initial GNU TLS import - this should reduce in size considerable

author: lv-426 <oxcafebaby@yahoo.com> 2008-06-22 18:20:35 +0000
committer: lv-426 <oxcafebaby@yahoo.com> 2008-06-22 18:20:35 +0000
commit: a0339d2458867dbe9485499265641ff205063445 (patch)
tree: 055b38828b3696520408a32edf81df5bb37400f0 /src/daemon/https/tls/ext_inner_application.c
parent: 97c026da05495b83f1511906c2ca027e12ef6cf7 (diff)
download: libmicrohttpd-a0339d2458867dbe9485499265641ff205063445.tar.gz
libmicrohttpd-a0339d2458867dbe9485499265641ff205063445.zip
1 files changed, 147 insertions, 0 deletions
diff --git a/src/daemon/https/tls/ext_inner_application.c b/src/daemon/https/tls/ext_inner_application.c
new file mode 100644
index 00000000..b86b7151
--- /dev/null
+++ b/src/daemon/https/tls/ext_inner_application.c
@@ -0,0 +1,147 @@
+/*
+ * Copyright (C) 2005, 2006 Free Software Foundation
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ *
+ */
+#include "gnutls_int.h"
+#include "gnutls_auth_int.h"
+#include "gnutls_errors.h"
+#include "gnutls_num.h"
+#include "ext_inner_application.h"
+#define NO 0
+#define YES 1
+int
+_gnutls_inner_application_recv_params (gnutls_session_t session,
+                                       const opaque * data, size_t data_size)
+{
+  tls_ext_st *ext = &session->security_parameters.extensions;
+  if (data_size != 1)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+    }
+  ext->gnutls_ia_peer_enable = 1;
+  ext->gnutls_ia_peer_allowskip = 0;
+  switch ((unsigned char) *data)
+    {
+    case NO:                   /* Peer's ia_on_resume == no */
+      ext->gnutls_ia_peer_allowskip = 1;
+      break;
+    case YES:
+      break;
+    default:
+      gnutls_assert ();
+    }
+  return 0;
+}
+/* returns data_size or a negative number on failure
+ */
+int
+_gnutls_inner_application_send_params (gnutls_session_t session,
+                                       opaque * data, size_t data_size)
+{
+  tls_ext_st *ext = &session->security_parameters.extensions;
+  /* Set ext->gnutls_ia_enable depending on whether we have a TLS/IA
+     credential in the session. */
+  if (session->security_parameters.entity == GNUTLS_CLIENT)
+    {
+      gnutls_ia_client_credentials_t cred = (gnutls_ia_client_credentials_t)
+        _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL);
+      if (cred)
+        ext->gnutls_ia_enable = 1;
+    }
+  else
+    {
+      gnutls_ia_server_credentials_t cred = (gnutls_ia_server_credentials_t)
+        _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL);
+      if (cred)
+        ext->gnutls_ia_enable = 1;
+    }
+  /* If we don't want gnutls_ia locally, or we are a server and the
+   * client doesn't want it, don't advertise TLS/IA support at all, as
+   * required. */
+  if (!ext->gnutls_ia_enable)
+    return 0;
+  if (session->security_parameters.entity == GNUTLS_SERVER &&
+      !ext->gnutls_ia_peer_enable)
+    return 0;
+  /* We'll advertise. Check if there's room in the hello buffer. */
+  if (data_size < 1)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_SHORT_MEMORY_BUFFER;
+    }
+  /* default: require new application phase */
+  *data = YES;
+  if (session->security_parameters.entity == GNUTLS_CLIENT)
+    {
+      /* Client: value follows local setting */
+      if (ext->gnutls_ia_allowskip)
+        *data = NO;
+    }
+  else
+    {
+      /* Server: value follows local setting and client's setting, but only
+       * if we are resuming.
+       *
+       * XXX Can server test for resumption at this stage?
+       *
+       * Ai! It seems that read_client_hello only calls parse_extensions if
+       * we're NOT resuming! That would make us automatically violate the IA
+       * draft; if we're resuming, we must first learn what the client wants
+       * -- IA or no IA -- and then prepare our response. Right now we'll
+       * always skip IA on resumption, because recv_ext isn't even called
+       * to record the peer's support for IA at all. Simon? */
+      if (ext->gnutls_ia_allowskip &&
+          ext->gnutls_ia_peer_allowskip &&
+          session->internals.resumed == RESUME_TRUE)
+        *data = NO;
+    }
+  return 1;
+}
author	lv-426 <oxcafebaby@yahoo.com>	2008-06-22 18:20:35 +0000
committer	lv-426 <oxcafebaby@yahoo.com>	2008-06-22 18:20:35 +0000
commit	a0339d2458867dbe9485499265641ff205063445 (patch)
tree	055b38828b3696520408a32edf81df5bb37400f0 /src/daemon/https/tls/ext_inner_application.c
parent	97c026da05495b83f1511906c2ca027e12ef6cf7 (diff)
download	libmicrohttpd-a0339d2458867dbe9485499265641ff205063445.tar.gz libmicrohttpd-a0339d2458867dbe9485499265641ff205063445.zip

diff --git a/src/daemon/https/tls/ext_inner_application.c b/src/daemon/https/tls/ext_inner_application.c new file mode 100644 index 00000000..b86b7151 --- /dev/null +++ b/src/daemon/https/tls/ext_inner_application.c
@@ -0,0 +1,147 @@
	1	/*
	2	* Copyright (C) 2005, 2006 Free Software Foundation
	3	*
	4	* Author: Simon Josefsson
	5	*
	6	* This file is part of GNUTLS.
