_size, 2);
65 n_Y = MHD_gtls_read_uint16 (&data[0]);
66 _n_Y = n_Y;
67
68 DECR_LEN (data_size, n_Y);
69 if (MHD_gtls_mpi_scan_nz (&session->key->client_Y, &data[2], &_n_Y))
70 {
71 MHD_gnutls_assert ();
72 return GNUTLS_E_MPI_SCAN_FAILED;
73 }
74
75 MHD_gtls_dh_set_peer_public (session, session->key->client_Y);
76
77 session->key->KEY =
78 MHD_gtls_calc_dh_key (session->key->client_Y, session->key->dh_secret, p);
79
80 if (session->key->KEY == NULL)
81 {
82 MHD_gnutls_assert ();
83 return GNUTLS_E_MEMORY_ERROR;
84 }
85
86 MHD_gtls_mpi_release (&session->key->client_Y);
87 MHD_gtls_mpi_release (&session->key->dh_secret);
88
89 ret = MHD_gtls_mpi_dprint (&session->key->key, session->key->KEY);
90
91 MHD_gtls_mpi_release (&session->key->KEY);
92
93 if (ret < 0)
94 {
95 return ret;
96 }
97
98 return 0;
99}
100
101int
102MHD_gtls_gen_dh_common_client_kx (MHD_gtls_session_t session, opaque ** data)
103{
104 mpi_t x = NULL, X = NULL;
105 size_t n_X;
106 int ret;
107
108 *data = NULL;
109
110 X = MHD_gtls_calc_dh_secret (&x, session->key->client_g,
111 session->key->client_p);
112 if (X == NULL || x == NULL)
113 {
114 MHD_gnutls_assert ();
115 ret = GNUTLS_E_MEMORY_ERROR;
116 goto error;
117 }
118
119 MHD_gtls_dh_set_secret_bits (session, MHD__gnutls_mpi_get_nbits (x));
120
121 MHD_gtls_mpi_print (NULL, &n_X, X);
122 (*data) = MHD_gnutls_malloc (n_X + 2);
123 if (*data == NULL)
124 {
125 ret = GNUTLS_E_MEMORY_ERROR;
126 goto error;
127 }
128
129 MHD_gtls_mpi_print (&(*data)[2], &n_X, X);
130 MHD_gtls_mpi_release (&X);
131
132 MHD_gtls_write_uint16 (n_X, &(*data)[0]);
133
134 /* calculate the key after calculating the message */
135 session->key->KEY =
136 MHD_gtls_calc_dh_key (session->key->client_Y, x, session->key->client_p);
137
138 MHD_gtls_mpi_release (&x);
139 if (session->key->KEY == NULL)
140 {
141 MHD_gnutls_assert ();
142 ret = GNUTLS_E_MEMORY_ERROR;
143 goto error;
144 }
145
146 /* THESE SHOULD BE DISCARDED */
147 MHD_gtls_mpi_release (&session->key->client_Y);
148 MHD_gtls_mpi_release (&session->key->client_p);
149 MHD_gtls_mpi_release (&session->key->client_g);
150
151 ret = MHD_gtls_mpi_dprint (&session->key->key, session->key->KEY);
152
153 MHD_gtls_mpi_release (&session->key->KEY);
154
155 if (ret < 0)
156 {
157 MHD_gnutls_assert ();
158 goto error;
159 }
160
161 return n_X + 2;
162
163error:
164 MHD_gtls_mpi_release (&x);
165 MHD_gtls_mpi_release (&X);
166 MHD_gnutls_free (*data);
167 *data = NULL;
168 return ret;
169}
170
171int
172MHD_gtls_proc_dh_common_server_kx (MHD_gtls_session_t session,
173 opaque * data, size_t _data_size, int psk)
174{
175 uint16_t n_Y, n_g, n_p;
176 size_t _n_Y, _n_g, _n_p;
177 uint8_t *data_p;
178 uint8_t *data_g;
179 uint8_t *data_Y;
180 int i, bits, psk_size, ret;
181 ssize_t data_size = _data_size;
182
183 i = 0;
184
185 if (psk != 0)
186 {
187 DECR_LEN (data_size, 2);
188 psk_size = MHD_gtls_read_uint16 (&data[i]);
189 DECR_LEN (data_size, psk_size);
190 i += 2 + psk_size;
191 }
192
193 DECR_LEN (data_size, 2);
194 n_p = MHD_gtls_read_uint16 (&data[i]);
195 i += 2;
196
197 DECR_LEN (data_size, n_p);
198 data_p = &data[i];
199 i += n_p;
200
201 DECR_LEN (data_size, 2);
