diff options
author | Christian Grothoff <christian@grothoff.org> | 2010-07-24 15:24:50 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2010-07-24 15:24:50 +0000 |
commit | 58d06b22557a9d06dfeff5975c8241def4f88680 (patch) | |
tree | a524c1984b580911d614ee84cc35872beaa34c7e /src/daemon | |
parent | 29529aefd1a38449647a3cea724635e87d01d3ea (diff) | |
download | libmicrohttpd-58d06b22557a9d06dfeff5975c8241def4f88680.tar.gz libmicrohttpd-58d06b22557a9d06dfeff5975c8241def4f88680.zip |
towards using libgnutls directly
Diffstat (limited to 'src/daemon')
123 files changed, 74 insertions, 34498 deletions
diff --git a/src/daemon/Makefile.am b/src/daemon/Makefile.am index de5152f2..bea883d8 100644 --- a/src/daemon/Makefile.am +++ b/src/daemon/Makefile.am | |||
@@ -1,12 +1,8 @@ | |||
1 | AM_CPPFLAGS = \ | 1 | AM_CPPFLAGS = \ |
2 | -I$(top_srcdir)/src/include \ | 2 | -I$(top_srcdir)/src/include \ |
3 | -I$(top_srcdir)/src/daemon \ | 3 | -I$(top_srcdir)/src/daemon \ |
4 | -I$(top_srcdir)/src/daemon/https/lgl \ | 4 | @LIBGCRYPT_CFLAGS@ \ |
5 | -I$(top_srcdir)/src/daemon/https/x509 \ | 5 | @LIBGNUTLS_CFLAGS@ |
6 | -I$(top_srcdir)/src/daemon/https/minitasn1 \ | ||
7 | -I$(top_srcdir)/src/daemon/https/tls \ | ||
8 | -I$(top_srcdir)/src/daemon/https \ | ||
9 | @LIBGCRYPT_CFLAGS@ | ||
10 | 6 | ||
11 | EXTRA_DIST = EXPORT.sym | 7 | EXTRA_DIST = EXPORT.sym |
12 | 8 | ||
@@ -31,14 +27,10 @@ endif | |||
31 | 27 | ||
32 | 28 | ||
33 | if ENABLE_HTTPS | 29 | if ENABLE_HTTPS |
34 | SUBDIRS = https . | ||
35 | libmicrohttpd_la_SOURCES += \ | 30 | libmicrohttpd_la_SOURCES += \ |
36 | connection_https.c connection_https.h | 31 | connection_https.c connection_https.h |
37 | libmicrohttpd_la_LIBADD = \ | 32 | libmicrohttpd_la_LIBADD = \ |
38 | https/lgl/liblgl.la \ | 33 | $(LIBGNUTLS_LIBS) |
39 | https/x509/libx509.la \ | ||
40 | https/tls/libtls.la \ | ||
41 | https/minitasn1/libasn1.la | ||
42 | endif | 34 | endif |
43 | 35 | ||
44 | check_PROGRAMS = \ | 36 | check_PROGRAMS = \ |
diff --git a/src/daemon/connection.c b/src/daemon/connection.c index 5a4b6f71..3eb2d1a3 100644 --- a/src/daemon/connection.c +++ b/src/daemon/connection.c | |||
@@ -1793,7 +1793,7 @@ MHD_connection_handle_write (struct MHD_Connection *connection) | |||
1793 | #if HTTPS_SUPPORT | 1793 | #if HTTPS_SUPPORT |
1794 | if (connection->daemon->options & MHD_USE_SSL) | 1794 | if (connection->daemon->options & MHD_USE_SSL) |
1795 | { | 1795 | { |
1796 | ret = MHD__gnutls_record_send (connection->tls_session, | 1796 | ret = gnutls_record_send (connection->tls_session, |
1797 | &connection->response->data | 1797 | &connection->response->data |
1798 | [connection-> | 1798 | [connection-> |
1799 | response_write_position - | 1799 | response_write_position - |
@@ -2245,10 +2245,6 @@ MHD_set_http_calbacks (struct MHD_Connection *connection) | |||
2245 | connection->idle_handler = &MHD_connection_handle_idle; | 2245 | connection->idle_handler = &MHD_connection_handle_idle; |
2246 | } | 2246 | } |
2247 | 2247 | ||
2248 | #if HTTPS_SUPPORT | ||
2249 | #include "gnutls_int.h" | ||
2250 | #include "gnutls_record.h" | ||
2251 | #endif | ||
2252 | 2248 | ||
2253 | /** | 2249 | /** |
2254 | * Obtain information about the given connection. | 2250 | * Obtain information about the given connection. |
@@ -2269,13 +2265,13 @@ MHD_get_connection_info (struct MHD_Connection *connection, | |||
2269 | case MHD_CONNECTION_INFO_CIPHER_ALGO: | 2265 | case MHD_CONNECTION_INFO_CIPHER_ALGO: |
2270 | if (connection->tls_session == NULL) | 2266 | if (connection->tls_session == NULL) |
2271 | return NULL; | 2267 | return NULL; |
2272 | return (const union MHD_ConnectionInfo *) &connection-> | 2268 | connection->cipher = gnutls_cipher_get (connection->tls_session); |
2273 | tls_session->security_parameters.read_bulk_cipher_algorithm; | 2269 | return (const union MHD_ConnectionInfo *) &connection->cipher; |
2274 | case MHD_CONNECTION_INFO_PROTOCOL: | 2270 | case MHD_CONNECTION_INFO_PROTOCOL: |
2275 | if (connection->tls_session == NULL) | 2271 | if (connection->tls_session == NULL) |
2276 | return NULL; | 2272 | return NULL; |
2277 | return (const union MHD_ConnectionInfo *) &connection-> | 2273 | connection->protocol = gnutls_protocol_get_version (connection->tls_session); |
2278 | tls_session->security_parameters.version; | 2274 | return (const union MHD_ConnectionInfo *) &connection->protocol; |
2279 | #endif | 2275 | #endif |
2280 | case MHD_CONNECTION_INFO_CLIENT_ADDRESS: | 2276 | case MHD_CONNECTION_INFO_CLIENT_ADDRESS: |
2281 | return (const union MHD_ConnectionInfo *) &connection->addr; | 2277 | return (const union MHD_ConnectionInfo *) &connection->addr; |
diff --git a/src/daemon/connection_https.c b/src/daemon/connection_https.c index b5b1a4ba..ac8a9268 100644 --- a/src/daemon/connection_https.c +++ b/src/daemon/connection_https.c | |||
@@ -1,6 +1,6 @@ | |||
1 | /* | 1 | /* |
2 | This file is part of libmicrohttpd | 2 | This file is part of libmicrohttpd |
3 | (C) 2007, 2008 Daniel Pittman and Christian Grothoff | 3 | (C) 2007, 2008, 2010 Daniel Pittman and Christian Grothoff |
4 | 4 | ||
5 | This library is free software; you can redistribute it and/or | 5 | This library is free software; you can redistribute it and/or |
6 | modify it under the terms of the GNU Lesser General Public | 6 | modify it under the terms of the GNU Lesser General Public |
@@ -19,7 +19,7 @@ | |||
19 | */ | 19 | */ |
20 | 20 | ||
21 | /** | 21 | /** |
22 | * @file connection.c | 22 | * @file connection_https.c |
23 | * @brief Methods for managing SSL/TLS connections. This file is only | 23 | * @brief Methods for managing SSL/TLS connections. This file is only |
24 | * compiled if ENABLE_HTTPS is set. | 24 | * compiled if ENABLE_HTTPS is set. |
25 | * @author Sagie Amir | 25 | * @author Sagie Amir |
@@ -31,13 +31,7 @@ | |||
31 | #include "memorypool.h" | 31 | #include "memorypool.h" |
32 | #include "response.h" | 32 | #include "response.h" |
33 | #include "reason_phrase.h" | 33 | #include "reason_phrase.h" |
34 | 34 | #include <gnutls/gnutls.h> | |
35 | /* get opaque type */ | ||
36 | #include "gnutls_int.h" | ||
37 | #include "gnutls_record.h" | ||
38 | |||
39 | /* TODO #include rm "gnutls_errors.h" */ | ||
40 | #include "gnutls_errors.h" | ||
41 | 35 | ||
42 | /** | 36 | /** |
43 | * This function is called once a secure connection has been marked | 37 | * This function is called once a secure connection has been marked |
@@ -53,8 +47,8 @@ static void | |||
53 | MHD_tls_connection_close (struct MHD_Connection *connection, | 47 | MHD_tls_connection_close (struct MHD_Connection *connection, |
54 | enum MHD_RequestTerminationCode termination_code) | 48 | enum MHD_RequestTerminationCode termination_code) |
55 | { | 49 | { |
56 | MHD__gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR); | 50 | gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR); |
57 | connection->tls_session->internals.read_eof = 1; | 51 | /* connection->tls_session->internals.read_eof = 1; // FIXME_GHM: needed? */ |
58 | MHD_connection_close (connection, termination_code); | 52 | MHD_connection_close (connection, termination_code); |
59 | } | 53 | } |
60 | 54 | ||
@@ -107,6 +101,16 @@ MHD_tls_connection_handle_idle (struct MHD_Connection *connection) | |||
107 | return MHD_YES; | 101 | return MHD_YES; |
108 | } | 102 | } |
109 | 103 | ||
104 | /* FIXME_GHM: this is digging into gnutls/SSL internals | ||
105 | that is likely wrong... */ | ||
106 | /* Record Protocol */ | ||
107 | typedef enum content_type_t | ||
108 | { | ||
109 | GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT, | ||
110 | GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA, | ||
111 | GNUTLS_INNER_APPLICATION = 24 | ||
112 | } content_type_t; | ||
113 | |||
110 | /** | 114 | /** |
111 | * This function handles a particular SSL/TLS connection when | 115 | * This function handles a particular SSL/TLS connection when |
112 | * it has been determined that there is data to be read off a | 116 | * it has been determined that there is data to be read off a |
@@ -157,7 +161,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection) | |||
157 | if (connection->state == MHD_TLS_CONNECTION_INIT || | 161 | if (connection->state == MHD_TLS_CONNECTION_INIT || |
158 | connection->state == MHD_TLS_HELLO_REQUEST) | 162 | connection->state == MHD_TLS_HELLO_REQUEST) |
159 | { | 163 | { |
160 | ret = MHD__gnutls_handshake (connection->tls_session); | 164 | ret = gnutls_handshake (connection->tls_session); |
161 | if (ret == 0) | 165 | if (ret == 0) |
162 | { | 166 | { |
163 | /* set connection state to enable HTTP processing */ | 167 | /* set connection state to enable HTTP processing */ |
@@ -194,13 +198,13 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection) | |||
194 | return MHD_NO; | 198 | return MHD_NO; |
195 | 199 | ||
196 | case GNUTLS_ALERT: | 200 | case GNUTLS_ALERT: |
201 | #if FIXME_GHM | ||
197 | /* | 202 | /* |
198 | * this call of MHD_gtls_recv_int expects 0 bytes read. | 203 | * this call of MHD_gtls_recv_int expects 0 bytes read. |
199 | * done to decrypt alert message | 204 | * done to decrypt alert message |
200 | */ | 205 | */ |
201 | MHD_gtls_recv_int (connection->tls_session, GNUTLS_ALERT, | 206 | gnutls_recv_int (connection->tls_session, GNUTLS_ALERT, |
202 | GNUTLS_HANDSHAKE_FINISHED, 0, 0); | 207 | GNUTLS_HANDSHAKE_FINISHED, 0, 0); |
203 | |||
204 | /* CLOSE_NOTIFY */ | 208 | /* CLOSE_NOTIFY */ |
205 | if (connection->tls_session->internals.last_alert == | 209 | if (connection->tls_session->internals.last_alert == |
206 | GNUTLS_A_CLOSE_NOTIFY) | 210 | GNUTLS_A_CLOSE_NOTIFY) |
@@ -209,7 +213,8 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection) | |||
209 | return MHD_YES; | 213 | return MHD_YES; |
210 | } | 214 | } |
211 | /* non FATAL or WARNING */ | 215 | /* non FATAL or WARNING */ |
212 | else if (connection->tls_session->internals.last_alert_level != | 216 | else |
217 | if (connection->tls_session->internals.last_alert_level != | ||
213 | GNUTLS_AL_FATAL) | 218 | GNUTLS_AL_FATAL) |
214 | { | 219 | { |
215 | #if HAVE_MESSAGES | 220 | #if HAVE_MESSAGES |
@@ -239,12 +244,12 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection) | |||
239 | #endif | 244 | #endif |
240 | return MHD_NO; | 245 | return MHD_NO; |
241 | } | 246 | } |
247 | #endif | ||
242 | 248 | ||
243 | 249 | ||
244 | /* forward application level content to MHD */ | 250 | /* forward application level content to MHD */ |
245 | case GNUTLS_APPLICATION_DATA: | 251 | case GNUTLS_APPLICATION_DATA: |
246 | return MHD_connection_handle_read (connection); | 252 | return MHD_connection_handle_read (connection); |
247 | |||
248 | case GNUTLS_INNER_APPLICATION: | 253 | case GNUTLS_INNER_APPLICATION: |
249 | break; | 254 | break; |
250 | default: | 255 | default: |
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c index 74d20233..67eb5196 100644 --- a/src/daemon/daemon.c +++ b/src/daemon/daemon.c | |||
@@ -32,8 +32,7 @@ | |||
32 | 32 | ||
33 | #if HTTPS_SUPPORT | 33 | #if HTTPS_SUPPORT |
34 | #include "connection_https.h" | 34 | #include "connection_https.h" |
35 | #include "gnutls_int.h" | 35 | #include <gnutls/gnutls.h> |
36 | #include "gnutls_global.h" | ||
37 | #endif | 36 | #endif |
38 | 37 | ||
39 | #ifdef HAVE_POLL_H | 38 | #ifdef HAVE_POLL_H |
@@ -331,27 +330,7 @@ MHD_ip_limit_del(struct MHD_Daemon *daemon, | |||
331 | } | 330 | } |
332 | 331 | ||
333 | #if HTTPS_SUPPORT | 332 | #if HTTPS_SUPPORT |
334 | pthread_mutex_t MHD_gnutls_init_mutex; | 333 | static pthread_mutex_t MHD_gnutls_init_mutex; |
335 | |||
336 | /** | ||
337 | * Note: code duplication with code in MHD_gnutls_priority.c | ||
338 | * | ||
339 | * @return 0 | ||
340 | */ | ||
341 | static int | ||
342 | _set_priority (MHD_gtls_priority_st * st, const int *list) | ||
343 | { | ||
344 | int num = 0; | ||
345 | |||
346 | if (list == NULL) | ||
347 | return 0; | ||
348 | while ((list[num] != 0) && (num < MAX_ALGOS)) | ||
349 | num++; | ||
350 | st->num_algorithms = num; | ||
351 | memcpy (st->priority, list, num * sizeof (int)); | ||
352 | return 0; | ||
353 | } | ||
354 | |||
355 | 334 | ||
356 | /** | 335 | /** |
357 | * Callback for receiving data from the socket. | 336 | * Callback for receiving data from the socket. |
@@ -364,7 +343,7 @@ _set_priority (MHD_gtls_priority_st * st, const int *list) | |||
364 | static ssize_t | 343 | static ssize_t |
365 | recv_tls_adapter (struct MHD_Connection *connection, void *other, size_t i) | 344 | recv_tls_adapter (struct MHD_Connection *connection, void *other, size_t i) |
366 | { | 345 | { |
367 | return MHD__gnutls_record_recv (connection->tls_session, other, i); | 346 | return gnutls_record_recv (connection->tls_session, other, i); |
368 | } | 347 | } |
369 | 348 | ||
370 | /** | 349 | /** |
@@ -379,7 +358,7 @@ static ssize_t | |||
379 | send_tls_adapter (struct MHD_Connection *connection, | 358 | send_tls_adapter (struct MHD_Connection *connection, |
380 | const void *other, size_t i) | 359 | const void *other, size_t i) |
381 | { | 360 | { |
382 | return MHD__gnutls_record_send (connection->tls_session, other, i); | 361 | return gnutls_record_send (connection->tls_session, other, i); |
383 | } | 362 | } |
384 | 363 | ||
385 | 364 | ||
@@ -391,8 +370,8 @@ send_tls_adapter (struct MHD_Connection *connection, | |||
391 | static int | 370 | static int |
392 | MHD_init_daemon_certificate (struct MHD_Daemon *daemon) | 371 | MHD_init_daemon_certificate (struct MHD_Daemon *daemon) |
393 | { | 372 | { |
394 | MHD_gnutls_datum_t key; | 373 | gnutls_datum_t key; |
395 | MHD_gnutls_datum_t cert; | 374 | gnutls_datum_t cert; |
396 | 375 | ||
397 | /* certificate & key loaded from memory */ | 376 | /* certificate & key loaded from memory */ |
398 | if (daemon->https_mem_cert && daemon->https_mem_key) | 377 | if (daemon->https_mem_cert && daemon->https_mem_key) |
@@ -402,7 +381,7 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon) | |||
402 | cert.data = (unsigned char *) daemon->https_mem_cert; | 381 | cert.data = (unsigned char *) daemon->https_mem_cert; |
403 | cert.size = strlen (daemon->https_mem_cert); | 382 | cert.size = strlen (daemon->https_mem_cert); |
404 | 383 | ||
405 | return MHD__gnutls_certificate_set_x509_key_mem (daemon->x509_cred, | 384 | return gnutls_certificate_set_x509_key_mem (daemon->x509_cred, |
406 | &cert, &key, | 385 | &cert, &key, |
407 | GNUTLS_X509_FMT_PEM); | 386 | GNUTLS_X509_FMT_PEM); |
408 | } | 387 | } |
@@ -422,9 +401,9 @@ MHD_TLS_init (struct MHD_Daemon *daemon) | |||
422 | { | 401 | { |
423 | switch (daemon->cred_type) | 402 | switch (daemon->cred_type) |
424 | { | 403 | { |
425 | case MHD_GNUTLS_CRD_CERTIFICATE: | 404 | case GNUTLS_CRD_CERTIFICATE: |
426 | if (0 != | 405 | if (0 != |
427 | MHD__gnutls_certificate_allocate_credentials (&daemon->x509_cred)) | 406 | gnutls_certificate_allocate_credentials (&daemon->x509_cred)) |
428 | return GNUTLS_E_MEMORY_ERROR; | 407 | return GNUTLS_E_MEMORY_ERROR; |
429 | return MHD_init_daemon_certificate (daemon); | 408 | return MHD_init_daemon_certificate (daemon); |
430 | default: | 409 | default: |
@@ -785,15 +764,13 @@ MHD_accept_connection (struct MHD_Daemon *daemon) | |||
785 | connection->send_cls = &send_tls_adapter; | 764 | connection->send_cls = &send_tls_adapter; |
786 | connection->state = MHD_TLS_CONNECTION_INIT; | 765 | connection->state = MHD_TLS_CONNECTION_INIT; |
787 | MHD_set_https_calbacks (connection); | 766 | MHD_set_https_calbacks (connection); |
788 | MHD__gnutls_init (&connection->tls_session, GNUTLS_SERVER); | 767 | gnutls_init (&connection->tls_session, GNUTLS_SERVER); |
789 | MHD__gnutls_priority_set (connection->tls_session, | ||
790 | connection->daemon->priority_cache); | ||
791 | switch (connection->daemon->cred_type) | 768 | switch (connection->daemon->cred_type) |
792 | { | 769 | { |
793 | /* set needed credentials for certificate authentication. */ | 770 | /* set needed credentials for certificate authentication. */ |
794 | case MHD_GNUTLS_CRD_CERTIFICATE: | 771 | case GNUTLS_CRD_CERTIFICATE: |
795 | MHD__gnutls_credentials_set (connection->tls_session, | 772 | gnutls_credentials_set (connection->tls_session, |
796 | MHD_GNUTLS_CRD_CERTIFICATE, | 773 | GNUTLS_CRD_CERTIFICATE, |
797 | connection->daemon->x509_cred); | 774 | connection->daemon->x509_cred); |
798 | break; | 775 | break; |
799 | default: | 776 | default: |
@@ -816,13 +793,13 @@ MHD_accept_connection (struct MHD_Daemon *daemon) | |||
816 | ); | 793 | ); |
817 | return MHD_NO; | 794 | return MHD_NO; |
818 | } | 795 | } |
819 | MHD__gnutls_transport_set_ptr (connection->tls_session, | 796 | gnutls_transport_set_ptr (connection->tls_session, |
820 | (MHD_gnutls_transport_ptr_t) connection); | 797 | (gnutls_transport_ptr_t) connection); |
821 | MHD__gnutls_transport_set_pull_function (connection->tls_session, | 798 | gnutls_transport_set_pull_function (connection->tls_session, |
822 | (MHD_gtls_pull_func) & | 799 | (gnutls_pull_func) & |
823 | recv_param_adapter); | 800 | recv_param_adapter); |
824 | MHD__gnutls_transport_set_push_function (connection->tls_session, | 801 | gnutls_transport_set_push_function (connection->tls_session, |
825 | (MHD_gtls_push_func) & | 802 | (gnutls_push_func) & |
826 | send_param_adapter); | 803 | send_param_adapter); |
827 | } | 804 | } |
828 | #endif | 805 | #endif |
@@ -893,7 +870,7 @@ MHD_cleanup_connections (struct MHD_Daemon *daemon) | |||
893 | MHD_pool_destroy (pos->pool); | 870 | MHD_pool_destroy (pos->pool); |
894 | #if HTTPS_SUPPORT | 871 | #if HTTPS_SUPPORT |
895 | if (pos->tls_session != NULL) | 872 | if (pos->tls_session != NULL) |
896 | MHD__gnutls_deinit (pos->tls_session); | 873 | gnutls_deinit (pos->tls_session); |
897 | #endif | 874 | #endif |
898 | MHD_ip_limit_del (daemon, (struct sockaddr*)pos->addr, pos->addr_len); | 875 | MHD_ip_limit_del (daemon, (struct sockaddr*)pos->addr, pos->addr_len); |
899 | free (pos->addr); | 876 | free (pos->addr); |
@@ -1265,9 +1242,8 @@ parse_options_va (struct MHD_Daemon *daemon, | |||
1265 | break; | 1242 | break; |
1266 | #if HTTPS_SUPPORT | 1243 | #if HTTPS_SUPPORT |
1267 | case MHD_OPTION_PROTOCOL_VERSION: | 1244 | case MHD_OPTION_PROTOCOL_VERSION: |
1268 | if (daemon->options & MHD_USE_SSL) | 1245 | FPRINTF (stderr, |
1269 | _set_priority (&daemon->priority_cache->protocol, | 1246 | "Protocol version setting currently not supported.\n"); |
1270 | va_arg (ap, const int *)); | ||
1271 | #if HAVE_MESSAGES | 1247 | #if HAVE_MESSAGES |
1272 | else | 1248 | else |
1273 | FPRINTF (stderr, | 1249 | FPRINTF (stderr, |
@@ -1296,9 +1272,8 @@ parse_options_va (struct MHD_Daemon *daemon, | |||
1296 | #endif | 1272 | #endif |
1297 | break; | 1273 | break; |
1298 | case MHD_OPTION_CIPHER_ALGORITHM: | 1274 | case MHD_OPTION_CIPHER_ALGORITHM: |
1299 | if (daemon->options & MHD_USE_SSL) | 1275 | FPRINTF (stderr, |
1300 | _set_priority (&daemon->priority_cache->cipher, | 1276 | "CIPHER setting currently not supported\n"); |
1301 | va_arg (ap, const int *)); | ||
1302 | #if HAVE_MESSAGES | 1277 | #if HAVE_MESSAGES |
1303 | else | 1278 | else |
1304 | FPRINTF (stderr, | 1279 | FPRINTF (stderr, |
@@ -1478,9 +1453,7 @@ MHD_start_daemon_va (unsigned int options, | |||
1478 | #endif | 1453 | #endif |
1479 | mhd_panic (mhd_panic_cls, __FILE__, __LINE__, NULL); | 1454 | mhd_panic (mhd_panic_cls, __FILE__, __LINE__, NULL); |
1480 | } | 1455 | } |
1481 | /* set default priorities */ | 1456 | retVal->cred_type = GNUTLS_CRD_CERTIFICATE; |
1482 | MHD_tls_set_default_priority (&retVal->priority_cache, "", NULL); | ||
1483 | retVal->cred_type = MHD_GNUTLS_CRD_CERTIFICATE; | ||
1484 | } | 1457 | } |
1485 | #endif | 1458 | #endif |
1486 | 1459 | ||
@@ -1874,9 +1847,8 @@ MHD_stop_daemon (struct MHD_Daemon *daemon) | |||
1874 | #if HTTPS_SUPPORT | 1847 | #if HTTPS_SUPPORT |
1875 | if (daemon->options & MHD_USE_SSL) | 1848 | if (daemon->options & MHD_USE_SSL) |
1876 | { | 1849 | { |
1877 | MHD__gnutls_priority_deinit (daemon->priority_cache); | ||
1878 | if (daemon->x509_cred) | 1850 | if (daemon->x509_cred) |
1879 | MHD__gnutls_certificate_free_credentials (daemon->x509_cred); | 1851 | gnutls_certificate_free_credentials (daemon->x509_cred); |
1880 | /* lock MHD_gnutls_global mutex since it uses reference counting */ | 1852 | /* lock MHD_gnutls_global mutex since it uses reference counting */ |
1881 | if (0 != pthread_mutex_lock (&MHD_gnutls_init_mutex)) | 1853 | if (0 != pthread_mutex_lock (&MHD_gnutls_init_mutex)) |
1882 | { | 1854 | { |
@@ -1993,7 +1965,7 @@ void ATTRIBUTE_CONSTRUCTOR MHD_init () | |||
1993 | plibc_init ("GNU", "libmicrohttpd"); | 1965 | plibc_init ("GNU", "libmicrohttpd"); |
1994 | #endif | 1966 | #endif |
1995 | #if HTTPS_SUPPORT | 1967 | #if HTTPS_SUPPORT |
1996 | MHD__gnutls_global_init (); | 1968 | gnutls_global_init (); |
1997 | if (0 != pthread_mutex_init(&MHD_gnutls_init_mutex, NULL)) | 1969 | if (0 != pthread_mutex_init(&MHD_gnutls_init_mutex, NULL)) |
1998 | abort(); | 1970 | abort(); |
1999 | #endif | 1971 | #endif |
@@ -2002,7 +1974,7 @@ void ATTRIBUTE_CONSTRUCTOR MHD_init () | |||
2002 | void ATTRIBUTE_DESTRUCTOR MHD_fini () | 1974 | void ATTRIBUTE_DESTRUCTOR MHD_fini () |
2003 | { | 1975 | { |
2004 | #if HTTPS_SUPPORT | 1976 | #if HTTPS_SUPPORT |
2005 | MHD__gnutls_global_deinit (); | 1977 | gnutls_global_deinit (); |
2006 | if (0 != pthread_mutex_destroy(&MHD_gnutls_init_mutex)) | 1978 | if (0 != pthread_mutex_destroy(&MHD_gnutls_init_mutex)) |
2007 | mhd_panic (mhd_panic_cls, __FILE__, __LINE__, NULL); | 1979 | mhd_panic (mhd_panic_cls, __FILE__, __LINE__, NULL); |
2008 | #endif | 1980 | #endif |
diff --git a/src/daemon/https/Makefile.am b/src/daemon/https/Makefile.am deleted file mode 100644 index 8b4c1aa1..00000000 --- a/src/daemon/https/Makefile.am +++ /dev/null | |||
@@ -1,3 +0,0 @@ | |||
1 | EXTRA_DIST = gnutls.h | ||
2 | |||
3 | SUBDIRS = minitasn1 lgl x509 tls . | ||
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h deleted file mode 100644 index f2f6f069..00000000 --- a/src/daemon/https/gnutls.h +++ /dev/null | |||
@@ -1,697 +0,0 @@ | |||
1 | /* -*- c -*- | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavroyanopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains the types and prototypes for all the | ||
26 | * high level functionality of gnutls main library. For the | ||
27 | * extra functionality (which is under the GNU GPL license) check | ||
28 | * the gnutls/extra.h header. The openssl compatibility layer is | ||
29 | * in gnutls/openssl.h. | ||
30 | * | ||
31 | * The low level cipher functionality is in libgcrypt. Check | ||
32 | * gcrypt.h | ||
33 | */ | ||
34 | |||
35 | #ifndef GNUTLS_H | ||
36 | #define GNUTLS_H | ||
37 | |||
38 | #ifdef __cplusplus | ||
39 | extern "C" | ||
40 | { | ||
41 | #if 0 /* keep Emacsens' auto-indent happy */ | ||
42 | } | ||
43 | #endif | ||
44 | #endif | ||
45 | |||
46 | |||
47 | /** | ||
48 | * List of key exchange algorithms. | ||
49 | * Note that not all listed algorithms are necessarily | ||
50 | * supported by all builds of MHD. | ||
51 | */ | ||
52 | enum MHD_GNUTLS_KeyExchangeAlgorithm | ||
53 | { | ||
54 | MHD_GNUTLS_KX_UNKNOWN = 0, | ||
55 | MHD_GNUTLS_KX_RSA = 1, | ||
56 | }; | ||
57 | |||
58 | /** | ||
59 | * Server credentials type (note that not all types | ||
60 | * maybe supported by all MHD builds). | ||
61 | */ | ||
62 | enum MHD_GNUTLS_CredentialsType | ||
63 | { | ||
64 | /** | ||
65 | * We have a x.509 certificate. | ||
66 | */ | ||
67 | MHD_GNUTLS_CRD_CERTIFICATE = 1, | ||
68 | |||
69 | }; | ||
70 | |||
71 | /** | ||
72 | * Enumeration of possible cryptographic | ||
73 | * hash functions (for MAC and Digest operations). | ||
74 | * Note that not all listed algorithms are necessarily | ||
75 | * supported by all builds of MHD. | ||
76 | */ | ||
77 | enum MHD_GNUTLS_HashAlgorithm | ||
78 | { | ||
79 | MHD_GNUTLS_MAC_UNKNOWN = 0, | ||
80 | MHD_GNUTLS_MAC_NULL = 1, | ||
81 | MHD_GNUTLS_MAC_MD5, | ||
82 | MHD_GNUTLS_MAC_SHA1, | ||
83 | MHD_GNUTLS_MAC_SHA256 | ||
84 | }; | ||
85 | |||
86 | /** | ||
87 | * List of compression methods. | ||
88 | * Note that not all listed algorithms are necessarily | ||
89 | * supported by all builds of MHD. | ||
90 | */ | ||
91 | enum MHD_GNUTLS_CompressionMethod | ||
92 | { | ||
93 | MHD_GNUTLS_COMP_UNKNOWN = 0, | ||
94 | |||
95 | /** | ||
96 | * No compression. | ||
97 | */ | ||
98 | MHD_GNUTLS_COMP_NULL = 1, | ||
99 | |||
100 | }; | ||
101 | /** | ||
102 | * Types of certificates. | ||
103 | */ | ||
104 | enum MHD_GNUTLS_CertificateType | ||
105 | { | ||
106 | MHD_GNUTLS_CRT_UNKNOWN = 0, | ||
107 | MHD_GNUTLS_CRT_X509 = 1 | ||
108 | }; | ||
109 | |||
110 | /** | ||
111 | * List of public key algorithms. | ||
112 | * Note that not all listed algorithms are necessarily | ||
113 | * supported by all builds of MHD. | ||
114 | */ | ||
115 | enum MHD_GNUTLS_PublicKeyAlgorithm | ||
116 | { | ||
117 | MHD_GNUTLS_PK_UNKNOWN = 0, | ||
118 | MHD_GNUTLS_PK_RSA = 1, | ||
119 | MHD_GNUTLS_KX_RSA_EXPORT | ||
120 | }; | ||
121 | |||
122 | |||
123 | |||
124 | #define LIBGNUTLS_VERSION "2.2.3" | ||
125 | |||
126 | /* Get size_t. */ | ||
127 | #include <stddef.h> | ||
128 | |||
129 | #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC | ||
130 | #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC | ||
131 | #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC | ||
132 | #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128 | ||
133 | |||
134 | #define GNUTLS_MAX_SESSION_ID 32 | ||
135 | #define TLS_MASTER_SIZE 48 | ||
136 | #define TLS_RANDOM_SIZE 32 | ||
137 | |||
138 | #include "platform.h" | ||
139 | #include "microhttpd.h" | ||
140 | |||
141 | typedef enum | ||
142 | { | ||
143 | GNUTLS_PARAMS_RSA_EXPORT = 1, | ||
144 | GNUTLS_PARAMS_DH | ||
145 | } MHD_gnutls_params_type_t; | ||
146 | |||
147 | /* exported for other gnutls headers. This is the maximum number of | ||
148 | * algorithms (ciphers, kx or macs). | ||
149 | */ | ||
150 | #define GNUTLS_MAX_ALGORITHM_NUM 16 | ||
151 | #define GNUTLS_COMP_ZLIB GNUTLS_COMP_DEFLATE | ||
152 | |||
153 | typedef enum | ||
154 | { | ||
155 | GNUTLS_SERVER = 1, | ||
156 | GNUTLS_CLIENT | ||
157 | } MHD_gnutls_connection_end_t; | ||
158 | |||
159 | typedef enum | ||
160 | { | ||
161 | GNUTLS_AL_WARNING = 1, | ||
162 | GNUTLS_AL_FATAL | ||
163 | } MHD_gnutls_alert_level_t; | ||
164 | |||
165 | typedef enum | ||
166 | { | ||
167 | GNUTLS_A_CLOSE_NOTIFY, | ||
168 | GNUTLS_A_UNEXPECTED_MESSAGE = 10, | ||
169 | GNUTLS_A_BAD_RECORD_MAC = 20, | ||
170 | GNUTLS_A_DECRYPTION_FAILED, | ||
171 | GNUTLS_A_RECORD_OVERFLOW, | ||
172 | GNUTLS_A_DECOMPRESSION_FAILURE = 30, | ||
173 | GNUTLS_A_HANDSHAKE_FAILURE = 40, | ||
174 | GNUTLS_A_SSL3_NO_CERTIFICATE = 41, | ||
175 | GNUTLS_A_BAD_CERTIFICATE = 42, | ||
176 | GNUTLS_A_UNSUPPORTED_CERTIFICATE, | ||
177 | GNUTLS_A_CERTIFICATE_REVOKED, | ||
178 | GNUTLS_A_CERTIFICATE_EXPIRED, | ||
179 | GNUTLS_A_CERTIFICATE_UNKNOWN, | ||
180 | GNUTLS_A_ILLEGAL_PARAMETER, | ||
181 | GNUTLS_A_UNKNOWN_CA, | ||
182 | GNUTLS_A_ACCESS_DENIED, | ||
183 | GNUTLS_A_DECODE_ERROR = 50, | ||
184 | GNUTLS_A_DECRYPT_ERROR, | ||
185 | GNUTLS_A_EXPORT_RESTRICTION = 60, | ||
186 | GNUTLS_A_PROTOCOL_VERSION = 70, | ||
187 | GNUTLS_A_INSUFFICIENT_SECURITY, | ||
188 | GNUTLS_A_INTERNAL_ERROR = 80, | ||
189 | GNUTLS_A_USER_CANCELED = 90, | ||
190 | GNUTLS_A_NO_RENEGOTIATION = 100, | ||
191 | GNUTLS_A_UNSUPPORTED_EXTENSION = 110, | ||
192 | GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111, | ||
193 | GNUTLS_A_UNRECOGNIZED_NAME = 112, | ||
194 | GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115, | ||
195 | } MHD_gnutls_alert_description_t; | ||
196 | |||
197 | typedef enum | ||
198 | { GNUTLS_HANDSHAKE_HELLO_REQUEST = 0, | ||
199 | GNUTLS_HANDSHAKE_CLIENT_HELLO = 1, | ||
200 | GNUTLS_HANDSHAKE_SERVER_HELLO = 2, | ||
201 | GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11, | ||
202 | GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12, | ||
203 | GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13, | ||
204 | GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = 14, | ||
205 | GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15, | ||
206 | GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16, | ||
207 | GNUTLS_HANDSHAKE_FINISHED = 20, | ||
208 | GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23 | ||
209 | } MHD_gnutls_handshake_description_t; | ||
210 | |||
211 | typedef enum | ||
212 | { | ||
213 | GNUTLS_CERT_INVALID = 2, /* will be set if the certificate | ||
214 | * was not verified. | ||
215 | */ | ||
216 | GNUTLS_CERT_REVOKED = 32, /* in X.509 this will be set only if CRLs are checked | ||
217 | */ | ||
218 | |||
219 | /* Those are extra information about the verification | ||
220 | * process. Will be set only if the certificate was | ||
221 | * not verified. | ||
222 | */ | ||
223 | GNUTLS_CERT_SIGNER_NOT_FOUND = 64, | ||
224 | GNUTLS_CERT_SIGNER_NOT_CA = 128, | ||
225 | GNUTLS_CERT_INSECURE_ALGORITHM = 256 | ||
226 | } MHD_gnutls_certificate_status_t; | ||
227 | |||
228 | typedef enum | ||
229 | { | ||
230 | GNUTLS_CERT_IGNORE, | ||
231 | GNUTLS_CERT_REQUEST = 1, | ||
232 | GNUTLS_CERT_REQUIRE | ||
233 | } MHD_gnutls_certificate_request_t; | ||
234 | |||
235 | typedef enum | ||
236 | { | ||
237 | GNUTLS_SHUT_RDWR = 0, | ||
238 | GNUTLS_SHUT_WR = 1 | ||
239 | } MHD_gnutls_close_request_t; | ||
240 | |||
241 | typedef enum | ||
242 | { | ||
243 | GNUTLS_X509_FMT_DER, | ||
244 | GNUTLS_X509_FMT_PEM | ||
245 | } MHD_gnutls_x509_crt_fmt_t; | ||
246 | |||
247 | typedef enum | ||
248 | { | ||
249 | GNUTLS_SIGN_UNKNOWN = 0, | ||
250 | GNUTLS_SIGN_RSA_SHA1 = 1, | ||
251 | GNUTLS_SIGN_DSA_SHA1, | ||
252 | GNUTLS_SIGN_RSA_MD5, | ||
253 | GNUTLS_SIGN_RSA_MD2, | ||
254 | GNUTLS_SIGN_RSA_RMD160, | ||
255 | GNUTLS_SIGN_RSA_SHA256, | ||
256 | GNUTLS_SIGN_RSA_SHA384, | ||
257 | GNUTLS_SIGN_RSA_SHA512 | ||
258 | } MHD_gnutls_sign_algorithm_t; | ||
259 | |||
260 | /* If you want to change this, then also change the define in | ||
261 | * MHD_gnutls_int.h, and recompile. | ||
262 | */ | ||
263 | typedef void *MHD_gnutls_transport_ptr_t; | ||
264 | |||
265 | struct MHD_gtls_session_int; | ||
266 | typedef struct MHD_gtls_session_int *MHD_gtls_session_t; | ||
267 | |||
268 | struct MHD_gtls_dh_params_int; | ||
269 | typedef struct MHD_gtls_dh_params_int *MHD_gtls_dh_params_t; | ||
270 | |||
271 | struct MHD_gtls_x509_privkey_int; /* XXX ugly. */ | ||
272 | typedef struct MHD_gtls_x509_privkey_int *MHD_gtls_rsa_params_t; /* XXX ugly. */ | ||
273 | |||
274 | struct MHD_gtls_priority_st; | ||
275 | typedef struct MHD_gtls_priority_st *MHD_gnutls_priority_t; | ||
276 | |||
277 | typedef struct | ||
278 | { | ||
279 | unsigned char *data; | ||
280 | unsigned int size; | ||
281 | } MHD_gnutls_datum_t; | ||
282 | |||
283 | |||
284 | typedef struct MHD_gnutls_params_st | ||
285 | { | ||
286 | MHD_gnutls_params_type_t type; | ||
287 | union params | ||
288 | { | ||
289 | MHD_gtls_dh_params_t dh; | ||
290 | MHD_gtls_rsa_params_t rsa_export; | ||
291 | } params; | ||
292 | int deinit; | ||
293 | } MHD_gnutls_params_st; | ||
294 | |||
295 | typedef int MHD_gnutls_params_function (MHD_gtls_session_t, | ||
296 | MHD_gnutls_params_type_t, | ||
297 | MHD_gnutls_params_st *); | ||
298 | |||
299 | /* internal functions */ | ||
300 | int MHD__gnutls_global_init (void); | ||
301 | void MHD__gnutls_global_deinit (void); | ||
302 | |||
303 | int MHD__gnutls_init (MHD_gtls_session_t * session, | ||
304 | MHD_gnutls_connection_end_t con_end); | ||
305 | void MHD__gnutls_deinit (MHD_gtls_session_t session); | ||
306 | |||
307 | int MHD__gnutls_bye (MHD_gtls_session_t session, | ||
308 | MHD_gnutls_close_request_t how); | ||
309 | int MHD__gnutls_handshake (MHD_gtls_session_t session); | ||
310 | int MHD__gnutls_rehandshake (MHD_gtls_session_t session); | ||
311 | |||
312 | MHD_gnutls_alert_description_t MHD_gnutls_alert_get (MHD_gtls_session_t | ||
313 | session); | ||
314 | int MHD__gnutls_alert_send (MHD_gtls_session_t session, | ||
315 | MHD_gnutls_alert_level_t level, | ||
316 | MHD_gnutls_alert_description_t desc); | ||
317 | int MHD__gnutls_alert_send_appropriate (MHD_gtls_session_t session, int err); | ||
318 | const char *MHD__gnutls_alert_get_name (MHD_gnutls_alert_description_t alert); | ||
319 | |||
320 | size_t MHD__gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm | ||
321 | algorithm); | ||
322 | |||
323 | /* error functions */ | ||
324 | int MHD_gtls_error_is_fatal (int error); | ||
325 | int MHD_gtls_error_to_alert (int err, int *level); | ||
326 | void MHD_gtls_perror (int error); | ||
327 | const char *MHD_gtls_strerror (int error); | ||
328 | |||
329 | /* | ||
330 | * Record layer functions. | ||
331 | */ | ||
332 | ssize_t MHD__gnutls_record_send (MHD_gtls_session_t session, | ||
333 | const void *data, size_t sizeofdata); | ||
334 | ssize_t MHD__gnutls_record_recv (MHD_gtls_session_t session, void *data, | ||
335 | size_t sizeofdata); | ||
336 | |||
337 | /* provides extra compatibility */ | ||
338 | int MHD__gnutls_record_get_direction (MHD_gtls_session_t session); | ||
339 | |||
340 | /* | ||
341 | * TLS Extensions | ||
342 | */ | ||
343 | typedef enum | ||
344 | { | ||
345 | GNUTLS_NAME_DNS = 1 | ||
346 | } MHD_gnutls_server_name_type_t; | ||
347 | |||
348 | /* Supplemental data, RFC 4680. */ | ||
349 | typedef enum | ||
350 | { | ||
351 | GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0 | ||
352 | } MHD_gnutls_supplemental_data_format_type_t; | ||
353 | |||
354 | |||
355 | int MHD_tls_set_default_priority (MHD_gnutls_priority_t *, | ||
356 | const char *priority, const char **err_pos); | ||
357 | void MHD__gnutls_priority_deinit (MHD_gnutls_priority_t); | ||
358 | |||
359 | int MHD__gnutls_priority_set (MHD_gtls_session_t session, | ||
360 | MHD_gnutls_priority_t); | ||
361 | int MHD__gnutls_priority_set_direct (MHD_gtls_session_t session, | ||
362 | const char *priority, | ||
363 | const char **err_pos); | ||
364 | |||
365 | /* get the currently used protocol version */ | ||
366 | enum MHD_GNUTLS_Protocol | ||
367 | MHD__gnutls_protocol_get_version (MHD_gtls_session_t session); | ||
368 | |||
369 | typedef | ||
370 | int (*MHD_gnutls_handshake_post_client_hello_func) (MHD_gtls_session_t); | ||
371 | void MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t | ||
372 | session, size_t max); | ||
373 | |||
374 | /* | ||
375 | * Functions for setting/clearing credentials | ||
376 | */ | ||
377 | void MHD__gnutls_credentials_clear (MHD_gtls_session_t session); | ||
378 | |||
379 | /* | ||
380 | * cred is a structure defined by the kx algorithm | ||
381 | */ | ||
382 | int MHD__gnutls_credentials_set (MHD_gtls_session_t session, | ||
383 | enum MHD_GNUTLS_CredentialsType type, | ||
384 | void *cred); | ||
385 | |||
386 | /* Credential structures - used in MHD__gnutls_credentials_set(); */ | ||
387 | struct MHD_gtls_certificate_credentials_st; | ||
388 | typedef struct MHD_gtls_certificate_credentials_st | ||
389 | *MHD_gtls_cert_credentials_t; | ||
390 | typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_server_credentials; | ||
391 | typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_client_credentials; | ||
392 | |||
393 | void MHD__gnutls_certificate_free_credentials (MHD_gtls_cert_credentials_t | ||
394 | sc); | ||
395 | int | ||
396 | MHD__gnutls_certificate_allocate_credentials (MHD_gtls_cert_credentials_t | ||
397 | * res); | ||
398 | |||
399 | void MHD__gnutls_certificate_free_keys (MHD_gtls_cert_credentials_t sc); | ||
400 | void MHD__gnutls_certificate_free_cas (MHD_gtls_cert_credentials_t sc); | ||
401 | void MHD__gnutls_certificate_free_ca_names (MHD_gtls_cert_credentials_t sc); | ||
402 | |||
403 | int MHD__gnutls_certificate_set_x509_key_mem (MHD_gtls_cert_credentials_t | ||
404 | res, | ||
405 | const MHD_gnutls_datum_t * | ||
406 | CERT, | ||
407 | const MHD_gnutls_datum_t * | ||
408 | KEY, | ||
409 | MHD_gnutls_x509_crt_fmt_t type); | ||
410 | |||
411 | void MHD__gnutls_certificate_send_x509_rdn_sequence (MHD_gtls_session_t | ||
412 | session, int status); | ||
413 | |||
414 | /* | ||
415 | * New functions to allow setting already parsed X.509 stuff. | ||
416 | */ | ||
417 | struct MHD_gtls_x509_privkey_int; | ||
418 | typedef struct MHD_gtls_x509_privkey_int *MHD_gnutls_x509_privkey_t; | ||
419 | |||
420 | struct MHD_gnutls_x509_crl_int; | ||
421 | typedef struct MHD_gnutls_x509_crl_int *MHD_gnutls_x509_crl_t; | ||
422 | |||
423 | struct MHD_gnutls_x509_crt_int; | ||
424 | typedef struct MHD_gnutls_x509_crt_int *MHD_gnutls_x509_crt_t; | ||
425 | |||
426 | /* global state functions | ||
427 | */ | ||
428 | |||
429 | |||
430 | typedef void *(*MHD_gnutls_alloc_function) (size_t); | ||
431 | typedef int (*MHD_gnutls_is_secure_function) (const void *); | ||
432 | typedef void *(*MHD_gnutls_calloc_function) (size_t, size_t); | ||
433 | typedef void (*MHD_gnutls_free_function) (void *); | ||
434 | typedef void *(*MHD_gnutls_realloc_function) (void *, size_t); | ||
435 | |||
436 | /* For use in callbacks */ | ||
437 | extern MHD_gnutls_alloc_function MHD_gnutls_malloc; | ||
438 | extern MHD_gnutls_alloc_function MHD_gnutls_secure_malloc; | ||
439 | extern MHD_gnutls_realloc_function MHD_gnutls_realloc; | ||
440 | extern MHD_gnutls_calloc_function MHD_gnutls_calloc; | ||
441 | extern MHD_gnutls_free_function MHD_gnutls_free; | ||
442 | |||
443 | typedef void (*MHD_gnutls_log_func) (int, const char *); | ||
444 | void MHD_gtls_global_set_log_function (MHD_gnutls_log_func log_func); | ||
445 | void MHD_gtls_global_set_log_level (int level); | ||
446 | |||
447 | /* | ||
448 | * Diffie Hellman parameter handling. | ||
449 | */ | ||
450 | int MHD__gnutls_dh_params_init (MHD_gtls_dh_params_t * dh_params); | ||
451 | void MHD__gnutls_dh_params_deinit (MHD_gtls_dh_params_t dh_params); | ||
452 | |||
453 | |||
454 | /* RSA params */ | ||
455 | int MHD__gnutls_rsa_params_init (MHD_gtls_rsa_params_t * rsa_params); | ||
456 | void MHD__gnutls_rsa_params_deinit (MHD_gtls_rsa_params_t rsa_params); | ||
457 | int MHD__gnutls_rsa_params_generate2 (MHD_gtls_rsa_params_t params, | ||
458 | unsigned int bits); | ||
459 | |||
460 | |||
461 | /* | ||
462 | * Session stuff | ||
463 | */ | ||
464 | typedef ssize_t (*MHD_gtls_pull_func) (MHD_gnutls_transport_ptr_t, void *, | ||
465 | size_t); | ||
466 | typedef ssize_t (*MHD_gtls_push_func) (MHD_gnutls_transport_ptr_t, | ||
467 | const void *, size_t); | ||
468 | void MHD__gnutls_transport_set_ptr (MHD_gtls_session_t session, | ||
469 | MHD_gnutls_transport_ptr_t ptr); | ||
470 | void MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num); | ||
471 | |||
472 | |||
473 | void MHD__gnutls_transport_set_push_function (MHD_gtls_session_t session, | ||
474 | MHD_gtls_push_func push_func); | ||
475 | void MHD__gnutls_transport_set_pull_function (MHD_gtls_session_t session, | ||
476 | MHD_gtls_pull_func pull_func); | ||
477 | |||
478 | typedef enum MHD_gnutls_x509_subject_alt_name_t | ||
479 | { | ||
480 | GNUTLS_SAN_DNSNAME = 1, | ||
481 | GNUTLS_SAN_RFC822NAME, | ||
482 | GNUTLS_SAN_URI, | ||
483 | GNUTLS_SAN_IPADDRESS, | ||
484 | GNUTLS_SAN_OTHERNAME, | ||
485 | GNUTLS_SAN_DN, | ||
486 | /* The following are "virtual" subject alternative name types, in | ||
487 | that they are represented by an otherName value and an OID. | ||
488 | Used by MHD_gnutls_x509_crt_get_subject_alt_othername_oid(). */ | ||
489 | GNUTLS_SAN_OTHERNAME_XMPP = 1000 | ||
490 | } MHD_gnutls_x509_subject_alt_name_t; | ||
491 | |||
492 | typedef struct MHD_gnutls_retr_st | ||
493 | { | ||
494 | enum MHD_GNUTLS_CertificateType type; | ||
495 | union cert | ||
496 | { | ||
497 | MHD_gnutls_x509_crt_t *x509; | ||
498 | } cert; | ||
499 | unsigned int ncerts; | ||
500 | |||
501 | union key | ||
502 | { | ||
503 | MHD_gnutls_x509_privkey_t x509; | ||
504 | } key; | ||
505 | |||
506 | unsigned int deinit_all; /* if non zero all keys will be deinited */ | ||
507 | } MHD_gnutls_retr_st; | ||
508 | |||
509 | typedef int | ||
510 | MHD_gnutls_certificate_client_retrieve_function (MHD_gtls_session_t, | ||
511 | const MHD_gnutls_datum_t | ||
512 | * req_ca_rdn, int nreqs, | ||
513 | const enum | ||
514 | MHD_GNUTLS_PublicKeyAlgorithm | ||
515 | *pk_algos, | ||
516 | int pk_algos_length, | ||
517 | MHD_gnutls_retr_st *); | ||
518 | |||
519 | typedef int | ||
520 | MHD_gnutls_certificate_server_retrieve_function (MHD_gtls_session_t, | ||
521 | MHD_gnutls_retr_st *); | ||
522 | |||
523 | /* | ||
524 | * Functions that allow auth_info_t structures handling | ||
525 | */ | ||
526 | enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_get_type (MHD_gtls_session_t | ||
527 | session); | ||
528 | /* | ||
529 | * DH | ||
530 | */ | ||
531 | void MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session, | ||
532 | unsigned int bits); | ||
533 | |||
534 | /* External signing callback. Experimental. */ | ||
535 | typedef int (*MHD_gnutls_sign_func) (MHD_gtls_session_t session, | ||
536 | void *userdata, | ||
537 | enum MHD_GNUTLS_CertificateType | ||
538 | cert_type, | ||
539 | const MHD_gnutls_datum_t * cert, | ||
540 | const MHD_gnutls_datum_t * hash, | ||
541 | MHD_gnutls_datum_t * signature); | ||
542 | |||
543 | /* key_usage will be an OR of the following values: */ | ||
544 | /* when the key is to be used for signing: */ | ||
545 | #define GNUTLS_KEY_DIGITAL_SIGNATURE 128 | ||
546 | #define GNUTLS_KEY_NON_REPUDIATION 64 | ||
547 | /* when the key is to be used for encryption: */ | ||
548 | #define GNUTLS_KEY_KEY_ENCIPHERMENT 32 | ||
549 | #define GNUTLS_KEY_DATA_ENCIPHERMENT 16 | ||
550 | #define GNUTLS_KEY_KEY_AGREEMENT 8 | ||
551 | #define GNUTLS_KEY_KEY_CERT_SIGN 4 | ||
552 | #define GNUTLS_KEY_CRL_SIGN 2 | ||
553 | #define GNUTLS_KEY_ENCIPHER_ONLY 1 | ||
554 | #define GNUTLS_KEY_DECIPHER_ONLY 32768 | ||
555 | |||
556 | /* | ||
557 | * Error codes. TLS alert mapping shown in comments. | ||
558 | */ | ||
559 | #define GNUTLS_E_SUCCESS 0 | ||
560 | #define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3 | ||
561 | #define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6 | ||
562 | #define GNUTLS_E_LARGE_PACKET -7 | ||
563 | #define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */ | ||
564 | #define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */ | ||
565 | #define GNUTLS_E_INVALID_SESSION -10 | ||
566 | #define GNUTLS_E_FATAL_ALERT_RECEIVED -12 | ||
567 | #define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */ | ||
568 | #define GNUTLS_E_WARNING_ALERT_RECEIVED -16 | ||
569 | #define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18 | ||
570 | #define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19 | ||
571 | #define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */ | ||
572 | #define GNUTLS_E_UNWANTED_ALGORITHM -22 | ||
573 | #define GNUTLS_E_MPI_SCAN_FAILED -23 | ||
574 | #define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */ | ||
575 | #define GNUTLS_E_MEMORY_ERROR -25 | ||
576 | #define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */ | ||
577 | #define GNUTLS_E_COMPRESSION_FAILED -27 | ||
578 | #define GNUTLS_E_AGAIN -28 | ||
579 | #define GNUTLS_E_EXPIRED -29 | ||
580 | #define GNUTLS_E_DB_ERROR -30 | ||
581 | #define GNUTLS_E_SRP_PWD_ERROR -31 | ||
582 | #define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32 | ||
583 | #define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */ | ||
584 | #define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS | ||
585 | #define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */ | ||
586 | |||
587 | #define GNUTLS_E_HASH_FAILED -33 | ||
588 | #define GNUTLS_E_BASE64_DECODING_ERROR -34 | ||
589 | |||
590 | #define GNUTLS_E_MPI_PRINT_FAILED -35 | ||
591 | #define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */ | ||
592 | #define GNUTLS_E_GOT_APPLICATION_DATA -38 | ||
593 | #define GNUTLS_E_RECORD_LIMIT_REACHED -39 | ||
594 | #define GNUTLS_E_ENCRYPTION_FAILED -40 | ||
595 | |||
596 | #define GNUTLS_E_PK_ENCRYPTION_FAILED -44 | ||
597 | #define GNUTLS_E_PK_DECRYPTION_FAILED -45 | ||
598 | #define GNUTLS_E_PK_SIGN_FAILED -46 | ||
599 | #define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47 | ||
600 | #define GNUTLS_E_KEY_USAGE_VIOLATION -48 | ||
601 | #define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */ | ||
602 | #define GNUTLS_E_INVALID_REQUEST -50 | ||
603 | #define GNUTLS_E_SHORT_MEMORY_BUFFER -51 | ||
604 | #define GNUTLS_E_INTERRUPTED -52 | ||
605 | #define GNUTLS_E_PUSH_ERROR -53 | ||
606 | #define GNUTLS_E_PULL_ERROR -54 | ||
607 | #define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */ | ||
608 | #define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56 | ||
609 | #define GNUTLS_E_PKCS1_WRONG_PAD -57 | ||
610 | #define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58 | ||
611 | #define GNUTLS_E_INTERNAL_ERROR -59 | ||
612 | #define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63 | ||
613 | #define GNUTLS_E_FILE_ERROR -64 | ||
614 | #define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78 | ||
615 | #define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80 | ||
616 | |||
617 | |||
618 | /* returned if libextra functionality was requested but | ||
619 | * MHD_gnutls_global_init_extra() was not called. | ||
620 | */ | ||
621 | #define GNUTLS_E_INIT_LIBEXTRA -82 | ||
622 | #define GNUTLS_E_LIBRARY_VERSION_MISMATCH -83 | ||
623 | |||
624 | |||
625 | /* returned if you need to generate temporary RSA | ||
626 | * parameters. These are needed for export cipher suites. | ||
627 | */ | ||
628 | #define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84 | ||
629 | |||
630 | #define GNUTLS_E_LZO_INIT_FAILED -85 | ||
631 | #define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86 | ||
632 | #define GNUTLS_E_NO_CIPHER_SUITES -87 | ||
633 | |||
634 | #define GNUTLS_E_PK_SIG_VERIFY_FAILED -89 | ||
635 | |||
636 | #define GNUTLS_E_ILLEGAL_SRP_USERNAME -90 | ||
637 | #define GNUTLS_E_SRP_PWD_PARSING_ERROR -91 | ||
638 | #define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93 | ||
639 | |||
640 | /* For certificate and key stuff | ||
641 | */ | ||
642 | #define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67 | ||
643 | #define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68 | ||
644 | #define GNUTLS_E_ASN1_DER_ERROR -69 | ||
645 | #define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70 | ||
646 | #define GNUTLS_E_ASN1_GENERIC_ERROR -71 | ||
647 | #define GNUTLS_E_ASN1_VALUE_NOT_VALID -72 | ||
648 | #define GNUTLS_E_ASN1_TAG_ERROR -73 | ||
649 | #define GNUTLS_E_ASN1_TAG_IMPLICIT -74 | ||
650 | #define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75 | ||
651 | #define GNUTLS_E_ASN1_SYNTAX_ERROR -76 | ||
652 | #define GNUTLS_E_ASN1_DER_OVERFLOW -77 | ||
653 | #define GNUTLS_E_CERTIFICATE_ERROR -43 | ||
654 | #define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR | ||
655 | #define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60 | ||
656 | #define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */ | ||
657 | #define GNUTLS_E_X509_UNKNOWN_SAN -62 | ||
658 | #define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95 | ||
659 | #define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96 | ||
660 | #define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97 | ||
661 | #define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98 | ||
662 | #define GNUTLS_E_INVALID_PASSWORD -99 | ||
663 | #define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */ | ||
664 | #define GNUTLS_E_CONSTRAINT_ERROR -101 | ||
665 | |||
666 | #define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102 | ||
667 | #define GNUTLS_E_WARNING_IA_FPHF_RECEIVED -103 | ||
668 | |||
669 | #define GNUTLS_E_IA_VERIFY_FAILED -104 | ||
670 | |||
671 | #define GNUTLS_E_UNKNOWN_ALGORITHM -105 | ||
672 | |||
673 | #define GNUTLS_E_BASE64_ENCODING_ERROR -201 | ||
674 | #define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */ | ||
675 | #define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202 | ||
676 | #define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203 | ||
677 | |||
678 | #define GNUTLS_E_X509_UNSUPPORTED_OID -205 | ||
679 | |||
680 | #define GNUTLS_E_RANDOM_FAILED -206 | ||
681 | #define GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR -207 | ||
682 | |||
683 | |||
684 | #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 | ||
685 | |||
686 | #define GNUTLS_E_APPLICATION_ERROR_MAX -65000 | ||
687 | #define GNUTLS_E_APPLICATION_ERROR_MIN -65500 | ||
688 | |||
689 | |||
690 | #if 0 /* keep Emacsens' auto-indent happy */ | ||
691 | { | ||
692 | #endif | ||
693 | #ifdef __cplusplus | ||
694 | } | ||
695 | #endif | ||
696 | |||
697 | #endif /* GNUTLS_H */ | ||
diff --git a/src/daemon/https/lgl/Makefile.am b/src/daemon/https/lgl/Makefile.am deleted file mode 100644 index 5659d5c5..00000000 --- a/src/daemon/https/lgl/Makefile.am +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | AM_CPPFLAGS = \ | ||
2 | -I$(top_srcdir)/src/include @LIBGCRYPT_CFLAGS@ | ||
3 | |||
4 | if USE_COVERAGE | ||
5 | AM_CFLAGS = -fprofile-arcs -ftest-coverage | ||
6 | endif | ||
7 | |||
8 | noinst_LTLIBRARIES = liblgl.la | ||
9 | |||
10 | liblgl_la_SOURCES = \ | ||
11 | gc-libgcrypt.c \ | ||
12 | gc.h | ||
13 | liblgl_la_LIBADD = @LIBGCRYPT_LIBS@ | ||
diff --git a/src/daemon/https/lgl/gc-libgcrypt.c b/src/daemon/https/lgl/gc-libgcrypt.c deleted file mode 100644 index 09957405..00000000 --- a/src/daemon/https/lgl/gc-libgcrypt.c +++ /dev/null | |||
@@ -1,407 +0,0 @@ | |||
1 | /* gc-libgcrypt.c --- Crypto wrappers around Libgcrypt for GC. | ||
2 | * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Simon Josefsson | ||
3 | * | ||
4 | * This file is free software; you can redistribute it and/or modify | ||
5 | * it under the terms of the GNU Lesser General Public License as published | ||
6 | * by the Free Software Foundation; either version 2.1, or (at your | ||
7 | * option) any later version. | ||
8 | * | ||
9 | * This file is distributed in the hope that it will be useful, but | ||
10 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
12 | * General Public License for more details. | ||
13 | * | ||
14 | * You should have received a copy of the GNU Lesser General Public License | ||
15 | * along with this file; if not, write to the Free Software | ||
16 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
17 | * 02110-1301, USA. | ||
18 | * | ||
19 | */ | ||
20 | |||
21 | /* Note: This file is only built if GC uses Libgcrypt. */ | ||
22 | |||
23 | #include "MHD_config.h" | ||
24 | |||
25 | /* Get prototype. */ | ||
26 | #include "gc.h" | ||
27 | |||
28 | #include <stdlib.h> | ||
29 | #include <string.h> | ||
30 | |||
31 | /* Get libgcrypt API. */ | ||
32 | #include <gcrypt.h> | ||
33 | |||
34 | #include <assert.h> | ||
35 | |||
36 | /* Initialization. */ | ||
37 | |||
38 | Gc_rc | ||
39 | MHD_gc_init (void) | ||
40 | { | ||
41 | gcry_error_t err; | ||
42 | |||
43 | err = gcry_control (GCRYCTL_ANY_INITIALIZATION_P); | ||
44 | if (err == GPG_ERR_NO_ERROR) | ||
45 | { | ||
46 | if (gcry_check_version (GCRYPT_VERSION) == NULL) | ||
47 | return GC_INIT_ERROR; | ||
48 | |||
49 | err = gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0); | ||
50 | if (err != GPG_ERR_NO_ERROR) | ||
51 | return GC_INIT_ERROR; | ||
52 | } | ||
53 | return GC_OK; | ||
54 | } | ||
55 | |||
56 | void | ||
57 | MHD_gc_done (void) | ||
58 | { | ||
59 | return; | ||
60 | } | ||
61 | |||
62 | #ifdef GNULIB_GC_RANDOM | ||
63 | |||
64 | /* Randomness. */ | ||
65 | |||
66 | Gc_rc | ||
67 | MHD_gc_nonce (char *data, size_t datalen) | ||
68 | { | ||
69 | gcry_create_nonce ((unsigned char *) data, datalen); | ||
70 | return GC_OK; | ||
71 | } | ||
72 | |||
73 | Gc_rc | ||
74 | MHD_gc_pseudo_random (char *data, size_t datalen) | ||
75 | { | ||
76 | gcry_randomize ((unsigned char *) data, datalen, GCRY_STRONG_RANDOM); | ||
77 | return GC_OK; | ||
78 | } | ||
79 | |||
80 | #endif | ||
81 | |||
82 | /* Memory allocation. */ | ||
83 | |||
84 | /* Ciphers. */ | ||
85 | |||
86 | Gc_rc | ||
87 | MHD_gc_cipher_open (Gc_cipher alg, | ||
88 | Gc_cipher_mode mode, MHD_gc_cipher_handle * outhandle) | ||
89 | { | ||
90 | int gcryalg, gcrymode; | ||
91 | gcry_error_t err; | ||
92 | |||
93 | switch (alg) | ||
94 | { | ||
95 | case GC_AES128: | ||
96 | gcryalg = GCRY_CIPHER_RIJNDAEL; | ||
97 | break; | ||
98 | |||
99 | case GC_AES192: | ||
100 | gcryalg = GCRY_CIPHER_RIJNDAEL; | ||
101 | break; | ||
102 | |||
103 | case GC_AES256: | ||
104 | gcryalg = GCRY_CIPHER_RIJNDAEL256; | ||
105 | break; | ||
106 | |||
107 | case GC_3DES: | ||
108 | gcryalg = GCRY_CIPHER_3DES; | ||
109 | break; | ||
110 | |||
111 | case GC_DES: | ||
112 | gcryalg = GCRY_CIPHER_DES; | ||
113 | break; | ||
114 | |||
115 | case GC_ARCFOUR128: | ||
116 | case GC_ARCFOUR40: | ||
117 | gcryalg = GCRY_CIPHER_ARCFOUR; | ||
118 | break; | ||
119 | |||
120 | case GC_ARCTWO40: | ||
121 | gcryalg = GCRY_CIPHER_RFC2268_40; | ||
122 | break; | ||
123 | |||
124 | default: | ||
125 | return GC_INVALID_CIPHER; | ||
126 | } | ||
127 | |||
128 | switch (mode) | ||
129 | { | ||
130 | case GC_ECB: | ||
131 | gcrymode = GCRY_CIPHER_MODE_ECB; | ||
132 | break; | ||
133 | |||
134 | case GC_CBC: | ||
135 | gcrymode = GCRY_CIPHER_MODE_CBC; | ||
136 | break; | ||
137 | |||
138 | case GC_STREAM: | ||
139 | gcrymode = GCRY_CIPHER_MODE_STREAM; | ||
140 | break; | ||
141 | |||
142 | default: | ||
143 | return GC_INVALID_CIPHER; | ||
144 | } | ||
145 | |||
146 | err = | ||
147 | gcry_cipher_open ((gcry_cipher_hd_t *) outhandle, gcryalg, gcrymode, 0); | ||
148 | if (gcry_err_code (err)) | ||
149 | return GC_INVALID_CIPHER; | ||
150 | |||
151 | return GC_OK; | ||
152 | } | ||
153 | |||
154 | Gc_rc | ||
155 | MHD_gc_cipher_setkey (MHD_gc_cipher_handle handle, size_t keylen, | ||
156 | const char *key) | ||
157 | { | ||
158 | gcry_error_t err; | ||
159 | |||
160 | err = gcry_cipher_setkey ((gcry_cipher_hd_t) handle, key, keylen); | ||
161 | if (gcry_err_code (err)) | ||
162 | return GC_INVALID_CIPHER; | ||
163 | |||
164 | return GC_OK; | ||
165 | } | ||
166 | |||
167 | Gc_rc | ||
168 | MHD_gc_cipher_setiv (MHD_gc_cipher_handle handle, size_t ivlen, | ||
169 | const char *iv) | ||
170 | { | ||
171 | gcry_error_t err; | ||
172 | |||
173 | err = gcry_cipher_setiv ((gcry_cipher_hd_t) handle, iv, ivlen); | ||
174 | if (gcry_err_code (err)) | ||
175 | return GC_INVALID_CIPHER; | ||
176 | |||
177 | return GC_OK; | ||
178 | } | ||
179 | |||
180 | Gc_rc | ||
181 | MHD_gc_cipher_encrypt_inline (MHD_gc_cipher_handle handle, size_t len, | ||
182 | char *data) | ||
183 | { | ||
184 | if (gcry_cipher_encrypt ((gcry_cipher_hd_t) handle, data, len, NULL, len) != | ||
185 | 0) | ||
186 | return GC_INVALID_CIPHER; | ||
187 | |||
188 | return GC_OK; | ||
189 | } | ||
190 | |||
191 | Gc_rc | ||
192 | MHD_gc_cipher_decrypt_inline (MHD_gc_cipher_handle handle, size_t len, | ||
193 | char *data) | ||
194 | { | ||
195 | if (gcry_cipher_decrypt ((gcry_cipher_hd_t) handle, data, len, NULL, len) != | ||
196 | 0) | ||
197 | return GC_INVALID_CIPHER; | ||
198 | |||
199 | return GC_OK; | ||
200 | } | ||
201 | |||
202 | Gc_rc | ||
203 | MHD_gc_cipher_close (MHD_gc_cipher_handle handle) | ||
204 | { | ||
205 | gcry_cipher_close (handle); | ||
206 | |||
207 | return GC_OK; | ||
208 | } | ||
209 | |||
210 | /* Hashes. */ | ||
211 | |||
212 | typedef struct _MHD_gc_hash_ctx | ||
213 | { | ||
214 | Gc_hash alg; | ||
215 | Gc_hash_mode mode; | ||
216 | gcry_md_hd_t gch; | ||
217 | } _MHD_gc_hash_ctx; | ||
218 | |||
219 | Gc_rc | ||
220 | MHD_gc_hash_open (Gc_hash hash, Gc_hash_mode mode, | ||
221 | MHD_gc_hash_handle * outhandle) | ||
222 | { | ||
223 | _MHD_gc_hash_ctx *ctx; | ||
224 | int gcryalg = 0, gcrymode = 0; | ||
225 | gcry_error_t err; | ||
226 | Gc_rc rc = GC_OK; | ||
227 | |||
228 | ctx = calloc (sizeof (*ctx), 1); | ||
229 | if (!ctx) | ||
230 | return GC_MALLOC_ERROR; | ||
231 | |||
232 | ctx->alg = hash; | ||
233 | ctx->mode = mode; | ||
234 | |||
235 | switch (hash) | ||
236 | { | ||
237 | case GC_MD2: | ||
238 | gcryalg = GCRY_MD_NONE; | ||
239 | break; | ||
240 | |||
241 | case GC_MD4: | ||
242 | gcryalg = GCRY_MD_MD4; | ||
243 | break; | ||
244 | |||
245 | case GC_MD5: | ||
246 | gcryalg = GCRY_MD_MD5; | ||
247 | break; | ||
248 | |||
249 | case GC_SHA1: | ||
250 | gcryalg = GCRY_MD_SHA1; | ||
251 | break; | ||
252 | |||
253 | case GC_SHA256: | ||
254 | gcryalg = GCRY_MD_SHA256; | ||
255 | break; | ||
256 | |||
257 | case GC_SHA384: | ||
258 | gcryalg = GCRY_MD_SHA384; | ||
259 | break; | ||
260 | |||
261 | case GC_SHA512: | ||
262 | gcryalg = GCRY_MD_SHA512; | ||
263 | break; | ||
264 | |||
265 | case GC_RMD160: | ||
266 | gcryalg = GCRY_MD_RMD160; | ||
267 | break; | ||
268 | |||
269 | default: | ||
270 | rc = GC_INVALID_HASH; | ||
271 | } | ||
272 | |||
273 | switch (mode) | ||
274 | { | ||
275 | case 0: | ||
276 | gcrymode = 0; | ||
277 | break; | ||
278 | |||
279 | case GC_HMAC: | ||
280 | gcrymode = GCRY_MD_FLAG_HMAC; | ||
281 | break; | ||
282 | |||
283 | default: | ||
284 | rc = GC_INVALID_HASH; | ||
285 | } | ||
286 | |||
287 | if (rc == GC_OK && gcryalg != GCRY_MD_NONE) | ||
288 | { | ||
289 | err = gcry_md_open (&ctx->gch, gcryalg, gcrymode); | ||
290 | if (gcry_err_code (err)) | ||
291 | rc = GC_INVALID_HASH; | ||
292 | } | ||
293 | |||
294 | if (rc == GC_OK) | ||
295 | *outhandle = ctx; | ||
296 | else | ||
297 | free (ctx); | ||
298 | |||
299 | return rc; | ||
300 | } | ||
301 | |||
302 | Gc_rc | ||
303 | MHD_gc_hash_clone (MHD_gc_hash_handle handle, MHD_gc_hash_handle * outhandle) | ||
304 | { | ||
305 | _MHD_gc_hash_ctx *in = handle; | ||
306 | _MHD_gc_hash_ctx *out; | ||
307 | int err; | ||
308 | |||
309 | *outhandle = out = calloc (sizeof (*out), 1); | ||
310 | if (!out) | ||
311 | return GC_MALLOC_ERROR; | ||
312 | |||
313 | memcpy (out, in, sizeof (*out)); | ||
314 | |||
315 | err = gcry_md_copy (&out->gch, in->gch); | ||
316 | if (err) | ||
317 | { | ||
318 | free (out); | ||
319 | return GC_INVALID_HASH; | ||
320 | } | ||
321 | |||
322 | return GC_OK; | ||
323 | } | ||
324 | |||
325 | size_t | ||
326 | MHD_gc_hash_digest_length (Gc_hash hash) | ||
327 | { | ||
328 | size_t len; | ||
329 | |||
330 | switch (hash) | ||
331 | { | ||
332 | case GC_MD2: | ||
333 | len = GC_MD2_DIGEST_SIZE; | ||
334 | break; | ||
335 | |||
336 | case GC_MD4: | ||
337 | len = GC_MD4_DIGEST_SIZE; | ||
338 | break; | ||
339 | |||
340 | case GC_MD5: | ||
341 | len = GC_MD5_DIGEST_SIZE; | ||
342 | break; | ||
343 | |||
344 | case GC_RMD160: | ||
345 | len = GC_RMD160_DIGEST_SIZE; | ||
346 | break; | ||
347 | |||
348 | case GC_SHA1: | ||
349 | len = GC_SHA1_DIGEST_SIZE; | ||
350 | break; | ||
351 | |||
352 | case GC_SHA256: | ||
353 | len = GC_SHA256_DIGEST_SIZE; | ||
354 | break; | ||
355 | |||
356 | case GC_SHA384: | ||
357 | len = GC_SHA384_DIGEST_SIZE; | ||
358 | break; | ||
359 | |||
360 | case GC_SHA512: | ||
361 | len = GC_SHA512_DIGEST_SIZE; | ||
362 | break; | ||
363 | |||
364 | default: | ||
365 | return 0; | ||
366 | } | ||
367 | |||
368 | return len; | ||
369 | } | ||
370 | |||
371 | void | ||
372 | MHD_gc_hash_MHD_hmac_setkey (MHD_gc_hash_handle handle, size_t len, | ||
373 | const char *key) | ||
374 | { | ||
375 | _MHD_gc_hash_ctx *ctx = handle; | ||
376 | gcry_md_setkey (ctx->gch, key, len); | ||
377 | } | ||
378 | |||
379 | void | ||
380 | MHD_gc_hash_write (MHD_gc_hash_handle handle, size_t len, const char *data) | ||
381 | { | ||
382 | _MHD_gc_hash_ctx *ctx = handle; | ||
383 | gcry_md_write (ctx->gch, data, len); | ||
384 | } | ||
385 | |||
386 | const char * | ||
387 | MHD_gc_hash_read (MHD_gc_hash_handle handle) | ||
388 | { | ||
389 | _MHD_gc_hash_ctx *ctx = handle; | ||
390 | const char *digest; | ||
391 | { | ||
392 | gcry_md_final (ctx->gch); | ||
393 | digest = (const char *) gcry_md_read (ctx->gch, 0); | ||
394 | } | ||
395 | |||
396 | return digest; | ||
397 | } | ||
398 | |||
399 | void | ||
400 | MHD_gc_hash_close (MHD_gc_hash_handle handle) | ||
401 | { | ||
402 | _MHD_gc_hash_ctx *ctx = handle; | ||
403 | |||
404 | gcry_md_close (ctx->gch); | ||
405 | |||
406 | free (ctx); | ||
407 | } | ||
diff --git a/src/daemon/https/lgl/gc.h b/src/daemon/https/lgl/gc.h deleted file mode 100644 index 30c4e45b..00000000 --- a/src/daemon/https/lgl/gc.h +++ /dev/null | |||
@@ -1,172 +0,0 @@ | |||
1 | /* gc.h --- Header file for implementation agnostic crypto wrapper API. | ||
2 | * Copyright (C) 2002, 2003, 2004, 2005, 2007 Simon Josefsson | ||
3 | * | ||
4 | * This file is free software; you can redistribute it and/or modify | ||
5 | * it under the terms of the GNU Lesser General Public License as published | ||
6 | * by the Free Software Foundation; either version 2.1, or (at your | ||
7 | * option) any later version. | ||
8 | * | ||
9 | * This file is distributed in the hope that it will be useful, but | ||
10 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
12 | * General Public License for more details. | ||
13 | * | ||
14 | * You should have received a copy of the GNU Lesser General Public License | ||
15 | * along with this file; if not, write to the Free Software | ||
16 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
17 | * 02110-1301, USA. | ||
18 | * | ||
19 | */ | ||
20 | |||
21 | #ifndef GC_H | ||
22 | #define GC_H | ||
23 | |||
24 | /* Get size_t. */ | ||
25 | # include <stddef.h> | ||
26 | |||
27 | enum Gc_rc | ||
28 | { | ||
29 | GC_OK = 0, | ||
30 | GC_MALLOC_ERROR, | ||
31 | GC_INIT_ERROR, | ||
32 | GC_RANDOM_ERROR, | ||
33 | GC_INVALID_CIPHER, | ||
34 | GC_INVALID_HASH, | ||
35 | GC_PKCS5_INVALID_ITERATION_COUNT, | ||
36 | GC_PKCS5_INVALID_DERIVED_KEY_LENGTH, | ||
37 | GC_PKCS5_DERIVED_KEY_TOO_LONG | ||
38 | }; | ||
39 | typedef enum Gc_rc Gc_rc; | ||
40 | |||
41 | /* Hash types. */ | ||
42 | enum Gc_hash | ||
43 | { | ||
44 | GC_MD4, | ||
45 | GC_MD5, | ||
46 | GC_SHA1, | ||
47 | GC_MD2, | ||
48 | GC_RMD160, | ||
49 | GC_SHA256, | ||
50 | GC_SHA384, | ||
51 | GC_SHA512 | ||
52 | }; | ||
53 | typedef enum Gc_hash Gc_hash; | ||
54 | |||
55 | enum Gc_hash_mode | ||
56 | { | ||
57 | GC_HMAC = 1 | ||
58 | }; | ||
59 | typedef enum Gc_hash_mode Gc_hash_mode; | ||
60 | |||
61 | typedef void *MHD_gc_hash_handle; | ||
62 | |||
63 | #define GC_MD2_DIGEST_SIZE 16 | ||
64 | #define GC_MD4_DIGEST_SIZE 16 | ||
65 | #define GC_MD5_DIGEST_SIZE 16 | ||
66 | #define GC_RMD160_DIGEST_SIZE 20 | ||
67 | #define GC_SHA1_DIGEST_SIZE 20 | ||
68 | #define GC_SHA256_DIGEST_SIZE 32 | ||
69 | #define GC_SHA384_DIGEST_SIZE 48 | ||
70 | #define GC_SHA512_DIGEST_SIZE 64 | ||
71 | |||
72 | /* Cipher types. */ | ||
73 | enum Gc_cipher | ||
74 | { | ||
75 | GC_AES128, | ||
76 | GC_AES192, | ||
77 | GC_AES256, | ||
78 | GC_3DES, | ||
79 | GC_DES, | ||
80 | GC_ARCFOUR128, | ||
81 | GC_ARCFOUR40, | ||
82 | GC_ARCTWO40, | ||
83 | GC_CAMELLIA128, | ||
84 | GC_CAMELLIA256 | ||
85 | }; | ||
86 | typedef enum Gc_cipher Gc_cipher; | ||
87 | |||
88 | enum Gc_cipher_mode | ||
89 | { | ||
90 | GC_ECB, | ||
91 | GC_CBC, | ||
92 | GC_STREAM | ||
93 | }; | ||
94 | typedef enum Gc_cipher_mode Gc_cipher_mode; | ||
95 | |||
96 | typedef void *MHD_gc_cipher_handle; | ||
97 | |||
98 | /* Call before respectively after any other functions. */ | ||
99 | Gc_rc MHD_gc_init (void); | ||
100 | void MHD_gc_done (void); | ||
101 | |||
102 | /* Memory allocation (avoid). */ | ||
103 | typedef void *(*MHD_gc_malloc_t) (size_t n); | ||
104 | typedef int (*MHD_gc_secure_check_t) (const void *); | ||
105 | typedef void *(*MHD_gc_realloc_t) (void *p, size_t n); | ||
106 | typedef void (*MHD_gc_free_t) (void *); | ||
107 | /* Randomness. */ | ||
108 | Gc_rc MHD_gc_nonce (char *data, size_t datalen); | ||
109 | Gc_rc MHD_gc_pseudo_random (char *data, size_t datalen); | ||
110 | |||
111 | /* Ciphers. */ | ||
112 | Gc_rc MHD_gc_cipher_open (Gc_cipher cipher, | ||
113 | Gc_cipher_mode mode, | ||
114 | MHD_gc_cipher_handle * outhandle); | ||
115 | Gc_rc MHD_gc_cipher_setkey (MHD_gc_cipher_handle handle, size_t keylen, | ||
116 | const char *key); | ||
117 | Gc_rc MHD_gc_cipher_setiv (MHD_gc_cipher_handle handle, size_t ivlen, | ||
118 | const char *iv); | ||
119 | Gc_rc MHD_gc_cipher_encrypt_inline (MHD_gc_cipher_handle handle, size_t len, | ||
120 | char *data); | ||
121 | Gc_rc MHD_gc_cipher_decrypt_inline (MHD_gc_cipher_handle handle, size_t len, | ||
122 | char *data); | ||
123 | Gc_rc MHD_gc_cipher_close (MHD_gc_cipher_handle handle); | ||
124 | |||
125 | /* Hashes. */ | ||
126 | |||
127 | Gc_rc MHD_gc_hash_open (Gc_hash hash, | ||
128 | Gc_hash_mode mode, MHD_gc_hash_handle * outhandle); | ||
129 | Gc_rc MHD_gc_hash_clone (MHD_gc_hash_handle handle, | ||
130 | MHD_gc_hash_handle * outhandle); | ||
131 | size_t MHD_gc_hash_digest_length (Gc_hash hash); | ||
132 | void MHD_gc_hash_MHD_hmac_setkey (MHD_gc_hash_handle handle, size_t len, | ||
133 | const char *key); | ||
134 | void MHD_gc_hash_write (MHD_gc_hash_handle handle, size_t len, | ||
135 | const char *data); | ||
136 | const char *MHD_gc_hash_read (MHD_gc_hash_handle handle); | ||
137 | void MHD_gc_hash_close (MHD_gc_hash_handle handle); | ||
138 | |||
139 | /* Compute a hash value over buffer IN of INLEN bytes size using the | ||
140 | algorithm HASH, placing the result in the pre-allocated buffer OUT. | ||
141 | The required size of OUT depends on HASH, and is generally | ||
142 | GC_<HASH>_DIGEST_SIZE. For example, for GC_MD5 the output buffer | ||
143 | must be 16 bytes. The return value is 0 (GC_OK) on success, or | ||
144 | another Gc_rc error code. */ | ||
145 | Gc_rc MHD_gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, | ||
146 | char *out); | ||
147 | |||
148 | /* One-call interface. */ | ||
149 | Gc_rc MHD_gc_md2 (const void *in, size_t inlen, void *resbuf); | ||
150 | Gc_rc MHD_gc_md4 (const void *in, size_t inlen, void *resbuf); | ||
151 | Gc_rc MHD_gc_md5 (const void *in, size_t inlen, void *resbuf); | ||
152 | Gc_rc MHD_gc_sha1 (const void *in, size_t inlen, void *resbuf); | ||
153 | Gc_rc MHD_gc_MHD_hmac_md5 (const void *key, | ||
154 | size_t keylen, const void *in, size_t inlen, | ||
155 | char *resbuf); | ||
156 | Gc_rc MHD_gc_MHD_hmac_sha1 (const void *key, size_t keylen, const void *in, | ||
157 | size_t inlen, char *resbuf); | ||
158 | |||
159 | /* Derive cryptographic keys from a password P of length PLEN, with | ||
160 | salt S of length SLEN, placing the result in pre-allocated buffer | ||
161 | DK of length DKLEN. An iteration count is specified in C, where a | ||
162 | larger value means this function take more time (typical iteration | ||
163 | counts are 1000-20000). This function "stretches" the key to be | ||
164 | exactly dkLen bytes long. GC_OK is returned on success, otherwise | ||
165 | an Gc_rc error code is returned. */ | ||
166 | Gc_rc MHD_gc_pbkdf2_sha1 (const char *P, | ||
167 | size_t Plen, | ||
168 | const char *S, | ||
169 | size_t Slen, unsigned int c, char *DK, | ||
170 | size_t dkLen); | ||
171 | |||
172 | #endif /* GC_H */ | ||
diff --git a/src/daemon/https/minitasn1/Makefile.am b/src/daemon/https/minitasn1/Makefile.am deleted file mode 100644 index 1d5c68d9..00000000 --- a/src/daemon/https/minitasn1/Makefile.am +++ /dev/null | |||
@@ -1,18 +0,0 @@ | |||
1 | AM_CPPFLAGS = \ | ||
2 | -I$(top_srcdir)/src/include \ | ||
3 | -I$(top_srcdir)/src/daemon/https/lgl \ | ||
4 | -I$(top_srcdir)/src/daemon/https/tls | ||
5 | |||
6 | if USE_COVERAGE | ||
7 | AM_CFLAGS = -fprofile-arcs -ftest-coverage | ||
8 | endif | ||
9 | |||
10 | noinst_LTLIBRARIES = libasn1.la | ||
11 | |||
12 | libasn1_la_SOURCES = \ | ||
13 | libtasn1.h \ | ||
14 | mem.h \ | ||
15 | gstr.h \ | ||
16 | int.h \ | ||
17 | parser_aux.h structure.h element.h decoding.c gstr.c \ | ||
18 | parser_aux.c structure.c element.c coding.c | ||
diff --git a/src/daemon/https/minitasn1/README b/src/daemon/https/minitasn1/README deleted file mode 100644 index 9d484dfc..00000000 --- a/src/daemon/https/minitasn1/README +++ /dev/null | |||
@@ -1,3 +0,0 @@ | |||
1 | This is just a mirror of the files in the libtasn1's | ||
2 | lib/ directory. | ||
3 | |||
diff --git a/src/daemon/https/minitasn1/coding.c b/src/daemon/https/minitasn1/coding.c deleted file mode 100644 index 02d04683..00000000 --- a/src/daemon/https/minitasn1/coding.c +++ /dev/null | |||
@@ -1,1211 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2004, 2006 Free Software Foundation | ||
3 | * Copyright (C) 2002 Fabio Fiorina | ||
4 | * | ||
5 | * This file is part of LIBTASN1. | ||
6 | * | ||
7 | * The LIBTASN1 library is free software; you can redistribute it | ||
8 | * and/or modify it under the terms of the GNU Lesser General Public | ||
9 | * License as published by the Free Software Foundation; either | ||
10 | * version 2.1 of the License, or (at your option) any later version. | ||
11 | * | ||
12 | * This library is distributed in the hope that it will be useful, but | ||
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
15 | * Lesser General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU Lesser General Public | ||
18 | * License along with this library; if not, write to the Free Software | ||
19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
20 | * 02110-1301, USA | ||
21 | */ | ||
22 | |||
23 | |||
24 | /*****************************************************/ | ||
25 | /* File: coding.c */ | ||
26 | /* Description: Functions to create a DER coding of */ | ||
27 | /* an ASN1 type. */ | ||
28 | /*****************************************************/ | ||
29 | |||
30 | #include <int.h> | ||
31 | #include "parser_aux.h" | ||
32 | #include <gstr.h> | ||
33 | #include "element.h" | ||
34 | #include <structure.h> | ||
35 | |||
36 | #define MAX_TAG_LEN 16 | ||
37 | |||
38 | /******************************************************/ | ||
39 | /* Function : MHD__asn1_error_description_value_not_found */ | ||
40 | /* Description: creates the ErrorDescription string */ | ||
41 | /* for the ASN1_VALUE_NOT_FOUND error. */ | ||
42 | /* Parameters: */ | ||
43 | /* node: node of the tree where the value is NULL. */ | ||
44 | /* ErrorDescription: string returned. */ | ||
45 | /* Return: */ | ||
46 | /******************************************************/ | ||
47 | static void | ||
48 | MHD__asn1_error_description_value_not_found (node_asn * node, | ||
49 | char *ErrorDescription) | ||
50 | { | ||
51 | |||
52 | if (ErrorDescription == NULL) | ||
53 | return; | ||
54 | |||
55 | Estrcpy (ErrorDescription, ":: value of element '"); | ||
56 | MHD__asn1_hierarchical_name (node, | ||
57 | ErrorDescription + strlen (ErrorDescription), | ||
58 | MAX_ERROR_DESCRIPTION_SIZE - 40); | ||
59 | Estrcat (ErrorDescription, "' not found"); | ||
60 | |||
61 | } | ||
62 | |||
63 | /** | ||
64 | * MHD__asn1_length_der: | ||
65 | * @len: value to convert. | ||
66 | * @ans: string returned. | ||
67 | * @ans_len: number of meaningful bytes of ANS (ans[0]..ans[ans_len-1]). | ||
68 | * | ||
69 | * Creates the DER coding for the LEN parameter (only the length). | ||
70 | * The @ans buffer is pre-allocated and must have room for the output. | ||
71 | **/ | ||
72 | void | ||
73 | MHD__asn1_length_der (unsigned long int len, unsigned char *ans, int *ans_len) | ||
74 | { | ||
75 | int k; | ||
76 | unsigned char temp[SIZEOF_UNSIGNED_LONG_INT]; | ||
77 | |||
78 | if (len < 128) | ||
79 | { | ||
80 | /* short form */ | ||
81 | if (ans != NULL) | ||
82 | ans[0] = (unsigned char) len; | ||
83 | *ans_len = 1; | ||
84 | } | ||
85 | else | ||
86 | { | ||
87 | /* Long form */ | ||
88 | k = 0; | ||
89 | while (len) | ||
90 | { | ||
91 | temp[k++] = len & 0xFF; | ||
92 | len = len >> 8; | ||
93 | } | ||
94 | *ans_len = k + 1; | ||
95 | if (ans != NULL) | ||
96 | { | ||
97 | ans[0] = ((unsigned char) k & 0x7F) + 128; | ||
98 | while (k--) | ||
99 | ans[*ans_len - 1 - k] = temp[k]; | ||
100 | } | ||
101 | } | ||
102 | } | ||
103 | |||
104 | /******************************************************/ | ||
105 | /* Function : MHD__asn1_tag_der */ | ||
106 | /* Description: creates the DER coding for the CLASS */ | ||
107 | /* and TAG parameters. */ | ||
108 | /* Parameters: */ | ||
109 | /* class: value to convert. */ | ||
110 | /* tag_value: value to convert. */ | ||
111 | /* ans: string returned. */ | ||
112 | /* ans_len: number of meaningful bytes of ANS */ | ||
113 | /* (ans[0]..ans[ans_len-1]). */ | ||
114 | /* Return: */ | ||
115 | /******************************************************/ | ||
116 | static void | ||
117 | MHD__asn1_tag_der (unsigned char class, unsigned int tag_value, | ||
118 | unsigned char *ans, int *ans_len) | ||
119 | { | ||
120 | int k; | ||
121 | unsigned char temp[SIZEOF_UNSIGNED_INT]; | ||
122 | |||
123 | if (tag_value < 31) | ||
124 | { | ||
125 | /* short form */ | ||
126 | ans[0] = (class & 0xE0) + ((unsigned char) (tag_value & 0x1F)); | ||
127 | *ans_len = 1; | ||
128 | } | ||
129 | else | ||
130 | { | ||
131 | /* Long form */ | ||
132 | ans[0] = (class & 0xE0) + 31; | ||
133 | k = 0; | ||
134 | while (tag_value) | ||
135 | { | ||
136 | temp[k++] = tag_value & 0x7F; | ||
137 | tag_value = tag_value >> 7; | ||
138 | } | ||
139 | *ans_len = k + 1; | ||
140 | while (k--) | ||
141 | ans[*ans_len - 1 - k] = temp[k] + 128; | ||
142 | ans[*ans_len - 1] -= 128; | ||
143 | } | ||
144 | } | ||
145 | |||
146 | /** | ||
147 | * MHD__asn1_octet_der: | ||
148 | * @str: OCTET string. | ||
149 | * @str_len: STR length (str[0]..str[str_len-1]). | ||
150 | * @der: string returned. | ||
151 | * @der_len: number of meaningful bytes of DER (der[0]..der[ans_len-1]). | ||
152 | * | ||
153 | * Creates the DER coding for an OCTET type (length included). | ||
154 | **/ | ||
155 | void | ||
156 | MHD__asn1_octet_der (const unsigned char *str, int str_len, | ||