	7	*
	8	* The GNUTLS library is free software; you can redistribute it and/or
	9	* modify it under the terms of the GNU Lesser General Public License
	10	* as published by the Free Software Foundation; either version 2.1 of
	11	* the License, or (at your option) any later version.
	12	*
	13	* This library is distributed in the hope that it will be useful, but
	14	* WITHOUT ANY WARRANTY; without even the implied warranty of
	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	* Lesser General Public License for more details.
	17	*
	18	* You should have received a copy of the GNU Lesser General Public
	19	* License along with this library; if not, write to the Free Software
	20	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
	21	* 02110-1301, USA
	22	*
	23	*/
	24
	25	#include "gnutls_int.h"
	26	#include "gnutls_auth_int.h"
	27	#include "gnutls_errors.h"
	28	#include "gnutls_num.h"
	29	#include "ext_inner_application.h"
	30
	31	#define NO 0
	32	#define YES 1
	33
	34	int
	35	_gnutls_inner_application_recv_params (gnutls_session_t session,
	36	const opaque * data, size_t data_size)
	37	{
	38	tls_ext_st *ext = &session->security_parameters.extensions;
	39
	40	if (data_size != 1)
	41	{
	42	gnutls_assert ();
	43	return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
	44	}
	45
	46	ext->gnutls_ia_peer_enable = 1;
	47	ext->gnutls_ia_peer_allowskip = 0;
	48
	49	switch ((unsigned char) *data)
	50	{
	51	case NO: /* Peer's ia_on_resume == no */
	52	ext->gnutls_ia_peer_allowskip = 1;
	53	break;
	54
	55	case YES:
	56	break;
	57
	58	default:
	59	gnutls_assert ();
	60	}
	61
	62	return 0;
	63	}
	64
	65
	66	/* returns data_size or a negative number on failure
	67	*/
	68	int
	69	_gnutls_inner_application_send_params (gnutls_session_t session,
	70	opaque * data, size_t data_size)
	71	{
	72	tls_ext_st *ext = &session->security_parameters.extensions;
	73
	74	/* Set ext->gnutls_ia_enable depending on whether we have a TLS/IA
	75	credential in the session. */
	76
	77	if (session->security_parameters.entity == GNUTLS_CLIENT)
	78	{
	79	gnutls_ia_client_credentials_t cred = (gnutls_ia_client_credentials_t)
	80	_gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL);
	81
	82	if (cred)
	83	ext->gnutls_ia_enable = 1;
	84	}
	85	else
	86	{
	87	gnutls_ia_server_credentials_t cred = (gnutls_ia_server_credentials_t)
	88	_gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL);
	89
	90	if (cred)
	91	ext->gnutls_ia_enable = 1;
	92	}
	93
	94	/* If we don't want gnutls_ia locally, or we are a server and the
	95	* client doesn't want it, don't advertise TLS/IA support at all, as
	96	* required. */
	97
	98	if (!ext->gnutls_ia_enable)
	99	return 0;
	100
	101	if (session->security_parameters.entity == GNUTLS_SERVER &&
	102	!ext->gnutls_ia_peer_enable)
	103	return 0;
	104
	105	/* We'll advertise. Check if there's room in the hello buffer. */
	106
	107	if (data_size < 1)
	108	{
	109	gnutls_assert ();
	110	return GNUTLS_E_SHORT_MEMORY_BUFFER;
	111	}
	112
	113	/* default: require new application phase */
	114
	115	*data = YES;
	116
	117	if (session->security_parameters.entity == GNUTLS_CLIENT)
	118	{
	119
	120	/* Client: value follows local setting */
	121
	122	if (ext->gnutls_ia_allowskip)
	123	*data = NO;
	124	}
	125	else
	126	{
	127
	128	/* Server: value follows local setting and client's setting, but only
	129	* if we are resuming.
	130	*
	131	* XXX Can server test for resumption at this stage?
	132	*
	133	* Ai! It seems that read_client_hello only calls parse_extensions if
	134	* we're NOT resuming! That would make us automatically violate the IA
	135	* draft; if we're resuming, we must first learn what the client wants
	136	* -- IA or no IA -- and then prepare our response. Right now we'll
	137	* always skip IA on resumption, because recv_ext isn't even called
	138	* to record the peer's support for IA at all. Simon? */
	139
	140	if (ext->gnutls_ia_allowskip &&
	141	ext->gnutls_ia_peer_allowskip &&
	142	session->internals.resumed == RESUME_TRUE)
	143	*data = NO;
	144	}
	145
	146	return 1;
	147	}