202 n_g = MHD_gtls_read_uint16 (&data[i]);
203 i += 2;
204
205 DECR_LEN (data_size, n_g);
206 data_g = &data[i];
207 i += n_g;
208
209 DECR_LEN (data_size, 2);
210 n_Y = MHD_gtls_read_uint16 (&data[i]);
211 i += 2;
212
213 DECR_LEN (data_size, n_Y);
214 data_Y = &data[i];
215 i += n_Y;
216
217 _n_Y = n_Y;
218 _n_g = n_g;
219 _n_p = n_p;
220
221 if (MHD_gtls_mpi_scan_nz (&session->key->client_Y, data_Y, &_n_Y) != 0)
222 {
223 MHD_gnutls_assert ();
224 return GNUTLS_E_MPI_SCAN_FAILED;
225 }
226
227 if (MHD_gtls_mpi_scan_nz (&session->key->client_g, data_g, &_n_g) != 0)
228 {
229 MHD_gnutls_assert ();
230 return GNUTLS_E_MPI_SCAN_FAILED;
231 }
232 if (MHD_gtls_mpi_scan_nz (&session->key->client_p, data_p, &_n_p) != 0)
233 {
234 MHD_gnutls_assert ();
235 return GNUTLS_E_MPI_SCAN_FAILED;
236 }
237
238 bits = MHD_gtls_dh_get_allowed_prime_bits (session);
239 if (bits < 0)
240 {
241 MHD_gnutls_assert ();
242 return bits;
243 }
244
245 if (MHD__gnutls_mpi_get_nbits (session->key->client_p) < (size_t) bits)
246 {
247 /* the prime used by the peer is not acceptable
248 */
249 MHD_gnutls_assert ();
250 return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
251 }
252
253 MHD_gtls_dh_set_group (session, session->key->client_g,
254 session->key->client_p);
255 MHD_gtls_dh_set_peer_public (session, session->key->client_Y);
256
257 ret = n_Y + n_p + n_g + 6;
258 if (psk != 0)
259 ret += 2;
260
261 return ret;
262}
263
264/* If the psk flag is set, then an empty psk_identity_hint will
265 * be inserted */
266int
267MHD_gtls_dh_common_print_server_kx (MHD_gtls_session_t session,
268 mpi_t g, mpi_t p, opaque ** data, int psk)
269{
270 mpi_t x, X;
271 size_t n_X, n_g, n_p;
272 int ret, data_size, pos;
273 uint8_t *pdata;
274
275 X = MHD_gtls_calc_dh_secret (&x, g, p);
276 if (X == NULL || x == NULL)
277 {
278 MHD_gnutls_assert ();
279 return GNUTLS_E_MEMORY_ERROR;
280 }
281
282 session->key->dh_secret = x;
283 MHD_gtls_dh_set_secret_bits (session, MHD__gnutls_mpi_get_nbits (x));
284
285 MHD_gtls_mpi_print (NULL, &n_g, g);
286 MHD_gtls_mpi_print (NULL, &n_p, p);
287 MHD_gtls_mpi_print (NULL, &n_X, X);
288
289 data_size = n_g + n_p + n_X + 6;
290 if (psk != 0)
291 data_size += 2;
292
293 (*data) = MHD_gnutls_malloc (data_size);
294 if (*data == NULL)
295 {
296 MHD_gtls_mpi_release (&X);
297 return GNUTLS_E_MEMORY_ERROR;
298 }
299
300 pos = 0;
301 pdata = *data;
302
303 if (psk != 0)
304 {
305 MHD_gtls_write_uint16 (0, &pdata[pos]);
306 pos += 2;
307 }
308
309 MHD_gtls_mpi_print (&pdata[pos + 2], &n_p, p);
310 MHD_gtls_write_uint16 (n_p, &pdata[pos]);
311
312 pos += n_p + 2;
313
314 MHD_gtls_mpi_print (&pdata[pos + 2], &n_g, g);
315 MHD_gtls_write_uint16 (n_g, &pdata[pos]);
316
317 pos += n_g + 2;
318
319 MHD_gtls_mpi_print (&pdata[pos + 2], &n_X, X);
320 MHD_gtls_mpi_release (&X);
321
322 MHD_gtls_write_uint16 (n_X, &pdata[pos]);
323
324 ret = data_size;
325
326 return ret;
327}
diff --git a/src/daemon/https/tls/auth_dh_common.h b/src/daemon/https/tls/auth_dh_common.h
index eb779a8b..f09ce6dc 100644
--- a/src/daemon/https/tls/auth_dh_common.h
+++ b/src/daemon/https/tls/auth_dh_common.h
@@ -35,5 +35,14 @@ typedef struct