157 | unsigned char *der, int *der_len) | ||
158 | { | ||
159 | int len_len; | ||
160 | |||
161 | if (der == NULL || str_len < 0) | ||
162 | return; | ||
163 | MHD__asn1_length_der (str_len, der, &len_len); | ||
164 | memcpy (der + len_len, str, str_len); | ||
165 | *der_len = str_len + len_len; | ||
166 | } | ||
167 | |||
168 | /******************************************************/ | ||
169 | /* Function : MHD__asn1_time_der */ | ||
170 | /* Description: creates the DER coding for a TIME */ | ||
171 | /* type (length included). */ | ||
172 | /* Parameters: */ | ||
173 | /* str: TIME null-terminated string. */ | ||
174 | /* der: string returned. */ | ||
175 | /* der_len: number of meaningful bytes of DER */ | ||
176 | /* (der[0]..der[ans_len-1]). Initially it */ | ||
177 | /* if must store the lenght of DER. */ | ||
178 | /* Return: */ | ||
179 | /* ASN1_MEM_ERROR when DER isn't big enough */ | ||
180 | /* ASN1_SUCCESS otherwise */ | ||
181 | /******************************************************/ | ||
182 | static MHD__asn1_retCode | ||
183 | MHD__asn1_time_der (unsigned char *str, unsigned char *der, int *der_len) | ||
184 | { | ||
185 | int len_len; | ||
186 | int max_len; | ||
187 | |||
188 | max_len = *der_len; | ||
189 | |||
190 | MHD__asn1_length_der (strlen ((const char *) str), | ||
191 | (max_len > 0) ? der : NULL, &len_len); | ||
192 | |||
193 | if ((len_len + (int) strlen ((const char *) str)) <= max_len) | ||
194 | memcpy (der + len_len, str, strlen ((const char *) str)); | ||
195 | *der_len = len_len + strlen ((const char *) str); | ||
196 | |||
197 | if ((*der_len) > max_len) | ||
198 | return ASN1_MEM_ERROR; | ||
199 | |||
200 | return ASN1_SUCCESS; | ||
201 | } | ||
202 | |||
203 | /******************************************************/ | ||
204 | /* Function : MHD__asn1_objectid_der */ | ||
205 | /* Description: creates the DER coding for an */ | ||
206 | /* OBJECT IDENTIFIER type (length included). */ | ||
207 | /* Parameters: */ | ||
208 | /* str: OBJECT IDENTIFIER null-terminated string. */ | ||
209 | /* der: string returned. */ | ||
210 | /* der_len: number of meaningful bytes of DER */ | ||
211 | /* (der[0]..der[ans_len-1]). Initially it */ | ||
212 | /* must store the length of DER. */ | ||
213 | /* Return: */ | ||
214 | /* ASN1_MEM_ERROR when DER isn't big enough */ | ||
215 | /* ASN1_SUCCESS otherwise */ | ||
216 | /******************************************************/ | ||
217 | static MHD__asn1_retCode | ||
218 | MHD__asn1_objectid_der (unsigned char *str, unsigned char *der, int *der_len) | ||
219 | { | ||
220 | int len_len, counter, k, first, max_len; | ||
221 | char *temp, *n_end, *n_start; | ||
222 | unsigned char bit7; | ||
223 | unsigned long val, val1 = 0; | ||
224 | |||
225 | max_len = *der_len; | ||
226 | |||
227 | temp = (char *) MHD__asn1_alloca (strlen ((const char *) str) + 2); | ||
228 | if (temp == NULL) | ||
229 | return ASN1_MEM_ALLOC_ERROR; | ||
230 | |||
231 | strcpy (temp, (const char *) str); | ||
232 | strcat (temp, "."); | ||
233 | |||
234 | counter = 0; | ||
235 | n_start = temp; | ||
236 | while ((n_end = strchr (n_start, '.'))) | ||
237 | { | ||
238 | *n_end = 0; | ||
239 | val = strtoul (n_start, NULL, 10); | ||
240 | counter++; | ||
241 | |||
242 | if (counter == 1) | ||
243 | val1 = val; | ||
244 | else if (counter == 2) | ||
245 | { | ||
246 | if (max_len > 0) | ||
247 | der[0] = 40 * val1 + val; | ||
248 | *der_len = 1; | ||
249 | } | ||
250 | else | ||
251 | { | ||
252 | first = 0; | ||
253 | for (k = 4; k >= 0; k--) | ||
254 | { | ||
255 | bit7 = (val >> (k * 7)) & 0x7F; | ||
256 | if (bit7 || first || !k) | ||
257 | { | ||
258 | if (k) | ||
259 | bit7 |= 0x80; | ||
260 | if (max_len > (*der_len)) | ||
261 | der[*der_len] = bit7; | ||
262 | (*der_len)++; | ||
263 | first = 1; | ||
264 | } | ||
265 | } | ||
266 | |||
267 | } | ||
268 | n_start = n_end + 1; | ||
269 | } | ||
270 | |||
271 | MHD__asn1_length_der (*der_len, NULL, &len_len); | ||
272 | if (max_len >= (*der_len + len_len)) | ||
273 | { | ||
274 | memmove (der + len_len, der, *der_len); | ||
275 | MHD__asn1_length_der (*der_len, der, &len_len); | ||
276 | } | ||
277 | *der_len += len_len; | ||
278 | |||
279 | MHD__asn1_afree (temp); | ||
280 | |||
281 | if (max_len < (*der_len)) | ||
282 | return ASN1_MEM_ERROR; | ||
283 | |||
284 | return ASN1_SUCCESS; | ||
285 | } | ||
286 | |||
287 | |||
288 | const char MHD_bit_mask[] = | ||
289 | { 0xFF, 0xFE, 0xFC, 0xF8, 0xF0, 0xE0, 0xC0, 0x80 }; | ||
290 | |||
291 | /** | ||
292 | * MHD__asn1_bit_der: | ||
293 | * @str: BIT string. | ||
294 | * @bit_len: number of meaningful bits in STR. | ||
295 | * @der: string returned. | ||
296 | * @der_len: number of meaningful bytes of DER | ||
297 | * (der[0]..der[ans_len-1]). | ||
298 | * | ||
299 | * Creates the DER coding for a BIT STRING type (length and pad | ||
300 | * included). | ||
301 | **/ | ||
302 | void | ||
303 | MHD__asn1_bit_der (const unsigned char *str, int bit_len, | ||
304 | unsigned char *der, int *der_len) | ||
305 | { | ||
306 | int len_len, len_byte, len_pad; | ||
307 | |||
308 | if (der == NULL) | ||
309 | return; | ||
310 | len_byte = bit_len >> 3; | ||
311 | len_pad = 8 - (bit_len & 7); | ||
312 | if (len_pad == 8) | ||
313 | len_pad = 0; | ||
314 | else | ||
315 | len_byte++; | ||
316 | MHD__asn1_length_der (len_byte + 1, der, &len_len); | ||
317 | der[len_len] = len_pad; | ||
318 | memcpy (der + len_len + 1, str, len_byte); | ||
319 | der[len_len + len_byte] &= MHD_bit_mask[len_pad]; | ||
320 | *der_len = len_byte + len_len + 1; | ||
321 | } | ||
322 | |||
323 | |||
324 | /******************************************************/ | ||
325 | /* Function : MHD__asn1_complete_explicit_tag */ | ||
326 | /* Description: add the length coding to the EXPLICIT */ | ||
327 | /* tags. */ | ||
328 | /* Parameters: */ | ||
329 | /* node: pointer to the tree element. */ | ||
330 | /* der: string with the DER coding of the whole tree*/ | ||
331 | /* counter: number of meaningful bytes of DER */ | ||
332 | /* (der[0]..der[*counter-1]). */ | ||
333 | /* max_len: size of der vector */ | ||
334 | /* Return: */ | ||
335 | /* ASN1_MEM_ERROR if der vector isn't big enough, */ | ||
336 | /* otherwise ASN1_SUCCESS. */ | ||
337 | /******************************************************/ | ||
338 | static MHD__asn1_retCode | ||
339 | MHD__asn1_complete_explicit_tag (node_asn * node, unsigned char *der, | ||
340 | int *counter, int *max_len) | ||
341 | { | ||
342 | node_asn *p; | ||
343 | int is_tag_implicit, len2, len3; | ||
344 | unsigned char temp[SIZEOF_UNSIGNED_INT]; | ||
345 | |||
346 | is_tag_implicit = 0; | ||
347 | |||
348 | if (node->type & CONST_TAG) | ||
349 | { | ||
350 | p = node->down; | ||
351 | /* When there are nested tags we must complete them reverse to | ||
352 | the order they were created. This is because completing a tag | ||
353 | modifies all data within it, including the incomplete tags | ||
354 | which store buffer positions -- simon@josefsson.org 2002-09-06 | ||
355 | */ | ||
356 | while (p->right) | ||
357 | p = p->right; | ||
358 | while (p && p != node->down->left) | ||
359 | { | ||
360 | if (type_field (p->type) == TYPE_TAG) | ||
361 | { | ||
362 | if (p->type & CONST_EXPLICIT) | ||
363 | { | ||
364 | len2 = strtol (p->name, NULL, 10); | ||
365 | MHD__asn1_set_name (p, NULL); | ||
366 | MHD__asn1_length_der (*counter - len2, temp, &len3); | ||
367 | if (len3 <= (*max_len)) | ||
368 | { | ||
369 | memmove (der + len2 + len3, der + len2, | ||
370 | *counter - len2); | ||
371 | memcpy (der + len2, temp, len3); | ||
372 | } | ||
373 | *max_len -= len3; | ||
374 | *counter += len3; | ||
375 | is_tag_implicit = 0; | ||
376 | } | ||
377 | else | ||
378 | { /* CONST_IMPLICIT */ | ||
379 | if (!is_tag_implicit) | ||
380 | { | ||
381 | is_tag_implicit = 1; | ||
382 | } | ||
383 | } | ||
384 | } | ||
385 | p = p->left; | ||
386 | } | ||
387 | } | ||
388 | |||
389 | if (*max_len < 0) | ||
390 | return ASN1_MEM_ERROR; | ||
391 | |||
392 | return ASN1_SUCCESS; | ||
393 | } | ||
394 | |||
395 | |||
396 | /******************************************************/ | ||
397 | /* Function : MHD__asn1_insert_tag_der */ | ||
398 | /* Description: creates the DER coding of tags of one */ | ||
399 | /* NODE. */ | ||
400 | /* Parameters: */ | ||
401 | /* node: pointer to the tree element. */ | ||
402 | /* der: string returned */ | ||
403 | /* counter: number of meaningful bytes of DER */ | ||
404 | /* (counter[0]..der[*counter-1]). */ | ||
405 | /* max_len: size of der vector */ | ||
406 | /* Return: */ | ||
407 | /* ASN1_GENERIC_ERROR if the type is unknown, */ | ||
408 | /* ASN1_MEM_ERROR if der vector isn't big enough, */ | ||
409 | /* otherwise ASN1_SUCCESS. */ | ||
410 | /******************************************************/ | ||
411 | static MHD__asn1_retCode | ||
412 | MHD__asn1_insert_tag_der (node_asn * node, unsigned char *der, int *counter, | ||
413 | int *max_len) | ||
414 | { | ||
415 | node_asn *p; | ||
416 | int tag_len, is_tag_implicit; | ||
417 | unsigned char class, class_implicit = 0, temp[SIZEOF_UNSIGNED_INT * 3 + 1]; | ||
418 | unsigned long tag_implicit = 0; | ||
419 | char tag_der[MAX_TAG_LEN]; | ||
420 | |||
421 | is_tag_implicit = 0; | ||
422 | |||
423 | if (node->type & CONST_TAG) | ||
424 | { | ||
425 | p = node->down; | ||
426 | while (p) | ||
427 | { | ||
428 | if (type_field (p->type) == TYPE_TAG) | ||
429 | { | ||
430 | if (p->type & CONST_APPLICATION) | ||
431 | class = ASN1_CLASS_APPLICATION; | ||
432 | else if (p->type & CONST_UNIVERSAL) | ||
433 | class = ASN1_CLASS_UNIVERSAL; | ||
434 | else if (p->type & CONST_PRIVATE) | ||
435 | class = ASN1_CLASS_PRIVATE; | ||
436 | else | ||
437 | class = ASN1_CLASS_CONTEXT_SPECIFIC; | ||
438 | |||
439 | if (p->type & CONST_EXPLICIT) | ||
440 | { | ||
441 | if (is_tag_implicit) | ||
442 | MHD__asn1_tag_der (class_implicit, tag_implicit, | ||
443 | (unsigned char *) tag_der, &tag_len); | ||
444 | else | ||
445 | MHD__asn1_tag_der (class | ASN1_CLASS_STRUCTURED, | ||
446 | strtoul ((const char *) p->value, NULL, | ||
447 | 10), | ||
448 | (unsigned char *) tag_der, &tag_len); | ||
449 | |||
450 | *max_len -= tag_len; | ||
451 | if (*max_len >= 0) | ||
452 | memcpy (der + *counter, tag_der, tag_len); | ||
453 | *counter += tag_len; | ||
454 | |||
455 | MHD__asn1_ltostr (*counter, (char *) temp); | ||
456 | MHD__asn1_set_name (p, (const char *) temp); | ||
457 | |||
458 | is_tag_implicit = 0; | ||
459 | } | ||
460 | else | ||
461 | { /* CONST_IMPLICIT */ | ||
462 | if (!is_tag_implicit) | ||
463 | { | ||
464 | if ((type_field (node->type) == TYPE_SEQUENCE) || | ||
465 | (type_field (node->type) == TYPE_SEQUENCE_OF) || | ||
466 | (type_field (node->type) == TYPE_SET) || | ||
467 | (type_field (node->type) == TYPE_SET_OF)) | ||
468 | class |= ASN1_CLASS_STRUCTURED; | ||
469 | class_implicit = class; | ||
470 | tag_implicit = | ||
471 | strtoul ((const char *) p->value, NULL, 10); | ||
472 | is_tag_implicit = 1; | ||
473 | } | ||
474 | } | ||
475 | } | ||
476 | p = p->right; | ||
477 | } | ||
478 | } | ||
479 | |||
480 | if (is_tag_implicit) | ||
481 | { | ||
482 | MHD__asn1_tag_der (class_implicit, tag_implicit, | ||
483 | (unsigned char *) tag_der, &tag_len); | ||
484 | } | ||
485 | else | ||
486 | { | ||
487 | switch (type_field (node->type)) | ||
488 | { | ||
489 | case TYPE_NULL: | ||
490 | MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_NULL, | ||
491 | (unsigned char *) tag_der, &tag_len); | ||
492 | break; | ||
493 | case TYPE_BOOLEAN: | ||
494 | MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_BOOLEAN, | ||
495 | (unsigned char *) tag_der, &tag_len); | ||
496 | break; | ||
497 | case TYPE_INTEGER: | ||
498 | MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_INTEGER, | ||
499 | (unsigned char *) tag_der, &tag_len); | ||
500 | break; | ||
501 | case TYPE_ENUMERATED: | ||
502 | MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_ENUMERATED, | ||
503 | (unsigned char *) tag_der, &tag_len); | ||
504 | break; | ||
505 | case TYPE_OBJECT_ID: | ||
506 | MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_OBJECT_ID, | ||
507 | (unsigned char *) tag_der, &tag_len); | ||
508 | break; | ||
509 | case TYPE_TIME: | ||
510 | if (node->type & CONST_UTC) | ||
511 | { | ||
512 | MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_UTCTime, | ||
513 | (unsigned char *) tag_der, &tag_len); | ||
514 | } | ||
515 | else | ||
516 | MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_GENERALIZEDTime, | ||
517 | (unsigned char *) tag_der, &tag_len); | ||
518 | break; | ||
519 | case TYPE_OCTET_STRING: | ||
520 | MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_OCTET_STRING, | ||
521 | (unsigned char *) tag_der, &tag_len); | ||
522 | break; | ||
523 | case TYPE_GENERALSTRING: | ||
524 | MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_GENERALSTRING, | ||
525 | (unsigned char *) tag_der, &tag_len); | ||
526 | break; | ||
527 | case TYPE_BIT_STRING: | ||
528 | MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_BIT_STRING, | ||
529 | (unsigned char *) tag_der, &tag_len); | ||
530 | break; | ||
531 | case TYPE_SEQUENCE: | ||
532 | case TYPE_SEQUENCE_OF: | ||
533 | MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, | ||
534 | ASN1_TAG_SEQUENCE, (unsigned char *) tag_der, | ||
535 | &tag_len); | ||
536 | break; | ||
537 | case TYPE_SET: | ||
538 | case TYPE_SET_OF: | ||
539 | MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, | ||
540 | ASN1_TAG_SET, (unsigned char *) tag_der, | ||
541 | &tag_len); | ||
542 | break; | ||
543 | case TYPE_TAG: | ||
544 | tag_len = 0; | ||
545 | break; | ||
546 | case TYPE_CHOICE: | ||
547 | tag_len = 0; | ||
548 | break; | ||
549 | case TYPE_ANY: | ||
550 | tag_len = 0; | ||
551 | break; | ||
552 | default: | ||
553 | return ASN1_GENERIC_ERROR; | ||
554 | } | ||
555 | } | ||
556 | |||
557 | *max_len -= tag_len; | ||
558 | if (*max_len >= 0) | ||
559 | memcpy (der + *counter, tag_der, tag_len); | ||
560 | *counter += tag_len; | ||
561 | |||
562 | if (*max_len < 0) | ||
563 | return ASN1_MEM_ERROR; | ||
564 | |||
565 | return ASN1_SUCCESS; | ||
566 | } | ||
567 | |||
568 | /******************************************************/ | ||
569 | /* Function : MHD__asn1_ordering_set */ | ||
570 | /* Description: puts the elements of a SET type in */ | ||
571 | /* the correct order according to DER rules. */ | ||
572 | /* Parameters: */ | ||
573 | /* der: string with the DER coding. */ | ||
574 | /* node: pointer to the SET element. */ | ||
575 | /* Return: */ | ||
576 | /******************************************************/ | ||
577 | static void | ||
578 | MHD__asn1_ordering_set (unsigned char *der, int der_len, node_asn * node) | ||
579 | { | ||
580 | struct vet | ||
581 | { | ||
582 | int end; | ||
583 | uint32_t value; | ||
584 | struct vet *next, *prev; | ||
585 | }; | ||
586 | |||
587 | int counter, len, len2; | ||
588 | struct vet *first, *last, *p_vet, *p2_vet; | ||
589 | node_asn *p; | ||
590 | unsigned char class, *temp; | ||
591 | unsigned long tag; | ||
592 | |||
593 | counter = 0; | ||
594 | |||
595 | if (type_field (node->type) != TYPE_SET) | ||
596 | return; | ||
597 | |||
598 | p = node->down; | ||
599 | while ((p != NULL) && | ||
600 | ((type_field (p->type) == TYPE_TAG) | ||
601 | || (type_field (p->type) == TYPE_SIZE))) | ||
602 | p = p->right; | ||
603 | |||
604 | if ((p == NULL) || (p->right == NULL)) | ||
605 | return; | ||
606 | |||
607 | first = last = NULL; | ||
608 | while (p) | ||
609 | { | ||
610 | p_vet = (struct vet *) MHD__asn1_alloca (sizeof (struct vet)); | ||
611 | if (p_vet == NULL) | ||
612 | return; | ||
613 | |||
614 | p_vet->next = NULL; | ||
615 | p_vet->prev = last; | ||
616 | if (first == NULL) | ||
617 | first = p_vet; | ||
618 | else | ||
619 | last->next = p_vet; | ||
620 | last = p_vet; | ||
621 | |||
622 | /* tag value calculation */ | ||
623 | if (MHD__asn1_get_tag_der | ||
624 | (der + counter, der_len - counter, &class, &len2, | ||
625 | &tag) != ASN1_SUCCESS) | ||
626 | return; | ||
627 | p_vet->value = (class << 24) | tag; | ||
628 | counter += len2; | ||
629 | |||
630 | /* extraction and length */ | ||
631 | len2 = | ||
632 | MHD__asn1_get_length_der (der + counter, der_len - counter, &len); | ||
633 | if (len2 < 0) | ||
634 | return; | ||
635 | counter += len + len2; | ||
636 | |||
637 | p_vet->end = counter; | ||
638 | p = p->right; | ||
639 | } | ||
640 | |||
641 | p_vet = first; | ||
642 | |||
643 | while (p_vet) | ||
644 | { | ||
645 | p2_vet = p_vet->next; | ||
646 | counter = 0; | ||
647 | while (p2_vet) | ||
648 | { | ||
649 | if (p_vet->value > p2_vet->value) | ||
650 | { | ||
651 | /* change position */ | ||
652 | temp = | ||
653 | (unsigned char *) MHD__asn1_alloca (p_vet->end - counter); | ||
654 | if (temp == NULL) | ||
655 | return; | ||
656 | |||
657 | memcpy (temp, der + counter, p_vet->end - counter); | ||
658 | memcpy (der + counter, der + p_vet->end, | ||
659 | p2_vet->end - p_vet->end); | ||
660 | memcpy (der + counter + p2_vet->end - p_vet->end, temp, | ||
661 | p_vet->end - counter); | ||
662 | MHD__asn1_afree (temp); | ||
663 | |||
664 | tag = p_vet->value; | ||
665 | p_vet->value = p2_vet->value; | ||
666 | p2_vet->value = tag; | ||
667 | |||
668 | p_vet->end = counter + (p2_vet->end - p_vet->end); | ||
669 | } | ||
670 | counter = p_vet->end; | ||
671 | |||
672 | p2_vet = p2_vet->next; | ||
673 | p_vet = p_vet->next; | ||
674 | } | ||
675 | |||
676 | if (p_vet != first) | ||
677 | p_vet->prev->next = NULL; | ||
678 | else | ||
679 | first = NULL; | ||
680 | MHD__asn1_afree (p_vet); | ||
681 | p_vet = first; | ||
682 | } | ||
683 | } | ||
684 | |||
685 | /******************************************************/ | ||
686 | /* Function : MHD__asn1_ordering_set_of */ | ||
687 | /* Description: puts the elements of a SET OF type in */ | ||
688 | /* the correct order according to DER rules. */ | ||
689 | /* Parameters: */ | ||
690 | /* der: string with the DER coding. */ | ||
691 | /* node: pointer to the SET OF element. */ | ||
692 | /* Return: */ | ||
693 | /******************************************************/ | ||
694 | static void | ||
695 | MHD__asn1_ordering_set_of (unsigned char *der, int der_len, node_asn * node) | ||
696 | { | ||
697 | struct vet | ||
698 | { | ||
699 | int end; | ||
700 | struct vet *next, *prev; | ||
701 | }; | ||
702 | |||
703 | int counter, len, len2, change; | ||
704 | struct vet *first, *last, *p_vet, *p2_vet; | ||
705 | node_asn *p; | ||
706 | unsigned char *temp, class; | ||
707 | unsigned long k, max; | ||
708 | |||
709 | counter = 0; | ||
710 | |||
711 | if (type_field (node->type) != TYPE_SET_OF) | ||
712 | return; | ||
713 | |||
714 | p = node->down; | ||
715 | while ((type_field (p->type) == TYPE_TAG) | ||
716 | || (type_field (p->type) == TYPE_SIZE)) | ||
717 | p = p->right; | ||
718 | p = p->right; | ||
719 | |||
720 | if ((p == NULL) || (p->right == NULL)) | ||
721 | return; | ||
722 | |||
723 | first = last = NULL; | ||
724 | while (p) | ||
725 | { | ||
726 | p_vet = (struct vet *) MHD__asn1_alloca (sizeof (struct vet)); | ||
727 | if (p_vet == NULL) | ||
728 | return; | ||
729 | |||
730 | p_vet->next = NULL; | ||
731 | p_vet->prev = last; | ||
732 | if (first == NULL) | ||
733 | first = p_vet; | ||
734 | else | ||
735 | last->next = p_vet; | ||
736 | last = p_vet; | ||
737 | |||
738 | /* extraction of tag and length */ | ||
739 | if (der_len - counter > 0) | ||
740 | { | ||
741 | |||
742 | if (MHD__asn1_get_tag_der | ||
743 | (der + counter, der_len - counter, &class, &len, | ||
744 | NULL) != ASN1_SUCCESS) | ||
745 | return; | ||
746 | counter += len; | ||
747 | |||
748 | len2 = | ||
749 | MHD__asn1_get_length_der (der + counter, der_len - counter, &len); | ||
750 | if (len2 < 0) | ||
751 | return; | ||
752 | counter += len + len2; | ||
753 | } | ||
754 | |||
755 | p_vet->end = counter; | ||
756 | p = p->right; | ||
757 | } | ||
758 | |||
759 | p_vet = first; | ||
760 | |||
761 | while (p_vet) | ||
762 | { | ||
763 | p2_vet = p_vet->next; | ||
764 | counter = 0; | ||
765 | while (p2_vet) | ||
766 | { | ||
767 | if ((p_vet->end - counter) > (p2_vet->end - p_vet->end)) | ||
768 | max = p_vet->end - counter; | ||
769 | else | ||
770 | max = p2_vet->end - p_vet->end; | ||
771 | |||
772 | change = -1; | ||
773 | for (k = 0; k < max; k++) | ||
774 | if (der[counter + k] > der[p_vet->end + k]) | ||
775 | { | ||
776 | change = 1; | ||
777 | break; | ||
778 | } | ||
779 | else if (der[counter + k] < der[p_vet->end + k]) | ||
780 | { | ||
781 | change = 0; | ||
782 | break; | ||
783 | } | ||
784 | |||
785 | if ((change == -1) | ||
786 | && ((p_vet->end - counter) > (p2_vet->end - p_vet->end))) | ||
787 | change = 1; | ||
788 | |||
789 | if (change == 1) | ||
790 | { | ||
791 | /* change position */ | ||
792 | temp = | ||
793 | (unsigned char *) MHD__asn1_alloca (p_vet->end - counter); | ||
794 | if (temp == NULL) | ||
795 | return; | ||
796 | |||
797 | memcpy (temp, der + counter, (p_vet->end) - counter); | ||
798 | memcpy (der + counter, der + (p_vet->end), | ||
799 | (p2_vet->end) - (p_vet->end)); | ||
800 | memcpy (der + counter + (p2_vet->end) - (p_vet->end), temp, | ||
801 | (p_vet->end) - counter); | ||
802 | MHD__asn1_afree (temp); | ||
803 | |||
804 | p_vet->end = counter + (p2_vet->end - p_vet->end); | ||
805 | } | ||
806 | counter = p_vet->end; | ||
807 | |||
808 | p2_vet = p2_vet->next; | ||
809 | p_vet = p_vet->next; | ||
810 | } | ||
811 | |||
812 | if (p_vet != first) | ||
813 | p_vet->prev->next = NULL; | ||
814 | else | ||
815 | first = NULL; | ||
816 | MHD__asn1_afree (p_vet); | ||
817 | p_vet = first; | ||
818 | } | ||
819 | } | ||
820 | |||
821 | /** | ||
822 | * MHD__asn1_der_coding - Creates the DER encoding for the NAME structure | ||
823 | * @element: pointer to an ASN1 element | ||
824 | * @name: the name of the structure you want to encode (it must be | ||
825 | * inside *POINTER). | ||
826 | * @ider: vector that will contain the DER encoding. DER must be a | ||
827 | * pointer to memory cells already allocated. | ||
828 | * @len: number of bytes of *@ider: @ider[0]..@ider[len-1], Initialy | ||
829 | * holds the sizeof of der vector. | ||
830 | * @errorDescription : return the error description or an empty | ||
831 | * string if success. | ||
832 | * | ||
833 | * Creates the DER encoding for the NAME structure (inside *POINTER | ||
834 | * structure). | ||
835 | * | ||
836 | * Returns: | ||
837 | * | ||
838 | * ASN1_SUCCESS: DER encoding OK. | ||
839 | * | ||
840 | * ASN1_ELEMENT_NOT_FOUND: NAME is not a valid element. | ||
841 | * | ||
842 | * ASN1_VALUE_NOT_FOUND: There is an element without a value. | ||
843 | * | ||
844 | * ASN1_MEM_ERROR: @ider vector isn't big enough. Also in this case | ||
845 | * LEN will contain the length needed. | ||
846 | * | ||
847 | **/ | ||
848 | MHD__asn1_retCode | ||
849 | MHD__asn1_der_coding (ASN1_TYPE element, const char *name, void *ider, | ||
850 | int *len, char *ErrorDescription) | ||
851 | { | ||
852 | node_asn *node, *p, *p2; | ||
853 | char temp[SIZEOF_UNSIGNED_LONG_INT * 3 + 1]; | ||
854 | int counter, counter_old, len2, len3, tlen, move, max_len, max_len_old; | ||
855 | MHD__asn1_retCode err; | ||
856 | unsigned char *der = ider; | ||
857 | |||
858 | node = MHD__asn1_find_node (element, name); | ||
859 | if (node == NULL) | ||
860 | return ASN1_ELEMENT_NOT_FOUND; | ||
861 | |||
862 | /* Node is now a locally allocated variable. | ||
863 | * That is because in some point we modify the | ||
864 | * structure, and I don't know why! --nmav | ||
865 | */ | ||
866 | node = MHD__asn1_copy_structure3 (node); | ||
867 | if (node == NULL) | ||
868 | return ASN1_ELEMENT_NOT_FOUND; | ||
869 | |||
870 | max_len = *len; | ||
871 | |||
872 | counter = 0; | ||
873 | move = DOWN; | ||
874 | p = node; | ||
875 | while (1) | ||
876 | { | ||
877 | |||
878 | counter_old = counter; | ||
879 | max_len_old = max_len; | ||
880 | if (move != UP) | ||
881 | { | ||
882 | err = MHD__asn1_insert_tag_der (p, der, &counter, &max_len); | ||
883 | if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) | ||
884 | goto error; | ||
885 | } | ||
886 | switch (type_field (p->type)) | ||
887 | { | ||
888 | case TYPE_NULL: | ||
889 | max_len--; | ||
890 | if (max_len >= 0) | ||
891 | der[counter] = 0; | ||
892 | counter++; | ||
893 | move = RIGHT; | ||
894 | break; | ||
895 | case TYPE_BOOLEAN: | ||
896 | if ((p->type & CONST_DEFAULT) && (p->value == NULL)) | ||
897 | { | ||
898 | counter = counter_old; | ||
899 | max_len = max_len_old; | ||
900 | } | ||
901 | else | ||
902 | { | ||
903 | if (p->value == NULL) | ||
904 | { | ||
905 | MHD__asn1_error_description_value_not_found (p, | ||
906 | ErrorDescription); | ||
907 | err = ASN1_VALUE_NOT_FOUND; | ||
908 | goto error; | ||
909 | } | ||
910 | max_len -= 2; | ||
911 | if (max_len >= 0) | ||
912 | { | ||
913 | der[counter++] = 1; | ||
914 | if (p->value[0] == 'F') | ||
915 | der[counter++] = 0; | ||
916 | else | ||
917 | der[counter++] = 0xFF; | ||
918 | } | ||
919 | else | ||
920 | counter += 2; | ||
921 | } | ||
922 | move = RIGHT; | ||
923 | break; | ||
924 | case TYPE_INTEGER: | ||
925 | case TYPE_ENUMERATED: | ||
926 | if ((p->type & CONST_DEFAULT) && (p->value == NULL)) | ||
927 | { | ||
928 | counter = counter_old; | ||
929 | max_len = max_len_old; | ||
930 | } | ||
931 | else | ||
932 | { | ||
933 | if (p->value == NULL) | ||
934 | { | ||
935 | MHD__asn1_error_description_value_not_found (p, | ||
936 | ErrorDescription); | ||
937 | err = ASN1_VALUE_NOT_FOUND; | ||
938 | goto error; | ||
939 | } | ||
940 | len2 = MHD__asn1_get_length_der (p->value, p->value_len, &len3); | ||
941 | if (len2 < 0) | ||
942 | { | ||
943 | err = ASN1_DER_ERROR; | ||
944 | goto error; | ||
945 | } | ||
946 | max_len -= len2 + len3; | ||
947 | if (max_len >= 0) | ||
948 | memcpy (der + counter, p->value, len3 + len2); | ||
949 | counter += len3 + len2; | ||
950 | } | ||
951 | move = RIGHT; | ||
952 | break; | ||
953 | case TYPE_OBJECT_ID: | ||
954 | if ((p->type & CONST_DEFAULT) && (p->value == NULL)) | ||
955 | { | ||
956 | counter = counter_old; | ||
957 | max_len = max_len_old; | ||
958 | } | ||
959 | else | ||
960 | { | ||
961 | if (p->value == NULL) | ||
962 | { | ||
963 | MHD__asn1_error_description_value_not_found (p, | ||
964 | ErrorDescription); | ||
965 | err = ASN1_VALUE_NOT_FOUND; | ||
966 | goto error; | ||
967 | } | ||
968 | len2 = max_len; | ||
969 | err = MHD__asn1_objectid_der (p->value, der + counter, &len2); | ||
970 | if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) | ||
971 | goto error; | ||
972 | |||
973 | max_len -= len2; | ||
974 | counter += len2; | ||
975 | } | ||
976 | move = RIGHT; | ||
977 | break; | ||
978 | case TYPE_TIME: | ||
979 | if (p->value == NULL) | ||
980 | { | ||
981 | MHD__asn1_error_description_value_not_found (p, | ||
982 | ErrorDescription); | ||
983 | err = ASN1_VALUE_NOT_FOUND; | ||
984 | goto error; | ||
985 | } | ||
986 | len2 = max_len; | ||
987 | err = MHD__asn1_time_der (p->value, der + counter, &len2); | ||
988 | if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) | ||
989 | goto error; | ||
990 | |||
991 | max_len -= len2; | ||
992 | counter += len2; | ||
993 | move = RIGHT; | ||
994 | break; | ||
995 | case TYPE_OCTET_STRING: | ||
996 | if (p->value == NULL) | ||
997 | { | ||
998 | MHD__asn1_error_description_value_not_found (p, | ||
999 | ErrorDescription); | ||
1000 | err = ASN1_VALUE_NOT_FOUND; | ||
1001 | goto error; | ||
1002 | } | ||
1003 | len2 = MHD__asn1_get_length_der (p->value, p->value_len, &len3); | ||
1004 | if (len2 < 0) | ||
1005 | { | ||
1006 | err = ASN1_DER_ERROR; | ||
1007 | goto error; | ||
1008 | } | ||
1009 | max_len -= len2 + len3; | ||
1010 | if (max_len >= 0) | ||
1011 | memcpy (der + counter, p->value, len3 + len2); | ||
1012 | counter += len3 + len2; | ||
1013 | move = RIGHT; | ||
1014 | break; | ||
1015 | case TYPE_GENERALSTRING: | ||
1016 | if (p->value == NULL) | ||
1017 | { | ||
1018 | MHD__asn1_error_description_value_not_found (p, | ||
1019 | ErrorDescription); | ||
1020 | err = ASN1_VALUE_NOT_FOUND; | ||
1021 | goto error; | ||
1022 | } | ||
1023 | len2 = MHD__asn1_get_length_der (p->value, p->value_len, &len3); | ||
1024 | if (len2 < 0) | ||
1025 | { | ||
1026 | err = ASN1_DER_ERROR; | ||
1027 | goto error; | ||
1028 | } | ||
1029 | max_len -= len2 + len3; | ||
1030 | if (max_len >= 0) | ||
1031 | memcpy (der + counter, p->value, len3 + len2); | ||
1032 | counter += len3 + len2; | ||
1033 | move = RIGHT; | ||
1034 | break; | ||
1035 | case TYPE_BIT_STRING: | ||
1036 | if (p->value == NULL) | ||
1037 | { | ||
1038 | MHD__asn1_error_description_value_not_found (p, | ||
1039 | ErrorDescription); | ||
1040 | err = ASN1_VALUE_NOT_FOUND; | ||
1041 | goto error; | ||
1042 | } | ||
1043 | len2 = MHD__asn1_get_length_der (p->value, p->value_len, &len3); | ||
1044 | if (len2 < 0) | ||
1045 | { | ||
1046 | err = ASN1_DER_ERROR; | ||
1047 | goto error; | ||
1048 | } | ||
1049 | max_len -= len2 + len3; | ||
1050 | if (max_len >= 0) | ||
1051 | memcpy (der + counter, p->value, len3 + len2); | ||
1052 | counter += len3 + len2; | ||
1053 | move = RIGHT; | ||
1054 | break; | ||
1055 | case TYPE_SEQUENCE: | ||
1056 | case TYPE_SET: | ||
1057 | if (move != UP) | ||
1058 | { | ||
1059 | MHD__asn1_ltostr (counter, temp); | ||
1060 | tlen = strlen (temp); | ||
1061 | if (tlen > 0) | ||
1062 | MHD__asn1_set_value (p, temp, tlen + 1); | ||
1063 | if (p->down == NULL) | ||
1064 | { | ||
1065 | move = UP; | ||
1066 | continue; | ||
1067 | } | ||
1068 | else | ||
1069 | { | ||
1070 | p2 = p->down; | ||
1071 | while (p2 && (type_field (p2->type) == TYPE_TAG)) | ||
1072 | p2 = p2->right; | ||
1073 | if (p2) | ||
1074 | { | ||
1075 | p = p2; | ||
1076 | move = RIGHT; | ||
1077 | continue; | ||
1078 | } | ||
1079 | move = UP; | ||
1080 | continue; | ||
1081 | } | ||
1082 | } | ||
1083 | else | ||
1084 | { /* move==UP */ | ||
1085 | len2 = strtol ((const char *) p->value, NULL, 10); | ||
1086 | MHD__asn1_set_value (p, NULL, 0); | ||
1087 | if ((type_field (p->type) == TYPE_SET) && (max_len >= 0)) | ||
1088 | MHD__asn1_ordering_set (der + len2, max_len - len2, p); | ||
1089 | MHD__asn1_length_der (counter - len2, (unsigned char *) temp, | ||
1090 | &len3); | ||
1091 | max_len -= len3; | ||
1092 | if (max_len >= 0) | ||
1093 | { | ||
1094 | memmove (der + len2 + len3, der + len2, counter - len2); | ||
1095 | memcpy (der + len2, temp, len3); | ||
1096 | } | ||
1097 | counter += len3; | ||
1098 | move = RIGHT; | ||
1099 | } | ||
1100 | break; | ||
1101 | case TYPE_SEQUENCE_OF: | ||
1102 | case TYPE_SET_OF: | ||
1103 | if (move != UP) | ||
1104 | { | ||
1105 | MHD__asn1_ltostr (counter, temp); | ||
1106 | tlen = strlen (temp); | ||
1107 | |||
1108 | if (tlen > 0) | ||
1109 | MHD__asn1_set_value (p, temp, tlen + 1); | ||
1110 | p = p->down; | ||
1111 | while ((type_field (p->type) == TYPE_TAG) | ||
1112 | || (type_field (p->type) == TYPE_SIZE)) | ||
1113 | p = p->right; | ||
1114 | if (p->right) | ||
1115 | { | ||
1116 | p = p->right; | ||
1117 | move = RIGHT; | ||
1118 | continue; | ||
1119 | } | ||
1120 | else | ||
1121 | p = MHD__asn1_find_up (p); | ||
1122 | move = UP; | ||
1123 | } | ||
1124 | if (move == UP) | ||
1125 | { | ||
1126 | len2 = strtol ((const char *) p->value, NULL, 10); | ||
1127 | MHD__asn1_set_value (p, NULL, 0); | ||
1128 | if ((type_field (p->type) == TYPE_SET_OF) | ||
1129 | && (max_len - len2 > 0)) | ||
1130 | { | ||
1131 | MHD__asn1_ordering_set_of (der + len2, max_len - len2, p); | ||
1132 | } | ||
1133 | MHD__asn1_length_der (counter - len2, (unsigned char *) temp, | ||
1134 | &len3); | ||
1135 | max_len -= len3; | ||
1136 | if (max_len >= 0) | ||
1137 | { | ||
1138 | memmove (der + len2 + len3, der + len2, counter - len2); | ||
1139 | memcpy (der + len2, temp, len3); | ||
1140 | } | ||
1141 | counter += len3; | ||
1142 | move = RIGHT; | ||
1143 | } | ||
1144 | break; | ||
1145 | case TYPE_ANY: | ||
1146 | if (p->value == NULL) | ||
1147 | { | ||
1148 | MHD__asn1_error_description_value_not_found (p, | ||
1149 | ErrorDescription); | ||
1150 | err = ASN1_VALUE_NOT_FOUND; | ||
1151 | goto error; | ||
1152 | } | ||
1153 | len2 = MHD__asn1_get_length_der (p->value, p->value_len, &len3); | ||
1154 | if (len2 < 0) | ||
1155 | { | ||
1156 | err = ASN1_DER_ERROR; | ||
1157 | goto error; | ||
1158 | } | ||
1159 | max_len -= len2; | ||
1160 | if (max_len >= 0) | ||
1161 | memcpy (der + counter, p->value + len3, len2); | ||
1162 | counter += len2; | ||
1163 | move = RIGHT; | ||
1164 | break; | ||
1165 | default: | ||
1166 | move = (move == UP) ? RIGHT : DOWN; | ||
1167 | break; | ||
1168 | } | ||
1169 | |||
1170 | if ((move != DOWN) && (counter != counter_old)) | ||
1171 | { | ||
1172 | err = MHD__asn1_complete_explicit_tag (p, der, &counter, &max_len); | ||
1173 | if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) | ||
1174 | goto error; | ||
1175 | } | ||
1176 | |||
1177 | if (p == node && move != DOWN) | ||
1178 | break; | ||
1179 | |||
1180 | if (move == DOWN) | ||
1181 | { | ||
1182 | if (p->down) | ||
1183 | p = p->down; | ||
1184 | else | ||
1185 | move = RIGHT; | ||
1186 | } | ||
1187 | if (move == RIGHT) | ||
1188 | { | ||
1189 | if (p->right) | ||
1190 | p = p->right; | ||
1191 | else | ||
1192 | move = UP; | ||
1193 | } | ||
1194 | if (move == UP) | ||
1195 | p = MHD__asn1_find_up (p); | ||
1196 | } | ||
1197 | |||
1198 | *len = counter; | ||
1199 | |||
1200 | if (max_len < 0) | ||
1201 | { | ||
1202 | err = ASN1_MEM_ERROR; | ||
1203 | goto error; | ||
1204 | } | ||
1205 | |||
1206 | err = ASN1_SUCCESS; | ||
1207 | |||
1208 | error: | ||
1209 | MHD__asn1_delete_structure (&node); | ||
1210 | return err; | ||
1211 | } | ||
diff --git a/src/daemon/https/minitasn1/decoding.c b/src/daemon/https/minitasn1/decoding.c deleted file mode 100644 index 9a4e23a3..00000000 --- a/src/daemon/https/minitasn1/decoding.c +++ /dev/null | |||
@@ -1,1673 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2004, 2006 Free Software Foundation | ||
3 | * Copyright (C) 2002 Fabio Fiorina | ||
4 | * | ||
5 | * This file is part of LIBTASN1. | ||
6 | * | ||
7 | * The LIBTASN1 library is free software; you can redistribute it | ||
8 | * and/or modify it under the terms of the GNU Lesser General Public | ||
9 | * License as published by the Free Software Foundation; either | ||
10 | * version 2.1 of the License, or (at your option) any later version. | ||
11 | * | ||
12 | * This library is distributed in the hope that it will be useful, but | ||
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
15 | * Lesser General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU Lesser General Public | ||
18 | * License along with this library; if not, write to the Free Software | ||
19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
20 | * 02110-1301, USA | ||
21 | */ | ||
22 | |||
23 | |||
24 | /*****************************************************/ | ||
25 | /* File: decoding.c */ | ||
26 | /* Description: Functions to manage DER decoding */ | ||
27 | /*****************************************************/ | ||
28 | |||
29 | #include <int.h> | ||
30 | #include "parser_aux.h" | ||
31 | #include <gstr.h> | ||
32 | #include "structure.h" | ||
33 | #include "element.h" | ||
34 | |||
35 | |||
36 | static void | ||
37 | MHD__asn1_error_description_tag_error (node_asn * node, | ||
38 | char *ErrorDescription) | ||
39 | { | ||
40 | |||
41 | Estrcpy (ErrorDescription, ":: tag error near element '"); | ||
42 | MHD__asn1_hierarchical_name (node, | ||
43 | ErrorDescription + strlen (ErrorDescription), | ||
44 | MAX_ERROR_DESCRIPTION_SIZE - 40); | ||
45 | Estrcat (ErrorDescription, "'"); | ||
46 | |||
47 | } | ||
48 | |||
49 | /** | ||
50 | * MHD__asn1_get_length_der: | ||
51 | * @der: DER data to decode. | ||
52 | * @der_len: Length of DER data to decode. | ||
53 | * @len: Output variable containing the length of the DER length field. | ||
54 | * | ||
55 | * Extract a length field from DER data. | ||
56 | * | ||
57 | * Return value: Return the decoded length value, or -1 on indefinite | ||
58 | * length, or -2 when the value was too big. | ||
59 | **/ | ||
60 | signed long | ||
61 | MHD__asn1_get_length_der (const unsigned char *der, int der_len, int *len) | ||
62 | { | ||
63 | unsigned long ans; | ||
64 | int k, punt; | ||
65 | |||
66 | *len = 0; | ||
67 | if (der_len <= 0) | ||
68 | return 0; | ||
69 | |||
70 | if (!(der[0] & 128)) | ||
71 | { | ||
72 | /* short form */ | ||
73 | *len = 1; | ||
74 | return der[0]; | ||
75 | } | ||
76 | else | ||
77 | { | ||
78 | /* Long form */ | ||
79 | k = der[0] & 0x7F; | ||
80 | punt = 1; | ||
81 | if (k) | ||
82 | { /* definite length method */ | ||
83 | ans = 0; | ||
84 | while (punt <= k && punt < der_len) | ||
85 | { | ||
86 | unsigned long last = ans; | ||
87 | |||
88 | ans = ans * 256 + der[punt++]; | ||
89 | if (ans < last) | ||
90 | /* we wrapped around, no bignum support... */ | ||
91 | return -2; | ||
92 | } | ||
93 | } | ||
94 | else | ||
95 | { /* indefinite length method */ | ||
96 | ans = -1; | ||
97 | } | ||
98 | |||
99 | *len = punt; | ||
100 | return ans; | ||
101 | } | ||
102 | } | ||
103 | |||
104 | |||
105 | |||
106 | |||
107 | /** | ||
108 | * MHD__asn1_get_tag_der: | ||
109 | * @der: DER data to decode. | ||
110 | * @der_len: Length of DER data to decode. | ||
111 | * @cls: Output variable containing decoded class. | ||
112 | * @len: Output variable containing the length of the DER TAG data. | ||
113 | * @tag: Output variable containing the decoded tag. | ||
114 | * | ||
115 | * Decode the class and TAG from DER code. | ||
116 | * | ||
117 | * Return value: Returns ASN1_SUCCESS on success, or an error. | ||
118 | **/ | ||
119 | int | ||
120 | MHD__asn1_get_tag_der (const unsigned char *der, int der_len, | ||
121 | unsigned char *cls, int *len, unsigned long *tag) | ||
122 | { | ||
123 | int punt, ris; | ||
124 | |||
125 | if (der == NULL || der_len <= 0 || len == NULL) | ||
126 | return ASN1_DER_ERROR; | ||
127 | |||
128 | *cls = der[0] & 0xE0; | ||
129 | if ((der[0] & 0x1F) != 0x1F) | ||
130 | { | ||
131 | /* short form */ | ||
132 | *len = 1; | ||
133 | ris = der[0] & 0x1F; | ||
134 | } | ||
135 | else | ||
136 | { | ||
137 | /* Long form */ | ||
138 | punt = 1; | ||
139 | ris = 0; | ||
140 | while (punt <= der_len && der[punt] & 128) | ||
141 | { | ||
142 | int last = ris; | ||
143 | ris = ris * 128 + (der[punt++] & 0x7F); | ||
144 | if (ris < last) | ||
145 | /* wrapper around, and no bignums... */ | ||
146 | return ASN1_DER_ERROR; | ||
147 | } | ||
148 | if (punt >= der_len) | ||
149 | return ASN1_DER_ERROR; | ||
150 | { | ||
151 | int last = ris; | ||
152 | ris = ris * 128 + (der[punt++] & 0x7F); | ||
153 | if (ris < last) | ||
154 | /* wrapper around, and no bignums... */ | ||
155 | return ASN1_DER_ERROR; | ||
156 | } | ||
157 | *len = punt; | ||
158 | } | ||
159 | if (tag) | ||
160 | *tag = ris; | ||
161 | return ASN1_SUCCESS; | ||
162 | } | ||
163 | |||
164 | |||
165 | |||
166 | |||
167 | /** | ||
168 | * MHD__asn1_get_octet_der: | ||
169 | * @der: DER data to decode containing the OCTET SEQUENCE. | ||
170 | * @der_len: Length of DER data to decode. | ||
171 | * @ret_len: Output variable containing the length of the DER data. | ||
172 | * @str: Pre-allocated output buffer to put decoded OCTET SEQUENCE in. | ||
173 | * @str_size: Length of pre-allocated output buffer. | ||
174 | * @str_len: Output variable containing the length of the OCTET SEQUENCE. | ||
175 | * | ||
176 | * Extract an OCTET SEQUENCE from DER data. | ||
177 | * | ||
178 | * Return value: Returns ASN1_SUCCESS on success, or an error. | ||
179 | **/ | ||
180 | int | ||
181 | MHD__asn1_get_octet_der (const unsigned char *der, int der_len, | ||
182 | int *ret_len, unsigned char *str, int str_size, | ||
183 | int *str_len) | ||
184 | { | ||
185 | int len_len; | ||
186 | |||
187 | if (der_len <= 0) | ||
188 | return ASN1_GENERIC_ERROR; | ||
189 | |||
190 | /* if(str==NULL) return ASN1_SUCCESS; */ | ||
191 | *str_len = MHD__asn1_get_length_der (der, der_len, &len_len); | ||
192 | |||
193 | if (*str_len < 0) | ||
194 | return ASN1_DER_ERROR; | ||
195 | |||
196 | *ret_len = *str_len + len_len; | ||
197 | if (str_size >= *str_len) | ||
198 | memcpy (str, der + len_len, *str_len); | ||
199 | else | ||
200 | { | ||
201 | return ASN1_MEM_ERROR; | ||
202 | } | ||
203 | |||
204 | return ASN1_SUCCESS; | ||
205 | } | ||
206 | |||
207 | |||
208 | |||
209 | /* Returns ASN1_SUCCESS on success or an error code on error. | ||
210 | */ | ||
211 | static int | ||
212 | MHD__asn1_get_time_der (const unsigned char *der, int der_len, int *ret_len, | ||
213 | char *str, int str_size) | ||
214 | { | ||
215 | int len_len, str_len; | ||
216 | |||
217 | if (der_len <= 0 || str == NULL) | ||
218 | return ASN1_DER_ERROR; | ||
219 | str_len = MHD__asn1_get_length_der (der, der_len, &len_len); | ||
220 | if (str_len < 0 || str_size < str_len) | ||
221 | return ASN1_DER_ERROR; | ||
222 | memcpy (str, der + len_len, str_len); | ||
223 | str[str_len] = 0; | ||
224 | *ret_len = str_len + len_len; | ||
225 | |||
226 | return ASN1_SUCCESS; | ||
227 | } | ||
228 | |||
229 | |||
230 | |||
231 | static void | ||
232 | MHD__asn1_get_objectid_der (const unsigned char *der, int der_len, | ||
233 | int *ret_len, char *str, int str_size) | ||
234 | { | ||
235 | int len_len, len, k; | ||
236 | char temp[20]; | ||
237 | unsigned long val, val1; | ||
238 | |||
239 | *ret_len = 0; | ||
240 | if (str && str_size > 0) | ||
241 | str[0] = 0; /* no oid */ | ||
242 | |||
243 | if (str == NULL || der_len <= 0) | ||
244 | return; | ||
245 | len = MHD__asn1_get_length_der (der, der_len, &len_len); | ||
246 | |||
247 | if (len < 0 || len > der_len || len_len > der_len) | ||
248 | return; | ||
249 | |||
250 | val1 = der[len_len] / 40; | ||
251 | val = der[len_len] - val1 * 40; | ||
252 | |||
253 | MHD__asn1_str_cpy (str, str_size, MHD__asn1_ltostr (val1, temp)); | ||
254 | MHD__asn1_str_cat (str, str_size, "."); | ||
255 | MHD__asn1_str_cat (str, str_size, MHD__asn1_ltostr (val, temp)); | ||
256 | |||
257 | val = 0; | ||
258 | for (k = 1; k < len; k++) | ||
259 | { | ||
260 | val = val << 7; | ||
261 | val |= der[len_len + k] & 0x7F; | ||
262 | if (!(der[len_len + k] & 0x80)) | ||
263 | { | ||
264 | MHD__asn1_str_cat (str, str_size, "."); | ||
265 | MHD__asn1_str_cat (str, str_size, MHD__asn1_ltostr (val, temp)); | ||
266 | val = 0; | ||
267 | } | ||
268 | } | ||
269 | *ret_len = len + len_len; | ||
270 | } | ||
271 | |||
272 | |||
273 | |||
274 | |||
275 | /** | ||
276 | * MHD__asn1_get_bit_der: | ||
277 | * @der: DER data to decode containing the BIT SEQUENCE. | ||
278 | * @der_len: Length of DER data to decode. | ||
279 | * @ret_len: Output variable containing the length of the DER data. | ||
280 | * @str: Pre-allocated output buffer to put decoded BIT SEQUENCE in. | ||
281 | * @str_size: Length of pre-allocated output buffer. | ||
282 | * @bit_len: Output variable containing the size of the BIT SEQUENCE. | ||
283 | * | ||
284 | * Extract a BIT SEQUENCE from DER data. | ||
285 | * | ||
286 | * Return value: Return ASN1_SUCCESS on success, or an error. | ||
287 | **/ | ||
288 | int | ||
289 | MHD__asn1_get_bit_der (const unsigned char *der, int der_len, | ||
290 | int *ret_len, unsigned char *str, int str_size, | ||
291 | int *bit_len) | ||
292 | { | ||
293 | int len_len, len_byte; | ||
294 | |||
295 | if (der_len <= 0) | ||
296 | return ASN1_GENERIC_ERROR; | ||
297 | len_byte = MHD__asn1_get_length_der (der, der_len, &len_len) - 1; | ||
298 | if (len_byte < 0) | ||
299 | return ASN1_DER_ERROR; | ||
300 | |||
301 | *ret_len = len_byte + len_len + 1; | ||
302 | *bit_len = len_byte * 8 - der[len_len]; | ||
303 | |||
304 | if (str_size >= len_byte) | ||
305 | memcpy (str, der + len_len + 1, len_byte); | ||
306 | else | ||
307 | { | ||
308 | return ASN1_MEM_ERROR; | ||
309 | } | ||
310 | |||
311 | return ASN1_SUCCESS; | ||
312 | } | ||
313 | |||
314 | |||
315 | |||
316 | |||
317 | static int | ||
318 | MHD__asn1_extract_tag_der (node_asn * node, const unsigned char *der, | ||
319 | int der_len, int *ret_len) | ||
320 | { | ||
321 | node_asn *p; | ||
322 | int counter, len2, len3, is_tag_implicit; | ||
323 | unsigned long tag, tag_implicit = 0; | ||
324 | unsigned char class, class2, class_implicit = 0; | ||
325 | |||
326 | if (der_len <= 0) | ||
327 | return ASN1_GENERIC_ERROR; | ||
328 | |||
329 | counter = is_tag_implicit = 0; | ||
330 | |||
331 | if (node->type & CONST_TAG) | ||
332 | { | ||
333 | p = node->down; | ||
334 | while (p) | ||
335 | { | ||
336 | if (type_field (p->type) == TYPE_TAG) | ||
337 | { | ||
338 | if (p->type & CONST_APPLICATION) | ||
339 | class2 = ASN1_CLASS_APPLICATION; | ||
340 | else if (p->type & CONST_UNIVERSAL) | ||
341 | class2 = ASN1_CLASS_UNIVERSAL; | ||
342 | else if (p->type & CONST_PRIVATE) | ||
343 | class2 = ASN1_CLASS_PRIVATE; | ||
344 | else | ||
345 | class2 = ASN1_CLASS_CONTEXT_SPECIFIC; | ||
346 | |||
347 | if (p->type & CONST_EXPLICIT) | ||
348 | { | ||
349 | if (MHD__asn1_get_tag_der | ||
350 | (der + counter, der_len - counter, &class, &len2, | ||
351 | &tag) != ASN1_SUCCESS) | ||
352 | return ASN1_DER_ERROR; | ||
353 | if (counter + len2 > der_len) | ||
354 | return ASN1_DER_ERROR; | ||
355 | counter += len2; | ||
356 | len3 = | ||
357 | MHD__asn1_get_length_der (der + counter, | ||
358 | der_len - counter, &len2); | ||
359 | if (len3 < 0) | ||
360 | return ASN1_DER_ERROR; | ||
361 | counter += len2; | ||
362 | if (!is_tag_implicit) | ||
363 | { | ||
364 | if ((class != (class2 | ASN1_CLASS_STRUCTURED)) || | ||
365 | (tag != strtoul ((char *) p->value, NULL, 10))) | ||
366 | return ASN1_TAG_ERROR; | ||
367 | } | ||
368 | else | ||
369 | { /* ASN1_TAG_IMPLICIT */ | ||
370 | if ((class != class_implicit) || (tag != tag_implicit)) | ||
371 | return ASN1_TAG_ERROR; | ||
372 | } | ||
373 | |||
374 | is_tag_implicit = 0; | ||
375 | } | ||
376 | else | ||
377 | { /* ASN1_TAG_IMPLICIT */ | ||
378 | if (!is_tag_implicit) | ||
379 | { | ||
380 | if ((type_field (node->type) == TYPE_SEQUENCE) || | ||
381 | (type_field (node->type) == TYPE_SEQUENCE_OF) || | ||
382 | (type_field (node->type) == TYPE_SET) || | ||
383 | (type_field (node->type) == TYPE_SET_OF)) | ||
384 | class2 |= ASN1_CLASS_STRUCTURED; | ||
385 | class_implicit = class2; | ||
386 | tag_implicit = strtoul ((char *) p->value, NULL, 10); | ||
387 | is_tag_implicit = 1; | ||
388 | } | ||
389 | } | ||
390 | } | ||
391 | p = p->right; | ||
392 | } | ||
393 | } | ||
394 | |||
395 | if (is_tag_implicit) | ||
396 | { | ||
397 | if (MHD__asn1_get_tag_der | ||
398 | (der + counter, der_len - counter, &class, &len2, | ||
399 | &tag) != ASN1_SUCCESS) | ||
400 | return ASN1_DER_ERROR; | ||
401 | if (counter + len2 > der_len) | ||
402 | return ASN1_DER_ERROR; | ||
403 | |||
404 | if ((class != class_implicit) || (tag != tag_implicit)) | ||
405 | { | ||
406 | if (type_field (node->type) == TYPE_OCTET_STRING) | ||
407 | { | ||
408 | class_implicit |= ASN1_CLASS_STRUCTURED; | ||
409 | if ((class != class_implicit) || (tag != tag_implicit)) | ||
410 | return ASN1_TAG_ERROR; | ||
411 | } | ||
412 | else | ||
413 | return ASN1_TAG_ERROR; | ||
414 | } | ||
415 | } | ||
416 | else | ||
417 | { | ||
418 | if (type_field (node->type) == TYPE_TAG) | ||
419 | { | ||
420 | counter = 0; | ||
421 | *ret_len = counter; | ||
422 | return ASN1_SUCCESS; | ||
423 | } | ||
424 | |||
425 | if (MHD__asn1_get_tag_der | ||
426 | (der + counter, der_len - counter, &class, &len2, | ||
427 | &tag) != ASN1_SUCCESS) | ||
428 | return ASN1_DER_ERROR; | ||
429 | if (counter + len2 > der_len) | ||
430 | return ASN1_DER_ERROR; | ||
431 | |||
432 | switch (type_field (node->type)) | ||
433 | { | ||
434 | case TYPE_NULL: | ||
435 | if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_NULL)) | ||
436 | return ASN1_DER_ERROR; | ||
437 | break; | ||
438 | case TYPE_BOOLEAN: | ||
439 | if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_BOOLEAN)) | ||
440 | return ASN1_DER_ERROR; | ||
441 | break; | ||
442 | case TYPE_INTEGER: | ||
443 | if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_INTEGER)) | ||
444 | return ASN1_DER_ERROR; | ||
445 | break; | ||
446 | case TYPE_ENUMERATED: | ||
447 | if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_ENUMERATED)) | ||
448 | return ASN1_DER_ERROR; | ||
449 | break; | ||
450 | case TYPE_OBJECT_ID: | ||
451 | if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_OBJECT_ID)) | ||
452 | return ASN1_DER_ERROR; | ||
453 | break; | ||
454 | case TYPE_TIME: | ||
455 | if (node->type & CONST_UTC) | ||
456 | { | ||
457 | if ((class != ASN1_CLASS_UNIVERSAL) | ||
458 | || (tag != ASN1_TAG_UTCTime)) | ||
459 | return ASN1_DER_ERROR; | ||
460 | } | ||
461 | else | ||
462 | { | ||
463 | if ((class != ASN1_CLASS_UNIVERSAL) | ||
464 | || (tag != ASN1_TAG_GENERALIZEDTime)) | ||
465 | return ASN1_DER_ERROR; | ||
466 | } | ||
467 | break; | ||
468 | case TYPE_OCTET_STRING: | ||
469 | if (((class != ASN1_CLASS_UNIVERSAL) | ||
470 | && (class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED))) | ||
471 | || (tag != ASN1_TAG_OCTET_STRING)) | ||
472 | return ASN1_DER_ERROR; | ||
473 | break; | ||
474 | case TYPE_GENERALSTRING: | ||
475 | if ((class != ASN1_CLASS_UNIVERSAL) | ||
476 | || (tag != ASN1_TAG_GENERALSTRING)) | ||
477 | return ASN1_DER_ERROR; | ||
478 | break; | ||
479 | case TYPE_BIT_STRING: | ||
480 | if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_BIT_STRING)) | ||
481 | return ASN1_DER_ERROR; | ||
482 | break; | ||
483 | case TYPE_SEQUENCE: | ||
484 | case TYPE_SEQUENCE_OF: | ||
485 | if ((class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED)) | ||
486 | || (tag != ASN1_TAG_SEQUENCE)) | ||
487 | return ASN1_DER_ERROR; | ||
488 | break; | ||
489 | case TYPE_SET: | ||
490 | case TYPE_SET_OF: | ||
491 | if ((class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED)) | ||
492 | || (tag != ASN1_TAG_SET)) | ||
493 | return ASN1_DER_ERROR; | ||
494 | break; | ||
495 | case TYPE_ANY: | ||
496 | counter -= len2; | ||
497 | break; | ||
498 | default: | ||
499 | return ASN1_DER_ERROR; | ||
500 | break; | ||
501 | } | ||
502 | } | ||
503 | |||
504 | counter += len2; | ||
505 | *ret_len = counter; | ||
506 | return ASN1_SUCCESS; | ||
507 | } | ||
508 | |||
509 | |||
510 | static int | ||
511 | MHD__asn1_delete_not_used (node_asn * node) | ||
512 | { | ||
513 | node_asn *p, *p2; | ||
514 | |||
515 | if (node == NULL) | ||
516 | return ASN1_ELEMENT_NOT_FOUND; | ||
517 | |||
518 | p = node; | ||
519 | while (p) | ||
520 | { | ||
521 | if (p->type & CONST_NOT_USED) | ||
522 | { | ||
523 | p2 = NULL; | ||
524 | if (p != node) | ||
525 | { | ||
526 | p2 = MHD__asn1_find_left (p); | ||
527 | if (!p2) | ||
528 | p2 = MHD__asn1_find_up (p); | ||
529 | } | ||
530 | MHD__asn1_delete_structure (&p); | ||
531 | p = p2; | ||
532 | } | ||
533 | |||
534 | if (!p) | ||
535 | break; /* reach node */ | ||
536 | |||
537 | if (p->down) | ||
538 | { | ||
539 | p = p->down; | ||
540 | } | ||
541 | else | ||
542 | { | ||
543 | if (p == node) | ||
544 | p = NULL; | ||
545 | else if (p->right) | ||
546 | p = p->right; | ||
547 | else | ||
548 | { | ||
549 | while (1) | ||
550 | { | ||
551 | p = MHD__asn1_find_up (p); | ||
552 | if (p == node) | ||
553 | { | ||
554 | p = NULL; | ||
555 | break; | ||
556 | } | ||
557 | if (p->right) | ||
558 | { | ||
559 | p = p->right; | ||
560 | break; | ||
561 | } | ||
562 | } | ||
563 | } | ||
564 | } | ||
565 | } | ||
566 | return ASN1_SUCCESS; | ||
567 | } | ||
568 | |||
569 | |||
570 | static MHD__asn1_retCode | ||
571 | MHD__asn1_get_octet_string (const unsigned char *der, node_asn * node, | ||
572 | int *len) | ||
573 | { | ||
574 | int len2, len3, counter, counter2, counter_end, tot_len, indefinite; | ||
575 | unsigned char *temp, *temp2; | ||
576 | |||
577 | counter = 0; | ||
578 | |||
579 | if (*(der - 1) & ASN1_CLASS_STRUCTURED) | ||
580 | { | ||
581 | tot_len = 0; | ||
582 | indefinite = MHD__asn1_get_length_der (der, *len, &len3); | ||
583 | if (indefinite < -1) | ||
584 | return ASN1_DER_ERROR; | ||
585 | |||
586 | counter += len3; | ||
587 | if (indefinite >= 0) | ||
588 | indefinite += len3; | ||
589 | |||
590 | while (1) | ||
591 | { | ||
592 | if (counter > (*len)) | ||
593 | return ASN1_DER_ERROR; | ||
594 | |||
595 | if (indefinite == -1) | ||
596 | { | ||
597 | if ((der[counter] == 0) && (der[counter + 1] == 0)) | ||
598 | { | ||
599 | counter += 2; | ||
600 | break; | ||
601 | } | ||
602 | } | ||
603 | else if (counter >= indefinite) | ||
604 | break; | ||
605 | |||
606 | if (der[counter] != ASN1_TAG_OCTET_STRING) | ||
607 | return ASN1_DER_ERROR; | ||
608 | |||
609 | counter++; | ||
610 | |||
611 | len2 = | ||
612 | MHD__asn1_get_length_der (der + counter, *len - counter, &len3); | ||
613 | if (len2 <= 0) | ||
614 | return ASN1_DER_ERROR; | ||
615 | |||
616 | counter += len3 + len2; | ||
617 | tot_len += len2; | ||
618 | } | ||
619 | |||
620 | /* copy */ | ||
621 | if (node) | ||
622 | { | ||
623 | MHD__asn1_length_der (tot_len, NULL, &len2); | ||
624 | temp = MHD__asn1_alloca (len2 + tot_len); | ||
625 | if (temp == NULL) | ||
626 | { | ||
627 | return ASN1_MEM_ALLOC_ERROR; | ||
628 | } | ||
629 | |||
630 | MHD__asn1_length_der (tot_len, temp, &len2); | ||
631 | tot_len += len2; | ||
632 | temp2 = temp + len2; | ||
633 | len2 = MHD__asn1_get_length_der (der, *len, &len3); | ||
634 | if (len2 < -1) | ||
635 | { | ||
636 | MHD__asn1_afree (temp); | ||
637 | return ASN1_DER_ERROR; | ||
638 | } | ||
639 | counter2 = len3 + 1; | ||
640 | |||
641 | if (indefinite == -1) | ||
642 | counter_end = counter - 2; | ||
643 | else | ||
644 | counter_end = counter; | ||
645 | |||
646 | while (counter2 < counter_end) | ||
647 | { | ||
648 | len2 = | ||
649 | MHD__asn1_get_length_der (der + counter2, *len - counter, | ||
650 | &len3); | ||
651 | if (len2 < -1) | ||
652 | { | ||
653 | MHD__asn1_afree (temp); | ||
654 | return ASN1_DER_ERROR; | ||
655 | } | ||
656 | |||
657 | /* FIXME: to be checked. Is this ok? Has the | ||
658 | * size been checked before? | ||
659 | */ | ||
660 | memcpy (temp2, der + counter2 + len3, len2); | ||
661 | temp2 += len2; | ||
662 | counter2 += len2 + len3 + 1; | ||
663 | } | ||
664 | |||
665 | MHD__asn1_set_value (node, temp, tot_len); | ||
666 | MHD__asn1_afree (temp); | ||
667 | } | ||
668 | } | ||
669 | else | ||
670 | { /* NOT STRUCTURED */ | ||
671 | len2 = MHD__asn1_get_length_der (der, *len, &len3); | ||
672 | if (len2 < 0) | ||
673 | return ASN1_DER_ERROR; | ||
674 | if (len3 + len2 > *len) | ||
675 | return ASN1_DER_ERROR; | ||
676 | if (node) | ||
677 | MHD__asn1_set_value (node, der, len3 + len2); | ||
678 | counter = len3 + len2; | ||
679 | } | ||
680 | |||
681 | *len = counter; | ||
682 | return ASN1_SUCCESS; | ||
683 | |||
684 | } | ||
685 | |||
686 | |||
687 | static MHD__asn1_retCode | ||
688 | MHD__asn1_get_indefinite_length_string (const unsigned char *der, int *len) | ||
689 | { | ||
690 | int len2, len3, counter, indefinite; | ||
691 | unsigned long tag; | ||
692 | unsigned char class; | ||
693 | |||
694 | counter = indefinite = 0; | ||
695 | |||
696 | while (1) | ||
697 | { | ||
698 | if ((*len) < counter) | ||
699 | return ASN1_DER_ERROR; | ||
700 | |||
701 | if ((der[counter] == 0) && (der[counter + 1] == 0)) | ||
702 | { | ||
703 | counter += 2; | ||
704 | indefinite--; | ||
705 | if (indefinite <= 0) | ||
706 | break; | ||
707 | else | ||
708 | continue; | ||
709 | } | ||
710 | |||
711 | if (MHD__asn1_get_tag_der | ||
712 | (der + counter, *len - counter, &class, &len2, | ||
713 | &tag) != ASN1_SUCCESS) | ||
714 | return ASN1_DER_ERROR; | ||
715 | if (counter + len2 > *len) | ||
716 | return ASN1_DER_ERROR; | ||
717 | counter += len2; | ||
718 | len2 = MHD__asn1_get_length_der (der + counter, *len - counter, &len3); | ||
719 | if (len2 < -1) | ||
720 | return ASN1_DER_ERROR; | ||
721 | if (len2 == -1) | ||
722 | { | ||
723 | indefinite++; | ||
724 | counter += 1; | ||
725 | } | ||
726 | else | ||
727 | { | ||
728 | counter += len2 + len3; | ||
729 | } | ||
730 | } | ||
731 | |||
732 | *len = counter; | ||
733 | return ASN1_SUCCESS; | ||
734 | |||
735 | } | ||
736 | |||
737 | |||
738 | /** | ||
739 | * MHD__asn1_der_decoding - Fill the structure *ELEMENT with values of a DER encoding string. | ||
740 | * @element: pointer to an ASN1 structure. | ||
741 | * @ider: vector that contains the DER encoding. | ||
742 | * @len: number of bytes of *@ider: @ider[0]..@ider[len-1]. | ||
743 | * @errorDescription: null-terminated string contains details when an | ||
744 | * error occurred. | ||
745 | * | ||
746 | * Fill the structure *ELEMENT with values of a DER encoding | ||
747 | * string. The sructure must just be created with function | ||
748 | * 'create_stucture'. If an error occurs during the decoding | ||
749 | * procedure, the *ELEMENT is deleted and set equal to | ||
750 | * %ASN1_TYPE_EMPTY. | ||
751 | * | ||
752 | * Returns: | ||
753 | * | ||
754 | * ASN1_SUCCESS: DER encoding OK. | ||
755 | * | ||
756 | * ASN1_ELEMENT_NOT_FOUND: ELEMENT is ASN1_TYPE_EMPTY. | ||
757 | * | ||
758 | * ASN1_TAG_ERROR,ASN1_DER_ERROR: The der encoding doesn't match | ||
759 | * the structure NAME. *ELEMENT deleted. | ||
760 | **/ | ||
761 | |||
762 | MHD__asn1_retCode | ||
763 | MHD__asn1_der_decoding (ASN1_TYPE * element, const void *ider, int len, | ||
764 | char *errorDescription) | ||
765 | { | ||
766 | node_asn *node, *p, *p2, *p3; | ||
767 | char temp[128]; | ||
768 | int counter, len2, len3, len4, move, ris, tlen; | ||
769 | unsigned char class, *temp2; | ||
770 | unsigned long tag; | ||
771 | int indefinite, result; | ||
772 | const unsigned char *der = ider; | ||
773 | |||
774 | node = *element; | ||
775 | |||
776 | if (node == ASN1_TYPE_EMPTY) | ||
777 | return ASN1_ELEMENT_NOT_FOUND; | ||
778 | |||
779 | if (node->type & CONST_OPTION) | ||
780 | { | ||
781 | MHD__asn1_delete_structure (element); | ||
782 | return ASN1_GENERIC_ERROR; | ||
783 | } | ||
784 | |||
785 | counter = 0; | ||
786 | move = DOWN; | ||
787 | p = node; | ||
788 | while (1) | ||
789 | { | ||
790 | ris = ASN1_SUCCESS; | ||
791 | if (move != UP) | ||
792 | { | ||
793 | if (p->type & CONST_SET) | ||
794 | { | ||
795 | p2 = MHD__asn1_find_up (p); | ||
796 | len2 = strtol ((const char *) p2->value, NULL, 10); | ||
797 | if (len2 == -1) | ||
798 | { | ||
799 | if (!der[counter] && !der[counter + 1]) | ||
800 | { | ||
801 | p = p2; | ||
802 | move = UP; | ||
803 | counter += 2; | ||
804 | continue; | ||
805 | } | ||
806 | } | ||
807 | else if (counter == len2) | ||
808 | { | ||
809 | p = p2; | ||
810 | move = UP; | ||
811 | continue; | ||
812 | } | ||
813 | else if (counter > len2) | ||
814 | { | ||
815 | MHD__asn1_delete_structure (element); | ||
816 | return ASN1_DER_ERROR; | ||
817 | } | ||
818 | p2 = p2->down; | ||
819 | while (p2) | ||
820 | { | ||
821 | if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED)) | ||
822 | { | ||
823 | if (type_field (p2->type) != TYPE_CHOICE) | ||
824 | ris = | ||
825 | MHD__asn1_extract_tag_der (p2, der + counter, | ||
826 | len - counter, &len2); | ||
827 | else | ||
828 | { | ||
829 | p3 = p2->down; | ||
830 | while (p3) | ||
831 | { | ||
832 | ris = | ||
833 | MHD__asn1_extract_tag_der (p3, der + counter, | ||
834 | len - counter, | ||
835 | &len2); | ||
836 | if (ris == ASN1_SUCCESS) | ||
837 | break; | ||
838 | p3 = p3->right; | ||
839 | } | ||
840 | } | ||
841 | if (ris == ASN1_SUCCESS) | ||
842 | { | ||
843 | p2->type &= ~CONST_NOT_USED; | ||
844 | p = p2; | ||
845 | break; | ||
846 | } | ||
847 | } | ||
848 | p2 = p2->right; | ||
849 | } | ||
850 | if (p2 == NULL) | ||
851 | { | ||
852 | MHD__asn1_delete_structure (element); | ||
853 | return ASN1_DER_ERROR; | ||
854 | } | ||
855 | } | ||
856 | |||
857 | if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT)) | ||
858 | { | ||
859 | p2 = MHD__asn1_find_up (p); | ||
860 | len2 = strtol ((const char *) p2->value, NULL, 10); | ||
861 | if (counter == len2) | ||
862 | { | ||
863 | if (p->right) | ||
864 | { | ||
865 | p2 = p->right; | ||
866 | move = RIGHT; | ||
867 | } | ||
868 | else | ||
869 | move = UP; | ||
870 | |||
871 | if (p->type & CONST_OPTION) | ||
872 | MHD__asn1_delete_structure (&p); | ||
873 | |||
874 | p = p2; | ||
875 | continue; | ||
876 | } | ||
877 | } | ||
878 | |||
879 | if (type_field (p->type) == TYPE_CHOICE) | ||
880 | { | ||
881 | while (p->down) | ||
882 | { | ||
883 | if (counter < len) | ||
884 | ris = | ||
885 | MHD__asn1_extract_tag_der (p->down, der + counter, | ||
886 | len - counter, &len2); | ||
887 | else | ||
888 | ris = ASN1_DER_ERROR; | ||
889 | if (ris == ASN1_SUCCESS) | ||
890 | { | ||
891 | while (p->down->right) | ||
892 | { | ||
893 | p2 = p->down->right; | ||
894 | MHD__asn1_delete_structure (&p2); | ||
895 | } | ||
896 | break; | ||
897 | } | ||
898 | else if (ris == ASN1_ERROR_TYPE_ANY) | ||
899 | { | ||
900 | MHD__asn1_delete_structure (element); | ||
901 | return ASN1_ERROR_TYPE_ANY; | ||
902 | } | ||
903 | else | ||
904 | { | ||
905 | p2 = p->down; | ||
906 | MHD__asn1_delete_structure (&p2); | ||
907 | } | ||
908 | } | ||
909 | |||
910 | if (p->down == NULL) | ||
911 | { | ||
912 | if (!(p->type & CONST_OPTION)) | ||
913 | { | ||
914 | MHD__asn1_delete_structure (element); | ||
915 | return ASN1_DER_ERROR; | ||
916 | } | ||
917 | } | ||
918 | else | ||
919 | p = p->down; | ||
920 | } | ||
921 | |||
922 | if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT)) | ||
923 | { | ||
924 | p2 = MHD__asn1_find_up (p); | ||
925 | len2 = strtol ((const char *) p2->value, NULL, 10); | ||
926 | if ((len2 != -1) && (counter > len2)) | ||
927 | ris = ASN1_TAG_ERROR; | ||
928 | } | ||
929 | |||
930 | if (ris == ASN1_SUCCESS) | ||
931 | ris = | ||
932 | MHD__asn1_extract_tag_der (p, der + counter, len - counter, | ||
933 | &len2); | ||
934 | if (ris != ASN1_SUCCESS) | ||
935 | { | ||
936 | if (p->type & CONST_OPTION) | ||
937 | { | ||
938 | p->type |= CONST_NOT_USED; | ||
939 | move = RIGHT; | ||
940 | } | ||
941 | else if (p->type & CONST_DEFAULT) | ||
942 | { | ||
943 | MHD__asn1_set_value (p, NULL, 0); | ||
944 | move = RIGHT; | ||
945 | } | ||
946 | else | ||
947 | { | ||
948 | if (errorDescription != NULL) | ||
949 | MHD__asn1_error_description_tag_error (p, | ||
950 | errorDescription); | ||
951 | |||
952 | MHD__asn1_delete_structure (element); | ||
953 | return ASN1_TAG_ERROR; | ||
954 | } | ||
955 | } | ||
956 | else | ||
957 | counter += len2; | ||
958 | } | ||
959 | |||
960 | if (ris == ASN1_SUCCESS) | ||
961 | { | ||
962 | switch (type_field (p->type)) | ||
963 | { | ||
964 | case TYPE_NULL: | ||
965 | if (der[counter]) | ||
966 | { | ||
967 | MHD__asn1_delete_structure (element); | ||
968 | return ASN1_DER_ERROR; | ||
969 | } | ||
970 | counter++; | ||
971 | move = RIGHT; | ||
972 | break; | ||
973 | case TYPE_BOOLEAN: | ||
974 | if (der[counter++] != 1) | ||
975 | { | ||
976 | MHD__asn1_delete_structure (element); | ||
977 | return ASN1_DER_ERROR; | ||
978 | } | ||
979 | if (der[counter++] == 0) | ||
980 | MHD__asn1_set_value (p, "F", 1); | ||
981 | else | ||
982 | MHD__asn1_set_value (p, "T", 1); | ||
983 | move = RIGHT; | ||
984 | break; | ||
985 | case TYPE_INTEGER: | ||
986 | case TYPE_ENUMERATED: | ||
987 | len2 = | ||
988 | MHD__asn1_get_length_der (der + counter, len - counter, | ||
989 | &len3); | ||
990 | if (len2 < 0) | ||
991 | return ASN1_DER_ERROR; | ||
992 | if (len2 + len3 > len - counter) | ||
993 | return ASN1_DER_ERROR; | ||
994 | MHD__asn1_set_value (p, der + counter, len3 + len2); | ||
995 | counter += len3 + len2; | ||
996 | move = RIGHT; | ||
997 | break; | ||
998 | case TYPE_OBJECT_ID: | ||
999 | MHD__asn1_get_objectid_der (der + counter, len - counter, &len2, | ||
1000 | temp, sizeof (temp)); | ||
1001 | tlen = strlen (temp); | ||
1002 | if (tlen > 0) | ||
1003 | MHD__asn1_set_value (p, temp, tlen + 1); | ||
1004 | counter += len2; | ||
1005 | move = RIGHT; | ||
1006 | break; | ||
1007 | case TYPE_TIME: | ||
1008 | result = | ||
1009 | MHD__asn1_get_time_der (der + counter, len - counter, &len2, | ||
1010 | temp, sizeof (temp) - 1); | ||
1011 | if (result != ASN1_SUCCESS) | ||
1012 | { | ||
1013 | MHD__asn1_delete_structure (element); | ||
1014 | return result; | ||
1015 | } | ||
1016 | tlen = strlen (temp); | ||
1017 | if (tlen > 0) | ||
1018 | MHD__asn1_set_value (p, temp, tlen + 1); | ||
1019 | counter += len2; | ||
1020 | move = RIGHT; | ||
1021 | break; | ||
1022 | case TYPE_OCTET_STRING: | ||
1023 | len3 = len - counter; | ||
1024 | ris = MHD__asn1_get_octet_string (der + counter, p, &len3); | ||
1025 | if (ris != ASN1_SUCCESS) | ||
1026 | return ris; | ||
1027 | counter += len3; | ||
1028 | move = RIGHT; | ||
1029 | break; | ||
1030 | case TYPE_GENERALSTRING: | ||
1031 | len2 = | ||
1032 | MHD__asn1_get_length_der (der + counter, len - counter, | ||
1033 | &len3); | ||
1034 | if (len2 < 0) | ||
1035 | return ASN1_DER_ERROR; | ||
1036 | if (len3 + len2 > len - counter) | ||
1037 | return ASN1_DER_ERROR; | ||
1038 | MHD__asn1_set_value (p, der + counter, len3 + len2); | ||
1039 | counter += len3 + len2; | ||
1040 | move = RIGHT; | ||
1041 | break; | ||
1042 | case TYPE_BIT_STRING: | ||
1043 | len2 = | ||
1044 | MHD__asn1_get_length_der (der + counter, len - counter, | ||
1045 | &len3); | ||
1046 | if (len2 < 0) | ||
1047 | return ASN1_DER_ERROR; | ||
1048 | if (len3 + len2 > len - counter) | ||
1049 | return ASN1_DER_ERROR; | ||
1050 | MHD__asn1_set_value (p, der + counter, len3 + len2); | ||
1051 | counter += len3 + len2; | ||
1052 | move = RIGHT; | ||
1053 | break; | ||
1054 | case TYPE_SEQUENCE: | ||
1055 | case TYPE_SET: | ||
1056 | if (move == UP) | ||
1057 | { | ||
1058 | len2 = strtol ((const char *) p->value, NULL, 10); | ||
1059 | MHD__asn1_set_value (p, NULL, 0); | ||
1060 | if (len2 == -1) | ||
1061 | { /* indefinite length method */ | ||
1062 | if (len - counter + 1 > 0) | ||
1063 | { | ||
1064 | if ((der[counter]) || der[counter + 1]) | ||
1065 | { | ||
1066 | MHD__asn1_delete_structure (element); | ||
1067 | return ASN1_DER_ERROR; | ||
1068 | } | ||
1069 | } | ||
1070 | else | ||
1071 | return ASN1_DER_ERROR; | ||
1072 | counter += 2; | ||
1073 | } | ||
1074 | else | ||
1075 | { /* definite length method */ | ||
1076 | if (len2 != counter) | ||
1077 | { | ||
1078 | MHD__asn1_delete_structure (element); | ||
1079 | return ASN1_DER_ERROR; | ||
1080 | } | ||
1081 | } | ||
1082 | move = RIGHT; | ||
1083 | } | ||
1084 | else | ||
1085 | { /* move==DOWN || move==RIGHT */ | ||
1086 | len3 = | ||
1087 | MHD__asn1_get_length_der (der + counter, len - counter, | ||
1088 | &len2); | ||
1089 | if (len3 < -1) | ||
1090 | return ASN1_DER_ERROR; | ||
1091 | counter += len2; | ||
1092 | if (len3 > 0) | ||
1093 | { | ||
1094 | MHD__asn1_ltostr (counter + len3, temp); | ||
1095 | tlen = strlen (temp); | ||
1096 | if (tlen > 0) | ||
1097 | MHD__asn1_set_value (p, temp, tlen + 1); | ||
1098 | move = DOWN; | ||
1099 | } | ||
1100 | else if (len3 == 0) | ||
1101 | { | ||
1102 | p2 = p->down; | ||
1103 | while (p2) | ||
1104 | { | ||
1105 | if (type_field (p2->type) != TYPE_TAG) | ||
1106 | { | ||
1107 | p3 = p2->right; | ||
1108 | MHD__asn1_delete_structure (&p2); | ||
1109 | p2 = p3; | ||
1110 | } | ||
1111 | else | ||
1112 | p2 = p2->right; | ||
1113 | } | ||
1114 | move = RIGHT; | ||
1115 | } | ||
1116 | else | ||
1117 | { /* indefinite length method */ | ||
1118 | MHD__asn1_set_value (p, "-1", 3); | ||
1119 | move = DOWN; | ||
1120 | } | ||
1121 | } | ||
1122 | break; | ||
1123 | case TYPE_SEQUENCE_OF: | ||
1124 | case TYPE_SET_OF: | ||
1125 | if (move == UP) | ||
1126 | { | ||
1127 | len2 = strtol ((const char *) p->value, NULL, 10); | ||
1128 | if (len2 == -1) | ||
1129 | { /* indefinite length method */ | ||
1130 | if ((counter + 2) > len) | ||
1131 | return ASN1_DER_ERROR; | ||
1132 | if ((der[counter]) || der[counter + 1]) | ||
1133 | { | ||
1134 | MHD__asn1_append_sequence_set (p); | ||
1135 | p = p->down; | ||
1136 | while (p->right) | ||
1137 | p = p->right; | ||
1138 | move = RIGHT; | ||
1139 | continue; | ||
1140 | } | ||
1141 | MHD__asn1_set_value (p, NULL, 0); | ||
1142 | counter += 2; | ||
1143 | } | ||
1144 | else | ||
1145 | { /* definite length method */ | ||
1146 | if (len2 > counter) | ||
1147 | { | ||
1148 | MHD__asn1_append_sequence_set (p); | ||
1149 | p = p->down; | ||
1150 | while (p->right) | ||
1151 | p = p->right; | ||
1152 | move = RIGHT; | ||
1153 | continue; | ||
1154 | } | ||
1155 | MHD__asn1_set_value (p, NULL, 0); | ||
1156 | if (len2 != counter) | ||
1157 | { | ||
1158 | MHD__asn1_delete_structure (element); | ||
1159 | return ASN1_DER_ERROR; | ||
1160 | } | ||
1161 | } | ||
1162 | } | ||
1163 | else | ||
1164 | { /* move==DOWN || move==RIGHT */ | ||
1165 | len3 = | ||
1166 | MHD__asn1_get_length_der (der + counter, len - counter, | ||
1167 | &len2); | ||
1168 | if (len3 < -1) | ||
1169 | return ASN1_DER_ERROR; | ||
1170 | counter += len2; | ||
1171 | if (len3) | ||
1172 | { | ||
1173 | if (len3 > 0) | ||
1174 | { /* definite length method */ | ||
1175 | MHD__asn1_ltostr (counter + len3, temp); | ||
1176 | tlen = strlen (temp); | ||
1177 | |||
1178 | if (tlen > 0) | ||
1179 | MHD__asn1_set_value (p, temp, tlen + 1); | ||
1180 | } | ||
1181 | else | ||
1182 | { /* indefinite length method */ | ||
1183 | MHD__asn1_set_value (p, "-1", 3); | ||
1184 | } | ||
1185 | p2 = p->down; | ||
1186 | while ((type_field (p2->type) == TYPE_TAG) | ||
1187 | || (type_field (p2->type) == TYPE_SIZE)) | ||
1188 | p2 = p2->right; | ||
1189 | if (p2->right == NULL) | ||
1190 | MHD__asn1_append_sequence_set (p); | ||
1191 | p = p2; | ||
1192 | } | ||
1193 | } | ||
1194 | move = RIGHT; | ||
1195 | break; | ||
1196 | case TYPE_ANY: | ||
1197 | if (MHD__asn1_get_tag_der | ||
1198 | (der + counter, len - counter, &class, &len2, | ||
1199 | &tag) != ASN1_SUCCESS) | ||
1200 | return ASN1_DER_ERROR; | ||
1201 | if (counter + len2 > len) | ||
1202 | return ASN1_DER_ERROR; | ||
1203 | len4 = | ||
1204 | MHD__asn1_get_length_der (der + counter + len2, | ||
1205 | len - counter - len2, &len3); | ||
1206 | if (len4 < -1) | ||
1207 | return ASN1_DER_ERROR; | ||
1208 | if (len4 > len - counter + len2 + len3) | ||
1209 | return ASN1_DER_ERROR; | ||
1210 | if (len4 != -1) | ||
1211 | { | ||
1212 | len2 += len4; | ||
1213 | MHD__asn1_length_der (len2 + len3, NULL, &len4); | ||
1214 | temp2 = | ||
1215 | (unsigned char *) MHD__asn1_alloca (len2 + len3 + len4); | ||
1216 | if (temp2 == NULL) | ||
1217 | { | ||
1218 | MHD__asn1_delete_structure (element); | ||
1219 | return ASN1_MEM_ALLOC_ERROR; | ||
1220 | } | ||
1221 | |||
1222 | MHD__asn1_octet_der (der + counter, len2 + len3, temp2, | ||
1223 | &len4); | ||
1224 | MHD__asn1_set_value (p, temp2, len4); | ||
1225 | MHD__asn1_afree (temp2); | ||
1226 | counter += len2 + len3; | ||
1227 | } | ||
1228 | else | ||
1229 | { /* indefinite length */ | ||
1230 | /* Check indefinite lenth method in an EXPLICIT TAG */ | ||
1231 | if ((p->type & CONST_TAG) && (der[counter - 1] == 0x80)) | ||
1232 | indefinite = 1; | ||
1233 | else | ||
1234 | indefinite = 0; | ||
1235 | |||
1236 | len2 = len - counter; | ||
1237 | ris = | ||
1238 | MHD__asn1_get_indefinite_length_string (der + counter, | ||
1239 | &len2); | ||
1240 | if (ris != ASN1_SUCCESS) | ||
1241 | { | ||
1242 | MHD__asn1_delete_structure (element); | ||
1243 | return ris; | ||
1244 | } | ||
1245 | MHD__asn1_length_der (len2, NULL, &len4); | ||
1246 | temp2 = (unsigned char *) MHD__asn1_alloca (len2 + len4); | ||
1247 | if (temp2 == NULL) | ||
1248 | { | ||
1249 | MHD__asn1_delete_structure (element); | ||
1250 | return ASN1_MEM_ALLOC_ERROR; | ||
1251 | } | ||
1252 | |||
1253 | MHD__asn1_octet_der (der + counter, len2, temp2, &len4); | ||
1254 | MHD__asn1_set_value (p, temp2, len4); | ||
1255 | MHD__asn1_afree (temp2); | ||
1256 | counter += len2; | ||
1257 | |||
1258 | /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with | ||
1259 | an indefinite length method. */ | ||
1260 | if (indefinite) | ||
1261 | { | ||
1262 | if (!der[counter] && !der[counter + 1]) | ||
1263 | { | ||
1264 | counter += 2; | ||
1265 | } | ||
1266 | else | ||
1267 | { | ||
1268 | MHD__asn1_delete_structure (element); | ||
1269 | return ASN1_DER_ERROR; | ||
1270 | } | ||
1271 | } | ||
1272 | } | ||
1273 | move = RIGHT; | ||
1274 | break; | ||
1275 | default: | ||
1276 | move = (move == UP) ? RIGHT : DOWN; | ||
1277 | break; | ||
1278 | } | ||
1279 | } | ||
1280 | |||
1281 | if (p == node && move != DOWN) | ||
1282 | break; | ||
1283 | |||
1284 | if (move == DOWN) | ||
1285 | { | ||
1286 | if (p->down) | ||
1287 | p = p->down; | ||
1288 | else | ||
1289 | move = RIGHT; | ||
1290 | } | ||
1291 | if ((move == RIGHT) && !(p->type & CONST_SET)) | ||
1292 | { | ||
1293 | if (p->right) | ||
1294 | p = p->right; | ||
1295 | else | ||
1296 | move = UP; | ||
1297 | } | ||
1298 | if (move == UP) | ||
1299 | p = MHD__asn1_find_up (p); | ||
1300 | } | ||
1301 | |||
1302 | MHD__asn1_delete_not_used (*element); | ||
1303 | |||
1304 | if (counter != len) | ||
1305 | { | ||
1306 | MHD__asn1_delete_structure (element); | ||
1307 | return ASN1_DER_ERROR; | ||
1308 | } | ||
1309 | |||
1310 | return ASN1_SUCCESS; | ||
1311 | } | ||
1312 | |||
1313 | |||
1314 | /** | ||
1315 | * MHD__asn1_der_decoding_startEnd - Find the start and end point of an element in a DER encoding string. | ||
1316 | * @element: pointer to an ASN1 element | ||
1317 | * @ider: vector that contains the DER encoding. | ||
1318 | * @len: number of bytes of *@ider: @ider[0]..@ider[len-1] | ||
1319 | * @name_element: an element of NAME structure. | ||