35} MHD_gtls_dh_info_st; 35} MHD_gtls_dh_info_st;
36 36
37void MHD_gtls_free_dh_info (MHD_gtls_dh_info_st * dh); 37void MHD_gtls_free_dh_info (MHD_gtls_dh_info_st * dh);
38int MHD_gtls_gen_dh_common_client_kx (MHD_gtls_session_t, opaque **);
39int MHD_gtls_proc_dh_common_client_kx (MHD_gtls_session_t session,
40 opaque * data, size_t _data_size,
41 mpi_t p, mpi_t g);
42int MHD_gtls_dh_common_print_server_kx (MHD_gtls_session_t, mpi_t g, mpi_t p,
43 opaque ** data, int psk);
44int MHD_gtls_proc_dh_common_server_kx (MHD_gtls_session_t session,
45 opaque * data, size_t _data_size,
46 int psk);
38 47
39#endif 48#endif
diff --git a/src/daemon/https/tls/auth_dhe.c b/src/daemon/https/tls/auth_dhe.c
new file mode 100644
index 00000000..fa535e55
--- /dev/null
+++ b/src/daemon/https/tls/auth_dhe.c
@@ -0,0 +1,277 @@
1/*
2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25/* This file contains everything for the Ephemeral Diffie Hellman (DHE)
26 * key exchange. This is used in the handshake procedure of the certificate
27 * authentication.
28 */
29
30#include "gnutls_int.h"
31#include "gnutls_auth_int.h"
32#include "gnutls_errors.h"
33#include "gnutls_dh.h"
34#include "gnutls_num.h"
35#include "gnutls_sig.h"
36#include <gnutls_datum.h>
37#include <auth_cert.h>
38#include <gnutls_x509.h>
39#include <gnutls_state.h>
40#include <auth_dh_common.h>
41
42static int gen_dhe_server_kx (MHD_gtls_session_t, opaque **);
43static int proc_dhe_server_kx (MHD_gtls_session_t, opaque *, size_t);
44static int proc_dhe_client_kx (MHD_gtls_session_t, opaque *, size_t);
45
46const MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct = {
47 "DHE_RSA",
48 MHD_gtls_gen_cert_server_certificate,
49 MHD_gtls_gen_cert_client_certificate,
50 gen_dhe_server_kx,
51 MHD_gtls_gen_dh_common_client_kx,
52 MHD_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
53 MHD_gtls_gen_cert_server_cert_req, /* server cert request */
54
55 MHD_gtls_proc_cert_server_certificate,
56 MHD__gnutls_proc_cert_client_certificate,
57 proc_dhe_server_kx,
58 proc_dhe_client_kx,
59 MHD_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
60 MHD_gtls_proc_cert_cert_req /* proc server cert request */
61};
62
63const MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct = {
64 "DHE_DSS",
65 MHD_gtls_gen_cert_server_certificate,
66 MHD_gtls_gen_cert_client_certificate,
67 gen_dhe_server_kx,
68 MHD_gtls_gen_dh_common_client_kx,
69 MHD_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
70 MHD_gtls_gen_cert_server_cert_req, /* server cert request */
71
72 MHD_gtls_proc_cert_server_certificate,
73 MHD__gnutls_proc_cert_client_certificate,
74 proc_dhe_server_kx,
75 proc_dhe_client_kx,
76 MHD_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
77 MHD_gtls_proc_cert_cert_req /* proc server cert request */
78};
79
80
81static int
82gen_dhe_server_kx (MHD_gtls_session_t session, opaque ** data)
83{
84 mpi_t g, p;
85 const mpi_t *mpis;
86 int ret = 0, data_size;
87 int bits;
88 MHD_gnutls_cert *apr_cert_list;
89 MHD_gnutls_privkey *apr_pkey;
90 int apr_cert_list_length;
91 MHD_gnutls_datum_t signature, ddata;
92 MHD_gtls_cert_credentials_t cred;
93 MHD_gtls_dh_params_t dh_params;
94