1320 | * @start: the position of the first byte of NAME_ELEMENT decoding | ||
1321 | * (@ider[*start]) | ||
1322 | * @end: the position of the last byte of NAME_ELEMENT decoding | ||
1323 | * (@ider[*end]) | ||
1324 | * | ||
1325 | * Find the start and end point of an element in a DER encoding | ||
1326 | * string. I mean that if you have a der encoding and you have | ||
1327 | * already used the function "MHD__asn1_der_decoding" to fill a structure, | ||
1328 | * it may happen that you want to find the piece of string concerning | ||
1329 | * an element of the structure. | ||
1330 | * | ||
1331 | * Example: the sequence "tbsCertificate" inside an X509 certificate. | ||
1332 | * | ||
1333 | * Returns: | ||
1334 | * | ||
1335 | * ASN1_SUCCESS: DER encoding OK. | ||
1336 | * | ||
1337 | * ASN1_ELEMENT_NOT_FOUND: ELEMENT is ASN1_TYPE EMPTY or | ||
1338 | * NAME_ELEMENT is not a valid element. | ||
1339 | * | ||
1340 | * ASN1_TAG_ERROR,ASN1_DER_ERROR: the der encoding doesn't match | ||
1341 | * the structure ELEMENT. | ||
1342 | * | ||
1343 | **/ | ||
1344 | MHD__asn1_retCode | ||
1345 | MHD__asn1_der_decoding_startEnd (ASN1_TYPE element, const void *ider, int len, | ||
1346 | const char *name_element, int *start, | ||
1347 | int *end) | ||
1348 | { | ||
1349 | node_asn *node, *node_to_find, *p, *p2, *p3; | ||
1350 | int counter, len2, len3, len4, move, ris; | ||
1351 | unsigned char class; | ||
1352 | unsigned long tag; | ||
1353 | int indefinite; | ||
1354 | const unsigned char *der = ider; | ||
1355 | |||
1356 | node = element; | ||
1357 | |||
1358 | if (node == ASN1_TYPE_EMPTY) | ||
1359 | return ASN1_ELEMENT_NOT_FOUND; | ||
1360 | |||
1361 | node_to_find = MHD__asn1_find_node (node, name_element); | ||
1362 | |||
1363 | if (node_to_find == NULL) | ||
1364 | return ASN1_ELEMENT_NOT_FOUND; | ||
1365 | |||
1366 | if (node_to_find == node) | ||
1367 | { | ||
1368 | *start = 0; | ||
1369 | *end = len - 1; | ||
1370 | return ASN1_SUCCESS; | ||
1371 | } | ||
1372 | |||
1373 | if (node->type & CONST_OPTION) | ||
1374 | return ASN1_GENERIC_ERROR; | ||
1375 | |||
1376 | counter = 0; | ||
1377 | move = DOWN; | ||
1378 | p = node; | ||
1379 | while (1) | ||
1380 | { | ||
1381 | ris = ASN1_SUCCESS; | ||
1382 | |||
1383 | if (move != UP) | ||
1384 | { | ||
1385 | if (p->type & CONST_SET) | ||
1386 | { | ||
1387 | p2 = MHD__asn1_find_up (p); | ||
1388 | len2 = strtol ((const char *) p2->value, NULL, 10); | ||
1389 | if (len2 == -1) | ||
1390 | { | ||
1391 | if (!der[counter] && !der[counter + 1]) | ||
1392 | { | ||
1393 | p = p2; | ||
1394 | move = UP; | ||
1395 | counter += 2; | ||
1396 | continue; | ||
1397 | } | ||
1398 | } | ||
1399 | else if (counter == len2) | ||
1400 | { | ||
1401 | p = p2; | ||
1402 | move = UP; | ||
1403 | continue; | ||
1404 | } | ||
1405 | else if (counter > len2) | ||
1406 | return ASN1_DER_ERROR; | ||
1407 | p2 = p2->down; | ||
1408 | while (p2) | ||
1409 | { | ||
1410 | if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED)) | ||
1411 | { /* CONTROLLARE */ | ||
1412 | if (type_field (p2->type) != TYPE_CHOICE) | ||
1413 | ris = | ||
1414 | MHD__asn1_extract_tag_der (p2, der + counter, | ||
1415 | len - counter, &len2); | ||
1416 | else | ||
1417 | { | ||
1418 | p3 = p2->down; | ||
1419 | ris = | ||
1420 | MHD__asn1_extract_tag_der (p3, der + counter, | ||
1421 | len - counter, &len2); | ||
1422 | } | ||
1423 | if (ris == ASN1_SUCCESS) | ||
1424 | { | ||
1425 | p2->type &= ~CONST_NOT_USED; | ||
1426 | p = p2; | ||
1427 | break; | ||
1428 | } | ||
1429 | } | ||
1430 | p2 = p2->right; | ||
1431 | } | ||
1432 | if (p2 == NULL) | ||
1433 | return ASN1_DER_ERROR; | ||
1434 | } | ||
1435 | |||
1436 | if (p == node_to_find) | ||
1437 | *start = counter; | ||
1438 | |||
1439 | if (type_field (p->type) == TYPE_CHOICE) | ||
1440 | { | ||
1441 | p = p->down; | ||
1442 | ris = | ||
1443 | MHD__asn1_extract_tag_der (p, der + counter, len - counter, | ||
1444 | &len2); | ||
1445 | if (p == node_to_find) | ||
1446 | *start = counter; | ||
1447 | } | ||
1448 | |||
1449 | if (ris == ASN1_SUCCESS) | ||
1450 | ris = | ||
1451 | MHD__asn1_extract_tag_der (p, der + counter, len - counter, | ||
1452 | &len2); | ||
1453 | if (ris != ASN1_SUCCESS) | ||
1454 | { | ||
1455 | if (p->type & CONST_OPTION) | ||
1456 | { | ||
1457 | p->type |= CONST_NOT_USED; | ||
1458 | move = RIGHT; | ||
1459 | } | ||
1460 | else if (p->type & CONST_DEFAULT) | ||
1461 | { | ||
1462 | move = RIGHT; | ||
1463 | } | ||
1464 | else | ||
1465 | { | ||
1466 | return ASN1_TAG_ERROR; | ||
1467 | } | ||
1468 | } | ||
1469 | else | ||
1470 | counter += len2; | ||
1471 | } | ||
1472 | |||
1473 | if (ris == ASN1_SUCCESS) | ||
1474 | { | ||
1475 | switch (type_field (p->type)) | ||
1476 | { | ||
1477 | case TYPE_NULL: | ||
1478 | if (der[counter]) | ||
1479 | return ASN1_DER_ERROR; | ||
1480 | counter++; | ||
1481 | move = RIGHT; | ||
1482 | break; | ||
1483 | case TYPE_BOOLEAN: | ||
1484 | if (der[counter++] != 1) | ||
1485 | return ASN1_DER_ERROR; | ||
1486 | counter++; | ||
1487 | move = RIGHT; | ||
1488 | break; | ||
1489 | case TYPE_INTEGER: | ||
1490 | case TYPE_ENUMERATED: | ||
1491 | len2 = | ||
1492 | MHD__asn1_get_length_der (der + counter, len - counter, | ||
1493 | &len3); | ||
1494 | if (len2 < 0) | ||
1495 | return ASN1_DER_ERROR; | ||
1496 | counter += len3 + len2; | ||
1497 | move = RIGHT; | ||
1498 | break; | ||
1499 | case TYPE_OBJECT_ID: | ||
1500 | len2 = | ||
1501 | MHD__asn1_get_length_der (der + counter, len - counter, | ||
1502 | &len3); | ||
1503 | if (len2 < 0) | ||
1504 | return ASN1_DER_ERROR; | ||
1505 | counter += len2 + len3; | ||
1506 | move = RIGHT; | ||
1507 | break; | ||
1508 | case TYPE_TIME: | ||
1509 | len2 = | ||
1510 | MHD__asn1_get_length_der (der + counter, len - counter, | ||
1511 | &len3); | ||
1512 | if (len2 < 0) | ||
1513 | return ASN1_DER_ERROR; | ||
1514 | counter += len2 + len3; | ||
1515 | move = RIGHT; | ||
1516 | break; | ||
1517 | case TYPE_OCTET_STRING: | ||
1518 | len3 = len - counter; | ||
1519 | ris = MHD__asn1_get_octet_string (der + counter, NULL, &len3); | ||
1520 | if (ris != ASN1_SUCCESS) | ||
1521 | return ris; | ||
1522 | counter += len3; | ||
1523 | move = RIGHT; | ||
1524 | break; | ||
1525 | case TYPE_GENERALSTRING: | ||
1526 | len2 = | ||
1527 | MHD__asn1_get_length_der (der + counter, len - counter, | ||
1528 | &len3); | ||
1529 | if (len2 < 0) | ||
1530 | return ASN1_DER_ERROR; | ||
1531 | counter += len3 + len2; | ||
1532 | move = RIGHT; | ||
1533 | break; | ||
1534 | case TYPE_BIT_STRING: | ||
1535 | len2 = | ||
1536 | MHD__asn1_get_length_der (der + counter, len - counter, | ||
1537 | &len3); | ||
1538 | if (len2 < 0) | ||
1539 | return ASN1_DER_ERROR; | ||
1540 | counter += len3 + len2; | ||
1541 | move = RIGHT; | ||
1542 | break; | ||
1543 | case TYPE_SEQUENCE: | ||
1544 | case TYPE_SET: | ||
1545 | if (move != UP) | ||
1546 | { | ||
1547 | len3 = | ||
1548 | MHD__asn1_get_length_der (der + counter, len - counter, | ||
1549 | &len2); | ||
1550 | if (len3 < -1) | ||
1551 | return ASN1_DER_ERROR; | ||
1552 | counter += len2; | ||
1553 | if (len3 == 0) | ||
1554 | move = RIGHT; | ||
1555 | else | ||
1556 | move = DOWN; | ||
1557 | } | ||
1558 | else | ||
1559 | { | ||
1560 | if (!der[counter] && !der[counter + 1]) /* indefinite length method */ | ||
1561 | counter += 2; | ||
1562 | move = RIGHT; | ||
1563 | } | ||
1564 | break; | ||
1565 | case TYPE_SEQUENCE_OF: | ||
1566 | case TYPE_SET_OF: | ||
1567 | if (move != UP) | ||
1568 | { | ||
1569 | len3 = | ||
1570 | MHD__asn1_get_length_der (der + counter, len - counter, | ||
1571 | &len2); | ||
1572 | if (len3 < -1) | ||
1573 | return ASN1_DER_ERROR; | ||
1574 | counter += len2; | ||
1575 | if ((len3 == -1) && !der[counter] && !der[counter + 1]) | ||
1576 | counter += 2; | ||
1577 | else if (len3) | ||
1578 | { | ||
1579 | p2 = p->down; | ||
1580 | while ((type_field (p2->type) == TYPE_TAG) || | ||
1581 | (type_field (p2->type) == TYPE_SIZE)) | ||
1582 | p2 = p2->right; | ||
1583 | p = p2; | ||
1584 | } | ||
1585 | } | ||
1586 | else | ||
1587 | { | ||
1588 | if (!der[counter] && !der[counter + 1]) /* indefinite length method */ | ||
1589 | counter += 2; | ||
1590 | } | ||
1591 | move = RIGHT; | ||
1592 | break; | ||
1593 | case TYPE_ANY: | ||
1594 | if (MHD__asn1_get_tag_der | ||
1595 | (der + counter, len - counter, &class, &len2, | ||
1596 | &tag) != ASN1_SUCCESS) | ||
1597 | return ASN1_DER_ERROR; | ||
1598 | if (counter + len2 > len) | ||
1599 | return ASN1_DER_ERROR; | ||
1600 | |||
1601 | len4 = | ||
1602 | MHD__asn1_get_length_der (der + counter + len2, | ||
1603 | len - counter - len2, &len3); | ||
1604 | if (len4 < -1) | ||
1605 | return ASN1_DER_ERROR; | ||
1606 | |||
1607 | if (len4 != -1) | ||
1608 | { | ||
1609 | counter += len2 + len4 + len3; | ||
1610 | } | ||
1611 | else | ||
1612 | { /* indefinite length */ | ||
1613 | /* Check indefinite lenth method in an EXPLICIT TAG */ | ||
1614 | if ((p->type & CONST_TAG) && (der[counter - 1] == 0x80)) | ||
1615 | indefinite = 1; | ||
1616 | else | ||
1617 | indefinite = 0; | ||
1618 | |||
1619 | len2 = len - counter; | ||
1620 | ris = | ||
1621 | MHD__asn1_get_indefinite_length_string (der + counter, | ||
1622 | &len2); | ||
1623 | if (ris != ASN1_SUCCESS) | ||
1624 | return ris; | ||
1625 | counter += len2; | ||
1626 | |||
1627 | /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with | ||
1628 | an indefinite length method. */ | ||
1629 | if (indefinite) | ||
1630 | { | ||
1631 | if (!der[counter] && !der[counter + 1]) | ||
1632 | counter += 2; | ||
1633 | else | ||
1634 | return ASN1_DER_ERROR; | ||
1635 | } | ||
1636 | } | ||
1637 | move = RIGHT; | ||
1638 | break; | ||
1639 | default: | ||
1640 | move = (move == UP) ? RIGHT : DOWN; | ||
1641 | break; | ||
1642 | } | ||
1643 | } | ||
1644 | |||
1645 | if ((p == node_to_find) && (move == RIGHT)) | ||
1646 | { | ||
1647 | *end = counter - 1; | ||
1648 | return ASN1_SUCCESS; | ||
1649 | } | ||
1650 | |||
1651 | if (p == node && move != DOWN) | ||
1652 | break; | ||
1653 | |||
1654 | if (move == DOWN) | ||
1655 | { | ||
1656 | if (p->down) | ||
1657 | p = p->down; | ||
1658 | else | ||
1659 | move = RIGHT; | ||
1660 | } | ||
1661 | if ((move == RIGHT) && !(p->type & CONST_SET)) | ||
1662 | { | ||
1663 | if (p->right) | ||
1664 | p = p->right; | ||
1665 | else | ||
1666 | move = UP; | ||
1667 | } | ||
1668 | if (move == UP) | ||
1669 | p = MHD__asn1_find_up (p); | ||
1670 | } | ||
1671 | |||
1672 | return ASN1_ELEMENT_NOT_FOUND; | ||
1673 | } | ||
diff --git a/src/daemon/https/minitasn1/element.c b/src/daemon/https/minitasn1/element.c deleted file mode 100644 index bd84e71c..00000000 --- a/src/daemon/https/minitasn1/element.c +++ /dev/null | |||
@@ -1,902 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2004, 2006 Free Software Foundation | ||
3 | * Copyright (C) 2000, 2001, 2002, 2003 Fabio Fiorina | ||
4 | * | ||
5 | * This file is part of LIBTASN1. | ||
6 | * | ||
7 | * The LIBTASN1 library is free software; you can redistribute it | ||
8 | * and/or modify it under the terms of the GNU Lesser General Public | ||
9 | * License as published by the Free Software Foundation; either | ||
10 | * version 2.1 of the License, or (at your option) any later version. | ||
11 | * | ||
12 | * This library is distributed in the hope that it will be useful, but | ||
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
15 | * Lesser General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU Lesser General Public | ||
18 | * License along with this library; if not, write to the Free Software | ||
19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
20 | * 02110-1301, USA | ||
21 | */ | ||
22 | |||
23 | /*****************************************************/ | ||
24 | /* File: element.c */ | ||
25 | /* Description: Functions with the read and write */ | ||
26 | /* functions. */ | ||
27 | /*****************************************************/ | ||
28 | |||
29 | |||
30 | #include <int.h> | ||
31 | #include "parser_aux.h" | ||
32 | #include <gstr.h> | ||
33 | #include "structure.h" | ||
34 | |||
35 | void | ||
36 | MHD__asn1_hierarchical_name (node_asn * node, char *name, int name_size) | ||
37 | { | ||
38 | node_asn *p; | ||
39 | char tmp_name[64]; | ||
40 | |||
41 | p = node; | ||
42 | |||
43 | name[0] = 0; | ||
44 | |||
45 | while (p != NULL) | ||
46 | { | ||
47 | if (p->name != NULL) | ||
48 | { | ||
49 | MHD__asn1_str_cpy (tmp_name, sizeof (tmp_name), name), | ||
50 | MHD__asn1_str_cpy (name, name_size, p->name); | ||
51 | MHD__asn1_str_cat (name, name_size, "."); | ||
52 | MHD__asn1_str_cat (name, name_size, tmp_name); | ||
53 | } | ||
54 | p = MHD__asn1_find_up (p); | ||
55 | } | ||
56 | |||
57 | if (name[0] == 0) | ||
58 | MHD__asn1_str_cpy (name, name_size, "ROOT"); | ||
59 | } | ||
60 | |||
61 | |||
62 | /******************************************************************/ | ||
63 | /* Function : MHD__asn1_convert_integer */ | ||
64 | /* Description: converts an integer from a null terminated string */ | ||
65 | /* to der decoding. The convertion from a null */ | ||
66 | /* terminated string to an integer is made with */ | ||
67 | /* the 'strtol' function. */ | ||
68 | /* Parameters: */ | ||
69 | /* value: null terminated string to convert. */ | ||
70 | /* value_out: convertion result (memory must be already */ | ||
71 | /* allocated). */ | ||
72 | /* value_out_size: number of bytes of value_out. */ | ||
73 | /* len: number of significant byte of value_out. */ | ||
74 | /* Return: ASN1_MEM_ERROR or ASN1_SUCCESS */ | ||
75 | /******************************************************************/ | ||
76 | MHD__asn1_retCode | ||
77 | MHD__asn1_convert_integer (const char *value, unsigned char *value_out, | ||
78 | int value_out_size, int *len) | ||
79 | { | ||
80 | char negative; | ||
81 | unsigned char val[SIZEOF_UNSIGNED_LONG_INT]; | ||
82 | long valtmp; | ||
83 | int k, k2; | ||
84 | |||
85 | valtmp = strtol (value, NULL, 10); | ||
86 | |||
87 | for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++) | ||
88 | { | ||
89 | val[SIZEOF_UNSIGNED_LONG_INT - k - 1] = (valtmp >> (8 * k)) & 0xFF; | ||
90 | } | ||
91 | |||
92 | if (val[0] & 0x80) | ||
93 | negative = 1; | ||
94 | else | ||
95 | negative = 0; | ||
96 | |||
97 | for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT - 1; k++) | ||
98 | { | ||
99 | if (negative && (val[k] != 0xFF)) | ||
100 | break; | ||
101 | else if (!negative && val[k]) | ||
102 | break; | ||
103 | } | ||
104 | |||
105 | if ((negative && !(val[k] & 0x80)) || (!negative && (val[k] & 0x80))) | ||
106 | k--; | ||
107 | |||
108 | *len = SIZEOF_UNSIGNED_LONG_INT - k; | ||
109 | |||
110 | if (SIZEOF_UNSIGNED_LONG_INT - k > value_out_size) | ||
111 | /* VALUE_OUT is too short to contain the value conversion */ | ||
112 | return ASN1_MEM_ERROR; | ||
113 | |||
114 | for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++) | ||
115 | value_out[k2 - k] = val[k2]; | ||
116 | |||
117 | return ASN1_SUCCESS; | ||
118 | } | ||
119 | |||
120 | |||
121 | int | ||
122 | MHD__asn1_append_sequence_set (node_asn * node) | ||
123 | { | ||
124 | node_asn *p, *p2; | ||
125 | char temp[10]; | ||
126 | long n; | ||
127 | |||
128 | if (!node || !(node->down)) | ||
129 | return ASN1_GENERIC_ERROR; | ||
130 | |||
131 | p = node->down; | ||
132 | while ((type_field (p->type) == TYPE_TAG) | ||
133 | || (type_field (p->type) == TYPE_SIZE)) | ||
134 | p = p->right; | ||
135 | p2 = MHD__asn1_copy_structure3 (p); | ||
136 | while (p->right) | ||
137 | p = p->right; | ||
138 | MHD__asn1_set_right (p, p2); | ||
139 | |||
140 | if (p->name == NULL) | ||
141 | MHD__asn1_str_cpy (temp, sizeof (temp), "?1"); | ||
142 | else | ||
143 | { | ||
144 | n = strtol (p->name + 1, NULL, 0); | ||
145 | n++; | ||
146 | temp[0] = '?'; | ||
147 | MHD__asn1_ltostr (n, temp + 1); | ||
148 | } | ||
149 | MHD__asn1_set_name (p2, temp); | ||
150 | /* p2->type |= CONST_OPTION; */ | ||
151 | |||
152 | return ASN1_SUCCESS; | ||
153 | } | ||
154 | |||
155 | |||
156 | /** | ||
157 | * MHD__asn1_write_value - Set the value of one element inside a structure. | ||
158 | * @node_root: pointer to a structure | ||
159 | * @name: the name of the element inside the structure that you want to set. | ||
160 | * @ivalue: vector used to specify the value to set. If len is >0, | ||
161 | * VALUE must be a two's complement form integer. if len=0 *VALUE | ||
162 | * must be a null terminated string with an integer value. | ||
163 | * @len: number of bytes of *value to use to set the value: | ||
164 | * value[0]..value[len-1] or 0 if value is a null terminated string | ||
165 | * | ||
166 | * Set the value of one element inside a structure. | ||
167 | * | ||
168 | * If an element is OPTIONAL and you want to delete it, you must use | ||
169 | * the value=NULL and len=0. Using "pkix.asn": | ||
170 | * | ||
171 | * result=MHD__asn1_write_value(cert, "tbsCertificate.issuerUniqueID", | ||
172 | * NULL, 0); | ||
173 | * | ||
174 | * Description for each type: | ||
175 | * | ||
176 | * INTEGER: VALUE must contain a two's complement form integer. | ||
177 | * | ||
178 | * value[0]=0xFF , len=1 -> integer=-1. | ||
179 | * value[0]=0xFF value[1]=0xFF , len=2 -> integer=-1. | ||
180 | * value[0]=0x01 , len=1 -> integer= 1. | ||
181 | * value[0]=0x00 value[1]=0x01 , len=2 -> integer= 1. | ||
182 | * value="123" , len=0 -> integer= 123. | ||
183 | * | ||
184 | * ENUMERATED: As INTEGER (but only with not negative numbers). | ||
185 | * | ||
186 | * BOOLEAN: VALUE must be the null terminated string "TRUE" or | ||
187 | * "FALSE" and LEN != 0. | ||
188 | * | ||
189 | * value="TRUE" , len=1 -> boolean=TRUE. | ||
190 | * value="FALSE" , len=1 -> boolean=FALSE. | ||
191 | * | ||
192 | * OBJECT IDENTIFIER: VALUE must be a null terminated string with | ||
193 | * each number separated by a dot (e.g. "1.2.3.543.1"). LEN != 0. | ||
194 | * | ||
195 | * value="1 2 840 10040 4 3" , len=1 -> OID=dsa-with-sha. | ||
196 | * | ||
197 | * UTCTime: VALUE must be a null terminated string in one of these | ||
198 | * formats: "YYMMDDhhmmssZ", "YYMMDDhhmmssZ", | ||
199 | * "YYMMDDhhmmss+hh'mm'", "YYMMDDhhmmss-hh'mm'", | ||
200 | * "YYMMDDhhmm+hh'mm'", or "YYMMDDhhmm-hh'mm'". LEN != 0. | ||
201 | * | ||
202 | * value="9801011200Z" , len=1 -> time=Jannuary 1st, 1998 | ||
203 | * at 12h 00m Greenwich Mean Time | ||
204 | * | ||
205 | * GeneralizedTime: VALUE must be in one of this format: | ||
206 | * "YYYYMMDDhhmmss.sZ", "YYYYMMDDhhmmss.sZ", | ||
207 | * "YYYYMMDDhhmmss.s+hh'mm'", "YYYYMMDDhhmmss.s-hh'mm'", | ||
208 | * "YYYYMMDDhhmm+hh'mm'", or "YYYYMMDDhhmm-hh'mm'" where ss.s | ||
209 | * indicates the seconds with any precision like "10.1" or "01.02". | ||
210 | * LEN != 0 | ||
211 | * | ||
212 | * value="2001010112001.12-0700" , len=1 -> time=Jannuary | ||
213 | * 1st, 2001 at 12h 00m 01.12s Pacific Daylight Time | ||
214 | * | ||
215 | * OCTET STRING: VALUE contains the octet string and LEN is the | ||
216 | * number of octets. | ||
217 | * | ||
218 | * value="$\backslash$x01$\backslash$x02$\backslash$x03" , | ||
219 | * len=3 -> three bytes octet string | ||
220 | * | ||
221 | * GeneralString: VALUE contains the generalstring and LEN is the | ||
222 | * number of octets. | ||
223 | * | ||
224 | * value="$\backslash$x01$\backslash$x02$\backslash$x03" , | ||
225 | * len=3 -> three bytes generalstring | ||
226 | * | ||
227 | * BIT STRING: VALUE contains the bit string organized by bytes and | ||
228 | * LEN is the number of bits. | ||
229 | * | ||
230 | * value="$\backslash$xCF" , len=6 -> bit string="110011" (six | ||
231 | * bits) | ||
232 | * | ||
233 | * CHOICE: if NAME indicates a choice type, VALUE must specify one of | ||
234 | * the alternatives with a null terminated string. LEN != 0. Using | ||
235 | * "pkix.asn"\: | ||
236 | * | ||
237 | * result=MHD__asn1_write_value(cert, | ||
238 | * "certificate1.tbsCertificate.subject", "rdnSequence", | ||
239 | * 1); | ||
240 | * | ||
241 | * ANY: VALUE indicates the der encoding of a structure. LEN != 0. | ||
242 | * | ||
243 | * SEQUENCE OF: VALUE must be the null terminated string "NEW" and | ||
244 | * LEN != 0. With this instruction another element is appended in | ||
245 | * the sequence. The name of this element will be "?1" if it's the | ||
246 | * first one, "?2" for the second and so on. | ||
247 | * | ||
248 | * Using "pkix.asn"\: | ||
249 | * | ||
250 | * result=MHD__asn1_write_value(cert, | ||
251 | * "certificate1.tbsCertificate.subject.rdnSequence", "NEW", 1); | ||
252 | * | ||
253 | * SET OF: the same as SEQUENCE OF. Using "pkix.asn": | ||
254 | * | ||
255 | * result=MHD__asn1_write_value(cert, | ||
256 | * "tbsCertificate.subject.rdnSequence.?LAST", "NEW", 1); | ||
257 | * | ||
258 | * Returns: | ||
259 | * | ||
260 | * ASN1_SUCCESS: Set value OK. | ||
261 | * | ||
262 | * ASN1_ELEMENT_NOT_FOUND: NAME is not a valid element. | ||
263 | * | ||
264 | * ASN1_VALUE_NOT_VALID: VALUE has a wrong format. | ||
265 | * | ||
266 | **/ | ||
267 | MHD__asn1_retCode | ||
268 | MHD__asn1_write_value (ASN1_TYPE node_root, const char *name, | ||
269 | const void *ivalue, int len) | ||
270 | { | ||
271 | node_asn *node, *p, *p2; | ||
272 | unsigned char *temp, *value_temp = NULL, *default_temp = NULL; | ||
273 | int len2, k, k2, negative; | ||
274 | const char *value = ivalue; | ||
275 | |||
276 | node = MHD__asn1_find_node (node_root, name); | ||
277 | if (node == NULL) | ||
278 | return ASN1_ELEMENT_NOT_FOUND; | ||
279 | |||
280 | if ((node->type & CONST_OPTION) && (value == NULL) && (len == 0)) | ||
281 | { | ||
282 | MHD__asn1_delete_structure (&node); | ||
283 | return ASN1_SUCCESS; | ||
284 | } | ||
285 | |||
286 | if ((type_field (node->type) == TYPE_SEQUENCE_OF) && (value == NULL) | ||
287 | && (len == 0)) | ||
288 | { | ||
289 | p = node->down; | ||
290 | while ((type_field (p->type) == TYPE_TAG) | ||
291 | || (type_field (p->type) == TYPE_SIZE)) | ||
292 | p = p->right; | ||
293 | |||
294 | while (p->right) | ||
295 | MHD__asn1_delete_structure (&p->right); | ||
296 | |||
297 | return ASN1_SUCCESS; | ||
298 | } | ||
299 | |||
300 | switch (type_field (node->type)) | ||
301 | { | ||
302 | case TYPE_BOOLEAN: | ||
303 | if (!strcmp (value, "TRUE")) | ||
304 | { | ||
305 | if (node->type & CONST_DEFAULT) | ||
306 | { | ||
307 | p = node->down; | ||
308 | while (type_field (p->type) != TYPE_DEFAULT) | ||
309 | p = p->right; | ||
310 | if (p->type & CONST_TRUE) | ||
311 | MHD__asn1_set_value (node, NULL, 0); | ||
312 | else | ||
313 | MHD__asn1_set_value (node, "T", 1); | ||
314 | } | ||
315 | else | ||
316 | MHD__asn1_set_value (node, "T", 1); | ||
317 | } | ||
318 | else if (!strcmp (value, "FALSE")) | ||
319 | { | ||
320 | if (node->type & CONST_DEFAULT) | ||
321 | { | ||
322 | p = node->down; | ||
323 | while (type_field (p->type) != TYPE_DEFAULT) | ||
324 | p = p->right; | ||
325 | if (p->type & CONST_FALSE) | ||
326 | MHD__asn1_set_value (node, NULL, 0); | ||
327 | else | ||
328 | MHD__asn1_set_value (node, "F", 1); | ||
329 | } | ||
330 | else | ||
331 | MHD__asn1_set_value (node, "F", 1); | ||
332 | } | ||
333 | else | ||
334 | return ASN1_VALUE_NOT_VALID; | ||
335 | break; | ||
336 | case TYPE_INTEGER: | ||
337 | case TYPE_ENUMERATED: | ||
338 | if (len == 0) | ||
339 | { | ||
340 | if ((isdigit ((unsigned char) value[0])) || (value[0] == '-')) | ||
341 | { | ||
342 | value_temp = | ||
343 | (unsigned char *) MHD__asn1_alloca (SIZEOF_UNSIGNED_LONG_INT); | ||
344 | if (value_temp == NULL) | ||
345 | return ASN1_MEM_ALLOC_ERROR; | ||
346 | |||
347 | MHD__asn1_convert_integer (value, value_temp, | ||
348 | SIZEOF_UNSIGNED_LONG_INT, &len); | ||
349 | } | ||
350 | else | ||
351 | { /* is an identifier like v1 */ | ||
352 | if (!(node->type & CONST_LIST)) | ||
353 | return ASN1_VALUE_NOT_VALID; | ||
354 | p = node->down; | ||
355 | while (p) | ||
356 | { | ||
357 | if (type_field (p->type) == TYPE_CONSTANT) | ||
358 | { | ||
359 | if ((p->name) && (!strcmp (p->name, value))) | ||
360 | { | ||
361 | value_temp = | ||
362 | (unsigned char *) | ||
363 | MHD__asn1_alloca (SIZEOF_UNSIGNED_LONG_INT); | ||
364 | if (value_temp == NULL) | ||
365 | return ASN1_MEM_ALLOC_ERROR; | ||
366 | |||
367 | MHD__asn1_convert_integer ((const char *) p->value, | ||
368 | value_temp, | ||
369 | SIZEOF_UNSIGNED_LONG_INT, | ||
370 | &len); | ||
371 | break; | ||
372 | } | ||
373 | } | ||
374 | p = p->right; | ||
375 | } | ||
376 | if (p == NULL) | ||
377 | return ASN1_VALUE_NOT_VALID; | ||
378 | } | ||
379 | } | ||
380 | else | ||
381 | { /* len != 0 */ | ||
382 | value_temp = (unsigned char *) MHD__asn1_alloca (len); | ||
383 | if (value_temp == NULL) | ||
384 | return ASN1_MEM_ALLOC_ERROR; | ||
385 | memcpy (value_temp, value, len); | ||
386 | } | ||
387 | |||
388 | |||
389 | if (value_temp[0] & 0x80) | ||
390 | negative = 1; | ||
391 | else | ||
392 | negative = 0; | ||
393 | |||
394 | if (negative && (type_field (node->type) == TYPE_ENUMERATED)) | ||
395 | { | ||
396 | MHD__asn1_afree (value_temp); | ||
397 | return ASN1_VALUE_NOT_VALID; | ||
398 | } | ||
399 | |||
400 | for (k = 0; k < len - 1; k++) | ||
401 | if (negative && (value_temp[k] != 0xFF)) | ||
402 | break; | ||
403 | else if (!negative && value_temp[k]) | ||
404 | break; | ||
405 | |||
406 | if ((negative && !(value_temp[k] & 0x80)) || | ||
407 | (!negative && (value_temp[k] & 0x80))) | ||
408 | k--; | ||
409 | |||
410 | MHD__asn1_length_der (len - k, NULL, &len2); | ||
411 | temp = (unsigned char *) MHD__asn1_alloca (len - k + len2); | ||
412 | if (temp == NULL) | ||
413 | { | ||
414 | MHD__asn1_afree (value_temp); | ||
415 | return ASN1_MEM_ALLOC_ERROR; | ||
416 | } | ||
417 | |||
418 | MHD__asn1_octet_der (value_temp + k, len - k, temp, &len2); | ||
419 | MHD__asn1_set_value (node, temp, len2); | ||
420 | |||
421 | MHD__asn1_afree (temp); | ||
422 | |||
423 | |||
424 | if (node->type & CONST_DEFAULT) | ||
425 | { | ||
426 | p = node->down; | ||
427 | while (type_field (p->type) != TYPE_DEFAULT) | ||
428 | p = p->right; | ||
429 | if ((isdigit ((unsigned char) p->value[0])) || (p->value[0] == '-')) | ||
430 | { | ||
431 | default_temp = | ||
432 | (unsigned char *) MHD__asn1_alloca (SIZEOF_UNSIGNED_LONG_INT); | ||
433 | if (default_temp == NULL) | ||
434 | { | ||
435 | MHD__asn1_afree (value_temp); | ||
436 | return ASN1_MEM_ALLOC_ERROR; | ||
437 | } | ||
438 | |||
439 | MHD__asn1_convert_integer ((const char *) p->value, | ||
440 | default_temp, | ||
441 | SIZEOF_UNSIGNED_LONG_INT, &len2); | ||
442 | } | ||
443 | else | ||
444 | { /* is an identifier like v1 */ | ||
445 | if (!(node->type & CONST_LIST)) | ||
446 | { | ||
447 | MHD__asn1_afree (value_temp); | ||
448 | return ASN1_VALUE_NOT_VALID; | ||
449 | } | ||
450 | p2 = node->down; | ||
451 | while (p2) | ||
452 | { | ||
453 | if (type_field (p2->type) == TYPE_CONSTANT) | ||
454 | { | ||
455 | if ((p2->name) | ||
456 | && (!strcmp (p2->name, (const char *) p->value))) | ||
457 | { | ||
458 | default_temp = | ||
459 | (unsigned char *) | ||
460 | MHD__asn1_alloca (SIZEOF_UNSIGNED_LONG_INT); | ||
461 | if (default_temp == NULL) | ||
462 | { | ||
463 | MHD__asn1_afree (value_temp); | ||
464 | return ASN1_MEM_ALLOC_ERROR; | ||
465 | } | ||
466 | |||
467 | MHD__asn1_convert_integer ((const char *) p2->value, | ||
468 | default_temp, | ||
469 | SIZEOF_UNSIGNED_LONG_INT, | ||
470 | &len2); | ||
471 | break; | ||
472 | } | ||
473 | } | ||
474 | p2 = p2->right; | ||
475 | } | ||
476 | if (p2 == NULL) | ||
477 | { | ||
478 | MHD__asn1_afree (value_temp); | ||
479 | return ASN1_VALUE_NOT_VALID; | ||
480 | } | ||
481 | } | ||
482 | |||
483 | |||
484 | if ((len - k) == len2) | ||
485 | { | ||
486 | for (k2 = 0; k2 < len2; k2++) | ||
487 | if (value_temp[k + k2] != default_temp[k2]) | ||
488 | { | ||
489 | break; | ||
490 | } | ||
491 | if (k2 == len2) | ||
492 | MHD__asn1_set_value (node, NULL, 0); | ||
493 | } | ||
494 | MHD__asn1_afree (default_temp); | ||
495 | } | ||
496 | MHD__asn1_afree (value_temp); | ||
497 | break; | ||
498 | case TYPE_OBJECT_ID: | ||
499 | for (k = 0; k < strlen (value); k++) | ||
500 | if ((!isdigit ((unsigned char) value[k])) && (value[k] != '.') && (value[k] != '+')) | ||
501 | return ASN1_VALUE_NOT_VALID; | ||
502 | if (node->type & CONST_DEFAULT) | ||
503 | { | ||
504 | p = node->down; | ||
505 | while (type_field (p->type) != TYPE_DEFAULT) | ||
506 | p = p->right; | ||
507 | if (!strcmp (value, (const char *) p->value)) | ||
508 | { | ||
509 | MHD__asn1_set_value (node, NULL, 0); | ||
510 | break; | ||
511 | } | ||
512 | } | ||
513 | MHD__asn1_set_value (node, value, strlen (value) + 1); | ||
514 | break; | ||
515 | case TYPE_TIME: | ||
516 | if (node->type & CONST_UTC) | ||
517 | { | ||
518 | if (strlen (value) < 11) | ||
519 | return ASN1_VALUE_NOT_VALID; | ||
520 | for (k = 0; k < 10; k++) | ||
521 | if (!isdigit ( (unsigned char) value[k])) | ||
522 | return ASN1_VALUE_NOT_VALID; | ||
523 | switch (strlen (value)) | ||
524 | { | ||
525 | case 11: | ||
526 | if (value[10] != 'Z') | ||
527 | return ASN1_VALUE_NOT_VALID; | ||
528 | break; | ||
529 | case 13: | ||
530 | if ((!isdigit ( (unsigned char) value[10])) || (!isdigit ( (unsigned char) value[11])) || | ||
531 | (value[12] != 'Z')) | ||
532 | return ASN1_VALUE_NOT_VALID; | ||
533 | break; | ||
534 | case 15: | ||
535 | if ((value[10] != '+') && (value[10] != '-')) | ||
536 | return ASN1_VALUE_NOT_VALID; | ||
537 | for (k = 11; k < 15; k++) | ||
538 | if (!isdigit ( (unsigned char) value[k])) | ||
539 | return ASN1_VALUE_NOT_VALID; | ||
540 | break; | ||
541 | case 17: | ||
542 | if ((!isdigit ( (unsigned char) value[10])) || (!isdigit ( (unsigned char) value[11]))) | ||
543 | return ASN1_VALUE_NOT_VALID; | ||
544 | if ((value[12] != '+') && (value[12] != '-')) | ||
545 | return ASN1_VALUE_NOT_VALID; | ||
546 | for (k = 13; k < 17; k++) | ||
547 | if (!isdigit ( (unsigned char) value[k])) | ||
548 | return ASN1_VALUE_NOT_VALID; | ||
549 | break; | ||
550 | default: | ||
551 | return ASN1_VALUE_NOT_FOUND; | ||
552 | } | ||
553 | MHD__asn1_set_value (node, value, strlen (value) + 1); | ||
554 | } | ||
555 | else | ||
556 | { /* GENERALIZED TIME */ | ||
557 | if (value) | ||
558 | MHD__asn1_set_value (node, value, strlen (value) + 1); | ||
559 | } | ||
560 | break; | ||
561 | case TYPE_OCTET_STRING: | ||
562 | if (len == 0) | ||
563 | len = strlen (value); | ||
564 | MHD__asn1_length_der (len, NULL, &len2); | ||
565 | temp = (unsigned char *) MHD__asn1_alloca (len + len2); | ||
566 | if (temp == NULL) | ||
567 | return ASN1_MEM_ALLOC_ERROR; | ||
568 | |||
569 | MHD__asn1_octet_der ((const unsigned char *) value, len, temp, &len2); | ||
570 | MHD__asn1_set_value (node, temp, len2); | ||
571 | MHD__asn1_afree (temp); | ||
572 | break; | ||
573 | case TYPE_GENERALSTRING: | ||
574 | if (len == 0) | ||
575 | len = strlen (value); | ||
576 | MHD__asn1_length_der (len, NULL, &len2); | ||
577 | temp = (unsigned char *) MHD__asn1_alloca (len + len2); | ||
578 | if (temp == NULL) | ||
579 | return ASN1_MEM_ALLOC_ERROR; | ||
580 | |||
581 | MHD__asn1_octet_der ((const unsigned char *) value, len, temp, &len2); | ||
582 | MHD__asn1_set_value (node, temp, len2); | ||
583 | MHD__asn1_afree (temp); | ||
584 | break; | ||
585 | case TYPE_BIT_STRING: | ||
586 | if (len == 0) | ||
587 | len = strlen (value); | ||
588 | MHD__asn1_length_der ((len >> 3) + 2, NULL, &len2); | ||
589 | temp = (unsigned char *) MHD__asn1_alloca ((len >> 3) + 2 + len2); | ||
590 | if (temp == NULL) | ||
591 | return ASN1_MEM_ALLOC_ERROR; | ||
592 | |||
593 | MHD__asn1_bit_der ((const unsigned char *) value, len, temp, &len2); | ||
594 | MHD__asn1_set_value (node, temp, len2); | ||
595 | MHD__asn1_afree (temp); | ||
596 | break; | ||
597 | case TYPE_CHOICE: | ||
598 | p = node->down; | ||
599 | while (p) | ||
600 | { | ||
601 | if (!strcmp (p->name, value)) | ||
602 | { | ||
603 | p2 = node->down; | ||
604 | while (p2) | ||
605 | { | ||
606 | if (p2 != p) | ||
607 | { | ||
608 | MHD__asn1_delete_structure (&p2); | ||
609 | p2 = node->down; | ||
610 | } | ||
611 | else | ||
612 | p2 = p2->right; | ||
613 | } | ||
614 | break; | ||
615 | } | ||
616 | p = p->right; | ||
617 | } | ||
618 | if (!p) | ||
619 | return ASN1_ELEMENT_NOT_FOUND; | ||
620 | break; | ||
621 | case TYPE_ANY: | ||
622 | MHD__asn1_length_der (len, NULL, &len2); | ||
623 | temp = (unsigned char *) MHD__asn1_alloca (len + len2); | ||
624 | if (temp == NULL) | ||
625 | return ASN1_MEM_ALLOC_ERROR; | ||
626 | |||
627 | MHD__asn1_octet_der ((const unsigned char *) value, len, temp, &len2); | ||
628 | MHD__asn1_set_value (node, temp, len2); | ||
629 | MHD__asn1_afree (temp); | ||
630 | break; | ||
631 | case TYPE_SEQUENCE_OF: | ||
632 | case TYPE_SET_OF: | ||
633 | if (strcmp (value, "NEW")) | ||
634 | return ASN1_VALUE_NOT_VALID; | ||
635 | MHD__asn1_append_sequence_set (node); | ||
636 | break; | ||
637 | default: | ||
638 | return ASN1_ELEMENT_NOT_FOUND; | ||
639 | break; | ||
640 | } | ||
641 | |||
642 | return ASN1_SUCCESS; | ||
643 | } | ||
644 | |||
645 | |||
646 | #define PUT_VALUE( ptr, ptr_size, data, data_size) \ | ||
647 | *len = data_size; \ | ||
648 | if (ptr_size < data_size) { \ | ||
649 | return ASN1_MEM_ERROR; \ | ||
650 | } else { \ | ||
651 | memcpy( ptr, data, data_size); \ | ||
652 | } | ||
653 | |||
654 | #define PUT_STR_VALUE( ptr, ptr_size, data) \ | ||
655 | *len = strlen(data) + 1; \ | ||
656 | if (ptr_size < *len) { \ | ||
657 | return ASN1_MEM_ERROR; \ | ||
658 | } else { \ | ||
659 | /* this strcpy is checked */ \ | ||
660 | strcpy(ptr, data); \ | ||
661 | } | ||
662 | |||
663 | #define ADD_STR_VALUE( ptr, ptr_size, data) \ | ||
664 | *len = strlen(data) + 1; \ | ||
665 | if (ptr_size < strlen(ptr)+(*len)) { \ | ||
666 | return ASN1_MEM_ERROR; \ | ||
667 | } else { \ | ||
668 | /* this strcat is checked */ \ | ||
669 | strcat(ptr, data); \ | ||
670 | } | ||
671 | |||
672 | /** | ||
673 | * MHD__asn1_read_value - Returns the value of one element inside a structure | ||
674 | * @root: pointer to a structure. | ||
675 | * @name: the name of the element inside a structure that you want to read. | ||
676 | * @ivalue: vector that will contain the element's content, must be a | ||
677 | * pointer to memory cells already allocated. | ||
678 | * @len: number of bytes of *value: value[0]..value[len-1]. Initialy | ||
679 | * holds the sizeof value. | ||
680 | * | ||
681 | * Returns the value of one element inside a structure. | ||
682 | * | ||
683 | * If an element is OPTIONAL and the function "read_value" returns | ||
684 | * %ASN1_ELEMENT_NOT_FOUND, it means that this element wasn't present | ||
685 | * in the der encoding that created the structure. The first element | ||
686 | * of a SEQUENCE_OF or SET_OF is named "?1". The second one "?2" and | ||
687 | * so on. | ||
688 | * | ||
689 | * INTEGER: VALUE will contain a two's complement form integer. | ||
690 | * | ||
691 | * integer=-1 -> value[0]=0xFF , len=1. | ||
692 | * integer=1 -> value[0]=0x01 , len=1. | ||
693 | * | ||
694 | * ENUMERATED: As INTEGER (but only with not negative numbers). | ||
695 | * | ||
696 | * BOOLEAN: VALUE will be the null terminated string "TRUE" or | ||
697 | * "FALSE" and LEN=5 or LEN=6. | ||
698 | * | ||
699 | * OBJECT IDENTIFIER: VALUE will be a null terminated string with | ||
700 | * each number separated by a dot (i.e. "1.2.3.543.1"). | ||
701 | * | ||
702 | * LEN = strlen(VALUE)+1 | ||
703 | * | ||
704 | * UTCTime: VALUE will be a null terminated string in one of these | ||
705 | * formats: "YYMMDDhhmmss+hh'mm'" or "YYMMDDhhmmss-hh'mm'". | ||
706 | * LEN=strlen(VALUE)+1. | ||
707 | * | ||
708 | * GeneralizedTime: VALUE will be a null terminated string in the | ||
709 | * same format used to set the value. | ||
710 | * | ||
711 | * OCTET STRING: VALUE will contain the octet string and LEN will be | ||
712 | * the number of octets. | ||
713 | * | ||
714 | * GeneralString: VALUE will contain the generalstring and LEN will | ||
715 | * be the number of octets. | ||
716 | * | ||
717 | * BIT STRING: VALUE will contain the bit string organized by bytes | ||
718 | * and LEN will be the number of bits. | ||
719 | * | ||
720 | * CHOICE: If NAME indicates a choice type, VALUE will specify the | ||
721 | * alternative selected. | ||
722 | * | ||
723 | * ANY: If NAME indicates an any type, VALUE will indicate the DER | ||
724 | * encoding of the structure actually used. | ||
725 | * | ||
726 | * Returns: | ||
727 | * | ||
728 | * ASN1_SUCCESS: Set value OK. | ||
729 | * | ||
730 | * ASN1_ELEMENT_NOT_FOUND: NAME is not a valid element. | ||
731 | * | ||
732 | * ASN1_VALUE_NOT_FOUND: There isn't any value for the element selected. | ||
733 | * | ||
734 | * ASN1_MEM_ERROR: The value vector isn't big enough to store the result. | ||
735 | * In this case LEN will contain the number of bytes needed. | ||
736 | * | ||
737 | **/ | ||
738 | MHD__asn1_retCode | ||
739 | MHD__asn1_read_value (ASN1_TYPE root, const char *name, void *ivalue, | ||
740 | int *len) | ||
741 | { | ||
742 | node_asn *node, *p, *p2; | ||
743 | int len2, len3; | ||
744 | int value_size = *len; | ||
745 | char *value = ivalue; | ||
746 | |||
747 | node = MHD__asn1_find_node (root, name); | ||
748 | if (node == NULL) | ||
749 | return ASN1_ELEMENT_NOT_FOUND; | ||
750 | |||
751 | if ((type_field (node->type) != TYPE_NULL) && | ||
752 | (type_field (node->type) != TYPE_CHOICE) && | ||
753 | !(node->type & CONST_DEFAULT) && !(node->type & CONST_ASSIGN) && | ||
754 | (node->value == NULL)) | ||
755 | return ASN1_VALUE_NOT_FOUND; | ||
756 | |||
757 | switch (type_field (node->type)) | ||
758 | { | ||
759 | case TYPE_NULL: | ||
760 | PUT_STR_VALUE (value, value_size, "NULL"); | ||
761 | break; | ||
762 | case TYPE_BOOLEAN: | ||
763 | if ((node->type & CONST_DEFAULT) && (node->value == NULL)) | ||
764 | { | ||
765 | p = node->down; | ||
766 | while (type_field (p->type) != TYPE_DEFAULT) | ||
767 | p = p->right; | ||
768 | if (p->type & CONST_TRUE) | ||
769 | { | ||
770 | PUT_STR_VALUE (value, value_size, "TRUE"); | ||
771 | } | ||
772 | else | ||
773 | { | ||
774 | PUT_STR_VALUE (value, value_size, "FALSE"); | ||
775 | } | ||
776 | } | ||
777 | else if (node->value[0] == 'T') | ||
778 | { | ||
779 | PUT_STR_VALUE (value, value_size, "TRUE"); | ||
780 | } | ||
781 | else | ||
782 | { | ||
783 | PUT_STR_VALUE (value, value_size, "FALSE"); | ||
784 | } | ||
785 | break; | ||
786 | case TYPE_INTEGER: | ||
787 | case TYPE_ENUMERATED: | ||
788 | if ((node->type & CONST_DEFAULT) && (node->value == NULL)) | ||
789 | { | ||
790 | p = node->down; | ||
791 | while (type_field (p->type) != TYPE_DEFAULT) | ||
792 | p = p->right; | ||
793 | if ((isdigit ( (unsigned char) p->value[0])) || (p->value[0] == '-') | ||
794 | || (p->value[0] == '+')) | ||
795 | { | ||
796 | if (MHD__asn1_convert_integer | ||
797 | ((const char *) p->value, (unsigned char *) value, | ||
798 | value_size, len) != ASN1_SUCCESS) | ||
799 | return ASN1_MEM_ERROR; | ||
800 | } | ||
801 | else | ||
802 | { /* is an identifier like v1 */ | ||
803 | p2 = node->down; | ||
804 | while (p2) | ||
805 | { | ||
806 | if (type_field (p2->type) == TYPE_CONSTANT) | ||
807 | { | ||
808 | if ((p2->name) | ||
809 | && (!strcmp (p2->name, (const char *) p->value))) | ||
810 | { | ||
811 | if (MHD__asn1_convert_integer | ||
812 | ((const char *) p2->value, | ||
813 | (unsigned char *) value, value_size, | ||
814 | len) != ASN1_SUCCESS) | ||
815 | return ASN1_MEM_ERROR; | ||
816 | break; | ||
817 | } | ||
818 | } | ||
819 | p2 = p2->right; | ||
820 | } | ||
821 | } | ||
822 | } | ||
823 | else | ||
824 | { | ||
825 | len2 = -1; | ||
826 | if (MHD__asn1_get_octet_der | ||
827 | (node->value, node->value_len, &len2, (unsigned char *) value, | ||
828 | value_size, len) != ASN1_SUCCESS) | ||
829 | return ASN1_MEM_ERROR; | ||
830 | } | ||
831 | break; | ||
832 | case TYPE_OBJECT_ID: | ||
833 | if (node->type & CONST_ASSIGN) | ||
834 | { | ||
835 | value[0] = 0; | ||
836 | p = node->down; | ||
837 | while (p) | ||
838 | { | ||
839 | if (type_field (p->type) == TYPE_CONSTANT) | ||
840 | { | ||
841 | ADD_STR_VALUE (value, value_size, (const char *) p->value); | ||
842 | if (p->right) | ||
843 | { | ||
844 | ADD_STR_VALUE (value, value_size, "."); | ||
845 | } | ||
846 | } | ||
847 | p = p->right; | ||
848 | } | ||
849 | *len = strlen (value) + 1; | ||
850 | } | ||
851 | else if ((node->type & CONST_DEFAULT) && (node->value == NULL)) | ||
852 | { | ||
853 | p = node->down; | ||
854 | while (type_field (p->type) != TYPE_DEFAULT) | ||
855 | p = p->right; | ||
856 | PUT_STR_VALUE (value, value_size, (const char *) p->value); | ||
857 | } | ||
858 | else | ||
859 | { | ||
860 | PUT_STR_VALUE (value, value_size, (const char *) node->value); | ||
861 | } | ||
862 | break; | ||
863 | case TYPE_TIME: | ||
864 | PUT_STR_VALUE (value, value_size, (const char *) node->value); | ||
865 | break; | ||
866 | case TYPE_OCTET_STRING: | ||
867 | len2 = -1; | ||
868 | if (MHD__asn1_get_octet_der | ||
869 | (node->value, node->value_len, &len2, (unsigned char *) value, | ||
870 | value_size, len) != ASN1_SUCCESS) | ||
871 | return ASN1_MEM_ERROR; | ||
872 | break; | ||
873 | case TYPE_GENERALSTRING: | ||
874 | len2 = -1; | ||
875 | if (MHD__asn1_get_octet_der | ||
876 | (node->value, node->value_len, &len2, (unsigned char *) value, | ||
877 | value_size, len) != ASN1_SUCCESS) | ||
878 | return ASN1_MEM_ERROR; | ||
879 | break; | ||
880 | case TYPE_BIT_STRING: | ||
881 | len2 = -1; | ||
882 | if (MHD__asn1_get_bit_der | ||
883 | (node->value, node->value_len, &len2, (unsigned char *) value, | ||
884 | value_size, len) != ASN1_SUCCESS) | ||
885 | return ASN1_MEM_ERROR; | ||
886 | break; | ||
887 | case TYPE_CHOICE: | ||
888 | PUT_STR_VALUE (value, value_size, node->down->name); | ||
889 | break; | ||
890 | case TYPE_ANY: | ||
891 | len3 = -1; | ||
892 | len2 = MHD__asn1_get_length_der (node->value, node->value_len, &len3); | ||
893 | if (len2 < 0) | ||
894 | return ASN1_DER_ERROR; | ||
895 | PUT_VALUE (value, value_size, node->value + len3, len2); | ||
896 | break; | ||
897 | default: | ||
898 | return ASN1_ELEMENT_NOT_FOUND; | ||
899 | break; | ||
900 | } | ||
901 | return ASN1_SUCCESS; | ||
902 | } | ||
diff --git a/src/daemon/https/minitasn1/element.h b/src/daemon/https/minitasn1/element.h deleted file mode 100644 index e4484925..00000000 --- a/src/daemon/https/minitasn1/element.h +++ /dev/null | |||
@@ -1,14 +0,0 @@ | |||
1 | |||
2 | #ifndef _ELEMENT_H | ||
3 | #define _ELEMENT_H | ||
4 | |||
5 | |||
6 | MHD__asn1_retCode MHD__asn1_append_sequence_set (node_asn * node); | ||
7 | |||
8 | MHD__asn1_retCode MHD__asn1_convert_integer (const char *value, | ||
9 | unsigned char *value_out, | ||
10 | int value_out_size, int *len); | ||
11 | |||
12 | void MHD__asn1_hierarchical_name (node_asn * node, char *name, int name_size); | ||
13 | |||
14 | #endif | ||
diff --git a/src/daemon/https/minitasn1/gstr.c b/src/daemon/https/minitasn1/gstr.c deleted file mode 100644 index 7068db51..00000000 --- a/src/daemon/https/minitasn1/gstr.c +++ /dev/null | |||
@@ -1,68 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2006 Free Software Foundation | ||
3 | * Copyright (C) 2002 Nikos Mavroyanopoulos | ||
4 | * | ||
5 | * This file is part of LIBTASN1. | ||
6 | * | ||
7 | * The LIBTASN1 library is free software; you can redistribute it | ||
8 | * and/or modify it under the terms of the GNU Lesser General Public | ||
9 | * License as published by the Free Software Foundation; either | ||
10 | * version 2.1 of the License, or (at your option) any later version. | ||
11 | * | ||
12 | * This library is distributed in the hope that it will be useful, but | ||
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
15 | * Lesser General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU Lesser General Public | ||
18 | * License along with this library; if not, write to the Free Software | ||
19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
20 | * 02110-1301, USA | ||
21 | */ | ||
22 | |||
23 | #include <int.h> | ||
24 | |||
25 | /* These function are like strcat, strcpy. They only | ||
26 | * do bounds checking (they shouldn't cause buffer overruns), | ||
27 | * and they always produce null terminated strings. | ||
28 | * | ||
29 | * They should be used only with null terminated strings. | ||
30 | */ | ||
31 | void | ||
32 | MHD__asn1_str_cat (char *dest, size_t dest_tot_size, const char *src) | ||
33 | { | ||
34 | size_t str_size = strlen (src); | ||
35 | size_t dest_size = strlen (dest); | ||
36 | |||
37 | if (dest_tot_size - dest_size > str_size) | ||
38 | { | ||
39 | strcat (dest, src); | ||
40 | } | ||
41 | else | ||
42 | { | ||
43 | if (dest_tot_size - dest_size > 0) | ||
44 | { | ||
45 | strncat (dest, src, (dest_tot_size - dest_size) - 1); | ||
46 | dest[dest_tot_size - 1] = 0; | ||
47 | } | ||
48 | } | ||
49 | } | ||
50 | |||
51 | void | ||
52 | MHD__asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src) | ||
53 | { | ||
54 | size_t str_size = strlen (src); | ||
55 | |||
56 | if (dest_tot_size > str_size) | ||
57 | { | ||
58 | strcpy (dest, src); | ||
59 | } | ||
60 | else | ||
61 | { | ||
62 | if (dest_tot_size > 0) | ||
63 | { | ||
64 | strncpy (dest, src, (dest_tot_size) - 1); | ||
65 | dest[dest_tot_size - 1] = 0; | ||
66 | } | ||
67 | } | ||
68 | } | ||
diff --git a/src/daemon/https/minitasn1/gstr.h b/src/daemon/https/minitasn1/gstr.h deleted file mode 100644 index e0cda357..00000000 --- a/src/daemon/https/minitasn1/gstr.h +++ /dev/null | |||
@@ -1,5 +0,0 @@ | |||
1 | void MHD__asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src); | ||
2 | void MHD__asn1_str_cat (char *dest, size_t dest_tot_size, const char *src); | ||
3 | |||
4 | #define Estrcpy(x,y) MHD__asn1_str_cpy(x,MAX_ERROR_DESCRIPTION_SIZE,y) | ||
5 | #define Estrcat(x,y) MHD__asn1_str_cat(x,MAX_ERROR_DESCRIPTION_SIZE,y) | ||
diff --git a/src/daemon/https/minitasn1/int.h b/src/daemon/https/minitasn1/int.h deleted file mode 100644 index a99fb6db..00000000 --- a/src/daemon/https/minitasn1/int.h +++ /dev/null | |||
@@ -1,112 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2004, 2006 Free Software Foundation, Inc. | ||
3 | * Copyright (C) 2002 Fabio Fiorina | ||
4 | * | ||
5 | * This file is part of LIBTASN1. | ||
6 | * | ||
7 | * The LIBTASN1 library is free software; you can redistribute it | ||
8 | * and/or modify it under the terms of the GNU Lesser General Public | ||
9 | * License as published by the Free Software Foundation; either | ||
10 | * version 2.1 of the License, or (at your option) any later version. | ||
11 | * | ||
12 | * This library is distributed in the hope that it will be useful, but | ||
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
15 | * Lesser General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU Lesser General Public | ||
18 | * License along with this library; if not, write to the Free Software | ||
19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
20 | * 02110-1301, USA | ||
21 | */ | ||
22 | |||
23 | #ifndef INT_H | ||
24 | #define INT_H | ||
25 | |||
26 | #include <libtasn1.h> | ||
27 | #include <defines.h> | ||
28 | |||
29 | /* | ||
30 | #define LIBTASN1_DEBUG | ||
31 | #define LIBTASN1_DEBUG_PARSER | ||
32 | #define LIBTASN1_DEBUG_INTEGER | ||
33 | */ | ||
34 | |||
35 | #include <mem.h> | ||
36 | |||
37 | #define MAX_LOG_SIZE 1024 /* maximum number of characters of a log message */ | ||
38 | |||
39 | /* Define used for visiting trees. */ | ||
40 | #define UP 1 | ||
41 | #define RIGHT 2 | ||
42 | #define DOWN 3 | ||
43 | |||
44 | /****************************************/ | ||
45 | /* Returns the first 8 bits. */ | ||
46 | /* Used with the field type of node_asn */ | ||
47 | /****************************************/ | ||
48 | #define type_field(x) (x&0xFF) | ||
49 | |||
50 | /* List of constants for field type of typedef node_asn */ | ||
51 | #define TYPE_CONSTANT 1 | ||
52 | #define TYPE_IDENTIFIER 2 | ||
53 | #define TYPE_INTEGER 3 | ||
54 | #define TYPE_BOOLEAN 4 | ||
55 | #define TYPE_SEQUENCE 5 | ||
56 | #define TYPE_BIT_STRING 6 | ||
57 | #define TYPE_OCTET_STRING 7 | ||
58 | #define TYPE_TAG 8 | ||
59 | #define TYPE_DEFAULT 9 | ||
60 | #define TYPE_SIZE 10 | ||
61 | #define TYPE_SEQUENCE_OF 11 | ||
62 | #define TYPE_OBJECT_ID 12 | ||
63 | #define TYPE_ANY 13 | ||
64 | #define TYPE_SET 14 | ||
65 | #define TYPE_SET_OF 15 | ||
66 | #define TYPE_DEFINITIONS 16 | ||
67 | #define TYPE_TIME 17 | ||
68 | #define TYPE_CHOICE 18 | ||
69 | #define TYPE_IMPORTS 19 | ||
70 | #define TYPE_NULL 20 | ||
71 | #define TYPE_ENUMERATED 21 | ||
72 | #define TYPE_GENERALSTRING 27 | ||
73 | |||
74 | |||
75 | /***********************************************************************/ | ||
76 | /* List of constants to better specify the type of typedef node_asn. */ | ||
77 | /***********************************************************************/ | ||
78 | /* Used with TYPE_TAG */ | ||
79 | #define CONST_UNIVERSAL (1<<8) | ||
80 | #define CONST_PRIVATE (1<<9) | ||
81 | #define CONST_APPLICATION (1<<10) | ||
82 | #define CONST_EXPLICIT (1<<11) | ||
83 | #define CONST_IMPLICIT (1<<12) | ||
84 | |||
85 | #define CONST_TAG (1<<13) /* Used in ASN.1 assignement */ | ||
86 | #define CONST_OPTION (1<<14) | ||
87 | #define CONST_DEFAULT (1<<15) | ||
88 | #define CONST_TRUE (1<<16) | ||
89 | #define CONST_FALSE (1<<17) | ||
90 | |||
91 | #define CONST_LIST (1<<18) /* Used with TYPE_INTEGER and TYPE_BIT_STRING */ | ||
92 | #define CONST_MIN_MAX (1<<19) | ||
93 | |||
94 | #define CONST_1_PARAM (1<<20) | ||
95 | |||
96 | #define CONST_SIZE (1<<21) | ||
97 | |||
98 | #define CONST_DEFINED_BY (1<<22) | ||
99 | |||
100 | #define CONST_GENERALIZED (1<<23) | ||
101 | #define CONST_UTC (1<<24) | ||
102 | |||
103 | /* #define CONST_IMPORTS (1<<25) */ | ||
104 | |||
105 | #define CONST_NOT_USED (1<<26) | ||
106 | #define CONST_SET (1<<27) | ||
107 | #define CONST_ASSIGN (1<<28) | ||
108 | |||
109 | #define CONST_DOWN (1<<29) | ||
110 | #define CONST_RIGHT (1<<30) | ||
111 | |||
112 | #endif /* INT_H */ | ||
diff --git a/src/daemon/https/minitasn1/libtasn1.h b/src/daemon/https/minitasn1/libtasn1.h deleted file mode 100644 index f478d0b7..00000000 --- a/src/daemon/https/minitasn1/libtasn1.h +++ /dev/null | |||
@@ -1,216 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2004, 2005, 2006 Free Software Foundation | ||
3 | * Copyright (C) 2002 Fabio Fiorina | ||
4 | * | ||
5 | * This file is part of LIBTASN1. | ||
6 | * | ||
7 | * LIBTASN1 is free software; you can redistribute it and/or modify it | ||
8 | * under the terms of the GNU Lesser General Public License as | ||
9 | * published by the Free Software Foundation; either version 2.1 of | ||
10 | * the License, or (at your option) any later version. | ||
11 | * | ||
12 | * LIBTASN1 is distributed in the hope that it will be useful, but | ||
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
15 | * Lesser General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU Lesser General Public | ||
18 | * License along with LIBTASN1; if not, write to the Free Software | ||
19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
20 | * 02110-1301, USA | ||
21 | * | ||
22 | */ | ||
23 | |||
24 | #ifndef LIBTASN1_H | ||
25 | # define LIBTASN1_H | ||
26 | |||
27 | #include <stdio.h> /* for FILE* */ | ||
28 | |||
29 | #ifdef __cplusplus | ||
30 | extern "C" | ||
31 | { | ||
32 | #endif | ||
33 | |||
34 | #define LIBTASN1_VERSION "1.2" | ||
35 | |||
36 | #include <sys/types.h> | ||
37 | #include <time.h> | ||
38 | |||
39 | #define MAX_NAME_SIZE 128 /* maximum number of characters of a name */ | ||
40 | /* inside a file with ASN1 definitons */ | ||
41 | #define MAX_ERROR_DESCRIPTION_SIZE 128 /* maximum number of characters */ | ||
42 | /* of a description message */ | ||
43 | /* (null character included) */ | ||
44 | |||
45 | |||
46 | typedef int MHD__asn1_retCode; /* type returned by libtasn1 functions */ | ||
47 | |||
48 | /*****************************************/ | ||
49 | /* Errors returned by libtasn1 functions */ | ||
50 | /*****************************************/ | ||
51 | #define ASN1_SUCCESS 0 | ||
52 | #define ASN1_FILE_NOT_FOUND 1 | ||
53 | #define ASN1_ELEMENT_NOT_FOUND 2 | ||
54 | #define ASN1_IDENTIFIER_NOT_FOUND 3 | ||
55 | #define ASN1_DER_ERROR 4 | ||
56 | #define ASN1_VALUE_NOT_FOUND 5 | ||
57 | #define ASN1_GENERIC_ERROR 6 | ||
58 | #define ASN1_VALUE_NOT_VALID 7 | ||
59 | #define ASN1_TAG_ERROR 8 | ||
60 | #define ASN1_TAG_IMPLICIT 9 | ||
61 | #define ASN1_ERROR_TYPE_ANY 10 | ||
62 | #define ASN1_SYNTAX_ERROR 11 | ||
63 | #define ASN1_MEM_ERROR 12 | ||
64 | #define ASN1_MEM_ALLOC_ERROR 13 | ||
65 | #define ASN1_DER_OVERFLOW 14 | ||
66 | #define ASN1_NAME_TOO_LONG 15 | ||
67 | #define ASN1_ARRAY_ERROR 16 | ||
68 | #define ASN1_ELEMENT_NOT_EMPTY 17 | ||
69 | |||
70 | /*************************************/ | ||
71 | /* Constants used in MHD__asn1_visit_tree */ | ||
72 | /*************************************/ | ||
73 | #define ASN1_PRINT_NAME 1 | ||
74 | #define ASN1_PRINT_NAME_TYPE 2 | ||
75 | #define ASN1_PRINT_NAME_TYPE_VALUE 3 | ||
76 | #define ASN1_PRINT_ALL 4 | ||
77 | |||
78 | /*****************************************/ | ||
79 | /* Constants returned by MHD__asn1_read_tag */ | ||
80 | /*****************************************/ | ||
81 | #define ASN1_CLASS_UNIVERSAL 0x00 /* old: 1 */ | ||
82 | #define ASN1_CLASS_APPLICATION 0x40 /* old: 2 */ | ||
83 | #define ASN1_CLASS_CONTEXT_SPECIFIC 0x80 /* old: 3 */ | ||
84 | #define ASN1_CLASS_PRIVATE 0xC0 /* old: 4 */ | ||
85 | #define ASN1_CLASS_STRUCTURED 0x20 | ||
86 | |||
87 | /*****************************************/ | ||
88 | /* Constants returned by MHD__asn1_read_tag */ | ||
89 | /*****************************************/ | ||
90 | #define ASN1_TAG_BOOLEAN 0x01 | ||
91 | #define ASN1_TAG_INTEGER 0x02 | ||
92 | #define ASN1_TAG_SEQUENCE 0x10 | ||
93 | #define ASN1_TAG_SET 0x11 | ||
94 | #define ASN1_TAG_OCTET_STRING 0x04 | ||
95 | #define ASN1_TAG_BIT_STRING 0x03 | ||
96 | #define ASN1_TAG_UTCTime 0x17 | ||
97 | #define ASN1_TAG_GENERALIZEDTime 0x18 | ||
98 | #define ASN1_TAG_OBJECT_ID 0x06 | ||
99 | #define ASN1_TAG_ENUMERATED 0x0A | ||
100 | #define ASN1_TAG_NULL 0x05 | ||
101 | #define ASN1_TAG_GENERALSTRING 0x1B | ||
102 | |||
103 | /******************************************************/ | ||
104 | /* Structure definition used for the node of the tree */ | ||
105 | /* that represent an ASN.1 DEFINITION. */ | ||
106 | /******************************************************/ | ||
107 | |||
108 | struct node_asn_struct | ||
109 | { | ||
110 | char *name; /* Node name */ | ||
111 | unsigned int type; /* Node type */ | ||
112 | unsigned char *value; /* Node value */ | ||
113 | int value_len; | ||
114 | struct node_asn_struct *down; /* Pointer to the son node */ | ||
115 | struct node_asn_struct *right; /* Pointer to the brother node */ | ||
116 | struct node_asn_struct *left; /* Pointer to the next list element */ | ||
117 | }; | ||
118 | |||
119 | typedef struct node_asn_struct node_asn; | ||
120 | |||
121 | typedef node_asn *ASN1_TYPE; | ||
122 | |||
123 | #define ASN1_TYPE_EMPTY NULL | ||
124 | |||
125 | struct static_struct_asn | ||
126 | { | ||
127 | const char *name; /* Node name */ | ||
128 | unsigned int type; /* Node type */ | ||
129 | const void *value; /* Node value */ | ||
130 | }; | ||
131 | |||
132 | typedef struct static_struct_asn ASN1_ARRAY_TYPE; | ||
133 | |||
134 | |||
135 | |||
136 | /***********************************/ | ||
137 | /* Functions definitions */ | ||
138 | /***********************************/ | ||
139 | |||
140 | MHD__asn1_retCode MHD__asn1_parser2tree (const char *file_name, | ||
141 | ASN1_TYPE * definitions, | ||
142 | char *errorDescription); | ||
143 | |||
144 | MHD__asn1_retCode MHD__asn1_parser2array (const char *inputFileName, | ||
145 | const char *outputFileName, | ||
146 | const char *vectorName, | ||
147 | char *errorDescription); | ||
148 | |||
149 | MHD__asn1_retCode MHD__asn1_array2tree (const ASN1_ARRAY_TYPE * array, | ||
150 | ASN1_TYPE * definitions, | ||
151 | char *errorDescription); | ||
152 | |||
153 | MHD__asn1_retCode MHD__asn1_create_element (ASN1_TYPE definitions, | ||
154 | const char *source_name, | ||
155 | ASN1_TYPE * element); | ||
156 | |||
157 | MHD__asn1_retCode MHD__asn1_delete_structure (ASN1_TYPE * structure); | ||
158 | |||
159 | MHD__asn1_retCode MHD__asn1_write_value (ASN1_TYPE node_root, | ||
160 | const char *name, | ||
161 | const void *ivalue, int len); | ||
162 | |||
163 | MHD__asn1_retCode MHD__asn1_read_value (ASN1_TYPE root, const char *name, | ||
164 | void *ivalue, int *len); | ||
165 | |||
166 | MHD__asn1_retCode MHD__asn1_der_coding (ASN1_TYPE element, const char *name, | ||
167 | void *ider, int *len, | ||
168 | char *ErrorDescription); | ||
169 | |||
170 | MHD__asn1_retCode MHD__asn1_der_decoding (ASN1_TYPE * element, | ||
171 | const void *ider, int len, | ||
172 | char *errorDescription); | ||
173 | |||
174 | MHD__asn1_retCode MHD__asn1_der_decoding_startEnd (ASN1_TYPE element, | ||
175 | const void *ider, | ||
176 | int len, | ||
177 | const char *name_element, | ||
178 | int *start, int *end); | ||
179 | |||
180 | /* DER utility functions. */ | ||
181 | |||
182 | int MHD__asn1_get_tag_der (const unsigned char *der, int der_len, | ||
183 | unsigned char *cls, int *len, | ||
184 | unsigned long *tag); | ||
185 | |||
186 | void MHD__asn1_octet_der (const unsigned char *str, int str_len, | ||
187 | unsigned char *der, int *der_len); | ||
188 | |||
189 | MHD__asn1_retCode MHD__asn1_get_octet_der (const unsigned char *der, | ||
190 | int der_len, int *ret_len, | ||
191 | unsigned char *str, int str_size, | ||
192 | int *str_len); | ||
193 | |||
194 | void MHD__asn1_bit_der (const unsigned char *str, int bit_len, | ||
195 | unsigned char *der, int *der_len); | ||
196 | |||
197 | MHD__asn1_retCode MHD__asn1_get_bit_der (const unsigned char *der, | ||
198 | int der_len, int *ret_len, | ||
199 | unsigned char *str, int str_size, | ||
200 | int *bit_len); | ||
201 | |||
202 | signed long MHD__asn1_get_length_der (const unsigned char *der, int der_len, | ||
203 | int *len); | ||
204 | |||
205 | void MHD__asn1_length_der (unsigned long int len, unsigned char *ans, | ||
206 | int *ans_len); | ||
207 | |||
208 | /* Other utility functions. */ | ||
209 | |||
210 | ASN1_TYPE MHD__asn1_find_node (ASN1_TYPE pointer, const char *name); | ||
211 | |||
212 | #ifdef __cplusplus | ||
213 | } | ||
214 | #endif | ||
215 | |||
216 | #endif /* LIBTASN1_H */ | ||
diff --git a/src/daemon/https/minitasn1/mem.h b/src/daemon/https/minitasn1/mem.h deleted file mode 100644 index 76139df0..00000000 --- a/src/daemon/https/minitasn1/mem.h +++ /dev/null | |||
@@ -1,25 +0,0 @@ | |||
1 | #ifndef MEM_H | ||
2 | # define MEM_H | ||
3 | |||
4 | /* Use MHD__asn1_afree() when calling alloca, or | ||
5 | * memory leaks may occur in systems which do not | ||
6 | * support alloca. | ||
7 | */ | ||
8 | #ifdef HAVE_ALLOCA | ||
9 | # ifdef HAVE_ALLOCA_H | ||
10 | # include <alloca.h> | ||
11 | # endif | ||
12 | # define MHD__asn1_alloca alloca | ||
13 | # define MHD__asn1_afree(x) | ||
14 | #else | ||
15 | # define MHD__asn1_alloca MHD__asn1_malloc | ||
16 | # define MHD__asn1_afree MHD__asn1_free | ||
17 | #endif /* HAVE_ALLOCA */ | ||
18 | |||
19 | #define MHD__asn1_malloc malloc | ||
20 | #define MHD__asn1_free free | ||
21 | #define MHD__asn1_calloc calloc | ||
22 | #define MHD__asn1_realloc realloc | ||
23 | #define MHD__asn1_strdup strdup | ||
24 | |||
25 | #endif /* MEM_H */ | ||
diff --git a/src/daemon/https/minitasn1/parser_aux.c b/src/daemon/https/minitasn1/parser_aux.c deleted file mode 100644 index 0643ff4c..00000000 --- a/src/daemon/https/minitasn1/parser_aux.c +++ /dev/null | |||
@@ -1,774 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2004, 2006, 2007 Free Software Foundation | ||
3 | * Copyright (C) 2000,2001 Fabio Fiorina | ||
4 | * | ||
5 | * This file is part of LIBTASN1. | ||
6 | * | ||
7 | * The LIBTASN1 library is free software; you can redistribute it | ||
8 | * and/or modify it under the terms of the GNU Lesser General Public | ||
9 | * License as published by the Free Software Foundation; either | ||
10 | * version 2.1 of the License, or (at your option) any later version. | ||
11 | * | ||
12 | * This library is distributed in the hope that it will be useful, but | ||
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
15 | * Lesser General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU Lesser General Public | ||
18 | * License along with this library; if not, write to the Free Software | ||
19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
20 | * 02110-1301, USA | ||
21 | */ | ||
22 | |||
23 | #include <int.h> | ||
24 | #include "parser_aux.h" | ||
25 | #include "gstr.h" | ||
26 | #include "structure.h" | ||
27 | #include "element.h" | ||
28 | |||
29 | |||
30 | |||
31 | char MHD__asn1_identifierMissing[MAX_NAME_SIZE + 1]; /* identifier name not found */ | ||
32 | |||
33 | /***********************************************/ | ||
34 | /* Type: list_type */ | ||
35 | /* Description: type used in the list during */ | ||
36 | /* the structure creation. */ | ||
37 | /***********************************************/ | ||
38 | typedef struct list_struct | ||
39 | { | ||
40 | node_asn *node; | ||
41 | struct list_struct *next; | ||
42 | } list_type; | ||
43 | |||
44 | |||
45 | /* Pointer to the first element of the list */ | ||
46 | list_type *MHD_firstElement = NULL; | ||
47 | |||
48 | /******************************************************/ | ||
49 | /* Function : MHD__asn1_add_node */ | ||
50 | /* Description: creates a new NODE_ASN element and */ | ||
51 | /* puts it in the list pointed by MHD_firstElement. */ | ||
52 | /* Parameters: */ | ||
53 | /* type: type of the new element (see TYPE_ */ | ||
54 | /* and CONST_ constants). */ | ||
55 | /* Return: pointer to the new element. */ | ||
56 | /******************************************************/ | ||
57 | node_asn * | ||
58 | MHD__asn1_add_node (unsigned int type) | ||
59 | { | ||
60 | list_type *listElement; | ||
61 | node_asn *punt; | ||
62 | |||
63 | punt = (node_asn *) MHD__asn1_calloc (1, sizeof (node_asn)); | ||
64 | if (punt == NULL) | ||
65 | return NULL; | ||
66 | |||
67 | listElement = (list_type *) MHD__asn1_malloc (sizeof (list_type)); | ||
68 | if (listElement == NULL) | ||
69 | { | ||
70 | MHD__asn1_free (punt); | ||
71 | return NULL; | ||
72 | } | ||
73 | |||
74 | listElement->node = punt; | ||
75 | listElement->next = MHD_firstElement; | ||
76 | MHD_firstElement = listElement; | ||
77 | |||
78 | punt->type = type; | ||
79 | |||
80 | return punt; | ||
81 | } | ||
82 | |||
83 | /** | ||
84 | * MHD__asn1_find_node: | ||
85 | * @pointer: NODE_ASN element pointer. | ||
86 | * @name: null terminated string with the element's name to find. | ||
87 | * | ||
88 | * Searches for an element called NAME starting from POINTER. The | ||
89 | * name is composed by differents identifiers separated by dots. When | ||
90 | * *POINTER has a name, the first identifier must be the name of | ||
91 | * *POINTER, otherwise it must be the name of one child of *POINTER. | ||
92 | * | ||
93 | * Return value: the searching result. NULL if not found. | ||
94 | **/ | ||
95 | ASN1_TYPE | ||
96 | MHD__asn1_find_node (ASN1_TYPE pointer, const char *name) | ||
97 | { | ||
98 | node_asn *p; | ||
99 | char *n_end, n[MAX_NAME_SIZE + 1]; | ||
100 | const char *n_start; | ||
101 | |||
102 | if (pointer == NULL) | ||
103 | return NULL; | ||
104 | |||
105 | if (name == NULL) | ||
106 | return NULL; | ||
107 | |||
108 | p = pointer; | ||
109 | n_start = name; | ||
110 | |||
111 | if (p->name != NULL) | ||
112 | { /* has *pointer got a name ? */ | ||
113 | n_end = strchr (n_start, '.'); /* search the first dot */ | ||
114 | if (n_end) | ||
115 | { | ||
116 | memcpy (n, n_start, n_end - n_start); | ||
117 | n[n_end - n_start] = 0; | ||
118 | n_start = n_end; | ||
119 | n_start++; | ||
120 | } | ||
121 | else | ||
122 | { | ||
123 | MHD__asn1_str_cpy (n, sizeof (n), n_start); | ||
124 | n_start = NULL; | ||
125 | } | ||
126 | |||
127 | while (p) | ||
128 | { | ||
129 | if ((p->name) && (!strcmp (p->name, n))) | ||
130 | break; | ||
131 | else | ||
132 | p = p->right; | ||
133 | } /* while */ | ||
134 | |||
135 | if (p == NULL) | ||
136 | return NULL; | ||
137 | } | ||
138 | else | ||
139 | { /* *pointer doesn't have a name */ | ||
140 | if (n_start[0] == 0) | ||
141 | return p; | ||
142 | } | ||
143 | |||
144 | while (n_start) | ||
145 | { /* Has the end of NAME been reached? */ | ||
146 | n_end = strchr (n_start, '.'); /* search the next dot */ | ||
147 | if (n_end) | ||
148 | { | ||
149 | memcpy (n, n_start, n_end - n_start); | ||
150 | n[n_end - n_start] = 0; | ||
151 | n_start = n_end; | ||
152 | n_start++; | ||
153 | } | ||
154 | else | ||
155 | { | ||
156 | MHD__asn1_str_cpy (n, sizeof (n), n_start); | ||
157 | n_start = NULL; | ||
158 | } | ||
159 | |||
160 | if (p->down == NULL) | ||
161 | return NULL; | ||
162 | |||
163 | p = p->down; | ||
164 | |||
165 | /* The identifier "?LAST" indicates the last element | ||
166 | in the right chain. */ | ||
167 | if (!strcmp (n, "?LAST")) | ||
168 | { | ||
169 | if (p == NULL) | ||
170 | return NULL; | ||
171 | while (p->right) | ||
172 | p = p->right; | ||
173 | } | ||
174 | else | ||
175 | { /* no "?LAST" */ | ||
176 | while (p) | ||
177 | { | ||
178 | if ((p->name) && (!strcmp (p->name, n))) | ||
179 | break; | ||
180 | else | ||
181 | p = p->right; | ||
182 | } | ||
183 | if (p == NULL) | ||
184 | return NULL; | ||
185 | } | ||
186 | } /* while */ | ||
187 | |||
188 | return p; | ||
189 | } | ||
190 | |||
191 | |||
192 | /******************************************************************/ | ||
193 | /* Function : MHD__asn1_set_value */ | ||
194 | /* Description: sets the field VALUE in a NODE_ASN element. The */ | ||
195 | /* previous value (if exist) will be lost */ | ||
196 | /* Parameters: */ | ||
197 | /* node: element pointer. */ | ||
198 | /* value: pointer to the value that you want to set. */ | ||
199 | /* len: character number of value. */ | ||
200 | /* Return: pointer to the NODE_ASN element. */ | ||
201 | /******************************************************************/ | ||
202 | node_asn * | ||
203 | MHD__asn1_set_value (node_asn * node, const void *_value, unsigned int len) | ||
204 | { | ||
205 | const unsigned char *value = _value; | ||
206 | |||
207 | if (node == NULL) | ||
208 | return node; | ||
209 | if (node->value) | ||
210 | { | ||
211 | MHD__asn1_free (node->value); | ||
212 | node->value = NULL; | ||
213 | node->value_len = 0; | ||
214 | } | ||
215 | if (!len) | ||
216 | return node; | ||
217 | node->value = (unsigned char *) MHD__asn1_malloc (len); | ||
218 | if (node->value == NULL) | ||
219 | return NULL; | ||
220 | node->value_len = len; | ||
221 | |||
222 | memcpy (node->value, value, len); | ||
223 | return node; | ||
224 | } | ||
225 | |||
226 | /******************************************************************/ | ||
227 | /* Function : MHD__asn1_set_name */ | ||
228 | /* Description: sets the field NAME in a NODE_ASN element. The */ | ||
229 | /* previous value (if exist) will be lost */ | ||
230 | /* Parameters: */ | ||
231 | /* node: element pointer. */ | ||
232 | /* name: a null terminated string with the name that you want */ | ||
233 | /* to set. */ | ||
234 | /* Return: pointer to the NODE_ASN element. */ | ||
235 | /******************************************************************/ | ||
236 | node_asn * | ||
237 | MHD__asn1_set_name (node_asn * node, const char *name) | ||
238 | { | ||
239 | if (node == NULL) | ||
240 | return node; | ||
241 | |||
242 | if (node->name) | ||
243 | { | ||
244 | MHD__asn1_free (node->name); | ||
245 | node->name = NULL; | ||
246 | } | ||
247 | |||
248 | if (name == NULL) | ||
249 | return node; | ||
250 | |||
251 | if (strlen (name)) | ||
252 | { | ||
253 | node->name = (char *) MHD__asn1_strdup (name); | ||
254 | if (node->name == NULL) | ||
255 | return NULL; | ||
256 | } | ||
257 | else | ||
258 | node->name = NULL; | ||
259 | return node; | ||
260 | } | ||
261 | |||
262 | /******************************************************************/ | ||
263 | /* Function : MHD__asn1_set_right */ | ||
264 | /* Description: sets the field RIGHT in a NODE_ASN element. */ | ||
265 | /* Parameters: */ | ||
266 | /* node: element pointer. */ | ||
267 | /* right: pointer to a NODE_ASN element that you want be pointed*/ | ||
268 | /* by NODE. */ | ||
269 | /* Return: pointer to *NODE. */ | ||
270 | /******************************************************************/ | ||
271 | node_asn * | ||
272 | MHD__asn1_set_right (node_asn * node, node_asn * right) | ||
273 | { | ||
274 | if (node == NULL) | ||
275 | return node; | ||
276 | node->right = right; | ||
277 | if (right) | ||
278 | right->left = node; | ||
279 | return node; | ||
280 | } | ||
281 | |||
282 | /******************************************************************/ | ||
283 | /* Function : MHD__asn1_set_down */ | ||
284 | /* Description: sets the field DOWN in a NODE_ASN element. */ | ||
285 | /* Parameters: */ | ||
286 | /* node: element pointer. */ | ||
287 | /* down: pointer to a NODE_ASN element that you want be pointed */ | ||
288 | /* by NODE. */ | ||
289 | /* Return: pointer to *NODE. */ | ||
290 | /******************************************************************/ | ||
291 | node_asn * | ||
292 | MHD__asn1_set_down (node_asn * node, node_asn * down) | ||
293 | { | ||
294 | if (node == NULL) | ||
295 | return node; | ||
296 | node->down = down; | ||
297 | if (down) | ||
298 | down->left = node; | ||
299 | return node; | ||
300 | } | ||
301 | |||
302 | /******************************************************************/ | ||
303 | /* Function : MHD__asn1_remove_node */ | ||
304 | /* Description: gets free the memory allocated for an NODE_ASN */ | ||
305 | /* element (not the elements pointed by it). */ | ||
306 | /* Parameters: */ | ||
307 | /* node: NODE_ASN element pointer. */ | ||
308 | /******************************************************************/ | ||
309 | void | ||
310 | MHD__asn1_remove_node (node_asn * node) | ||
311 | { | ||
312 | if (node == NULL) | ||
313 | return; | ||
314 | |||
315 | if (node->name != NULL) | ||
316 | MHD__asn1_free (node->name); | ||
317 | if (node->value != NULL) | ||
318 | MHD__asn1_free (node->value); | ||
319 | MHD__asn1_free (node); | ||
320 | } | ||
321 | |||
322 | /******************************************************************/ | ||
323 | /* Function : MHD__asn1_find_up */ | ||
324 | /* Description: return the father of the NODE_ASN element. */ | ||
325 | /* Parameters: */ | ||
326 | /* node: NODE_ASN element pointer. */ | ||
327 | /* Return: Null if not found. */ | ||
328 | /******************************************************************/ | ||
329 | node_asn * | ||
330 | MHD__asn1_find_up (node_asn * node) | ||
331 | { | ||
332 | node_asn *p; | ||
333 | |||
334 | if (node == NULL) | ||
335 | return NULL; | ||
336 | |||
337 | p = node; | ||
338 | |||
339 | while ((p->left != NULL) && (p->left->right == p)) | ||
340 | p = p->left; | ||
341 | |||
342 | return p->left; | ||
343 | } | ||
344 | |||
345 | /******************************************************************/ | ||
346 | /* Function : MHD__asn1_delete_list */ | ||
347 | /* Description: deletes the list elements (not the elements */ | ||
348 | /* pointed by them). */ | ||
349 | /******************************************************************/ | ||
350 | void | ||
351 | MHD__asn1_delete_list (void) | ||
352 | { | ||
353 | list_type *listElement; | ||
354 | |||
355 | while (MHD_firstElement) | ||
356 | { | ||
357 | listElement = MHD_firstElement; | ||
358 | MHD_firstElement = MHD_firstElement->next; | ||
359 | MHD__asn1_free (listElement); | ||
360 | } | ||
361 | } | ||
362 | |||
363 | /******************************************************************/ | ||
364 | /* Function : MHD__asn1_delete_list_and nodes */ | ||
365 | /* Description: deletes the list elements and the elements */ | ||
366 | /* pointed by them. */ | ||
367 | /******************************************************************/ | ||
368 | void | ||
369 | MHD__asn1_delete_list_and_nodes (void) | ||
370 | { | ||
371 | list_type *listElement; | ||
372 | |||
373 | while (MHD_firstElement) | ||
374 | { | ||
375 | listElement = MHD_firstElement; | ||
376 | MHD_firstElement = MHD_firstElement->next; | ||
377 | MHD__asn1_remove_node (listElement->node); | ||
378 | MHD__asn1_free (listElement); | ||
379 | } | ||
380 | } | ||
381 | |||
382 | |||
383 | char * | ||
384 | MHD__asn1_ltostr (long v, char *str) | ||
385 | { | ||
386 | long d, r; | ||
387 | char temp[20]; | ||
388 | int count, k, start; | ||
389 | |||
390 | if (v < 0) | ||
391 | { | ||
392 | str[0] = '-'; | ||
393 | start = 1; | ||
394 | v = -v; | ||
395 | } | ||
396 | else | ||
397 | start = 0; | ||
398 | |||
399 | count = 0; | ||
400 | do | ||
401 | { | ||
402 | d = v / 10; | ||
403 | r = v - d * 10; | ||
404 | temp[start + count] = '0' + (char) r; | ||
405 | count++; | ||
406 | v = d; | ||
407 | } | ||
408 | while (v); | ||
409 | |||
410 | for (k = 0; k < count; k++) | ||
411 | str[k + start] = temp[start + count - k - 1]; | ||
412 | str[count + start] = 0; | ||
413 | return str; | ||
414 | } | ||
415 | |||
416 | |||
417 | /******************************************************************/ | ||
418 | /* Function : MHD__asn1_change_integer_value */ | ||
419 | /* Description: converts into DER coding the value assign to an */ | ||