95 cred = (MHD_gtls_cert_credentials_t)
96 MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
97 if (cred == NULL)
98 {
99 MHD_gnutls_assert ();
100 return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
101 }
102
103 bits = MHD_gtls_dh_get_allowed_prime_bits (session);
104
105 /* find the appropriate certificate */
106 if ((ret =
107 MHD_gtls_get_selected_cert (session, &apr_cert_list,
108 &apr_cert_list_length, &apr_pkey)) < 0)
109 {
110 MHD_gnutls_assert ();
111 return ret;
112 }
113
114 dh_params =
115 MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session);
116 mpis = MHD_gtls_dh_params_to_mpi (dh_params);
117 if (mpis == NULL)
118 {
119 MHD_gnutls_assert ();
120 return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
121 }
122
123 p = mpis[0];
124 g = mpis[1];
125
126 if ((ret = MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
127 sizeof (cert_auth_info_st), 0)) < 0)
128 {
129 MHD_gnutls_assert ();
130 return ret;
131 }
132
133 MHD_gtls_dh_set_group (session, g, p);
134
135 ret = MHD_gtls_dh_common_print_server_kx (session, g, p, data, 0);
136 if (ret < 0)
137 {
138 MHD_gnutls_assert ();
139 return ret;
140 }
141 data_size = ret;
142
143 /* Generate the signature. */
144
145 ddata.data = *data;
146 ddata.size = data_size;
147
148 if (apr_cert_list_length > 0)
149 {
150 if ((ret =
151 MHD_gtls_tls_sign_params (session, &apr_cert_list[0],
152 apr_pkey, &ddata, &signature)) < 0)
153 {
154 MHD_gnutls_assert ();
155 MHD_gnutls_free (*data);
156 return ret;
157 }
158 }
159 else
160 {
161 MHD_gnutls_assert ();
162 return data_size; /* do not put a signature - ILLEGAL! */
163 }
164
165 *data = MHD_gtls_realloc_fast (*data, data_size + signature.size + 2);
166 if (*data == NULL)
167 {
168 MHD__gnutls_free_datum (&signature);
169 MHD_gnutls_assert ();
170 return GNUTLS_E_MEMORY_ERROR;
171 }
172
173 MHD_gtls_write_datum16 (&(*data)[data_size], signature);
174 data_size += signature.size + 2;
175
176 MHD__gnutls_free_datum (&signature);
177
178 return data_size;
179}
180
181static int
182proc_dhe_server_kx (MHD_gtls_session_t session, opaque * data,
183 size_t _data_size)
184{
185 int sigsize;
186 MHD_gnutls_datum_t vparams, signature;
187 int ret;
188 cert_auth_info_t info = MHD_gtls_get_auth_info (session);
189 ssize_t data_size = _data_size;
190 MHD_gnutls_cert peer_cert;
191
192 if (info == NULL || info->ncerts == 0)
193 {
194 MHD_gnutls_assert ();
195 /* we need this in order to get peer's certificate */
196 return GNUTLS_E_INTERNAL_ERROR;
197 }
198
199 ret = MHD_gtls_proc_dh_common_server_kx (session, data, _data_size, 0);
200 if (ret < 0)
201 {
202 MHD_gnutls_assert ();
203 return ret;
204 }
205
206 /* VERIFY SIGNATURE */
207
208 vparams.size = ret;
209 vparams.data = data;
210
211 DECR_LEN (data_size, 2);
212 sigsize = MHD_gtls_read_uint16 (&data[vparams.size]);
213
214 DECR_LEN (data_size, sigsize);
215 signature.data = &data[vparams.size + 2];
216 signature.size = sigsize;
217
218 if ((ret =
219 MHD_gtls_raw_cert_to_gcert (&peer_cert,
220 session->security_parameters.cert_type,
221 &info->raw_certificate_list[0],
222 CERT_NO_COPY)) < 0)
223 {
224 MHD_gnutls_assert ();
225 return ret;
226 }
227