420 | /* INTEGER constant. */ | ||
421 | /* Parameters: */ | ||
422 | /* node: root of an ASN1element. */ | ||
423 | /* Return: */ | ||
424 | /* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ | ||
425 | /* otherwise ASN1_SUCCESS */ | ||
426 | /******************************************************************/ | ||
427 | MHD__asn1_retCode | ||
428 | MHD__asn1_change_integer_value (ASN1_TYPE node) | ||
429 | { | ||
430 | node_asn *p; | ||
431 | unsigned char val[SIZEOF_UNSIGNED_LONG_INT]; | ||
432 | unsigned char val2[SIZEOF_UNSIGNED_LONG_INT + 1]; | ||
433 | int len; | ||
434 | |||
435 | if (node == NULL) | ||
436 | return ASN1_ELEMENT_NOT_FOUND; | ||
437 | |||
438 | p = node; | ||
439 | while (p) | ||
440 | { | ||
441 | if ((type_field (p->type) == TYPE_INTEGER) && (p->type & CONST_ASSIGN)) | ||
442 | { | ||
443 | if (p->value) | ||
444 | { | ||
445 | MHD__asn1_convert_integer ((const char *) p->value, val, | ||
446 | sizeof (val), &len); | ||
447 | MHD__asn1_octet_der (val, len, val2, &len); | ||
448 | MHD__asn1_set_value (p, val2, len); | ||
449 | } | ||
450 | } | ||
451 | |||
452 | if (p->down) | ||
453 | { | ||
454 | p = p->down; | ||
455 | } | ||
456 | else | ||
457 | { | ||
458 | if (p == node) | ||
459 | p = NULL; | ||
460 | else if (p->right) | ||
461 | p = p->right; | ||
462 | else | ||
463 | { | ||
464 | while (1) | ||
465 | { | ||
466 | p = MHD__asn1_find_up (p); | ||
467 | if (p == node) | ||
468 | { | ||
469 | p = NULL; | ||
470 | break; | ||
471 | } | ||
472 | if (p->right) | ||
473 | { | ||
474 | p = p->right; | ||
475 | break; | ||
476 | } | ||
477 | } | ||
478 | } | ||
479 | } | ||
480 | } | ||
481 | |||
482 | return ASN1_SUCCESS; | ||
483 | } | ||
484 | |||
485 | |||
486 | /******************************************************************/ | ||
487 | /* Function : MHD__asn1_expand_object_id */ | ||
488 | /* Description: expand the IDs of an OBJECT IDENTIFIER constant. */ | ||
489 | /* Parameters: */ | ||
490 | /* node: root of an ASN1 element. */ | ||
491 | /* Return: */ | ||
492 | /* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ | ||
493 | /* otherwise ASN1_SUCCESS */ | ||
494 | /******************************************************************/ | ||
495 | MHD__asn1_retCode | ||
496 | MHD__asn1_expand_object_id (ASN1_TYPE node) | ||
497 | { | ||
498 | node_asn *p, *p2, *p3, *p4, *p5; | ||
499 | char name_root[MAX_NAME_SIZE], name2[2 * MAX_NAME_SIZE + 1]; | ||
500 | int move, tlen; | ||
501 | |||
502 | if (node == NULL) | ||
503 | return ASN1_ELEMENT_NOT_FOUND; | ||
504 | |||
505 | MHD__asn1_str_cpy (name_root, sizeof (name_root), node->name); | ||
506 | |||
507 | p = node; | ||
508 | move = DOWN; | ||
509 | |||
510 | while (!((p == node) && (move == UP))) | ||
511 | { | ||
512 | if (move != UP) | ||
513 | { | ||
514 | if ((type_field (p->type) == TYPE_OBJECT_ID) | ||
515 | && (p->type & CONST_ASSIGN)) | ||
516 | { | ||
517 | p2 = p->down; | ||
518 | if (p2 && (type_field (p2->type) == TYPE_CONSTANT)) | ||
519 | { | ||
520 | if (p2->value && !isdigit (p2->value[0])) | ||
521 | { | ||
522 | MHD__asn1_str_cpy (name2, sizeof (name2), name_root); | ||
523 | MHD__asn1_str_cat (name2, sizeof (name2), "."); | ||
524 | MHD__asn1_str_cat (name2, sizeof (name2), | ||
525 | (const char *) p2->value); | ||
526 | p3 = MHD__asn1_find_node (node, name2); | ||
527 | if (!p3 || (type_field (p3->type) != TYPE_OBJECT_ID) || | ||
528 | !(p3->type & CONST_ASSIGN)) | ||
529 | return ASN1_ELEMENT_NOT_FOUND; | ||
530 | MHD__asn1_set_down (p, p2->right); | ||
531 | MHD__asn1_remove_node (p2); | ||
532 | p2 = p; | ||
533 | p4 = p3->down; | ||
534 | while (p4) | ||
535 | { | ||
536 | if (type_field (p4->type) == TYPE_CONSTANT) | ||
537 | { | ||
538 | p5 = MHD__asn1_add_node_only (TYPE_CONSTANT); | ||
539 | MHD__asn1_set_name (p5, p4->name); | ||
540 | tlen = strlen ((const char *) p4->value); | ||
541 | if (tlen > 0) | ||
542 | MHD__asn1_set_value (p5, p4->value, tlen + 1); | ||
543 | if (p2 == p) | ||
544 | { | ||
545 | MHD__asn1_set_right (p5, p->down); | ||
546 | MHD__asn1_set_down (p, p5); | ||
547 | } | ||
548 | else | ||
549 | { | ||
550 | MHD__asn1_set_right (p5, p2->right); | ||
551 | MHD__asn1_set_right (p2, p5); | ||
552 | } | ||
553 | p2 = p5; | ||
554 | } | ||
555 | p4 = p4->right; | ||
556 | } | ||
557 | move = DOWN; | ||
558 | continue; | ||
559 | } | ||
560 | } | ||
561 | } | ||
562 | move = DOWN; | ||
563 | } | ||
564 | else | ||
565 | move = RIGHT; | ||
566 | |||
567 | if (move == DOWN) | ||
568 | { | ||
569 | if (p->down) | ||
570 | p = p->down; | ||
571 | else | ||
572 | move = RIGHT; | ||
573 | } | ||
574 | |||
575 | if (p == node) | ||
576 | { | ||
577 | move = UP; | ||
578 | continue; | ||
579 | } | ||
580 | |||
581 | if (move == RIGHT) | ||
582 | { | ||
583 | if (p->right) | ||
584 | p = p->right; | ||
585 | else | ||
586 | move = UP; | ||
587 | } | ||
588 | if (move == UP) | ||
589 | p = MHD__asn1_find_up (p); | ||
590 | } | ||
591 | |||
592 | |||
593 | /*******************************/ | ||
594 | /* expand DEFAULT */ | ||
595 | /*******************************/ | ||
596 | p = node; | ||
597 | move = DOWN; | ||
598 | |||
599 | while (!((p == node) && (move == UP))) | ||
600 | { | ||
601 | if (move != UP) | ||
602 | { | ||
603 | if ((type_field (p->type) == TYPE_OBJECT_ID) && | ||
604 | (p->type & CONST_DEFAULT)) | ||
605 | { | ||
606 | p2 = p->down; | ||
607 | if (p2 && (type_field (p2->type) == TYPE_DEFAULT)) | ||
608 | { | ||
609 | MHD__asn1_str_cpy (name2, sizeof (name2), name_root); | ||
610 | MHD__asn1_str_cat (name2, sizeof (name2), "."); | ||
611 | MHD__asn1_str_cat (name2, sizeof (name2), | ||
612 | (const char *) p2->value); | ||
613 | p3 = MHD__asn1_find_node (node, name2); | ||
614 | if (!p3 || (type_field (p3->type) != TYPE_OBJECT_ID) || | ||
615 | !(p3->type & CONST_ASSIGN)) | ||
616 | return ASN1_ELEMENT_NOT_FOUND; | ||
617 | p4 = p3->down; | ||
618 | name2[0] = 0; | ||
619 | while (p4) | ||
620 | { | ||
621 | if (type_field (p4->type) == TYPE_CONSTANT) | ||
622 | { | ||
623 | if (name2[0]) | ||
624 | MHD__asn1_str_cat (name2, sizeof (name2), "."); | ||
625 | MHD__asn1_str_cat (name2, sizeof (name2), | ||
626 | (const char *) p4->value); | ||
627 | } | ||
628 | p4 = p4->right; | ||
629 | } | ||
630 | tlen = strlen (name2); | ||
631 | if (tlen > 0) | ||
632 | MHD__asn1_set_value (p2, name2, tlen + 1); | ||
633 | } | ||
634 | } | ||
635 | move = DOWN; | ||
636 | } | ||
637 | else | ||
638 | move = RIGHT; | ||
639 | |||
640 | if (move == DOWN) | ||
641 | { | ||
642 | if (p->down) | ||
643 | p = p->down; | ||
644 | else | ||
645 | move = RIGHT; | ||
646 | } | ||
647 | |||
648 | if (p == node) | ||
649 | { | ||
650 | move = UP; | ||
651 | continue; | ||
652 | } | ||
653 | |||
654 | if (move == RIGHT) | ||
655 | { | ||
656 | if (p->right) | ||
657 | p = p->right; | ||
658 | else | ||
659 | move = UP; | ||
660 | } | ||
661 | if (move == UP) | ||
662 | p = MHD__asn1_find_up (p); | ||
663 | } | ||
664 | |||
665 | return ASN1_SUCCESS; | ||
666 | } | ||
667 | |||
668 | /******************************************************************/ | ||
669 | /* Function : MHD__asn1_check_identifier */ | ||
670 | /* Description: checks the definitions of all the identifiers */ | ||
671 | /* and the first element of an OBJECT_ID (e.g. {pkix 0 4}). */ | ||
672 | /* The MHD__asn1_identifierMissing global variable is filled if */ | ||
673 | /* necessary. */ | ||
674 | /* Parameters: */ | ||
675 | /* node: root of an ASN1 element. */ | ||
676 | /* Return: */ | ||
677 | /* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ | ||
678 | /* ASN1_IDENTIFIER_NOT_FOUND if an identifier is not defined, */ | ||
679 | /* otherwise ASN1_SUCCESS */ | ||
680 | /******************************************************************/ | ||
681 | MHD__asn1_retCode | ||
682 | MHD__asn1_check_identifier (ASN1_TYPE node) | ||
683 | { | ||
684 | node_asn *p, *p2; | ||
685 | char name2[MAX_NAME_SIZE * 2 + 2]; | ||
686 | |||
687 | if (node == NULL) | ||
688 | return ASN1_ELEMENT_NOT_FOUND; | ||
689 | |||
690 | p = node; | ||
691 | while (p) | ||
692 | { | ||
693 | if (type_field (p->type) == TYPE_IDENTIFIER) | ||
694 | { | ||
695 | MHD__asn1_str_cpy (name2, sizeof (name2), node->name); | ||
696 | MHD__asn1_str_cat (name2, sizeof (name2), "."); | ||
697 | MHD__asn1_str_cat (name2, sizeof (name2), (const char *) p->value); | ||
698 | p2 = MHD__asn1_find_node (node, name2); | ||
699 | if (p2 == NULL) | ||
700 | { | ||
701 | strcpy (MHD__asn1_identifierMissing, (const char *) p->value); | ||
702 | return ASN1_IDENTIFIER_NOT_FOUND; | ||
703 | } | ||
704 | } | ||
705 | else if ((type_field (p->type) == TYPE_OBJECT_ID) && | ||
706 | (p->type & CONST_DEFAULT)) | ||
707 | { | ||
708 | p2 = p->down; | ||
709 | if (p2 && (type_field (p2->type) == TYPE_DEFAULT)) | ||
710 | { | ||
711 | MHD__asn1_str_cpy (name2, sizeof (name2), node->name); | ||
712 | MHD__asn1_str_cat (name2, sizeof (name2), "."); | ||
713 | MHD__asn1_str_cat (name2, sizeof (name2), | ||
714 | (const char *) p2->value); | ||
715 | strcpy (MHD__asn1_identifierMissing, (const char *) p2->value); | ||
716 | p2 = MHD__asn1_find_node (node, name2); | ||
717 | if (!p2 || (type_field (p2->type) != TYPE_OBJECT_ID) || | ||
718 | !(p2->type & CONST_ASSIGN)) | ||
719 | return ASN1_IDENTIFIER_NOT_FOUND; | ||
720 | else | ||
721 | MHD__asn1_identifierMissing[0] = 0; | ||
722 | } | ||
723 | } | ||
724 | else if ((type_field (p->type) == TYPE_OBJECT_ID) && | ||
725 | (p->type & CONST_ASSIGN)) | ||
726 | { | ||
727 | p2 = p->down; | ||
728 | if (p2 && (type_field (p2->type) == TYPE_CONSTANT)) | ||
729 | { | ||
730 | if (p2->value && !isdigit (p2->value[0])) | ||
731 | { | ||
732 | MHD__asn1_str_cpy (name2, sizeof (name2), node->name); | ||
733 | MHD__asn1_str_cat (name2, sizeof (name2), "."); | ||
734 | MHD__asn1_str_cat (name2, sizeof (name2), | ||
735 | (const char *) p2->value); | ||
736 | strcpy (MHD__asn1_identifierMissing, | ||
737 | (const char *) p2->value); | ||
738 | p2 = MHD__asn1_find_node (node, name2); | ||
739 | if (!p2 || (type_field (p2->type) != TYPE_OBJECT_ID) || | ||
740 | !(p2->type & CONST_ASSIGN)) | ||
741 | return ASN1_IDENTIFIER_NOT_FOUND; | ||
742 | else | ||
743 | MHD__asn1_identifierMissing[0] = 0; | ||
744 | } | ||
745 | } | ||
746 | } | ||
747 | |||
748 | if (p->down) | ||
749 | { | ||
750 | p = p->down; | ||
751 | } | ||
752 | else if (p->right) | ||
753 | p = p->right; | ||
754 | else | ||
755 | { | ||
756 | while (1) | ||
757 | { | ||
758 | p = MHD__asn1_find_up (p); | ||
759 | if (p == node) | ||
760 | { | ||
761 | p = NULL; | ||
762 | break; | ||
763 | } | ||
764 | if (p->right) | ||
765 | { | ||
766 | p = p->right; | ||
767 | break; | ||
768 | } | ||
769 | } | ||
770 | } | ||
771 | } | ||
772 | |||
773 | return ASN1_SUCCESS; | ||
774 | } | ||
diff --git a/src/daemon/https/minitasn1/parser_aux.h b/src/daemon/https/minitasn1/parser_aux.h deleted file mode 100644 index 4437fb19..00000000 --- a/src/daemon/https/minitasn1/parser_aux.h +++ /dev/null | |||
@@ -1,37 +0,0 @@ | |||
1 | |||
2 | #ifndef _PARSER_AUX_H | ||
3 | #define _PARSER_AUX_H | ||
4 | |||
5 | |||
6 | /***************************************/ | ||
7 | /* Functions used by ASN.1 parser */ | ||
8 | /***************************************/ | ||
9 | node_asn *MHD__asn1_add_node (unsigned int type); | ||
10 | |||
11 | node_asn *MHD__asn1_set_value (node_asn * node, const void *value, | ||
12 | unsigned int len); | ||
13 | |||
14 | node_asn *MHD__asn1_set_name (node_asn * node, const char *name); | ||
15 | |||
16 | node_asn *MHD__asn1_set_right (node_asn * node, node_asn * right); | ||
17 | |||
18 | node_asn *MHD__asn1_set_down (node_asn * node, node_asn * down); | ||
19 | |||
20 | void MHD__asn1_remove_node (node_asn * node); | ||
21 | |||
22 | void MHD__asn1_delete_list (void); | ||
23 | |||
24 | void MHD__asn1_delete_list_and_nodes (void); | ||
25 | |||
26 | char *MHD__asn1_ltostr (long v, char *str); | ||
27 | |||
28 | node_asn *MHD__asn1_find_up (node_asn * node); | ||
29 | |||
30 | MHD__asn1_retCode MHD__asn1_change_integer_value (ASN1_TYPE node); | ||
31 | |||
32 | MHD__asn1_retCode MHD__asn1_expand_object_id (ASN1_TYPE node); | ||
33 | |||
34 | MHD__asn1_retCode MHD__asn1_check_identifier (ASN1_TYPE node); | ||
35 | |||
36 | |||
37 | #endif | ||
diff --git a/src/daemon/https/minitasn1/structure.c b/src/daemon/https/minitasn1/structure.c deleted file mode 100644 index fdaeea47..00000000 --- a/src/daemon/https/minitasn1/structure.c +++ /dev/null | |||
@@ -1,585 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2004, 2006, 2007 Free Software Foundation | ||
3 | * Copyright (C) 2002 Fabio Fiorina | ||
4 | * | ||
5 | * This file is part of LIBTASN1. | ||
6 | * | ||
7 | * The LIBTASN1 library is free software; you can redistribute it | ||
8 | * and/or modify it under the terms of the GNU Lesser General Public | ||
9 | * License as published by the Free Software Foundation; either | ||
10 | * version 2.1 of the License, or (at your option) any later version. | ||
11 | * | ||
12 | * This library is distributed in the hope that it will be useful, but | ||
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
15 | * Lesser General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU Lesser General Public | ||
18 | * License along with this library; if not, write to the Free Software | ||
19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
20 | * 02110-1301, USA | ||
21 | */ | ||
22 | |||
23 | |||
24 | /*****************************************************/ | ||
25 | /* File: structure.c */ | ||
26 | /* Description: Functions to create and delete an */ | ||
27 | /* ASN1 tree. */ | ||
28 | /*****************************************************/ | ||
29 | |||
30 | |||
31 | #include <int.h> | ||
32 | #include <structure.h> | ||
33 | #include "parser_aux.h" | ||
34 | #include <gstr.h> | ||
35 | |||
36 | |||
37 | extern char MHD__asn1_identifierMissing[]; | ||
38 | |||
39 | static node_asn *MHD__asn1_copy_structure2 (node_asn * root, | ||
40 | const char *source_name); | ||
41 | |||
42 | |||
43 | |||
44 | /******************************************************/ | ||
45 | /* Function : MHD__asn1_add_node_only */ | ||
46 | /* Description: creates a new NODE_ASN element. */ | ||
47 | /* Parameters: */ | ||
48 | /* type: type of the new element (see TYPE_ */ | ||
49 | /* and CONST_ constants). */ | ||
50 | /* Return: pointer to the new element. */ | ||
51 | /******************************************************/ | ||
52 | node_asn * | ||
53 | MHD__asn1_add_node_only (unsigned int type) | ||
54 | { | ||
55 | node_asn *punt; | ||
56 | |||
57 | punt = (node_asn *) MHD__asn1_calloc (1, sizeof (node_asn)); | ||
58 | if (punt == NULL) | ||
59 | return NULL; | ||
60 | |||
61 | punt->type = type; | ||
62 | |||
63 | return punt; | ||
64 | } | ||
65 | |||
66 | |||
67 | /******************************************************************/ | ||
68 | /* Function : MHD__asn1_find_left */ | ||
69 | /* Description: returns the NODE_ASN element with RIGHT field that*/ | ||
70 | /* points the element NODE. */ | ||
71 | /* Parameters: */ | ||
72 | /* node: NODE_ASN element pointer. */ | ||
73 | /* Return: NULL if not found. */ | ||
74 | /******************************************************************/ | ||
75 | node_asn * | ||
76 | MHD__asn1_find_left (node_asn * node) | ||
77 | { | ||
78 | if ((node == NULL) || (node->left == NULL) || (node->left->down == node)) | ||
79 | return NULL; | ||
80 | |||
81 | return node->left; | ||
82 | } | ||
83 | |||
84 | |||
85 | |||
86 | /** | ||
87 | * MHD__asn1_array2tree - Creates the structures needed to manage the ASN1 definitions. | ||
88 | * @array: specify the array that contains ASN.1 declarations | ||
89 | * @definitions: return the pointer to the structure created by | ||
90 | * *ARRAY ASN.1 declarations | ||
91 | * @errorDescription: return the error description. | ||
92 | * | ||
93 | * Creates the structures needed to manage the ASN.1 definitions. | ||
94 | * @array is a vector created by MHD__asn1_parser2array(). | ||
95 | * | ||
96 | * Returns: | ||
97 | * | ||
98 | * ASN1_SUCCESS: Structure created correctly. | ||
99 | * | ||
100 | * ASN1_ELEMENT_NOT_EMPTY: *@definitions not ASN1_TYPE_EMPTY. | ||
101 | * | ||
102 | * ASN1_IDENTIFIER_NOT_FOUND: In the file there is an identifier that | ||
103 | * is not defined (see @errorDescription for more information). | ||
104 | * | ||
105 | * ASN1_ARRAY_ERROR: The array pointed by @array is wrong. | ||
106 | **/ | ||
107 | MHD__asn1_retCode | ||
108 | MHD__asn1_array2tree (const ASN1_ARRAY_TYPE * array, ASN1_TYPE * definitions, | ||
109 | char *errorDescription) | ||
110 | { | ||
111 | node_asn *p, *p_last = NULL; | ||
112 | unsigned long k; | ||
113 | int move; | ||
114 | MHD__asn1_retCode result; | ||
115 | |||
116 | |||
117 | if (*definitions != ASN1_TYPE_EMPTY) | ||
118 | return ASN1_ELEMENT_NOT_EMPTY; | ||
119 | |||
120 | move = UP; | ||
121 | |||
122 | k = 0; | ||
123 | while (array[k].value || array[k].type || array[k].name) | ||
124 | { | ||
125 | p = MHD__asn1_add_node (array[k].type & (~CONST_DOWN)); | ||
126 | if (array[k].name) | ||
127 | MHD__asn1_set_name (p, array[k].name); | ||
128 | if (array[k].value) | ||
129 | MHD__asn1_set_value (p, array[k].value, strlen (array[k].value) + 1); | ||
130 | |||
131 | if (*definitions == NULL) | ||
132 | *definitions = p; | ||
133 | |||
134 | if (move == DOWN) | ||
135 | MHD__asn1_set_down (p_last, p); | ||
136 | else if (move == RIGHT) | ||
137 | MHD__asn1_set_right (p_last, p); | ||
138 | |||
139 | p_last = p; | ||
140 | |||
141 | if (array[k].type & CONST_DOWN) | ||
142 | move = DOWN; | ||
143 | else if (array[k].type & CONST_RIGHT) | ||
144 | move = RIGHT; | ||
145 | else | ||
146 | { | ||
147 | while (1) | ||
148 | { | ||
149 | if (p_last == *definitions) | ||
150 | break; | ||
151 | |||
152 | p_last = MHD__asn1_find_up (p_last); | ||
153 | |||
154 | if (p_last == NULL) | ||
155 | break; | ||
156 | |||
157 | if (p_last->type & CONST_RIGHT) | ||
158 | { | ||
159 | p_last->type &= ~CONST_RIGHT; | ||
160 | move = RIGHT; | ||
161 | break; | ||
162 | } | ||
163 | } /* while */ | ||
164 | } | ||
165 | k++; | ||
166 | } /* while */ | ||
167 | |||
168 | if (p_last == *definitions) | ||
169 | { | ||
170 | result = MHD__asn1_check_identifier (*definitions); | ||
171 | if (result == ASN1_SUCCESS) | ||
172 | { | ||
173 | MHD__asn1_change_integer_value (*definitions); | ||
174 | MHD__asn1_expand_object_id (*definitions); | ||
175 | } | ||
176 | } | ||
177 | else | ||
178 | { | ||
179 | result = ASN1_ARRAY_ERROR; | ||
180 | } | ||
181 | |||
182 | if (errorDescription != NULL) | ||
183 | { | ||
184 | if (result == ASN1_IDENTIFIER_NOT_FOUND) | ||
185 | { | ||
186 | Estrcpy (errorDescription, ":: identifier '"); | ||
187 | Estrcat (errorDescription, MHD__asn1_identifierMissing); | ||
188 | Estrcat (errorDescription, "' not found"); | ||
189 | } | ||
190 | else | ||
191 | errorDescription[0] = 0; | ||
192 | } | ||
193 | |||
194 | if (result != ASN1_SUCCESS) | ||
195 | { | ||
196 | MHD__asn1_delete_list_and_nodes (); | ||
197 | *definitions = ASN1_TYPE_EMPTY; | ||
198 | } | ||
199 | else | ||
200 | MHD__asn1_delete_list (); | ||
201 | |||
202 | return result; | ||
203 | } | ||
204 | |||
205 | /** | ||
206 | * MHD__asn1_delete_structure - Deletes the structure pointed by *ROOT. | ||
207 | * @structure: pointer to the structure that you want to delete. | ||
208 | * | ||
209 | * Deletes the structure *@structure. At the end, *@structure is set | ||
210 | * to ASN1_TYPE_EMPTY. | ||
211 | * | ||
212 | * Returns: | ||
213 | * | ||
214 | * ASN1_SUCCESS: Everything OK. | ||
215 | * | ||
216 | * ASN1_ELEMENT_NOT_FOUND: *@structure was ASN1_TYPE_EMPTY. | ||
217 | * | ||
218 | **/ | ||
219 | MHD__asn1_retCode | ||
220 | MHD__asn1_delete_structure (ASN1_TYPE * structure) | ||
221 | { | ||
222 | node_asn *p, *p2, *p3; | ||
223 | |||
224 | if (*structure == ASN1_TYPE_EMPTY) | ||
225 | return ASN1_ELEMENT_NOT_FOUND; | ||
226 | |||
227 | p = *structure; | ||
228 | while (p) | ||
229 | { | ||
230 | if (p->down) | ||
231 | { | ||
232 | p = p->down; | ||
233 | } | ||
234 | else | ||
235 | { /* no down */ | ||
236 | p2 = p->right; | ||
237 | if (p != *structure) | ||
238 | { | ||
239 | p3 = MHD__asn1_find_up (p); | ||
240 | MHD__asn1_set_down (p3, p2); | ||
241 | MHD__asn1_remove_node (p); | ||
242 | p = p3; | ||
243 | } | ||
244 | else | ||
245 | { /* p==root */ | ||
246 | p3 = MHD__asn1_find_left (p); | ||
247 | if (!p3) | ||
248 | { | ||
249 | p3 = MHD__asn1_find_up (p); | ||
250 | if (p3) | ||
251 | MHD__asn1_set_down (p3, p2); | ||
252 | else | ||
253 | { | ||
254 | if (p->right) | ||
255 | p->right->left = NULL; | ||
256 | } | ||
257 | } | ||
258 | else | ||
259 | MHD__asn1_set_right (p3, p2); | ||
260 | MHD__asn1_remove_node (p); | ||
261 | p = NULL; | ||
262 | } | ||
263 | } | ||
264 | } | ||
265 | |||
266 | *structure = ASN1_TYPE_EMPTY; | ||
267 | return ASN1_SUCCESS; | ||
268 | } | ||
269 | |||
270 | node_asn * | ||
271 | MHD__asn1_copy_structure3 (node_asn * source_node) | ||
272 | { | ||
273 | node_asn *dest_node, *p_s, *p_d, *p_d_prev; | ||
274 | int move; | ||
275 | |||
276 | if (source_node == NULL) | ||
277 | return NULL; | ||
278 | |||
279 | dest_node = MHD__asn1_add_node_only (source_node->type); | ||
280 | |||
281 | p_s = source_node; | ||
282 | p_d = dest_node; | ||
283 | |||
284 | move = DOWN; | ||
285 | |||
286 | do | ||
287 | { | ||
288 | if (move != UP) | ||
289 | { | ||
290 | if (p_s->name) | ||
291 | MHD__asn1_set_name (p_d, p_s->name); | ||
292 | if (p_s->value) | ||
293 | MHD__asn1_set_value (p_d, p_s->value, p_s->value_len); | ||
294 | move = DOWN; | ||
295 | } | ||
296 | else | ||
297 | move = RIGHT; | ||
298 | |||
299 | if (move == DOWN) | ||
300 | { | ||
301 | if (p_s->down) | ||
302 | { | ||
303 | p_s = p_s->down; | ||
304 | p_d_prev = p_d; | ||
305 | p_d = MHD__asn1_add_node_only (p_s->type); | ||
306 | MHD__asn1_set_down (p_d_prev, p_d); | ||
307 | } | ||
308 | else | ||
309 | move = RIGHT; | ||
310 | } | ||
311 | |||
312 | if (p_s == source_node) | ||
313 | break; | ||
314 | |||
315 | if (move == RIGHT) | ||
316 | { | ||
317 | if (p_s->right) | ||
318 | { | ||
319 | p_s = p_s->right; | ||
320 | p_d_prev = p_d; | ||
321 | p_d = MHD__asn1_add_node_only (p_s->type); | ||
322 | MHD__asn1_set_right (p_d_prev, p_d); | ||
323 | } | ||
324 | else | ||
325 | move = UP; | ||
326 | } | ||
327 | if (move == UP) | ||
328 | { | ||
329 | p_s = MHD__asn1_find_up (p_s); | ||
330 | p_d = MHD__asn1_find_up (p_d); | ||
331 | } | ||
332 | } | ||
333 | while (p_s != source_node); | ||
334 | |||
335 | return dest_node; | ||
336 | } | ||
337 | |||
338 | |||
339 | static node_asn * | ||
340 | MHD__asn1_copy_structure2 (node_asn * root, const char *source_name) | ||
341 | { | ||
342 | node_asn *source_node; | ||
343 | |||
344 | source_node = MHD__asn1_find_node (root, source_name); | ||
345 | |||
346 | return MHD__asn1_copy_structure3 (source_node); | ||
347 | |||
348 | } | ||
349 | |||
350 | |||
351 | static MHD__asn1_retCode | ||
352 | MHD__asn1_type_choice_config (node_asn * node) | ||
353 | { | ||
354 | node_asn *p, *p2, *p3, *p4; | ||
355 | int move, tlen; | ||
356 | |||
357 | if (node == NULL) | ||
358 | return ASN1_ELEMENT_NOT_FOUND; | ||
359 | |||
360 | p = node; | ||
361 | move = DOWN; | ||
362 | |||
363 | while (!((p == node) && (move == UP))) | ||
364 | { | ||
365 | if (move != UP) | ||
366 | { | ||
367 | if ((type_field (p->type) == TYPE_CHOICE) && (p->type & CONST_TAG)) | ||
368 | { | ||
369 | p2 = p->down; | ||
370 | while (p2) | ||
371 | { | ||
372 | if (type_field (p2->type) != TYPE_TAG) | ||
373 | { | ||
374 | p2->type |= CONST_TAG; | ||
375 | p3 = MHD__asn1_find_left (p2); | ||
376 | while (p3) | ||
377 | { | ||
378 | if (type_field (p3->type) == TYPE_TAG) | ||
379 | { | ||
380 | p4 = MHD__asn1_add_node_only (p3->type); | ||
381 | tlen = strlen ((const char *) p3->value); | ||
382 | if (tlen > 0) | ||
383 | MHD__asn1_set_value (p4, p3->value, tlen + 1); | ||
384 | MHD__asn1_set_right (p4, p2->down); | ||
385 | MHD__asn1_set_down (p2, p4); | ||
386 | } | ||
387 | p3 = MHD__asn1_find_left (p3); | ||
388 | } | ||
389 | } | ||
390 | p2 = p2->right; | ||
391 | } | ||
392 | p->type &= ~(CONST_TAG); | ||
393 | p2 = p->down; | ||
394 | while (p2) | ||
395 | { | ||
396 | p3 = p2->right; | ||
397 | if (type_field (p2->type) == TYPE_TAG) | ||
398 | MHD__asn1_delete_structure (&p2); | ||
399 | p2 = p3; | ||
400 | } | ||
401 | } | ||
402 | move = DOWN; | ||
403 | } | ||
404 | else | ||
405 | move = RIGHT; | ||
406 | |||
407 | if (move == DOWN) | ||
408 | { | ||
409 | if (p->down) | ||
410 | p = p->down; | ||
411 | else | ||
412 | move = RIGHT; | ||
413 | } | ||
414 | |||
415 | if (p == node) | ||
416 | { | ||
417 | move = UP; | ||
418 | continue; | ||
419 | } | ||
420 | |||
421 | if (move == RIGHT) | ||
422 | { | ||
423 | if (p->right) | ||
424 | p = p->right; | ||
425 | else | ||
426 | move = UP; | ||
427 | } | ||
428 | if (move == UP) | ||
429 | p = MHD__asn1_find_up (p); | ||
430 | } | ||
431 | |||
432 | return ASN1_SUCCESS; | ||
433 | } | ||
434 | |||
435 | |||
436 | static MHD__asn1_retCode | ||
437 | MHD__asn1_expand_identifier (node_asn ** node, node_asn * root) | ||
438 | { | ||
439 | node_asn *p, *p2, *p3; | ||
440 | char name2[MAX_NAME_SIZE + 2]; | ||
441 | int move; | ||
442 | |||
443 | if (node == NULL) | ||
444 | return ASN1_ELEMENT_NOT_FOUND; | ||
445 | |||
446 | p = *node; | ||
447 | move = DOWN; | ||
448 | |||
449 | while (!((p == *node) && (move == UP))) | ||
450 | { | ||
451 | if (move != UP) | ||
452 | { | ||
453 | if (type_field (p->type) == TYPE_IDENTIFIER) | ||
454 | { | ||
455 | MHD__asn1_str_cpy (name2, sizeof (name2), root->name); | ||
456 | MHD__asn1_str_cat (name2, sizeof (name2), "."); | ||
457 | MHD__asn1_str_cat (name2, sizeof (name2), | ||
458 | (const char *) p->value); | ||
459 | p2 = MHD__asn1_copy_structure2 (root, name2); | ||
460 | if (p2 == NULL) | ||
461 | { | ||
462 | return ASN1_IDENTIFIER_NOT_FOUND; | ||
463 | } | ||
464 | MHD__asn1_set_name (p2, p->name); | ||
465 | p2->right = p->right; | ||
466 | p2->left = p->left; | ||
467 | if (p->right) | ||
468 | p->right->left = p2; | ||
469 | p3 = p->down; | ||
470 | if (p3) | ||
471 | { | ||
472 | while (p3->right) | ||
473 | p3 = p3->right; | ||
474 | MHD__asn1_set_right (p3, p2->down); | ||
475 | MHD__asn1_set_down (p2, p->down); | ||
476 | } | ||
477 | |||
478 | p3 = MHD__asn1_find_left (p); | ||
479 | if (p3) | ||
480 | MHD__asn1_set_right (p3, p2); | ||
481 | else | ||
482 | { | ||
483 | p3 = MHD__asn1_find_up (p); | ||
484 | if (p3) | ||
485 | MHD__asn1_set_down (p3, p2); | ||
486 | else | ||
487 | { | ||
488 | p2->left = NULL; | ||
489 | } | ||
490 | } | ||
491 | |||
492 | if (p->type & CONST_SIZE) | ||
493 | p2->type |= CONST_SIZE; | ||
494 | if (p->type & CONST_TAG) | ||
495 | p2->type |= CONST_TAG; | ||
496 | if (p->type & CONST_OPTION) | ||
497 | p2->type |= CONST_OPTION; | ||
498 | if (p->type & CONST_DEFAULT) | ||
499 | p2->type |= CONST_DEFAULT; | ||
500 | if (p->type & CONST_SET) | ||
501 | p2->type |= CONST_SET; | ||
502 | if (p->type & CONST_NOT_USED) | ||
503 | p2->type |= CONST_NOT_USED; | ||
504 | |||
505 | if (p == *node) | ||
506 | *node = p2; | ||
507 | MHD__asn1_remove_node (p); | ||
508 | p = p2; | ||
509 | move = DOWN; | ||
510 | continue; | ||
511 | } | ||
512 | move = DOWN; | ||
513 | } | ||
514 | else | ||
515 | move = RIGHT; | ||
516 | |||
517 | if (move == DOWN) | ||
518 | { | ||
519 | if (p->down) | ||
520 | p = p->down; | ||
521 | else | ||
522 | move = RIGHT; | ||
523 | } | ||
524 | |||
525 | if (p == *node) | ||
526 | { | ||
527 | move = UP; | ||
528 | continue; | ||
529 | } | ||
530 | |||
531 | if (move == RIGHT) | ||
532 | { | ||
533 | if (p->right) | ||
534 | p = p->right; | ||
535 | else | ||
536 | move = UP; | ||
537 | } | ||
538 | if (move == UP) | ||
539 | p = MHD__asn1_find_up (p); | ||
540 | } | ||
541 | |||
542 | return ASN1_SUCCESS; | ||
543 | } | ||
544 | |||
545 | |||
546 | /** | ||
547 | * MHD__asn1_create_element - Creates a structure of type SOURCE_NAME. | ||
548 | * @definitions: pointer to the structure returned by "parser_asn1" function | ||
549 | * @source_name: the name of the type of the new structure (must be | ||
550 | * inside p_structure). | ||
551 | * @element: pointer to the structure created. | ||
552 | * | ||
553 | * Creates a structure of type @source_name. Example using | ||
554 | * "pkix.asn": | ||
555 | * | ||
556 | * rc = MHD__asn1_create_structure(cert_def, "PKIX1.Certificate", | ||
557 | * certptr); | ||
558 | * | ||
559 | * Returns: | ||
560 | * | ||
561 | * ASN1_SUCCESS: Creation OK. | ||
562 | * | ||
563 | * ASN1_ELEMENT_NOT_FOUND: SOURCE_NAME isn't known | ||
564 | **/ | ||
565 | MHD__asn1_retCode | ||
566 | MHD__asn1_create_element (ASN1_TYPE definitions, const char *source_name, | ||
567 | ASN1_TYPE * element) | ||
568 | { | ||
569 | node_asn *dest_node; | ||
570 | int res; | ||
571 | |||
572 | dest_node = MHD__asn1_copy_structure2 (definitions, source_name); | ||
573 | |||
574 | if (dest_node == NULL) | ||
575 | return ASN1_ELEMENT_NOT_FOUND; | ||
576 | |||
577 | MHD__asn1_set_name (dest_node, ""); | ||
578 | |||
579 | res = MHD__asn1_expand_identifier (&dest_node, definitions); | ||
580 | MHD__asn1_type_choice_config (dest_node); | ||
581 | |||
582 | *element = dest_node; | ||
583 | |||
584 | return res; | ||
585 | } | ||
diff --git a/src/daemon/https/minitasn1/structure.h b/src/daemon/https/minitasn1/structure.h deleted file mode 100644 index c447fc92..00000000 --- a/src/daemon/https/minitasn1/structure.h +++ /dev/null | |||
@@ -1,18 +0,0 @@ | |||
1 | |||
2 | /*************************************************/ | ||
3 | /* File: structure.h */ | ||
4 | /* Description: list of exported object by */ | ||
5 | /* "structure.c" */ | ||
6 | /*************************************************/ | ||
7 | |||
8 | #ifndef _STRUCTURE_H | ||
9 | #define _STRUCTURE_H | ||
10 | |||
11 | node_asn *MHD__asn1_copy_structure3 (node_asn * source_node); | ||
12 | |||
13 | |||
14 | node_asn *MHD__asn1_add_node_only (unsigned int type); | ||
15 | |||
16 | node_asn *MHD__asn1_find_left (node_asn * node); | ||
17 | |||
18 | #endif | ||
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am deleted file mode 100644 index d6bb8307..00000000 --- a/src/daemon/https/tls/Makefile.am +++ /dev/null | |||
@@ -1,100 +0,0 @@ | |||
1 | AM_CPPFLAGS = \ | ||
2 | -I$(top_srcdir)/src/include \ | ||
3 | -I$(top_srcdir)/src/daemon/ \ | ||
4 | -I$(top_srcdir)/src/daemon/https \ | ||
5 | -I$(top_srcdir)/src/daemon/https/tls \ | ||
6 | -I$(top_srcdir)/src/daemon/https/lgl \ | ||
7 | -I$(top_srcdir)/src/daemon/https/minitasn1 \ | ||
8 | -I$(top_srcdir)/src/daemon/https/x509 \ | ||
9 | @LIBGCRYPT_CFLAGS@ | ||
10 | |||
11 | if USE_COVERAGE | ||
12 | AM_CFLAGS = -fprofile-arcs -ftest-coverage | ||
13 | endif | ||
14 | |||
15 | noinst_LTLIBRARIES = libtls.la | ||
16 | |||
17 | libtls_la_SOURCES = \ | ||
18 | auth_cert.c \ | ||
19 | auth_dhe.c \ | ||
20 | auth_dh_common.c \ | ||
21 | auth_rsa.c \ | ||
22 | auth_rsa_export.c \ | ||
23 | debug.c \ | ||
24 | defines.h \ | ||
25 | ext_cert_type.c \ | ||
26 | ext_max_record.c \ | ||
27 | ext_server_name.c \ | ||
28 | gnutls_alert.c \ | ||
29 | gnutls_algorithms.c \ | ||
30 | gnutls_asn1_tab.c \ | ||
31 | gnutls_auth.c \ | ||
32 | gnutls_buffers.c \ | ||
33 | gnutls_cert.c \ | ||
34 | gnutls_cipher.c \ | ||
35 | gnutls_cipher_int.c \ | ||
36 | gnutls_constate.c \ | ||
37 | gnutls_datum.c \ | ||
38 | gnutls_dh.c \ | ||
39 | gnutls_dh_primes.c \ | ||
40 | gnutls_errors.c \ | ||
41 | gnutls_extensions.c \ | ||
42 | gnutls_global.c \ | ||
43 | gnutls_handshake.c \ | ||
44 | gnutls_hash_int.c \ | ||
45 | gnutls_kx.c \ | ||
46 | gnutls_mem.c \ | ||
47 | gnutls_mpi.c \ | ||
48 | gnutls_num.c \ | ||
49 | gnutls_pk.c \ | ||
50 | gnutls_priority.c \ | ||
51 | gnutls_record.c \ | ||
52 | gnutls_rsa_export.c \ | ||
53 | gnutls_sig.c \ | ||
54 | gnutls_state.c \ | ||
55 | gnutls_str.c \ | ||
56 | gnutls_supplemental.c \ | ||
57 | gnutls_ui.c \ | ||
58 | gnutls_x509.c \ | ||
59 | pkix_asn1_tab.c \ | ||
60 | x509_b64.c \ | ||
61 | auth_cert.h \ | ||
62 | auth_dh_common.h \ | ||
63 | debug.h \ | ||
64 | defines.h \ | ||
65 | ext_cert_type.h \ | ||
66 | ext_max_record.h \ | ||
67 | ext_server_name.h \ | ||
68 | gnutls_algorithms.h \ | ||
69 | gnutls_auth.h \ | ||
70 | gnutls_auth_int.h \ | ||
71 | gnutls_buffers.h \ | ||
72 | gnutls_cert.h \ | ||
73 | gnutls_cipher.h \ | ||
74 | gnutls_cipher_int.h \ | ||
75 | gnutls_constate.h \ | ||
76 | gnutls_datum.h \ | ||
77 | gnutls_dh.h \ | ||
78 | gnutls_errors.h \ | ||
79 | gnutls_extensions.h \ | ||
80 | gnutls_global.h \ | ||
81 | gnutls_handshake.h \ | ||
82 | gnutls_hash_int.h \ | ||
83 | gnutls_int.h \ | ||
84 | gnutls_kx.h \ | ||
85 | gnutls_mem.h \ | ||
86 | gnutls_mpi.h \ | ||
87 | gnutls_num.h \ | ||
88 | gnutls_pk.h \ | ||
89 | gnutls_record.h \ | ||
90 | gnutls_rsa_export.h \ | ||
91 | gnutls_sig.h \ | ||
92 | gnutls_state.h \ | ||
93 | gnutls_str.h \ | ||
94 | gnutls_supplemental.h \ | ||
95 | gnutls_x509.h \ | ||
96 | x509_b64.h \ | ||
97 | memmem.c \ | ||
98 | str-two-way.h | ||
99 | libtls_la_LIBADD = @LIBGCRYPT_LIBS@ | ||
100 | |||
diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c deleted file mode 100644 index f4a784b5..00000000 --- a/src/daemon/https/tls/auth_cert.c +++ /dev/null | |||
@@ -1,1329 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* The certificate authentication functions which are needed in the handshake, | ||
26 | * and are common to RSA and DHE key exchange, are in this file. | ||
27 | */ | ||
28 | |||
29 | #include <gnutls_int.h> | ||
30 | #include "gnutls_auth_int.h" | ||
31 | #include "gnutls_errors.h" | ||
32 | #include <gnutls_cert.h> | ||
33 | #include <auth_cert.h> | ||
34 | #include "gnutls_dh.h" | ||
35 | #include "gnutls_num.h" | ||
36 | #include "libtasn1.h" | ||
37 | #include "gnutls_datum.h" | ||
38 | #include <gnutls_pk.h> | ||
39 | #include <gnutls_algorithms.h> | ||
40 | #include <gnutls_global.h> | ||
41 | #include <gnutls_record.h> | ||
42 | #include <gnutls_sig.h> | ||
43 | #include <gnutls_state.h> | ||
44 | #include <gnutls_pk.h> | ||
45 | #include <gnutls_x509.h> | ||
46 | #include "debug.h" | ||
47 | |||
48 | static MHD_gnutls_cert *alloc_and_load_x509_certs (MHD_gnutls_x509_crt_t * | ||
49 | certs, unsigned); | ||
50 | static MHD_gnutls_privkey *alloc_and_load_x509_key (MHD_gnutls_x509_privkey_t | ||
51 | key); | ||
52 | |||
53 | |||
54 | /* Copies data from a internal certificate struct (MHD_gnutls_cert) to | ||
55 | * exported certificate struct (cert_auth_info_t) | ||
56 | */ | ||
57 | static int | ||
58 | MHD__gnutls_copy_certificate_auth_info (cert_auth_info_t info, | ||
59 | MHD_gnutls_cert * cert, int ncerts) | ||
60 | { | ||
61 | /* Copy peer's information to auth_info_t | ||
62 | */ | ||
63 | int ret, i, j; | ||
64 | |||
65 | if (ncerts == 0) | ||
66 | { | ||
67 | info->raw_certificate_list = NULL; | ||
68 | info->ncerts = 0; | ||
69 | return 0; | ||
70 | } | ||
71 | |||
72 | info->raw_certificate_list = | ||
73 | MHD_gnutls_calloc (1, sizeof (MHD_gnutls_datum_t) * ncerts); | ||
74 | if (info->raw_certificate_list == NULL) | ||
75 | { | ||
76 | MHD_gnutls_assert (); | ||
77 | return GNUTLS_E_MEMORY_ERROR; | ||
78 | } | ||
79 | |||
80 | for (i = 0; i < ncerts; i++) | ||
81 | { | ||
82 | if (cert->raw.size > 0) | ||
83 | { | ||
84 | ret = | ||
85 | MHD__gnutls_set_datum (&info->raw_certificate_list[i], | ||
86 | cert[i].raw.data, cert[i].raw.size); | ||
87 | if (ret < 0) | ||
88 | { | ||
89 | MHD_gnutls_assert (); | ||
90 | goto clear; | ||
91 | } | ||
92 | } | ||
93 | } | ||
94 | info->ncerts = ncerts; | ||
95 | |||
96 | return 0; | ||
97 | |||
98 | clear: | ||
99 | |||
100 | for (j = 0; j < i; j++) | ||
101 | MHD__gnutls_free_datum (&info->raw_certificate_list[j]); | ||
102 | |||
103 | MHD_gnutls_free (info->raw_certificate_list); | ||
104 | info->raw_certificate_list = NULL; | ||
105 | |||
106 | return ret; | ||
107 | } | ||
108 | |||
109 | |||
110 | |||
111 | |||
112 | /* returns 0 if the algo_to-check exists in the pk_algos list, | ||
113 | * -1 otherwise. | ||
114 | */ | ||
115 | inline static int | ||
116 | MHD__gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm | ||
117 | *pk_algos, int pk_algos_length, | ||
118 | enum MHD_GNUTLS_PublicKeyAlgorithm | ||
119 | algo_to_check) | ||
120 | { | ||
121 | int i; | ||
122 | for (i = 0; i < pk_algos_length; i++) | ||
123 | { | ||
124 | if (algo_to_check == pk_algos[i]) | ||
125 | { | ||
126 | return 0; | ||
127 | } | ||
128 | } | ||
129 | return -1; | ||
130 | } | ||
131 | |||
132 | |||
133 | /* Returns the issuer's Distinguished name in odn, of the certificate | ||
134 | * specified in cert. | ||
135 | */ | ||
136 | static int | ||
137 | MHD__gnutls_cert_get_issuer_dn (MHD_gnutls_cert * cert, | ||
138 | MHD_gnutls_datum_t * odn) | ||
139 | { | ||
140 | ASN1_TYPE dn; | ||
141 | int len, result; | ||
142 | int start, end; | ||
143 | |||
144 | if ((result = MHD__asn1_create_element | ||
145 | (MHD__gnutls_get_pkix (), "PKIX1.Certificate", &dn)) != ASN1_SUCCESS) | ||
146 | { | ||
147 | MHD_gnutls_assert (); | ||
148 | return MHD_gtls_asn2err (result); | ||
149 | } | ||
150 | |||
151 | result = MHD__asn1_der_decoding (&dn, cert->raw.data, cert->raw.size, NULL); | ||
152 | if (result != ASN1_SUCCESS) | ||
153 | { | ||
154 | /* couldn't decode DER */ | ||
155 | MHD_gnutls_assert (); | ||
156 | MHD__asn1_delete_structure (&dn); | ||
157 | return MHD_gtls_asn2err (result); | ||
158 | } | ||
159 | |||
160 | result = | ||
161 | MHD__asn1_der_decoding_startEnd (dn, cert->raw.data, cert->raw.size, | ||
162 | "tbsCertificate.issuer", &start, &end); | ||
163 | |||
164 | if (result != ASN1_SUCCESS) | ||
165 | { | ||
166 | /* couldn't decode DER */ | ||
167 | MHD_gnutls_assert (); | ||
168 | MHD__asn1_delete_structure (&dn); | ||
169 | return MHD_gtls_asn2err (result); | ||
170 | } | ||
171 | MHD__asn1_delete_structure (&dn); | ||
172 | |||
173 | len = end - start + 1; | ||
174 | |||
175 | odn->size = len; | ||
176 | odn->data = &cert->raw.data[start]; | ||
177 | |||
178 | return 0; | ||
179 | } | ||
180 | |||
181 | |||
182 | /* Locates the most appropriate x509 certificate using the | ||
183 | * given DN. If indx == -1 then no certificate was found. | ||
184 | * | ||
185 | * That is to guess which certificate to use, based on the | ||
186 | * CAs and sign algorithms supported by the peer server. | ||
187 | */ | ||
188 | static int | ||
189 | _find_x509_cert (const MHD_gtls_cert_credentials_t cred, | ||
190 | opaque * _data, size_t _data_size, | ||
191 | const enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos, | ||
192 | int pk_algos_length, int *indx) | ||
193 | { | ||
194 | unsigned size; | ||
195 | MHD_gnutls_datum_t odn; | ||
196 | opaque *data = _data; | ||
197 | ssize_t data_size = _data_size; | ||
198 | unsigned i, j; | ||
199 | int result, cert_pk; | ||
200 | |||
201 | *indx = -1; | ||
202 | odn.size = 0; | ||
203 | odn.data = NULL; | ||
204 | do | ||
205 | { | ||
206 | |||
207 | DECR_LENGTH_RET (data_size, 2, 0); | ||
208 | size = MHD_gtls_read_uint16 (data); | ||
209 | DECR_LENGTH_RET (data_size, size, 0); | ||
210 | data += 2; | ||
211 | |||
212 | for (i = 0; i < cred->ncerts; i++) | ||
213 | { | ||
214 | for (j = 0; j < cred->cert_list_length[i]; j++) | ||
215 | { | ||
216 | if ((result = | ||
217 | MHD__gnutls_cert_get_issuer_dn (&cred->cert_list[i][j], | ||
218 | &odn)) != 0) | ||
219 | { | ||
220 | MHD_gnutls_assert (); | ||
221 | return result; | ||
222 | } | ||
223 | |||
224 | if (odn.size != size) | ||
225 | continue; | ||
226 | |||
227 | /* If the DN matches and | ||
228 | * the *_SIGN algorithm matches | ||
229 | * the cert is our cert! | ||
230 | */ | ||
231 | cert_pk = cred->cert_list[i][0].subject_pk_algorithm; | ||
232 | |||
233 | if ((memcmp (odn.data, data, size) == 0) && | ||
234 | (MHD__gnutls_check_pk_algo_in_list | ||
235 | (pk_algos, pk_algos_length, cert_pk) == 0)) | ||
236 | { | ||
237 | *indx = i; | ||
238 | break; | ||
239 | } | ||
240 | } | ||
241 | if (*indx != -1) | ||
242 | break; | ||
243 | } | ||
244 | |||
245 | if (*indx != -1) | ||
246 | break; | ||
247 | |||
248 | /* move to next record */ | ||
249 | data += size; | ||
250 | |||
251 | } | ||
252 | while (1); | ||
253 | |||
254 | return 0; | ||
255 | |||
256 | } | ||
257 | |||
258 | /* Returns the number of issuers in the server's | ||
259 | * certificate request packet. | ||
260 | */ | ||
261 | static int | ||
262 | get_issuers_num (MHD_gtls_session_t session, opaque * data, ssize_t data_size) | ||
263 | { | ||
264 | int issuers_dn_len = 0, result; | ||
265 | unsigned size; | ||
266 | |||
267 | /* Count the number of the given issuers; | ||
268 | * This is used to allocate the issuers_dn without | ||
269 | * using realloc(). | ||
270 | */ | ||
271 | |||
272 | if (data_size == 0 || data == NULL) | ||
273 | return 0; | ||
274 | |||
275 | if (data_size > 0) | ||
276 | do | ||
277 | { | ||
278 | /* This works like DECR_LEN() | ||
279 | */ | ||
280 | result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
281 | DECR_LENGTH_COM (data_size, 2, goto error); | ||
282 | size = MHD_gtls_read_uint16 (data); | ||
283 | |||
284 | result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
285 | DECR_LENGTH_COM (data_size, size, goto error); | ||
286 | |||
287 | data += 2; | ||
288 | |||
289 | if (size > 0) | ||
290 | { | ||
291 | issuers_dn_len++; | ||
292 | data += size; | ||
293 | } | ||
294 | |||
295 | if (data_size == 0) | ||
296 | break; | ||
297 | |||
298 | } | ||
299 | while (1); | ||
300 | |||
301 | return issuers_dn_len; | ||
302 | |||
303 | error: | ||
304 | return result; | ||
305 | } | ||
306 | |||
307 | /* Returns the issuers in the server's certificate request | ||
308 | * packet. | ||
309 | */ | ||
310 | static int | ||
311 | get_issuers (MHD_gtls_session_t session, | ||
312 | MHD_gnutls_datum_t * issuers_dn, int issuers_len, | ||
313 | opaque * data, size_t data_size) | ||
314 | { | ||
315 | int i; | ||
316 | unsigned size; | ||
317 | |||
318 | if (MHD_gnutls_certificate_type_get (session) != MHD_GNUTLS_CRT_X509) | ||
319 | return 0; | ||
320 | |||
321 | /* put the requested DNs to req_dn, only in case | ||
322 | * of X509 certificates. | ||
323 | */ | ||
324 | if (issuers_len > 0) | ||
325 | { | ||
326 | |||
327 | for (i = 0; i < issuers_len; i++) | ||
328 | { | ||
329 | /* The checks here for the buffer boundaries | ||
330 | * are not needed since the buffer has been | ||
331 | * parsed above. | ||
332 | */ | ||
333 | data_size -= 2; | ||
334 | |||
335 | size = MHD_gtls_read_uint16 (data); | ||
336 | |||
337 | data += 2; | ||
338 | |||
339 | issuers_dn[i].data = data; | ||
340 | issuers_dn[i].size = size; | ||
341 | |||
342 | data += size; | ||
343 | } | ||
344 | } | ||
345 | |||
346 | return 0; | ||
347 | } | ||
348 | |||
349 | /* Calls the client get callback. | ||
350 | */ | ||
351 | static int | ||
352 | call_get_cert_callback (MHD_gtls_session_t session, | ||
353 | MHD_gnutls_datum_t * issuers_dn, | ||
354 | int issuers_dn_length, | ||
355 | enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos, | ||
356 | int pk_algos_length) | ||
357 | { | ||
358 | unsigned i; | ||
359 | MHD_gnutls_cert *local_certs = NULL; | ||
360 | MHD_gnutls_privkey *local_key = NULL; | ||
361 | MHD_gnutls_retr_st st; | ||
362 | int ret; | ||
363 | enum MHD_GNUTLS_CertificateType type = | ||
364 | MHD_gnutls_certificate_type_get (session); | ||
365 | MHD_gtls_cert_credentials_t cred; | ||
366 | |||
367 | cred = (MHD_gtls_cert_credentials_t) | ||
368 | MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
369 | if (cred == NULL) | ||
370 | { | ||
371 | MHD_gnutls_assert (); | ||
372 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
373 | } | ||
374 | |||
375 | memset (&st, 0, sizeof (st)); | ||
376 | |||
377 | if (session->security_parameters.entity == GNUTLS_SERVER) | ||
378 | { | ||
379 | ret = cred->server_get_cert_callback (session, &st); | ||
380 | } | ||
381 | else | ||
382 | { /* CLIENT */ | ||
383 | ret = | ||
384 | cred->client_get_cert_callback (session, | ||
385 | issuers_dn, issuers_dn_length, | ||
386 | pk_algos, pk_algos_length, &st); | ||
387 | } | ||
388 | |||
389 | if (ret < 0) | ||
390 | { | ||
391 | MHD_gnutls_assert (); | ||
392 | return GNUTLS_E_INTERNAL_ERROR; | ||
393 | } | ||
394 | |||
395 | if (st.ncerts == 0) | ||
396 | return 0; /* no certificate was selected */ | ||
397 | |||
398 | if (type != st.type) | ||
399 | { | ||
400 | MHD_gnutls_assert (); | ||
401 | ret = GNUTLS_E_INVALID_REQUEST; | ||
402 | goto cleanup; | ||
403 | } | ||
404 | |||
405 | if (type == MHD_GNUTLS_CRT_X509) | ||
406 | { | ||
407 | local_certs = alloc_and_load_x509_certs (st.cert.x509, st.ncerts); | ||
408 | if (local_certs != NULL) | ||
409 | local_key = alloc_and_load_x509_key (st.key.x509); | ||
410 | |||
411 | } | ||
412 | else | ||
413 | { /* PGP */ | ||
414 | MHD_gnutls_assert (); | ||
415 | ret = GNUTLS_E_INVALID_REQUEST; | ||
416 | goto cleanup; | ||
417 | } | ||
418 | |||
419 | MHD_gtls_selected_certs_set (session, local_certs, | ||
420 | (local_certs != NULL) ? st.ncerts : 0, | ||
421 | local_key, 1); | ||
422 | |||
423 | ret = 0; | ||
424 | |||
425 | cleanup: | ||
426 | |||
427 | if (st.type == MHD_GNUTLS_CRT_X509) | ||
428 | { | ||
429 | if (st.deinit_all) | ||
430 | { | ||
431 | for (i = 0; i < st.ncerts; i++) | ||
432 | { | ||
433 | MHD_gnutls_x509_crt_deinit (st.cert.x509[i]); | ||
434 | } | ||
435 | MHD_gnutls_free (st.cert.x509); | ||
436 | MHD_gnutls_x509_privkey_deinit (st.key.x509); | ||
437 | } | ||
438 | } | ||
439 | return ret; | ||
440 | } | ||
441 | |||
442 | /* Finds the appropriate certificate depending on the cA Distinguished name | ||
443 | * advertized by the server. If none matches then returns 0 and -1 as index. | ||
444 | * In case of an error a negative value, is returned. | ||
445 | * | ||
446 | * 20020128: added ability to select a certificate depending on the SIGN | ||
447 | * algorithm (only in automatic mode). | ||
448 | */ | ||
449 | static int | ||
450 | _select_client_cert (MHD_gtls_session_t session, | ||
451 | opaque * _data, size_t _data_size, | ||
452 | enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos, | ||
453 | int pk_algos_length) | ||
454 | { | ||
455 | int result; | ||
456 | int indx = -1; | ||
457 | MHD_gtls_cert_credentials_t cred; | ||
458 | opaque *data = _data; | ||
459 | ssize_t data_size = _data_size; | ||
460 | int issuers_dn_length; | ||
461 | MHD_gnutls_datum_t *issuers_dn = NULL; | ||
462 | |||
463 | cred = (MHD_gtls_cert_credentials_t) | ||
464 | MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
465 | if (cred == NULL) | ||
466 | { | ||
467 | MHD_gnutls_assert (); | ||
468 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
469 | } | ||
470 | |||
471 | if (cred->client_get_cert_callback != NULL) | ||
472 | { | ||
473 | |||
474 | /* use a callback to get certificate | ||
475 | */ | ||
476 | if (session->security_parameters.cert_type != MHD_GNUTLS_CRT_X509) | ||
477 | issuers_dn_length = 0; | ||
478 | else | ||
479 | { | ||
480 | issuers_dn_length = get_issuers_num (session, data, data_size); | ||
481 | if (issuers_dn_length < 0) | ||
482 | { | ||
483 | MHD_gnutls_assert (); | ||
484 | return issuers_dn_length; | ||
485 | } | ||
486 | |||
487 | if (issuers_dn_length > 0) | ||
488 | { | ||
489 | issuers_dn = | ||
490 | MHD_gnutls_malloc (sizeof (MHD_gnutls_datum_t) * | ||
491 | issuers_dn_length); | ||
492 | if (issuers_dn == NULL) | ||
493 | { | ||
494 | MHD_gnutls_assert (); | ||
495 | return GNUTLS_E_MEMORY_ERROR; | ||
496 | } | ||
497 | |||
498 | result = | ||
499 | get_issuers (session, issuers_dn, issuers_dn_length, | ||
500 | data, data_size); | ||
501 | if (result < 0) | ||
502 | { | ||
503 | MHD_gnutls_assert (); | ||
504 | goto cleanup; | ||
505 | } | ||
506 | } | ||
507 | } | ||
508 | |||
509 | result = | ||
510 | call_get_cert_callback (session, issuers_dn, issuers_dn_length, | ||
511 | pk_algos, pk_algos_length); | ||
512 | goto cleanup; | ||
513 | |||
514 | } | ||
515 | else | ||
516 | { | ||
517 | /* If we have no callbacks, try to guess. | ||
518 | */ | ||
519 | result = 0; | ||
520 | |||
521 | if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509) | ||
522 | result = | ||
523 | _find_x509_cert (cred, _data, _data_size, | ||
524 | pk_algos, pk_algos_length, &indx); | ||
525 | if (result < 0) | ||
526 | { | ||
527 | MHD_gnutls_assert (); | ||
528 | return result; | ||
529 | } | ||
530 | |||
531 | if (indx >= 0) | ||
532 | { | ||
533 | MHD_gtls_selected_certs_set (session, | ||
534 | &cred->cert_list[indx][0], | ||
535 | cred->cert_list_length[indx], | ||
536 | &cred->pkey[indx], 0); | ||
537 | } | ||
538 | else | ||
539 | { | ||
540 | MHD_gtls_selected_certs_set (session, NULL, 0, NULL, 0); | ||
541 | } | ||
542 | |||
543 | result = 0; | ||
544 | } | ||
545 | |||
546 | cleanup: | ||
547 | MHD_gnutls_free (issuers_dn); | ||
548 | return result; | ||
549 | |||
550 | } | ||
551 | |||
552 | /* Generate client certificate | ||
553 | */ | ||
554 | static int | ||
555 | MHD_gtls_gen_x509_crt (MHD_gtls_session_t session, opaque ** data) | ||
556 | { | ||
557 | int ret, i; | ||
558 | opaque *pdata; | ||
559 | MHD_gnutls_cert *apr_cert_list; | ||
560 | MHD_gnutls_privkey *apr_pkey; | ||
561 | int apr_cert_list_length; | ||
562 | |||
563 | /* find the appropriate certificate | ||
564 | */ | ||
565 | if ((ret = | ||
566 | MHD_gtls_get_selected_cert (session, &apr_cert_list, | ||
567 | &apr_cert_list_length, &apr_pkey)) < 0) | ||
568 | { | ||
569 | MHD_gnutls_assert (); | ||
570 | return ret; | ||
571 | } | ||
572 | |||
573 | ret = 3; | ||
574 | for (i = 0; i < apr_cert_list_length; i++) | ||
575 | { | ||
576 | ret += apr_cert_list[i].raw.size + 3; | ||
577 | /* hold size | ||
578 | * for uint24 */ | ||
579 | } | ||
580 | |||
581 | /* if no certificates were found then send: | ||
582 | * 0B 00 00 03 00 00 00 // Certificate with no certs | ||
583 | * instead of: | ||
584 | * 0B 00 00 00 // empty certificate handshake | ||
585 | * | ||
586 | * ( the above is the whole handshake message, not | ||
587 | * the one produced here ) | ||
588 | */ | ||
589 | |||
590 | (*data) = MHD_gnutls_malloc (ret); | ||
591 | pdata = (*data); | ||
592 | |||
593 | if (pdata == NULL) | ||
594 | { | ||
595 | MHD_gnutls_assert (); | ||
596 | return GNUTLS_E_MEMORY_ERROR; | ||
597 | } | ||
598 | MHD_gtls_write_uint24 (ret - 3, pdata); | ||
599 | pdata += 3; | ||
600 | for (i = 0; i < apr_cert_list_length; i++) | ||
601 | { | ||
602 | MHD_gtls_write_datum24 (pdata, apr_cert_list[i].raw); | ||
603 | pdata += (3 + apr_cert_list[i].raw.size); | ||
604 | } | ||
605 | |||
606 | return ret; | ||
607 | } | ||
608 | |||
609 | int | ||
610 | MHD_gtls_gen_cert_client_certificate (MHD_gtls_session_t session, | ||
611 | opaque ** data) | ||
612 | { | ||
613 | switch (session->security_parameters.cert_type) | ||
614 | { | ||
615 | case MHD_GNUTLS_CRT_X509: | ||
616 | return MHD_gtls_gen_x509_crt (session, data); | ||
617 | |||
618 | default: | ||
619 | MHD_gnutls_assert (); | ||
620 | return GNUTLS_E_INTERNAL_ERROR; | ||
621 | } | ||
622 | } | ||
623 | |||
624 | int | ||
625 | MHD_gtls_gen_cert_server_certificate (MHD_gtls_session_t session, | ||
626 | opaque ** data) | ||
627 | { | ||
628 | switch (session->security_parameters.cert_type) | ||
629 | { | ||
630 | case MHD_GNUTLS_CRT_X509: | ||
631 | return MHD_gtls_gen_x509_crt (session, data); | ||
632 | default: | ||
633 | MHD_gnutls_assert (); | ||
634 | return GNUTLS_E_INTERNAL_ERROR; | ||
635 | } | ||
636 | } | ||
637 | |||
638 | /* Process server certificate | ||
639 | */ | ||
640 | |||
641 | #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) MHD_gtls_gcert_deinit(&peer_certificate_list[x]) | ||
642 | static int | ||
643 | MHD_gtls_proc_x509_server_certificate (MHD_gtls_session_t session, | ||
644 | opaque * data, size_t data_size) | ||
645 | { | ||
646 | int size, len, ret; | ||
647 | opaque *p = data; | ||
648 | cert_auth_info_t info; | ||
649 | MHD_gtls_cert_credentials_t cred; | ||
650 | ssize_t dsize = data_size; | ||
651 | int i, j, x; | ||
652 | MHD_gnutls_cert *peer_certificate_list; | ||
653 | int peer_certificate_list_size = 0; | ||
654 | MHD_gnutls_datum_t tmp; | ||
655 | |||
656 | cred = (MHD_gtls_cert_credentials_t) | ||
657 | MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
658 | if (cred == NULL) | ||
659 | { | ||
660 | MHD_gnutls_assert (); | ||
661 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
662 | } | ||
663 | |||
664 | |||
665 | if ((ret = | ||
666 | MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, | ||
667 | sizeof (cert_auth_info_st), 1)) < 0) | ||
668 | { | ||
669 | MHD_gnutls_assert (); | ||
670 | return ret; | ||
671 | } | ||
672 | |||
673 | info = MHD_gtls_get_auth_info (session); | ||
674 | |||
675 | if (data == NULL || data_size == 0) | ||
676 | { | ||
677 | MHD_gnutls_assert (); | ||
678 | /* no certificate was sent */ | ||
679 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | ||
680 | } | ||
681 | |||
682 | DECR_LEN (dsize, 3); | ||
683 | size = MHD_gtls_read_uint24 (p); | ||
684 | p += 3; | ||
685 | |||
686 | /* some implementations send 0B 00 00 06 00 00 03 00 00 00 | ||
687 | * instead of just 0B 00 00 03 00 00 00 as an empty certificate message. | ||
688 | */ | ||
689 | if (size == 0 || size == 3) | ||
690 | { | ||
691 | MHD_gnutls_assert (); | ||
692 | /* no certificate was sent */ | ||
693 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | ||
694 | } | ||
695 | |||
696 | i = dsize; | ||
697 | while (i > 0) | ||
698 | { | ||
699 | DECR_LEN (dsize, 3); | ||
700 | len = MHD_gtls_read_uint24 (p); | ||
701 | p += 3; | ||
702 | DECR_LEN (dsize, len); | ||
703 | peer_certificate_list_size++; | ||
704 | p += len; | ||
705 | i -= len + 3; | ||
706 | } | ||
707 | |||
708 | if (peer_certificate_list_size == 0) | ||
709 | { | ||
710 | MHD_gnutls_assert (); | ||
711 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | ||
712 | } | ||
713 | |||
714 | /* Ok we now allocate the memory to hold the | ||
715 | * certificate list | ||
716 | */ | ||
717 | |||
718 | peer_certificate_list = | ||
719 | MHD_gnutls_malloc (sizeof (MHD_gnutls_cert) * | ||
720 | (peer_certificate_list_size)); | ||
721 | |||
722 | if (peer_certificate_list == NULL) | ||
723 | { | ||
724 | MHD_gnutls_assert (); | ||
725 | return GNUTLS_E_MEMORY_ERROR; | ||
726 | } | ||
727 | memset (peer_certificate_list, 0, sizeof (MHD_gnutls_cert) * | ||
728 | peer_certificate_list_size); | ||
729 | |||
730 | p = data + 3; | ||
731 | |||
732 | /* Now we start parsing the list (again). | ||
733 | * We don't use DECR_LEN since the list has | ||
734 | * been parsed before. | ||
735 | */ | ||
736 | |||
737 | for (j = 0; j < peer_certificate_list_size; j++) | ||
738 | { | ||
739 | len = MHD_gtls_read_uint24 (p); | ||
740 | p += 3; | ||
741 | |||
742 | tmp.size = len; | ||
743 | tmp.data = p; | ||
744 | |||
745 | if ((ret = | ||
746 | MHD_gtls_x509_raw_cert_to_gcert (&peer_certificate_list | ||
747 | [j], &tmp, | ||
748 | CERT_ONLY_EXTENSIONS)) < 0) | ||
749 | { | ||
750 | MHD_gnutls_assert (); | ||
751 | goto cleanup; | ||
752 | } | ||
753 | |||
754 | p += len; | ||
755 | } | ||
756 | |||
757 | |||
758 | if ((ret = | ||
759 | MHD__gnutls_copy_certificate_auth_info (info, | ||
760 | peer_certificate_list, | ||
761 | peer_certificate_list_size)) < | ||
762 | 0) | ||
763 | { | ||
764 | MHD_gnutls_assert (); | ||
765 | goto cleanup; | ||
766 | } | ||
767 | |||
768 | if ((ret = | ||
769 | MHD__gnutls_check_key_usage (&peer_certificate_list[0], | ||
770 | MHD_gnutls_kx_get (session))) < 0) | ||
771 | { | ||
772 | MHD_gnutls_assert (); | ||
773 | goto cleanup; | ||
774 | } | ||
775 | |||
776 | ret = 0; | ||
777 | |||
778 | cleanup: | ||
779 | CLEAR_CERTS; | ||
780 | MHD_gnutls_free (peer_certificate_list); | ||
781 | return ret; | ||
782 | |||
783 | } | ||
784 | |||
785 | #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) MHD_gtls_gcert_deinit(&peer_certificate_list[x]) | ||
786 | |||
787 | int | ||
788 | MHD_gtls_proc_cert_server_certificate (MHD_gtls_session_t session, | ||
789 | opaque * data, size_t data_size) | ||
790 | { | ||
791 | switch (session->security_parameters.cert_type) | ||
792 | { | ||
793 | case MHD_GNUTLS_CRT_X509: | ||
794 | return MHD_gtls_proc_x509_server_certificate (session, data, data_size); | ||
795 | default: | ||
796 | MHD_gnutls_assert (); | ||
797 | return GNUTLS_E_INTERNAL_ERROR; | ||
798 | } | ||
799 | } | ||
800 | |||
801 | #define MAX_SIGN_ALGOS 2 | ||
802 | typedef enum CertificateSigType | ||
803 | { RSA_SIGN = 1, DSA_SIGN | ||
804 | } CertificateSigType; | ||
805 | |||
806 | /* Checks if we support the given signature algorithm | ||
807 | * (RSA or DSA). Returns the corresponding enum MHD_GNUTLS_PublicKeyAlgorithm | ||
808 | * if true; | ||
809 | */ | ||
810 | inline static int | ||
811 | MHD__gnutls_check_supported_sign_algo (CertificateSigType algo) | ||
812 | { | ||
813 | switch (algo) | ||
814 | { | ||
815 | case RSA_SIGN: | ||
816 | return MHD_GNUTLS_PK_RSA; | ||
817 | default: | ||
818 | return -1; | ||
819 | } | ||
820 | } | ||
821 | |||
822 | int | ||
823 | MHD_gtls_proc_cert_cert_req (MHD_gtls_session_t session, opaque * data, | ||
824 | size_t data_size) | ||
825 | { | ||
826 | int size, ret; | ||
827 | opaque *p; | ||
828 | MHD_gtls_cert_credentials_t cred; | ||
829 | ssize_t dsize; | ||
830 | int i, j; | ||
831 | enum MHD_GNUTLS_PublicKeyAlgorithm pk_algos[MAX_SIGN_ALGOS]; | ||
832 | int pk_algos_length; | ||
833 | enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session); | ||
834 | |||
835 | cred = (MHD_gtls_cert_credentials_t) | ||
836 | MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
837 | if (cred == NULL) | ||
838 | { | ||
839 | MHD_gnutls_assert (); | ||
840 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
841 | } | ||
842 | |||
843 | if ((ret = | ||
844 | MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, | ||
845 | sizeof (cert_auth_info_st), 0)) < 0) | ||
846 | { | ||
847 | MHD_gnutls_assert (); | ||
848 | return ret; | ||
849 | } | ||
850 | |||
851 | p = data; | ||
852 | dsize = data_size; | ||
853 | |||
854 | DECR_LEN (dsize, 1); | ||
855 | size = p[0]; | ||
856 | p++; | ||
857 | /* check if the sign algorithm is supported. | ||
858 | */ | ||
859 | pk_algos_length = j = 0; | ||
860 | for (i = 0; i < size; i++, p++) | ||
861 | { | ||
862 | DECR_LEN (dsize, 1); | ||
863 | if ((ret = MHD__gnutls_check_supported_sign_algo (*p)) > 0) | ||
864 | { | ||
865 | if (j < MAX_SIGN_ALGOS) | ||
866 | { | ||
867 | pk_algos[j++] = ret; | ||
868 | pk_algos_length++; | ||
869 | } | ||
870 | } | ||
871 | } | ||
872 | |||
873 | if (pk_algos_length == 0) | ||
874 | { | ||
875 | MHD_gnutls_assert (); | ||
876 | return GNUTLS_E_UNKNOWN_PK_ALGORITHM; | ||
877 | } | ||
878 | |||
879 | if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2) | ||
880 | { | ||
881 | /* read supported hashes */ | ||
882 | int hash_num; | ||
883 | DECR_LEN (dsize, 1); | ||
884 | |||
885 | hash_num = p[0] & 0xFF; | ||
886 | p++; | ||
887 | |||
888 | DECR_LEN (dsize, hash_num); | ||
889 | p += hash_num; | ||
890 | } | ||
891 | |||
892 | /* read the certificate authorities */ | ||
893 | DECR_LEN (dsize, 2); | ||
894 | size = MHD_gtls_read_uint16 (p); | ||
895 | p += 2; | ||
896 | |||
897 | DECR_LEN (dsize, size); | ||
898 | |||
899 | /* now we ask the user to tell which one | ||
900 | * he wants to use. | ||
901 | */ | ||
902 | if ((ret = | ||
903 | _select_client_cert (session, p, size, pk_algos, pk_algos_length)) < 0) | ||
904 | { | ||
905 | MHD_gnutls_assert (); | ||
906 | return ret; | ||
907 | } | ||
908 | |||
909 | /* We should reply with a certificate message, | ||
910 | * even if we have no certificate to send. | ||
911 | */ | ||
912 | session->key->certificate_requested = 1; | ||
913 | |||
914 | return 0; | ||
915 | } | ||
916 | |||
917 | int | ||
918 | MHD_gtls_gen_cert_client_cert_vrfy (MHD_gtls_session_t session, | ||
919 | opaque ** data) | ||
920 | { | ||
921 | int ret; | ||
922 | MHD_gnutls_cert *apr_cert_list; | ||
923 | MHD_gnutls_privkey *apr_pkey; | ||
924 | int apr_cert_list_length, size; | ||
925 | MHD_gnutls_datum_t signature; | ||
926 | |||
927 | *data = NULL; | ||
928 | |||
929 | /* find the appropriate certificate */ | ||
930 | if ((ret = | ||
931 | MHD_gtls_get_selected_cert (session, &apr_cert_list, | ||
932 | &apr_cert_list_length, &apr_pkey)) < 0) | ||
933 | { | ||
934 | MHD_gnutls_assert (); | ||
935 | return ret; | ||
936 | } | ||
937 | |||
938 | if (apr_cert_list_length > 0) | ||
939 | { | ||
940 | if ((ret = | ||
941 | MHD_gtls_tls_sign_hdata (session, | ||
942 | &apr_cert_list[0], | ||
943 | apr_pkey, &signature)) < 0) | ||
944 | { | ||
945 | MHD_gnutls_assert (); | ||
946 | return ret; | ||
947 | } | ||
948 | } | ||
949 | else | ||
950 | { | ||
951 | return 0; | ||
952 | } | ||
953 | |||
954 | *data = MHD_gnutls_malloc (signature.size + 2); | ||
955 | if (*data == NULL) | ||
956 | { | ||
957 | MHD__gnutls_free_datum (&signature); | ||
958 | return GNUTLS_E_MEMORY_ERROR; | ||
959 | } | ||
960 | size = signature.size; | ||
961 | MHD_gtls_write_uint16 (size, *data); | ||
962 | |||
963 | memcpy (&(*data)[2], signature.data, size); | ||
964 | |||
965 | MHD__gnutls_free_datum (&signature); | ||
966 | |||
967 | return size + 2; | ||
968 | } | ||
969 | |||
970 | int | ||
971 | MHD_gtls_proc_cert_client_cert_vrfy (MHD_gtls_session_t session, | ||
972 | opaque * data, size_t data_size) | ||
973 | { | ||
974 | int size, ret; | ||
975 | ssize_t dsize = data_size; | ||
976 | opaque *pdata = data; | ||
977 | MHD_gnutls_datum_t sig; | ||
978 | cert_auth_info_t info = MHD_gtls_get_auth_info (session); | ||
979 | MHD_gnutls_cert peer_cert; | ||
980 | |||
981 | if (info == NULL || info->ncerts == 0) | ||
982 | { | ||
983 | MHD_gnutls_assert (); | ||
984 | /* we need this in order to get peer's certificate */ | ||
985 | return GNUTLS_E_INTERNAL_ERROR; | ||
986 | } | ||
987 | |||
988 | DECR_LEN (dsize, 2); | ||
989 | size = MHD_gtls_read_uint16 (pdata); | ||
990 | pdata += 2; | ||
991 | |||
992 | DECR_LEN (dsize, size); | ||
993 | |||
994 | sig.data = pdata; | ||
995 | sig.size = size; | ||
996 | |||
997 | ret = MHD_gtls_raw_cert_to_gcert (&peer_cert, | ||
998 | session->security_parameters.cert_type, | ||
999 | &info->raw_certificate_list[0], | ||
1000 | CERT_NO_COPY); | ||
1001 | |||
1002 | if (ret < 0) | ||
1003 | { | ||
1004 | MHD_gnutls_assert (); | ||
1005 | return ret; | ||
1006 | } | ||
1007 | |||
1008 | if ((ret = MHD_gtls_verify_sig_hdata (session, &peer_cert, &sig)) < 0) | ||
1009 | { | ||
1010 | MHD_gnutls_assert (); | ||
1011 | MHD_gtls_gcert_deinit (&peer_cert); | ||
1012 | return ret; | ||
1013 | } | ||
1014 | MHD_gtls_gcert_deinit (&peer_cert); | ||
1015 | |||
1016 | return 0; | ||
1017 | } | ||
1018 | |||
1019 | #define CERTTYPE_SIZE 3 | ||
1020 | int | ||
1021 | MHD_gtls_gen_cert_server_cert_req (MHD_gtls_session_t session, opaque ** data) | ||
1022 | { | ||
1023 | MHD_gtls_cert_credentials_t cred; | ||
1024 | int size; | ||
1025 | opaque *pdata; | ||
1026 | enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session); | ||
1027 | |||
1028 | /* Now we need to generate the RDN sequence. This is | ||
1029 | * already in the CERTIFICATE_CRED structure, to improve | ||
1030 | * performance. | ||
1031 | */ | ||
1032 | |||
1033 | cred = (MHD_gtls_cert_credentials_t) | ||
1034 | MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
1035 | if (cred == NULL) | ||
1036 | { | ||
1037 | MHD_gnutls_assert (); | ||
1038 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
1039 | } | ||
1040 | |||
1041 | size = CERTTYPE_SIZE + 2; /* 2 for enum MHD_GNUTLS_CertificateType + 2 for size of rdn_seq | ||
1042 | */ | ||
1043 | |||
1044 | if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509 && | ||
1045 | session->internals.ignore_rdn_sequence == 0) | ||
1046 | size += cred->x509_rdn_sequence.size; | ||
1047 | |||
1048 | if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2) | ||
1049 | /* Need at least one byte to announce the number of supported hash | ||
1050 | functions (see below). */ | ||
1051 | size += 1; | ||
1052 | |||
1053 | (*data) = MHD_gnutls_malloc (size); | ||
1054 | pdata = (*data); | ||
1055 | |||
1056 | if (pdata == NULL) | ||
1057 | { | ||
1058 | MHD_gnutls_assert (); | ||
1059 | return GNUTLS_E_MEMORY_ERROR; | ||
1060 | } | ||
1061 | |||
1062 | pdata[0] = CERTTYPE_SIZE - 1; | ||
1063 | |||
1064 | pdata[1] = RSA_SIGN; | ||
1065 | pdata[2] = DSA_SIGN; /* only these for now */ | ||
1066 | pdata += CERTTYPE_SIZE; | ||
1067 | |||
1068 | if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2) | ||
1069 | { | ||
1070 | /* Supported hashes (nothing for now -- FIXME). */ | ||
1071 | *pdata = 0; | ||
1072 | pdata++; | ||
1073 | } | ||
1074 | |||
1075 | if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509 && | ||
1076 | session->internals.ignore_rdn_sequence == 0) | ||
1077 | { | ||
1078 | MHD_gtls_write_datum16 (pdata, cred->x509_rdn_sequence); | ||
1079 | /* pdata += cred->x509_rdn_sequence.size + 2; */ | ||
1080 | } | ||
1081 | else | ||
1082 | { | ||
1083 | MHD_gtls_write_uint16 (0, pdata); | ||
1084 | /* pdata+=2; */ | ||
1085 | } | ||
1086 | |||
1087 | return size; | ||
1088 | } | ||
1089 | |||
1090 | |||
1091 | /* This function will return the appropriate certificate to use. | ||
1092 | * Fills in the apr_cert_list, apr_cert_list_length and apr_pkey. | ||
1093 | * The return value is a negative value on error. | ||
1094 | * | ||
1095 | * It is normal to return 0 with no certificates in client side. | ||
1096 | * | ||
1097 | */ | ||
1098 | int | ||
1099 | MHD_gtls_get_selected_cert (MHD_gtls_session_t session, | ||
1100 | MHD_gnutls_cert ** apr_cert_list, | ||
1101 | int *apr_cert_list_length, | ||
1102 | MHD_gnutls_privkey ** apr_pkey) | ||
1103 | { | ||
1104 | if (session->security_parameters.entity == GNUTLS_SERVER) | ||
1105 | { | ||
1106 | |||
1107 | /* select_client_cert() has been called before. | ||
1108 | */ | ||
1109 | |||
1110 | *apr_cert_list = session->internals.selected_cert_list; | ||
1111 | *apr_pkey = session->internals.selected_key; | ||
1112 | *apr_cert_list_length = session->internals.selected_cert_list_length; | ||
1113 | |||
1114 | if (*apr_cert_list_length == 0 || *apr_cert_list == NULL) | ||
1115 | { | ||
1116 | MHD_gnutls_assert (); | ||
1117 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
1118 | } | ||
1119 | |||
1120 | } | ||
1121 | else | ||
1122 | { /* CLIENT SIDE | ||
1123 | */ | ||
1124 | |||
1125 | /* we have already decided which certificate | ||
1126 | * to send. | ||
1127 | */ | ||
1128 | *apr_cert_list = session->internals.selected_cert_list; | ||
1129 | *apr_cert_list_length = session->internals.selected_cert_list_length; | ||
1130 | *apr_pkey = session->internals.selected_key; | ||
1131 | |||
1132 | } | ||
1133 | |||
1134 | return 0; | ||
1135 | } | ||
1136 | |||
1137 | /* converts the given x509 certificate to MHD_gnutls_cert* and allocates | ||
1138 | * space for them. | ||
1139 | */ | ||
1140 | static MHD_gnutls_cert * | ||
1141 | alloc_and_load_x509_certs (MHD_gnutls_x509_crt_t * certs, unsigned ncerts) | ||
1142 | { | ||
1143 | MHD_gnutls_cert *local_certs; | ||
1144 | int ret = 0; | ||
1145 | unsigned i, j; | ||
1146 | |||
1147 | if (certs == NULL) | ||
1148 | return NULL; | ||
1149 | |||
1150 | local_certs = MHD_gnutls_malloc (sizeof (MHD_gnutls_cert) * ncerts); | ||
1151 | if (local_certs == NULL) | ||
1152 | { | ||
1153 | MHD_gnutls_assert (); | ||
1154 | return NULL; | ||
1155 | } | ||
1156 | |||
1157 | for (i = 0; i < ncerts; i++) | ||
1158 | { | ||
1159 | ret = MHD_gtls_x509_crt_to_gcert (&local_certs[i], certs[i], 0); | ||
1160 | if (ret < 0) | ||
1161 | break; | ||
1162 | } | ||
1163 | |||
1164 | if (ret < 0) | ||
1165 | { | ||
1166 | MHD_gnutls_assert (); | ||
1167 | for (j = 0; j < i; j++) | ||
1168 | { | ||
1169 | MHD_gtls_gcert_deinit (&local_certs[j]); | ||
1170 | } | ||
1171 | MHD_gnutls_free (local_certs); | ||
1172 | return NULL; | ||
1173 | } | ||
1174 | |||
1175 | return local_certs; | ||
1176 | } | ||
1177 | |||
1178 | /* converts the given x509 key to MHD_gnutls_privkey* and allocates | ||
1179 | * space for it. | ||
1180 | */ | ||
1181 | static MHD_gnutls_privkey * | ||
1182 | alloc_and_load_x509_key (MHD_gnutls_x509_privkey_t key) | ||
1183 | { | ||
1184 | MHD_gnutls_privkey *local_key; | ||
1185 | int ret = 0; | ||
1186 | |||
1187 | if (key == NULL) | ||
1188 | return NULL; | ||
1189 | |||
1190 | local_key = MHD_gnutls_malloc (sizeof (MHD_gnutls_privkey)); | ||
1191 | if (local_key == NULL) | ||
1192 | { | ||
1193 | MHD_gnutls_assert (); | ||
1194 | return NULL; | ||
1195 | } | ||
1196 | |||
1197 | ret = MHD__gnutls_x509_privkey_to_gkey (local_key, key); | ||
1198 | if (ret < 0) | ||
1199 | { | ||
1200 | MHD_gnutls_assert (); | ||
1201 | return NULL; | ||
1202 | } | ||
1203 | |||
1204 | return local_key; | ||
1205 | } | ||
1206 | |||
1207 | void | ||
1208 | MHD_gtls_selected_certs_deinit (MHD_gtls_session_t session) | ||
1209 | { | ||
1210 | if (session->internals.selected_need_free != 0) | ||
1211 | { | ||
1212 | int i; | ||
1213 | |||
1214 | for (i = 0; i < session->internals.selected_cert_list_length; i++) | ||
1215 | { | ||
1216 | MHD_gtls_gcert_deinit (&session->internals.selected_cert_list[i]); | ||
1217 | } | ||
1218 | MHD_gnutls_free (session->internals.selected_cert_list); | ||
1219 | session->internals.selected_cert_list = NULL; | ||
1220 | session->internals.selected_cert_list_length = 0; | ||
1221 | |||
1222 | MHD_gtls_gkey_deinit (session->internals.selected_key); | ||
1223 | if (session->internals.selected_key) | ||
1224 | { | ||
1225 | MHD_gnutls_free (session->internals.selected_key); | ||
1226 | session->internals.selected_key = NULL; | ||
1227 | } | ||
1228 | } | ||
1229 | |||
1230 | return; | ||
1231 | } | ||
1232 | |||
1233 | void | ||
1234 | MHD_gtls_selected_certs_set (MHD_gtls_session_t session, | ||
1235 | MHD_gnutls_cert * certs, int ncerts, | ||
1236 | MHD_gnutls_privkey * key, int need_free) | ||
1237 | { | ||
1238 | MHD_gtls_selected_certs_deinit (session); | ||
1239 | |||
1240 | session->internals.selected_cert_list = certs; | ||
1241 | session->internals.selected_cert_list_length = ncerts; | ||
1242 | session->internals.selected_key = key; | ||
1243 | session->internals.selected_need_free = need_free; | ||
1244 | |||
1245 | } | ||
1246 | |||
1247 | |||
1248 | /* finds the most appropriate certificate in the cert list. | ||
1249 | * The 'appropriate' is defined by the user. | ||
1250 | * | ||
1251 | * requested_algo holds the parameters required by the peer (RSA, DSA | ||
1252 | * or -1 for any). | ||
1253 | * | ||
1254 | * Returns 0 on success and a negative value on error. The | ||
1255 | * selected certificate will be in session->internals.selected_*. | ||
1256 | * | ||
1257 | */ | ||
1258 | int | ||
1259 | MHD_gtls_server_select_cert (MHD_gtls_session_t session, | ||
1260 | enum MHD_GNUTLS_PublicKeyAlgorithm | ||
1261 | requested_algo) | ||
1262 | { | ||
1263 | unsigned i; | ||
1264 | int idx, ret; | ||
1265 | MHD_gtls_cert_credentials_t cred; | ||
1266 | |||
1267 | cred = (MHD_gtls_cert_credentials_t) | ||
1268 | MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
1269 | if (cred == NULL) | ||
1270 | { | ||
1271 | MHD_gnutls_assert (); | ||
1272 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
1273 | } | ||
1274 | |||
1275 | /* If the callback which retrieves certificate has been set, | ||
1276 | * use it and leave. | ||
1277 | */ | ||
1278 | if (cred->server_get_cert_callback != NULL) | ||
1279 | return call_get_cert_callback (session, NULL, 0, NULL, 0); | ||
1280 | |||
1281 | /* Otherwise... */ | ||
1282 | |||
1283 | ret = 0; | ||
1284 | idx = -1; /* default is use no certificate */ | ||
1285 | |||
1286 | |||
1287 | for (i = 0; i < cred->ncerts; i++) | ||
1288 | { | ||
1289 | /* find one compatible certificate | ||
1290 | */ | ||
1291 | if (requested_algo == GNUTLS_PK_ANY || | ||
1292 | requested_algo == cred->cert_list[i][0].subject_pk_algorithm) | ||
1293 | { | ||
1294 | /* if cert type matches | ||
1295 | */ | ||
1296 | if (session->security_parameters.cert_type == | ||
1297 | cred->cert_list[i][0].cert_type) | ||
1298 | { | ||
1299 | idx = i; | ||
1300 | break; | ||
1301 | } | ||
1302 | } | ||
1303 | } | ||
1304 | |||
1305 | /* store the certificate pointer for future use, in the handshake. | ||
1306 | * (This will allow not calling this callback again.) | ||
1307 | */ | ||
1308 | if (idx >= 0 && ret == 0) | ||
1309 | { | ||
1310 | MHD_gtls_selected_certs_set (session, | ||
1311 | &cred->cert_list[idx][0], | ||
1312 | cred->cert_list_length[idx], | ||
1313 | &cred->pkey[idx], 0); | ||
1314 | } | ||
1315 | else | ||
1316 | /* Certificate does not support REQUESTED_ALGO. */ | ||
1317 | ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
1318 | |||
1319 | return ret; | ||
1320 | } | ||
1321 | |||
1322 | /* Frees the MHD_gtls_rsa_info_st structure. | ||
1323 | */ | ||
1324 | void | ||
1325 | MHD_gtls_free_rsa_info (rsa_info_st * rsa) | ||
1326 | { | ||
1327 | MHD__gnutls_free_datum (&rsa->modulus); | ||
1328 | MHD__gnutls_free_datum (&rsa->exponent); | ||
1329 | } | ||
diff --git a/src/daemon/https/tls/auth_cert.h b/src/daemon/https/tls/auth_cert.h deleted file mode 100644 index 395fdd29..00000000 --- a/src/daemon/https/tls/auth_cert.h +++ /dev/null | |||
@@ -1,159 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2002, 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef AUTH_CERT_H | ||
26 | #define AUTH_CERT_H | ||
27 | |||
28 | #include "gnutls_cert.h" | ||
29 | #include "gnutls_auth.h" | ||
30 | #include "auth_dh_common.h" | ||
31 | #include "x509.h" | ||
32 | |||
33 | /* This structure may be complex, but it's the only way to | ||
34 | * support a server that has multiple certificates | ||
35 | */ | ||
36 | |||
37 | typedef struct MHD_gtls_certificate_credentials_st | ||
38 | { | ||
39 | MHD_gtls_dh_params_t dh_params; | ||
40 | MHD_gtls_rsa_params_t rsa_params; | ||
41 | /* this callback is used to retrieve the DH or RSA | ||
42 | * parameters. | ||
43 | */ | ||
44 | MHD_gnutls_params_function *params_func; | ||
45 | |||
46 | MHD_gnutls_cert **cert_list; | ||
47 | /* contains a list of a list of certificates. | ||
48 | * eg (X509): [0] certificate1, certificate11, certificate111 | ||
49 | * (if more than one, one certificate certifies the one before) | ||
50 | * [1] certificate2, certificate22, ... | ||
51 | */ | ||
52 | unsigned *cert_list_length; | ||
53 | /* contains the number of the certificates in a | ||
54 | * row (should be 1 for OpenPGP keys). | ||
55 | */ | ||
56 | unsigned ncerts; /* contains the number of columns in cert_list. | ||
57 | * This is the same with the number of pkeys. | ||
58 | */ | ||
59 | |||
60 | MHD_gnutls_privkey *pkey; | ||
61 | /* private keys. It contains ncerts private | ||
62 | * keys. pkey[i] corresponds to certificate in | ||
63 | * cert_list[i][0]. | ||
64 | */ | ||
65 | |||
66 | /* OpenPGP specific stuff */ | ||
67 | |||
68 | #ifndef KEYRING_HACK | ||
69 | MHD_gnutls_openpgp_keyring_t keyring; | ||
70 | #else | ||
71 | MHD_gnutls_datum_t keyring; | ||
72 | int keyring_format; | ||
73 | #endif | ||
74 | |||
75 | /* X509 specific stuff */ | ||
76 | |||
77 | MHD_gnutls_x509_crt_t *x509_ca_list; | ||
78 | unsigned x509_ncas; /* number of CAs in the ca_list | ||
79 | */ | ||
80 | |||
81 | MHD_gnutls_x509_crl_t *x509_crl_list; | ||
82 | unsigned x509_ncrls; /* number of CRLs in the crl_list | ||
83 | */ | ||
84 | |||
85 | unsigned int verify_flags; /* flags to be used at | ||
86 | * certificate verification. | ||
87 | */ | ||
88 | unsigned int verify_depth; | ||
89 | unsigned int verify_bits; | ||
90 | |||
91 | /* holds a sequence of the | ||
92 | * RDNs of the CAs above. | ||
93 | * This is better than | ||
94 | * generating on every handshake. | ||
95 | */ | ||
96 | MHD_gnutls_datum_t x509_rdn_sequence; | ||
97 | |||
98 | MHD_gnutls_certificate_client_retrieve_function *client_get_cert_callback; | ||
99 | MHD_gnutls_certificate_server_retrieve_function *server_get_cert_callback; | ||
100 | } MHD_gtls_cert_credentials_st; | ||
101 | |||
102 | typedef struct MHD_gtls_rsa_info_st | ||
103 | { | ||
104 | MHD_gnutls_datum_t modulus; | ||
105 | MHD_gnutls_datum_t exponent; | ||
106 | } rsa_info_st; | ||
107 | |||
108 | typedef struct MHD_gtls_cert_auth_info_st | ||
109 | { | ||
110 | int certificate_requested; /* if the peer requested certificate | ||
111 | * this is non zero; | ||
112 | */ | ||
113 | |||
114 | /* These (dh/rsa) are just copies from the credentials_t structure. | ||
115 | * They must be freed. | ||
116 | */ | ||
117 | MHD_gtls_dh_info_st dh; | ||
118 | rsa_info_st rsa_export; | ||
119 | |||
120 | MHD_gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the | ||
121 | * peer. | ||
122 | */ | ||
123 | unsigned int ncerts; /* holds the size of the list above */ | ||
124 | } *cert_auth_info_t; | ||
125 | |||
126 | typedef struct MHD_gtls_cert_auth_info_st cert_auth_info_st; | ||
127 | |||
128 | void MHD_gtls_free_rsa_info (rsa_info_st * rsa); | ||
129 | |||
130 | /* AUTH X509 functions */ | ||
131 | int MHD_gtls_gen_cert_server_certificate (MHD_gtls_session_t, opaque **); | ||
132 | int MHD_gtls_gen_cert_client_certificate (MHD_gtls_session_t, opaque **); | ||
133 | int MHD_gtls_gen_cert_client_cert_vrfy (MHD_gtls_session_t, opaque **); | ||
134 | int MHD_gtls_gen_cert_server_cert_req (MHD_gtls_session_t, opaque **); | ||
135 | int MHD_gtls_proc_cert_cert_req (MHD_gtls_session_t, opaque *, size_t); | ||
136 | int MHD_gtls_proc_cert_client_cert_vrfy (MHD_gtls_session_t, opaque *, | ||
137 | size_t); | ||
138 | int MHD_gtls_proc_cert_server_certificate (MHD_gtls_session_t, opaque *, | ||
139 | size_t); | ||
140 | int MHD_gtls_get_selected_cert (MHD_gtls_session_t session, | ||
141 | MHD_gnutls_cert ** apr_cert_list, | ||
142 | int *apr_cert_list_length, | ||
143 | MHD_gnutls_privkey ** apr_pkey); | ||
144 | |||
145 | int MHD_gtls_server_select_cert (struct MHD_gtls_session_int *, | ||
146 | enum MHD_GNUTLS_PublicKeyAlgorithm); | ||
147 | void MHD_gtls_selected_certs_deinit (MHD_gtls_session_t session); | ||
148 | void MHD_gtls_selected_certs_set (MHD_gtls_session_t session, | ||
149 | MHD_gnutls_cert * certs, int ncerts, | ||
150 | MHD_gnutls_privkey * key, int need_free); | ||
151 | |||
152 | #define MHD__gnutls_proc_cert_client_certificate MHD_gtls_proc_cert_server_certificate | ||
153 | |||
154 | MHD_gtls_rsa_params_t | ||
155 | MHD_gtls_certificate_get_rsa_params (MHD_gtls_rsa_params_t rsa_params, | ||
156 | MHD_gnutls_params_function * func, | ||
157 | MHD_gtls_session_t); | ||
158 | |||
159 | #endif | ||
diff --git a/src/daemon/https/tls/auth_dh_common.c b/src/daemon/https/tls/auth_dh_common.c deleted file mode 100644 index 8fc6e391..00000000 --- a/src/daemon/https/tls/auth_dh_common.c +++ /dev/null | |||
@@ -1,327 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2002, 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains common stuff in Ephemeral Diffie Hellman (DHE) and | ||
26 | * Anonymous DH key exchange(DHA). These are used in the handshake procedure | ||
27 | * of the certificate and anoymous authentication. | ||
28 | */ | ||
29 | |||
30 | #include "gnutls_int.h" | ||
31 | #include "gnutls_auth_int.h" | ||
32 | #include "gnutls_errors.h" | ||
33 | #include "gnutls_dh.h" | ||
34 | #include "gnutls_num.h" | ||
35 | #include "gnutls_sig.h" | ||
36 | #include <gnutls_datum.h> | ||
37 | #include <gnutls_x509.h> | ||
38 | #include <gnutls_state.h> | ||
39 | #include <auth_dh_common.h> | ||
40 | #include <gnutls_algorithms.h> | ||
41 | |||
42 | /* Frees the MHD_gtls_dh_info_st structure. | ||
43 | */ | ||
44 | void | ||
45 | MHD_gtls_free_dh_info (MHD_gtls_dh_info_st * dh) | ||
46 | { | ||
47 | dh->secret_bits = 0; | ||
48 | MHD__gnutls_free_datum (&dh->prime); | ||
49 | MHD__gnutls_free_datum (&dh->generator); | ||
50 | MHD__gnutls_free_datum (&dh->public_key); | ||
51 | } | ||
52 | |||
53 | int | ||
54 | MHD_gtls_proc_dh_common_client_kx (MHD_gtls_session_t session, | ||
55 | opaque * data, size_t _data_size, | ||
56 | mpi_t g, mpi_t p) | ||
57 | { | ||
58 | uint16_t n_Y; | ||
59 | size_t _n_Y; | ||
60 | int ret; | ||
61 | ssize_t data_size = _data_size; | ||
62 | |||
63 | |||
64 | DECR_LEN (data_size, 2); | ||
65 | n_Y = MHD_gtls_read_uint16 (&data[0]); | ||
66 | _n_Y = n_Y; | ||
67 | |||
68 | DECR_LEN (data_size, n_Y); | ||
69 | if (MHD_gtls_mpi_scan_nz (&session->key->client_Y, &data[2], &_n_Y)) | ||
70 | { | ||
71 | MHD_gnutls_assert (); | ||
72 | return GNUTLS_E_MPI_SCAN_FAILED; | ||
73 | } | ||
74 | |||
75 | MHD_gtls_dh_set_peer_public (session, session->key->client_Y); | ||
76 | |||
77 | session->key->KEY = | ||
78 | MHD_gtls_calc_dh_key (session->key->client_Y, session->key->dh_secret, p); | ||
79 | |||
80 | if (session->key->KEY == NULL) | ||
81 | { | ||
82 | MHD_gnutls_assert (); | ||
83 | return GNUTLS_E_MEMORY_ERROR; | ||
84 | } | ||
85 | |||
86 | MHD_gtls_mpi_release (&session->key->client_Y); | ||
87 | MHD_gtls_mpi_release (&session->key->dh_secret); | ||
88 | |||
89 | ret = MHD_gtls_mpi_dprint (&session->key->key, session->key->KEY); | ||
90 | |||
91 | MHD_gtls_mpi_release (&session->key->KEY); | ||
92 | |||
93 | if (ret < 0) | ||
94 | { | ||
95 | return ret; | ||
96 | } | ||
97 | |||
98 | return 0; | ||
99 | } | ||
100 | |||
101 | int | ||
102 | MHD_gtls_gen_dh_common_client_kx (MHD_gtls_session_t session, opaque ** data) | ||
103 | { | ||
104 | mpi_t x = NULL, X = NULL; | ||
105 | size_t n_X; | ||
106 | int ret; | ||
107 | |||
108 | *data = NULL; | ||
109 | |||
110 | X = MHD_gtls_calc_dh_secret (&x, session->key->client_g, | ||
111 | session->key->client_p); | ||
112 | if (X == NULL || x == NULL) | ||
113 | { | ||
114 | MHD_gnutls_assert (); | ||
115 | ret = GNUTLS_E_MEMORY_ERROR; | ||
116 | goto error; | ||
117 | } | ||
118 | |||
119 | MHD_gtls_dh_set_secret_bits (session, MHD__gnutls_mpi_get_nbits (x)); | ||
120 | |||
121 | MHD_gtls_mpi_print (NULL, &n_X, X); | ||
122 | (*data) = MHD_gnutls_malloc (n_X + 2); | ||
123 | if (*data == NULL) | ||
124 | { | ||
125 | ret = GNUTLS_E_MEMORY_ERROR; | ||
126 | goto error; | ||
127 | } | ||
128 | |||
129 | MHD_gtls_mpi_print (&(*data)[2], &n_X, X); | ||
130 | MHD_gtls_mpi_release (&X); | ||
131 | |||
132 | MHD_gtls_write_uint16 (n_X, &(*data)[0]); | ||
133 | |||
134 | /* calculate the key after calculating the message */ | ||
135 | session->key->KEY = | ||
136 | MHD_gtls_calc_dh_key (session->key->client_Y, x, session->key->client_p); | ||
137 | |||
138 | MHD_gtls_mpi_release (&x); | ||
139 | if (session->key->KEY == NULL) | ||
140 | { | ||
141 | MHD_gnutls_assert (); | ||
142 | ret = GNUTLS_E_MEMORY_ERROR; | ||
143 | goto error; | ||
144 | } | ||
145 | |||
146 | /* THESE SHOULD BE DISCARDED */ | ||
147 | MHD_gtls_mpi_release (&session->key->client_Y); | ||
148 | MHD_gtls_mpi_release (&session->key->client_p); | ||
149 | MHD_gtls_mpi_release (&session->key->client_g); | ||
150 | |||
151 | ret = MHD_gtls_mpi_dprint (&session->key->key, session->key->KEY); | ||
152 | |||
153 | MHD_gtls_mpi_release (&session->key->KEY); | ||
154 | |||
155 | if (ret < 0) | ||
156 | { | ||
157 | MHD_gnutls_assert (); | ||
158 | goto error; | ||
159 | } | ||
160 | |||
161 | return n_X + 2; | ||
162 | |||
163 | error: | ||
164 | MHD_gtls_mpi_release (&x); | ||
165 | MHD_gtls_mpi_release (&X); | ||
166 | MHD_gnutls_free (*data); | ||
167 | *data = NULL; | ||
168 | return ret; | ||
169 | } | ||
170 | |||
171 | int | ||
172 | MHD_gtls_proc_dh_common_server_kx (MHD_gtls_session_t session, | ||
173 | opaque * data, size_t _data_size, int psk) | ||
174 | { | ||
175 | uint16_t n_Y, n_g, n_p; | ||
176 | size_t _n_Y, _n_g, _n_p; | ||
177 | uint8_t *data_p; | ||
178 | uint8_t *data_g; | ||
179 | uint8_t *data_Y; | ||
180 | int i, bits, psk_size, ret; | ||
181 | ssize_t data_size = _data_size; | ||
182 | |||
183 | i = 0; | ||
184 | |||
185 | if (psk != 0) | ||
186 | { | ||
187 | DECR_LEN (data_size, 2); | ||
188 | psk_size = MHD_gtls_read_uint16 (&data[i]); | ||
189 | DECR_LEN (data_size, psk_size); | ||
190 | i += 2 + psk_size; | ||
191 | } | ||
192 | |||
193 | DECR_LEN (data_size, 2); | ||
194 | n_p = MHD_gtls_read_uint16 (&data[i]); | ||
195 | i += 2; | ||
196 | |||
197 | DECR_LEN (data_size, n_p); | ||
198 | data_p = &data[i]; | ||
199 | i += n_p; | ||
200 | |||
201 | DECR_LEN (data_size, 2); | ||
202 | n_g = MHD_gtls_read_uint16 (&data[i]); | ||
203 | i += 2; | ||
204 | |||
205 | DECR_LEN (data_size, n_g); | ||
206 | data_g = &data[i]; | ||
207 | i += n_g; | ||
208 | |||
209 | DECR_LEN (data_size, 2); | ||
210 | n_Y = MHD_gtls_read_uint16 (&data[i]); | ||
211 | i += 2; | ||
212 | |||
213 | DECR_LEN (data_size, n_Y); | ||
214 | data_Y = &data[i]; | ||
215 | i += n_Y; | ||
216 | |||
217 | _n_Y = n_Y; | ||
218 | _n_g = n_g; | ||
219 | _n_p = n_p; | ||
220 | |||
221 | if (MHD_gtls_mpi_scan_nz (&session->key->client_Y, data_Y, &_n_Y) != 0) | ||
222 | { | ||
223 | MHD_gnutls_assert (); | ||
224 | return GNUTLS_E_MPI_SCAN_FAILED; | ||
225 | } | ||
226 | |||
227 | if (MHD_gtls_mpi_scan_nz (&session->key->client_g, data_g, &_n_g) != 0) | ||
228 | { | ||
229 | MHD_gnutls_assert (); | ||
230 | return GNUTLS_E_MPI_SCAN_FAILED; | ||
231 | } | ||
232 | if (MHD_gtls_mpi_scan_nz (&session->key->client_p, data_p, &_n_p) != 0) | ||
233 | { | ||
234 | MHD_gnutls_assert (); | ||
235 | return GNUTLS_E_MPI_SCAN_FAILED; | ||
236 | } | ||
237 | |||
238 | bits = MHD_gtls_dh_get_allowed_prime_bits (session); | ||
239 | if (bits < 0) | ||
240 | { | ||
241 | MHD_gnutls_assert (); | ||
242 | return bits; | ||
243 | } | ||
244 | |||
245 | if (MHD__gnutls_mpi_get_nbits (session->key->client_p) < (size_t) bits) | ||
246 | { | ||
247 | /* the prime used by the peer is not acceptable | ||
248 | */ | ||
249 | MHD_gnutls_assert (); | ||
250 | return GNUTLS_E_DH_PRIME_UNACCEPTABLE; | ||
251 | } | ||
252 | |||
253 | MHD_gtls_dh_set_group (session, session->key->client_g, | ||
254 | session->key->client_p); | ||
255 | MHD_gtls_dh_set_peer_public (session, session->key->client_Y); | ||
256 | |||
257 | ret = n_Y + n_p + n_g + 6; | ||
258 | if (psk != 0) | ||
259 | ret += 2; | ||
260 | |||
261 | return ret; | ||
262 | } | ||
263 | |||
264 | /* If the psk flag is set, then an empty psk_identity_hint will | ||
265 | * be inserted */ | ||
266 | int | ||
267 | MHD_gtls_dh_common_print_server_kx (MHD_gtls_session_t session, | ||
268 | mpi_t g, mpi_t p, opaque ** data, int psk) | ||
269 | { | ||
270 | mpi_t x, X; | ||
271 | size_t n_X, n_g, n_p; | ||
272 | int ret, data_size, pos; | ||
273 | uint8_t *pdata; | ||
274 | |||
275 | X = MHD_gtls_calc_dh_secret (&x, g, p); | ||
276 | if (X == NULL || x == NULL) | ||
277 | { | ||
278 | MHD_gnutls_assert (); | ||
279 | return GNUTLS_E_MEMORY_ERROR; | ||
280 | } | ||
281 | |||
282 | session->key->dh_secret = x; | ||
283 | MHD_gtls_dh_set_secret_bits (session, MHD__gnutls_mpi_get_nbits (x)); | ||
284 | |||
285 | MHD_gtls_mpi_print (NULL, &n_g, g); | ||
286 | MHD_gtls_mpi_print (NULL, &n_p, p); | ||
287 | MHD_gtls_mpi_print (NULL, &n_X, X); | ||
288 | |||
289 | data_size = n_g + n_p + n_X + 6; | ||
290 | if (psk != 0) | ||
291 | data_size += 2; | ||
292 | |||
293 | (*data) = MHD_gnutls_malloc (data_size); | ||
294 | if (*data == NULL) | ||
295 | { | ||
296 | MHD_gtls_mpi_release (&X); | ||
297 | return GNUTLS_E_MEMORY_ERROR; | ||
298 | } | ||
299 | |||
300 | pos = 0; | ||
301 | pdata = *data; | ||
302 | |||
303 | if (psk != 0) | ||
304 | { | ||
305 | MHD_gtls_write_uint16 (0, &pdata[pos]); | ||
306 | pos += 2; | ||
307 | } | ||
308 | |||
309 | MHD_gtls_mpi_print (&pdata[pos + 2], &n_p, p); | ||
310 | MHD_gtls_write_uint16 (n_p, &pdata[pos]); | ||
311 | |||
312 | pos += n_p + 2; | ||
313 | |||
314 | MHD_gtls_mpi_print (&pdata[pos + 2], &n_g, g); | ||
315 | MHD_gtls_write_uint16 (n_g, &pdata[pos]); | ||
316 | |||
317 | pos += n_g + 2; | ||
318 | |||
319 | MHD_gtls_mpi_print (&pdata[pos + 2], &n_X, X); | ||
320 | MHD_gtls_mpi_release (&X); | ||
321 | |||
322 | MHD_gtls_write_uint16 (n_X, &pdata[pos]); | ||
323 | |||
324 | ret = data_size; | ||
325 | |||
326 | return ret; | ||
327 | } | ||
diff --git a/src/daemon/https/tls/auth_dh_common.h b/src/daemon/https/tls/auth_dh_common.h deleted file mode 100644 index f09ce6dc..00000000 --- a/src/daemon/https/tls/auth_dh_common.h +++ /dev/null | |||
@@ -1,48 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef AUTH_DH_COMMON | ||
26 | # define AUTH_DH_COMMON | ||
27 | |||
28 | typedef struct | ||
29 | { | ||
30 | int secret_bits; | ||
31 | |||
32 | MHD_gnutls_datum_t prime; | ||
33 | MHD_gnutls_datum_t generator; | ||
34 | MHD_gnutls_datum_t public_key; | ||
35 | } MHD_gtls_dh_info_st; | ||
36 | |||
37 | void MHD_gtls_free_dh_info (MHD_gtls_dh_info_st * dh); | ||
38 | int MHD_gtls_gen_dh_common_client_kx (MHD_gtls_session_t, opaque **); | ||
39 | int MHD_gtls_proc_dh_common_client_kx (MHD_gtls_session_t session, | ||
40 | opaque * data, size_t _data_size, | ||
41 | mpi_t p, mpi_t g); | ||
42 | int MHD_gtls_dh_common_print_server_kx (MHD_gtls_session_t, mpi_t g, mpi_t p, | ||
43 | opaque ** data, int psk); | ||
44 | int MHD_gtls_proc_dh_common_server_kx (MHD_gtls_session_t session, | ||
45 | opaque * data, size_t _data_size, | ||
46 | int psk); | ||
47 | |||
48 | #endif | ||
diff --git a/src/daemon/https/tls/auth_dhe.c b/src/daemon/https/tls/auth_dhe.c deleted file mode 100644 index 38407f9d..00000000 --- a/src/daemon/https/tls/auth_dhe.c +++ /dev/null | |||
@@ -1,274 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains everything for the Ephemeral Diffie Hellman (DHE) | ||
26 | * key exchange. This is used in the handshake procedure of the certificate | ||
27 | * authentication. | ||
28 | */ | ||
29 | |||
30 | #include "gnutls_int.h" | ||
31 | #include "gnutls_auth_int.h" | ||
32 | #include "gnutls_errors.h" | ||
33 | #include "gnutls_dh.h" | ||
34 | #include "gnutls_num.h" | ||
35 | #include "gnutls_sig.h" | ||
36 | #include <gnutls_datum.h> | ||
37 | #include <auth_cert.h> | ||
38 | #include <gnutls_x509.h> | ||
39 | #include <gnutls_state.h> | ||
40 | #include <auth_dh_common.h> | ||
41 | |||
42 | static int gen_dhe_server_kx (MHD_gtls_session_t, opaque **); | ||
43 | static int proc_dhe_server_kx (MHD_gtls_session_t, opaque *, size_t); | ||
44 | static int proc_dhe_client_kx (MHD_gtls_session_t, opaque *, size_t); | ||
45 | |||
46 | const MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct = { | ||
47 | "DHE_RSA", | ||
48 | MHD_gtls_gen_cert_server_certificate, | ||
49 | MHD_gtls_gen_cert_client_certificate, | ||
50 | gen_dhe_server_kx, | ||
51 | MHD_gtls_gen_dh_common_client_kx, | ||
52 | MHD_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ | ||
53 | MHD_gtls_gen_cert_server_cert_req, /* server cert request */ | ||
54 | |||
55 | MHD_gtls_proc_cert_server_certificate, | ||
56 | MHD__gnutls_proc_cert_client_certificate, | ||
57 | proc_dhe_server_kx, | ||
58 | proc_dhe_client_kx, | ||
59 | MHD_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ | ||
60 | MHD_gtls_proc_cert_cert_req /* proc server cert request */ | ||
61 | }; | ||
62 | |||
63 | const MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct = { | ||
64 | "DHE_DSS", | ||
65 | MHD_gtls_gen_cert_server_certificate, | ||
66 | MHD_gtls_gen_cert_client_certificate, | ||
67 | gen_dhe_server_kx, | ||
68 | MHD_gtls_gen_dh_common_client_kx, | ||
69 | MHD_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ | ||
70 | MHD_gtls_gen_cert_server_cert_req, /* server cert request */ | ||
71 | |||
72 | MHD_gtls_proc_cert_server_certificate, | ||
73 | MHD__gnutls_proc_cert_client_certificate, | ||
74 | proc_dhe_server_kx, | ||
75 | proc_dhe_client_kx, | ||
76 | MHD_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ | ||
77 | MHD_gtls_proc_cert_cert_req /* proc server cert request */ | ||
78 | }; | ||
79 | |||
80 | |||
81 | static int | ||
82 | gen_dhe_server_kx (MHD_gtls_session_t session, opaque ** data) | ||
83 | { | ||
84 | mpi_t g, p; | ||
85 | const mpi_t *mpis; | ||
86 | int ret = 0, data_size; | ||
87 | MHD_gnutls_cert *apr_cert_list; | ||
88 | MHD_gnutls_privkey *apr_pkey; | ||
89 | int apr_cert_list_length; | ||
90 | MHD_gnutls_datum_t signature, ddata; | ||
91 | MHD_gtls_cert_credentials_t cred; | ||
92 | MHD_gtls_dh_params_t dh_params; | ||
93 | |||
94 | cred = (MHD_gtls_cert_credentials_t) | ||
95 | MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
96 | if (cred == NULL) | ||
97 | { | ||
98 | MHD_gnutls_assert (); | ||
99 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
100 | } | ||
101 | |||
102 | /* find the appropriate certificate */ | ||
103 | if ((ret = | ||
104 | MHD_gtls_get_selected_cert (session, &apr_cert_list, | ||
105 | &apr_cert_list_length, &apr_pkey)) < 0) | ||
106 | { | ||
107 | MHD_gnutls_assert (); | ||
108 | return ret; | ||
109 | } | ||
110 | |||
111 | dh_params = | ||
112 | MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session); | ||
113 | mpis = MHD_gtls_dh_params_to_mpi (dh_params); | ||
114 | if (mpis == NULL) | ||
115 | { | ||
116 | MHD_gnutls_assert (); | ||
117 | return GNUTLS_E_NO_TEMPORARY_DH_PARAMS; | ||
118 | } | ||
119 | |||
120 | p = mpis[0]; | ||
121 | g = mpis[1]; | ||
122 | |||
123 | if ((ret = MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, | ||
124 | sizeof (cert_auth_info_st), 0)) < 0) | ||
125 | { | ||
126 | MHD_gnutls_assert (); | ||
127 | return ret; | ||
128 | } | ||
129 | |||
130 | MHD_gtls_dh_set_group (session, g, p); | ||
131 | |||
132 | ret = MHD_gtls_dh_common_print_server_kx (session, g, p, data, 0); | ||
133 | if (ret < 0) | ||
134 | { | ||
135 | MHD_gnutls_assert (); | ||
136 | return ret; | ||
137 | } | ||
138 | data_size = ret; | ||
139 | |||
140 | /* Generate the signature. */ | ||
141 | |||
142 | ddata.data = *data; | ||
143 | ddata.size = data_size; | ||
144 | |||
145 | if (apr_cert_list_length > 0) | ||
146 | { | ||
147 | if ((ret = | ||
148 | MHD_gtls_tls_sign_params (session, &apr_cert_list[0], | ||
149 | apr_pkey, &ddata, &signature)) < 0) | ||
150 | { | ||
151 | MHD_gnutls_assert (); | ||
152 | MHD_gnutls_free (*data); | ||
153 | return ret; | ||
154 | } | ||
155 | } | ||
156 | else | ||
157 | { | ||
158 | MHD_gnutls_assert (); | ||
159 | return data_size; /* do not put a signature - ILLEGAL! */ | ||
160 | } | ||
161 | |||
162 | *data = MHD_gtls_realloc_fast (*data, data_size + signature.size + 2); | ||
163 | if (*data == NULL) | ||
164 | { | ||
165 | MHD__gnutls_free_datum (&signature); | ||
166 | MHD_gnutls_assert (); | ||
167 | return GNUTLS_E_MEMORY_ERROR; | ||
168 | } | ||
169 | |||
170 | MHD_gtls_write_datum16 (&(*data)[data_size], signature); | ||
171 | data_size += signature.size + 2; | ||
172 | |||
173 | MHD__gnutls_free_datum (&signature); | ||
174 | |||
175 | return data_size; | ||
176 | } | ||
177 | |||
178 | static int | ||
179 | proc_dhe_server_kx (MHD_gtls_session_t session, opaque * data, | ||
180 | size_t _data_size) | ||
181 | { | ||
182 | int sigsize; | ||
183 | MHD_gnutls_datum_t vparams, signature; | ||
184 | int ret; | ||
185 | cert_auth_info_t info = MHD_gtls_get_auth_info (session); | ||
186 | ssize_t data_size = _data_size; | ||
187 | MHD_gnutls_cert peer_cert; | ||
188 | |||
189 | if (info == NULL || info->ncerts == 0) | ||
190 | { | ||
191 | MHD_gnutls_assert (); | ||
192 | /* we need this in order to get peer's certificate */ | ||
193 | return GNUTLS_E_INTERNAL_ERROR; | ||
194 | } | ||
195 | |||
196 | ret = MHD_gtls_proc_dh_common_server_kx (session, data, _data_size, 0); | ||
197 | if (ret < 0) | ||
198 | { | ||
199 | MHD_gnutls_assert (); | ||
200 | return ret; | ||
201 | } | ||
202 | |||
203 | /* VERIFY SIGNATURE */ | ||
204 | |||
205 | vparams.size = ret; | ||
206 | vparams.data = data; | ||
207 | |||
208 | DECR_LEN (data_size, 2); | ||
209 | sigsize = MHD_gtls_read_uint16 (&data[vparams.size]); | ||
210 | |||
211 | DECR_LEN (data_size, sigsize); | ||
212 | signature.data = &data[vparams.size + 2]; | ||
213 | signature.size = sigsize; | ||
214 | |||
215 | if ((ret = | ||
216 | MHD_gtls_raw_cert_to_gcert (&peer_cert, | ||
217 | session->security_parameters.cert_type, | ||
218 | &info->raw_certificate_list[0], | ||
219 | CERT_NO_COPY)) < 0) | ||
220 | { | ||
221 | MHD_gnutls_assert (); | ||
222 | return ret; | ||
223 | } | ||
224 | |||
225 | ret = | ||
226 | MHD_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature); | ||
227 | |||
228 | MHD_gtls_gcert_deinit (&peer_cert); | ||
229 | if (ret < 0) | ||
230 | { | ||
231 | MHD_gnutls_assert (); | ||
232 | return ret; | ||
233 | } | ||
234 | |||
235 | return ret; | ||
236 | } | ||
237 | |||
238 | |||
239 | |||
240 | static int | ||
241 | proc_dhe_client_kx (MHD_gtls_session_t session, opaque * data, | ||
242 | size_t _data_size) | ||
243 | { | ||
244 | MHD_gtls_cert_credentials_t cred; | ||
245 | int ret; | ||
246 | mpi_t p, g; | ||
247 | const mpi_t *mpis; | ||
248 | MHD_gtls_dh_params_t dh_params; | ||
249 | |||
250 | cred = (MHD_gtls_cert_credentials_t) | ||
251 | MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
252 | if (cred == NULL) | ||
253 | { | ||
254 | MHD_gnutls_assert (); | ||
255 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
256 | } | ||
257 | |||
258 | dh_params = | ||
259 | MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session); | ||
260 | mpis = MHD_gtls_dh_params_to_mpi (dh_params); | ||
261 | if (mpis == NULL) | ||
262 | { | ||
263 | MHD_gnutls_assert (); | ||
264 | return GNUTLS_E_NO_TEMPORARY_DH_PARAMS; | ||
265 | } | ||
266 | |||
267 | p = mpis[0]; | ||
268 | g = mpis[1]; | ||
269 | |||
270 | ret = MHD_gtls_proc_dh_common_client_kx (session, data, _data_size, g, p); | ||
271 | |||
272 | return ret; | ||
273 | |||
274 | } | ||
diff --git a/src/daemon/https/tls/auth_rsa.c b/src/daemon/https/tls/auth_rsa.c deleted file mode 100644 index 9548a8f1..00000000 --- a/src/daemon/https/tls/auth_rsa.c +++ /dev/null | |||
@@ -1,415 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains the RSA key exchange part of the certificate | ||
26 | * authentication. | ||
27 | */ | ||
28 | |||
29 | #include "gnutls_int.h" | ||
30 | #include "gnutls_auth_int.h" | ||
31 | #include "gnutls_errors.h" | ||
32 | #include "gnutls_dh.h" | ||
33 | #include "gnutls_num.h" | ||
34 | #include "gnutls_datum.h" | ||
35 | #include "auth_cert.h" | ||
36 | #include <gnutls_pk.h> | ||
37 | #include <gnutls_algorithms.h> | ||
38 | #include <gnutls_global.h> | ||
39 | #include "debug.h" | ||
40 | #include <gnutls_sig.h> | ||
41 | #include <gnutls_x509.h> | ||
42 | #include <gc.h> | ||
43 | |||
44 | int MHD__gnutls_gen_rsa_client_kx (MHD_gtls_session_t, opaque **); | ||
45 | int MHD__gnutls_proc_rsa_client_kx (MHD_gtls_session_t, opaque *, size_t); | ||
46 | |||
47 | const MHD_gtls_mod_auth_st MHD_gtls_rsa_auth_struct = { | ||
48 | "RSA", | ||
49 | MHD_gtls_gen_cert_server_certificate, | ||
50 | MHD_gtls_gen_cert_client_certificate, | ||
51 | NULL, /* gen server kx */ | ||
52 | MHD__gnutls_gen_rsa_client_kx, | ||
53 | MHD_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ | ||
54 | MHD_gtls_gen_cert_server_cert_req, /* server cert request */ | ||
55 | |||
56 | MHD_gtls_proc_cert_server_certificate, | ||
57 | MHD__gnutls_proc_cert_client_certificate, | ||
58 | NULL, /* proc server kx */ | ||
59 | MHD__gnutls_proc_rsa_client_kx, /* proc client kx */ | ||
60 | MHD_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ | ||
61 | MHD_gtls_proc_cert_cert_req /* proc server cert request */ | ||
62 | }; | ||
63 | |||
64 | /* This function reads the RSA parameters from peer's certificate; | ||
65 | */ | ||
66 | int | ||
67 | MHD__gnutls_get_public_rsa_params (MHD_gtls_session_t session, | ||
68 | mpi_t params[MAX_PUBLIC_PARAMS_SIZE], | ||
69 | int *params_len) | ||
70 | { | ||
71 | int ret; | ||
72 | cert_auth_info_t info; | ||
73 | MHD_gnutls_cert peer_cert; | ||
74 | int i; | ||
75 | |||
76 | /* normal non export case */ | ||
77 | |||
78 | info = MHD_gtls_get_auth_info (session); | ||
79 | |||
80 | if (info == NULL || info->ncerts == 0) | ||
81 | { | ||
82 | MHD_gnutls_assert (); | ||
83 | return GNUTLS_E_INTERNAL_ERROR; | ||
84 | } | ||
85 | |||
86 | ret = | ||
87 | MHD_gtls_raw_cert_to_gcert (&peer_cert, | ||
88 | session->security_parameters.cert_type, | ||
89 | &info->raw_certificate_list[0], | ||
90 | CERT_ONLY_PUBKEY | CERT_NO_COPY); | ||
91 | |||
92 | if (ret < 0) | ||
93 | { | ||
94 | MHD_gnutls_assert (); | ||
95 | return ret; | ||
96 | } | ||
97 | |||
98 | |||
99 | /* EXPORT case: */ | ||
100 | if (MHD_gtls_cipher_suite_get_kx_algo | ||
101 | (&session->security_parameters.current_cipher_suite) | ||
102 | == MHD_GNUTLS_KX_RSA_EXPORT | ||
103 | && MHD__gnutls_mpi_get_nbits (peer_cert.params[0]) > 512) | ||
104 | { | ||
105 | |||
106 | MHD_gtls_gcert_deinit (&peer_cert); | ||
107 | |||
108 | if (session->key->rsa[0] == NULL || session->key->rsa[1] == NULL) | ||
109 | { | ||
110 | MHD_gnutls_assert (); | ||
111 | return GNUTLS_E_INTERNAL_ERROR; | ||
112 | } | ||
113 | |||
114 | if (*params_len < 2) | ||
115 | { | ||
116 | MHD_gnutls_assert (); | ||
117 | return GNUTLS_E_INTERNAL_ERROR; | ||
118 | } | ||
119 | *params_len = 2; | ||
120 | for (i = 0; i < *params_len; i++) | ||
121 | { | ||
122 | params[i] = MHD__gnutls_mpi_copy (session->key->rsa[i]); | ||
123 | } | ||
124 | |||
125 | return 0; | ||
126 | } | ||
127 | |||
128 | /* end of export case */ | ||
129 | |||
130 | if (*params_len < peer_cert.params_size) | ||
131 | { | ||
132 | MHD_gnutls_assert (); | ||
133 | return GNUTLS_E_INTERNAL_ERROR; | ||
134 | } | ||
135 | *params_len = peer_cert.params_size; | ||
136 | |||
137 | for (i = 0; i < *params_len; i++) | ||
138 | { | ||
139 | params[i] = MHD__gnutls_mpi_copy (peer_cert.params[i]); | ||
140 | } | ||
141 | MHD_gtls_gcert_deinit (&peer_cert); | ||
142 | |||
143 | return 0; | ||
144 | } | ||
145 | |||
146 | /* This function reads the RSA parameters from the private key | ||
147 | */ | ||
148 | int | ||
149 | MHD__gnutls_get_private_rsa_params (MHD_gtls_session_t session, | ||
150 | mpi_t ** params, int *params_size) | ||
151 | { | ||
152 | int bits; | ||
153 | MHD_gtls_cert_credentials_t cred; | ||
154 | MHD_gtls_rsa_params_t rsa_params; | ||
155 | |||
156 | cred = (MHD_gtls_cert_credentials_t) | ||
157 | MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
158 | if (cred == NULL) | ||
159 | { | ||
160 | MHD_gnutls_assert (); | ||
161 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
162 | } | ||
163 | |||
164 | if (session->internals.selected_cert_list == NULL) | ||
165 | { | ||
166 | MHD_gnutls_assert (); | ||
167 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
168 | } | ||
169 | |||
170 | bits = | ||
171 | MHD__gnutls_mpi_get_nbits (session->internals.selected_cert_list[0]. | ||
172 | params[0]); | ||
173 | |||
174 | if (MHD_gtls_cipher_suite_get_kx_algo | ||
175 | (&session->security_parameters.current_cipher_suite) | ||
176 | == MHD_GNUTLS_KX_RSA_EXPORT && bits > 512) | ||
177 | { | ||
178 | |||
179 | rsa_params = | ||
180 | MHD_gtls_certificate_get_rsa_params (cred->rsa_params, | ||
181 | cred->params_func, session); | ||
182 | /* EXPORT case: */ | ||
183 | if (rsa_params == NULL) | ||
184 | { | ||
185 | MHD_gnutls_assert (); | ||
186 | return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS; | ||
187 | } | ||
188 | |||
189 | /* In the export case, we do use temporary RSA params | ||
190 | * of 512 bits size. The params in the certificate are | ||
191 | * used to sign this temporary stuff. | ||
192 | */ | ||
193 | *params_size = RSA_PRIVATE_PARAMS; | ||
194 | *params = rsa_params->params; | ||
195 | |||
196 | return 0; | ||
197 | } | ||
198 | |||
199 | /* non export cipher suites. */ | ||
200 | |||
201 | *params_size = session->internals.selected_key->params_size; | ||
202 | *params = session->internals.selected_key->params; | ||
203 | |||
204 | return 0; | ||
205 | } | ||
206 | |||
207 | int | ||
208 | MHD__gnutls_proc_rsa_client_kx (MHD_gtls_session_t session, opaque * data, | ||
209 | size_t _data_size) | ||
210 | { | ||
211 | MHD_gnutls_datum_t plaintext; | ||
212 | MHD_gnutls_datum_t ciphertext; | ||
213 | int ret, dsize; | ||
214 | mpi_t *params; | ||
215 | int params_len; | ||
216 | int randomize_key = 0; | ||
217 | ssize_t data_size = _data_size; | ||
218 | |||
219 | if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) | ||
220 | { | ||
221 | /* SSL 3.0 | ||
222 | */ | ||
223 | ciphertext.data = data; | ||
224 | ciphertext.size = data_size; | ||
225 | } | ||
226 | else | ||
227 | { | ||
228 | /* TLS 1.0 | ||
229 | */ | ||
230 | DECR_LEN (data_size, 2); | ||
231 | ciphertext.data = &data[2]; | ||
232 | dsize = MHD_gtls_read_uint16 (data); | ||
233 | |||
234 | if (dsize != data_size) | ||
235 | { | ||
236 | MHD_gnutls_assert (); | ||
237 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
238 | } | ||
239 | ciphertext.size = dsize; | ||
240 | } | ||
241 | |||
242 | ret = MHD__gnutls_get_private_rsa_params (session, ¶ms, ¶ms_len); | ||
243 | if (ret < 0) | ||
244 | { | ||
245 | MHD_gnutls_assert (); | ||
246 | return ret; | ||
247 | } | ||
248 | |||
249 | ret = MHD_gtls_pkcs1_rsa_decrypt (&plaintext, &ciphertext, params, params_len, 2); /* btype==2 */ | ||
250 | |||
251 | if (ret < 0 || plaintext.size != TLS_MASTER_SIZE) | ||
252 | { | ||
253 | /* In case decryption fails then don't inform | ||
254 | * the peer. Just use a random key. (in order to avoid | ||
255 | * attack against pkcs-1 formating). | ||
256 | */ | ||
257 | MHD_gnutls_assert (); | ||
258 | MHD__gnutls_x509_log ("auth_rsa: Possible PKCS #1 format attack\n"); | ||
259 | randomize_key = 1; | ||
260 | } | ||
261 | else | ||
262 | { | ||
263 | /* If the secret was properly formatted, then | ||
264 | * check the version number. | ||
265 | */ | ||
266 | if (MHD__gnutls_get_adv_version_major (session) != plaintext.data[0] | ||
267 | || MHD__gnutls_get_adv_version_minor (session) != plaintext.data[1]) | ||
268 | { | ||
269 | /* No error is returned here, if the version number check | ||
270 | * fails. We proceed normally. | ||
271 | * That is to defend against the attack described in the paper | ||
272 | * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima, | ||
273 | * Ondej Pokorny and Tomas Rosa. | ||
274 | */ | ||
275 | MHD_gnutls_assert (); | ||
276 | MHD__gnutls_x509_log | ||
277 | ("auth_rsa: Possible PKCS #1 version check format attack\n"); | ||
278 | } | ||
279 | } | ||
280 | |||
281 | if (randomize_key != 0) | ||
282 | { | ||
283 | session->key->key.size = TLS_MASTER_SIZE; | ||
284 | session->key->key.data = MHD_gnutls_malloc (session->key->key.size); | ||
285 | if (session->key->key.data == NULL) | ||
286 | { | ||
287 | MHD_gnutls_assert (); | ||
288 | return GNUTLS_E_MEMORY_ERROR; | ||
289 | } | ||
290 | |||
291 | /* we do not need strong random numbers here. | ||
292 | */ | ||
293 | if (MHD_gc_nonce | ||
294 | ((char *) session->key->key.data, session->key->key.size) != GC_OK) | ||
295 | { | ||
296 | MHD_gnutls_assert (); | ||
297 | return GNUTLS_E_RANDOM_FAILED; | ||
298 | } | ||
299 | |||
300 | } | ||
301 | else | ||
302 | { | ||
303 | session->key->key.data = plaintext.data; | ||
304 | session->key->key.size = plaintext.size; | ||
305 | } | ||
306 | |||
307 | /* This is here to avoid the version check attack | ||
308 | * discussed above. | ||
309 | */ | ||
310 | session->key->key.data[0] = MHD__gnutls_get_adv_version_major (session); | ||
311 | session->key->key.data[1] = MHD__gnutls_get_adv_version_minor (session); | ||
312 | |||
313 | return 0; | ||
314 | } | ||
315 | |||
316 | |||
317 | |||
318 | /* return RSA(random) using the peers public key | ||
319 | */ | ||
320 | int | ||
321 | MHD__gnutls_gen_rsa_client_kx (MHD_gtls_session_t session, opaque ** data) | ||
322 | { | ||
323 | cert_auth_info_t auth; | ||
324 | MHD_gnutls_datum_t sdata; /* data to send */ | ||
325 | mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; | ||
326 | int params_len = MAX_PUBLIC_PARAMS_SIZE; | ||
327 | int ret, i; | ||
328 | enum MHD_GNUTLS_Protocol ver; | ||
329 | |||
330 | if (session->key == NULL) | ||
331 | { | ||
332 | MHD_gnutls_assert (); | ||
333 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
334 | } | ||
335 | |||
336 | auth = session->key->auth_info; | ||
337 | if (auth == NULL) | ||
338 | { | ||
339 | /* this shouldn't have happened. The proc_certificate | ||
340 | * function should have detected that. | ||
341 | */ | ||
342 | MHD_gnutls_assert (); | ||
343 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
344 | } | ||
345 | |||
346 | session->key->key.size = TLS_MASTER_SIZE; | ||
347 | session->key->key.data = MHD_gnutls_secure_malloc (session->key->key.size); | ||
348 | |||
349 | if (session->key->key.data == NULL) | ||
350 | { | ||
351 | MHD_gnutls_assert (); | ||
352 | return GNUTLS_E_MEMORY_ERROR; | ||
353 | } | ||
354 | |||
355 | if (MHD_gc_pseudo_random ((char *) session->key->key.data, | ||
356 | session->key->key.size) != GC_OK) | ||
357 | { | ||
358 | MHD_gnutls_assert (); | ||
359 | return GNUTLS_E_RANDOM_FAILED; | ||
360 | } | ||
361 | |||
362 | ver = MHD_gtls_get_adv_version (session); | ||
363 | |||
364 | if (session->internals.rsa_pms_version[0] == 0) | ||
365 | { | ||
366 | session->key->key.data[0] = MHD_gtls_version_get_major (ver); | ||
367 | session->key->key.data[1] = MHD_gtls_version_get_minor (ver); | ||
368 | } | ||
369 | else | ||
370 | { /* use the version provided */ | ||
371 | session->key->key.data[0] = session->internals.rsa_pms_version[0]; | ||
372 | session->key->key.data[1] = session->internals.rsa_pms_version[1]; | ||
373 | } | ||
374 | |||
375 | /* move RSA parameters to key (session). | ||
376 | */ | ||
377 | if ((ret = | ||
378 | MHD__gnutls_get_public_rsa_params (session, params, ¶ms_len)) < 0) | ||
379 | { | ||
380 | MHD_gnutls_assert (); | ||
381 | return ret; | ||
382 | } | ||
383 | |||
384 | if ((ret = | ||
385 | MHD_gtls_pkcs1_rsa_encrypt (&sdata, &session->key->key, | ||
386 | params, params_len, 2)) < 0) | ||
387 | { | ||
388 | MHD_gnutls_assert (); | ||
389 | return ret; | ||
390 | } | ||
391 | |||
392 | for (i = 0; i < params_len; i++) | ||
393 | MHD_gtls_mpi_release (¶ms[i]); | ||
394 | |||
395 | if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) | ||
396 | { | ||
397 | /* SSL 3.0 */ | ||
398 | *data = sdata.data; | ||
399 | return sdata.size; | ||
400 | } | ||
401 | else | ||
402 | { /* TLS 1 */ | ||
403 | *data = MHD_gnutls_malloc (sdata.size + 2); | ||
404 | if (*data == NULL) | ||
405 | { | ||
406 | MHD__gnutls_free_datum (&sdata); | ||
407 | return GNUTLS_E_MEMORY_ERROR; | ||
408 | } | ||
409 | MHD_gtls_write_datum16 (*data, sdata); | ||
410 | ret = sdata.size + 2; | ||
411 | MHD__gnutls_free_datum (&sdata); | ||
412 | return ret; | ||
413 | } | ||
414 | |||
415 | } | ||
diff --git a/src/daemon/https/tls/auth_rsa_export.c b/src/daemon/https/tls/auth_rsa_export.c deleted file mode 100644 index 575a2b72..00000000 --- a/src/daemon/https/tls/auth_rsa_export.c +++ /dev/null | |||
@@ -1,323 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains the RSA key exchange part of the certificate | ||
26 | * authentication. | ||
27 | */ | ||
28 | |||
29 | #include "gnutls_int.h" | ||
30 | #include "gnutls_auth_int.h" | ||
31 | #include "gnutls_errors.h" | ||
32 | #include "gnutls_dh.h" | ||
33 | #include "gnutls_num.h" | ||
34 | #include "gnutls_datum.h" | ||
35 | #include "auth_cert.h" | ||
36 | #include <gnutls_pk.h> | ||
37 | #include <gnutls_algorithms.h> | ||
38 | #include <gnutls_global.h> | ||
39 | #include "debug.h" | ||
40 | #include <gnutls_sig.h> | ||
41 | #include <gnutls_x509.h> | ||
42 | #include <gnutls_rsa_export.h> | ||
43 | #include <gnutls_state.h> | ||
44 | |||
45 | int MHD__gnutls_gen_rsa_client_kx (MHD_gtls_session_t, opaque **); | ||
46 | int MHD__gnutls_proc_rsa_client_kx (MHD_gtls_session_t, opaque *, size_t); | ||
47 | static int gen_rsa_export_server_kx (MHD_gtls_session_t, opaque **); | ||
48 | static int proc_rsa_export_server_kx (MHD_gtls_session_t, opaque *, size_t); | ||
49 | |||
50 | const MHD_gtls_mod_auth_st MHD_rsa_export_auth_struct = { | ||
51 | "RSA EXPORT", | ||
52 | MHD_gtls_gen_cert_server_certificate, | ||
53 | MHD_gtls_gen_cert_client_certificate, | ||
54 | gen_rsa_export_server_kx, | ||
55 | MHD__gnutls_gen_rsa_client_kx, | ||
56 | MHD_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ | ||
57 | MHD_gtls_gen_cert_server_cert_req, /* server cert request */ | ||
58 | |||
59 | MHD_gtls_proc_cert_server_certificate, | ||
60 | MHD__gnutls_proc_cert_client_certificate, | ||
61 | proc_rsa_export_server_kx, | ||
62 | MHD__gnutls_proc_rsa_client_kx, /* proc client kx */ | ||
63 | MHD_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ | ||
64 | MHD_gtls_proc_cert_cert_req /* proc server cert request */ | ||
65 | }; | ||
66 | |||
67 | static int | ||
68 | gen_rsa_export_server_kx (MHD_gtls_session_t session, opaque ** data) | ||
69 | { | ||
70 | MHD_gtls_rsa_params_t rsa_params; | ||
71 | const mpi_t *rsa_mpis; | ||
72 | size_t n_e, n_m; | ||
73 | uint8_t *data_e, *data_m; | ||
74 | int ret = 0, data_size; | ||
75 | MHD_gnutls_cert *apr_cert_list; | ||
76 | MHD_gnutls_privkey *apr_pkey; | ||
77 | int apr_cert_list_length; | ||
78 | MHD_gnutls_datum_t signature, ddata; | ||
79 | MHD_gtls_cert_credentials_t cred; | ||
80 | |||
81 | cred = (MHD_gtls_cert_credentials_t) | ||
82 | MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
83 | if (cred == NULL) | ||
84 | { | ||
85 | MHD_gnutls_assert (); | ||
86 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
87 | } | ||
88 | |||
89 | /* find the appropriate certificate */ | ||
90 | if ((ret = | ||
91 | MHD_gtls_get_selected_cert (session, &apr_cert_list, | ||
92 | &apr_cert_list_length, &apr_pkey)) < 0) | ||
93 | { | ||
94 | MHD_gnutls_assert (); | ||
95 | return ret; | ||
96 | } | ||
97 | |||
98 | /* abort sending this message if we have a certificate | ||
99 | * of 512 bits or less. | ||
100 | */ | ||
101 | if (apr_pkey && MHD__gnutls_mpi_get_nbits (apr_pkey->params[0]) <= 512) | ||
102 | { | ||
103 | MHD_gnutls_assert (); | ||
104 | return GNUTLS_E_INT_RET_0; | ||
105 | } | ||
106 | |||
107 | rsa_params = | ||
108 | MHD_gtls_certificate_get_rsa_params (cred->rsa_params, cred->params_func, | ||
109 | session); | ||
110 | rsa_mpis = MHD__gnutls_rsa_params_to_mpi (rsa_params); | ||
111 | if (rsa_mpis == NULL) | ||
112 | { | ||
113 | MHD_gnutls_assert (); | ||
114 | return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS; | ||
115 | } | ||
116 | |||
117 | if ((ret = MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, | ||
118 | sizeof (cert_auth_info_st), 0)) < 0) | ||
119 | { | ||
120 | MHD_gnutls_assert (); | ||
121 | return ret; | ||
122 | } | ||
123 | |||
124 | MHD_gtls_rsa_export_set_pubkey (session, rsa_mpis[1], rsa_mpis[0]); | ||
125 | |||
126 | MHD_gtls_mpi_print (NULL, &n_m, rsa_mpis[0]); | ||
127 | MHD_gtls_mpi_print (NULL, &n_e, rsa_mpis[1]); | ||
128 | |||
129 | (*data) = MHD_gnutls_malloc (n_e + n_m + 4); | ||
130 | if (*data == NULL) | ||
131 | { | ||
132 | return GNUTLS_E_MEMORY_ERROR; | ||
133 | } | ||
134 | |||
135 | data_m = &(*data)[0]; | ||
136 | MHD_gtls_mpi_print (&data_m[2], &n_m, rsa_mpis[0]); | ||
137 | |||
138 | MHD_gtls_write_uint16 (n_m, data_m); | ||
139 | |||
140 | data_e = &data_m[2 + n_m]; | ||
141 | MHD_gtls_mpi_print (&data_e[2], &n_e, rsa_mpis[1]); | ||
142 | |||
143 | MHD_gtls_write_uint16 (n_e, data_e); | ||
144 | |||
145 | data_size = n_m + n_e + 4; | ||
146 | |||
147 | |||
148 | /* Generate the signature. */ | ||
149 | |||
150 | ddata.data = *data; | ||
151 | ddata.size = data_size; | ||
152 | |||
153 | if (apr_cert_list_length > 0) | ||
154 | { | ||
155 | if ((ret = | ||
156 | MHD_gtls_tls_sign_params (session, &apr_cert_list[0], | ||
157 | apr_pkey, &ddata, &signature)) < 0) | ||
158 | { | ||
159 | MHD_gnutls_assert (); | ||
160 | MHD_gnutls_free (*data); | ||
161 | *data = NULL; | ||
162 | return ret; | ||
163 | } | ||
164 | } | ||
165 | else | ||
166 | { | ||
167 | MHD_gnutls_assert (); | ||
168 | return data_size; /* do not put a signature - ILLEGAL! */ | ||
169 | } | ||
170 | |||
171 | *data = MHD_gtls_realloc_fast (*data, data_size + signature.size + 2); | ||
172 | if (*data == NULL) | ||
173 | { | ||
174 | MHD__gnutls_free_datum (&signature); | ||
175 | MHD_gnutls_assert (); | ||
176 | return GNUTLS_E_MEMORY_ERROR; | ||
177 | } | ||
178 | |||
179 | MHD_gtls_write_datum16 (&((*data)[data_size]), signature); | ||
180 | data_size += signature.size + 2; | ||
181 | |||
182 | MHD__gnutls_free_datum (&signature); | ||
183 | |||
184 | return data_size; | ||
185 | } | ||
186 | |||
187 | /* if the peer's certificate is of 512 bits or less, returns non zero. | ||
188 | */ | ||
189 | int | ||
190 | MHD__gnutls_peers_cert_less_512 (MHD_gtls_session_t session) | ||
191 | { | ||
192 | MHD_gnutls_cert peer_cert; | ||
193 | int ret; | ||
194 | cert_auth_info_t info = MHD_gtls_get_auth_info (session); | ||
195 | |||
196 | if (info == NULL || info->ncerts == 0) | ||
197 | { | ||
198 | MHD_gnutls_assert (); | ||
199 | /* we need this in order to get peer's certificate */ | ||
200 | return 0; | ||
201 | } | ||
202 | |||
203 | if ((ret = | ||
204 | MHD_gtls_raw_cert_to_gcert (&peer_cert, | ||
205 | session->security_parameters.cert_type, | ||
206 | &info->raw_certificate_list[0], | ||
207 | CERT_NO_COPY)) < 0) | ||
208 | { | ||
209 | MHD_gnutls_assert (); | ||
210 | return 0; | ||
211 | } | ||
212 | |||
213 | if (peer_cert.subject_pk_algorithm != MHD_GNUTLS_PK_RSA) | ||
214 | { | ||
215 | MHD_gnutls_assert (); | ||
216 | MHD_gtls_gcert_deinit (&peer_cert); | ||
217 | return 0; | ||
218 | } | ||
219 | |||
220 | if (MHD__gnutls_mpi_get_nbits (peer_cert.params[0]) <= 512) | ||
221 | { | ||
222 | MHD_gtls_gcert_deinit (&peer_cert); | ||
223 | return 1; | ||
224 | } | ||
225 | |||
226 | MHD_gtls_gcert_deinit (&peer_cert); | ||
227 | |||
228 | return 0; | ||
229 | } | ||
230 | |||
231 | static int | ||
232 | proc_rsa_export_server_kx (MHD_gtls_session_t session, | ||
233 | opaque * data, size_t _data_size) | ||
234 | { | ||
235 | uint16_t n_m, n_e; | ||
236 | size_t _n_m, _n_e; | ||
237 | uint8_t *data_m; | ||
238 | uint8_t *data_e; | ||
239 | int i, sigsize; | ||
240 | MHD_gnutls_datum_t vparams, signature; | ||
241 | int ret; | ||
242 | ssize_t data_size = _data_size; | ||
243 | cert_auth_info_t info; | ||
244 | MHD_gnutls_cert peer_cert; | ||
245 | |||
246 | info = MHD_gtls_get_auth_info (session); | ||
247 | if (info == NULL || info->ncerts == 0) | ||
248 | { | ||
249 | MHD_gnutls_assert (); | ||
250 | /* we need this in order to get peer's certificate */ | ||
251 | return GNUTLS_E_INTERNAL_ERROR; | ||
252 | } | ||
253 | |||
254 | |||
255 | i = 0; | ||
256 | |||
257 | DECR_LEN (data_size, 2); | ||
258 | n_m = MHD_gtls_read_uint16 (&data[i]); | ||
259 | i += 2; | ||
260 | |||
261 | DECR_LEN (data_size, n_m); | ||
262 | data_m = &data[i]; | ||
263 | i += n_m; | ||
264 | |||
265 | DECR_LEN (data_size, 2); | ||
266 | n_e = MHD_gtls_read_uint16 (&data[i]); | ||
267 | i += 2; | ||
268 | |||
269 | DECR_LEN (data_size, n_e); | ||
270 | data_e = &data[i]; | ||
271 | i += n_e; | ||
272 | |||
273 | _n_e = n_e; | ||
274 | _n_m = n_m; | ||
275 | |||
276 | if (MHD_gtls_mpi_scan_nz (&session->key->rsa[0], data_m, &_n_m) != 0) | ||
277 | { | ||
278 | MHD_gnutls_assert (); | ||
279 | return GNUTLS_E_MPI_SCAN_FAILED; | ||
280 | } | ||
281 | |||
282 | if (MHD_gtls_mpi_scan_nz (&session->key->rsa[1], data_e, &_n_e) != 0) | ||
283 | { | ||
284 | MHD_gnutls_assert (); | ||
285 | return GNUTLS_E_MPI_SCAN_FAILED; | ||
286 | } | ||
287 | |||
288 | MHD_gtls_rsa_export_set_pubkey (session, session->key->rsa[1], | ||
289 | session->key->rsa[0]); | ||
290 | |||
291 | /* VERIFY SIGNATURE */ | ||
292 | |||
293 | vparams.size = n_m + n_e + 4; | ||
294 | vparams.data = data; | ||
295 | |||
296 | DECR_LEN (data_size, 2); | ||
297 | sigsize = MHD_gtls_read_uint16 (&data[vparams.size]); | ||
298 | |||
299 | DECR_LEN (data_size, sigsize); | ||
300 | signature.data = &data[vparams.size + 2]; | ||
301 | signature.size = sigsize; | ||
302 | |||
303 | if ((ret = | ||
304 | MHD_gtls_raw_cert_to_gcert (&peer_cert, | ||
305 | session->security_parameters.cert_type, | ||
306 | &info->raw_certificate_list[0], | ||
307 | CERT_NO_COPY)) < 0) | ||
308 | { | ||
309 | MHD_gnutls_assert (); | ||
310 | return ret; | ||
311 | } | ||
312 | |||
313 | ret = | ||
314 | MHD_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature); | ||
315 | |||
316 | MHD_gtls_gcert_deinit (&peer_cert); | ||
317 | if (ret < 0) | ||
318 | { | ||
319 | MHD_gnutls_assert (); | ||
320 | } | ||
321 | |||
322 | return ret; | ||
323 | } | ||
diff --git a/src/daemon/https/tls/debug.c b/src/daemon/https/tls/debug.c deleted file mode 100644 index e7e41d0b..00000000 --- a/src/daemon/https/tls/debug.c +++ /dev/null | |||
@@ -1,95 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include "gnutls_int.h" | ||
26 | #include "gnutls_errors.h" | ||
27 | #include <stdio.h> | ||
28 | #include <stdlib.h> | ||
29 | #include <gcrypt.h> | ||
30 | |||
31 | const char * | ||
32 | MHD__gnutls_packet2str (content_type_t packet) | ||
33 | { | ||
34 | switch (packet) | ||
35 | { | ||
36 | case GNUTLS_CHANGE_CIPHER_SPEC: | ||
37 | return "Change Cipher Spec"; | ||
38 | case GNUTLS_ALERT: | ||
39 | return "Alert"; | ||
40 | case GNUTLS_HANDSHAKE: | ||
41 | return "Handshake"; | ||
42 | case GNUTLS_APPLICATION_DATA: | ||
43 | return "Application Data"; | ||
44 | case GNUTLS_INNER_APPLICATION: | ||
45 | return "Inner Application"; | ||
46 | |||
47 | default: | ||
48 | return "Unknown Packet"; | ||
49 | } | ||
50 | } | ||
51 | |||
52 | const char * | ||
53 | MHD__gnutls_handshake2str (MHD_gnutls_handshake_description_t handshake) | ||
54 | { | ||
55 | |||
56 | switch (handshake) | ||
57 | { | ||
58 | case GNUTLS_HANDSHAKE_HELLO_REQUEST: | ||
59 | return "HELLO REQUEST"; | ||
60 | break; | ||
61 | case GNUTLS_HANDSHAKE_CLIENT_HELLO: | ||
62 | return "CLIENT HELLO"; | ||
63 | break; | ||
64 | case GNUTLS_HANDSHAKE_SERVER_HELLO: | ||
65 | return "SERVER HELLO"; | ||
66 | break; | ||
67 | case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: | ||
68 | return "CERTIFICATE"; | ||
69 | break; | ||
70 | case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: | ||
71 | return "SERVER KEY EXCHANGE"; | ||
72 | break; | ||
73 | case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: | ||
74 | return "CERTIFICATE REQUEST"; | ||
75 | break; | ||
76 | case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: | ||
77 | return "SERVER HELLO DONE"; | ||
78 | break; | ||
79 | case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: | ||
80 | return "CERTIFICATE VERIFY"; | ||
81 | break; | ||
82 | case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: | ||
83 | return "CLIENT KEY EXCHANGE"; | ||
84 | break; | ||
85 | case GNUTLS_HANDSHAKE_FINISHED: | ||
86 | return "FINISHED"; | ||
87 | break; | ||
88 | case GNUTLS_HANDSHAKE_SUPPLEMENTAL: | ||
89 | return "SUPPLEMENTAL"; | ||
90 | break; | ||
91 | default: | ||
92 | return "Unknown Handshake packet"; | ||
93 | |||
94 | } | ||
95 | } | ||
diff --git a/src/daemon/https/tls/debug.h b/src/daemon/https/tls/debug.h deleted file mode 100644 index ba1f1006..00000000 --- a/src/daemon/https/tls/debug.h +++ /dev/null | |||
@@ -1,27 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | const char *MHD__gnutls_packet2str (content_type_t packet); | ||
26 | const char *MHD__gnutls_handshake2str (MHD_gnutls_handshake_description_t | ||
27 | handshake); | ||
diff --git a/src/daemon/https/tls/defines.h b/src/daemon/https/tls/defines.h deleted file mode 100644 index 9a636360..00000000 --- a/src/daemon/https/tls/defines.h +++ /dev/null | |||
@@ -1,66 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef DEFINES_H | ||
26 | # define DEFINES_H | ||
27 | |||
28 | #ifdef HAVE_CONFIG_H | ||
29 | # include "MHD_config.h" | ||
30 | #endif | ||
31 | |||
32 | #include <stddef.h> | ||
33 | #include <string.h> | ||
34 | #include <stdlib.h> | ||
35 | #include <stdio.h> | ||
36 | #include <ctype.h> | ||
37 | #include <limits.h> | ||
38 | #include <stdint.h> | ||
39 | |||
40 | #ifdef NO_SSIZE_T | ||
41 | # define HAVE_SSIZE_T | ||
42 | typedef int ssize_t; | ||
43 | #endif | ||
44 | |||
45 | #include <sys/types.h> | ||
46 | #include <unistd.h> | ||
47 | #include <sys/stat.h> | ||
48 | #ifndef MINGW | ||
49 | #include <sys/socket.h> | ||
50 | #endif | ||
51 | #include <time.h> | ||
52 | |||
53 | /* TODO check if these should go into config.h */ | ||
54 | #define SIZEOF_UNSIGNED_INT 4 | ||
55 | #define SIZEOF_UNSIGNED_LONG 8 | ||
56 | #define SIZEOF_UNSIGNED_LONG_INT SIZEOF_UNSIGNED_LONG | ||
57 | |||
58 | /* some systems had problems with long long int, thus, | ||
59 | * it is not used. | ||
60 | */ | ||
61 | typedef struct | ||
62 | { | ||
63 | unsigned char i[8]; | ||
64 | } uint64; | ||
65 | |||
66 | #endif /* defines_h */ | ||
diff --git a/src/daemon/https/tls/ext_cert_type.c b/src/daemon/https/tls/ext_cert_type.c deleted file mode 100644 index 1e7966f4..00000000 --- a/src/daemon/https/tls/ext_cert_type.c +++ /dev/null | |||
@@ -1,246 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains the code the Certificate Type TLS extension. | ||
26 | * This extension is currently gnutls specific. | ||
27 | */ | ||
28 | |||
29 | #include "gnutls_int.h" | ||
30 | #include "gnutls_errors.h" | ||
31 | #include "gnutls_num.h" | ||
32 | #include "ext_cert_type.h" | ||
33 | #include "gnutls_state.h" | ||
34 | #include "gnutls_num.h" | ||
35 | |||
36 | inline static int MHD__gnutls_num2cert_type (int num); | ||
37 | inline static int MHD__gnutls_cert_type2num (int record_size); | ||
38 | |||
39 | /* | ||
40 | * In case of a server: if a CERT_TYPE extension type is received then it stores | ||
41 | * into the session security parameters the new value. The server may use MHD_gnutls_session_certificate_type_get(), | ||
42 | * to access it. | ||
43 | * | ||
44 | * In case of a client: If a cert_types have been specified then we send the extension. | ||
45 | * | ||
46 | */ | ||
47 | |||
48 | int | ||
49 | MHD_gtls_cert_type_recv_params (MHD_gtls_session_t session, | ||
50 | const opaque * data, size_t _data_size) | ||
51 | { | ||
52 | int new_type = -1, ret, i; | ||
53 | ssize_t data_size = _data_size; | ||
54 | |||
55 | #if MHD_DEBUG_TLS | ||
56 | if (session->security_parameters.entity == GNUTLS_CLIENT) | ||
57 | { | ||
58 | if (data_size > 0) | ||
59 | { | ||
60 | if (data_size != 1) | ||
61 | { | ||
62 | MHD_gnutls_assert (); | ||
63 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
64 | } | ||
65 | |||
66 | new_type = MHD__gnutls_num2cert_type (data[0]); | ||
67 | |||
68 | if (new_type < 0) | ||
69 | { | ||
70 | MHD_gnutls_assert (); | ||
71 | return new_type; | ||
72 | } | ||
73 | |||
74 | /* Check if we support this cert_type */ | ||
75 | if ((ret = | ||
76 | MHD_gtls_session_cert_type_supported (session, new_type)) < 0) | ||
77 | { | ||
78 | MHD_gnutls_assert (); | ||
79 | return ret; | ||
80 | } | ||
81 | |||
82 | MHD__gnutls_session_cert_type_set (session, new_type); | ||
83 | } | ||
84 | } | ||
85 | else | ||
86 | #endif | ||
87 | |||
88 | { /* SERVER SIDE - we must check if the sent cert type is the right one | ||
89 | */ | ||
90 | if (data_size > 1) | ||
91 | { | ||
92 | uint8_t len; | ||
93 | |||
94 | len = data[0]; | ||
95 | DECR_LEN (data_size, len); | ||
96 | |||
97 | for (i = 0; i < len; i++) | ||
98 | { | ||
99 | new_type = MHD__gnutls_num2cert_type (data[i + 1]); | ||
100 | |||
101 | if (new_type < 0) | ||
102 | continue; | ||
103 | |||
104 | /* Check if we support this cert_type */ | ||
105 | if ((ret = | ||
106 | MHD_gtls_session_cert_type_supported (session, | ||
107 | new_type)) < 0) | ||
108 | { | ||
109 | MHD_gnutls_assert (); | ||
110 | continue; | ||
111 | } | ||
112 | else | ||
113 | break; | ||
114 | /* new_type is ok */ | ||
115 | } | ||
116 | |||
117 | if (new_type < 0) | ||
118 | { | ||
119 | MHD_gnutls_assert (); | ||
120 | return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; | ||
121 | } | ||
122 | |||
123 | if ((ret = | ||
124 | MHD_gtls_session_cert_type_supported (session, new_type)) < 0) | ||
125 | { | ||
126 | MHD_gnutls_assert (); | ||
127 | /* The peer has requested unsupported certificate | ||
128 | * types. Instead of failing, procceed normally. | ||
129 | * (the ciphersuite selection would fail, or a | ||
130 | * non certificate ciphersuite will be selected). | ||
131 | */ | ||
132 | return 0; | ||
133 | } | ||
134 | |||
135 | MHD__gnutls_session_cert_type_set (session, new_type); | ||
136 | } | ||
137 | |||
138 | |||
139 | } | ||
140 | |||
141 | return 0; | ||
142 | } | ||
143 | |||
144 | /* returns data_size or a negative number on failure | ||
145 | */ | ||
146 | int | ||
147 | MHD_gtls_cert_type_send_params (MHD_gtls_session_t session, opaque * data, | ||
148 | size_t data_size) | ||
149 | { | ||
150 | unsigned int len; | ||
151 | |||
152 | /* this function sends the client extension data (dnsname) */ | ||
153 | #if MHD_DEBUG_TLS | ||
154 | unsigned int i; | ||
155 | if (session->security_parameters.entity == GNUTLS_CLIENT) | ||
156 | { | ||
157 | |||
158 | if (session->internals.priorities.cert_type.num_algorithms > 0) | ||
159 | { | ||
160 | |||
161 | len = session->internals.priorities.cert_type.num_algorithms; | ||
162 | |||
163 | if (len == 1 && | ||
164 | session->internals.priorities.cert_type.priority[0] == | ||
165 | MHD_GNUTLS_CRT_X509) | ||
166 | { | ||
167 | /* We don't use this extension if X.509 certificates | ||
168 | * are used. | ||
169 | */ | ||
170 | return 0; | ||
171 | } | ||
172 | |||
173 | if (data_size < len + 1) | ||
174 | { | ||
175 | MHD_gnutls_assert (); | ||
176 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
177 | } | ||
178 | |||
179 | /* this is a vector! | ||
180 | */ | ||
181 | data[0] = (uint8_t) len; | ||
182 | |||
183 | for (i = 0; i < len; i++) | ||
184 | { | ||
185 | data[i + 1] = | ||
186 | MHD__gnutls_cert_type2num (session->internals. | ||
187 | priorities.cert_type.priority[i]); | ||
188 | } | ||
189 | return len + 1; | ||
190 | } | ||
191 | |||
192 | } | ||
193 | else | ||
194 | #endif | ||
195 | { /* server side */ | ||
196 | if (session->security_parameters.cert_type != DEFAULT_CERT_TYPE) | ||
197 | { | ||
198 | len = 1; | ||
199 | if (data_size < len) | ||
200 | { | ||
201 | MHD_gnutls_assert (); | ||
202 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
203 | } | ||
204 | |||
205 | data[0] = | ||
206 | MHD__gnutls_cert_type2num (session-> | ||
207 | security_parameters.cert_type); | ||
208 | return len; | ||
209 | } | ||
210 | |||
211 | |||
212 | } | ||
213 | |||
214 | return 0; | ||
215 | } | ||
216 | |||
217 | /* Maps numbers to record sizes according to the | ||
218 | * extensions draft. | ||
219 | */ | ||
220 | inline static int | ||
221 | MHD__gnutls_num2cert_type (int num) | ||
222 | { | ||
223 | switch (num) | ||
224 | { | ||
225 | case 0: | ||
226 | return MHD_GNUTLS_CRT_X509; | ||
227 | default: | ||
228 | return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; | ||
229 | } | ||
230 | } | ||
231 | |||
232 | /* Maps record size to numbers according to the | ||
233 | * extensions draft. | ||
234 | */ | ||
235 | inline static int | ||
236 | MHD__gnutls_cert_type2num (int cert_type) | ||
237 | { | ||
238 | switch (cert_type) | ||
239 | { | ||
240 | case MHD_GNUTLS_CRT_X509: | ||
241 | return 0; | ||
242 | default: | ||
243 | return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; | ||
244 | } | ||
245 | |||
246 | } | ||
diff --git a/src/daemon/https/tls/ext_cert_type.h b/src/daemon/https/tls/ext_cert_type.h deleted file mode 100644 index f80f7ba8..00000000 --- a/src/daemon/https/tls/ext_cert_type.h +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* Maps record size to numbers according to the | ||
26 | * extensions draft. | ||
27 | */ | ||
28 | int MHD_gtls_cert_type_recv_params (MHD_gtls_session_t session, | ||
29 | const opaque * data, size_t data_size); | ||
30 | int MHD_gtls_cert_type_send_params (MHD_gtls_session_t session, opaque * data, | ||
31 | size_t); | ||
diff --git a/src/daemon/https/tls/ext_max_record.c b/src/daemon/https/tls/ext_max_record.c deleted file mode 100644 index 421a1739..00000000 --- a/src/daemon/https/tls/ext_max_record.c +++ /dev/null | |||
@@ -1,198 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains the code for the Max Record Size TLS extension. | ||
26 | */ | ||
27 | |||
28 | #include "gnutls_int.h" | ||
29 | #include "gnutls_errors.h" | ||
30 | #include "gnutls_num.h" | ||
31 | #include <ext_max_record.h> | ||
32 | |||
33 | /* | ||
34 | * In case of a server: if a MAX_RECORD_SIZE extension type is received then it stores | ||
35 | * into the session the new value. The server may use MHD_gnutls_get_max_record_size(), | ||
36 | * in order to access it. | ||
37 | * | ||
38 | * In case of a client: If a different max record size (than the default) has | ||
39 | * been specified then it sends the extension. | ||
40 | * | ||
41 | */ | ||
42 | |||
43 | int | ||
44 | MHD_gtls_max_record_recv_params (MHD_gtls_session_t session, | ||
45 | const opaque * data, size_t _data_size) | ||
46 | { | ||
47 | ssize_t new_size; | ||
48 | ssize_t data_size = _data_size; | ||
49 | |||
50 | if (session->security_parameters.entity == GNUTLS_SERVER) | ||
51 | { | ||
52 | if (data_size > 0) | ||
53 | { | ||
54 | DECR_LEN (data_size, 1); | ||
55 | |||
56 | new_size = MHD_gtls_mre_num2record (data[0]); | ||
57 | |||
58 | if (new_size < 0) | ||
59 | { | ||
60 | MHD_gnutls_assert (); | ||
61 | return new_size; | ||
62 | } | ||
63 | |||
64 | session->security_parameters.max_record_send_size = new_size; | ||
65 | session->security_parameters.max_record_recv_size = new_size; | ||
66 | } | ||
67 | } | ||
68 | else | ||
69 | { /* CLIENT SIDE - we must check if the sent record size is the right one | ||
70 | */ | ||
71 | if (data_size > 0) | ||
72 | { | ||
73 | |||
74 | if (data_size != 1) | ||
75 | { | ||
76 | MHD_gnutls_assert (); | ||
77 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
78 | } | ||
79 | |||
80 | new_size = MHD_gtls_mre_num2record (data[0]); | ||
81 | |||
82 | if (new_size < 0 | ||
83 | || new_size != session->internals.proposed_record_size) | ||
84 | { | ||
85 | MHD_gnutls_assert (); | ||
86 | return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; | ||
87 | } | ||
88 | else | ||
89 | { | ||
90 | session->security_parameters.max_record_recv_size = | ||
91 | session->internals.proposed_record_size; | ||
92 | } | ||
93 | |||
94 | } | ||
95 | |||
96 | |||
97 | } | ||
98 | |||
99 | return 0; | ||
100 | } | ||
101 | |||
102 | /* returns data_size or a negative number on failure | ||
103 | */ | ||
104 | int | ||
105 | MHD_gtls_max_record_send_params (MHD_gtls_session_t session, opaque * data, | ||
106 | size_t data_size) | ||
107 | { | ||
108 | uint16_t len; | ||
109 | /* this function sends the client extension data (dnsname) */ | ||
110 | #if MHD_DEBUG_TLS | ||
111 | if (session->security_parameters.entity == GNUTLS_CLIENT) | ||
112 | { | ||
113 | |||
114 | if (session->internals.proposed_record_size != DEFAULT_MAX_RECORD_SIZE) | ||
115 | { | ||
116 | len = 1; | ||
117 | if (data_size < len) | ||
118 | { | ||
119 | MHD_gnutls_assert (); | ||
120 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
121 | } | ||
122 | |||
123 | data[0] = | ||
124 | (uint8_t) MHD_gtls_mre_record2num (session->internals. | ||
125 | proposed_record_size); | ||
126 | return len; | ||
127 | } | ||
128 | |||
129 | } | ||
130 | else | ||
131 | #endif | ||
132 | { /* server side */ | ||
133 | |||
134 | if (session->security_parameters.max_record_recv_size != | ||
135 | DEFAULT_MAX_RECORD_SIZE) | ||
136 | { | ||
137 | len = 1; | ||
138 | if (data_size < len) | ||
139 | { | ||
140 | MHD_gnutls_assert (); | ||
141 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
142 | } | ||
143 | |||
144 | data[0] = | ||
145 | (uint8_t) | ||
146 | MHD_gtls_mre_record2num | ||
147 | (session->security_parameters.max_record_recv_size); | ||
148 | return len; | ||
149 | } | ||
150 | |||
151 | |||
152 | } | ||
153 | |||
154 | return 0; | ||
155 | } | ||
156 | |||
157 | /* Maps numbers to record sizes according to the | ||
158 | * extensions draft. | ||
159 | */ | ||
160 | int | ||
161 | MHD_gtls_mre_num2record (int num) | ||
162 | { | ||
163 | switch (num) | ||
164 | { | ||
165 | case 1: | ||
166 | return 512; | ||
167 | case 2: | ||
168 | return 1024; | ||
169 | case 3: | ||
170 | return 2048; | ||
171 | case 4: | ||
172 | return 4096; | ||
173 | default: | ||
174 | return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; | ||
175 | } | ||
176 | } | ||
177 | |||
178 | /* Maps record size to numbers according to the | ||
179 | * extensions draft. | ||
180 | */ | ||
181 | int | ||
182 | MHD_gtls_mre_record2num (uint16_t record_size) | ||
183 | { | ||
184 | switch (record_size) | ||
185 | { | ||
186 | case 512: | ||
187 | return 1; | ||
188 | case 1024: | ||
189 | return 2; | ||
190 | case 2048: | ||
191 | return 3; | ||
192 | case 4096: | ||
193 | return 4; | ||
194 | default: | ||
195 | return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; | ||
196 | } | ||
197 | |||
198 | } | ||
diff --git a/src/daemon/https/tls/ext_max_record.h b/src/daemon/https/tls/ext_max_record.h deleted file mode 100644 index 14686253..00000000 --- a/src/daemon/https/tls/ext_max_record.h +++ /dev/null | |||
@@ -1,33 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* Maps record size to numbers according to the | ||
26 | * extensions draft. | ||
27 | */ | ||
28 | int MHD_gtls_mre_num2record (int num); | ||
29 | int MHD_gtls_mre_record2num (uint16_t record_size); | ||
30 | int MHD_gtls_max_record_recv_params (MHD_gtls_session_t session, | ||
31 | const opaque * data, size_t data_size); | ||
32 | int MHD_gtls_max_record_send_params (MHD_gtls_session_t session, | ||
33 | opaque * data, size_t); | ||
diff --git a/src/daemon/https/tls/ext_server_name.c b/src/daemon/https/tls/ext_server_name.c deleted file mode 100644 index 911bd530..00000000 --- a/src/daemon/https/tls/ext_server_name.c +++ /dev/null | |||
@@ -1,223 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include "gnutls_int.h" | ||
26 | #include "gnutls_auth_int.h" | ||
27 | #include "gnutls_errors.h" | ||
28 | #include "gnutls_num.h" | ||
29 | #include <ext_server_name.h> | ||
30 | |||
31 | /* | ||
32 | * In case of a server: if a NAME_DNS extension type is received then it stores | ||
33 | * into the session the value of NAME_DNS. The server may use MHD_gnutls_ext_get_server_name(), | ||
34 | * in order to access it. | ||
35 | * | ||
36 | * In case of a client: If a proper NAME_DNS extension type is found in the session then | ||
37 | * it sends the extension to the peer. | ||
38 | * | ||
39 | */ | ||
40 | |||
41 | int | ||
42 | MHD_gtls_server_name_recv_params (MHD_gtls_session_t session, | ||
43 | const opaque * data, size_t _data_size) | ||
44 | { | ||
45 | int i; | ||
46 | const unsigned char *p; | ||
47 | uint16_t len, type; | ||
48 | ssize_t data_size = _data_size; | ||
49 | int server_names = 0; | ||
50 | |||
51 | DECR_LENGTH_RET (data_size, 2, 0); | ||
52 | len = MHD_gtls_read_uint16 (data); | ||
53 | |||
54 | if (len != data_size) | ||
55 | { | ||
56 | /* This is unexpected packet length, but | ||
57 | * just ignore it, for now. | ||
58 | */ | ||
59 | MHD_gnutls_assert (); | ||
60 | return 0; | ||
61 | } | ||
62 | |||
63 | p = data + 2; | ||
64 | |||
65 | /* Count all server_names in the packet. */ | ||
66 | while (data_size > 0) | ||
67 | { | ||
68 | DECR_LENGTH_RET (data_size, 1, 0); | ||
69 | p++; | ||
70 | |||
71 | DECR_LEN (data_size, 2); | ||
72 | len = MHD_gtls_read_uint16 (p); | ||
73 | p += 2; | ||
74 | |||
75 | /* make sure supplied server name is not empty */ | ||
76 | if (len > 0) | ||
77 | { | ||
78 | DECR_LENGTH_RET (data_size, len, 0); | ||
79 | server_names++; | ||
80 | p += len; | ||
81 | } | ||
82 | else | ||
83 | { | ||
84 | #if HAVE_MESSAGES | ||
85 | MHD__gnutls_handshake_log | ||
86 | ("HSK[%x]: Received zero size server name (under attack?)\n", | ||
87 | session); | ||
88 | #endif | ||
89 | } | ||
90 | } | ||
91 | |||
92 | /* we cannot accept more server names. */ | ||
93 | if (server_names > MAX_SERVER_NAME_EXTENSIONS) | ||
94 | { | ||
95 | #if HAVE_MESSAGES | ||
96 | MHD__gnutls_handshake_log | ||
97 | ("HSK[%x]: Too many server names received (under attack?)\n", | ||
98 | session); | ||
99 | #endif | ||
100 | server_names = MAX_SERVER_NAME_EXTENSIONS; | ||
101 | } | ||
102 | |||
103 | session->security_parameters.extensions.server_names_size = server_names; | ||
104 | if (server_names == 0) | ||
105 | return 0; /* no names found */ | ||
106 | |||
107 | p = data + 2; | ||
108 | for (i = 0; i < server_names; i++) | ||
109 | { | ||
110 | type = *p; | ||
111 | p++; | ||
112 | |||
113 | len = MHD_gtls_read_uint16 (p); | ||
114 | p += 2; | ||
115 | |||
116 | switch (type) | ||
117 | { | ||
118 | case 0: /* NAME_DNS */ | ||
119 | if (len <= MAX_SERVER_NAME_SIZE) | ||
120 | { | ||
121 | memcpy (session->security_parameters.extensions. | ||
122 | server_names[i].name, p, len); | ||
123 | session->security_parameters.extensions.server_names[i]. | ||
124 | name_length = len; | ||
125 | session->security_parameters.extensions.server_names[i].type = | ||
126 | GNUTLS_NAME_DNS; | ||
127 | break; | ||
128 | } | ||
129 | } | ||
130 | |||
131 | /* move to next record */ | ||
132 | p += len; | ||
133 | } | ||
134 | return 0; | ||
135 | } | ||
136 | |||
137 | /* returns data_size or a negative number on failure | ||
138 | */ | ||
139 | int | ||
140 | MHD_gtls_server_name_send_params (MHD_gtls_session_t session, | ||
141 | opaque * data, size_t _data_size) | ||
142 | { | ||
143 | int total_size = 0; | ||
144 | #if MHD_DEBUG_TLS | ||
145 | uint16_t len; | ||
146 | opaque *p; | ||
147 | unsigned i; | ||
148 | ssize_t data_size = _data_size; | ||
149 | |||
150 | /* this function sends the client extension data (dnsname) */ | ||
151 | if (session->security_parameters.entity == GNUTLS_CLIENT) | ||
152 | { | ||
153 | |||
154 | if (session->security_parameters.extensions.server_names_size == 0) | ||
155 | return 0; | ||
156 | |||
157 | /* uint16_t | ||
158 | */ | ||
159 | total_size = 2; | ||
160 | for (i = 0; | ||
161 | i < session->security_parameters.extensions.server_names_size; i++) | ||
162 | { | ||
163 | /* count the total size | ||
164 | */ | ||
165 | len = | ||
166 | session->security_parameters.extensions.server_names[i]. | ||
167 | name_length; | ||
168 | |||
169 | /* uint8_t + uint16_t + size | ||
170 | */ | ||
171 | total_size += 1 + 2 + len; | ||
172 | } | ||
173 | |||
174 | p = data; | ||
175 | |||
176 | /* UINT16: write total size of all names | ||
177 | */ | ||
178 | DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER); | ||
179 | MHD_gtls_write_uint16 (total_size - 2, p); | ||
180 | p += 2; | ||
181 | |||
182 | for (i = 0; | ||
183 | i < session->security_parameters.extensions.server_names_size; i++) | ||
184 | { | ||
185 | |||
186 | switch (session->security_parameters.extensions. | ||
187 | server_names[i].type) | ||
188 | { | ||
189 | case GNUTLS_NAME_DNS: | ||
190 | |||
191 | len = | ||
192 | session->security_parameters.extensions. | ||
193 | server_names[i].name_length; | ||
194 | if (len == 0) | ||
195 | break; | ||
196 | |||
197 | /* UINT8: type of this extension | ||
198 | * UINT16: size of the first name | ||
199 | * LEN: the actual server name. | ||
200 | */ | ||
201 | DECR_LENGTH_RET (data_size, len + 3, | ||
202 | GNUTLS_E_SHORT_MEMORY_BUFFER); | ||
203 | |||
204 | *p = 0; /* NAME_DNS type */ | ||
205 | p++; | ||
206 | |||
207 | MHD_gtls_write_uint16 (len, p); | ||
208 | p += 2; | ||
209 | |||
210 | memcpy (p, | ||
211 | session->security_parameters.extensions. | ||
212 | server_names[0].name, len); | ||
213 | p += len; | ||
214 | break; | ||
215 | default: | ||
216 | MHD_gnutls_assert (); | ||
217 | return GNUTLS_E_INTERNAL_ERROR; | ||
218 | } | ||
219 | } | ||
220 | } | ||
221 | #endif | ||
222 | return total_size; | ||
223 | } | ||
diff --git a/src/daemon/https/tls/ext_server_name.h b/src/daemon/https/tls/ext_server_name.h deleted file mode 100644 index f74ce191..00000000 --- a/src/daemon/https/tls/ext_server_name.h +++ /dev/null | |||
@@ -1,28 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | int MHD_gtls_server_name_recv_params (MHD_gtls_session_t session, | ||
26 | const opaque * data, size_t data_size); | ||
27 | int MHD_gtls_server_name_send_params (MHD_gtls_session_t session, | ||
28 | opaque * data, size_t); | ||
diff --git a/src/daemon/https/tls/gnutls.asn b/src/daemon/https/tls/gnutls.asn deleted file mode 100644 index 0cb98414..00000000 --- a/src/daemon/https/tls/gnutls.asn +++ /dev/null | |||
@@ -1,93 +0,0 @@ | |||
1 | GNUTLS { } | ||
2 | |||
3 | DEFINITIONS EXPLICIT TAGS ::= | ||
4 | |||
5 | BEGIN | ||
6 | |||
7 | -- This file contains parts of PKCS-1 structures and some stuff | ||
8 | -- required for DSA keys. | ||
9 | |||
10 | RSAPublicKey ::= SEQUENCE { | ||
11 | modulus INTEGER, -- n | ||
12 | publicExponent INTEGER -- e | ||
13 | } | ||
14 | |||
15 | -- | ||
16 | -- Representation of RSA private key with information for the | ||
17 | -- CRT algorithm. | ||
18 | -- | ||
19 | RSAPrivateKey ::= SEQUENCE { | ||
20 | version Version, | ||
21 | modulus INTEGER, -- (Usually large) n | ||
22 | publicExponent INTEGER, -- (Usually small) e | ||
23 | privateExponent INTEGER, -- (Usually large) d | ||
24 | prime1 INTEGER, -- (Usually large) p | ||
25 | prime2 INTEGER, -- (Usually large) q | ||
26 | exponent1 INTEGER, -- (Usually large) d mod (p-1) | ||
27 | exponent2 INTEGER, -- (Usually large) d mod (q-1) | ||
28 | coefficient INTEGER, -- (Usually large) (inverse of q) mod p | ||
29 | otherPrimeInfos OtherPrimeInfos OPTIONAL | ||
30 | } | ||
31 | |||
32 | Version ::= INTEGER { two-prime(0), multi(1) } | ||
33 | -- (CONSTRAINED BY { version must be multi if otherPrimeInfos present }) -- | ||
34 | |||
35 | OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo | ||
36 | |||
37 | OtherPrimeInfo ::= SEQUENCE { | ||
38 | prime INTEGER, -- ri | ||
39 | exponent INTEGER, -- di | ||
40 | coefficient INTEGER -- ti | ||
41 | } | ||
42 | |||
43 | -- for signature calculation | ||
44 | -- added by nmav | ||
45 | |||
46 | AlgorithmIdentifier ::= SEQUENCE { | ||
47 | algorithm OBJECT IDENTIFIER, | ||
48 | parameters ANY DEFINED BY algorithm OPTIONAL | ||
49 | } | ||
50 | -- contains a value of the type | ||
51 | -- registered for use with the | ||
52 | -- algorithm object identifier value | ||
53 | |||
54 | DigestInfo ::= SEQUENCE { | ||
55 | digestAlgorithm DigestAlgorithmIdentifier, | ||
56 | digest Digest | ||
57 | } | ||
58 | |||
59 | DigestAlgorithmIdentifier ::= AlgorithmIdentifier | ||
60 | |||
61 | Digest ::= OCTET STRING | ||
62 | |||
63 | DSAPublicKey ::= INTEGER | ||
64 | |||
65 | DSAParameters ::= SEQUENCE { | ||
66 | p INTEGER, | ||
67 | q INTEGER, | ||
68 | g INTEGER | ||
69 | } | ||
70 | |||
71 | DSASignatureValue ::= SEQUENCE { | ||
72 | r INTEGER, | ||
73 | s INTEGER | ||
74 | } | ||
75 | |||
76 | DSAPrivateKey ::= SEQUENCE { | ||