228 ret =
229 MHD_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature);
230
231 MHD_gtls_gcert_deinit (&peer_cert);
232 if (ret < 0)
233 {
234 MHD_gnutls_assert ();
235 return ret;
236 }
237
238 return ret;
239}
240
241
242
243static int
244proc_dhe_client_kx (MHD_gtls_session_t session, opaque * data,
245 size_t _data_size)
246{
247 MHD_gtls_cert_credentials_t cred;
248 int ret;
249 mpi_t p, g;
250 const mpi_t *mpis;
251 MHD_gtls_dh_params_t dh_params;
252
253 cred = (MHD_gtls_cert_credentials_t)
254 MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
255 if (cred == NULL)
256 {
257 MHD_gnutls_assert ();
258 return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
259 }
260
261 dh_params =
262 MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session);
263 mpis = MHD_gtls_dh_params_to_mpi (dh_params);
264 if (mpis == NULL)
265 {
266 MHD_gnutls_assert ();
267 return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
268 }
269
270 p = mpis[0];
271 g = mpis[1];
272
273 ret = MHD_gtls_proc_dh_common_client_kx (session, data, _data_size, g, p);
274
275 return ret;
276
277}
diff --git a/src/daemon/https/tls/gnutls_global.c b/src/daemon/https/tls/gnutls_global.c
index 6f7e46bf..65ac210a 100644
--- a/src/daemon/https/tls/gnutls_global.c
+++ b/src/daemon/https/tls/gnutls_global.c
@@ -94,57 +94,6 @@ MHD_gtls_global_set_log_level (int level)
94 94
95int MHD__gnutls_is_secure_mem_null (const void *); 95int MHD__gnutls_is_secure_mem_null (const void *);
96 96
97/**
98 * MHD_gtls_global_set_mem_functions - This function sets the memory allocation functions
99 * @alloc_func: it's the default memory allocation function. Like malloc().
100 * @secure_alloc_func: This is the memory allocation function that will be used for sensitive data.
101 * @is_secure_func: a function that returns 0 if the memory given is not secure. May be NULL.
102 * @realloc_func: A realloc function
103 * @free_func: The function that frees allocated data. Must accept a NULL pointer.
104 *
105 * This is the function were you set the memory allocation functions gnutls
106 * is going to use. By default the libc's allocation functions (malloc(), free()),
107 * are used by gnutls, to allocate both sensitive and not sensitive data.
108 * This function is provided to set the memory allocation functions to
109 * something other than the defaults (ie the gcrypt allocation functions).
110 *
111 * This function must be called before MHD__gnutls_global_init() is called.
112 *
113 **/
114void
115MHD_gtls_global_set_mem_functions (MHD_gnutls_alloc_function alloc_func,
116 MHD_gnutls_alloc_function
117 secure_alloc_func,
118 MHD_gnutls_is_secure_function
119 is_secure_func,
120 MHD_gnutls_realloc_function realloc_func,
121 MHD_gnutls_free_function free_func)
122{
123 MHD_gnutls_secure_malloc = secure_alloc_func;
124 MHD_gnutls_malloc = alloc_func;
125 MHD_gnutls_realloc = realloc_func;
126 MHD_gnutls_free = free_func;
127
128 if (is_secure_func != NULL)
129 MHD__gnutls_is_secure_memory = is_secure_func;
130 else
131 MHD__gnutls_is_secure_memory = MHD__gnutls_is_secure_mem_null;
132
133 /* if using the libc's default malloc
134 * use libc's calloc as well.