77 | version INTEGER, -- should be zero | ||
78 | p INTEGER, | ||
79 | q INTEGER, | ||
80 | g INTEGER, | ||
81 | Y INTEGER, -- public | ||
82 | priv INTEGER | ||
83 | } | ||
84 | |||
85 | -- from PKCS#3 | ||
86 | DHParameter ::= SEQUENCE { | ||
87 | prime INTEGER, -- p | ||
88 | base INTEGER, -- g | ||
89 | privateValueLength INTEGER OPTIONAL | ||
90 | } | ||
91 | |||
92 | |||
93 | END | ||
diff --git a/src/daemon/https/tls/gnutls.pc b/src/daemon/https/tls/gnutls.pc deleted file mode 100644 index 544428cb..00000000 --- a/src/daemon/https/tls/gnutls.pc +++ /dev/null | |||
@@ -1,23 +0,0 @@ | |||
1 | # Process this file with autoconf to produce a pkg-config metadata file. | ||
2 | # Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | # Author: Simon Josefsson | ||
4 | # | ||
5 | # This file is free software; as a special exception the author gives | ||
6 | # unlimited permission to copy and/or distribute it, with or without | ||
7 | # modifications, as long as this notice is preserved. | ||
8 | # | ||
9 | # This file is distributed in the hope that it will be useful, but | ||
10 | # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the | ||
11 | # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | ||
12 | |||
13 | prefix=/home/lama/workbench/programming/c/gnunet/gnutls-2.2.3/build | ||
14 | exec_prefix=${prefix} | ||
15 | libdir=${exec_prefix}/lib | ||
16 | includedir=${prefix}/include | ||
17 | |||
18 | Name: GnuTLS | ||
19 | Description: Transport Security Layer implementation for the GNU system | ||
20 | Version: 2.2.3 | ||
21 | Libs: -L${libdir} -lgnutls | ||
22 | Libs.private: -L${exec_prefix}/lib -lgnutls -L/usr/lib -ltasn1 -lgcrypt | ||
23 | Cflags: -I${includedir} | ||
diff --git a/src/daemon/https/tls/gnutls_alert.c b/src/daemon/https/tls/gnutls_alert.c deleted file mode 100644 index 4925f6e7..00000000 --- a/src/daemon/https/tls/gnutls_alert.c +++ /dev/null | |||
@@ -1,296 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | #include <gnutls_errors.h> | ||
27 | #include <gnutls_record.h> | ||
28 | #include <debug.h> | ||
29 | |||
30 | typedef struct | ||
31 | { | ||
32 | MHD_gnutls_alert_description_t alert; | ||
33 | const char *desc; | ||
34 | } MHD_gnutls_alert_entry; | ||
35 | |||
36 | static const MHD_gnutls_alert_entry MHD_gtls_sup_alerts[] = { | ||
37 | {GNUTLS_A_CLOSE_NOTIFY, "Close notify"}, | ||
38 | {GNUTLS_A_UNEXPECTED_MESSAGE, "Unexpected message"}, | ||
39 | {GNUTLS_A_BAD_RECORD_MAC, "Bad record MAC"}, | ||
40 | {GNUTLS_A_DECRYPTION_FAILED, "Decryption failed"}, | ||
41 | {GNUTLS_A_RECORD_OVERFLOW, "Record overflow"}, | ||
42 | {GNUTLS_A_DECOMPRESSION_FAILURE, "Decompression failed"}, | ||
43 | {GNUTLS_A_HANDSHAKE_FAILURE, "Handshake failed"}, | ||
44 | {GNUTLS_A_BAD_CERTIFICATE, "Certificate is bad"}, | ||
45 | {GNUTLS_A_UNSUPPORTED_CERTIFICATE, "Certificate is not supported"}, | ||
46 | {GNUTLS_A_CERTIFICATE_REVOKED, "Certificate was revoked"}, | ||
47 | {GNUTLS_A_CERTIFICATE_EXPIRED, "Certificate is expired"}, | ||
48 | {GNUTLS_A_CERTIFICATE_UNKNOWN, "Unknown certificate"}, | ||
49 | {GNUTLS_A_ILLEGAL_PARAMETER, "Illegal parameter"}, | ||
50 | {GNUTLS_A_UNKNOWN_CA, "CA is unknown"}, | ||
51 | {GNUTLS_A_ACCESS_DENIED, "Access was denied"}, | ||
52 | {GNUTLS_A_DECODE_ERROR, "Decode error"}, | ||
53 | {GNUTLS_A_DECRYPT_ERROR, "Decrypt error"}, | ||
54 | {GNUTLS_A_EXPORT_RESTRICTION, "Export restriction"}, | ||
55 | {GNUTLS_A_PROTOCOL_VERSION, "Error in protocol version"}, | ||
56 | {GNUTLS_A_INSUFFICIENT_SECURITY, "Insufficient security"}, | ||
57 | {GNUTLS_A_USER_CANCELED, "User canceled"}, | ||
58 | {GNUTLS_A_INTERNAL_ERROR, "Internal error"}, | ||
59 | {GNUTLS_A_NO_RENEGOTIATION, "No renegotiation is allowed"}, | ||
60 | {GNUTLS_A_CERTIFICATE_UNOBTAINABLE, | ||
61 | "Could not retrieve the specified certificate"}, | ||
62 | {GNUTLS_A_UNSUPPORTED_EXTENSION, "An unsupported extension was sent"}, | ||
63 | {GNUTLS_A_UNRECOGNIZED_NAME, | ||
64 | "The server name sent was not recognized"}, | ||
65 | {GNUTLS_A_UNKNOWN_PSK_IDENTITY, | ||
66 | "The SRP/PSK username is missing or not known"}, | ||
67 | }; | ||
68 | |||
69 | #define GNUTLS_ALERT_LOOP(b) \ | ||
70 | const MHD_gnutls_alert_entry *p; \ | ||
71 | for(p = MHD_gtls_sup_alerts; p->desc != NULL; p++) { b ; } | ||
72 | |||
73 | #define GNUTLS_ALERT_ID_LOOP(a) \ | ||
74 | GNUTLS_ALERT_LOOP( if(p->alert == alert) { a; break; }) | ||
75 | |||
76 | |||
77 | /** | ||
78 | * MHD__gnutls_alert_get_name - Returns a string describing the alert number given | ||
79 | * @alert: is an alert number #MHD_gtls_session_t structure. | ||
80 | * | ||
81 | * This function will return a string that describes the given alert | ||
82 | * number or NULL. See MHD_gnutls_alert_get(). | ||
83 | * | ||
84 | **/ | ||
85 | const char * | ||
86 | MHD__gnutls_alert_get_name (MHD_gnutls_alert_description_t alert) | ||
87 | { | ||
88 | const char *ret = NULL; | ||
89 | |||
90 | GNUTLS_ALERT_ID_LOOP (ret = p->desc); | ||
91 | |||
92 | return ret; | ||
93 | } | ||
94 | |||
95 | /** | ||
96 | * MHD__gnutls_alert_send - This function sends an alert message to the peer | ||
97 | * @session: is a #MHD_gtls_session_t structure. | ||
98 | * @level: is the level of the alert | ||
99 | * @desc: is the alert description | ||
100 | * | ||
101 | * This function will send an alert to the peer in order to inform | ||
102 | * him of something important (eg. his Certificate could not be verified). | ||
103 | * If the alert level is Fatal then the peer is expected to close the | ||
104 | * connection, otherwise he may ignore the alert and continue. | ||
105 | * | ||
106 | * The error code of the underlying record send function will be returned, | ||
107 | * so you may also receive GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN as well. | ||
108 | * | ||
109 | * Returns 0 on success. | ||
110 | * | ||
111 | **/ | ||
112 | int | ||
113 | MHD__gnutls_alert_send (MHD_gtls_session_t session, | ||
114 | MHD_gnutls_alert_level_t level, | ||
115 | MHD_gnutls_alert_description_t desc) | ||
116 | { | ||
117 | uint8_t data[2]; | ||
118 | int ret; | ||
119 | const char *name; | ||
120 | |||
121 | data[0] = (uint8_t) level; | ||
122 | data[1] = (uint8_t) desc; | ||
123 | |||
124 | name = MHD__gnutls_alert_get_name ((int) data[1]); | ||
125 | if (name == NULL) | ||
126 | name = "(unknown)"; | ||
127 | MHD__gnutls_record_log ("REC: Sending Alert[%d|%d] - %s\n", data[0], | ||
128 | data[1], name); | ||
129 | |||
130 | if ((ret = MHD_gtls_send_int (session, GNUTLS_ALERT, -1, data, 2)) >= 0) | ||
131 | return 0; | ||
132 | else | ||
133 | return ret; | ||
134 | } | ||
135 | |||
136 | /** | ||
137 | * MHD_gtls_error_to_alert - This function returns an alert code based on the given error code | ||
138 | * @err: is a negative integer | ||
139 | * @level: the alert level will be stored there | ||
140 | * | ||
141 | * Returns an alert depending on the error code returned by a gnutls | ||
142 | * function. All alerts sent by this function should be considered fatal. | ||
143 | * The only exception is when err == GNUTLS_E_REHANDSHAKE, where a warning | ||
144 | * alert should be sent to the peer indicating that no renegotiation will | ||
145 | * be performed. | ||
146 | * | ||
147 | * If there is no mapping to a valid alert the alert to indicate internal error | ||
148 | * is returned. | ||
149 | * | ||
150 | **/ | ||
151 | int | ||
152 | MHD_gtls_error_to_alert (int err, int *level) | ||
153 | { | ||
154 | int ret, _level = -1; | ||
155 | |||
156 | switch (err) | ||
157 | { /* send appropriate alert */ | ||
158 | case GNUTLS_E_DECRYPTION_FAILED: | ||
159 | /* GNUTLS_A_DECRYPTION_FAILED is not sent, because | ||
160 | * it is not defined in SSL3. Note that we must | ||
161 | * not distinguish Decryption failures from mac | ||
162 | * check failures, due to the possibility of some | ||
163 | * attacks. | ||
164 | */ | ||
165 | ret = GNUTLS_A_BAD_RECORD_MAC; | ||
166 | _level = GNUTLS_AL_FATAL; | ||
167 | break; | ||
168 | case GNUTLS_E_DECOMPRESSION_FAILED: | ||
169 | ret = GNUTLS_A_DECOMPRESSION_FAILURE; | ||
170 | _level = GNUTLS_AL_FATAL; | ||
171 | break; | ||
172 | case GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER: | ||
173 | case GNUTLS_E_ILLEGAL_SRP_USERNAME: | ||
174 | ret = GNUTLS_A_ILLEGAL_PARAMETER; | ||
175 | _level = GNUTLS_AL_FATAL; | ||
176 | break; | ||
177 | case GNUTLS_E_ASN1_ELEMENT_NOT_FOUND: | ||
178 | case GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND: | ||
179 | case GNUTLS_E_ASN1_DER_ERROR: | ||
180 | case GNUTLS_E_ASN1_VALUE_NOT_FOUND: | ||
181 | case GNUTLS_E_ASN1_GENERIC_ERROR: | ||
182 | case GNUTLS_E_ASN1_VALUE_NOT_VALID: | ||
183 | case GNUTLS_E_ASN1_TAG_ERROR: | ||
184 | case GNUTLS_E_ASN1_TAG_IMPLICIT: | ||
185 | case GNUTLS_E_ASN1_TYPE_ANY_ERROR: | ||
186 | case GNUTLS_E_ASN1_SYNTAX_ERROR: | ||
187 | case GNUTLS_E_ASN1_DER_OVERFLOW: | ||
188 | ret = GNUTLS_A_BAD_CERTIFICATE; | ||
189 | _level = GNUTLS_AL_FATAL; | ||
190 | break; | ||
191 | case GNUTLS_E_UNKNOWN_CIPHER_SUITE: | ||
192 | case GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM: | ||
193 | case GNUTLS_E_INSUFFICIENT_CREDENTIALS: | ||
194 | case GNUTLS_E_NO_CIPHER_SUITES: | ||
195 | case GNUTLS_E_NO_COMPRESSION_ALGORITHMS: | ||
196 | ret = GNUTLS_A_HANDSHAKE_FAILURE; | ||
197 | _level = GNUTLS_AL_FATAL; | ||
198 | break; | ||
199 | case GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION: | ||
200 | ret = GNUTLS_A_UNSUPPORTED_EXTENSION; | ||
201 | _level = GNUTLS_AL_FATAL; | ||
202 | break; | ||
203 | case GNUTLS_E_UNEXPECTED_PACKET: | ||
204 | case GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET: | ||
205 | ret = GNUTLS_A_UNEXPECTED_MESSAGE; | ||
206 | _level = GNUTLS_AL_FATAL; | ||
207 | break; | ||
208 | case GNUTLS_E_REHANDSHAKE: | ||
209 | ret = GNUTLS_A_NO_RENEGOTIATION; | ||
210 | _level = GNUTLS_AL_WARNING; | ||
211 | break; | ||
212 | case GNUTLS_E_UNSUPPORTED_VERSION_PACKET: | ||
213 | ret = GNUTLS_A_PROTOCOL_VERSION; | ||
214 | _level = GNUTLS_AL_FATAL; | ||
215 | break; | ||
216 | case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE: | ||
217 | ret = GNUTLS_A_UNSUPPORTED_CERTIFICATE; | ||
218 | _level = GNUTLS_AL_FATAL; | ||
219 | break; | ||
220 | case GNUTLS_E_UNEXPECTED_PACKET_LENGTH: | ||
221 | ret = GNUTLS_A_RECORD_OVERFLOW; | ||
222 | _level = GNUTLS_AL_FATAL; | ||
223 | break; | ||
224 | case GNUTLS_E_INTERNAL_ERROR: | ||
225 | case GNUTLS_E_NO_TEMPORARY_DH_PARAMS: | ||
226 | case GNUTLS_E_NO_TEMPORARY_RSA_PARAMS: | ||
227 | ret = GNUTLS_A_INTERNAL_ERROR; | ||
228 | _level = GNUTLS_AL_FATAL; | ||
229 | break; | ||
230 | case GNUTLS_E_DH_PRIME_UNACCEPTABLE: | ||
231 | case GNUTLS_E_NO_CERTIFICATE_FOUND: | ||
232 | ret = GNUTLS_A_INSUFFICIENT_SECURITY; | ||
233 | _level = GNUTLS_AL_FATAL; | ||
234 | break; | ||
235 | default: | ||
236 | ret = GNUTLS_A_INTERNAL_ERROR; | ||
237 | _level = GNUTLS_AL_FATAL; | ||
238 | break; | ||
239 | } | ||
240 | |||
241 | if (level != NULL) | ||
242 | *level = _level; | ||
243 | |||
244 | return ret; | ||
245 | } | ||
246 | |||
247 | |||
248 | /** | ||
249 | * MHD__gnutls_alert_send_appropriate - This function sends an alert to the peer depending on the error code | ||
250 | * @session: is a #MHD_gtls_session_t structure. | ||
251 | * @err: is an integer | ||
252 | * | ||
253 | * Sends an alert to the peer depending on the error code returned by a gnutls | ||
254 | * function. This function will call MHD_gtls_error_to_alert() to determine | ||
255 | * the appropriate alert to send. | ||
256 | * | ||
257 | * This function may also return GNUTLS_E_AGAIN, or GNUTLS_E_INTERRUPTED. | ||
258 | * | ||
259 | * If the return value is GNUTLS_E_INVALID_REQUEST, then no alert has | ||
260 | * been sent to the peer. | ||
261 | * | ||
262 | * Returns zero on success. | ||
263 | */ | ||
264 | int | ||
265 | MHD__gnutls_alert_send_appropriate (MHD_gtls_session_t session, int err) | ||
266 | { | ||
267 | int alert; | ||
268 | int level; | ||
269 | |||
270 | alert = MHD_gtls_error_to_alert (err, &level); | ||
271 | if (alert < 0) | ||
272 | { | ||
273 | return alert; | ||
274 | } | ||
275 | |||
276 | return MHD__gnutls_alert_send (session, level, alert); | ||
277 | } | ||
278 | |||
279 | /** | ||
280 | * MHD_gnutls_alert_get - Returns the last alert number received. | ||
281 | * @session: is a #MHD_gtls_session_t structure. | ||
282 | * | ||
283 | * This function will return the last alert number received. This | ||
284 | * function should be called if GNUTLS_E_WARNING_ALERT_RECEIVED or | ||
285 | * GNUTLS_E_FATAL_ALERT_RECEIVED has been returned by a gnutls | ||
286 | * function. The peer may send alerts if he thinks some things were | ||
287 | * not right. Check gnutls.h for the available alert descriptions. | ||
288 | * | ||
289 | * If no alert has been received the returned value is undefined. | ||
290 | * | ||
291 | **/ | ||
292 | MHD_gnutls_alert_description_t | ||
293 | MHD_gnutls_alert_get (MHD_gtls_session_t session) | ||
294 | { | ||
295 | return session->internals.last_alert; | ||
296 | } | ||
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c deleted file mode 100644 index f65ccbac..00000000 --- a/src/daemon/https/tls/gnutls_algorithms.c +++ /dev/null | |||
@@ -1,1340 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include "gnutls_int.h" | ||
26 | #include "gnutls_algorithms.h" | ||
27 | #include "gnutls_errors.h" | ||
28 | #include "gnutls_cert.h" | ||
29 | /* x509 */ | ||
30 | #include "common.h" | ||
31 | |||
32 | /* Cred type mappings to KX algorithms | ||
33 | * FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require | ||
34 | * more than one credentials type. | ||
35 | */ | ||
36 | typedef struct | ||
37 | { | ||
38 | enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm; | ||
39 | enum MHD_GNUTLS_CredentialsType client_type; | ||
40 | enum MHD_GNUTLS_CredentialsType server_type; /* The type of credentials a server | ||
41 | * needs to set */ | ||
42 | } MHD_gnutls_cred_map; | ||
43 | |||
44 | static const MHD_gnutls_cred_map MHD_gtls_cred_mappings[] = { | ||
45 | {MHD_GNUTLS_KX_RSA, | ||
46 | MHD_GNUTLS_CRD_CERTIFICATE, | ||
47 | MHD_GNUTLS_CRD_CERTIFICATE}, | ||
48 | {MHD_GNUTLS_KX_RSA_EXPORT, | ||
49 | MHD_GNUTLS_CRD_CERTIFICATE, | ||
50 | MHD_GNUTLS_CRD_CERTIFICATE}, | ||
51 | {0, | ||
52 | 0, | ||
53 | 0} | ||
54 | }; | ||
55 | |||
56 | #define GNUTLS_KX_MAP_LOOP(b) \ | ||
57 | const MHD_gnutls_cred_map *p; \ | ||
58 | for(p = MHD_gtls_cred_mappings; p->algorithm != 0; p++) { b ; } | ||
59 | |||
60 | #define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \ | ||
61 | GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; }) | ||
62 | |||
63 | #define GNUTLS_KX_MAP_ALG_LOOP_CLIENT(a) \ | ||
64 | GNUTLS_KX_MAP_LOOP( if(p->client_type == type) { a; break; }) | ||
65 | |||
66 | /* KX mappings to PK algorithms */ | ||
67 | typedef struct | ||
68 | { | ||
69 | enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm; | ||
70 | enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; | ||
71 | enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used | ||
72 | * for encryption, CIPHER_SIGN if signature only, | ||
73 | * CIPHER_IGN if this does not apply at all. | ||
74 | * | ||
75 | * This is useful to certificate cipher suites, which check | ||
76 | * against the certificate key usage bits. | ||
77 | */ | ||
78 | } MHD_gnutls_pk_map; | ||
79 | |||
80 | /* This table maps the Key exchange algorithms to | ||
81 | * the certificate algorithms. Eg. if we have | ||
82 | * RSA algorithm in the certificate then we can | ||
83 | * use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA. | ||
84 | */ | ||
85 | static const MHD_gnutls_pk_map MHD_gtls_pk_mappings[] = { | ||
86 | {MHD_GNUTLS_KX_RSA, | ||
87 | MHD_GNUTLS_PK_RSA, | ||
88 | CIPHER_ENCRYPT}, | ||
89 | {MHD_GNUTLS_KX_RSA_EXPORT, | ||
90 | MHD_GNUTLS_PK_RSA, | ||
91 | CIPHER_SIGN}, | ||
92 | {0, | ||
93 | 0, | ||
94 | 0} | ||
95 | }; | ||
96 | |||
97 | #define GNUTLS_PK_MAP_LOOP(b) \ | ||
98 | const MHD_gnutls_pk_map *p; \ | ||
99 | for(p = MHD_gtls_pk_mappings; p->kx_algorithm != 0; p++) { b } | ||
100 | |||
101 | #define GNUTLS_PK_MAP_ALG_LOOP(a) \ | ||
102 | GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; }) | ||
103 | |||
104 | /* TLS Versions */ | ||
105 | |||
106 | typedef struct | ||
107 | { | ||
108 | const char *name; | ||
109 | enum MHD_GNUTLS_Protocol id; /* gnutls internal version number */ | ||
110 | int major; /* defined by the protocol */ | ||
111 | int minor; /* defined by the protocol */ | ||
112 | int supported; /* 0 not supported, > 0 is supported */ | ||
113 | } MHD_gnutls_version_entry; | ||
114 | |||
115 | static const MHD_gnutls_version_entry MHD_gtls_sup_versions[] = { | ||
116 | {"SSL3.0", | ||
117 | MHD_GNUTLS_PROTOCOL_SSL3, | ||
118 | 3, | ||
119 | 0, | ||
120 | 1}, | ||
121 | {"TLS1.0", | ||
122 | MHD_GNUTLS_PROTOCOL_TLS1_0, | ||
123 | 3, | ||
124 | 1, | ||
125 | 1}, | ||
126 | {"TLS1.1", | ||
127 | MHD_GNUTLS_PROTOCOL_TLS1_1, | ||
128 | 3, | ||
129 | 2, | ||
130 | 1}, | ||
131 | {"TLS1.2", | ||
132 | MHD_GNUTLS_PROTOCOL_TLS1_2, | ||
133 | 3, | ||
134 | 3, | ||
135 | 1}, | ||
136 | {0, | ||
137 | 0, | ||
138 | 0, | ||
139 | 0, | ||
140 | 0} | ||
141 | }; | ||
142 | |||
143 | /* Keep the contents of this struct the same as the previous one. */ | ||
144 | static const enum MHD_GNUTLS_Protocol MHD_gtls_supported_protocols[] = | ||
145 | { MHD_GNUTLS_PROTOCOL_SSL3, | ||
146 | MHD_GNUTLS_PROTOCOL_TLS1_0, | ||
147 | MHD_GNUTLS_PROTOCOL_TLS1_1, | ||
148 | MHD_GNUTLS_PROTOCOL_TLS1_2, | ||
149 | 0 | ||
150 | }; | ||
151 | |||
152 | #define GNUTLS_VERSION_LOOP(b) \ | ||
153 | const MHD_gnutls_version_entry *p; \ | ||
154 | for(p = MHD_gtls_sup_versions; p->name != NULL; p++) { b ; } | ||
155 | |||
156 | #define GNUTLS_VERSION_ALG_LOOP(a) \ | ||
157 | GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; }) | ||
158 | |||
159 | struct MHD_gnutls_cipher_entry | ||
160 | { | ||
161 | const char *name; | ||
162 | enum MHD_GNUTLS_CipherAlgorithm id; | ||
163 | uint16_t blocksize; | ||
164 | uint16_t keysize; | ||
165 | cipher_type_t block; | ||
166 | uint16_t iv; | ||
167 | int export_flag; /* 0 non export */ | ||
168 | }; | ||
169 | typedef struct MHD_gnutls_cipher_entry MHD_gnutls_cipher_entry; | ||
170 | |||
171 | /* Note that all algorithms are in CBC or STREAM modes. | ||
172 | * Do not add any algorithms in other modes (avoid modified algorithms). | ||
173 | * View first: "The order of encryption and authentication for | ||
174 | * protecting communications" by Hugo Krawczyk - CRYPTO 2001 | ||
175 | */ | ||
176 | static const MHD_gnutls_cipher_entry MHD_gtls_algorithms[] = { | ||
177 | {"AES-256-CBC", | ||
178 | MHD_GNUTLS_CIPHER_AES_256_CBC, | ||
179 | 16, | ||
180 | 32, | ||
181 | CIPHER_BLOCK, | ||
182 | 16, | ||
183 | 0}, | ||
184 | {"AES-128-CBC", | ||
185 | MHD_GNUTLS_CIPHER_AES_128_CBC, | ||
186 | 16, | ||
187 | 16, | ||
188 | CIPHER_BLOCK, | ||
189 | 16, | ||
190 | 0}, | ||
191 | {"3DES-CBC", | ||
192 | MHD_GNUTLS_CIPHER_3DES_CBC, | ||
193 | 8, | ||
194 | 24, | ||
195 | CIPHER_BLOCK, | ||
196 | 8, | ||
197 | 0}, | ||
198 | {"ARCFOUR-128", | ||
199 | MHD_GNUTLS_CIPHER_ARCFOUR_128, | ||
200 | 1, | ||
201 | 16, | ||
202 | CIPHER_STREAM, | ||
203 | 0, | ||
204 | 0}, | ||
205 | {"NULL", | ||
206 | MHD_GNUTLS_CIPHER_NULL, | ||
207 | 1, | ||
208 | 0, | ||
209 | CIPHER_STREAM, | ||
210 | 0, | ||
211 | 0}, | ||
212 | {0, | ||
213 | 0, | ||
214 | 0, | ||
215 | 0, | ||
216 | 0, | ||
217 | 0, | ||
218 | 0} | ||
219 | }; | ||
220 | |||
221 | /* Keep the contents of this struct the same as the previous one. */ | ||
222 | static const enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_supported_ciphers[] = | ||
223 | { MHD_GNUTLS_CIPHER_AES_256_CBC, | ||
224 | MHD_GNUTLS_CIPHER_AES_128_CBC, | ||
225 | MHD_GNUTLS_CIPHER_3DES_CBC, | ||
226 | MHD_GNUTLS_CIPHER_ARCFOUR_128, | ||
227 | MHD_GNUTLS_CIPHER_NULL, | ||
228 | 0 | ||
229 | }; | ||
230 | |||
231 | #define GNUTLS_LOOP(b) \ | ||
232 | const MHD_gnutls_cipher_entry *p; \ | ||
233 | for(p = MHD_gtls_algorithms; p->name != NULL; p++) { b ; } | ||
234 | |||
235 | #define GNUTLS_ALG_LOOP(a) \ | ||
236 | GNUTLS_LOOP( if(p->id == algorithm) { a; break; } ) | ||
237 | |||
238 | struct MHD_gnutls_hash_entry | ||
239 | { | ||
240 | const char *name; | ||
241 | const char *oid; | ||
242 | enum MHD_GNUTLS_HashAlgorithm id; | ||
243 | size_t key_size; /* in case of mac */ | ||
244 | }; | ||
245 | typedef struct MHD_gnutls_hash_entry MHD_gnutls_hash_entry; | ||
246 | |||
247 | static const MHD_gnutls_hash_entry MHD_gtls_hash_algorithms[] = { | ||
248 | {"SHA1", | ||
249 | HASH_OID_SHA1, | ||
250 | MHD_GNUTLS_MAC_SHA1, | ||
251 | 20}, | ||
252 | {"MD5", | ||
253 | HASH_OID_MD5, | ||
254 | MHD_GNUTLS_MAC_MD5, | ||
255 | 16}, | ||
256 | {"SHA256", | ||
257 | HASH_OID_SHA256, | ||
258 | MHD_GNUTLS_MAC_SHA256, | ||
259 | 32}, | ||
260 | {"NULL", | ||
261 | NULL, | ||
262 | MHD_GNUTLS_MAC_NULL, | ||
263 | 0}, | ||
264 | {0, | ||
265 | 0, | ||
266 | 0, | ||
267 | 0} | ||
268 | }; | ||
269 | |||
270 | /* Keep the contents of this struct the same as the previous one. */ | ||
271 | static const enum MHD_GNUTLS_HashAlgorithm MHD_gtls_supported_macs[] = | ||
272 | { MHD_GNUTLS_MAC_SHA1, | ||
273 | MHD_GNUTLS_MAC_MD5, | ||
274 | MHD_GNUTLS_MAC_SHA256, | ||
275 | MHD_GNUTLS_MAC_NULL, | ||
276 | 0 | ||
277 | }; | ||
278 | |||
279 | #define GNUTLS_HASH_LOOP(b) \ | ||
280 | const MHD_gnutls_hash_entry *p; \ | ||
281 | for(p = MHD_gtls_hash_algorithms; p->name != NULL; p++) { b ; } | ||
282 | |||
283 | #define GNUTLS_HASH_ALG_LOOP(a) \ | ||
284 | GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } ) | ||
285 | |||
286 | /* Compression Section */ | ||
287 | #define GNUTLS_COMPRESSION_ENTRY(name, id, wb, ml, cl) \ | ||
288 | { #name, name, id, wb, ml, cl} | ||
289 | |||
290 | #define MAX_COMP_METHODS 5 | ||
291 | const int MHD__gnutls_comp_algorithms_size = MAX_COMP_METHODS; | ||
292 | |||
293 | /* the compression entry is defined in MHD_gnutls_algorithms.h */ | ||
294 | |||
295 | MHD_gnutls_compression_entry | ||
296 | MHD__gnutls_compression_algorithms[MAX_COMP_METHODS] = | ||
297 | { | ||
298 | GNUTLS_COMPRESSION_ENTRY (MHD_GNUTLS_COMP_NULL, 0x00, 0, 0, 0), | ||
299 | { | ||
300 | 0, 0, 0, 0, 0, 0} | ||
301 | }; | ||
302 | |||
303 | static const enum MHD_GNUTLS_CompressionMethod | ||
304 | MHD_gtls_supported_compressions[] = | ||
305 | { | ||
306 | MHD_GNUTLS_COMP_NULL, | ||
307 | 0 | ||
308 | }; | ||
309 | |||
310 | #define GNUTLS_COMPRESSION_LOOP(b) \ | ||
311 | const MHD_gnutls_compression_entry *p; \ | ||
312 | for(p = MHD__gnutls_compression_algorithms; p->name != NULL; p++) { b ; } | ||
313 | #define GNUTLS_COMPRESSION_ALG_LOOP(a) \ | ||
314 | GNUTLS_COMPRESSION_LOOP( if(p->id == algorithm) { a; break; } ) | ||
315 | #define GNUTLS_COMPRESSION_ALG_LOOP_NUM(a) \ | ||
316 | GNUTLS_COMPRESSION_LOOP( if(p->num == num) { a; break; } ) | ||
317 | |||
318 | /* Key Exchange Section */ | ||
319 | extern MHD_gtls_mod_auth_st MHD_gtls_rsa_auth_struct; | ||
320 | extern MHD_gtls_mod_auth_st MHD_rsa_export_auth_struct; | ||
321 | extern MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct; | ||
322 | extern MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct; | ||
323 | extern MHD_gtls_mod_auth_st srp_auth_struct; | ||
324 | extern MHD_gtls_mod_auth_st psk_auth_struct; | ||
325 | extern MHD_gtls_mod_auth_st dhe_psk_auth_struct; | ||
326 | extern MHD_gtls_mod_auth_st srp_rsa_auth_struct; | ||
327 | extern MHD_gtls_mod_auth_st srp_dss_auth_struct; | ||
328 | |||
329 | typedef struct MHD_gtls_kx_algo_entry | ||
330 | { | ||
331 | const char *name; | ||
332 | enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm; | ||
333 | MHD_gtls_mod_auth_st *auth_struct; | ||
334 | int needs_dh_params; | ||
335 | int needs_rsa_params; | ||
336 | } MHD_gtls_kx_algo_entry_t; | ||
337 | |||
338 | static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = { | ||
339 | {"RSA", | ||
340 | MHD_GNUTLS_KX_RSA, | ||
341 | &MHD_gtls_rsa_auth_struct, | ||
342 | 0, | ||
343 | 0}, | ||
344 | {"RSA-EXPORT", | ||
345 | MHD_GNUTLS_KX_RSA_EXPORT, | ||
346 | &MHD_rsa_export_auth_struct, | ||
347 | 0, | ||
348 | 1 /* needs RSA params */ }, | ||
349 | {0, | ||
350 | 0, | ||
351 | 0, | ||
352 | 0, | ||
353 | 0} | ||
354 | }; | ||
355 | |||
356 | /* Keep the contents of this struct the same as the previous one. */ | ||
357 | static const enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_supported_kxs[] = | ||
358 | { | ||
359 | MHD_GNUTLS_KX_RSA, | ||
360 | MHD_GNUTLS_KX_RSA_EXPORT, | ||
361 | 0 | ||
362 | }; | ||
363 | |||
364 | #define GNUTLS_KX_LOOP(b) \ | ||
365 | const MHD_gtls_kx_algo_entry_t *p; \ | ||
366 | for(p = MHD_gtls_kx_algorithms; p->name != NULL; p++) { b ; } | ||
367 | |||
368 | #define GNUTLS_KX_ALG_LOOP(a) \ | ||
369 | GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } ) | ||
370 | |||
371 | /* Cipher SUITES */ | ||
372 | #define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, version ) \ | ||
373 | { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, version } | ||
374 | |||
375 | typedef struct | ||
376 | { | ||
377 | const char *name; | ||
378 | cipher_suite_st id; | ||
379 | enum MHD_GNUTLS_CipherAlgorithm block_algorithm; | ||
380 | enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm; | ||
381 | enum MHD_GNUTLS_HashAlgorithm mac_algorithm; | ||
382 | enum MHD_GNUTLS_Protocol version; /* this cipher suite is supported | ||
383 | * from 'version' and above; | ||
384 | */ | ||
385 | } MHD_gtls_cipher_suite_entry; | ||
386 | |||
387 | /* RSA with NULL cipher and MD5 MAC | ||
388 | * for test purposes. | ||
389 | */ | ||
390 | #define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 } | ||
391 | |||
392 | /* PSK (not in TLS 1.0) | ||
393 | * draft-ietf-tls-psk: | ||
394 | */ | ||
395 | #define GNUTLS_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8A } | ||
396 | #define GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8B } | ||
397 | #define GNUTLS_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x8C } | ||
398 | #define GNUTLS_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x8D } | ||
399 | |||
400 | #define GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8E } | ||
401 | #define GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8F } | ||
402 | #define GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x90 } | ||
403 | #define GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x91 } | ||
404 | |||
405 | /* SRP (rfc5054) | ||
406 | */ | ||
407 | #define GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1A } | ||
408 | #define GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1B } | ||
409 | #define GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 { 0xC0, 0x1C } | ||
410 | |||
411 | #define GNUTLS_SRP_SHA_AES_128_CBC_SHA1 { 0xC0, 0x1D } | ||
412 | #define GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1 { 0xC0, 0x1E } | ||
413 | #define GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1 { 0xC0, 0x1F } | ||
414 | |||
415 | #define GNUTLS_SRP_SHA_AES_256_CBC_SHA1 { 0xC0, 0x20 } | ||
416 | #define GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1 { 0xC0, 0x21 } | ||
417 | #define GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1 { 0xC0, 0x22 } | ||
418 | |||
419 | /* RSA | ||
420 | */ | ||
421 | #define GNUTLS_RSA_ARCFOUR_SHA1 { 0x00, 0x05 } | ||
422 | #define GNUTLS_RSA_ARCFOUR_MD5 { 0x00, 0x04 } | ||
423 | #define GNUTLS_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x0A } | ||
424 | |||
425 | /* rfc3268: | ||
426 | */ | ||
427 | #define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F } | ||
428 | #define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 } | ||
429 | |||
430 | /* rfc4132 */ | ||
431 | #define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x41 } | ||
432 | #define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 } | ||
433 | |||
434 | /* DHE DSS | ||
435 | */ | ||
436 | |||
437 | #define GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1 { 0x00, 0x13 } | ||
438 | |||
439 | /* draft-ietf-tls-56-bit-ciphersuites-01: | ||
440 | */ | ||
441 | #define GNUTLS_DHE_DSS_ARCFOUR_SHA1 { 0x00, 0x66 } | ||
442 | |||
443 | /* rfc3268: | ||
444 | */ | ||
445 | #define GNUTLS_DHE_DSS_AES_256_CBC_SHA1 { 0x00, 0x38 } | ||
446 | #define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 } | ||
447 | |||
448 | /* rfc4132 */ | ||
449 | #define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00,0x44 } | ||
450 | #define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 } | ||
451 | |||
452 | /* DHE RSA | ||
453 | */ | ||
454 | #define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 } | ||
455 | |||
456 | /* rfc3268: | ||
457 | */ | ||
458 | #define GNUTLS_DHE_RSA_AES_128_CBC_SHA1 { 0x00, 0x33 } | ||
459 | #define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 } | ||
460 | |||
461 | /* rfc4132 */ | ||
462 | #define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 } | ||
463 | #define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 } | ||
464 | |||
465 | #define CIPHER_SUITES_COUNT sizeof(MHD_gtls_cs_algorithms)/sizeof(MHD_gtls_cipher_suite_entry)-1 | ||
466 | |||
467 | static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = { | ||
468 | /* RSA */ | ||
469 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5, | ||
470 | MHD_GNUTLS_CIPHER_NULL, | ||
471 | MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_MD5, | ||
472 | MHD_GNUTLS_PROTOCOL_SSL3), | ||
473 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1, | ||
474 | MHD_GNUTLS_CIPHER_ARCFOUR_128, | ||
475 | MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_SHA1, | ||
476 | MHD_GNUTLS_PROTOCOL_SSL3), | ||
477 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5, | ||
478 | MHD_GNUTLS_CIPHER_ARCFOUR_128, | ||
479 | MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_MD5, | ||
480 | MHD_GNUTLS_PROTOCOL_SSL3), | ||
481 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1, | ||
482 | MHD_GNUTLS_CIPHER_3DES_CBC, | ||
483 | MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_SHA1, | ||
484 | MHD_GNUTLS_PROTOCOL_SSL3), | ||
485 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1, | ||
486 | MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_RSA, | ||
487 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), | ||
488 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1, | ||
489 | MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_RSA, | ||
490 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), | ||
491 | {0, | ||
492 | { | ||
493 | {0, | ||
494 | 0}}, | ||
495 | 0, | ||
496 | 0, | ||
497 | 0, | ||
498 | 0} | ||
499 | }; | ||
500 | |||
501 | #define GNUTLS_CIPHER_SUITE_LOOP(b) \ | ||
502 | const MHD_gtls_cipher_suite_entry *p; \ | ||
503 | for(p = MHD_gtls_cs_algorithms; p->name != NULL; p++) { b ; } | ||
504 | |||
505 | #define GNUTLS_CIPHER_SUITE_ALG_LOOP(a) \ | ||
506 | GNUTLS_CIPHER_SUITE_LOOP( if( (p->id.suite[0] == suite->suite[0]) && (p->id.suite[1] == suite->suite[1])) { a; break; } ) | ||
507 | |||
508 | /* Generic Functions */ | ||
509 | |||
510 | int | ||
511 | MHD_gtls_mac_priority (MHD_gtls_session_t session, | ||
512 | enum MHD_GNUTLS_HashAlgorithm algorithm) | ||
513 | { /* actually returns the priority */ | ||
514 | unsigned int i; | ||
515 | for (i = 0; i < session->internals.priorities.mac.num_algorithms; i++) | ||
516 | { | ||
517 | if (session->internals.priorities.mac.priority[i] == algorithm) | ||
518 | return i; | ||
519 | } | ||
520 | return -1; | ||
521 | } | ||
522 | |||
523 | |||
524 | int | ||
525 | MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm) | ||
526 | { | ||
527 | ssize_t ret = -1; | ||
528 | GNUTLS_HASH_ALG_LOOP (ret = p->id); | ||
529 | if (ret >= 0) | ||
530 | ret = 0; | ||
531 | else | ||
532 | ret = 1; | ||
533 | return ret; | ||
534 | } | ||
535 | |||
536 | |||
537 | /** | ||
538 | * MHD__gnutls_compression_get_name - Returns a string with the name of the specified compression algorithm | ||
539 | * @algorithm: is a Compression algorithm | ||
540 | * | ||
541 | * Returns: a pointer to a string that contains the name of the | ||
542 | * specified compression algorithm, or %NULL. | ||
543 | **/ | ||
544 | const char * | ||
545 | MHD_gtls_compression_get_name (enum MHD_GNUTLS_CompressionMethod algorithm) | ||
546 | { | ||
547 | const char *ret = NULL; | ||
548 | |||
549 | /* avoid prefix */ | ||
550 | GNUTLS_COMPRESSION_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_COMP_") - 1); | ||
551 | |||
552 | return ret; | ||
553 | } | ||
554 | |||
555 | /** | ||
556 | * MHD_gtls_compression_get_id - Returns the gnutls id of the specified in string algorithm | ||
557 | * @algorithm: is a compression method name | ||
558 | * | ||
559 | * The names are compared in a case insensitive way. | ||
560 | * | ||
561 | * Returns: an id of the specified in a string compression method, or | ||
562 | * %GNUTLS_COMP_UNKNOWN on error. | ||
563 | * | ||
564 | **/ | ||
565 | enum MHD_GNUTLS_CompressionMethod | ||
566 | MHD_gtls_compression_get_id (const char *name) | ||
567 | { | ||
568 | enum MHD_GNUTLS_CompressionMethod ret = MHD_GNUTLS_COMP_UNKNOWN; | ||
569 | |||
570 | GNUTLS_COMPRESSION_LOOP (if | ||
571 | (strcasecmp | ||
572 | (p->name + sizeof ("GNUTLS_COMP_") - 1, | ||
573 | name) == 0) ret = p->id) | ||
574 | ; | ||
575 | |||
576 | return ret; | ||
577 | } | ||
578 | |||
579 | |||
580 | /* return the tls number of the specified algorithm */ | ||
581 | int | ||
582 | MHD_gtls_compression_get_num (enum MHD_GNUTLS_CompressionMethod algorithm) | ||
583 | { | ||
584 | int ret = -1; | ||
585 | |||
586 | /* avoid prefix */ | ||
587 | GNUTLS_COMPRESSION_ALG_LOOP (ret = p->num); | ||
588 | |||
589 | return ret; | ||
590 | } | ||
591 | |||
592 | int | ||
593 | MHD_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod algorithm) | ||
594 | { | ||
595 | int ret = -1; | ||
596 | /* avoid prefix */ | ||
597 | GNUTLS_COMPRESSION_ALG_LOOP (ret = p->window_bits); | ||
598 | return ret; | ||
599 | } | ||
600 | |||
601 | int | ||
602 | MHD_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod | ||
603 | algorithm) | ||
604 | { | ||
605 | int ret = -1; | ||
606 | /* avoid prefix */ | ||
607 | GNUTLS_COMPRESSION_ALG_LOOP (ret = p->mem_level); | ||
608 | return ret; | ||
609 | } | ||
610 | |||
611 | int | ||
612 | MHD_gtls_compression_get_comp_level (enum MHD_GNUTLS_CompressionMethod | ||
613 | algorithm) | ||
614 | { | ||
615 | int ret = -1; | ||
616 | /* avoid prefix */ | ||
617 | GNUTLS_COMPRESSION_ALG_LOOP (ret = p->comp_level); | ||
618 | return ret; | ||
619 | } | ||
620 | |||
621 | /* returns the gnutls internal ID of the TLS compression | ||
622 | * method num | ||
623 | */ | ||
624 | enum MHD_GNUTLS_CompressionMethod | ||
625 | MHD_gtls_compression_get_id_from_int (int num) | ||
626 | { | ||
627 | enum MHD_GNUTLS_CompressionMethod ret = -1; | ||
628 | |||
629 | /* avoid prefix */ | ||
630 | GNUTLS_COMPRESSION_ALG_LOOP_NUM (ret = p->id); | ||
631 | |||
632 | return ret; | ||
633 | } | ||
634 | |||
635 | int | ||
636 | MHD_gtls_compression_is_ok (enum MHD_GNUTLS_CompressionMethod algorithm) | ||
637 | { | ||
638 | ssize_t ret = -1; | ||
639 | GNUTLS_COMPRESSION_ALG_LOOP (ret = p->id); | ||
640 | if (ret >= 0) | ||
641 | ret = 0; | ||
642 | else | ||
643 | ret = 1; | ||
644 | return ret; | ||
645 | } | ||
646 | |||
647 | /* CIPHER functions */ | ||
648 | int | ||
649 | MHD_gtls_cipher_get_block_size (enum MHD_GNUTLS_CipherAlgorithm algorithm) | ||
650 | { | ||
651 | size_t ret = 0; | ||
652 | GNUTLS_ALG_LOOP (ret = p->blocksize); | ||
653 | return ret; | ||
654 | |||
655 | } | ||
656 | |||
657 | /* returns the priority */ | ||
658 | int | ||
659 | MHD_gtls_cipher_priority (MHD_gtls_session_t session, | ||
660 | enum MHD_GNUTLS_CipherAlgorithm algorithm) | ||
661 | { | ||
662 | unsigned int i; | ||
663 | for (i = 0; i < session->internals.priorities.cipher.num_algorithms; i++) | ||
664 | { | ||
665 | if (session->internals.priorities.cipher.priority[i] == algorithm) | ||
666 | return i; | ||
667 | } | ||
668 | return -1; | ||
669 | } | ||
670 | |||
671 | int | ||
672 | MHD_gtls_cipher_is_block (enum MHD_GNUTLS_CipherAlgorithm algorithm) | ||
673 | { | ||
674 | size_t ret = 0; | ||
675 | |||
676 | GNUTLS_ALG_LOOP (ret = p->block); | ||
677 | return ret; | ||
678 | |||
679 | } | ||
680 | |||
681 | /** | ||
682 | * MHD__gnutls_cipher_get_key_size - Returns the length of the cipher's key size | ||
683 | * @algorithm: is an encryption algorithm | ||
684 | * | ||
685 | * Returns: length (in bytes) of the given cipher's key size, o 0 if | ||
686 | * the given cipher is invalid. | ||
687 | **/ | ||
688 | size_t | ||
689 | MHD__gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm algorithm) | ||
690 | { /* In bytes */ | ||
691 | size_t ret = 0; | ||
692 | GNUTLS_ALG_LOOP (ret = p->keysize); | ||
693 | return ret; | ||
694 | |||
695 | } | ||
696 | |||
697 | int | ||
698 | MHD_gtls_cipher_get_iv_size (enum MHD_GNUTLS_CipherAlgorithm algorithm) | ||
699 | { /* In bytes */ | ||
700 | size_t ret = 0; | ||
701 | GNUTLS_ALG_LOOP (ret = p->iv); | ||
702 | return ret; | ||
703 | |||
704 | } | ||
705 | |||
706 | int | ||
707 | MHD_gtls_cipher_get_export_flag (enum MHD_GNUTLS_CipherAlgorithm algorithm) | ||
708 | { /* In bytes */ | ||
709 | size_t ret = 0; | ||
710 | GNUTLS_ALG_LOOP (ret = p->export_flag); | ||
711 | return ret; | ||
712 | |||
713 | } | ||
714 | |||
715 | |||
716 | int | ||
717 | MHD_gtls_cipher_is_ok (enum MHD_GNUTLS_CipherAlgorithm algorithm) | ||
718 | { | ||
719 | ssize_t ret = -1; | ||
720 | GNUTLS_ALG_LOOP (ret = p->id); | ||
721 | if (ret >= 0) | ||
722 | ret = 0; | ||
723 | else | ||
724 | ret = 1; | ||
725 | return ret; | ||
726 | } | ||
727 | |||
728 | /* Key EXCHANGE functions */ | ||
729 | MHD_gtls_mod_auth_st * | ||
730 | MHD_gtls_kx_auth_struct (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) | ||
731 | { | ||
732 | MHD_gtls_mod_auth_st *ret = NULL; | ||
733 | GNUTLS_KX_ALG_LOOP (ret = p->auth_struct); | ||
734 | return ret; | ||
735 | |||
736 | } | ||
737 | |||
738 | int | ||
739 | MHD_gtls_kx_priority (MHD_gtls_session_t session, | ||
740 | enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) | ||
741 | { | ||
742 | unsigned int i; | ||
743 | for (i = 0; i < session->internals.priorities.kx.num_algorithms; i++) | ||
744 | { | ||
745 | if (session->internals.priorities.kx.priority[i] == algorithm) | ||
746 | return i; | ||
747 | } | ||
748 | return -1; | ||
749 | } | ||
750 | |||
751 | |||
752 | int | ||
753 | MHD_gtls_kx_is_ok (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) | ||
754 | { | ||
755 | ssize_t ret = -1; | ||
756 | GNUTLS_KX_ALG_LOOP (ret = p->algorithm); | ||
757 | if (ret >= 0) | ||
758 | ret = 0; | ||
759 | else | ||
760 | ret = 1; | ||
761 | return ret; | ||
762 | } | ||
763 | |||
764 | int | ||
765 | MHD_gtls_kx_needs_rsa_params (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) | ||
766 | { | ||
767 | ssize_t ret = 0; | ||
768 | GNUTLS_KX_ALG_LOOP (ret = p->needs_rsa_params); | ||
769 | return ret; | ||
770 | } | ||
771 | |||
772 | int | ||
773 | MHD_gtls_kx_needs_dh_params (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) | ||
774 | { | ||
775 | ssize_t ret = 0; | ||
776 | GNUTLS_KX_ALG_LOOP (ret = p->needs_dh_params); | ||
777 | return ret; | ||
778 | } | ||
779 | |||
780 | /* Version */ | ||
781 | int | ||
782 | MHD_gtls_version_priority (MHD_gtls_session_t session, | ||
783 | enum MHD_GNUTLS_Protocol version) | ||
784 | { /* actually returns the priority */ | ||
785 | unsigned int i; | ||
786 | |||
787 | if (session->internals.priorities.protocol.priority == NULL) | ||
788 | { | ||
789 | MHD_gnutls_assert (); | ||
790 | return -1; | ||
791 | } | ||
792 | |||
793 | for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++) | ||
794 | { | ||
795 | if (session->internals.priorities.protocol.priority[i] == version) | ||
796 | return i; | ||
797 | } | ||
798 | return -1; | ||
799 | } | ||
800 | |||
801 | |||
802 | enum MHD_GNUTLS_Protocol | ||
803 | MHD_gtls_version_max (MHD_gtls_session_t session) | ||
804 | { /* returns the maximum version supported */ | ||
805 | unsigned int i, max = 0x00; | ||
806 | |||
807 | if (session->internals.priorities.protocol.priority == NULL) | ||
808 | { | ||
809 | return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; | ||
810 | } | ||
811 | else | ||
812 | for (i = 0; i < session->internals.priorities.protocol.num_algorithms; | ||
813 | i++) | ||
814 | { | ||
815 | if (session->internals.priorities.protocol.priority[i] > max) | ||
816 | max = session->internals.priorities.protocol.priority[i]; | ||
817 | } | ||
818 | |||
819 | if (max == 0x00) | ||
820 | return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; /* unknown version */ | ||
821 | |||
822 | return max; | ||
823 | } | ||
824 | |||
825 | int | ||
826 | MHD_gtls_version_get_minor (enum MHD_GNUTLS_Protocol version) | ||
827 | { | ||
828 | int ret = -1; | ||
829 | |||
830 | GNUTLS_VERSION_ALG_LOOP (ret = p->minor); | ||
831 | return ret; | ||
832 | } | ||
833 | |||
834 | enum MHD_GNUTLS_Protocol | ||
835 | MHD_gtls_version_get (int major, int minor) | ||
836 | { | ||
837 | int ret = -1; | ||
838 | |||
839 | GNUTLS_VERSION_LOOP (if ((p->major == major) && (p->minor == minor)) | ||
840 | ret = p->id) | ||
841 | ; | ||
842 | return ret; | ||
843 | } | ||
844 | |||
845 | int | ||
846 | MHD_gtls_version_get_major (enum MHD_GNUTLS_Protocol version) | ||
847 | { | ||
848 | int ret = -1; | ||
849 | |||
850 | GNUTLS_VERSION_ALG_LOOP (ret = p->major); | ||
851 | return ret; | ||
852 | } | ||
853 | |||
854 | /* Version Functions */ | ||
855 | |||
856 | int | ||
857 | MHD_gtls_version_is_supported (MHD_gtls_session_t session, | ||
858 | const enum MHD_GNUTLS_Protocol version) | ||
859 | { | ||
860 | int ret = 0; | ||
861 | |||
862 | GNUTLS_VERSION_ALG_LOOP (ret = p->supported); | ||
863 | if (ret == 0) | ||
864 | return 0; | ||
865 | |||
866 | if (MHD_gtls_version_priority (session, version) < 0) | ||
867 | return 0; /* disabled by the user */ | ||
868 | else | ||
869 | return 1; | ||
870 | } | ||
871 | |||
872 | enum MHD_GNUTLS_CredentialsType | ||
873 | MHD_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm, | ||
874 | int server) | ||
875 | { | ||
876 | enum MHD_GNUTLS_CredentialsType ret = -1; | ||
877 | if (server) | ||
878 | { | ||
879 | GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret = p->server_type) | ||
880 | ; | ||
881 | } | ||
882 | else | ||
883 | { | ||
884 | GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret = p->client_type) | ||
885 | ; | ||
886 | } | ||
887 | |||
888 | return ret; | ||
889 | } | ||
890 | |||
891 | /* Cipher Suite's functions */ | ||
892 | enum MHD_GNUTLS_CipherAlgorithm | ||
893 | MHD_gtls_cipher_suite_get_cipher_algo (const cipher_suite_st * suite) | ||
894 | { | ||
895 | int ret = 0; | ||
896 | GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->block_algorithm); | ||
897 | return ret; | ||
898 | } | ||
899 | |||
900 | enum MHD_GNUTLS_Protocol | ||
901 | MHD_gtls_cipher_suite_get_version (const cipher_suite_st * suite) | ||
902 | { | ||
903 | int ret = 0; | ||
904 | GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->version); | ||
905 | return ret; | ||
906 | } | ||
907 | |||
908 | enum MHD_GNUTLS_KeyExchangeAlgorithm | ||
909 | MHD_gtls_cipher_suite_get_kx_algo (const cipher_suite_st * suite) | ||
910 | { | ||
911 | int ret = 0; | ||
912 | |||
913 | GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->kx_algorithm); | ||
914 | return ret; | ||
915 | |||
916 | } | ||
917 | |||
918 | enum MHD_GNUTLS_HashAlgorithm | ||
919 | MHD_gtls_cipher_suite_get_mac_algo (const cipher_suite_st * suite) | ||
920 | { /* In bytes */ | ||
921 | int ret = 0; | ||
922 | GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->mac_algorithm); | ||
923 | return ret; | ||
924 | |||
925 | } | ||
926 | |||
927 | const char * | ||
928 | MHD_gtls_cipher_suite_get_name (cipher_suite_st * suite) | ||
929 | { | ||
930 | const char *ret = NULL; | ||
931 | |||
932 | /* avoid prefix */ | ||
933 | GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_") - 1); | ||
934 | |||
935 | return ret; | ||
936 | } | ||
937 | |||
938 | static inline int | ||
939 | MHD__gnutls_cipher_suite_is_ok (cipher_suite_st * suite) | ||
940 | { | ||
941 | size_t ret; | ||
942 | const char *name = NULL; | ||
943 | |||
944 | GNUTLS_CIPHER_SUITE_ALG_LOOP (name = p->name); | ||
945 | if (name != NULL) | ||
946 | ret = 0; | ||
947 | else | ||
948 | ret = 1; | ||
949 | return ret; | ||
950 | |||
951 | } | ||
952 | |||
953 | #define SWAP(x, y) memcpy(tmp,x,size); \ | ||
954 | memcpy(x,y,size); \ | ||
955 | memcpy(y,tmp,size); | ||
956 | |||
957 | #define MAX_ELEM_SIZE 4 | ||
958 | static inline int | ||
959 | MHD__gnutls_partition (MHD_gtls_session_t session, | ||
960 | void *_base, | ||
961 | size_t nmemb, | ||
962 | size_t size, | ||
963 | int (*compar) (MHD_gtls_session_t, | ||
964 | const void *, const void *)) | ||
965 | { | ||
966 | uint8_t *base = _base; | ||
967 | uint8_t tmp[MAX_ELEM_SIZE]; | ||
968 | uint8_t ptmp[MAX_ELEM_SIZE]; | ||
969 | unsigned int pivot; | ||
970 | unsigned int i, j; | ||
971 | unsigned int full; | ||
972 | |||
973 | i = pivot = 0; | ||
974 | j = full = (nmemb - 1) * size; | ||
975 | |||
976 | memcpy (ptmp, &base[0], size); /* set pivot item */ | ||
977 | |||
978 | while (i < j) | ||
979 | { | ||
980 | while ((compar (session, &base[i], ptmp) <= 0) && (i < full)) | ||
981 | { | ||
982 | i += size; | ||
983 | } | ||
984 | while ((compar (session, &base[j], ptmp) >= 0) && (j > 0)) | ||
985 | j -= size; | ||
986 | |||
987 | if (i < j) | ||
988 | { | ||
989 | SWAP (&base[j], &base[i]); | ||
990 | } | ||
991 | } | ||
992 | |||
993 | if (j > pivot) | ||
994 | { | ||
995 | SWAP (&base[pivot], &base[j]); | ||
996 | pivot = j; | ||
997 | } | ||
998 | else if (i < pivot) | ||
999 | { | ||
1000 | SWAP (&base[pivot], &base[i]); | ||
1001 | pivot = i; | ||
1002 | } | ||
1003 | return pivot / size; | ||
1004 | } | ||
1005 | |||
1006 | static void | ||
1007 | MHD__gnutls_qsort (MHD_gtls_session_t session, | ||
1008 | void *_base, | ||
1009 | size_t nmemb, | ||
1010 | size_t size, | ||
1011 | int (*compar) (MHD_gtls_session_t, const void *, | ||
1012 | const void *)) | ||
1013 | { | ||
1014 | unsigned int pivot; | ||
1015 | char *base = _base; | ||
1016 | size_t snmemb = nmemb; | ||
1017 | |||
1018 | if (snmemb <= 1) | ||
1019 | return; | ||
1020 | pivot = MHD__gnutls_partition (session, _base, nmemb, size, compar); | ||
1021 | |||
1022 | MHD__gnutls_qsort (session, base, pivot < nmemb ? pivot + 1 | ||
1023 | : pivot, size, compar); | ||
1024 | MHD__gnutls_qsort (session, &base[(pivot + 1) * size], nmemb - pivot - 1, | ||
1025 | size, compar); | ||
1026 | } | ||
1027 | |||
1028 | /* a compare function for KX algorithms (using priorities). | ||
1029 | * For use with qsort | ||
1030 | */ | ||
1031 | static int | ||
1032 | MHD__gnutls_compare_algo (MHD_gtls_session_t session, | ||
1033 | const void *i_A1, const void *i_A2) | ||
1034 | { | ||
1035 | enum MHD_GNUTLS_KeyExchangeAlgorithm kA1 = | ||
1036 | MHD_gtls_cipher_suite_get_kx_algo ((const cipher_suite_st *) i_A1); | ||
1037 | enum MHD_GNUTLS_KeyExchangeAlgorithm kA2 = | ||
1038 | MHD_gtls_cipher_suite_get_kx_algo ((const cipher_suite_st *) i_A2); | ||
1039 | enum MHD_GNUTLS_CipherAlgorithm cA1 = | ||
1040 | MHD_gtls_cipher_suite_get_cipher_algo ((const cipher_suite_st *) i_A1); | ||
1041 | enum MHD_GNUTLS_CipherAlgorithm cA2 = | ||
1042 | MHD_gtls_cipher_suite_get_cipher_algo ((const cipher_suite_st *) i_A2); | ||
1043 | enum MHD_GNUTLS_HashAlgorithm mA1 = | ||
1044 | MHD_gtls_cipher_suite_get_mac_algo ((const cipher_suite_st *) i_A1); | ||
1045 | enum MHD_GNUTLS_HashAlgorithm mA2 = | ||
1046 | MHD_gtls_cipher_suite_get_mac_algo ((const cipher_suite_st *) i_A2); | ||
1047 | |||
1048 | int p1 = (MHD_gtls_kx_priority (session, kA1) + 1) * 64; | ||
1049 | int p2 = (MHD_gtls_kx_priority (session, kA2) + 1) * 64; | ||
1050 | p1 += (MHD_gtls_cipher_priority (session, cA1) + 1) * 8; | ||
1051 | p2 += (MHD_gtls_cipher_priority (session, cA2) + 1) * 8; | ||
1052 | p1 += MHD_gtls_mac_priority (session, mA1); | ||
1053 | p2 += MHD_gtls_mac_priority (session, mA2); | ||
1054 | |||
1055 | if (p1 > p2) | ||
1056 | { | ||
1057 | return 1; | ||
1058 | } | ||
1059 | else | ||
1060 | { | ||
1061 | if (p1 == p2) | ||
1062 | { | ||
1063 | return 0; | ||
1064 | } | ||
1065 | return -1; | ||
1066 | } | ||
1067 | } | ||
1068 | |||
1069 | int | ||
1070 | MHD_gtls_supported_ciphersuites_sorted (MHD_gtls_session_t session, | ||
1071 | cipher_suite_st ** ciphers) | ||
1072 | { | ||
1073 | |||
1074 | int count; | ||
1075 | |||
1076 | count = MHD_gtls_supported_ciphersuites (session, ciphers); | ||
1077 | if (count <= 0) | ||
1078 | { | ||
1079 | MHD_gnutls_assert (); | ||
1080 | return count; | ||
1081 | } | ||
1082 | MHD__gnutls_qsort (session, *ciphers, count, sizeof (cipher_suite_st), | ||
1083 | MHD__gnutls_compare_algo); | ||
1084 | |||
1085 | return count; | ||
1086 | } | ||
1087 | |||
1088 | int | ||
1089 | MHD_gtls_supported_ciphersuites (MHD_gtls_session_t session, | ||
1090 | cipher_suite_st ** _ciphers) | ||
1091 | { | ||
1092 | |||
1093 | unsigned int i, ret_count, j; | ||
1094 | unsigned int count = CIPHER_SUITES_COUNT; | ||
1095 | cipher_suite_st *tmp_ciphers; | ||
1096 | cipher_suite_st *ciphers; | ||
1097 | enum MHD_GNUTLS_Protocol version; | ||
1098 | |||
1099 | if (count == 0) | ||
1100 | { | ||
1101 | return 0; | ||
1102 | } | ||
1103 | |||
1104 | tmp_ciphers = MHD_gnutls_alloca (count * sizeof (cipher_suite_st)); | ||
1105 | if (tmp_ciphers == NULL) | ||
1106 | return GNUTLS_E_MEMORY_ERROR; | ||
1107 | |||
1108 | ciphers = MHD_gnutls_malloc (count * sizeof (cipher_suite_st)); | ||
1109 | if (ciphers == NULL) | ||
1110 | { | ||
1111 | MHD_gnutls_afree (tmp_ciphers); | ||
1112 | return GNUTLS_E_MEMORY_ERROR; | ||
1113 | } | ||
1114 | |||
1115 | version = MHD__gnutls_protocol_get_version (session); | ||
1116 | |||
1117 | for (i = 0; i < count; i++) | ||
1118 | { | ||
1119 | memcpy (&tmp_ciphers[i], &MHD_gtls_cs_algorithms[i].id, | ||
1120 | sizeof (cipher_suite_st)); | ||
1121 | } | ||
1122 | |||
1123 | for (i = j = 0; i < count; i++) | ||
1124 | { | ||
1125 | /* remove private cipher suites, if requested. | ||
1126 | */ | ||
1127 | if (tmp_ciphers[i].suite[0] == 0xFF) | ||
1128 | continue; | ||
1129 | |||
1130 | /* remove cipher suites which do not support the | ||
1131 | * protocol version used. | ||
1132 | */ | ||
1133 | if (MHD_gtls_cipher_suite_get_version (&tmp_ciphers[i]) > version) | ||
1134 | continue; | ||
1135 | |||
1136 | if (MHD_gtls_kx_priority (session, | ||
1137 | MHD_gtls_cipher_suite_get_kx_algo | ||
1138 | (&tmp_ciphers[i])) < 0) | ||
1139 | continue; | ||
1140 | if (MHD_gtls_mac_priority (session, | ||
1141 | MHD_gtls_cipher_suite_get_mac_algo | ||
1142 | (&tmp_ciphers[i])) < 0) | ||
1143 | continue; | ||
1144 | if (MHD_gtls_cipher_priority (session, | ||
1145 | MHD_gtls_cipher_suite_get_cipher_algo | ||
1146 | (&tmp_ciphers[i])) < 0) | ||
1147 | continue; | ||
1148 | |||
1149 | memcpy (&ciphers[j], &tmp_ciphers[i], sizeof (cipher_suite_st)); | ||
1150 | j++; | ||
1151 | } | ||
1152 | |||
1153 | ret_count = j; | ||
1154 | |||
1155 | MHD_gnutls_afree (tmp_ciphers); | ||
1156 | |||
1157 | /* This function can no longer return 0 cipher suites. | ||
1158 | * It returns an error code instead. | ||
1159 | */ | ||
1160 | if (ret_count == 0) | ||
1161 | { | ||
1162 | MHD_gnutls_assert (); | ||
1163 | MHD_gnutls_free (ciphers); | ||
1164 | return GNUTLS_E_NO_CIPHER_SUITES; | ||
1165 | } | ||
1166 | *_ciphers = ciphers; | ||
1167 | return ret_count; | ||
1168 | } | ||
1169 | |||
1170 | /* For compression */ | ||
1171 | |||
1172 | #define MIN_PRIVATE_COMP_ALGO 0xEF | ||
1173 | |||
1174 | /* returns the TLS numbers of the compression methods we support | ||
1175 | */ | ||
1176 | #define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.num_algorithms | ||
1177 | int | ||
1178 | MHD_gtls_supported_compression_methods (MHD_gtls_session_t session, | ||
1179 | uint8_t ** comp) | ||
1180 | { | ||
1181 | unsigned int i, j; | ||
1182 | |||
1183 | *comp = | ||
1184 | MHD_gnutls_malloc (sizeof (uint8_t) * SUPPORTED_COMPRESSION_METHODS); | ||
1185 | if (*comp == NULL) | ||
1186 | return GNUTLS_E_MEMORY_ERROR; | ||
1187 | |||
1188 | for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) | ||
1189 | { | ||
1190 | int tmp = | ||
1191 | MHD_gtls_compression_get_num (session->internals.priorities. | ||
1192 | compression.priority[i]); | ||
1193 | |||
1194 | /* remove private compression algorithms, if requested. | ||
1195 | */ | ||
1196 | if (tmp == -1 || (tmp >= MIN_PRIVATE_COMP_ALGO)) | ||
1197 | { | ||
1198 | MHD_gnutls_assert (); | ||
1199 | continue; | ||
1200 | } | ||
1201 | |||
1202 | (*comp)[j] = (uint8_t) tmp; | ||
1203 | j++; | ||
1204 | } | ||
1205 | |||
1206 | if (j == 0) | ||
1207 | { | ||
1208 | MHD_gnutls_assert (); | ||
1209 | MHD_gnutls_free (*comp); | ||
1210 | *comp = NULL; | ||
1211 | return GNUTLS_E_NO_COMPRESSION_ALGORITHMS; | ||
1212 | } | ||
1213 | return j; | ||
1214 | } | ||
1215 | |||
1216 | static const enum MHD_GNUTLS_CertificateType | ||
1217 | MHD_gtls_supported_certificate_types[] = | ||
1218 | { MHD_GNUTLS_CRT_X509, | ||
1219 | 0 | ||
1220 | }; | ||
1221 | |||
1222 | |||
1223 | /* returns the enum MHD_GNUTLS_PublicKeyAlgorithm which is compatible with | ||
1224 | * the given enum MHD_GNUTLS_KeyExchangeAlgorithm. | ||
1225 | */ | ||
1226 | enum MHD_GNUTLS_PublicKeyAlgorithm | ||
1227 | MHD_gtls_map_pk_get_pk (enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm) | ||
1228 | { | ||
1229 | enum MHD_GNUTLS_PublicKeyAlgorithm ret = -1; | ||
1230 | |||
1231 | GNUTLS_PK_MAP_ALG_LOOP (ret = p->pk_algorithm) return ret; | ||
1232 | } | ||
1233 | |||
1234 | /* Returns the encipher type for the given key exchange algorithm. | ||
1235 | * That one of CIPHER_ENCRYPT, CIPHER_SIGN, CIPHER_IGN. | ||
1236 | * | ||
1237 | * ex. GNUTLS_KX_RSA requires a certificate able to encrypt... so returns CIPHER_ENCRYPT. | ||
1238 | */ | ||
1239 | enum encipher_type | ||
1240 | MHD_gtls_kx_encipher_type (enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm) | ||
1241 | { | ||
1242 | int ret = CIPHER_IGN; | ||
1243 | GNUTLS_PK_MAP_ALG_LOOP (ret = p->encipher_type) return ret; | ||
1244 | |||
1245 | } | ||
1246 | |||
1247 | /* signature algorithms; | ||
1248 | */ | ||
1249 | struct MHD_gnutls_sign_entry | ||
1250 | { | ||
1251 | const char *name; | ||
1252 | const char *oid; | ||
1253 | MHD_gnutls_sign_algorithm_t id; | ||
1254 | enum MHD_GNUTLS_PublicKeyAlgorithm pk; | ||
1255 | enum MHD_GNUTLS_HashAlgorithm mac; | ||
1256 | }; | ||
1257 | typedef struct MHD_gnutls_sign_entry MHD_gnutls_sign_entry; | ||
1258 | |||
1259 | static const MHD_gnutls_sign_entry MHD_gtls_sign_algorithms[] = { | ||
1260 | {"RSA-SHA", | ||
1261 | SIG_RSA_SHA1_OID, | ||
1262 | GNUTLS_SIGN_RSA_SHA1, | ||
1263 | MHD_GNUTLS_PK_RSA, | ||
1264 | MHD_GNUTLS_MAC_SHA1}, | ||
1265 | {"RSA-SHA256", | ||
1266 | SIG_RSA_SHA256_OID, | ||
1267 | GNUTLS_SIGN_RSA_SHA256, | ||
1268 | MHD_GNUTLS_PK_RSA, | ||
1269 | MHD_GNUTLS_MAC_SHA256}, | ||
1270 | {"RSA-MD5", | ||
1271 | SIG_RSA_MD5_OID, | ||
1272 | GNUTLS_SIGN_RSA_MD5, | ||
1273 | MHD_GNUTLS_PK_RSA, | ||
1274 | MHD_GNUTLS_MAC_MD5}, | ||
1275 | {"GOST R 34.10-2001", | ||
1276 | SIG_GOST_R3410_2001_OID, | ||
1277 | 0, | ||
1278 | 0, | ||
1279 | 0}, | ||
1280 | {"GOST R 34.10-94", | ||
1281 | SIG_GOST_R3410_94_OID, | ||
1282 | 0, | ||
1283 | 0, | ||
1284 | 0}, | ||
1285 | {0, | ||
1286 | 0, | ||
1287 | 0, | ||
1288 | 0, | ||
1289 | 0} | ||
1290 | }; | ||
1291 | |||
1292 | #define GNUTLS_SIGN_LOOP(b) \ | ||
1293 | do { \ | ||
1294 | const MHD_gnutls_sign_entry *p; \ | ||
1295 | for(p = MHD_gtls_sign_algorithms; p->name != NULL; p++) { b ; } \ | ||
1296 | } while (0) | ||
1297 | |||
1298 | #define GNUTLS_SIGN_ALG_LOOP(a) \ | ||
1299 | GNUTLS_SIGN_LOOP( if(p->id && p->id == sign) { a; break; } ) | ||
1300 | |||
1301 | /* pk algorithms; | ||
1302 | */ | ||
1303 | struct MHD_gnutls_pk_entry | ||
1304 | { | ||
1305 | const char *name; | ||
1306 | const char *oid; | ||
1307 | enum MHD_GNUTLS_PublicKeyAlgorithm id; | ||
1308 | }; | ||
1309 | typedef struct MHD_gnutls_pk_entry MHD_gnutls_pk_entry; | ||
1310 | |||
1311 | static const MHD_gnutls_pk_entry MHD_gtls_pk_algorithms[] = { | ||
1312 | {"RSA", | ||
1313 | PK_PKIX1_RSA_OID, | ||
1314 | MHD_GNUTLS_PK_RSA}, | ||
1315 | {"GOST R 34.10-2001", | ||
1316 | PK_GOST_R3410_2001_OID, | ||
1317 | 0}, | ||
1318 | {"GOST R 34.10-94", | ||
1319 | PK_GOST_R3410_94_OID, | ||
1320 | 0}, | ||
1321 | {0, | ||
1322 | 0, | ||
1323 | 0} | ||
1324 | }; | ||
1325 | |||
1326 | enum MHD_GNUTLS_PublicKeyAlgorithm | ||
1327 | MHD_gtls_x509_oid2pk_algorithm (const char *oid) | ||
1328 | { | ||
1329 | enum MHD_GNUTLS_PublicKeyAlgorithm ret = MHD_GNUTLS_PK_UNKNOWN; | ||
1330 | const MHD_gnutls_pk_entry *p; | ||
1331 | |||
1332 | for (p = MHD_gtls_pk_algorithms; p->name != NULL; p++) | ||
1333 | if (strcmp (p->oid, oid) == 0) | ||
1334 | { | ||
1335 | ret = p->id; | ||
1336 | break; | ||
1337 | } | ||
1338 | |||
1339 | return ret; | ||
1340 | } | ||
diff --git a/src/daemon/https/tls/gnutls_algorithms.h b/src/daemon/https/tls/gnutls_algorithms.h deleted file mode 100644 index 6a4021c7..00000000 --- a/src/daemon/https/tls/gnutls_algorithms.h +++ /dev/null | |||
@@ -1,148 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef ALGORITHMS_H | ||
26 | #define ALGORITHMS_H | ||
27 | |||
28 | #include "gnutls_auth.h" | ||
29 | |||
30 | /* Functions for version handling. */ | ||
31 | enum MHD_GNUTLS_Protocol MHD_gtls_version_max (MHD_gtls_session_t session); | ||
32 | int MHD_gtls_version_priority (MHD_gtls_session_t session, | ||
33 | enum MHD_GNUTLS_Protocol version); | ||
34 | int MHD_gtls_version_is_supported (MHD_gtls_session_t session, | ||
35 | const enum MHD_GNUTLS_Protocol version); | ||
36 | int MHD_gtls_version_get_major (enum MHD_GNUTLS_Protocol ver); | ||
37 | int MHD_gtls_version_get_minor (enum MHD_GNUTLS_Protocol ver); | ||
38 | enum MHD_GNUTLS_Protocol MHD_gtls_version_get (int major, int minor); | ||
39 | |||
40 | /* Functions for MACs. */ | ||
41 | int MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm); | ||
42 | /* Functions for cipher suites. */ | ||
43 | int MHD_gtls_supported_ciphersuites (MHD_gtls_session_t session, | ||
44 | cipher_suite_st ** ciphers); | ||
45 | int MHD_gtls_supported_ciphersuites_sorted (MHD_gtls_session_t session, | ||
46 | cipher_suite_st ** ciphers); | ||
47 | int MHD_gtls_supported_compression_methods (MHD_gtls_session_t session, | ||
48 | uint8_t ** comp); | ||
49 | const char *MHD_gtls_cipher_suite_get_name (cipher_suite_st * algorithm); | ||
50 | enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_suite_get_cipher_algo (const | ||
51 | cipher_suite_st | ||
52 | * | ||
53 | algorithm); | ||
54 | enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_cipher_suite_get_kx_algo (const | ||
55 | cipher_suite_st | ||
56 | * | ||
57 | algorithm); | ||
58 | enum MHD_GNUTLS_HashAlgorithm MHD_gtls_cipher_suite_get_mac_algo (const | ||
59 | cipher_suite_st | ||
60 | * | ||
61 | algorithm); | ||
62 | enum MHD_GNUTLS_Protocol MHD_gtls_cipher_suite_get_version (const | ||
63 | cipher_suite_st * | ||
64 | algorithm); | ||
65 | cipher_suite_st MHD_gtls_cipher_suite_get_suite_name (cipher_suite_st * | ||
66 | algorithm); | ||
67 | |||
68 | /* Functions for ciphers. */ | ||
69 | int MHD_gtls_cipher_get_block_size (enum MHD_GNUTLS_CipherAlgorithm | ||
70 | algorithm); | ||
71 | int MHD_gtls_cipher_is_block (enum MHD_GNUTLS_CipherAlgorithm algorithm); | ||
72 | int MHD_gtls_cipher_is_ok (enum MHD_GNUTLS_CipherAlgorithm algorithm); | ||
73 | int MHD_gtls_cipher_get_iv_size (enum MHD_GNUTLS_CipherAlgorithm algorithm); | ||
74 | int MHD_gtls_cipher_get_export_flag (enum MHD_GNUTLS_CipherAlgorithm | ||
75 | algorithm); | ||
76 | |||
77 | /* Functions for key exchange. */ | ||
78 | int MHD_gtls_kx_needs_dh_params (enum MHD_GNUTLS_KeyExchangeAlgorithm | ||
79 | algorithm); | ||
80 | int MHD_gtls_kx_needs_rsa_params (enum MHD_GNUTLS_KeyExchangeAlgorithm | ||
81 | algorithm); | ||
82 | MHD_gtls_mod_auth_st *MHD_gtls_kx_auth_struct (enum | ||
83 | MHD_GNUTLS_KeyExchangeAlgorithm | ||
84 | algorithm); | ||
85 | int MHD_gtls_kx_is_ok (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); | ||
86 | |||
87 | /* Functions for compression. */ | ||
88 | int MHD_gtls_compression_is_ok (enum MHD_GNUTLS_CompressionMethod algorithm); | ||
89 | int MHD_gtls_compression_get_num (enum MHD_GNUTLS_CompressionMethod | ||
90 | algorithm); | ||
91 | enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get_id_from_int (int | ||
92 | num); | ||
93 | int MHD_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod | ||
94 | algorithm); | ||
95 | int MHD_gtls_compression_get_comp_level (enum MHD_GNUTLS_CompressionMethod | ||
96 | algorithm); | ||
97 | int MHD_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod | ||
98 | algorithm); | ||
99 | |||
100 | /* Type to KX mappings. */ | ||
101 | enum MHD_GNUTLS_CredentialsType MHD_gtls_map_kx_get_cred (enum | ||
102 | MHD_GNUTLS_KeyExchangeAlgorithm | ||
103 | algorithm, | ||
104 | int server); | ||
105 | |||
106 | /* KX to PK mapping. */ | ||
107 | enum MHD_GNUTLS_PublicKeyAlgorithm MHD_gtls_map_pk_get_pk (enum | ||
108 | MHD_GNUTLS_KeyExchangeAlgorithm | ||
109 | kx_algorithm); | ||
110 | enum MHD_GNUTLS_PublicKeyAlgorithm MHD_gtls_x509_oid2pk_algorithm (const char | ||
111 | *oid); | ||
112 | enum encipher_type | ||
113 | { CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN }; | ||
114 | |||
115 | enum encipher_type MHD_gtls_kx_encipher_type (enum | ||
116 | MHD_GNUTLS_KeyExchangeAlgorithm | ||
117 | algorithm); | ||
118 | |||
119 | struct MHD_gtls_compression_entry | ||
120 | { | ||
121 | const char *name; | ||
122 | enum MHD_GNUTLS_CompressionMethod id; | ||
123 | int num; /* the number reserved in TLS for the specific compression method */ | ||
124 | |||
125 | /* used in zlib compressor */ | ||
126 | int window_bits; | ||
127 | int mem_level; | ||
128 | int comp_level; | ||
129 | }; | ||
130 | typedef struct MHD_gtls_compression_entry MHD_gnutls_compression_entry; | ||
131 | |||
132 | /* Functions for sign algorithms. */ | ||
133 | |||
134 | int MHD_gtls_mac_priority (MHD_gtls_session_t session, | ||
135 | enum MHD_GNUTLS_HashAlgorithm algorithm); | ||
136 | int MHD_gtls_cipher_priority (MHD_gtls_session_t session, | ||
137 | enum MHD_GNUTLS_CipherAlgorithm algorithm); | ||
138 | int MHD_gtls_kx_priority (MHD_gtls_session_t session, | ||
139 | enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); | ||
140 | |||
141 | enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name); | ||
142 | enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name); | ||
143 | enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char *name); | ||
144 | enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char *name); | ||
145 | enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char | ||
146 | *name); | ||
147 | |||
148 | #endif | ||
diff --git a/src/daemon/https/tls/gnutls_asn1_tab.c b/src/daemon/https/tls/gnutls_asn1_tab.c deleted file mode 100644 index 9b511521..00000000 --- a/src/daemon/https/tls/gnutls_asn1_tab.c +++ /dev/null | |||
@@ -1,63 +0,0 @@ | |||
1 | #if HAVE_CONFIG_H | ||
2 | #include "MHD_config.h" | ||
3 | #endif | ||
4 | |||
5 | #include <libtasn1.h> | ||
6 | |||
7 | const ASN1_ARRAY_TYPE MHD_gnutlsMHD__asn1_tab[] = { | ||
8 | {"GNUTLS", 536872976, 0}, | ||
9 | {0, 1073741836, 0}, | ||
10 | {"RSAPublicKey", 1610612741, 0}, | ||
11 | {"modulus", 1073741827, 0}, | ||
12 | {"publicExponent", 3, 0}, | ||
13 | {"RSAPrivateKey", 1610612741, 0}, | ||
14 | {"version", 1073741826, "Version"}, | ||
15 | {"modulus", 1073741827, 0}, | ||
16 | {"publicExponent", 1073741827, 0}, | ||
17 | {"privateExponent", 1073741827, 0}, | ||
18 | {"prime1", 1073741827, 0}, | ||
19 | {"prime2", 1073741827, 0}, | ||
20 | {"exponent1", 1073741827, 0}, | ||
21 | {"exponent2", 1073741827, 0}, | ||
22 | {"coefficient", 1073741827, 0}, | ||
23 | {"otherPrimeInfos", 16386, "OtherPrimeInfos"}, | ||
24 | {"Version", 1610874883, 0}, | ||
25 | {"two-prime", 1073741825, "0"}, | ||
26 | {"multi", 1, "1"}, | ||
27 | {"OtherPrimeInfos", 1612709899, 0}, | ||
28 | {"MAX", 1074266122, "1"}, | ||
29 | {0, 2, "OtherPrimeInfo"}, | ||
30 | {"OtherPrimeInfo", 1610612741, 0}, | ||
31 | {"prime", 1073741827, 0}, | ||
32 | {"exponent", 1073741827, 0}, | ||
33 | {"coefficient", 3, 0}, | ||
34 | {"AlgorithmIdentifier", 1610612741, 0}, | ||
35 | {"algorithm", 1073741836, 0}, | ||
36 | {"parameters", 541081613, 0}, | ||
37 | {"algorithm", 1, 0}, | ||
38 | {"DigestInfo", 1610612741, 0}, | ||
39 | {"digestAlgorithm", 1073741826, "DigestAlgorithmIdentifier"}, | ||
40 | {"digest", 2, "Digest"}, | ||
41 | {"DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, | ||
42 | {"Digest", 1073741831, 0}, | ||
43 | {"DSAPublicKey", 1073741827, 0}, | ||
44 | {"DSAParameters", 1610612741, 0}, | ||
45 | {"p", 1073741827, 0}, | ||
46 | {"q", 1073741827, 0}, | ||
47 | {"g", 3, 0}, | ||
48 | {"DSASignatureValue", 1610612741, 0}, | ||
49 | {"r", 1073741827, 0}, | ||
50 | {"s", 3, 0}, | ||
51 | {"DSAPrivateKey", 1610612741, 0}, | ||
52 | {"version", 1073741827, 0}, | ||
53 | {"p", 1073741827, 0}, | ||
54 | {"q", 1073741827, 0}, | ||
55 | {"g", 1073741827, 0}, | ||
56 | {"Y", 1073741827, 0}, | ||
57 | {"priv", 3, 0}, | ||
58 | {"DHParameter", 536870917, 0}, | ||
59 | {"prime", 1073741827, 0}, | ||
60 | {"base", 1073741827, 0}, | ||
61 | {"privateValueLength", 16387, 0}, | ||
62 | {0, 0, 0} | ||
63 | }; | ||
diff --git a/src/daemon/https/tls/gnutls_auth.c b/src/daemon/https/tls/gnutls_auth.c deleted file mode 100644 index 7c820c4e..00000000 --- a/src/daemon/https/tls/gnutls_auth.c +++ /dev/null | |||
@@ -1,361 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include "gnutls_int.h" | ||
26 | #include "gnutls_errors.h" | ||
27 | #include "gnutls_auth.h" | ||
28 | #include "gnutls_auth_int.h" | ||
29 | #include "gnutls_algorithms.h" | ||
30 | #include "auth_cert.h" | ||
31 | #include <gnutls_datum.h> | ||
32 | |||
33 | /* The functions here are used in order for authentication algorithms | ||
34 | * to be able to retrieve the needed credentials eg public and private | ||
35 | * key etc. | ||
36 | */ | ||
37 | |||
38 | /** | ||
39 | * MHD__gnutls_credentials_clear - Clears all the credentials previously set | ||
40 | * @session: is a #MHD_gtls_session_t structure. | ||
41 | * | ||
42 | * Clears all the credentials previously set in this session. | ||
43 | * | ||
44 | **/ | ||
45 | void | ||
46 | MHD__gnutls_credentials_clear (MHD_gtls_session_t session) | ||
47 | { | ||
48 | if (session->key && session->key->cred) | ||
49 | { /* beginning of the list */ | ||
50 | auth_cred_st *ccred, *ncred; | ||
51 | ccred = session->key->cred; | ||
52 | while (ccred != NULL) | ||
53 | { | ||
54 | ncred = ccred->next; | ||
55 | MHD_gnutls_free (ccred); | ||
56 | ccred = ncred; | ||
57 | } | ||
58 | session->key->cred = NULL; | ||
59 | } | ||
60 | } | ||
61 | |||
62 | /* | ||
63 | * This creates a linked list of the form: | ||
64 | * { algorithm, credentials, pointer to next } | ||
65 | */ | ||
66 | /** | ||
67 | * MHD__gnutls_credentials_set - Sets the needed credentials for the specified authentication algorithm. | ||
68 | * @session: is a #MHD_gtls_session_t structure. | ||
69 | * @type: is the type of the credentials | ||
70 | * @cred: is a pointer to a structure. | ||
71 | * | ||
72 | * Sets the needed credentials for the specified type. | ||
73 | * Eg username, password - or public and private keys etc. | ||
74 | * The (void* cred) parameter is a structure that depends on the | ||
75 | * specified type and on the current session (client or server). | ||
76 | * [ In order to minimize memory usage, and share credentials between | ||
77 | * several threads gnutls keeps a pointer to cred, and not the whole cred | ||
78 | * structure. Thus you will have to keep the structure allocated until | ||
79 | * you call MHD__gnutls_deinit(). ] | ||
80 | * | ||
81 | * For GNUTLS_CRD_SRP cred should be MHD_gnutls_srp_client_credentials_t | ||
82 | * in case of a client, and MHD_gnutls_srp_server_credentials_t, in case | ||
83 | * of a server. | ||
84 | * | ||
85 | * For GNUTLS_CRD_CERTIFICATE cred should be MHD_gtls_cert_credentials_t. | ||
86 | * | ||
87 | **/ | ||
88 | int | ||
89 | MHD__gnutls_credentials_set (MHD_gtls_session_t session, | ||
90 | enum MHD_GNUTLS_CredentialsType type, void *cred) | ||
91 | { | ||
92 | auth_cred_st *ccred = NULL, *pcred = NULL; | ||
93 | int exists = 0; | ||
94 | |||
95 | if (session->key->cred == NULL) | ||
96 | { /* beginning of the list */ | ||
97 | |||
98 | session->key->cred = MHD_gnutls_malloc (sizeof (auth_cred_st)); | ||
99 | if (session->key->cred == NULL) | ||
100 | return GNUTLS_E_MEMORY_ERROR; | ||
101 | |||
102 | /* copy credentials locally */ | ||
103 | session->key->cred->credentials = cred; | ||
104 | |||
105 | session->key->cred->next = NULL; | ||
106 | session->key->cred->algorithm = type; | ||
107 | } | ||
108 | else | ||
109 | { | ||
110 | ccred = session->key->cred; | ||
111 | while (ccred != NULL) | ||
112 | { | ||
113 | if (ccred->algorithm == type) | ||
114 | { | ||
115 | exists = 1; | ||
116 | break; | ||
117 | } | ||
118 | pcred = ccred; | ||
119 | ccred = ccred->next; | ||
120 | } | ||
121 | /* After this, pcred is not null. | ||
122 | */ | ||
123 | |||
124 | if (exists == 0) | ||
125 | { /* new entry */ | ||
126 | pcred->next = MHD_gnutls_malloc (sizeof (auth_cred_st)); | ||
127 | if (pcred->next == NULL) | ||
128 | return GNUTLS_E_MEMORY_ERROR; | ||
129 | |||
130 | ccred = pcred->next; | ||
131 | |||
132 | /* copy credentials locally */ | ||
133 | ccred->credentials = cred; | ||
134 | |||
135 | ccred->next = NULL; | ||
136 | ccred->algorithm = type; | ||
137 | } | ||
138 | else | ||
139 | { /* modify existing entry */ | ||
140 | MHD_gnutls_free (ccred->credentials); | ||
141 | ccred->credentials = cred; | ||
142 | } | ||
143 | } | ||
144 | |||
145 | return 0; | ||
146 | } | ||
147 | |||
148 | /** | ||
149 | * MHD_gtls_auth_get_type - Returns the type of credentials for the current authentication schema. | ||
150 | * @session: is a #MHD_gtls_session_t structure. | ||
151 | * | ||
152 | * Returns type of credentials for the current authentication schema. | ||
153 | * The returned information is to be used to distinguish the function used | ||
154 | * to access authentication data. | ||
155 | * | ||
156 | * Eg. for CERTIFICATE ciphersuites (key exchange algorithms: KX_RSA, KX_DHE_RSA), | ||
157 | * the same function are to be used to access the authentication data. | ||
158 | **/ | ||
159 | enum MHD_GNUTLS_CredentialsType | ||
160 | MHD_gtls_auth_get_type (MHD_gtls_session_t session) | ||
161 | { | ||
162 | /* This is not the credentials we must set, but the authentication data | ||
163 | * we get by the peer, so it should be reversed. | ||
164 | */ | ||
165 | int server = session->security_parameters.entity == GNUTLS_SERVER ? 0 : 1; | ||
166 | |||
167 | return | ||
168 | MHD_gtls_map_kx_get_cred (MHD_gtls_cipher_suite_get_kx_algo | ||
169 | (&session->security_parameters. | ||
170 | current_cipher_suite), server); | ||
171 | } | ||
172 | |||
173 | /* | ||
174 | * This returns a pointer to the linked list. Don't | ||
175 | * free that!!! | ||
176 | */ | ||
177 | const void * | ||
178 | MHD_gtls_get_kx_cred (MHD_gtls_session_t session, | ||
179 | enum MHD_GNUTLS_KeyExchangeAlgorithm algo, int *err) | ||
180 | { | ||
181 | int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0; | ||
182 | |||
183 | return MHD_gtls_get_cred (session->key, | ||
184 | MHD_gtls_map_kx_get_cred (algo, server), err); | ||
185 | } | ||
186 | |||
187 | const void * | ||
188 | MHD_gtls_get_cred (MHD_gtls_key_st key, enum MHD_GNUTLS_CredentialsType type, | ||
189 | int *err) | ||
190 | { | ||
191 | const void *retval = NULL; | ||
192 | int _err = -1; | ||
193 | auth_cred_st *ccred; | ||
194 | |||
195 | if (key == NULL) | ||
196 | goto out; | ||
197 | |||
198 | ccred = key->cred; | ||
199 | while (ccred != NULL) | ||
200 | { | ||
201 | if (ccred->algorithm == type) | ||
202 | { | ||
203 | break; | ||
204 | } | ||
205 | ccred = ccred->next; | ||
206 | } | ||
207 | if (ccred == NULL) | ||
208 | goto out; | ||
209 | |||
210 | _err = 0; | ||
211 | retval = ccred->credentials; | ||
212 | |||
213 | out: | ||
214 | if (err != NULL) | ||
215 | *err = _err; | ||
216 | return retval; | ||
217 | } | ||
218 | |||
219 | /*- | ||
220 | * MHD_gtls_get_auth_info - Returns a pointer to authentication information. | ||
221 | * @session: is a #MHD_gtls_session_t structure. | ||
222 | * | ||
223 | * This function must be called after a succesful MHD__gnutls_handshake(). | ||
224 | * Returns a pointer to authentication information. That information | ||
225 | * is data obtained by the handshake protocol, the key exchange algorithm, | ||
226 | * and the TLS extensions messages. | ||
227 | * | ||
228 | * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t; | ||
229 | * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t; | ||
230 | -*/ | ||
231 | void * | ||
232 | MHD_gtls_get_auth_info (MHD_gtls_session_t session) | ||
233 | { | ||
234 | return session->key->auth_info; | ||
235 | } | ||
236 | |||
237 | /*- | ||
238 | * MHD_gtls_free_auth_info - Frees the auth info structure | ||
239 | * @session: is a #MHD_gtls_session_t structure. | ||
240 | * | ||
241 | * This function frees the auth info structure and sets it to | ||
242 | * null. It must be called since some structures contain malloced | ||
243 | * elements. | ||
244 | -*/ | ||
245 | void | ||
246 | MHD_gtls_free_auth_info (MHD_gtls_session_t session) | ||
247 | { | ||
248 | MHD_gtls_dh_info_st *dh_info; | ||
249 | rsa_info_st *rsa_info; | ||
250 | |||
251 | if (session == NULL || session->key == NULL) | ||
252 | { | ||
253 | MHD_gnutls_assert (); | ||
254 | return; | ||
255 | } | ||
256 | |||
257 | switch (session->key->auth_info_type) | ||
258 | { | ||
259 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
260 | { | ||
261 | unsigned int i; | ||
262 | cert_auth_info_t info = MHD_gtls_get_auth_info (session); | ||
263 | |||
264 | if (info == NULL) | ||
265 | break; | ||
266 | |||
267 | dh_info = &info->dh; | ||
268 | rsa_info = &info->rsa_export; | ||
269 | for (i = 0; i < info->ncerts; i++) | ||
270 | { | ||
271 | MHD__gnutls_free_datum (&info->raw_certificate_list[i]); | ||
272 | } | ||
273 | |||
274 | MHD_gnutls_free (info->raw_certificate_list); | ||
275 | info->raw_certificate_list = NULL; | ||
276 | info->ncerts = 0; | ||
277 | |||
278 | MHD_gtls_free_dh_info (dh_info); | ||
279 | MHD_gtls_free_rsa_info (rsa_info); | ||
280 | } | ||
281 | |||
282 | |||
283 | break; | ||
284 | default: | ||
285 | return; | ||
286 | |||
287 | } | ||
288 | |||
289 | MHD_gnutls_free (session->key->auth_info); | ||
290 | session->key->auth_info = NULL; | ||
291 | session->key->auth_info_size = 0; | ||
292 | session->key->auth_info_type = 0; | ||
293 | |||
294 | } | ||
295 | |||
296 | /* This function will set the auth info structure in the key | ||
297 | * structure. | ||
298 | * If allow change is !=0 then this will allow changing the auth | ||
299 | * info structure to a different type. | ||
300 | */ | ||
301 | int | ||
302 | MHD_gtls_auth_info_set (MHD_gtls_session_t session, | ||
303 | enum MHD_GNUTLS_CredentialsType type, int size, | ||
304 | int allow_change) | ||
305 | { | ||
306 | if (session->key->auth_info == NULL) | ||
307 | { | ||
308 | session->key->auth_info = MHD_gnutls_calloc (1, size); | ||
309 | if (session->key->auth_info == NULL) | ||
310 | { | ||
311 | MHD_gnutls_assert (); | ||
312 | return GNUTLS_E_MEMORY_ERROR; | ||
313 | } | ||
314 | session->key->auth_info_type = type; | ||
315 | session->key->auth_info_size = size; | ||
316 | } | ||
317 | else | ||
318 | { | ||
319 | if (allow_change == 0) | ||
320 | { | ||
321 | /* If the credentials for the current authentication scheme, | ||
322 | * are not the one we want to set, then it's an error. | ||
323 | * This may happen if a rehandshake is performed an the | ||
324 | * ciphersuite which is negotiated has different authentication | ||
325 | * schema. | ||
326 | */ | ||
327 | if (MHD_gtls_auth_get_type (session) != | ||
328 | session->key->auth_info_type) | ||
329 | { | ||
330 | MHD_gnutls_assert (); | ||
331 | return GNUTLS_E_INVALID_REQUEST; | ||
332 | } | ||
333 | } | ||
334 | else | ||
335 | { | ||
336 | /* The new behaviour: Here we reallocate the auth info structure | ||
337 | * in order to be able to negotiate different authentication | ||
338 | * types. Ie. perform an auth_anon and then authenticate again using a | ||
339 | * certificate (in order to prevent revealing the certificate's contents, | ||
340 | * to passive eavesdropers. | ||
341 | */ | ||
342 | if (MHD_gtls_auth_get_type (session) != | ||
343 | session->key->auth_info_type) | ||
344 | { | ||
345 | |||
346 | MHD_gtls_free_auth_info (session); | ||
347 | |||
348 | session->key->auth_info = calloc (1, size); | ||
349 | if (session->key->auth_info == NULL) | ||
350 | { | ||
351 | MHD_gnutls_assert (); | ||
352 | return GNUTLS_E_MEMORY_ERROR; | ||
353 | } | ||
354 | |||
355 | session->key->auth_info_type = type; | ||
356 | session->key->auth_info_size = size; | ||
357 | } | ||
358 | } | ||
359 | } | ||
360 | return 0; | ||
361 | } | ||
diff --git a/src/daemon/https/tls/gnutls_auth.h b/src/daemon/https/tls/gnutls_auth.h deleted file mode 100644 index 4956268c..00000000 --- a/src/daemon/https/tls/gnutls_auth.h +++ /dev/null | |||
@@ -1,51 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef GNUTLS_AUTH_H | ||
26 | #define GNUTLS_AUTH_H | ||
27 | |||
28 | typedef struct MHD_gtls_mod_auth_st_int | ||
29 | { | ||
30 | const char *name; /* null terminated */ | ||
31 | int (*MHD_gtls_gen_server_certificate) (MHD_gtls_session_t, opaque **); | ||
32 | int (*MHD_gtls_gen_client_certificate) (MHD_gtls_session_t, opaque **); | ||
33 | int (*MHD_gtls_gen_server_kx) (MHD_gtls_session_t, opaque **); | ||
34 | int (*MHD_gtls_gen_client_kx) (MHD_gtls_session_t, opaque **); /* used in SRP */ | ||
35 | int (*MHD_gtls_gen_client_cert_vrfy) (MHD_gtls_session_t, opaque **); | ||
36 | int (*MHD_gtls_gen_server_certificate_request) (MHD_gtls_session_t, | ||
37 | opaque **); | ||
38 | |||
39 | int (*MHD_gtls_process_server_certificate) (MHD_gtls_session_t, opaque *, | ||
40 | size_t); | ||
41 | int (*MHD_gtls_process_client_certificate) (MHD_gtls_session_t, opaque *, | ||
42 | size_t); | ||
43 | int (*MHD_gtls_process_server_kx) (MHD_gtls_session_t, opaque *, size_t); | ||
44 | int (*MHD_gtls_process_client_kx) (MHD_gtls_session_t, opaque *, size_t); | ||
45 | int (*MHD_gtls_process_client_cert_vrfy) (MHD_gtls_session_t, opaque *, | ||
46 | size_t); | ||
47 | int (*MHD_gtls_process_server_certificate_request) (MHD_gtls_session_t, | ||
48 | opaque *, size_t); | ||
49 | } MHD_gtls_mod_auth_st; | ||
50 | |||
51 | #endif | ||
diff --git a/src/daemon/https/tls/gnutls_auth_int.h b/src/daemon/https/tls/gnutls_auth_int.h deleted file mode 100644 index 425dc8a3..00000000 --- a/src/daemon/https/tls/gnutls_auth_int.h +++ /dev/null | |||
@@ -1,33 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | const void *MHD_gtls_get_cred (MHD_gtls_key_st key, | ||
26 | enum MHD_GNUTLS_CredentialsType kx, int *err); | ||
27 | const void *MHD_gtls_get_kx_cred (MHD_gtls_session_t session, | ||
28 | enum MHD_GNUTLS_KeyExchangeAlgorithm algo, | ||
29 | int *err); | ||
30 | void *MHD_gtls_get_auth_info (MHD_gtls_session_t session); | ||
31 | int MHD_gtls_auth_info_set (MHD_gtls_session_t session, | ||
32 | enum MHD_GNUTLS_CredentialsType type, int size, | ||
33 | int allow_change); | ||
diff --git a/src/daemon/https/tls/gnutls_buffers.c b/src/daemon/https/tls/gnutls_buffers.c deleted file mode 100644 index c687cb23..00000000 --- a/src/daemon/https/tls/gnutls_buffers.c +++ /dev/null | |||
@@ -1,1111 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This is the only file that uses the berkeley sockets API. | ||
26 | * | ||
27 | * Also holds all the buffering code used in gnutls. | ||
28 | * The buffering code works as: | ||
29 | * | ||
30 | * RECORD LAYER: | ||
31 | * 1. uses a buffer to hold data (application/handshake), | ||
32 | * we got but they were not requested, yet. | ||
33 | * (see MHD_gnutls_record_buffer_put(), MHD_gnutls_record_buffer_get_size() etc.) | ||
34 | * | ||
35 | * 2. uses a buffer to hold data that were incomplete (ie the read/write | ||
36 | * was interrupted) | ||
37 | * (see MHD_gtls_io_read_buffered(), MHD_gtls_io_write_buffered() etc.) | ||
38 | * | ||
39 | * HANDSHAKE LAYER: | ||
40 | * 1. Uses a buffer to hold data that was not sent or received | ||
41 | * complete. (E.g. sent 10 bytes of a handshake packet that is 20 bytes | ||
42 | * long). | ||
43 | * (see MHD__gnutls_handshake_send_int(), MHD__gnutls_handshake_recv_int()) | ||
44 | * | ||
45 | * 2. Uses buffer to hold the last received handshake message. | ||
46 | * (see MHD_gtls_handshake_buffer_put() etc.) | ||
47 | * | ||
48 | */ | ||
49 | |||
50 | #include <gnutls_int.h> | ||
51 | #include <gnutls_errors.h> | ||
52 | #include <gnutls_num.h> | ||
53 | #include <gnutls_record.h> | ||
54 | #include <gnutls_buffers.h> | ||
55 | |||
56 | #include <errno.h> | ||
57 | |||
58 | #ifdef _WIN32 | ||
59 | # include <winsock2.h> | ||
60 | #endif | ||
61 | |||
62 | #ifndef EAGAIN | ||
63 | # define EAGAIN EWOULDBLOCK | ||
64 | #endif | ||
65 | |||
66 | /* Buffers received packets of type APPLICATION DATA and | ||
67 | * HANDSHAKE DATA. | ||
68 | */ | ||
69 | int | ||
70 | MHD_gnutls_record_buffer_put (content_type_t type, | ||
71 | MHD_gtls_session_t session, opaque * data, | ||
72 | size_t length) | ||
73 | { | ||
74 | MHD_gtls_buffer *buf; | ||
75 | |||
76 | if (length == 0) | ||
77 | return 0; | ||
78 | |||
79 | switch (type) | ||
80 | { | ||
81 | case GNUTLS_APPLICATION_DATA: | ||
82 | buf = &session->internals.application_data_buffer; | ||
83 | MHD__gnutls_buffers_log ("BUF[REC]: Inserted %d bytes of Data(%d)\n", | ||
84 | length, type); | ||
85 | break; | ||
86 | |||
87 | case GNUTLS_HANDSHAKE: | ||
88 | buf = &session->internals.handshake_data_buffer; | ||
89 | MHD__gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data(%d)\n", | ||
90 | length, type); | ||
91 | break; | ||
92 | |||
93 | case GNUTLS_INNER_APPLICATION: | ||
94 | buf = &session->internals.ia_data_buffer; | ||
95 | MHD__gnutls_buffers_log ("BUF[IA]: Inserted %d bytes of Data(%d)\n", | ||
96 | length, type); | ||
97 | break; | ||
98 | |||
99 | default: | ||
100 | MHD_gnutls_assert (); | ||
101 | return GNUTLS_E_INVALID_REQUEST; | ||
102 | } | ||
103 | |||
104 | if (MHD_gtls_buffer_append (buf, data, length) < 0) | ||
105 | { | ||
106 | MHD_gnutls_assert (); | ||
107 | return GNUTLS_E_MEMORY_ERROR; | ||
108 | } | ||
109 | |||
110 | return 0; | ||
111 | } | ||
112 | |||
113 | int | ||
114 | MHD_gnutls_record_buffer_get_size (content_type_t type, | ||
115 | MHD_gtls_session_t session) | ||
116 | { | ||
117 | switch (type) | ||
118 | { | ||
119 | case GNUTLS_APPLICATION_DATA: | ||
120 | return session->internals.application_data_buffer.length; | ||
121 | |||
122 | case GNUTLS_HANDSHAKE: | ||
123 | return session->internals.handshake_data_buffer.length; | ||
124 | |||
125 | case GNUTLS_INNER_APPLICATION: | ||
126 | return session->internals.ia_data_buffer.length; | ||
127 | |||
128 | default: | ||
129 | return GNUTLS_E_INVALID_REQUEST; | ||
130 | } | ||
131 | } | ||
132 | |||
133 | int | ||
134 | MHD_gtls_record_buffer_get (content_type_t type, MHD_gtls_session_t session, | ||
135 | opaque * data, size_t length) | ||
136 | { | ||
137 | if (length == 0 || data == NULL) | ||
138 | { | ||
139 | MHD_gnutls_assert (); | ||
140 | return GNUTLS_E_INVALID_REQUEST; | ||
141 | } | ||
142 | |||
143 | switch (type) | ||
144 | { | ||
145 | case GNUTLS_APPLICATION_DATA: | ||
146 | |||
147 | if (length > session->internals.application_data_buffer.length) | ||
148 | { | ||
149 | length = session->internals.application_data_buffer.length; | ||
150 | } | ||
151 | |||
152 | MHD__gnutls_buffers_log ("BUFFER[REC][AD]: Read %d bytes of Data(%d)\n", | ||
153 | length, type); | ||
154 | |||
155 | session->internals.application_data_buffer.length -= length; | ||
156 | memcpy (data, session->internals.application_data_buffer.data, length); | ||
157 | |||
158 | /* overwrite buffer */ | ||
159 | memmove (session->internals.application_data_buffer.data, | ||
160 | &session->internals.application_data_buffer.data[length], | ||
161 | session->internals.application_data_buffer.length); | ||
162 | |||
163 | /* we do no longer realloc the application_data_buffer.data, | ||
164 | * since it serves no practical reason. It also decreases | ||
165 | * performance. | ||
166 | */ | ||
167 | break; | ||
168 | |||
169 | case GNUTLS_HANDSHAKE: | ||
170 | if (length > session->internals.handshake_data_buffer.length) | ||
171 | { | ||
172 | length = session->internals.handshake_data_buffer.length; | ||
173 | } | ||
174 | |||
175 | MHD__gnutls_buffers_log ("BUF[REC][HD]: Read %d bytes of Data(%d)\n", | ||
176 | length, type); | ||
177 | |||
178 | session->internals.handshake_data_buffer.length -= length; | ||
179 | memcpy (data, session->internals.handshake_data_buffer.data, length); | ||
180 | |||
181 | /* overwrite buffer */ | ||
182 | memmove (session->internals.handshake_data_buffer.data, | ||
183 | &session->internals.handshake_data_buffer.data[length], | ||
184 | session->internals.handshake_data_buffer.length); | ||
185 | |||
186 | break; | ||
187 | |||
188 | case GNUTLS_INNER_APPLICATION: | ||
189 | if (length > session->internals.ia_data_buffer.length) | ||
190 | length = session->internals.ia_data_buffer.length; | ||
191 | |||
192 | MHD__gnutls_buffers_log ("BUF[REC][IA]: Read %d bytes of Data(%d)\n", | ||
193 | length, type); | ||
194 | |||
195 | session->internals.ia_data_buffer.length -= length; | ||
196 | memcpy (data, session->internals.ia_data_buffer.data, length); | ||
197 | |||
198 | /* overwrite buffer */ | ||
199 | memmove (session->internals.ia_data_buffer.data, | ||
200 | &session->internals.ia_data_buffer.data[length], | ||
201 | session->internals.ia_data_buffer.length); | ||
202 | |||
203 | break; | ||
204 | |||
205 | default: | ||
206 | MHD_gnutls_assert (); | ||
207 | return GNUTLS_E_INVALID_REQUEST; | ||
208 | } | ||
209 | |||
210 | return length; | ||
211 | } | ||
212 | |||
213 | /* This function is like read. But it does not return -1 on error. | ||
214 | * It does return MHD_gnutls_errno instead. | ||
215 | * | ||
216 | * Flags are only used if the default recv() function is being used. | ||
217 | */ | ||
218 | static ssize_t | ||
219 | MHD__gnutls_read (MHD_gtls_session_t session, void *iptr, | ||
220 | size_t sizeOfPtr, int flags) | ||
221 | { | ||
222 | size_t left; | ||
223 | ssize_t i = 0; | ||
224 | char *ptr = iptr; | ||
225 | MHD_gnutls_transport_ptr_t fd = session->internals.transport_recv_ptr; | ||
226 | |||
227 | session->internals.direction = 0; | ||
228 | |||
229 | left = sizeOfPtr; | ||
230 | while (left > 0) | ||
231 | { | ||
232 | session->internals.errnum = 0; | ||
233 | if (session->internals.MHD__gnutls_pull_func == NULL) | ||
234 | { | ||
235 | i = | ||
236 | recv (GNUTLS_POINTER_TO_INT (fd), &ptr[sizeOfPtr - left], left, | ||
237 | flags); | ||
238 | #if HAVE_WINSOCK | ||
239 | if (i < 0) | ||
240 | { | ||
241 | int tmperr = WSAGetLastError (); | ||
242 | switch (tmperr) | ||
243 | { | ||
244 | case WSAEWOULDBLOCK: | ||
245 | session->internals.errnum = EAGAIN; | ||
246 | break; | ||
247 | |||
248 | case WSAEINTR: | ||
249 | session->internals.errnum = EINTR; | ||
250 | break; | ||
251 | |||
252 | default: | ||
253 | session->internals.errnum = EIO; | ||
254 | break; | ||
255 | } | ||
256 | WSASetLastError (tmperr); | ||
257 | } | ||
258 | #endif | ||
259 | } | ||
260 | else | ||
261 | i = session->internals.MHD__gnutls_pull_func (fd, | ||
262 | &ptr[sizeOfPtr - left], | ||
263 | left); | ||
264 | if (i < 0) | ||
265 | { | ||
266 | int err = session->internals.errnum ? session->internals.errnum | ||
267 | : errno; | ||
268 | if ( (err == EAGAIN) || (err == EINTR) ) | ||
269 | { | ||
270 | if (sizeOfPtr - left > 0) | ||
271 | goto finish; | ||
272 | MHD_gnutls_assert (); | ||
273 | if (err == EAGAIN) | ||
274 | return GNUTLS_E_AGAIN; | ||
275 | return GNUTLS_E_INTERRUPTED; | ||
276 | } | ||
277 | else | ||
278 | { | ||
279 | MHD_gnutls_assert (); | ||
280 | return GNUTLS_E_PULL_ERROR; | ||
281 | } | ||
282 | } | ||
283 | else | ||
284 | { | ||
285 | if (i == 0) | ||
286 | break; /* EOF */ | ||
287 | } | ||
288 | left -= i; | ||
289 | } | ||
290 | |||
291 | finish: | ||
292 | return (sizeOfPtr - left); | ||
293 | } | ||
294 | |||
295 | #define RCVLOWAT session->internals.lowat | ||
296 | |||
297 | /* This function is only used with berkeley style sockets. | ||
298 | * Clears the peeked data (read with MSG_PEEK). | ||
299 | */ | ||
300 | int | ||
301 | MHD_gtls_io_clear_peeked_data (MHD_gtls_session_t session) | ||
302 | { | ||
303 | char *peekdata; | ||
304 | int ret, sum; | ||
305 | |||
306 | if (session->internals.have_peeked_data == 0 || RCVLOWAT == 0) | ||
307 | return 0; | ||
308 | |||
309 | peekdata = MHD_gnutls_alloca (RCVLOWAT); | ||
310 | if (peekdata == NULL) | ||
311 | { | ||
312 | MHD_gnutls_assert (); | ||
313 | return GNUTLS_E_MEMORY_ERROR; | ||
314 | } | ||
315 | |||
316 | /* this was already read by using MSG_PEEK - so it shouldn't fail */ | ||
317 | sum = 0; | ||
318 | do | ||
319 | { /* we need this to finish now */ | ||
320 | ret = MHD__gnutls_read (session, peekdata, RCVLOWAT - sum, 0); | ||
321 | if (ret > 0) | ||
322 | sum += ret; | ||
323 | } | ||
324 | while ( (ret == GNUTLS_E_INTERRUPTED) || | ||
325 | (ret == GNUTLS_E_AGAIN) || | ||
326 | (sum < RCVLOWAT) ); | ||
327 | |||
328 | MHD_gnutls_afree (peekdata); | ||
329 | |||
330 | if (ret < 0) | ||
331 | { | ||
332 | MHD_gnutls_assert (); | ||
333 | return ret; | ||
334 | } | ||
335 | |||
336 | session->internals.have_peeked_data = 0; | ||
337 | |||
338 | return 0; | ||
339 | } | ||
340 | |||
341 | void | ||
342 | MHD_gtls_io_clear_read_buffer (MHD_gtls_session_t session) | ||
343 | { | ||
344 | session->internals.record_recv_buffer.length = 0; | ||
345 | } | ||
346 | |||
347 | /* This function is like recv(with MSG_PEEK). But it does not return -1 on error. | ||
348 | * It does return MHD_gnutls_errno instead. | ||
349 | * This function reads data from the socket and keeps them in a buffer, of up to | ||
350 | * MAX_RECV_SIZE. | ||
351 | * | ||
352 | * This is not a general purpose function. It returns EXACTLY the data requested, | ||
353 | * which are stored in a local (in the session) buffer. A pointer (iptr) to this buffer is returned. | ||
354 | * | ||
355 | */ | ||
356 | ssize_t | ||
357 | MHD_gtls_io_read_buffered (MHD_gtls_session_t session, opaque ** iptr, | ||
358 | size_t sizeOfPtr, content_type_t recv_type) | ||
359 | { | ||
360 | ssize_t ret = 0, ret2 = 0; | ||
361 | size_t min; | ||
362 | int buf_pos; | ||
363 | opaque *buf; | ||
364 | int recvlowat; | ||
365 | int recvdata, alloc_size; | ||
366 | |||
367 | *iptr = session->internals.record_recv_buffer.data; | ||
368 | |||
369 | if (sizeOfPtr > MAX_RECV_SIZE || sizeOfPtr == 0) | ||
370 | { | ||
371 | MHD_gnutls_assert (); /* internal error */ | ||
372 | return GNUTLS_E_INVALID_REQUEST; | ||
373 | } | ||
374 | |||
375 | /* If an external pull function is used, then do not leave | ||
376 | * any data into the kernel buffer. | ||
377 | */ | ||
378 | if (session->internals.MHD__gnutls_pull_func != NULL) | ||
379 | { | ||
380 | recvlowat = 0; | ||
381 | } | ||
382 | else | ||
383 | { | ||
384 | /* leave peeked data to the kernel space only if application data | ||
385 | * is received and we don't have any peeked | ||
386 | * data in gnutls session. | ||
387 | */ | ||
388 | if (recv_type != GNUTLS_APPLICATION_DATA | ||
389 | && session->internals.have_peeked_data == 0) | ||
390 | recvlowat = 0; | ||
391 | else | ||
392 | recvlowat = RCVLOWAT; | ||
393 | } | ||
394 | |||
395 | /* calculate the actual size, ie. get the minimum of the | ||
396 | * buffered data and the requested data. | ||
397 | */ | ||
398 | min = MIN (session->internals.record_recv_buffer.length, sizeOfPtr); | ||
399 | if (min > 0) | ||
400 | { | ||
401 | /* if we have enough buffered data | ||
402 | * then just return them. | ||
403 | */ | ||
404 | if (min == sizeOfPtr) | ||
405 | { | ||
406 | return min; | ||
407 | } | ||
408 | } | ||
409 | |||
410 | /* min is over zero. recvdata is the data we must | ||
411 | * receive in order to return the requested data. | ||
412 | */ | ||
413 | recvdata = sizeOfPtr - min; | ||
414 | |||
415 | /* Check if the previously read data plus the new data to | ||
416 | * receive are longer than the maximum receive buffer size. | ||
417 | */ | ||
418 | if ((session->internals.record_recv_buffer.length + recvdata) | ||
419 | > MAX_RECV_SIZE) | ||
420 | { | ||
421 | MHD_gnutls_assert (); /* internal error */ | ||
422 | return GNUTLS_E_INVALID_REQUEST; | ||
423 | } | ||
424 | |||
425 | /* Allocate the data required to store the new packet. | ||
426 | */ | ||
427 | alloc_size = recvdata + session->internals.record_recv_buffer.length; | ||
428 | session->internals.record_recv_buffer.data = | ||
429 | MHD_gtls_realloc_fast (session->internals.record_recv_buffer.data, | ||
430 | alloc_size); | ||
431 | if (session->internals.record_recv_buffer.data == NULL) | ||
432 | { | ||
433 | MHD_gnutls_assert (); | ||
434 | return GNUTLS_E_MEMORY_ERROR; | ||
435 | } | ||
436 | |||
437 | buf_pos = session->internals.record_recv_buffer.length; | ||
438 | buf = session->internals.record_recv_buffer.data; | ||
439 | *iptr = buf; | ||
440 | |||
441 | /* READ DATA - but leave RCVLOWAT bytes in the kernel buffer. */ | ||
442 | if (recvdata - recvlowat > 0) | ||
443 | { | ||
444 | ret = | ||
445 | MHD__gnutls_read (session, &buf[buf_pos], recvdata - recvlowat, 0); | ||
446 | |||
447 | /* return immediately if we got an interrupt or eagain | ||
448 | * error. | ||
449 | */ | ||
450 | if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0) | ||
451 | { | ||
452 | return ret; | ||
453 | } | ||
454 | } | ||
455 | |||
456 | /* copy fresh data to our buffer. | ||
457 | */ | ||
458 | if (ret > 0) | ||
459 | { | ||
460 | MHD__gnutls_read_log | ||
461 | ("RB: Have %d bytes into buffer. Adding %d bytes.\n", | ||
462 | session->internals.record_recv_buffer.length, ret); | ||
463 | MHD__gnutls_read_log ("RB: Requested %d bytes\n", sizeOfPtr); | ||
464 | session->internals.record_recv_buffer.length += ret; | ||
465 | } | ||
466 | |||
467 | buf_pos = session->internals.record_recv_buffer.length; | ||
468 | |||
469 | /* This is a hack placed in order for select to work. Just leave recvlowat data, | ||
470 | * into the kernel buffer (using a read with MSG_PEEK), thus making | ||
471 | * select think, that the socket is ready for reading. | ||
472 | * MSG_PEEK is only used with berkeley style sockets. | ||
473 | */ | ||
474 | if (ret == (recvdata - recvlowat) && recvlowat > 0) | ||
475 | { | ||
476 | ret2 = MHD__gnutls_read (session, &buf[buf_pos], recvlowat, MSG_PEEK); | ||
477 | |||
478 | if (ret2 < 0 && MHD_gtls_error_is_fatal (ret2) == 0) | ||
479 | { | ||
480 | return ret2; | ||
481 | } | ||
482 | |||
483 | if (ret2 > 0) | ||
484 | { | ||
485 | MHD__gnutls_read_log ("RB-PEEK: Read %d bytes in PEEK MODE.\n", | ||
486 | ret2); | ||
487 | MHD__gnutls_read_log | ||
488 | ("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", | ||
489 | session->internals.record_recv_buffer.length, ret2, sizeOfPtr); | ||
490 | session->internals.have_peeked_data = 1; | ||
491 | session->internals.record_recv_buffer.length += ret2; | ||
492 | |||
493 | } | ||
494 | } | ||
495 | |||
496 | if (ret < 0 || ret2 < 0) | ||
497 | { | ||
498 | MHD_gnutls_assert (); | ||
499 | /* that's because they are initialized to 0 */ | ||
500 | return MIN (ret, ret2); | ||
501 | } | ||
502 | |||
503 | ret += ret2; | ||
504 | |||
505 | if (ret > 0 && ret < recvlowat) | ||
506 | { | ||
507 | MHD_gnutls_assert (); | ||
508 | return GNUTLS_E_AGAIN; | ||
509 | } | ||
510 | |||
511 | if (ret == 0) | ||
512 | { /* EOF */ | ||
513 | MHD_gnutls_assert (); | ||
514 | return 0; | ||
515 | } | ||
516 | |||
517 | ret = session->internals.record_recv_buffer.length; | ||
518 | |||
519 | if ((ret > 0) && ((size_t) ret < sizeOfPtr)) | ||
520 | { | ||
521 | /* Short Read */ | ||
522 | MHD_gnutls_assert (); | ||
523 | return GNUTLS_E_AGAIN; | ||
524 | } | ||
525 | else | ||
526 | { | ||
527 | return ret; | ||
528 | } | ||
529 | } | ||
530 | |||
531 | /* These two functions are used to insert data to the send buffer of the handshake or | ||
532 | * record protocol. The send buffer is kept if a send is interrupted and we need to keep | ||
533 | * the data left to sent, in order to send them later. | ||
534 | */ | ||
535 | |||
536 | #define MEMSUB(x,y) ((ssize_t)((ptrdiff_t)x-(ptrdiff_t)y)) | ||
537 | |||
538 | inline static int | ||
539 | MHD__gnutls_buffer_insert (MHD_gtls_buffer * buffer, | ||
540 | const opaque * _data, size_t data_size) | ||
541 | { | ||
542 | |||
543 | if ((MEMSUB (_data, buffer->data) >= 0) | ||
544 | && (MEMSUB (_data, buffer->data) < (ssize_t) buffer->length)) | ||
545 | { | ||
546 | /* the given _data is part of the buffer. | ||
547 | */ | ||
548 | if (data_size > buffer->length) | ||
549 | { | ||
550 | MHD_gnutls_assert (); | ||
551 | /* this shouldn't have happened */ | ||
552 | return GNUTLS_E_INTERNAL_ERROR; | ||
553 | } | ||
554 | |||
555 | if (_data == buffer->data) | ||
556 | { /* then don't even memmove */ | ||
557 | buffer->length = data_size; | ||
558 | return 0; | ||
559 | } | ||
560 | |||
561 | memmove (buffer->data, _data, data_size); | ||
562 | buffer->length = data_size; | ||
563 | |||
564 | return 0; | ||
565 | |||
566 | } | ||
567 | |||
568 | if (MHD_gtls_buffer_append (buffer, _data, data_size) < 0) | ||
569 | { | ||
570 | MHD_gnutls_assert (); | ||
571 | return GNUTLS_E_MEMORY_ERROR; | ||
572 | } | ||
573 | |||
574 | return 0; | ||
575 | } | ||
576 | |||
577 | inline static int | ||
578 | MHD__gnutls_buffer_get (MHD_gtls_buffer * buffer, | ||
579 | const opaque ** ptr, size_t * ptr_size) | ||
580 | { | ||
581 | *ptr_size = buffer->length; | ||
582 | *ptr = buffer->data; | ||
583 | |||
584 | return 0; | ||
585 | } | ||
586 | |||
587 | /* This function is like write. But it does not return -1 on error. | ||
588 | * It does return MHD_gnutls_errno instead. | ||
589 | * | ||
590 | * In case of E_AGAIN and E_INTERRUPTED errors, you must call MHD_gnutls_write_flush(), | ||
591 | * until it returns ok (0). | ||
592 | * | ||
593 | * We need to push exactly the data in n, since we cannot send less | ||
594 | * data. In TLS the peer must receive the whole packet in order | ||
595 | * to decrypt and verify the integrity. | ||
596 | * | ||
597 | */ | ||
598 | ssize_t | ||
599 | MHD_gtls_io_write_buffered (MHD_gtls_session_t session, | ||
600 | const void *iptr, size_t n) | ||
601 | { | ||
602 | size_t left; | ||
603 | unsigned j, x, sum = 0; | ||
604 | ssize_t retval, i; | ||
605 | const opaque *ptr; | ||
606 | int ret; | ||
607 | MHD_gnutls_transport_ptr_t fd = session->internals.transport_send_ptr; | ||
608 | |||
609 | /* to know where the procedure was interrupted. | ||
610 | */ | ||
611 | session->internals.direction = 1; | ||
612 | |||
613 | ptr = iptr; | ||
614 | |||
615 | /* In case the previous write was interrupted, check if the | ||
616 | * iptr != NULL and we have data in the buffer. | ||
617 | * If this is true then return an error. | ||
618 | */ | ||
619 | if (session->internals.record_send_buffer.length > 0 && iptr != NULL) | ||
620 | { | ||
621 | MHD_gnutls_assert (); | ||
622 | return GNUTLS_E_INVALID_REQUEST; | ||
623 | } | ||
624 | |||
625 | /* If data in the buffer exist | ||
626 | */ | ||
627 | if (iptr == NULL) | ||
628 | { | ||
629 | /* checking is handled above */ | ||
630 | ret = | ||
631 | MHD__gnutls_buffer_get (&session->internals.record_send_buffer, &ptr, | ||
632 | &n); | ||
633 | if (ret < 0) | ||
634 | { | ||
635 | MHD_gnutls_assert (); | ||
636 | return ret; | ||
637 | } | ||
638 | |||
639 | MHD__gnutls_write_log | ||
640 | ("WRITE: Restoring old write. (%d bytes to send)\n", n); | ||
641 | } | ||
642 | |||
643 | MHD__gnutls_write_log ("WRITE: Will write %d bytes to %d.\n", n, fd); | ||
644 | |||
645 | i = 0; | ||
646 | left = n; | ||
647 | while (left > 0) | ||
648 | { | ||
649 | |||
650 | session->internals.errnum = 0; | ||
651 | |||
652 | if (session->internals.MHD__gnutls_push_func == NULL) | ||
653 | { | ||
654 | i = send (GNUTLS_POINTER_TO_INT (fd), &ptr[n - left], left, 0); | ||
655 | #if HAVE_WINSOCK | ||
656 | if (i < 0) | ||
657 | { | ||
658 | int tmperr = WSAGetLastError (); | ||
659 | switch (tmperr) | ||
660 | { | ||
661 | case WSAEWOULDBLOCK: | ||
662 | session->internals.errnum = EAGAIN; | ||
663 | break; | ||
664 | |||
665 | case WSAEINTR: | ||
666 | session->internals.errnum = EINTR; | ||
667 | break; | ||
668 | |||
669 | default: | ||
670 | session->internals.errnum = EIO; | ||
671 | break; | ||
672 | } | ||
673 | WSASetLastError (tmperr); | ||
674 | } | ||
675 | #endif | ||
676 | } | ||
677 | else | ||
678 | i = session->internals.MHD__gnutls_push_func (fd, &ptr[n - left], left); | ||
679 | if (i == -1) | ||
680 | { | ||
681 | int err = session->internals.errnum ? session->internals.errnum | ||
682 | : errno; | ||
683 | |||
684 | if ( (err == EAGAIN) || (err == EINTR) ) | ||
685 | { | ||
686 | session->internals.record_send_buffer_prev_size += n - left; | ||
687 | |||
688 | retval = | ||
689 | MHD__gnutls_buffer_insert (&session-> | ||
690 | internals.record_send_buffer, | ||
691 | &ptr[n - left], left); | ||
692 | if (retval < 0) | ||
693 | { | ||
694 | MHD_gnutls_assert (); | ||
695 | return retval; | ||
696 | } | ||
697 | if (err == EAGAIN) | ||
698 | return GNUTLS_E_AGAIN; | ||
699 | return GNUTLS_E_INTERRUPTED; | ||
700 | } | ||
701 | else | ||
702 | { | ||
703 | MHD_gnutls_assert (); | ||
704 | return GNUTLS_E_PUSH_ERROR; | ||
705 | } | ||
706 | } | ||
707 | left -= i; | ||
708 | |||
709 | if (MHD__gnutls_log_level >= 7) | ||
710 | { | ||
711 | char line[128]; | ||
712 | char tmp[16]; | ||
713 | |||
714 | MHD__gnutls_write_log | ||
715 | ("WRITE: wrote %d bytes to %d. Left %d bytes. Total %d bytes.\n", | ||
716 | i, fd, left, n); | ||
717 | for (x = 0; x < (unsigned) ((i) / 16) + 1; x++) | ||
718 | { | ||
719 | line[0] = 0; | ||
720 | |||
721 | if (sum > n - left) | ||
722 | break; | ||
723 | |||
724 | sprintf (tmp, "%.4x - ", x); | ||
725 | MHD_gtls_str_cat (line, sizeof (line), tmp); | ||
726 | |||
727 | for (j = 0; j < 16; j++) | ||
728 | { | ||
729 | if (sum < n - left) | ||
730 | { | ||
731 | sprintf (tmp, "%.2x ", ((unsigned char *) ptr)[sum++]); | ||
732 | MHD_gtls_str_cat (line, sizeof (line), tmp); | ||
733 | } | ||
734 | else | ||
735 | break; | ||
736 | } | ||
737 | MHD__gnutls_write_log ("%s\n", line); | ||
738 | } | ||
739 | } | ||
740 | } | ||
741 | |||
742 | retval = n + session->internals.record_send_buffer_prev_size; | ||
743 | |||
744 | session->internals.record_send_buffer.length = 0; | ||
745 | session->internals.record_send_buffer_prev_size = 0; | ||
746 | |||
747 | return retval; | ||
748 | |||
749 | } | ||
750 | |||
751 | /* This function writes the data that are left in the | ||
752 | * TLS write buffer (ie. because the previous write was | ||
753 | * interrupted. | ||
754 | */ | ||
755 | ssize_t | ||
756 | MHD_gtls_io_write_flush (MHD_gtls_session_t session) | ||
757 | { | ||
758 | ssize_t ret; | ||
759 | |||
760 | if (session->internals.record_send_buffer.length == 0) | ||
761 | return 0; /* done */ | ||
762 | |||
763 | ret = MHD_gtls_io_write_buffered (session, NULL, 0); | ||
764 | MHD__gnutls_write_log ("WRITE FLUSH: %d [buffer: %d]\n", ret, | ||
765 | session->internals.record_send_buffer.length); | ||
766 | |||
767 | return ret; | ||
768 | } | ||
769 | |||
770 | /* This function writes the data that are left in the | ||
771 | * Handshake write buffer (ie. because the previous write was | ||
772 | * interrupted. | ||
773 | */ | ||
774 | ssize_t | ||
775 | MHD_gtls_handshake_io_write_flush (MHD_gtls_session_t session) | ||
776 | { | ||
777 | ssize_t ret; | ||
778 | ret = MHD_gtls_handshake_io_send_int (session, 0, 0, NULL, 0); | ||
779 | if (ret < 0) | ||
780 | { | ||
781 | MHD_gnutls_assert (); | ||
782 | return ret; | ||
783 | } | ||
784 | |||
785 | MHD__gnutls_write_log ("HANDSHAKE_FLUSH: written[1] %d bytes\n", ret); | ||
786 | |||
787 | if (session->internals.handshake_send_buffer.length == 0) | ||
788 | { | ||
789 | ret = session->internals.handshake_send_buffer_prev_size; /* done */ | ||
790 | session->internals.handshake_send_buffer_prev_size = 0; | ||
791 | } | ||
792 | |||
793 | return ret; | ||
794 | } | ||
795 | |||
796 | /* This is a send function for the gnutls handshake | ||
797 | * protocol. Just makes sure that all data have been sent. | ||
798 | */ | ||
799 | ssize_t | ||
800 | MHD_gtls_handshake_io_send_int (MHD_gtls_session_t session, | ||
801 | content_type_t type, | ||
802 | MHD_gnutls_handshake_description_t htype, | ||
803 | const void *iptr, size_t n) | ||
804 | { | ||
805 | size_t left; | ||
806 | ssize_t ret = 0; | ||
807 | const opaque *ptr; | ||
808 | ssize_t retval = 0; | ||
809 | |||
810 | ptr = iptr; | ||
811 | |||
812 | if (session->internals.handshake_send_buffer.length > 0 && ptr == NULL && n | ||
813 | == 0) | ||
814 | { | ||
815 | /* resuming previously interrupted write | ||
816 | */ | ||
817 | MHD_gnutls_assert (); | ||
818 | ret = MHD__gnutls_buffer_get (&session->internals.handshake_send_buffer, | ||
819 | &ptr, &n); | ||
820 | if (ret < 0) | ||
821 | { | ||
822 | MHD_gnutls_assert (); | ||
823 | return retval; | ||
824 | } | ||
825 | |||
826 | type = session->internals.handshake_send_buffer_type; | ||
827 | htype = session->internals.handshake_send_buffer_htype; | ||
828 | |||
829 | } | ||
830 | else if (session->internals.handshake_send_buffer.length > 0) | ||
831 | { | ||
832 | MHD_gnutls_assert (); | ||
833 | return GNUTLS_E_INTERNAL_ERROR; | ||
834 | } | ||
835 | #ifdef WRITE_DEBUG | ||
836 | else | ||
837 | { | ||
838 | size_t sum = 0, x, j; | ||
839 | |||
840 | MHD__gnutls_write_log ("HWRITE: will write %d bytes to %d.\n", n, | ||
841 | MHD_gnutls_transport_get_ptr (session)); | ||
842 | for (x = 0; x < ((n) / 16) + 1; x++) | ||
843 | { | ||
844 | if (sum > n) | ||
845 | break; | ||
846 | |||
847 | MHD__gnutls_write_log ("%.4x - ", x); | ||
848 | for (j = 0; j < 16; j++) | ||
849 | { | ||
850 | if (sum < n) | ||
851 | { | ||
852 | MHD__gnutls_write_log ("%.2x ", | ||
853 | ((unsigned char *) ptr)[sum++]); | ||
854 | } | ||
855 | else | ||
856 | break; | ||
857 | } | ||
858 | MHD__gnutls_write_log ("\n"); | ||
859 | } | ||
860 | MHD__gnutls_write_log ("\n"); | ||
861 | } | ||
862 | #endif | ||
863 | |||
864 | if (n == 0) | ||
865 | { /* if we have no data to send */ | ||
866 | MHD_gnutls_assert (); | ||
867 | return 0; | ||
868 | } | ||
869 | else if (ptr == NULL) | ||
870 | { | ||
871 | MHD_gnutls_assert (); | ||
872 | return GNUTLS_E_INTERNAL_ERROR; | ||
873 | } | ||
874 | |||
875 | left = n; | ||
876 | while (left > 0) | ||
877 | { | ||
878 | ret = MHD_gtls_send_int (session, type, htype, &ptr[n - left], left); | ||
879 | |||
880 | if (ret <= 0) | ||
881 | { | ||
882 | if (ret == 0) | ||
883 | { | ||
884 | MHD_gnutls_assert (); | ||
885 | ret = GNUTLS_E_INTERNAL_ERROR; | ||
886 | } | ||
887 | |||
888 | if (left > 0 && (ret == GNUTLS_E_INTERRUPTED || ret | ||
889 | == GNUTLS_E_AGAIN)) | ||
890 | { | ||
891 | MHD_gnutls_assert (); | ||
892 | |||
893 | retval = | ||
894 | MHD__gnutls_buffer_insert (&session->internals. | ||
895 | handshake_send_buffer, | ||
896 | &ptr[n - left], left); | ||
897 | if (retval < 0) | ||
898 | { | ||
899 | MHD_gnutls_assert (); | ||
900 | return retval; | ||
901 | } | ||
902 | |||
903 | session->internals.handshake_send_buffer_prev_size += n - left; | ||
904 | |||
905 | session->internals.handshake_send_buffer_type = type; | ||
906 | session->internals.handshake_send_buffer_htype = htype; | ||
907 | |||
908 | } | ||
909 | else | ||
910 | { | ||
911 | session->internals.handshake_send_buffer_prev_size = 0; | ||
912 | session->internals.handshake_send_buffer.length = 0; | ||
913 | } | ||
914 | |||
915 | MHD_gnutls_assert (); | ||
916 | return ret; | ||
917 | } | ||
918 | left -= ret; | ||
919 | } | ||
920 | |||
921 | retval = n + session->internals.handshake_send_buffer_prev_size; | ||
922 | |||
923 | session->internals.handshake_send_buffer.length = 0; | ||
924 | session->internals.handshake_send_buffer_prev_size = 0; | ||
925 | |||
926 | return retval; | ||
927 | |||
928 | } | ||
929 | |||
930 | /* This is a receive function for the gnutls handshake | ||
931 | * protocol. Makes sure that we have received all data. | ||
932 | */ | ||
933 | ssize_t | ||
934 | MHD_gtls_handshake_io_recv_int (MHD_gtls_session_t session, | ||
935 | content_type_t type, | ||
936 | MHD_gnutls_handshake_description_t htype, | ||
937 | void *iptr, size_t sizeOfPtr) | ||
938 | { | ||
939 | size_t left; | ||
940 | ssize_t i; | ||
941 | opaque *ptr; | ||
942 | size_t dsize; | ||
943 | |||
944 | ptr = iptr; | ||
945 | left = sizeOfPtr; | ||
946 | |||
947 | if (sizeOfPtr == 0 || iptr == NULL) | ||
948 | { | ||
949 | MHD_gnutls_assert (); | ||
950 | return GNUTLS_E_INVALID_REQUEST; | ||
951 | } | ||
952 | |||
953 | if (session->internals.handshake_recv_buffer.length > 0) | ||
954 | { | ||
955 | /* if we have already received some data */ | ||
956 | if (sizeOfPtr <= session->internals.handshake_recv_buffer.length) | ||
957 | { | ||
958 | /* if requested less data then return it. | ||
959 | */ | ||
960 | MHD_gnutls_assert (); | ||
961 | memcpy (iptr, session->internals.handshake_recv_buffer.data, | ||
962 | sizeOfPtr); | ||
963 | |||
964 | session->internals.handshake_recv_buffer.length -= sizeOfPtr; | ||
965 | |||
966 | memmove (session->internals.handshake_recv_buffer.data, | ||
967 | &session->internals.handshake_recv_buffer.data[sizeOfPtr], | ||
968 | session->internals.handshake_recv_buffer.length); | ||
969 | |||
970 | return sizeOfPtr; | ||
971 | } | ||
972 | MHD_gnutls_assert (); | ||
973 | memcpy (iptr, session->internals.handshake_recv_buffer.data, | ||
974 | session->internals.handshake_recv_buffer.length); | ||
975 | |||
976 | htype = session->internals.handshake_recv_buffer_htype; | ||
977 | type = session->internals.handshake_recv_buffer_type; | ||
978 | |||
979 | left -= session->internals.handshake_recv_buffer.length; | ||
980 | |||
981 | session->internals.handshake_recv_buffer.length = 0; | ||
982 | } | ||
983 | |||
984 | while (left > 0) | ||
985 | { | ||
986 | dsize = sizeOfPtr - left; | ||
987 | i = MHD_gtls_recv_int (session, type, htype, &ptr[dsize], left); | ||
988 | if (i < 0) | ||
989 | { | ||
990 | |||
991 | if (dsize > 0 && (i == GNUTLS_E_INTERRUPTED || i == GNUTLS_E_AGAIN)) | ||
992 | { | ||
993 | MHD_gnutls_assert (); | ||
994 | |||
995 | session->internals.handshake_recv_buffer.data | ||
996 | = | ||
997 | MHD_gtls_realloc_fast (session->internals. | ||
998 | handshake_recv_buffer.data, dsize); | ||
999 | if (session->internals.handshake_recv_buffer.data == NULL) | ||
1000 | { | ||
1001 | MHD_gnutls_assert (); | ||
1002 | return GNUTLS_E_MEMORY_ERROR; | ||
1003 | } | ||
1004 | |||
1005 | memcpy (session->internals.handshake_recv_buffer.data, iptr, | ||
1006 | dsize); | ||
1007 | |||
1008 | session->internals.handshake_recv_buffer_htype = htype; | ||
1009 | session->internals.handshake_recv_buffer_type = type; | ||
1010 | |||
1011 | session->internals.handshake_recv_buffer.length = dsize; | ||
1012 | } | ||
1013 | else | ||
1014 | session->internals.handshake_recv_buffer.length = 0; | ||
1015 | |||
1016 | MHD_gnutls_assert (); | ||
1017 | |||
1018 | return i; | ||
1019 | } | ||
1020 | else | ||
1021 | { | ||
1022 | if (i == 0) | ||
1023 | break; /* EOF */ | ||
1024 | } | ||
1025 | |||
1026 | left -= i; | ||
1027 | |||
1028 | } | ||
1029 | |||
1030 | session->internals.handshake_recv_buffer.length = 0; | ||
1031 | |||
1032 | return sizeOfPtr - left; | ||
1033 | } | ||
1034 | |||
1035 | /* Buffer for handshake packets. Keeps the packets in order | ||
1036 | * for finished messages to use them. Used in HMAC calculation | ||
1037 | * and finished messages. | ||
1038 | */ | ||
1039 | int | ||
1040 | MHD_gtls_handshake_buffer_put (MHD_gtls_session_t session, opaque * data, | ||
1041 | size_t length) | ||
1042 | { | ||
1043 | |||
1044 | if (length == 0) | ||
1045 | return 0; | ||
1046 | |||
1047 | if ((session->internals.max_handshake_data_buffer_size > 0) && ((length | ||
1048 | + | ||
1049 | session-> | ||
1050 | internals. | ||
1051 | handshake_hash_buffer. | ||
1052 | length) > | ||
1053 | session-> | ||
1054 | internals. | ||
1055 | max_handshake_data_buffer_size)) | ||
1056 | { | ||
1057 | MHD_gnutls_assert (); | ||
1058 | return GNUTLS_E_MEMORY_ERROR; | ||
1059 | } | ||
1060 | |||
1061 | MHD__gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data\n", length); | ||
1062 | |||
1063 | if (MHD_gtls_buffer_append (&session->internals.handshake_hash_buffer, data, | ||
1064 | length) < 0) | ||
1065 | { | ||
1066 | MHD_gnutls_assert (); | ||
1067 | return GNUTLS_E_MEMORY_ERROR; | ||
1068 | } | ||
1069 | |||
1070 | return 0; | ||
1071 | } | ||
1072 | |||
1073 | /* this function does not touch the buffer | ||
1074 | * and returns data from it (peek mode!) | ||
1075 | */ | ||
1076 | int | ||
1077 | MHD_gtls_handshake_buffer_get_ptr (MHD_gtls_session_t session, | ||
1078 | opaque ** data_ptr, size_t * length) | ||
1079 | { | ||
1080 | if (length != NULL) | ||
1081 | *length = session->internals.handshake_hash_buffer.length; | ||
1082 | |||
1083 | MHD__gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", | ||
1084 | session->internals.handshake_hash_buffer.length); | ||
1085 | |||
1086 | if (data_ptr != NULL) | ||
1087 | *data_ptr = session->internals.handshake_hash_buffer.data; | ||
1088 | |||
1089 | return 0; | ||
1090 | } | ||
1091 | |||
1092 | /* Does not free the buffer | ||
1093 | */ | ||
1094 | int | ||
1095 | MHD_gtls_handshake_buffer_empty (MHD_gtls_session_t session) | ||
1096 | { | ||
1097 | |||
1098 | MHD__gnutls_buffers_log ("BUF[HSK]: Emptied buffer\n"); | ||
1099 | |||
1100 | session->internals.handshake_hash_buffer.length = 0; | ||
1101 | |||
1102 | return 0; | ||
1103 | } | ||
1104 | |||
1105 | int | ||
1106 | MHD_gtls_handshake_buffer_clear (MHD_gtls_session_t session) | ||
1107 | { | ||
1108 | MHD__gnutls_buffers_log ("BUF[HSK]: Cleared Data from buffer\n"); | ||
1109 | MHD_gtls_buffer_clear (&session->internals.handshake_hash_buffer); | ||
1110 | return 0; | ||
1111 | } | ||
diff --git a/src/daemon/https/tls/gnutls_buffers.h b/src/daemon/https/tls/gnutls_buffers.h deleted file mode 100644 index e09506ac..00000000 --- a/src/daemon/https/tls/gnutls_buffers.h +++ /dev/null | |||
@@ -1,64 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | int MHD_gnutls_record_buffer_put (content_type_t type, | ||
26 | MHD_gtls_session_t session, opaque * data, | ||
27 | size_t length); | ||
28 | int MHD_gnutls_record_buffer_get_size (content_type_t type, | ||
29 | MHD_gtls_session_t session); | ||
30 | int MHD_gtls_record_buffer_get (content_type_t type, | ||
31 | MHD_gtls_session_t session, opaque * data, | ||
32 | size_t length); | ||
33 | ssize_t MHD_gtls_io_read_buffered (MHD_gtls_session_t, opaque ** iptr, | ||
34 | size_t n, content_type_t); | ||
35 | void MHD_gtls_io_clear_read_buffer (MHD_gtls_session_t); | ||
36 | int MHD_gtls_io_clear_peeked_data (MHD_gtls_session_t session); | ||
37 | |||
38 | ssize_t MHD_gtls_io_write_buffered (MHD_gtls_session_t, const void *iptr, | ||
39 | size_t n); | ||
40 | ssize_t MHD_gtls_io_write_buffered2 (MHD_gtls_session_t, const void *iptr, | ||
41 | size_t n, const void *iptr2, size_t n2); | ||
42 | |||
43 | int MHD_gtls_handshake_buffer_put (MHD_gtls_session_t session, opaque * data, | ||
44 | size_t length); | ||
45 | int MHD_gtls_handshake_buffer_clear (MHD_gtls_session_t session); | ||
46 | int MHD_gtls_handshake_buffer_empty (MHD_gtls_session_t session); | ||
47 | int MHD_gtls_handshake_buffer_get_ptr (MHD_gtls_session_t session, | ||
48 | opaque ** data_ptr, size_t * length); | ||
49 | |||
50 | #define MHD__gnutls_handshake_io_buffer_clear( session) \ | ||
51 | MHD_gtls_buffer_clear( &session->internals.handshake_send_buffer); \ | ||
52 | MHD_gtls_buffer_clear( &session->internals.handshake_recv_buffer); \ | ||
53 | session->internals.handshake_send_buffer_prev_size = 0 | ||
54 | |||
55 | ssize_t MHD_gtls_handshake_io_recv_int (MHD_gtls_session_t, content_type_t, | ||
56 | MHD_gnutls_handshake_description_t, | ||
57 | void *, size_t); | ||
58 | ssize_t MHD_gtls_handshake_io_send_int (MHD_gtls_session_t, content_type_t, | ||
59 | MHD_gnutls_handshake_description_t, | ||
60 | const void *, size_t); | ||
61 | ssize_t MHD_gtls_io_write_flush (MHD_gtls_session_t session); | ||
62 | ssize_t MHD_gtls_handshake_io_write_flush (MHD_gtls_session_t session); | ||
63 | |||
64 | size_t MHD_gtls_record_check_pending (MHD_gtls_session_t session); | ||
diff --git a/src/daemon/https/tls/gnutls_cert.c b/src/daemon/https/tls/gnutls_cert.c deleted file mode 100644 index c546b607..00000000 --- a/src/daemon/https/tls/gnutls_cert.c +++ /dev/null | |||
@@ -1,441 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* Some of the stuff needed for Certificate authentication is contained | ||
26 | * in this file. | ||
27 | */ | ||
28 | |||
29 | #include <gnutls_int.h> | ||
30 | #include <gnutls_errors.h> | ||
31 | #include <auth_cert.h> | ||
32 | #include <gnutls_cert.h> | ||
33 | #include <gnutls_datum.h> | ||
34 | #include <gnutls_mpi.h> | ||
35 | #include <gnutls_global.h> | ||
36 | #include <gnutls_algorithms.h> | ||
37 | #include <gnutls_dh.h> | ||
38 | #include <gnutls_str.h> | ||
39 | #include <gnutls_state.h> | ||
40 | #include <gnutls_auth_int.h> | ||
41 | #include <gnutls_x509.h> | ||
42 | /* x509 */ | ||
43 | #include "x509.h" | ||
44 | #include "mpi.h" | ||
45 | |||
46 | /** | ||
47 | * MHD__gnutls_certificate_free_keys - Used to free all the keys from a MHD_gtls_cert_credentials_t structure | ||
48 | * @sc: is an #MHD_gtls_cert_credentials_t structure. | ||
49 | * | ||
50 | * This function will delete all the keys and the certificates associated | ||
51 | * with the given credentials. This function must not be called when a | ||
52 | * TLS negotiation that uses the credentials is in progress. | ||
53 | * | ||
54 | **/ | ||
55 | void | ||
56 | MHD__gnutls_certificate_free_keys (MHD_gtls_cert_credentials_t sc) | ||
57 | { | ||
58 | unsigned i, j; | ||
59 | |||
60 | for (i = 0; i < sc->ncerts; i++) | ||
61 | { | ||
62 | for (j = 0; j < sc->cert_list_length[i]; j++) | ||
63 | { | ||
64 | MHD_gtls_gcert_deinit (&sc->cert_list[i][j]); | ||
65 | } | ||
66 | MHD_gnutls_free (sc->cert_list[i]); | ||
67 | } | ||
68 | |||
69 | MHD_gnutls_free (sc->cert_list_length); | ||
70 | sc->cert_list_length = NULL; | ||
71 | |||
72 | MHD_gnutls_free (sc->cert_list); | ||
73 | sc->cert_list = NULL; | ||
74 | |||
75 | for (i = 0; i < sc->ncerts; i++) | ||
76 | { | ||
77 | MHD_gtls_gkey_deinit (&sc->pkey[i]); | ||
78 | } | ||
79 | |||
80 | MHD_gnutls_free (sc->pkey); | ||
81 | sc->pkey = NULL; | ||
82 | |||
83 | sc->ncerts = 0; | ||
84 | |||
85 | } | ||
86 | |||
87 | /** | ||
88 | * MHD__gnutls_certificate_free_cas - Used to free all the CAs from a MHD_gtls_cert_credentials_t structure | ||
89 | * @sc: is an #MHD_gtls_cert_credentials_t structure. | ||
90 | * | ||
91 | * This function will delete all the CAs associated | ||
92 | * with the given credentials. Servers that do not use | ||
93 | * MHD_gtls_certificate_verify_peers2() may call this to | ||
94 | * save some memory. | ||
95 | * | ||
96 | **/ | ||
97 | void | ||
98 | MHD__gnutls_certificate_free_cas (MHD_gtls_cert_credentials_t sc) | ||
99 | { | ||
100 | unsigned j; | ||
101 | |||
102 | for (j = 0; j < sc->x509_ncas; j++) | ||
103 | { | ||
104 | MHD_gnutls_x509_crt_deinit (sc->x509_ca_list[j]); | ||
105 | } | ||
106 | |||
107 | sc->x509_ncas = 0; | ||
108 | |||
109 | MHD_gnutls_free (sc->x509_ca_list); | ||
110 | sc->x509_ca_list = NULL; | ||
111 | |||
112 | } | ||
113 | |||
114 | /** | ||
115 | * MHD__gnutls_certificate_free_ca_names - Used to free all the CA names from a MHD_gtls_cert_credentials_t structure | ||
116 | * @sc: is an #MHD_gtls_cert_credentials_t structure. | ||
117 | * | ||
118 | * This function will delete all the CA name in the | ||
119 | * given credentials. Clients may call this to save some memory | ||
120 | * since in client side the CA names are not used. | ||
121 | * | ||
122 | * CA names are used by servers to advertize the CAs they | ||
123 | * support to clients. | ||
124 | * | ||
125 | **/ | ||
126 | void | ||
127 | MHD__gnutls_certificate_free_ca_names (MHD_gtls_cert_credentials_t sc) | ||
128 | { | ||
129 | MHD__gnutls_free_datum (&sc->x509_rdn_sequence); | ||
130 | } | ||
131 | |||
132 | /*- | ||
133 | * MHD_gtls_certificate_get_rsa_params - Returns the RSA parameters pointer | ||
134 | * @rsa_params: holds the RSA parameters or NULL. | ||
135 | * @func: function to retrieve the parameters or NULL. | ||
136 | * @session: The session. | ||
137 | * | ||
138 | * This function will return the rsa parameters pointer. | ||
139 | * | ||
140 | -*/ | ||
141 | MHD_gtls_rsa_params_t | ||
142 | MHD_gtls_certificate_get_rsa_params (MHD_gtls_rsa_params_t rsa_params, | ||
143 | MHD_gnutls_params_function * func, | ||
144 | MHD_gtls_session_t session) | ||
145 | { | ||
146 | MHD_gnutls_params_st params; | ||
147 | int ret; | ||
148 | |||
149 | if (session->internals.params.rsa_params) | ||
150 | { | ||
151 | return session->internals.params.rsa_params; | ||
152 | } | ||
153 | |||
154 | if (rsa_params) | ||
155 | { | ||
156 | session->internals.params.rsa_params = rsa_params; | ||
157 | } | ||
158 | else if (func) | ||
159 | { | ||
160 | ret = func (session, GNUTLS_PARAMS_RSA_EXPORT, ¶ms); | ||
161 | if (ret == 0 && params.type == GNUTLS_PARAMS_RSA_EXPORT) | ||
162 | { | ||
163 | session->internals.params.rsa_params = params.params.rsa_export; | ||
164 | session->internals.params.free_rsa_params = params.deinit; | ||
165 | } | ||
166 | } | ||
167 | |||
168 | return session->internals.params.rsa_params; | ||
169 | } | ||
170 | |||
171 | |||
172 | /** | ||
173 | * MHD__gnutls_certificate_free_credentials - Used to free an allocated MHD_gtls_cert_credentials_t structure | ||
174 | * @sc: is an #MHD_gtls_cert_credentials_t structure. | ||
175 | * | ||
176 | * This structure is complex enough to manipulate directly thus | ||
177 | * this helper function is provided in order to free (deallocate) it. | ||
178 | * | ||
179 | * This function does not free any temporary parameters associated | ||
180 | * with this structure (ie RSA and DH parameters are not freed by | ||
181 | * this function). | ||
182 | **/ | ||
183 | void | ||
184 | MHD__gnutls_certificate_free_credentials (MHD_gtls_cert_credentials_t sc) | ||
185 | { | ||
186 | MHD__gnutls_certificate_free_keys (sc); | ||
187 | MHD__gnutls_certificate_free_cas (sc); | ||
188 | MHD__gnutls_certificate_free_ca_names (sc); | ||
189 | #ifdef KEYRING_HACK | ||
190 | MHD__gnutls_free_datum (&sc->keyring); | ||
191 | #endif | ||
192 | |||
193 | MHD_gnutls_free (sc); | ||
194 | } | ||
195 | |||
196 | |||
197 | /** | ||
198 | * MHD__gnutls_certificate_allocate_credentials - Used to allocate a MHD_gtls_cert_credentials_t structure | ||
199 | * @res: is a pointer to an #MHD_gtls_cert_credentials_t structure. | ||
200 | * | ||
201 | * This structure is complex enough to manipulate directly thus this | ||
202 | * helper function is provided in order to allocate it. | ||
203 | * | ||
204 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code. | ||
205 | **/ | ||
206 | int | ||
207 | MHD__gnutls_certificate_allocate_credentials (MHD_gtls_cert_credentials_t * | ||
208 | res) | ||
209 | { | ||
210 | *res = MHD_gnutls_calloc (1, sizeof (MHD_gtls_cert_credentials_st)); | ||
211 | |||
212 | if (*res == NULL) | ||
213 | return GNUTLS_E_MEMORY_ERROR; | ||
214 | |||
215 | (*res)->verify_bits = DEFAULT_VERIFY_BITS; | ||
216 | (*res)->verify_depth = DEFAULT_VERIFY_DEPTH; | ||
217 | |||
218 | return 0; | ||
219 | } | ||
220 | |||
221 | |||
222 | /* returns the KX algorithms that are supported by a | ||
223 | * certificate. (Eg a certificate with RSA params, supports | ||
224 | * GNUTLS_KX_RSA algorithm). | ||
225 | * This function also uses the KeyUsage field of the certificate | ||
226 | * extensions in order to disable unneded algorithms. | ||
227 | */ | ||
228 | int | ||
229 | MHD_gtls_selected_cert_supported_kx (MHD_gtls_session_t session, | ||
230 | enum MHD_GNUTLS_KeyExchangeAlgorithm | ||
231 | **alg, int *alg_size) | ||
232 | { | ||
233 | enum MHD_GNUTLS_KeyExchangeAlgorithm kx; | ||
234 | enum MHD_GNUTLS_PublicKeyAlgorithm pk; | ||
235 | enum MHD_GNUTLS_KeyExchangeAlgorithm kxlist[MAX_ALGOS]; | ||
236 | MHD_gnutls_cert *cert; | ||
237 | int i; | ||
238 | |||
239 | if (session->internals.selected_cert_list_length == 0) | ||
240 | { | ||
241 | *alg_size = 0; | ||
242 | *alg = NULL; | ||
243 | return 0; | ||
244 | } | ||
245 | |||
246 | cert = &session->internals.selected_cert_list[0]; | ||
247 | i = 0; | ||
248 | |||
249 | for (kx = 0; kx < MAX_ALGOS; kx++) | ||
250 | { | ||
251 | pk = MHD_gtls_map_pk_get_pk (kx); | ||
252 | if (pk == cert->subject_pk_algorithm) | ||
253 | { | ||
254 | /* then check key usage */ | ||
255 | if (MHD__gnutls_check_key_usage (cert, kx) == 0) | ||
256 | { | ||
257 | kxlist[i] = kx; | ||
258 | i++; | ||
259 | } | ||
260 | } | ||
261 | } | ||
262 | |||
263 | if (i == 0) | ||
264 | { | ||
265 | MHD_gnutls_assert (); | ||
266 | return GNUTLS_E_INVALID_REQUEST; | ||
267 | } | ||
268 | |||
269 | *alg = | ||
270 | MHD_gnutls_calloc (1, sizeof (enum MHD_GNUTLS_KeyExchangeAlgorithm) * i); | ||
271 | if (*alg == NULL) | ||
272 | return GNUTLS_E_MEMORY_ERROR; | ||
273 | |||
274 | *alg_size = i; | ||
275 | |||
276 | memcpy (*alg, kxlist, i * sizeof (enum MHD_GNUTLS_KeyExchangeAlgorithm)); | ||
277 | |||
278 | return 0; | ||
279 | } | ||
280 | |||
281 | |||
282 | |||
283 | int | ||
284 | MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert, | ||
285 | enum MHD_GNUTLS_CertificateType type, | ||
286 | const MHD_gnutls_datum_t * raw_cert, | ||
287 | int flags /* OR of ConvFlags */ ) | ||
288 | { | ||
289 | switch (type) | ||
290 | { | ||
291 | case MHD_GNUTLS_CRT_X509: | ||
292 | return MHD_gtls_x509_raw_cert_to_gcert (gcert, raw_cert, flags); | ||
293 | default: | ||
294 | MHD_gnutls_assert (); | ||
295 | return GNUTLS_E_INTERNAL_ERROR; | ||
296 | } | ||
297 | } | ||
298 | |||
299 | /* This function will convert a der certificate to a format | ||
300 | * (structure) that gnutls can understand and use. Actually the | ||
301 | * important thing on this function is that it extracts the | ||
302 | * certificate's (public key) parameters. | ||
303 | * | ||
304 | * The noext flag is used to complete the handshake even if the | ||
305 | * extensions found in the certificate are unsupported and critical. | ||
306 | * The critical extensions will be catched by the verification functions. | ||
307 | */ | ||
308 | int | ||
309 | MHD_gtls_x509_raw_cert_to_gcert (MHD_gnutls_cert * gcert, | ||
310 | const MHD_gnutls_datum_t * derCert, | ||
311 | int flags /* OR of ConvFlags */ ) | ||
312 | { | ||
313 | int ret; | ||
314 | MHD_gnutls_x509_crt_t cert; | ||
315 | |||
316 | ret = MHD_gnutls_x509_crt_init (&cert); | ||
317 | if (ret < 0) | ||
318 | { | ||
319 | MHD_gnutls_assert (); | ||
320 | return ret; | ||
321 | } | ||
322 | |||
323 | ret = MHD_gnutls_x509_crt_import (cert, derCert, GNUTLS_X509_FMT_DER); | ||
324 | if (ret < 0) | ||
325 | { | ||
326 | MHD_gnutls_assert (); | ||
327 | MHD_gnutls_x509_crt_deinit (cert); | ||
328 | return ret; | ||
329 | } | ||
330 | |||
331 | ret = MHD_gtls_x509_crt_to_gcert (gcert, cert, flags); | ||
332 | MHD_gnutls_x509_crt_deinit (cert); | ||
333 | |||
334 | return ret; | ||
335 | } | ||
336 | |||
337 | /* Like above but it accepts a parsed certificate instead. | ||
338 | */ | ||
339 | int | ||
340 | MHD_gtls_x509_crt_to_gcert (MHD_gnutls_cert * gcert, | ||
341 | MHD_gnutls_x509_crt_t cert, unsigned int flags) | ||
342 | { | ||
343 | int ret = 0; | ||
344 | |||
345 | memset (gcert, 0, sizeof (MHD_gnutls_cert)); | ||
346 | gcert->cert_type = MHD_GNUTLS_CRT_X509; | ||
347 | |||
348 | if (!(flags & CERT_NO_COPY)) | ||
349 | { | ||
350 | #define SMALL_DER 512 | ||
351 | opaque *der; | ||
352 | size_t der_size = SMALL_DER; | ||
353 | |||
354 | /* initially allocate a bogus size, just in case the certificate | ||
355 | * fits in it. That way we minimize the DER encodings performed. | ||
356 | */ | ||
357 | der = MHD_gnutls_malloc (SMALL_DER); | ||
358 | if (der == NULL) | ||
359 | { | ||
360 | MHD_gnutls_assert (); | ||
361 | return GNUTLS_E_MEMORY_ERROR; | ||
362 | } | ||
363 | |||
364 | ret = | ||
365 | MHD_gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der, | ||
366 | &der_size); | ||
367 | if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) | ||
368 | { | ||
369 | MHD_gnutls_assert (); | ||
370 | MHD_gnutls_free (der); | ||
371 | return ret; | ||
372 | } | ||
373 | |||
374 | if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) | ||
375 | { | ||
376 | der = MHD_gnutls_realloc (der, der_size); | ||
377 | if (der == NULL) | ||
378 | { | ||
379 | MHD_gnutls_assert (); | ||
380 | return GNUTLS_E_MEMORY_ERROR; | ||
381 | } | ||
382 | |||
383 | ret = | ||
384 | MHD_gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der, | ||
385 | &der_size); | ||
386 | if (ret < 0) | ||
387 | { | ||
388 | MHD_gnutls_assert (); | ||
389 | MHD_gnutls_free (der); | ||
390 | return ret; | ||
391 | } | ||
392 | } | ||
393 | |||
394 | gcert->raw.data = der; | ||
395 | gcert->raw.size = der_size; | ||
396 | } | ||
397 | else | ||
398 | /* now we have 0 or a bitwise or of things to decode */ | ||
399 | flags ^= CERT_NO_COPY; | ||
400 | |||
401 | |||
402 | if (flags & CERT_ONLY_EXTENSIONS || flags == 0) | ||
403 | { | ||
404 | MHD_gnutls_x509_crt_get_key_usage (cert, &gcert->key_usage, NULL); | ||
405 | gcert->version = MHD_gnutls_x509_crt_get_version (cert); | ||
406 | } | ||
407 | gcert->subject_pk_algorithm = | ||
408 | MHD_gnutls_x509_crt_get_pk_algorithm (cert, NULL); | ||
409 | |||
410 | if (flags & CERT_ONLY_PUBKEY || flags == 0) | ||
411 | { | ||
412 | gcert->params_size = MAX_PUBLIC_PARAMS_SIZE; | ||
413 | ret = | ||
414 | MHD__gnutls_x509_crt_get_mpis (cert, gcert->params, | ||
415 | &gcert->params_size); | ||
416 | if (ret < 0) | ||
417 | { | ||
418 | MHD_gnutls_assert (); | ||
419 | return ret; | ||
420 | } | ||
421 | } | ||
422 | |||
423 | return 0; | ||
424 | |||
425 | } | ||
426 | |||
427 | void | ||
428 | MHD_gtls_gcert_deinit (MHD_gnutls_cert * cert) | ||
429 | { | ||
430 | int i; | ||
431 | |||
432 | if (cert == NULL) | ||
433 | return; | ||
434 | |||
435 | for (i = 0; i < cert->params_size; i++) | ||
436 | { | ||
437 | MHD_gtls_mpi_release (&cert->params[i]); | ||
438 | } | ||
439 | |||
440 | MHD__gnutls_free_datum (&cert->raw); | ||
441 | } | ||
diff --git a/src/daemon/https/tls/gnutls_cert.h b/src/daemon/https/tls/gnutls_cert.h deleted file mode 100644 index 124ac963..00000000 --- a/src/daemon/https/tls/gnutls_cert.h +++ /dev/null | |||
@@ -1,127 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef GNUTLS_CERT_H | ||
26 | # define GNUTLS_CERT_H | ||
27 | |||
28 | #include <gnutls_pk.h> | ||
29 | #include "x509.h" | ||
30 | |||
31 | #define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */ | ||
32 | |||
33 | /* parameters should not be larger than this limit */ | ||
34 | #define DSA_PUBLIC_PARAMS 4 | ||
35 | #define RSA_PUBLIC_PARAMS 2 | ||
36 | |||
37 | /* For key Usage, test as: | ||
38 | * if (st.key_usage & KEY_DIGITAL_SIGNATURE) ... | ||
39 | */ | ||
40 | #define KEY_DIGITAL_SIGNATURE 128 | ||
41 | #define KEY_NON_REPUDIATION 64 | ||
42 | #define KEY_KEY_ENCIPHERMENT 32 | ||
43 | #define KEY_DATA_ENCIPHERMENT 16 | ||
44 | #define KEY_KEY_AGREEMENT 8 | ||
45 | #define KEY_KEY_CERT_SIGN 4 | ||
46 | #define KEY_CRL_SIGN 2 | ||
47 | #define KEY_ENCIPHER_ONLY 1 | ||
48 | #define KEY_DECIPHER_ONLY 32768 | ||
49 | |||
50 | typedef struct MHD_gnutls_cert | ||
51 | { | ||
52 | mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; /* the size of params depends on the public | ||
53 | * key algorithm | ||
54 | * RSA: [0] is modulus | ||
55 | * [1] is public exponent | ||
56 | * DSA: [0] is p | ||
57 | * [1] is q | ||
58 | * [2] is g | ||
59 | * [3] is public key | ||
60 | */ | ||
61 | int params_size; /* holds the size of MPI params */ | ||
62 | |||
63 | enum MHD_GNUTLS_PublicKeyAlgorithm subject_pk_algorithm; | ||
64 | |||
65 | unsigned int key_usage; /* bits from KEY_* | ||
66 | */ | ||
67 | |||
68 | unsigned int version; | ||
69 | /* holds the type (PGP, X509) | ||
70 | */ | ||
71 | enum MHD_GNUTLS_CertificateType cert_type; | ||
72 | |||
73 | MHD_gnutls_datum_t raw; | ||
74 | |||
75 | } MHD_gnutls_cert; | ||
76 | |||
77 | typedef struct MHD_gnutls_privkey_int | ||
78 | { | ||
79 | mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public | ||
80 | * key algorithm | ||
81 | */ | ||
82 | /* | ||
83 | * RSA: [0] is modulus | ||
84 | * [1] is public exponent | ||
85 | * [2] is private exponent | ||
86 | * [3] is prime1 (p) | ||
87 | * [4] is prime2 (q) | ||
88 | * [5] is coefficient (u == inverse of p mod q) | ||
89 | * DSA: [0] is p | ||
90 | * [1] is q | ||
91 | * [2] is g | ||
92 | * [3] is y (public key) | ||
93 | * [4] is x (private key) | ||
94 | */ | ||
95 | int params_size; /* holds the number of params */ | ||
96 | |||
97 | enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; | ||
98 | } MHD_gnutls_privkey; | ||
99 | |||
100 | struct MHD_gtls_session_int; /* because MHD_gtls_session_t is not defined when this file is included */ | ||
101 | |||
102 | typedef enum ConvFlags | ||
103 | { | ||
104 | CERT_NO_COPY = 2, | ||
105 | CERT_ONLY_PUBKEY = 4, | ||
106 | CERT_ONLY_EXTENSIONS = 16 | ||
107 | } ConvFlags; | ||
108 | |||
109 | int MHD_gtls_x509_raw_cert_to_gcert (MHD_gnutls_cert * gcert, | ||
110 | const MHD_gnutls_datum_t * derCert, | ||
111 | int flags); | ||
112 | int MHD_gtls_x509_crt_to_gcert (MHD_gnutls_cert * gcert, | ||
113 | MHD_gnutls_x509_crt_t cert, | ||
114 | unsigned int flags); | ||
115 | |||
116 | void MHD_gtls_gkey_deinit (MHD_gnutls_privkey * key); | ||
117 | void MHD_gtls_gcert_deinit (MHD_gnutls_cert * cert); | ||
118 | |||
119 | int MHD_gtls_selected_cert_supported_kx (struct MHD_gtls_session_int *session, | ||
120 | enum MHD_GNUTLS_KeyExchangeAlgorithm | ||
121 | **alg, int *alg_size); | ||
122 | |||
123 | int MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert, | ||
124 | enum MHD_GNUTLS_CertificateType type, | ||
125 | const MHD_gnutls_datum_t * raw_cert, | ||
126 | int flags /* OR of ConvFlags */ ); | ||
127 | #endif | ||
diff --git a/src/daemon/https/tls/gnutls_cipher.c b/src/daemon/https/tls/gnutls_cipher.c deleted file mode 100644 index 5004d13c..00000000 --- a/src/daemon/https/tls/gnutls_cipher.c +++ /dev/null | |||
@@ -1,499 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* Some high level functions to be used in the record encryption are | ||
26 | * included here. | ||
27 | */ | ||
28 | |||
29 | #include "gnutls_int.h" | ||
30 | #include "gnutls_errors.h" | ||
31 | #include "gnutls_cipher.h" | ||
32 | #include "gnutls_algorithms.h" | ||
33 | #include "gnutls_hash_int.h" | ||
34 | #include "gnutls_cipher_int.h" | ||
35 | #include "debug.h" | ||
36 | #include "gnutls_num.h" | ||
37 | #include "gnutls_datum.h" | ||
38 | #include "gnutls_kx.h" | ||
39 | #include "gnutls_record.h" | ||
40 | #include "gnutls_constate.h" | ||
41 | #include <gc.h> | ||
42 | |||
43 | /* returns ciphertext which contains the headers too. This also | ||
44 | * calculates the size in the header field. | ||
45 | * | ||
46 | * If random pad != 0 then the random pad data will be appended. | ||
47 | */ | ||
48 | int | ||
49 | MHD_gtls_encrypt (MHD_gtls_session_t session, const opaque * headers, | ||
50 | size_t headers_size, const opaque * data, | ||
51 | size_t data_size, opaque * ciphertext, | ||
52 | size_t ciphertext_size, content_type_t type, int random_pad) | ||
53 | { | ||
54 | MHD_gnutls_datum_t plain; | ||
55 | MHD_gnutls_datum_t comp; | ||
56 | int ret; | ||
57 | int free_comp = 1; | ||
58 | |||
59 | plain.data = (opaque *) data; | ||
60 | plain.size = data_size; | ||
61 | |||
62 | comp = plain; | ||
63 | free_comp = 0; | ||
64 | ret = MHD_gtls_compressed2ciphertext (session, &ciphertext[headers_size], | ||
65 | ciphertext_size - headers_size, | ||
66 | comp, type, random_pad); | ||
67 | |||
68 | if (free_comp) | ||
69 | MHD__gnutls_free_datum (&comp); | ||
70 | |||
71 | if (ret < 0) | ||
72 | { | ||
73 | MHD_gnutls_assert (); | ||
74 | return ret; | ||
75 | } | ||
76 | |||
77 | |||
78 | /* copy the headers */ | ||
79 | memcpy (ciphertext, headers, headers_size); | ||
80 | MHD_gtls_write_uint16 (ret, &ciphertext[3]); | ||
81 | |||
82 | return ret + headers_size; | ||
83 | } | ||
84 | |||
85 | /* Decrypts the given data. | ||
86 | * Returns the decrypted data length. | ||
87 | */ | ||
88 | int | ||
89 | MHD_gtls_decrypt (MHD_gtls_session_t session, opaque * ciphertext, | ||
90 | size_t ciphertext_size, uint8_t * data, | ||
91 | size_t max_data_size, content_type_t type) | ||
92 | { | ||
93 | MHD_gnutls_datum_t gcipher; | ||
94 | |||
95 | if (ciphertext_size == 0) | ||
96 | return 0; | ||
97 | |||
98 | gcipher.size = ciphertext_size; | ||
99 | gcipher.data = ciphertext; | ||
100 | |||
101 | return | ||
102 | MHD_gtls_ciphertext2compressed (session, data, max_data_size, | ||
103 | gcipher, type); | ||
104 | } | ||
105 | |||
106 | inline static mac_hd_t | ||
107 | mac_init (enum MHD_GNUTLS_HashAlgorithm mac, opaque * secret, int secret_size, | ||
108 | int ver) | ||
109 | { | ||
110 | mac_hd_t td; | ||
111 | |||
112 | if (mac == MHD_GNUTLS_MAC_NULL) | ||
113 | return GNUTLS_MAC_FAILED; | ||
114 | |||
115 | if (ver == MHD_GNUTLS_PROTOCOL_SSL3) | ||
116 | { /* SSL 3.0 */ | ||
117 | td = MHD_gnutls_mac_init_ssl3 (mac, secret, secret_size); | ||
118 | } | ||
119 | else | ||
120 | { /* TLS 1.x */ | ||
121 | td = MHD_gtls_MHD_hmac_init (mac, secret, secret_size); | ||
122 | } | ||
123 | |||
124 | return td; | ||
125 | } | ||
126 | |||
127 | inline static void | ||
128 | mac_deinit (mac_hd_t td, opaque * res, int ver) | ||
129 | { | ||
130 | if (ver == MHD_GNUTLS_PROTOCOL_SSL3) | ||
131 | { /* SSL 3.0 */ | ||
132 | MHD_gnutls_mac_deinit_ssl3 (td, res); | ||
133 | } | ||
134 | else | ||
135 | { | ||
136 | MHD_gnutls_MHD_hmac_deinit (td, res); | ||
137 | } | ||
138 | } | ||
139 | |||
140 | inline static int | ||
141 | calc_enc_length (MHD_gtls_session_t session, int data_size, | ||
142 | int hash_size, uint8_t * pad, int random_pad, | ||
143 | cipher_type_t block_algo, uint16_t blocksize) | ||
144 | { | ||
145 | uint8_t rnd; | ||
146 | int length; | ||
147 | |||
148 | *pad = 0; | ||
149 | |||
150 | switch (block_algo) | ||
151 | { | ||
152 | case CIPHER_STREAM: | ||
153 | length = data_size + hash_size; | ||
154 | |||
155 | break; | ||
156 | case CIPHER_BLOCK: | ||
157 | if (MHD_gc_nonce ((char *) &rnd, 1) != GC_OK) | ||
158 | { | ||
159 | MHD_gnutls_assert (); | ||
160 | return GNUTLS_E_RANDOM_FAILED; | ||
161 | } | ||
162 | |||
163 | /* make rnd a multiple of blocksize */ | ||
164 | if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3 || | ||
165 | random_pad == 0) | ||
166 | { | ||
167 | rnd = 0; | ||
168 | } | ||
169 | else | ||
170 | { | ||
171 | rnd = (rnd / blocksize) * blocksize; | ||
172 | /* added to avoid the case of pad calculated 0 | ||
173 | * seen below for pad calculation. | ||
174 | */ | ||
175 | if (rnd > blocksize) | ||
176 | rnd -= blocksize; | ||
177 | } | ||
178 | |||
179 | length = data_size + hash_size; | ||
180 | |||
181 | *pad = (uint8_t) (blocksize - (length % blocksize)) + rnd; | ||
182 | |||
183 | length += *pad; | ||
184 | if (session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1) | ||
185 | length += blocksize; /* for the IV */ | ||
186 | |||
187 | break; | ||
188 | default: | ||
189 | MHD_gnutls_assert (); | ||
190 | return GNUTLS_E_INTERNAL_ERROR; | ||
191 | } | ||
192 | |||
193 | return length; | ||
194 | } | ||
195 | |||
196 | /* This is the actual encryption | ||
197 | * Encrypts the given compressed datum, and puts the result to cipher_data, | ||
198 | * which has cipher_size size. | ||
199 | * return the actual encrypted data length. | ||
200 | */ | ||
201 | int | ||
202 | MHD_gtls_compressed2ciphertext (MHD_gtls_session_t session, | ||
203 | opaque * cipher_data, int cipher_size, | ||
204 | MHD_gnutls_datum_t compressed, | ||
205 | content_type_t _type, int random_pad) | ||
206 | { | ||
207 | uint8_t MAC[MAX_HASH_SIZE]; | ||
208 | uint16_t c_length; | ||
209 | uint8_t pad; | ||
210 | int length, ret; | ||
211 | mac_hd_t td; | ||
212 | uint8_t type = _type; | ||
213 | uint8_t major, minor; | ||
214 | int hash_size = | ||
215 | MHD_gnutls_hash_get_algo_len (session->security_parameters. | ||
216 | write_mac_algorithm); | ||
217 | enum MHD_GNUTLS_Protocol ver; | ||
218 | int blocksize = | ||
219 | MHD_gtls_cipher_get_block_size (session->security_parameters. | ||
220 | write_bulk_cipher_algorithm); | ||
221 | cipher_type_t block_algo = | ||
222 | MHD_gtls_cipher_is_block (session->security_parameters. | ||
223 | write_bulk_cipher_algorithm); | ||
224 | opaque *data_ptr; | ||
225 | |||
226 | |||
227 | ver = MHD__gnutls_protocol_get_version (session); | ||
228 | minor = MHD_gtls_version_get_minor (ver); | ||
229 | major = MHD_gtls_version_get_major (ver); | ||
230 | |||
231 | |||
232 | /* Initialize MAC */ | ||
233 | td = mac_init (session->security_parameters.write_mac_algorithm, | ||
234 | session->connection_state.write_mac_secret.data, | ||
235 | session->connection_state.write_mac_secret.size, ver); | ||
236 | |||
237 | if (td == GNUTLS_MAC_FAILED | ||
238 | && session->security_parameters.write_mac_algorithm != | ||
239 | MHD_GNUTLS_MAC_NULL) | ||
240 | { | ||
241 | MHD_gnutls_assert (); | ||
242 | return GNUTLS_E_INTERNAL_ERROR; | ||
243 | } | ||
244 | |||
245 | c_length = MHD_gtls_conv_uint16 (compressed.size); | ||
246 | |||
247 | if (td != GNUTLS_MAC_FAILED) | ||
248 | { /* actually when the algorithm in not the NULL one */ | ||
249 | MHD_gnutls_hash (td, | ||
250 | UINT64DATA (session->connection_state. | ||
251 | write_sequence_number), 8); | ||
252 | |||
253 | MHD_gnutls_hash (td, &type, 1); | ||
254 | if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0) | ||
255 | { /* TLS 1.0 or higher */ | ||
256 | MHD_gnutls_hash (td, &major, 1); | ||
257 | MHD_gnutls_hash (td, &minor, 1); | ||
258 | } | ||
259 | MHD_gnutls_hash (td, &c_length, 2); | ||
260 | MHD_gnutls_hash (td, compressed.data, compressed.size); | ||
261 | mac_deinit (td, MAC, ver); | ||
262 | } | ||
263 | |||
264 | |||
265 | /* Calculate the encrypted length (padding etc.) | ||
266 | */ | ||
267 | length = | ||
268 | calc_enc_length (session, compressed.size, hash_size, &pad, | ||
269 | random_pad, block_algo, blocksize); | ||
270 | if (length < 0) | ||
271 | { | ||
272 | MHD_gnutls_assert (); | ||
273 | return length; | ||
274 | } | ||
275 | |||
276 | /* copy the encrypted data to cipher_data. | ||
277 | */ | ||
278 | if (cipher_size < length) | ||
279 | { | ||
280 | MHD_gnutls_assert (); | ||
281 | return GNUTLS_E_MEMORY_ERROR; | ||
282 | } | ||
283 | |||
284 | data_ptr = cipher_data; | ||
285 | if (block_algo == CIPHER_BLOCK && | ||
286 | session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1) | ||
287 | { | ||
288 | /* copy the random IV. | ||
289 | */ | ||
290 | if (MHD_gc_nonce ((char *) data_ptr, blocksize) != GC_OK) | ||
291 | { | ||
292 | MHD_gnutls_assert (); | ||
293 | return GNUTLS_E_RANDOM_FAILED; | ||
294 | } | ||
295 | data_ptr += blocksize; | ||
296 | } | ||
297 | |||
298 | memcpy (data_ptr, compressed.data, compressed.size); | ||
299 | data_ptr += compressed.size; | ||
300 | |||
301 | if (hash_size > 0) | ||
302 | { | ||
303 | memcpy (data_ptr, MAC, hash_size); | ||
304 | data_ptr += hash_size; | ||
305 | } | ||
306 | if (block_algo == CIPHER_BLOCK && pad > 0) | ||
307 | { | ||
308 | memset (data_ptr, pad - 1, pad); | ||
309 | } | ||
310 | |||
311 | |||
312 | /* Actual encryption (inplace). | ||
313 | */ | ||
314 | ret = | ||
315 | MHD_gtls_cipher_encrypt (session->connection_state.write_cipher_state, | ||
316 | cipher_data, length); | ||
317 | if (ret < 0) | ||
318 | { | ||
319 | MHD_gnutls_assert (); | ||
320 | return ret; | ||
321 | } | ||
322 | |||
323 | return length; | ||
324 | } | ||
325 | |||
326 | /* Deciphers the ciphertext packet, and puts the result to compress_data, of compress_size. | ||
327 | * Returns the actual compressed packet size. | ||
328 | */ | ||
329 | int | ||
330 | MHD_gtls_ciphertext2compressed (MHD_gtls_session_t session, | ||
331 | opaque * compress_data, | ||
332 | int compress_size, | ||
333 | MHD_gnutls_datum_t ciphertext, uint8_t type) | ||
334 | { | ||
335 | uint8_t MAC[MAX_HASH_SIZE]; | ||
336 | uint16_t c_length; | ||
337 | uint8_t pad; | ||
338 | int length; | ||
339 | mac_hd_t td; | ||
340 | uint16_t blocksize; | ||
341 | int ret, i, pad_failed = 0; | ||
342 | uint8_t major, minor; | ||
343 | enum MHD_GNUTLS_Protocol ver; | ||
344 | int hash_size = | ||
345 | MHD_gnutls_hash_get_algo_len (session->security_parameters. | ||
346 | read_mac_algorithm); | ||
347 | |||
348 | ver = MHD__gnutls_protocol_get_version (session); | ||
349 | minor = MHD_gtls_version_get_minor (ver); | ||
350 | major = MHD_gtls_version_get_major (ver); | ||
351 | |||
352 | blocksize = | ||
353 | MHD_gtls_cipher_get_block_size (session->security_parameters. | ||
354 | read_bulk_cipher_algorithm); | ||
355 | |||
356 | /* initialize MAC | ||
357 | */ | ||
358 | td = mac_init (session->security_parameters.read_mac_algorithm, | ||
359 | session->connection_state.read_mac_secret.data, | ||
360 | session->connection_state.read_mac_secret.size, ver); | ||
361 | |||
362 | if (td == GNUTLS_MAC_FAILED | ||
363 | && session->security_parameters.read_mac_algorithm != | ||
364 | MHD_GNUTLS_MAC_NULL) | ||
365 | { | ||
366 | MHD_gnutls_assert (); | ||
367 | return GNUTLS_E_INTERNAL_ERROR; | ||
368 | } | ||
369 | |||
370 | |||
371 | /* actual decryption (inplace) | ||
372 | */ | ||
373 | switch (MHD_gtls_cipher_is_block | ||
374 | (session->security_parameters.read_bulk_cipher_algorithm)) | ||
375 | { | ||
376 | case CIPHER_STREAM: | ||
377 | if ((ret = | ||
378 | MHD_gtls_cipher_decrypt (session->connection_state. | ||
379 | read_cipher_state, ciphertext.data, | ||
380 | ciphertext.size)) < 0) | ||
381 | { | ||
382 | MHD_gnutls_assert (); | ||
383 | return ret; | ||
384 | } | ||
385 | |||
386 | length = ciphertext.size - hash_size; | ||
387 | |||