135 */
136 if (MHD_gnutls_malloc == malloc)
137 {
138 MHD_gnutls_calloc = calloc;
139 }
140 else
141 { /* use the included ones */
142 MHD_gnutls_calloc = MHD_gtls_calloc;
143 }
144 MHD_gnutls_strdup = MHD_gtls_strdup;
145
146}
147
148static int MHD__gnutls_init_level = 0; 97static int MHD__gnutls_init_level = 0;
149 98
150/** 99/**
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
index ba93018d..a0ea34c8 100644
--- a/src/daemon/https/tls/gnutls_handshake.c
+++ b/src/daemon/https/tls/gnutls_handshake.c
@@ -1717,6 +1717,14 @@ MHD__gnutls_copy_comp_methods (MHD_gtls_session_t session,
1717 return datalen; 1717 return datalen;
1718} 1718}
1719 1719
1720static void
1721MHD_gtls_set_adv_version (MHD_gtls_session_t session,
1722 enum MHD_GNUTLS_Protocol ver)
1723{
1724 set_adv_version (session, MHD_gtls_version_get_major (ver),
1725 MHD_gtls_version_get_minor (ver));
1726}
1727
1720/* This function sends the client hello handshake message. 1728/* This function sends the client hello handshake message.
1721 */ 1729 */
1722static int 1730static int
diff --git a/src/daemon/https/tls/gnutls_int.h b/src/daemon/https/tls/gnutls_int.h
index af2b4499..a41a8e89 100644
--- a/src/daemon/https/tls/gnutls_int.h
+++ b/src/daemon/https/tls/gnutls_int.h
@@ -670,7 +670,6 @@ void MHD_gtls_free_auth_info (MHD_gtls_session_t session);
670 session->internals.adv_version_major = major; \ 670 session->internals.adv_version_major = major; \
671 session->internals.adv_version_minor = minor 671 session->internals.adv_version_minor = minor
672 672
673void MHD_gtls_set_adv_version (MHD_gtls_session_t, enum MHD_GNUTLS_Protocol);
674enum MHD_GNUTLS_Protocol MHD_gtls_get_adv_version (MHD_gtls_session_t); 673enum MHD_GNUTLS_Protocol MHD_gtls_get_adv_version (MHD_gtls_session_t);
675 674
676#endif /* GNUTLS_INT_H */ 675#endif /* GNUTLS_INT_H */
diff --git a/src/daemon/https/tls/gnutls_mem.c b/src/daemon/https/tls/gnutls_mem.c
index 1f0a743d..6f6086e5 100644
--- a/src/daemon/https/tls/gnutls_mem.c
+++ b/src/daemon/https/tls/gnutls_mem.c
@@ -44,27 +44,6 @@ int (*MHD__gnutls_is_secure_memory) (const void *) =
44 MHD__gnutls_is_secure_mem_null; 44 MHD__gnutls_is_secure_mem_null;
45 45
46 46
47void *
48MHD_gtls_calloc (size_t nmemb, size_t size)
49{
50 void *ret;
51 size *= nmemb;
52 ret = MHD_gnutls_malloc (size);
53 if (ret != NULL)
54 memset (ret, 0, size);
55 return ret;
56}
57
58svoid *
59MHD_gtls_secure_calloc (size_t nmemb, size_t size)
60{
61 svoid *ret;
62 size *= nmemb;
63 ret = MHD_gnutls_secure_malloc (size);
64 if (ret != NULL)
65 memset (ret, 0, size);
66 return ret;
67}
68 47
69/* This realloc will free ptr in case realloc 48/* This realloc will free ptr in case realloc
70 * fails. 49 * fails.
@@ -97,39 +76,3 @@ MHD_gtls_strdup (const char *str)
97 memcpy (ret, str, siz); 76 memcpy (ret, str, siz);
98 return ret; 77 return ret;
99} 78}
100
101
102#if 0
103/* don't use them. They are included for documentation.
104 */
105
106/**
107 * MHD_gnutls_malloc - Allocates and returns data
108 *
109 * This function will allocate 's' bytes data, and
110 * return a pointer to memory. This function is supposed
111 * to be used by callbacks.
112 *
113 * The allocation function used is the one set by MHD_gtls_global_set_mem_functions().
114 *
115 **/
116void *
117MHD_gnutls_malloc (size_t s)
118{
119}
120
121/**
122 * MHD_gnutls_free - Returns a free() like function
123 * @d: pointer to memory
124 *
125 * This function will free data pointed by ptr.
126 *
127 * The deallocation function used is the one set by MHD_gtls_global_set_mem_functions().
128 *
129 **/
130void
131MHD_gnutls_free (void *ptr)
132{
133}
134
135#endif
diff --git a/src/daemon/https/tls/gnutls_mpi.c b/src/daemon/https/tls/gnutls_mpi.c
index 918e6480..5a4e25a4 100644
--- a/src/daemon/https/tls/gnutls_mpi.c
+++ b/src/daemon/https/tls/gnutls_mpi.c
@@ -80,26 +80,6 @@ MHD_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer, size_t * nbytes)
80} 80}
81 81
82int 82int
83MHD_gtls_mpi_scan_pgp (mpi_t * ret_mpi, const opaque * buffer,
84 size_t * nbytes)
85{
86 int ret;
87 ret = gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_PGP, buffer, *nbytes, nbytes);
88 if (ret)
89 return GNUTLS_E_MPI_SCAN_FAILED;
90
91 /* MPIs with 0 bits are illegal
92 */
93 if (MHD__gnutls_mpi_get_nbits (*ret_mpi) == 0)
94 {
95 MHD_gtls_mpi_release (ret_mpi);
96 return GNUTLS_E_MPI_SCAN_FAILED;
97 }
98
99 return 0;
100}
101
102int
103MHD_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a) 83MHD_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a)
104{ 84{
105 int ret; 85 int ret;
@@ -115,7 +95,7 @@ MHD_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a)
115} 95}
116 96
117/* Always has the first bit zero */ 97/* Always has the first bit zero */
118int 98static int
119MHD_gtls_mpi_print_lz (void *buffer, size_t * nbytes, const mpi_t a) 99MHD_gtls_mpi_print_lz (void *buffer, size_t * nbytes, const mpi_t a)
120{ 100{
121 int ret; 101 int ret;
diff --git a/src/daemon/https/tls/gnutls_mpi.h b/src/daemon/https/tls/gnutls_mpi.h
index b3494024..58b66149 100644
--- a/src/daemon/https/tls/gnutls_mpi.h
+++ b/src/daemon/https/tls/gnutls_mpi.h
@@ -64,12 +64,7 @@ int MHD_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer,
64 size_t * nbytes); 64 size_t * nbytes);
65int MHD_gtls_mpi_scan (mpi_t * ret_mpi, const opaque * buffer, 65int MHD_gtls_mpi_scan (mpi_t * ret_mpi, const opaque * buffer,
66 size_t * nbytes); 66 size_t * nbytes);
67int MHD_gtls_mpi_scan_pgp (mpi_t * ret_mpi, const opaque * buffer,
68 size_t * nbytes);
69
70int MHD_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a); 67int MHD_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a);
71int MHD_gtls_mpi_print_lz (void *buffer, size_t * nbytes, const mpi_t a);
72
73int MHD_gtls_mpi_dprint_lz (MHD_gnutls_datum_t * dest, const mpi_t a); 68int MHD_gtls_mpi_dprint_lz (MHD_gnutls_datum_t * dest, const mpi_t a);
74int MHD_gtls_mpi_dprint (MHD_gnutls_datum_t * dest, const mpi_t a); 69int MHD_gtls_mpi_dprint (MHD_gnutls_datum_t * dest, const mpi_t a);
75 70