388 | break; | ||
389 | case CIPHER_BLOCK: | ||
390 | if ((ciphertext.size < blocksize) || (ciphertext.size % blocksize != 0)) | ||
391 | { | ||
392 | MHD_gnutls_assert (); | ||
393 | return GNUTLS_E_DECRYPTION_FAILED; | ||
394 | } | ||
395 | |||
396 | if ((ret = | ||
397 | MHD_gtls_cipher_decrypt (session->connection_state. | ||
398 | read_cipher_state, ciphertext.data, | ||
399 | ciphertext.size)) < 0) | ||
400 | { | ||
401 | MHD_gnutls_assert (); | ||
402 | return ret; | ||
403 | } | ||
404 | |||
405 | /* ignore the IV in TLS 1.1. | ||
406 | */ | ||
407 | if (session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1) | ||
408 | { | ||
409 | ciphertext.size -= blocksize; | ||
410 | ciphertext.data += blocksize; | ||
411 | |||
412 | if (ciphertext.size == 0) | ||
413 | { | ||
414 | MHD_gnutls_assert (); | ||
415 | return GNUTLS_E_DECRYPTION_FAILED; | ||
416 | } | ||
417 | } | ||
418 | |||
419 | pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */ | ||
420 | |||
421 | length = ciphertext.size - hash_size - pad; | ||
422 | |||
423 | if (pad > ciphertext.size - hash_size) | ||
424 | { | ||
425 | MHD_gnutls_assert (); | ||
426 | /* We do not fail here. We check below for the | ||
427 | * the pad_failed. If zero means success. | ||
428 | */ | ||
429 | pad_failed = GNUTLS_E_DECRYPTION_FAILED; | ||
430 | } | ||
431 | |||
432 | /* Check the pading bytes (TLS 1.x) | ||
433 | */ | ||
434 | if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0 && pad_failed == 0) | ||
435 | for (i = 2; i < pad; i++) | ||
436 | { | ||
437 | if (ciphertext.data[ciphertext.size - i] != | ||
438 | ciphertext.data[ciphertext.size - 1]) | ||
439 | pad_failed = GNUTLS_E_DECRYPTION_FAILED; | ||
440 | } | ||
441 | break; | ||
442 | default: | ||
443 | MHD_gnutls_assert (); | ||
444 | return GNUTLS_E_INTERNAL_ERROR; | ||
445 | } | ||
446 | |||
447 | if (length < 0) | ||
448 | length = 0; | ||
449 | c_length = MHD_gtls_conv_uint16 ((uint16_t) length); | ||
450 | |||
451 | /* Pass the type, version, length and compressed through | ||
452 | * MAC. | ||
453 | */ | ||
454 | if (td != GNUTLS_MAC_FAILED) | ||
455 | { | ||
456 | MHD_gnutls_hash (td, | ||
457 | UINT64DATA (session->connection_state. | ||
458 | read_sequence_number), 8); | ||
459 | |||
460 | MHD_gnutls_hash (td, &type, 1); | ||
461 | if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0) | ||
462 | { /* TLS 1.x */ | ||
463 | MHD_gnutls_hash (td, &major, 1); | ||
464 | MHD_gnutls_hash (td, &minor, 1); | ||
465 | } | ||
466 | MHD_gnutls_hash (td, &c_length, 2); | ||
467 | |||
468 | if (length > 0) | ||
469 | MHD_gnutls_hash (td, ciphertext.data, length); | ||
470 | |||
471 | mac_deinit (td, MAC, ver); | ||
472 | } | ||
473 | |||
474 | /* This one was introduced to avoid a timing attack against the TLS | ||
475 | * 1.0 protocol. | ||
476 | */ | ||
477 | if (pad_failed != 0) | ||
478 | return pad_failed; | ||
479 | |||
480 | /* HMAC was not the same. | ||
481 | */ | ||
482 | if ( (td != GNUTLS_MAC_FAILED) && | ||
483 | (memcmp (MAC, &ciphertext.data[length], hash_size) != 0) ) | ||
484 | { | ||
485 | MHD_gnutls_assert (); | ||
486 | return GNUTLS_E_DECRYPTION_FAILED; | ||
487 | } | ||
488 | |||
489 | /* copy the decrypted stuff to compress_data. | ||
490 | */ | ||
491 | if (compress_size < length) | ||
492 | { | ||
493 | MHD_gnutls_assert (); | ||
494 | return GNUTLS_E_DECOMPRESSION_FAILED; | ||
495 | } | ||
496 | memcpy (compress_data, ciphertext.data, length); | ||
497 | |||
498 | return length; | ||
499 | } | ||
diff --git a/src/daemon/https/tls/gnutls_cipher.h b/src/daemon/https/tls/gnutls_cipher.h deleted file mode 100644 index b8dc0070..00000000 --- a/src/daemon/https/tls/gnutls_cipher.h +++ /dev/null | |||
@@ -1,41 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | int MHD_gtls_encrypt (MHD_gtls_session_t session, const opaque * headers, | ||
26 | size_t headers_size, const opaque * data, | ||
27 | size_t data_size, opaque * ciphertext, | ||
28 | size_t ciphertext_size, content_type_t type, | ||
29 | int random_pad); | ||
30 | |||
31 | int MHD_gtls_decrypt (MHD_gtls_session_t session, opaque * ciphertext, | ||
32 | size_t ciphertext_size, uint8_t * data, | ||
33 | size_t data_size, content_type_t type); | ||
34 | int MHD_gtls_compressed2ciphertext (MHD_gtls_session_t session, | ||
35 | opaque * cipher_data, int cipher_size, | ||
36 | MHD_gnutls_datum_t compressed, | ||
37 | content_type_t _type, int random_pad); | ||
38 | int MHD_gtls_ciphertext2compressed (MHD_gtls_session_t session, | ||
39 | opaque * compress_data, int compress_size, | ||
40 | MHD_gnutls_datum_t ciphertext, | ||
41 | uint8_t type); | ||
diff --git a/src/daemon/https/tls/gnutls_cipher_int.c b/src/daemon/https/tls/gnutls_cipher_int.c deleted file mode 100644 index 7349436a..00000000 --- a/src/daemon/https/tls/gnutls_cipher_int.c +++ /dev/null | |||
@@ -1,109 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | #include <gnutls_errors.h> | ||
27 | #include <gnutls_cipher_int.h> | ||
28 | #include <gnutls_datum.h> | ||
29 | |||
30 | cipher_hd_t | ||
31 | MHD_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher, | ||
32 | const MHD_gnutls_datum_t * key, | ||
33 | const MHD_gnutls_datum_t * iv) | ||
34 | { | ||
35 | cipher_hd_t ret = NULL; | ||
36 | int err = GC_INVALID_CIPHER; /* doesn't matter */ | ||
37 | |||
38 | switch (cipher) | ||
39 | { | ||
40 | case MHD_GNUTLS_CIPHER_AES_128_CBC: | ||
41 | err = MHD_gc_cipher_open (GC_AES128, GC_CBC, &ret); | ||
42 | break; | ||
43 | case MHD_GNUTLS_CIPHER_AES_256_CBC: | ||
44 | err = MHD_gc_cipher_open (GC_AES256, GC_CBC, &ret); | ||
45 | break; | ||
46 | case MHD_GNUTLS_CIPHER_3DES_CBC: | ||
47 | err = MHD_gc_cipher_open (GC_3DES, GC_CBC, &ret); | ||
48 | break; | ||
49 | case MHD_GNUTLS_CIPHER_ARCFOUR_128: | ||
50 | err = MHD_gc_cipher_open (GC_ARCFOUR128, GC_STREAM, &ret); | ||
51 | break; | ||
52 | default: | ||
53 | return NULL; | ||
54 | } | ||
55 | |||
56 | if (err == 0) | ||
57 | { | ||
58 | MHD_gc_cipher_setkey (ret, key->size, (const char *) key->data); | ||
59 | if (iv->data != NULL && iv->size > 0) | ||
60 | MHD_gc_cipher_setiv (ret, iv->size, (const char *) iv->data); | ||
61 | } | ||
62 | else if (cipher != MHD_GNUTLS_CIPHER_NULL) | ||
63 | { | ||
64 | MHD_gnutls_assert (); | ||
65 | MHD__gnutls_x509_log ("Crypto cipher[%d] error: %d\n", cipher, err); | ||
66 | /* FIXME: MHD_gc_strerror */ | ||
67 | } | ||
68 | |||
69 | return ret; | ||
70 | } | ||
71 | |||
72 | int | ||
73 | MHD_gtls_cipher_encrypt (cipher_hd_t handle, void *text, int textlen) | ||
74 | { | ||
75 | if (handle != GNUTLS_CIPHER_FAILED) | ||
76 | { | ||
77 | if (MHD_gc_cipher_encrypt_inline (handle, textlen, text) != 0) | ||
78 | { | ||
79 | MHD_gnutls_assert (); | ||
80 | return GNUTLS_E_INTERNAL_ERROR; | ||
81 | } | ||
82 | } | ||
83 | return 0; | ||
84 | } | ||
85 | |||
86 | int | ||
87 | MHD_gtls_cipher_decrypt (cipher_hd_t handle, void *ciphertext, | ||
88 | int ciphertextlen) | ||
89 | { | ||
90 | if (handle != GNUTLS_CIPHER_FAILED) | ||
91 | { | ||
92 | if (MHD_gc_cipher_decrypt_inline (handle, ciphertextlen, ciphertext) != | ||
93 | 0) | ||
94 | { | ||
95 | MHD_gnutls_assert (); | ||
96 | return GNUTLS_E_INTERNAL_ERROR; | ||
97 | } | ||
98 | } | ||
99 | return 0; | ||
100 | } | ||
101 | |||
102 | void | ||
103 | MHD_gnutls_cipher_deinit (cipher_hd_t handle) | ||
104 | { | ||
105 | if (handle != GNUTLS_CIPHER_FAILED) | ||
106 | { | ||
107 | MHD_gc_cipher_close (handle); | ||
108 | } | ||
109 | } | ||
diff --git a/src/daemon/https/tls/gnutls_cipher_int.h b/src/daemon/https/tls/gnutls_cipher_int.h deleted file mode 100644 index f00f945f..00000000 --- a/src/daemon/https/tls/gnutls_cipher_int.h +++ /dev/null | |||
@@ -1,43 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef GNUTLS_CIPHER_INT | ||
26 | # define GNUTLS_CIPHER_INT | ||
27 | |||
28 | #define cipher_hd_t MHD_gc_cipher_handle | ||
29 | #define GNUTLS_CIPHER_FAILED NULL | ||
30 | |||
31 | // TODO MHD_gc_cipher_handle -> void * x3 | ||
32 | void *MHD_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher, | ||
33 | const MHD_gnutls_datum_t * key, | ||
34 | const MHD_gnutls_datum_t * iv); | ||
35 | |||
36 | int MHD_gtls_cipher_encrypt (void *handle, void *text, int textlen); | ||
37 | |||
38 | int MHD_gtls_cipher_decrypt (void *handle, | ||
39 | void *ciphertext, int ciphertextlen); | ||
40 | |||
41 | void MHD_gnutls_cipher_deinit (void *handle); | ||
42 | |||
43 | #endif /* GNUTLS_CIPHER_INT */ | ||
diff --git a/src/daemon/https/tls/gnutls_constate.c b/src/daemon/https/tls/gnutls_constate.c deleted file mode 100644 index 845abfe9..00000000 --- a/src/daemon/https/tls/gnutls_constate.c +++ /dev/null | |||
@@ -1,999 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* Functions that are supposed to run after the handshake procedure is | ||
26 | * finished. These functions activate the established security parameters. | ||
27 | */ | ||
28 | |||
29 | #include "MHD_config.h" | ||
30 | #include <gnutls_int.h> | ||
31 | #include <gnutls_constate.h> | ||
32 | #include <gnutls_errors.h> | ||
33 | #include <gnutls_kx.h> | ||
34 | #include <gnutls_algorithms.h> | ||
35 | #include <gnutls_num.h> | ||
36 | #include <gnutls_datum.h> | ||
37 | #include <gnutls_state.h> | ||
38 | |||
39 | static const char keyexp[] = "key expansion"; | ||
40 | static const int keyexp_length = sizeof (keyexp) - 1; | ||
41 | |||
42 | static const char ivblock[] = "IV block"; | ||
43 | static const int ivblock_length = sizeof (ivblock) - 1; | ||
44 | |||
45 | static const char cliwrite[] = "client write key"; | ||
46 | static const int cliwrite_length = sizeof (cliwrite) - 1; | ||
47 | |||
48 | static const char servwrite[] = "server write key"; | ||
49 | static const int servwrite_length = sizeof (servwrite) - 1; | ||
50 | |||
51 | #define EXPORT_FINAL_KEY_SIZE 16 | ||
52 | |||
53 | /* This function is to be called after handshake, when master_secret, | ||
54 | * client_random and server_random have been initialized. | ||
55 | * This function creates the keys and stores them into pending session. | ||
56 | * (session->cipher_specs) | ||
57 | */ | ||
58 | int | ||
59 | MHD__gnutls_set_keys (MHD_gtls_session_t session, int hash_size, int IV_size, | ||
60 | int key_size, int export_flag) | ||
61 | { | ||
62 | opaque *key_block; | ||
63 | opaque rnd[2 * TLS_RANDOM_SIZE]; | ||
64 | opaque rrnd[2 * TLS_RANDOM_SIZE]; | ||
65 | int pos, ret; | ||
66 | int block_size; | ||
67 | char buf[65]; | ||
68 | |||
69 | if (session->cipher_specs.generated_keys != 0) | ||
70 | { | ||
71 | /* keys have already been generated. | ||
72 | * reset generated_keys and exit normally. | ||
73 | */ | ||
74 | session->cipher_specs.generated_keys = 0; | ||
75 | return 0; | ||
76 | } | ||
77 | |||
78 | block_size = 2 * hash_size + 2 * key_size; | ||
79 | if (export_flag == 0) | ||
80 | block_size += 2 * IV_size; | ||
81 | |||
82 | key_block = MHD_gnutls_secure_malloc (block_size); | ||
83 | if (key_block == NULL) | ||
84 | { | ||
85 | MHD_gnutls_assert (); | ||
86 | return GNUTLS_E_MEMORY_ERROR; | ||
87 | } | ||
88 | |||
89 | memcpy (rnd, session->security_parameters.server_random, TLS_RANDOM_SIZE); | ||
90 | memcpy (&rnd[TLS_RANDOM_SIZE], | ||
91 | session->security_parameters.client_random, TLS_RANDOM_SIZE); | ||
92 | |||
93 | memcpy (rrnd, session->security_parameters.client_random, TLS_RANDOM_SIZE); | ||
94 | memcpy (&rrnd[TLS_RANDOM_SIZE], | ||
95 | session->security_parameters.server_random, TLS_RANDOM_SIZE); | ||
96 | |||
97 | if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3) | ||
98 | { /* SSL 3 */ | ||
99 | ret = | ||
100 | MHD_gnutls_ssl3_generate_random | ||
101 | (session->security_parameters.master_secret, TLS_MASTER_SIZE, rnd, | ||
102 | 2 * TLS_RANDOM_SIZE, block_size, key_block); | ||
103 | } | ||
104 | else | ||
105 | { /* TLS 1.0 */ | ||
106 | ret = | ||
107 | MHD_gtls_PRF (session, | ||
108 | (const unsigned char *) session-> | ||
109 | security_parameters.master_secret, TLS_MASTER_SIZE, | ||
110 | keyexp, keyexp_length, rnd, 2 * TLS_RANDOM_SIZE, | ||
111 | block_size, key_block); | ||
112 | } | ||
113 | |||
114 | if (ret < 0) | ||
115 | { | ||
116 | MHD_gnutls_assert (); | ||
117 | MHD_gnutls_free (key_block); | ||
118 | return ret; | ||
119 | } | ||
120 | |||
121 | MHD__gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size, | ||
122 | MHD_gtls_bin2hex (key_block, block_size, buf, | ||
123 | sizeof (buf))); | ||
124 | |||
125 | pos = 0; | ||
126 | if (hash_size > 0) | ||
127 | { | ||
128 | if (MHD__gnutls_sset_datum | ||
129 | (&session->cipher_specs.client_write_mac_secret, | ||
130 | &key_block[pos], hash_size) < 0) | ||
131 | { | ||
132 | MHD_gnutls_free (key_block); | ||
133 | return GNUTLS_E_MEMORY_ERROR; | ||
134 | } | ||
135 | pos += hash_size; | ||
136 | |||
137 | if (MHD__gnutls_sset_datum | ||
138 | (&session->cipher_specs.server_write_mac_secret, | ||
139 | &key_block[pos], hash_size) < 0) | ||
140 | { | ||
141 | MHD_gnutls_free (key_block); | ||
142 | return GNUTLS_E_MEMORY_ERROR; | ||
143 | } | ||
144 | pos += hash_size; | ||
145 | } | ||
146 | |||
147 | if (key_size > 0) | ||
148 | { | ||
149 | opaque *client_write_key, *server_write_key; | ||
150 | int client_write_key_size, server_write_key_size; | ||
151 | int free_keys = 0; | ||
152 | |||
153 | if (export_flag == 0) | ||
154 | { | ||
155 | client_write_key = &key_block[pos]; | ||
156 | client_write_key_size = key_size; | ||
157 | |||
158 | pos += key_size; | ||
159 | |||
160 | server_write_key = &key_block[pos]; | ||
161 | server_write_key_size = key_size; | ||
162 | |||
163 | pos += key_size; | ||
164 | |||
165 | } | ||
166 | else | ||
167 | { /* export */ | ||
168 | free_keys = 1; | ||
169 | |||
170 | client_write_key = MHD_gnutls_secure_malloc (EXPORT_FINAL_KEY_SIZE); | ||
171 | if (client_write_key == NULL) | ||
172 | { | ||
173 | MHD_gnutls_assert (); | ||
174 | MHD_gnutls_free (key_block); | ||
175 | return GNUTLS_E_MEMORY_ERROR; | ||
176 | } | ||
177 | |||
178 | server_write_key = MHD_gnutls_secure_malloc (EXPORT_FINAL_KEY_SIZE); | ||
179 | if (server_write_key == NULL) | ||
180 | { | ||
181 | MHD_gnutls_assert (); | ||
182 | MHD_gnutls_free (key_block); | ||
183 | MHD_gnutls_free (client_write_key); | ||
184 | return GNUTLS_E_MEMORY_ERROR; | ||
185 | } | ||
186 | |||
187 | /* generate the final keys */ | ||
188 | |||
189 | if (session->security_parameters.version == | ||
190 | MHD_GNUTLS_PROTOCOL_SSL3) | ||
191 | { /* SSL 3 */ | ||
192 | ret = | ||
193 | MHD_gnutls_ssl3_hash_md5 (&key_block[pos], | ||
194 | key_size, rrnd, | ||
195 | 2 * TLS_RANDOM_SIZE, | ||
196 | EXPORT_FINAL_KEY_SIZE, | ||
197 | client_write_key); | ||
198 | |||
199 | } | ||
200 | else | ||
201 | { /* TLS 1.0 */ | ||
202 | ret = | ||
203 | MHD_gtls_PRF (session, &key_block[pos], key_size, | ||
204 | cliwrite, cliwrite_length, | ||
205 | rrnd, | ||
206 | 2 * TLS_RANDOM_SIZE, | ||
207 | EXPORT_FINAL_KEY_SIZE, client_write_key); | ||
208 | } | ||
209 | |||
210 | if (ret < 0) | ||
211 | { | ||
212 | MHD_gnutls_assert (); | ||
213 | MHD_gnutls_free (key_block); | ||
214 | MHD_gnutls_free (server_write_key); | ||
215 | MHD_gnutls_free (client_write_key); | ||
216 | return ret; | ||
217 | } | ||
218 | |||
219 | client_write_key_size = EXPORT_FINAL_KEY_SIZE; | ||
220 | pos += key_size; | ||
221 | |||
222 | if (session->security_parameters.version == | ||
223 | MHD_GNUTLS_PROTOCOL_SSL3) | ||
224 | { /* SSL 3 */ | ||
225 | ret = | ||
226 | MHD_gnutls_ssl3_hash_md5 (&key_block[pos], key_size, | ||
227 | rnd, 2 * TLS_RANDOM_SIZE, | ||
228 | EXPORT_FINAL_KEY_SIZE, | ||
229 | server_write_key); | ||
230 | } | ||
231 | else | ||
232 | { /* TLS 1.0 */ | ||
233 | ret = | ||
234 | MHD_gtls_PRF (session, &key_block[pos], key_size, | ||
235 | servwrite, servwrite_length, | ||
236 | rrnd, 2 * TLS_RANDOM_SIZE, | ||
237 | EXPORT_FINAL_KEY_SIZE, server_write_key); | ||
238 | } | ||
239 | |||
240 | if (ret < 0) | ||
241 | { | ||
242 | MHD_gnutls_assert (); | ||
243 | MHD_gnutls_free (key_block); | ||
244 | MHD_gnutls_free (server_write_key); | ||
245 | MHD_gnutls_free (client_write_key); | ||
246 | return ret; | ||
247 | } | ||
248 | |||
249 | server_write_key_size = EXPORT_FINAL_KEY_SIZE; | ||
250 | pos += key_size; | ||
251 | } | ||
252 | |||
253 | if (MHD__gnutls_sset_datum | ||
254 | (&session->cipher_specs.client_write_key, | ||
255 | client_write_key, client_write_key_size) < 0) | ||
256 | { | ||
257 | MHD_gnutls_free (key_block); | ||
258 | MHD_gnutls_free (server_write_key); | ||
259 | MHD_gnutls_free (client_write_key); | ||
260 | return GNUTLS_E_MEMORY_ERROR; | ||
261 | } | ||
262 | MHD__gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n", | ||
263 | client_write_key_size, | ||
264 | MHD_gtls_bin2hex (client_write_key, | ||
265 | client_write_key_size, buf, | ||
266 | sizeof (buf))); | ||
267 | |||
268 | if (MHD__gnutls_sset_datum | ||
269 | (&session->cipher_specs.server_write_key, | ||
270 | server_write_key, server_write_key_size) < 0) | ||
271 | { | ||
272 | MHD_gnutls_free (key_block); | ||
273 | MHD_gnutls_free (server_write_key); | ||
274 | MHD_gnutls_free (client_write_key); | ||
275 | return GNUTLS_E_MEMORY_ERROR; | ||
276 | } | ||
277 | |||
278 | MHD__gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n", | ||
279 | server_write_key_size, | ||
280 | MHD_gtls_bin2hex (server_write_key, | ||
281 | server_write_key_size, buf, | ||
282 | sizeof (buf))); | ||
283 | |||
284 | if (free_keys != 0) | ||
285 | { | ||
286 | MHD_gnutls_free (server_write_key); | ||
287 | MHD_gnutls_free (client_write_key); | ||
288 | } | ||
289 | } | ||
290 | |||
291 | |||
292 | /* IV generation in export and non export ciphers. | ||
293 | */ | ||
294 | if (IV_size > 0 && export_flag == 0) | ||
295 | { | ||
296 | if (MHD__gnutls_sset_datum | ||
297 | (&session->cipher_specs.client_write_IV, &key_block[pos], | ||
298 | IV_size) < 0) | ||
299 | { | ||
300 | MHD_gnutls_free (key_block); | ||
301 | return GNUTLS_E_MEMORY_ERROR; | ||
302 | } | ||
303 | pos += IV_size; | ||
304 | |||
305 | if (MHD__gnutls_sset_datum | ||
306 | (&session->cipher_specs.server_write_IV, &key_block[pos], | ||
307 | IV_size) < 0) | ||
308 | { | ||
309 | MHD_gnutls_free (key_block); | ||
310 | return GNUTLS_E_MEMORY_ERROR; | ||
311 | } | ||
312 | pos += IV_size; | ||
313 | |||
314 | } | ||
315 | else if (IV_size > 0 && export_flag != 0) | ||
316 | { | ||
317 | opaque *iv_block = MHD_gnutls_alloca (IV_size * 2); | ||
318 | if (iv_block == NULL) | ||
319 | { | ||
320 | MHD_gnutls_assert (); | ||
321 | MHD_gnutls_free (key_block); | ||
322 | return GNUTLS_E_MEMORY_ERROR; | ||
323 | } | ||
324 | |||
325 | if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3) | ||
326 | { /* SSL 3 */ | ||
327 | ret = MHD_gnutls_ssl3_hash_md5 ("", 0, | ||
328 | rrnd, TLS_RANDOM_SIZE * 2, | ||
329 | IV_size, iv_block); | ||
330 | |||
331 | if (ret < 0) | ||
332 | { | ||
333 | MHD_gnutls_assert (); | ||
334 | MHD_gnutls_free (key_block); | ||
335 | MHD_gnutls_afree (iv_block); | ||
336 | return ret; | ||
337 | } | ||
338 | |||
339 | ret = MHD_gnutls_ssl3_hash_md5 ("", 0, rnd, | ||
340 | TLS_RANDOM_SIZE * 2, | ||
341 | IV_size, &iv_block[IV_size]); | ||
342 | |||
343 | } | ||
344 | else | ||
345 | { /* TLS 1.0 */ | ||
346 | ret = MHD_gtls_PRF (session, (const unsigned char *) "", 0, | ||
347 | ivblock, ivblock_length, rrnd, | ||
348 | 2 * TLS_RANDOM_SIZE, IV_size * 2, iv_block); | ||
349 | } | ||
350 | |||
351 | if (ret < 0) | ||
352 | { | ||
353 | MHD_gnutls_assert (); | ||
354 | MHD_gnutls_afree (iv_block); | ||
355 | MHD_gnutls_free (key_block); | ||
356 | return ret; | ||
357 | } | ||
358 | |||
359 | if (MHD__gnutls_sset_datum | ||
360 | (&session->cipher_specs.client_write_IV, iv_block, IV_size) < 0) | ||
361 | { | ||
362 | MHD_gnutls_afree (iv_block); | ||
363 | MHD_gnutls_free (key_block); | ||
364 | return GNUTLS_E_MEMORY_ERROR; | ||
365 | } | ||
366 | |||
367 | if (MHD__gnutls_sset_datum | ||
368 | (&session->cipher_specs.server_write_IV, | ||
369 | &iv_block[IV_size], IV_size) < 0) | ||
370 | { | ||
371 | MHD_gnutls_afree (iv_block); | ||
372 | MHD_gnutls_free (key_block); | ||
373 | return GNUTLS_E_MEMORY_ERROR; | ||
374 | } | ||
375 | |||
376 | MHD_gnutls_afree (iv_block); | ||
377 | } | ||
378 | |||
379 | MHD_gnutls_free (key_block); | ||
380 | |||
381 | session->cipher_specs.generated_keys = 1; | ||
382 | |||
383 | return 0; | ||
384 | } | ||
385 | |||
386 | int | ||
387 | MHD__gnutls_set_read_keys (MHD_gtls_session_t session) | ||
388 | { | ||
389 | int hash_size; | ||
390 | int IV_size; | ||
391 | int key_size, export_flag; | ||
392 | enum MHD_GNUTLS_CipherAlgorithm algo; | ||
393 | enum MHD_GNUTLS_HashAlgorithm mac_algo; | ||
394 | |||
395 | mac_algo = session->security_parameters.read_mac_algorithm; | ||
396 | algo = session->security_parameters.read_bulk_cipher_algorithm; | ||
397 | |||
398 | hash_size = MHD_gnutls_hash_get_algo_len (mac_algo); | ||
399 | IV_size = MHD_gtls_cipher_get_iv_size (algo); | ||
400 | key_size = MHD__gnutls_cipher_get_key_size (algo); | ||
401 | export_flag = MHD_gtls_cipher_get_export_flag (algo); | ||
402 | |||
403 | return MHD__gnutls_set_keys (session, hash_size, IV_size, key_size, | ||
404 | export_flag); | ||
405 | } | ||
406 | |||
407 | int | ||
408 | MHD__gnutls_set_write_keys (MHD_gtls_session_t session) | ||
409 | { | ||
410 | int hash_size; | ||
411 | int IV_size; | ||
412 | int key_size, export_flag; | ||
413 | enum MHD_GNUTLS_CipherAlgorithm algo; | ||
414 | enum MHD_GNUTLS_HashAlgorithm mac_algo; | ||
415 | |||
416 | mac_algo = session->security_parameters.write_mac_algorithm; | ||
417 | algo = session->security_parameters.write_bulk_cipher_algorithm; | ||
418 | |||
419 | hash_size = MHD_gnutls_hash_get_algo_len (mac_algo); | ||
420 | IV_size = MHD_gtls_cipher_get_iv_size (algo); | ||
421 | key_size = MHD__gnutls_cipher_get_key_size (algo); | ||
422 | export_flag = MHD_gtls_cipher_get_export_flag (algo); | ||
423 | |||
424 | return MHD__gnutls_set_keys (session, hash_size, IV_size, key_size, | ||
425 | export_flag); | ||
426 | } | ||
427 | |||
428 | #define CPY_COMMON dst->entity = src->entity; \ | ||
429 | dst->kx_algorithm = src->kx_algorithm; \ | ||
430 | memcpy( &dst->current_cipher_suite, &src->current_cipher_suite, sizeof(cipher_suite_st)); \ | ||
431 | memcpy( dst->master_secret, src->master_secret, TLS_MASTER_SIZE); \ | ||
432 | memcpy( dst->client_random, src->client_random, TLS_RANDOM_SIZE); \ | ||
433 | memcpy( dst->server_random, src->server_random, TLS_RANDOM_SIZE); \ | ||
434 | memcpy( dst->session_id, src->session_id, TLS_MAX_SESSION_ID_SIZE); \ | ||
435 | dst->session_id_size = src->session_id_size; \ | ||
436 | dst->cert_type = src->cert_type; \ | ||
437 | dst->timestamp = src->timestamp; \ | ||
438 | dst->max_record_recv_size = src->max_record_recv_size; \ | ||
439 | dst->max_record_send_size = src->max_record_send_size; \ | ||
440 | dst->version = src->version; \ | ||
441 | memcpy( &dst->extensions, &src->extensions, sizeof(MHD_gtls_ext_st)); \ | ||
442 | memcpy( &dst->inner_secret, &src->inner_secret, TLS_MASTER_SIZE); | ||
443 | |||
444 | static void | ||
445 | MHD__gnutls_cpy_read_security_parameters (MHD_gtls_security_param_st * | ||
446 | dst, | ||
447 | MHD_gtls_security_param_st * src) | ||
448 | { | ||
449 | CPY_COMMON; | ||
450 | |||
451 | dst->read_bulk_cipher_algorithm = src->read_bulk_cipher_algorithm; | ||
452 | dst->read_mac_algorithm = src->read_mac_algorithm; | ||
453 | dst->read_compression_algorithm = src->read_compression_algorithm; | ||
454 | } | ||
455 | |||
456 | static void | ||
457 | MHD__gnutls_cpy_write_security_parameters (MHD_gtls_security_param_st * | ||
458 | dst, | ||
459 | MHD_gtls_security_param_st * src) | ||
460 | { | ||
461 | CPY_COMMON; | ||
462 | |||
463 | dst->write_bulk_cipher_algorithm = src->write_bulk_cipher_algorithm; | ||
464 | dst->write_mac_algorithm = src->write_mac_algorithm; | ||
465 | dst->write_compression_algorithm = src->write_compression_algorithm; | ||
466 | } | ||
467 | |||
468 | /* Sets the current connection session to conform with the | ||
469 | * Security parameters(pending session), and initializes encryption. | ||
470 | * Actually it initializes and starts encryption ( so it needs | ||
471 | * secrets and random numbers to have been negotiated) | ||
472 | * This is to be called after sending the Change Cipher Spec packet. | ||
473 | */ | ||
474 | int | ||
475 | MHD_gtls_connection_state_init (MHD_gtls_session_t session) | ||
476 | { | ||
477 | int ret; | ||
478 | |||
479 | /* Setup the master secret | ||
480 | */ | ||
481 | if ((ret = MHD_gtls_generate_master (session, 0), 0) < 0) | ||
482 | { | ||
483 | MHD_gnutls_assert (); | ||
484 | return ret; | ||
485 | } | ||
486 | |||
487 | |||
488 | return 0; | ||
489 | } | ||
490 | |||
491 | |||
492 | /* Initializes the read connection session | ||
493 | * (read encrypted data) | ||
494 | */ | ||
495 | int | ||
496 | MHD_gtls_read_connection_state_init (MHD_gtls_session_t session) | ||
497 | { | ||
498 | int mac_size; | ||
499 | int rc; | ||
500 | |||
501 | MHD__gnutls_uint64zero (session->connection_state.read_sequence_number); | ||
502 | |||
503 | /* Update internals from CipherSuite selected. | ||
504 | * If we are resuming just copy the connection session | ||
505 | */ | ||
506 | if (session->internals.resumed == RESUME_FALSE) | ||
507 | { | ||
508 | rc = MHD_gtls_set_read_cipher (session, | ||
509 | MHD_gtls_cipher_suite_get_cipher_algo | ||
510 | (&session->security_parameters. | ||
511 | current_cipher_suite)); | ||
512 | if (rc < 0) | ||
513 | return rc; | ||
514 | rc = MHD_gtls_set_read_mac (session, | ||
515 | MHD_gtls_cipher_suite_get_mac_algo | ||
516 | (&session->security_parameters. | ||
517 | current_cipher_suite)); | ||
518 | if (rc < 0) | ||
519 | return rc; | ||
520 | |||
521 | rc = MHD_gtls_set_kx (session, | ||
522 | MHD_gtls_cipher_suite_get_kx_algo | ||
523 | (&session->security_parameters. | ||
524 | current_cipher_suite)); | ||
525 | if (rc < 0) | ||
526 | return rc; | ||
527 | |||
528 | rc = MHD_gtls_set_read_compression (session, | ||
529 | session->internals. | ||
530 | compression_method); | ||
531 | if (rc < 0) | ||
532 | return rc; | ||
533 | } | ||
534 | else | ||
535 | { /* RESUME_TRUE */ | ||
536 | MHD__gnutls_cpy_read_security_parameters (&session->security_parameters, | ||
537 | &session->internals. | ||
538 | resumed_security_parameters); | ||
539 | } | ||
540 | |||
541 | |||
542 | rc = MHD__gnutls_set_read_keys (session); | ||
543 | if (rc < 0) | ||
544 | return rc; | ||
545 | |||
546 | MHD__gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n", | ||
547 | session, | ||
548 | MHD_gtls_cipher_suite_get_name | ||
549 | (&session->security_parameters. | ||
550 | current_cipher_suite)); | ||
551 | |||
552 | if (MHD_gtls_compression_is_ok | ||
553 | (session->security_parameters.read_compression_algorithm) != 0) | ||
554 | { | ||
555 | MHD_gnutls_assert (); | ||
556 | return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; | ||
557 | } | ||
558 | |||
559 | if (MHD_gnutls_mac_is_ok | ||
560 | (session->security_parameters.read_mac_algorithm) != 0) | ||
561 | { | ||
562 | MHD_gnutls_assert (); | ||
563 | return GNUTLS_E_INTERNAL_ERROR; | ||
564 | } | ||
565 | |||
566 | /* Free all the previous keys/ sessions etc. | ||
567 | */ | ||
568 | if (session->connection_state.read_mac_secret.data != NULL) | ||
569 | MHD__gnutls_free_datum (&session->connection_state.read_mac_secret); | ||
570 | |||
571 | if (session->connection_state.read_cipher_state != NULL) | ||
572 | MHD_gnutls_cipher_deinit (session->connection_state.read_cipher_state); | ||
573 | |||
574 | mac_size = | ||
575 | MHD_gnutls_hash_get_algo_len (session->security_parameters. | ||
576 | read_mac_algorithm); | ||
577 | |||
578 | MHD__gnutls_handshake_log | ||
579 | ("HSK[%x]: Initializing internal [read] cipher sessions\n", session); | ||
580 | |||
581 | switch (session->security_parameters.entity) | ||
582 | { | ||
583 | case GNUTLS_SERVER: | ||
584 | /* initialize cipher session | ||
585 | */ | ||
586 | session->connection_state.read_cipher_state = | ||
587 | MHD_gtls_cipher_init (session->security_parameters. | ||
588 | read_bulk_cipher_algorithm, | ||
589 | &session->cipher_specs.client_write_key, | ||
590 | &session->cipher_specs.client_write_IV); | ||
591 | if (session->connection_state.read_cipher_state == GNUTLS_CIPHER_FAILED | ||
592 | && session->security_parameters.read_bulk_cipher_algorithm != | ||
593 | MHD_GNUTLS_CIPHER_NULL) | ||
594 | { | ||
595 | MHD_gnutls_assert (); | ||
596 | return GNUTLS_E_INTERNAL_ERROR; | ||
597 | } | ||
598 | |||
599 | /* copy mac secrets from cipherspecs, to connection | ||
600 | * session. | ||
601 | */ | ||
602 | if (mac_size > 0) | ||
603 | { | ||
604 | if (MHD__gnutls_sset_datum | ||
605 | (&session->connection_state.read_mac_secret, | ||
606 | session->cipher_specs.client_write_mac_secret.data, | ||
607 | session->cipher_specs.client_write_mac_secret.size) < 0) | ||
608 | { | ||
609 | MHD_gnutls_assert (); | ||
610 | return GNUTLS_E_MEMORY_ERROR; | ||
611 | } | ||
612 | |||
613 | } | ||
614 | |||
615 | break; | ||
616 | #if MHD_DEBUG_TLS | ||
617 | case GNUTLS_CLIENT: | ||
618 | session->connection_state.read_cipher_state = | ||
619 | MHD_gtls_cipher_init (session->security_parameters. | ||
620 | read_bulk_cipher_algorithm, | ||
621 | &session->cipher_specs.server_write_key, | ||
622 | &session->cipher_specs.server_write_IV); | ||
623 | |||
624 | if (session->connection_state.read_cipher_state == | ||
625 | GNUTLS_CIPHER_FAILED | ||
626 | && session->security_parameters.read_bulk_cipher_algorithm != | ||
627 | MHD_GNUTLS_CIPHER_NULL) | ||
628 | { | ||
629 | MHD_gnutls_assert (); | ||
630 | return GNUTLS_E_INTERNAL_ERROR; | ||
631 | } | ||
632 | |||
633 | |||
634 | /* copy mac secret to connection session | ||
635 | */ | ||
636 | if (mac_size > 0) | ||
637 | { | ||
638 | if (MHD__gnutls_sset_datum | ||
639 | (&session->connection_state.read_mac_secret, | ||
640 | session->cipher_specs.server_write_mac_secret.data, | ||
641 | session->cipher_specs.server_write_mac_secret.size) < 0) | ||
642 | { | ||
643 | MHD_gnutls_assert (); | ||
644 | return GNUTLS_E_MEMORY_ERROR; | ||
645 | } | ||
646 | } | ||
647 | |||
648 | break; | ||
649 | #endif | ||
650 | default: /* this check is useless */ | ||
651 | MHD_gnutls_assert (); | ||
652 | return GNUTLS_E_INTERNAL_ERROR; | ||
653 | } | ||
654 | |||
655 | return 0; | ||
656 | } | ||
657 | |||
658 | |||
659 | |||
660 | /* Initializes the write connection session | ||
661 | * (write encrypted data) | ||
662 | */ | ||
663 | int | ||
664 | MHD_gtls_write_connection_state_init (MHD_gtls_session_t session) | ||
665 | { | ||
666 | int mac_size; | ||
667 | int rc; | ||
668 | |||
669 | MHD__gnutls_uint64zero (session->connection_state.write_sequence_number); | ||
670 | |||
671 | /* Update internals from CipherSuite selected. | ||
672 | * If we are resuming just copy the connection session | ||
673 | */ | ||
674 | if (session->internals.resumed == RESUME_FALSE) | ||
675 | { | ||
676 | rc = MHD_gtls_set_write_cipher (session, | ||
677 | MHD_gtls_cipher_suite_get_cipher_algo | ||
678 | (&session->security_parameters. | ||
679 | current_cipher_suite)); | ||
680 | if (rc < 0) | ||
681 | return rc; | ||
682 | rc = MHD_gtls_set_write_mac (session, | ||
683 | MHD_gtls_cipher_suite_get_mac_algo | ||
684 | (&session->security_parameters. | ||
685 | current_cipher_suite)); | ||
686 | if (rc < 0) | ||
687 | return rc; | ||
688 | |||
689 | rc = MHD_gtls_set_kx (session, | ||
690 | MHD_gtls_cipher_suite_get_kx_algo | ||
691 | (&session->security_parameters. | ||
692 | current_cipher_suite)); | ||
693 | if (rc < 0) | ||
694 | return rc; | ||
695 | |||
696 | rc = MHD_gtls_set_write_compression (session, | ||
697 | session->internals. | ||
698 | compression_method); | ||
699 | if (rc < 0) | ||
700 | return rc; | ||
701 | } | ||
702 | else | ||
703 | { /* RESUME_TRUE */ | ||
704 | MHD__gnutls_cpy_write_security_parameters | ||
705 | (&session->security_parameters, | ||
706 | &session->internals.resumed_security_parameters); | ||
707 | } | ||
708 | |||
709 | rc = MHD__gnutls_set_write_keys (session); | ||
710 | if (rc < 0) | ||
711 | return rc; | ||
712 | |||
713 | MHD__gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n", session, | ||
714 | MHD_gtls_cipher_suite_get_name | ||
715 | (&session->security_parameters. | ||
716 | current_cipher_suite)); | ||
717 | |||
718 | if (MHD_gtls_compression_is_ok | ||
719 | (session->security_parameters.write_compression_algorithm) != 0) | ||
720 | { | ||
721 | MHD_gnutls_assert (); | ||
722 | return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; | ||
723 | } | ||
724 | |||
725 | if (MHD_gnutls_mac_is_ok | ||
726 | (session->security_parameters.write_mac_algorithm) != 0) | ||
727 | { | ||
728 | MHD_gnutls_assert (); | ||
729 | return GNUTLS_E_INTERNAL_ERROR; | ||
730 | } | ||
731 | |||
732 | |||
733 | |||
734 | /* Free all the previous keys/ sessions etc. | ||
735 | */ | ||
736 | if (session->connection_state.write_mac_secret.data != NULL) | ||
737 | MHD__gnutls_free_datum (&session->connection_state.write_mac_secret); | ||
738 | |||
739 | if (session->connection_state.write_cipher_state != NULL) | ||
740 | MHD_gnutls_cipher_deinit (session->connection_state.write_cipher_state); | ||
741 | |||
742 | mac_size = | ||
743 | MHD_gnutls_hash_get_algo_len (session->security_parameters. | ||
744 | write_mac_algorithm); | ||
745 | |||
746 | MHD__gnutls_handshake_log | ||
747 | ("HSK[%x]: Initializing internal [write] cipher sessions\n", session); | ||
748 | |||
749 | switch (session->security_parameters.entity) | ||
750 | { | ||
751 | case GNUTLS_SERVER: | ||
752 | /* initialize cipher session | ||
753 | */ | ||
754 | session->connection_state.write_cipher_state = | ||
755 | MHD_gtls_cipher_init (session->security_parameters. | ||
756 | write_bulk_cipher_algorithm, | ||
757 | &session->cipher_specs.server_write_key, | ||
758 | &session->cipher_specs.server_write_IV); | ||
759 | |||
760 | if (session->connection_state.write_cipher_state == | ||
761 | GNUTLS_CIPHER_FAILED | ||
762 | && session->security_parameters.write_bulk_cipher_algorithm != | ||
763 | MHD_GNUTLS_CIPHER_NULL) | ||
764 | { | ||
765 | MHD_gnutls_assert (); | ||
766 | return GNUTLS_E_INTERNAL_ERROR; | ||
767 | } | ||
768 | |||
769 | |||
770 | /* copy mac secrets from cipherspecs, to connection | ||
771 | * session. | ||
772 | */ | ||
773 | if (mac_size > 0) | ||
774 | { | ||
775 | if (MHD__gnutls_sset_datum | ||
776 | (&session->connection_state.write_mac_secret, | ||
777 | session->cipher_specs.server_write_mac_secret.data, | ||
778 | session->cipher_specs.server_write_mac_secret.size) < 0) | ||
779 | { | ||
780 | MHD_gnutls_assert (); | ||
781 | return GNUTLS_E_MEMORY_ERROR; | ||
782 | } | ||
783 | |||
784 | } | ||
785 | |||
786 | |||
787 | break; | ||
788 | #if MHD_DEBUG_TLS | ||
789 | case GNUTLS_CLIENT: | ||
790 | session->connection_state.write_cipher_state = | ||
791 | MHD_gtls_cipher_init (session->security_parameters. | ||
792 | write_bulk_cipher_algorithm, | ||
793 | &session->cipher_specs.client_write_key, | ||
794 | &session->cipher_specs.client_write_IV); | ||
795 | |||
796 | if (session->connection_state.write_cipher_state == | ||
797 | GNUTLS_CIPHER_FAILED | ||
798 | && session->security_parameters.write_bulk_cipher_algorithm != | ||
799 | MHD_GNUTLS_CIPHER_NULL) | ||
800 | { | ||
801 | MHD_gnutls_assert (); | ||
802 | return GNUTLS_E_INTERNAL_ERROR; | ||
803 | } | ||
804 | |||
805 | /* copy mac secret to connection session | ||
806 | */ | ||
807 | if (mac_size > 0) | ||
808 | { | ||
809 | if (MHD__gnutls_sset_datum | ||
810 | (&session->connection_state.write_mac_secret, | ||
811 | session->cipher_specs.client_write_mac_secret.data, | ||
812 | session->cipher_specs.client_write_mac_secret.size) < 0) | ||
813 | { | ||
814 | MHD_gnutls_assert (); | ||
815 | return GNUTLS_E_MEMORY_ERROR; | ||
816 | } | ||
817 | } | ||
818 | |||
819 | break; | ||
820 | #endif | ||
821 | default: | ||
822 | MHD_gnutls_assert (); | ||
823 | return GNUTLS_E_INTERNAL_ERROR; | ||
824 | } | ||
825 | |||
826 | |||
827 | return 0; | ||
828 | } | ||
829 | |||
830 | /* Sets the specified cipher into the pending session | ||
831 | */ | ||
832 | int | ||
833 | MHD_gtls_set_read_cipher (MHD_gtls_session_t session, | ||
834 | enum MHD_GNUTLS_CipherAlgorithm algo) | ||
835 | { | ||
836 | |||
837 | if (MHD_gtls_cipher_is_ok (algo) == 0) | ||
838 | { | ||
839 | if (MHD_gtls_cipher_priority (session, algo) < 0) | ||
840 | { | ||
841 | MHD_gnutls_assert (); | ||
842 | return GNUTLS_E_UNWANTED_ALGORITHM; | ||
843 | } | ||
844 | |||
845 | session->security_parameters.read_bulk_cipher_algorithm = algo; | ||
846 | |||
847 | } | ||
848 | else | ||
849 | { | ||
850 | MHD_gnutls_assert (); | ||
851 | return GNUTLS_E_INTERNAL_ERROR; | ||
852 | } | ||
853 | |||
854 | return 0; | ||
855 | |||
856 | } | ||
857 | |||
858 | int | ||
859 | MHD_gtls_set_write_cipher (MHD_gtls_session_t session, | ||
860 | enum MHD_GNUTLS_CipherAlgorithm algo) | ||
861 | { | ||
862 | |||
863 | if (MHD_gtls_cipher_is_ok (algo) == 0) | ||
864 | { | ||
865 | if (MHD_gtls_cipher_priority (session, algo) < 0) | ||
866 | { | ||
867 | MHD_gnutls_assert (); | ||
868 | return GNUTLS_E_UNWANTED_ALGORITHM; | ||
869 | } | ||
870 | |||
871 | session->security_parameters.write_bulk_cipher_algorithm = algo; | ||
872 | |||
873 | } | ||
874 | else | ||
875 | { | ||
876 | MHD_gnutls_assert (); | ||
877 | return GNUTLS_E_INTERNAL_ERROR; | ||
878 | } | ||
879 | |||
880 | return 0; | ||
881 | |||
882 | } | ||
883 | |||
884 | |||
885 | /* Sets the specified algorithm into pending compression session | ||
886 | */ | ||
887 | int | ||
888 | MHD_gtls_set_read_compression (MHD_gtls_session_t session, | ||
889 | enum MHD_GNUTLS_CompressionMethod algo) | ||
890 | { | ||
891 | |||
892 | if (MHD_gtls_compression_is_ok (algo) == 0) | ||
893 | { | ||
894 | session->security_parameters.read_compression_algorithm = algo; | ||
895 | } | ||
896 | else | ||
897 | { | ||
898 | MHD_gnutls_assert (); | ||
899 | return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; | ||
900 | } | ||
901 | return 0; | ||
902 | |||
903 | } | ||
904 | |||
905 | int | ||
906 | MHD_gtls_set_write_compression (MHD_gtls_session_t session, | ||
907 | enum MHD_GNUTLS_CompressionMethod algo) | ||
908 | { | ||
909 | |||
910 | if (MHD_gtls_compression_is_ok (algo) == 0) | ||
911 | { | ||
912 | session->security_parameters.write_compression_algorithm = algo; | ||
913 | } | ||
914 | else | ||
915 | { | ||
916 | MHD_gnutls_assert (); | ||
917 | return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; | ||
918 | } | ||
919 | return 0; | ||
920 | |||
921 | } | ||
922 | |||
923 | /* Sets the specified kx algorithm into pending session | ||
924 | */ | ||
925 | int | ||
926 | MHD_gtls_set_kx (MHD_gtls_session_t session, | ||
927 | enum MHD_GNUTLS_KeyExchangeAlgorithm algo) | ||
928 | { | ||
929 | |||
930 | if (MHD_gtls_kx_is_ok (algo) == 0) | ||
931 | { | ||
932 | session->security_parameters.kx_algorithm = algo; | ||
933 | } | ||
934 | else | ||
935 | { | ||
936 | MHD_gnutls_assert (); | ||
937 | return GNUTLS_E_INTERNAL_ERROR; | ||
938 | } | ||
939 | if (MHD_gtls_kx_priority (session, algo) < 0) | ||
940 | { | ||
941 | MHD_gnutls_assert (); | ||
942 | /* we shouldn't get here */ | ||
943 | return GNUTLS_E_UNWANTED_ALGORITHM; | ||
944 | } | ||
945 | |||
946 | return 0; | ||
947 | |||
948 | } | ||
949 | |||
950 | /* Sets the specified mac algorithm into pending session */ | ||
951 | int | ||
952 | MHD_gtls_set_read_mac (MHD_gtls_session_t session, | ||
953 | enum MHD_GNUTLS_HashAlgorithm algo) | ||
954 | { | ||
955 | |||
956 | if (MHD_gnutls_mac_is_ok (algo) == 0) | ||
957 | { | ||
958 | session->security_parameters.read_mac_algorithm = algo; | ||
959 | } | ||
960 | else | ||
961 | { | ||
962 | MHD_gnutls_assert (); | ||
963 | return GNUTLS_E_INTERNAL_ERROR; | ||
964 | } | ||
965 | if (MHD_gtls_mac_priority (session, algo) < 0) | ||
966 | { | ||
967 | MHD_gnutls_assert (); | ||
968 | return GNUTLS_E_UNWANTED_ALGORITHM; | ||
969 | } | ||
970 | |||
971 | |||
972 | return 0; | ||
973 | |||
974 | } | ||
975 | |||
976 | int | ||
977 | MHD_gtls_set_write_mac (MHD_gtls_session_t session, | ||
978 | enum MHD_GNUTLS_HashAlgorithm algo) | ||
979 | { | ||
980 | |||
981 | if (MHD_gnutls_mac_is_ok (algo) == 0) | ||
982 | { | ||
983 | session->security_parameters.write_mac_algorithm = algo; | ||
984 | } | ||
985 | else | ||
986 | { | ||
987 | MHD_gnutls_assert (); | ||
988 | return GNUTLS_E_INTERNAL_ERROR; | ||
989 | } | ||
990 | if (MHD_gtls_mac_priority (session, algo) < 0) | ||
991 | { | ||
992 | MHD_gnutls_assert (); | ||
993 | return GNUTLS_E_UNWANTED_ALGORITHM; | ||
994 | } | ||
995 | |||
996 | |||
997 | return 0; | ||
998 | |||
999 | } | ||
diff --git a/src/daemon/https/tls/gnutls_constate.h b/src/daemon/https/tls/gnutls_constate.h deleted file mode 100644 index 59b67249..00000000 --- a/src/daemon/https/tls/gnutls_constate.h +++ /dev/null | |||
@@ -1,41 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | int MHD_gtls_connection_state_init (MHD_gtls_session_t session); | ||
26 | int MHD_gtls_read_connection_state_init (MHD_gtls_session_t session); | ||
27 | int MHD_gtls_write_connection_state_init (MHD_gtls_session_t session); | ||
28 | int MHD_gtls_set_write_cipher (MHD_gtls_session_t session, | ||
29 | enum MHD_GNUTLS_CipherAlgorithm algo); | ||
30 | int MHD_gtls_set_write_mac (MHD_gtls_session_t session, | ||
31 | enum MHD_GNUTLS_HashAlgorithm algo); | ||
32 | int MHD_gtls_set_read_cipher (MHD_gtls_session_t session, | ||
33 | enum MHD_GNUTLS_CipherAlgorithm algo); | ||
34 | int MHD_gtls_set_read_mac (MHD_gtls_session_t session, | ||
35 | enum MHD_GNUTLS_HashAlgorithm algo); | ||
36 | int MHD_gtls_set_read_compression (MHD_gtls_session_t session, | ||
37 | enum MHD_GNUTLS_CompressionMethod algo); | ||
38 | int MHD_gtls_set_write_compression (MHD_gtls_session_t session, | ||
39 | enum MHD_GNUTLS_CompressionMethod algo); | ||
40 | int MHD_gtls_set_kx (MHD_gtls_session_t session, | ||
41 | enum MHD_GNUTLS_KeyExchangeAlgorithm algo); | ||
diff --git a/src/daemon/https/tls/gnutls_datum.c b/src/daemon/https/tls/gnutls_datum.c deleted file mode 100644 index 2f03da3b..00000000 --- a/src/daemon/https/tls/gnutls_datum.c +++ /dev/null | |||
@@ -1,82 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* contains functions that make it easier to | ||
26 | * write vectors of <size|data>. The destination size | ||
27 | * should be preallocated (datum.size+(bits/8)) | ||
28 | */ | ||
29 | |||
30 | #include <gnutls_int.h> | ||
31 | #include <gnutls_num.h> | ||
32 | #include <gnutls_datum.h> | ||
33 | #include <gnutls_errors.h> | ||
34 | |||
35 | |||
36 | void | ||
37 | MHD_gtls_write_datum16 (opaque * dest, MHD_gnutls_datum_t dat) | ||
38 | { | ||
39 | MHD_gtls_write_uint16 (dat.size, dest); | ||
40 | if (dat.data != NULL) | ||
41 | memcpy (&dest[2], dat.data, dat.size); | ||
42 | } | ||
43 | |||
44 | void | ||
45 | MHD_gtls_write_datum24 (opaque * dest, MHD_gnutls_datum_t dat) | ||
46 | { | ||
47 | MHD_gtls_write_uint24 (dat.size, dest); | ||
48 | if (dat.data != NULL) | ||
49 | memcpy (&dest[3], dat.data, dat.size); | ||
50 | } | ||
51 | |||
52 | int | ||
53 | MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data, | ||
54 | size_t data_size, MHD_gnutls_alloc_function galloc_func) | ||
55 | { | ||
56 | if (data_size == 0 || data == NULL) | ||
57 | { | ||
58 | dat->data = NULL; | ||
59 | dat->size = 0; | ||
60 | return 0; | ||
61 | } | ||
62 | |||
63 | dat->data = galloc_func (data_size); | ||
64 | if (dat->data == NULL) | ||
65 | return GNUTLS_E_MEMORY_ERROR; | ||
66 | |||
67 | dat->size = data_size; | ||
68 | memcpy (dat->data, data, data_size); | ||
69 | |||
70 | return 0; | ||
71 | } | ||
72 | |||
73 | void | ||
74 | MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat, | ||
75 | MHD_gnutls_free_function gfree_func) | ||
76 | { | ||
77 | if (dat->data != NULL) | ||
78 | gfree_func (dat->data); | ||
79 | |||
80 | dat->data = NULL; | ||
81 | dat->size = 0; | ||
82 | } | ||
diff --git a/src/daemon/https/tls/gnutls_datum.h b/src/daemon/https/tls/gnutls_datum.h deleted file mode 100644 index c6813216..00000000 --- a/src/daemon/https/tls/gnutls_datum.h +++ /dev/null | |||
@@ -1,38 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | #include "gnutls_int.h" | ||
25 | |||
26 | void MHD_gtls_write_datum16 (opaque * dest, MHD_gnutls_datum_t dat); | ||
27 | void MHD_gtls_write_datum24 (opaque * dest, MHD_gnutls_datum_t dat); | ||
28 | |||
29 | int MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data, | ||
30 | size_t data_size, MHD_gnutls_alloc_function); | ||
31 | #define MHD__gnutls_set_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_malloc) | ||
32 | #define MHD__gnutls_sset_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_secure_malloc) | ||
33 | |||
34 | #define MHD__gnutls_datum_append(x,y,z) MHD_gtls_datum_append_m(x,y,z, MHD_gnutls_realloc) | ||
35 | |||
36 | void MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat, | ||
37 | MHD_gnutls_free_function); | ||
38 | #define MHD__gnutls_free_datum(x) MHD_gtls_free_datum_m(x, MHD_gnutls_free) | ||
diff --git a/src/daemon/https/tls/gnutls_dh.c b/src/daemon/https/tls/gnutls_dh.c deleted file mode 100644 index d9dd4344..00000000 --- a/src/daemon/https/tls/gnutls_dh.c +++ /dev/null | |||
@@ -1,162 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | #include <gnutls_errors.h> | ||
27 | |||
28 | |||
29 | /* | ||
30 | --Example-- | ||
31 | you: X = g ^ x mod p; | ||
32 | peer:Y = g ^ y mod p; | ||
33 | |||
34 | your_key = Y ^ x mod p; | ||
35 | his_key = X ^ y mod p; | ||
36 | |||
37 | // generate our secret and the public value (X) for it | ||
38 | X = MHD_gtls_calc_dh_secret(&x, g, p); | ||
39 | // now we can calculate the shared secret | ||
40 | key = MHD_gtls_calc_dh_key(Y, x, g, p); | ||
41 | MHD_gtls_mpi_release(x); | ||
42 | MHD_gtls_mpi_release(g); | ||
43 | */ | ||
44 | |||
45 | #define MAX_BITS 18000 | ||
46 | |||
47 | /* returns the public value (X), and the secret (ret_x). | ||
48 | */ | ||
49 | mpi_t | ||
50 | MHD_gtls_calc_dh_secret (mpi_t * ret_x, mpi_t g, mpi_t prime) | ||
51 | { | ||
52 | mpi_t e, x; | ||
53 | int x_size = MHD__gnutls_mpi_get_nbits (prime) - 1; | ||
54 | /* The size of the secret key is less than | ||
55 | * prime/2 | ||
56 | */ | ||
57 | |||
58 | if (x_size > MAX_BITS || x_size <= 0) | ||
59 | { | ||
60 | MHD_gnutls_assert (); | ||
61 | return NULL; | ||
62 | } | ||
63 | |||
64 | x = MHD__gnutls_mpi_new (x_size); | ||
65 | if (x == NULL) | ||
66 | { | ||
67 | MHD_gnutls_assert (); | ||
68 | if (ret_x) | ||
69 | *ret_x = NULL; | ||
70 | |||
71 | return NULL; | ||
72 | } | ||
73 | |||
74 | /* FIXME: (x_size/8)*8 is there to overcome a bug in libgcrypt | ||
75 | * which does not really check the bits given but the bytes. | ||
76 | */ | ||
77 | do | ||
78 | { | ||
79 | MHD__gnutls_mpi_randomize (x, (x_size / 8) * 8, GCRY_STRONG_RANDOM); | ||
80 | /* Check whether x is zero. | ||
81 | */ | ||
82 | } | ||
83 | while (MHD__gnutls_mpi_cmp_ui (x, 0) == 0); | ||
84 | |||
85 | e = MHD__gnutls_mpi_alloc_like (prime); | ||
86 | if (e == NULL) | ||
87 | { | ||
88 | MHD_gnutls_assert (); | ||
89 | if (ret_x) | ||
90 | *ret_x = NULL; | ||
91 | |||
92 | MHD_gtls_mpi_release (&x); | ||
93 | return NULL; | ||
94 | } | ||
95 | |||
96 | MHD__gnutls_mpi_powm (e, g, x, prime); | ||
97 | |||
98 | if (ret_x) | ||
99 | *ret_x = x; | ||
100 | else | ||
101 | MHD_gtls_mpi_release (&x); | ||
102 | return e; | ||
103 | } | ||
104 | |||
105 | |||
106 | mpi_t | ||
107 | MHD_gtls_calc_dh_key (mpi_t f, mpi_t x, mpi_t prime) | ||
108 | { | ||
109 | mpi_t k; | ||
110 | int bits; | ||
111 | |||
112 | bits = MHD__gnutls_mpi_get_nbits (prime); | ||
113 | if (bits <= 0 || bits > MAX_BITS) | ||
114 | { | ||
115 | MHD_gnutls_assert (); | ||
116 | return NULL; | ||
117 | } | ||
118 | |||
119 | k = MHD__gnutls_mpi_alloc_like (prime); | ||
120 | if (k == NULL) | ||
121 | return NULL; | ||
122 | MHD__gnutls_mpi_powm (k, f, x, prime); | ||
123 | return k; | ||
124 | } | ||
125 | |||
126 | /*- | ||
127 | * MHD_gtls_get_dh_params - Returns the DH parameters pointer | ||
128 | * @dh_params: is an DH parameters structure, or NULL. | ||
129 | * @func: is a callback function to receive the parameters or NULL. | ||
130 | * @session: a gnutls session. | ||
131 | * | ||
132 | * This function will return the dh parameters pointer. | ||
133 | * | ||
134 | -*/ | ||
135 | MHD_gtls_dh_params_t | ||
136 | MHD_gtls_get_dh_params (MHD_gtls_dh_params_t dh_params, | ||
137 | MHD_gnutls_params_function * func, | ||
138 | MHD_gtls_session_t session) | ||
139 | { | ||
140 | MHD_gnutls_params_st params; | ||
141 | int ret; | ||
142 | |||
143 | /* if cached return the cached */ | ||
144 | if (session->internals.params.dh_params) | ||
145 | return session->internals.params.dh_params; | ||
146 | |||
147 | if (dh_params) | ||
148 | { | ||
149 | session->internals.params.dh_params = dh_params; | ||
150 | } | ||
151 | else if (func) | ||
152 | { | ||
153 | ret = func (session, GNUTLS_PARAMS_DH, ¶ms); | ||
154 | if (ret == 0 && params.type == GNUTLS_PARAMS_DH) | ||
155 | { | ||
156 | session->internals.params.dh_params = params.params.dh; | ||
157 | session->internals.params.free_dh_params = params.deinit; | ||
158 | } | ||
159 | } | ||
160 | |||
161 | return session->internals.params.dh_params; | ||
162 | } | ||
diff --git a/src/daemon/https/tls/gnutls_dh.h b/src/daemon/https/tls/gnutls_dh.h deleted file mode 100644 index 5d7341fc..00000000 --- a/src/daemon/https/tls/gnutls_dh.h +++ /dev/null | |||
@@ -1,38 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef GNUTLS_DH_H | ||
26 | # define GNUTLS_DH_H | ||
27 | |||
28 | const mpi_t *MHD_gtls_dh_params_to_mpi (MHD_gtls_dh_params_t); | ||
29 | mpi_t MHD_gtls_calc_dh_secret (mpi_t * ret_x, mpi_t g, mpi_t prime); | ||
30 | mpi_t MHD_gtls_calc_dh_key (mpi_t f, mpi_t x, mpi_t prime); | ||
31 | int MHD_gtls_dh_generate_prime (mpi_t * ret_g, mpi_t * ret_n, unsigned bits); | ||
32 | |||
33 | MHD_gtls_dh_params_t | ||
34 | MHD_gtls_get_dh_params (MHD_gtls_dh_params_t dh_params, | ||
35 | MHD_gnutls_params_function * func, | ||
36 | MHD_gtls_session_t session); | ||
37 | |||
38 | #endif | ||
diff --git a/src/daemon/https/tls/gnutls_dh_primes.c b/src/daemon/https/tls/gnutls_dh_primes.c deleted file mode 100644 index a25759b0..00000000 --- a/src/daemon/https/tls/gnutls_dh_primes.c +++ /dev/null | |||
@@ -1,214 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | #include <gnutls_errors.h> | ||
27 | #include <gnutls_datum.h> | ||
28 | #include <x509_b64.h> /* for PKCS3 PEM decoding */ | ||
29 | #include <gnutls_global.h> | ||
30 | #include <gnutls_dh.h> | ||
31 | #include "debug.h" | ||
32 | /* x509 */ | ||
33 | #include "mpi.h" | ||
34 | |||
35 | |||
36 | /* returns the prime and the generator of DH params. | ||
37 | */ | ||
38 | const mpi_t * | ||
39 | MHD_gtls_dh_params_to_mpi (MHD_gtls_dh_params_t dh_primes) | ||
40 | { | ||
41 | if (dh_primes == NULL || dh_primes->params[1] == NULL | ||
42 | || dh_primes->params[0] == NULL) | ||
43 | { | ||
44 | return NULL; | ||
45 | } | ||
46 | |||
47 | return dh_primes->params; | ||
48 | } | ||
49 | |||
50 | int | ||
51 | MHD_gtls_dh_generate_prime (mpi_t * ret_g, mpi_t * ret_n, unsigned int bits) | ||
52 | { | ||
53 | mpi_t g = NULL, prime = NULL; | ||
54 | gcry_error_t err; | ||
55 | int result, times = 0, qbits; | ||
56 | mpi_t *factors = NULL; | ||
57 | |||
58 | /* Calculate the size of a prime factor of (prime-1)/2. | ||
59 | * This is an emulation of the values in "Selecting Cryptographic Key Sizes" paper. | ||
60 | */ | ||
61 | if (bits < 256) | ||
62 | qbits = bits / 2; | ||
63 | else | ||
64 | { | ||
65 | qbits = (bits / 40) + 105; | ||
66 | } | ||
67 | |||
68 | if (qbits & 1) /* better have an even number */ | ||
69 | qbits++; | ||
70 | |||
71 | /* find a prime number of size bits. | ||
72 | */ | ||
73 | do | ||
74 | { | ||
75 | |||
76 | if (times) | ||
77 | { | ||
78 | MHD_gtls_mpi_release (&prime); | ||
79 | gcry_prime_release_factors (factors); | ||
80 | } | ||
81 | |||
82 | err = gcry_prime_generate (&prime, bits, qbits, &factors, NULL, NULL, | ||
83 | GCRY_STRONG_RANDOM, | ||
84 | GCRY_PRIME_FLAG_SPECIAL_FACTOR); | ||
85 | |||
86 | if (err != 0) | ||
87 | { | ||
88 | MHD_gnutls_assert (); | ||
89 | result = GNUTLS_E_INTERNAL_ERROR; | ||
90 | goto cleanup; | ||
91 | } | ||
92 | |||
93 | err = gcry_prime_check (prime, 0); | ||
94 | |||
95 | times++; | ||
96 | } | ||
97 | while (err != 0 && times < 10); | ||
98 | |||
99 | if (err != 0) | ||
100 | { | ||
101 | MHD_gnutls_assert (); | ||
102 | result = GNUTLS_E_INTERNAL_ERROR; | ||
103 | goto cleanup; | ||
104 | } | ||
105 | |||
106 | /* generate the group generator. | ||
107 | */ | ||
108 | err = gcry_prime_group_generator (&g, prime, factors, NULL); | ||
109 | if (err != 0) | ||
110 | { | ||
111 | MHD_gnutls_assert (); | ||
112 | result = GNUTLS_E_INTERNAL_ERROR; | ||
113 | goto cleanup; | ||
114 | } | ||
115 | |||
116 | gcry_prime_release_factors (factors); | ||
117 | factors = NULL; | ||
118 | |||
119 | if (ret_g) | ||
120 | *ret_g = g; | ||
121 | else | ||
122 | MHD_gtls_mpi_release (&g); | ||
123 | if (ret_n) | ||
124 | *ret_n = prime; | ||
125 | else | ||
126 | MHD_gtls_mpi_release (&prime); | ||
127 | |||
128 | return 0; | ||
129 | |||
130 | cleanup:gcry_prime_release_factors (factors); | ||
131 | MHD_gtls_mpi_release (&g); | ||
132 | MHD_gtls_mpi_release (&prime); | ||
133 | |||
134 | return result; | ||
135 | |||
136 | } | ||
137 | |||
138 | /* Replaces the prime in the static DH parameters, with a randomly | ||
139 | * generated one. | ||
140 | */ | ||
141 | /** | ||
142 | * MHD__gnutls_dh_params_init - This function will initialize the DH parameters | ||
143 | * @dh_params: Is a structure that will hold the prime numbers | ||
144 | * | ||
145 | * This function will initialize the DH parameters structure. | ||
146 | * | ||
147 | **/ | ||
148 | int | ||
149 | MHD__gnutls_dh_params_init (MHD_gtls_dh_params_t * dh_params) | ||
150 | { | ||
151 | |||
152 | (*dh_params) = MHD_gnutls_calloc (1, sizeof (MHD_gtls_dh_params_st)); | ||
153 | if (*dh_params == NULL) | ||
154 | { | ||
155 | MHD_gnutls_assert (); | ||
156 | return GNUTLS_E_MEMORY_ERROR; | ||
157 | } | ||
158 | |||
159 | return 0; | ||
160 | |||
161 | } | ||
162 | |||
163 | /** | ||
164 | * MHD__gnutls_dh_params_deinit - This function will deinitialize the DH parameters | ||
165 | * @dh_params: Is a structure that holds the prime numbers | ||
166 | * | ||
167 | * This function will deinitialize the DH parameters structure. | ||
168 | * | ||
169 | **/ | ||
170 | void | ||
171 | MHD__gnutls_dh_params_deinit (MHD_gtls_dh_params_t dh_params) | ||
172 | { | ||
173 | if (dh_params == NULL) | ||
174 | return; | ||
175 | |||
176 | MHD_gtls_mpi_release (&dh_params->params[0]); | ||
177 | MHD_gtls_mpi_release (&dh_params->params[1]); | ||
178 | |||
179 | MHD_gnutls_free (dh_params); | ||
180 | |||
181 | } | ||
182 | |||
183 | /** | ||
184 | * MHD__gnutls_dh_params_generate2 - This function will generate new DH parameters | ||
185 | * @params: Is the structure that the DH parameters will be stored | ||
186 | * @bits: is the prime's number of bits | ||
187 | * | ||
188 | * This function will generate a new pair of prime and generator for use in | ||
189 | * the Diffie-Hellman key exchange. The new parameters will be allocated using | ||
190 | * MHD_gnutls_malloc() and will be stored in the appropriate datum. | ||
191 | * This function is normally slow. | ||
192 | * | ||
193 | * Note that the bits value should be one of 768, 1024, 2048, 3072 or 4096. | ||
194 | * Also note that the DH parameters are only useful to servers. | ||
195 | * Since clients use the parameters sent by the server, it's of | ||
196 | * no use to call this in client side. | ||
197 | * | ||
198 | **/ | ||
199 | int | ||
200 | MHD__gnutls_dh_params_generate2 (MHD_gtls_dh_params_t params, | ||
201 | unsigned int bits) | ||
202 | { | ||
203 | int ret; | ||
204 | |||
205 | ret = | ||
206 | MHD_gtls_dh_generate_prime (¶ms->params[1], ¶ms->params[0], bits); | ||
207 | if (ret < 0) | ||
208 | { | ||
209 | MHD_gnutls_assert (); | ||
210 | return ret; | ||
211 | } | ||
212 | |||
213 | return 0; | ||
214 | } | ||
diff --git a/src/daemon/https/tls/gnutls_errors.c b/src/daemon/https/tls/gnutls_errors.c deleted file mode 100644 index 48b8a562..00000000 --- a/src/daemon/https/tls/gnutls_errors.c +++ /dev/null | |||
@@ -1,404 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | #include "gnutls_errors.h" | ||
27 | #include <libtasn1.h> | ||
28 | #ifdef STDC_HEADERS | ||
29 | # include <stdarg.h> | ||
30 | #endif | ||
31 | |||
32 | /* I18n of error codes. */ | ||
33 | #define _(String) (String) | ||
34 | #define N_(String) (String) | ||
35 | |||
36 | extern LOG_FUNC MHD__gnutls_log_func; | ||
37 | |||
38 | #define ERROR_ENTRY(desc, name, fatal) \ | ||
39 | { desc, #name, name, fatal} | ||
40 | |||
41 | struct MHD_gnutls_error_entry | ||
42 | { | ||
43 | const char *desc; | ||
44 | const char *_name; | ||
45 | int number; | ||
46 | int fatal; | ||
47 | }; | ||
48 | typedef struct MHD_gnutls_error_entry MHD_gnutls_error_entry; | ||
49 | |||
50 | static const MHD_gnutls_error_entry MHD_gtls_error_algorithms[] = { | ||
51 | /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */ | ||
52 | ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS, 0), | ||
53 | ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."), | ||
54 | GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1), | ||
55 | ERROR_ENTRY (N_("The cipher type is unsupported."), | ||
56 | GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1), | ||
57 | ERROR_ENTRY (N_("The certificate and the given key do not match."), | ||
58 | GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1), | ||
59 | ERROR_ENTRY (N_("Could not negotiate a supported compression method."), | ||
60 | GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1), | ||
61 | ERROR_ENTRY (N_("An unknown public key algorithm was encountered."), | ||
62 | GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1), | ||
63 | |||
64 | ERROR_ENTRY (N_("An algorithm that is not enabled was negotiated."), | ||
65 | GNUTLS_E_UNWANTED_ALGORITHM, 1), | ||
66 | ERROR_ENTRY (N_("A large TLS record packet was received."), | ||
67 | GNUTLS_E_LARGE_PACKET, 1), | ||
68 | ERROR_ENTRY (N_("A record packet with illegal version was received."), | ||
69 | GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1), | ||
70 | ERROR_ENTRY (N_ | ||
71 | ("The Diffie Hellman prime sent by the server is not acceptable (not long enough)."), | ||
72 | GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1), | ||
73 | ERROR_ENTRY (N_("A TLS packet with unexpected length was received."), | ||
74 | GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1), | ||
75 | ERROR_ENTRY (N_ | ||
76 | ("The specified session has been invalidated for some reason."), | ||
77 | GNUTLS_E_INVALID_SESSION, 1), | ||
78 | |||
79 | ERROR_ENTRY (N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR, 1), | ||
80 | ERROR_ENTRY (N_("An illegal TLS extension was received."), | ||
81 | GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1), | ||
82 | ERROR_ENTRY (N_("A TLS fatal alert has been received."), | ||
83 | GNUTLS_E_FATAL_ALERT_RECEIVED, 1), | ||
84 | ERROR_ENTRY (N_("An unexpected TLS packet was received."), | ||
85 | GNUTLS_E_UNEXPECTED_PACKET, 1), | ||
86 | ERROR_ENTRY (N_("A TLS warning alert has been received."), | ||
87 | GNUTLS_E_WARNING_ALERT_RECEIVED, 0), | ||
88 | ERROR_ENTRY (N_ | ||
89 | ("An error was encountered at the TLS Finished packet calculation."), | ||
90 | GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1), | ||
91 | ERROR_ENTRY (N_("The peer did not send any certificate."), | ||
92 | GNUTLS_E_NO_CERTIFICATE_FOUND, 1), | ||
93 | |||
94 | ERROR_ENTRY (N_("No temporary RSA parameters were found."), | ||
95 | GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1), | ||
96 | ERROR_ENTRY (N_("No temporary DH parameters were found."), | ||
97 | GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1), | ||
98 | ERROR_ENTRY (N_("An unexpected TLS handshake packet was received."), | ||
99 | GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1), | ||
100 | ERROR_ENTRY (N_("The scanning of a large integer has failed."), | ||
101 | GNUTLS_E_MPI_SCAN_FAILED, 1), | ||
102 | ERROR_ENTRY (N_("Could not export a large integer."), | ||
103 | GNUTLS_E_MPI_PRINT_FAILED, 1), | ||
104 | ERROR_ENTRY (N_("Decryption has failed."), GNUTLS_E_DECRYPTION_FAILED, 1), | ||
105 | ERROR_ENTRY (N_("Encryption has failed."), GNUTLS_E_ENCRYPTION_FAILED, 1), | ||
106 | ERROR_ENTRY (N_("Public key decryption has failed."), | ||
107 | GNUTLS_E_PK_DECRYPTION_FAILED, 1), | ||
108 | ERROR_ENTRY (N_("Public key encryption has failed."), | ||
109 | GNUTLS_E_PK_ENCRYPTION_FAILED, 1), | ||
110 | ERROR_ENTRY (N_("Public key signing has failed."), GNUTLS_E_PK_SIGN_FAILED, | ||
111 | 1), | ||
112 | ERROR_ENTRY (N_("Public key signature verification has failed."), | ||
113 | GNUTLS_E_PK_SIG_VERIFY_FAILED, 1), | ||
114 | ERROR_ENTRY (N_("Decompression of the TLS record packet has failed."), | ||
115 | GNUTLS_E_DECOMPRESSION_FAILED, 1), | ||
116 | ERROR_ENTRY (N_("Compression of the TLS record packet has failed."), | ||
117 | GNUTLS_E_COMPRESSION_FAILED, 1), | ||
118 | |||
119 | ERROR_ENTRY (N_("Internal error in memory allocation."), | ||
120 | GNUTLS_E_MEMORY_ERROR, 1), | ||
121 | ERROR_ENTRY (N_("An unimplemented or disabled feature has been requested."), | ||
122 | GNUTLS_E_UNIMPLEMENTED_FEATURE, 1), | ||
123 | ERROR_ENTRY (N_("Insufficient credentials for that request."), | ||
124 | GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1), | ||
125 | ERROR_ENTRY (N_("Error in password file."), GNUTLS_E_SRP_PWD_ERROR, 1), | ||
126 | ERROR_ENTRY (N_("Wrong padding in PKCS1 packet."), GNUTLS_E_PKCS1_WRONG_PAD, | ||
127 | 1), | ||
128 | ERROR_ENTRY (N_("The requested session has expired."), GNUTLS_E_EXPIRED, 1), | ||
129 | ERROR_ENTRY (N_("Hashing has failed."), GNUTLS_E_HASH_FAILED, 1), | ||
130 | ERROR_ENTRY (N_("Base64 decoding error."), GNUTLS_E_BASE64_DECODING_ERROR, | ||
131 | 1), | ||
132 | ERROR_ENTRY (N_("Base64 unexpected header error."), | ||
133 | GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR, | ||
134 | 1), | ||
135 | ERROR_ENTRY (N_("Base64 encoding error."), GNUTLS_E_BASE64_ENCODING_ERROR, | ||
136 | 1), | ||
137 | ERROR_ENTRY (N_("Parsing error in password file."), | ||
138 | GNUTLS_E_SRP_PWD_PARSING_ERROR, 1), | ||
139 | ERROR_ENTRY (N_("The requested data were not available."), | ||
140 | GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 0), | ||
141 | ERROR_ENTRY (N_("Error in the pull function."), GNUTLS_E_PULL_ERROR, 1), | ||
142 | ERROR_ENTRY (N_("Error in the push function."), GNUTLS_E_PUSH_ERROR, 1), | ||
143 | ERROR_ENTRY (N_ | ||
144 | ("The upper limit of record packet sequence numbers has been reached. Wow!"), | ||
145 | GNUTLS_E_RECORD_LIMIT_REACHED, 1), | ||
146 | ERROR_ENTRY (N_("Error in the certificate."), GNUTLS_E_CERTIFICATE_ERROR, | ||
147 | 1), | ||
148 | ERROR_ENTRY (N_("Unknown Subject Alternative name in X.509 certificate."), | ||
149 | GNUTLS_E_X509_UNKNOWN_SAN, 1), | ||
150 | |||
151 | ERROR_ENTRY (N_("Unsupported critical extension in X.509 certificate."), | ||
152 | GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1), | ||
153 | ERROR_ENTRY (N_("Key usage violation in certificate has been detected."), | ||
154 | GNUTLS_E_KEY_USAGE_VIOLATION, 1), | ||
155 | ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_AGAIN, 0), | ||
156 | ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_INTERRUPTED, 0), | ||
157 | ERROR_ENTRY (N_("Rehandshake was requested by the peer."), | ||
158 | GNUTLS_E_REHANDSHAKE, 0), | ||
159 | ERROR_ENTRY (N_ | ||
160 | ("TLS Application data were received, while expecting handshake data."), | ||
161 | GNUTLS_E_GOT_APPLICATION_DATA, 1), | ||
162 | ERROR_ENTRY (N_("Error in Database backend."), GNUTLS_E_DB_ERROR, 1), | ||
163 | ERROR_ENTRY (N_("The certificate type is not supported."), | ||
164 | GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1), | ||
165 | ERROR_ENTRY (N_("The given memory buffer is too short to hold parameters."), | ||
166 | GNUTLS_E_SHORT_MEMORY_BUFFER, 1), | ||
167 | ERROR_ENTRY (N_("The request is invalid."), GNUTLS_E_INVALID_REQUEST, 1), | ||
168 | ERROR_ENTRY (N_("An illegal parameter has been received."), | ||
169 | GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1), | ||
170 | ERROR_ENTRY (N_("Error while reading file."), GNUTLS_E_FILE_ERROR, 1), | ||
171 | |||
172 | ERROR_ENTRY (N_("ASN1 parser: Element was not found."), | ||
173 | GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1), | ||
174 | ERROR_ENTRY (N_("ASN1 parser: Identifier was not found"), | ||
175 | GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1), | ||
176 | ERROR_ENTRY (N_("ASN1 parser: Error in DER parsing."), | ||
177 | GNUTLS_E_ASN1_DER_ERROR, 1), | ||
178 | ERROR_ENTRY (N_("ASN1 parser: Value was not found."), | ||
179 | GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1), | ||
180 | ERROR_ENTRY (N_("ASN1 parser: Generic parsing error."), | ||
181 | GNUTLS_E_ASN1_GENERIC_ERROR, 1), | ||
182 | ERROR_ENTRY (N_("ASN1 parser: Value is not valid."), | ||
183 | GNUTLS_E_ASN1_VALUE_NOT_VALID, 1), | ||
184 | ERROR_ENTRY (N_("ASN1 parser: Error in TAG."), GNUTLS_E_ASN1_TAG_ERROR, 1), | ||
185 | ERROR_ENTRY (N_("ASN1 parser: error in implicit tag"), | ||
186 | GNUTLS_E_ASN1_TAG_IMPLICIT, 1), | ||
187 | ERROR_ENTRY (N_("ASN1 parser: Error in type 'ANY'."), | ||
188 | GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1), | ||
189 | ERROR_ENTRY (N_("ASN1 parser: Syntax error."), GNUTLS_E_ASN1_SYNTAX_ERROR, | ||
190 | 1), | ||
191 | ERROR_ENTRY (N_("ASN1 parser: Overflow in DER parsing."), | ||
192 | GNUTLS_E_ASN1_DER_OVERFLOW, 1), | ||
193 | |||
194 | ERROR_ENTRY (N_("Too many empty record packets have been received."), | ||
195 | GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1), | ||
196 | ERROR_ENTRY (N_("The initialization of GnuTLS-extra has failed."), | ||
197 | GNUTLS_E_INIT_LIBEXTRA, 1), | ||
198 | ERROR_ENTRY (N_ | ||
199 | ("The GnuTLS library version does not match the GnuTLS-extra library version."), | ||
200 | GNUTLS_E_LIBRARY_VERSION_MISMATCH, 1), | ||
201 | ERROR_ENTRY (N_("The gcrypt library version is too old."), | ||
202 | GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1), | ||
203 | |||
204 | ERROR_ENTRY (N_("The tasn1 library version is too old."), | ||
205 | GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1), | ||
206 | |||
207 | ERROR_ENTRY (N_("The initialization of LZO has failed."), | ||
208 | GNUTLS_E_LZO_INIT_FAILED, 1), | ||
209 | ERROR_ENTRY (N_("No supported compression algorithms have been found."), | ||
210 | GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1), | ||
211 | ERROR_ENTRY (N_("No supported cipher suites have been found."), | ||
212 | GNUTLS_E_NO_CIPHER_SUITES, 1), | ||
213 | ERROR_ENTRY (N_("The SRP username supplied is illegal."), | ||
214 | GNUTLS_E_ILLEGAL_SRP_USERNAME, 1), | ||
215 | |||
216 | ERROR_ENTRY (N_("The certificate has unsupported attributes."), | ||
217 | GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1), | ||
218 | ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID, | ||
219 | 1), | ||
220 | ERROR_ENTRY (N_("The hash algorithm is unknown."), | ||
221 | GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1), | ||
222 | ERROR_ENTRY (N_("The PKCS structure's content type is unknown."), | ||
223 | GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1), | ||
224 | ERROR_ENTRY (N_("The PKCS structure's bag type is unknown."), | ||
225 | GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1), | ||
226 | ERROR_ENTRY (N_("The given password contains invalid characters."), | ||
227 | GNUTLS_E_INVALID_PASSWORD, 1), | ||
228 | ERROR_ENTRY (N_("The Message Authentication Code verification failed."), | ||
229 | GNUTLS_E_MAC_VERIFY_FAILED, 1), | ||
230 | ERROR_ENTRY (N_("Some constraint limits were reached."), | ||
231 | GNUTLS_E_CONSTRAINT_ERROR, 1), | ||
232 | ERROR_ENTRY (N_("Failed to acquire random data."), GNUTLS_E_RANDOM_FAILED, | ||
233 | 1), | ||
234 | |||
235 | ERROR_ENTRY (N_("Received a TLS/IA Intermediate Phase Finished message"), | ||
236 | GNUTLS_E_WARNING_IA_IPHF_RECEIVED, 0), | ||
237 | ERROR_ENTRY (N_("Received a TLS/IA Final Phase Finished message"), | ||
238 | GNUTLS_E_WARNING_IA_FPHF_RECEIVED, 0), | ||
239 | ERROR_ENTRY (N_("Verifying TLS/IA phase checksum failed"), | ||
240 | GNUTLS_E_IA_VERIFY_FAILED, 1), | ||
241 | |||
242 | ERROR_ENTRY (N_("The specified algorithm or protocol is unknown."), | ||
243 | GNUTLS_E_UNKNOWN_ALGORITHM, 1), | ||
244 | |||
245 | {NULL, NULL, 0, 0} | ||
246 | }; | ||
247 | |||
248 | #define GNUTLS_ERROR_LOOP(b) \ | ||
249 | const MHD_gnutls_error_entry *p; \ | ||
250 | for(p = MHD_gtls_error_algorithms; p->desc != NULL; p++) { b ; } | ||
251 | |||
252 | #define GNUTLS_ERROR_ALG_LOOP(a) \ | ||
253 | GNUTLS_ERROR_LOOP( if(p->number == error) { a; break; } ) | ||
254 | |||
255 | |||
256 | |||
257 | /** | ||
258 | * MHD_gtls_error_is_fatal - Returns non-zero in case of a fatal error | ||
259 | * @error: is an error returned by a gnutls function. Error should be a negative value. | ||
260 | * | ||
261 | * If a function returns a negative value you may feed that value | ||
262 | * to this function to see if it is fatal. Returns 1 for a fatal | ||
263 | * error 0 otherwise. However you may want to check the | ||
264 | * error code manually, since some non-fatal errors to the protocol | ||
265 | * may be fatal for you (your program). | ||
266 | * | ||
267 | * This is only useful if you are dealing with errors from the | ||
268 | * record layer or the handshake layer. | ||
269 | * | ||
270 | * For positive @error values, 0 is returned. | ||
271 | * | ||
272 | **/ | ||
273 | int | ||
274 | MHD_gtls_error_is_fatal (int error) | ||
275 | { | ||
276 | int ret = 1; | ||
277 | |||
278 | /* Input sanitzation. Positive values are not errors at all, and | ||
279 | definitely not fatal. */ | ||
280 | if (error > 0) | ||
281 | return 0; | ||
282 | |||
283 | GNUTLS_ERROR_ALG_LOOP (ret = p->fatal); | ||
284 | |||
285 | return ret; | ||
286 | } | ||
287 | |||
288 | /** | ||
289 | * MHD_gtls_perror - prints a string to stderr with a description of an error | ||
290 | * @error: is an error returned by a gnutls function. Error is always a negative value. | ||
291 | * | ||
292 | * This function is like perror(). The only difference is that it accepts an | ||
293 | * error number returned by a gnutls function. | ||
294 | **/ | ||
295 | void | ||
296 | MHD_gtls_perror (int error) | ||
297 | { | ||
298 | const char *ret = NULL; | ||
299 | |||
300 | /* avoid prefix */ | ||
301 | GNUTLS_ERROR_ALG_LOOP (ret = p->desc); | ||
302 | if (ret == NULL) | ||
303 | ret = "(unknown)"; | ||
304 | fprintf (stderr, "GNUTLS ERROR: %s\n", _(ret)); | ||
305 | } | ||
306 | |||
307 | |||
308 | /** | ||
309 | * MHD_gtls_strerror - Returns a string with a description of an error | ||
310 | * @error: is an error returned by a gnutls function. Error is always a negative value. | ||
311 | * | ||
312 | * This function is similar to strerror(). Differences: it accepts an error | ||
313 | * number returned by a gnutls function; In case of an unknown error | ||
314 | * a descriptive string is sent instead of NULL. | ||
315 | **/ | ||
316 | const char * | ||
317 | MHD_gtls_strerror (int error) | ||
318 | { | ||
319 | const char *ret = NULL; | ||
320 | |||
321 | /* avoid prefix */ | ||
322 | GNUTLS_ERROR_ALG_LOOP (ret = p->desc); | ||
323 | if (ret == NULL) | ||
324 | return "(unknown error code)"; | ||
325 | return _(ret); | ||
326 | } | ||
327 | |||
328 | /* This will print the actual define of the | ||
329 | * given error code. | ||
330 | */ | ||
331 | const char * | ||
332 | MHD__gnutls_strerror (int error) | ||
333 | { | ||
334 | const char *ret = NULL; | ||
335 | |||
336 | /* avoid prefix */ | ||
337 | GNUTLS_ERROR_ALG_LOOP (ret = p->_name); | ||
338 | |||
339 | return _(ret); | ||
340 | } | ||
341 | |||
342 | int | ||
343 | MHD_gtls_asn2err (int asn_err) | ||
344 | { | ||
345 | switch (asn_err) | ||
346 | { | ||
347 | case ASN1_FILE_NOT_FOUND: | ||
348 | return GNUTLS_E_FILE_ERROR; | ||
349 | case ASN1_ELEMENT_NOT_FOUND: | ||
350 | return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND; | ||
351 | case ASN1_IDENTIFIER_NOT_FOUND: | ||
352 | return GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND; | ||
353 | case ASN1_DER_ERROR: | ||
354 | return GNUTLS_E_ASN1_DER_ERROR; | ||
355 | case ASN1_VALUE_NOT_FOUND: | ||
356 | return GNUTLS_E_ASN1_VALUE_NOT_FOUND; | ||
357 | case ASN1_GENERIC_ERROR: | ||
358 | return GNUTLS_E_ASN1_GENERIC_ERROR; | ||
359 | case ASN1_VALUE_NOT_VALID: | ||
360 | return GNUTLS_E_ASN1_VALUE_NOT_VALID; | ||
361 | case ASN1_TAG_ERROR: | ||
362 | return GNUTLS_E_ASN1_TAG_ERROR; | ||
363 | case ASN1_TAG_IMPLICIT: | ||
364 | return GNUTLS_E_ASN1_TAG_IMPLICIT; | ||
365 | case ASN1_ERROR_TYPE_ANY: | ||
366 | return GNUTLS_E_ASN1_TYPE_ANY_ERROR; | ||
367 | case ASN1_SYNTAX_ERROR: | ||
368 | return GNUTLS_E_ASN1_SYNTAX_ERROR; | ||
369 | case ASN1_MEM_ERROR: | ||
370 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
371 | case ASN1_MEM_ALLOC_ERROR: | ||
372 | return GNUTLS_E_MEMORY_ERROR; | ||
373 | case ASN1_DER_OVERFLOW: | ||
374 | return GNUTLS_E_ASN1_DER_OVERFLOW; | ||
375 | default: | ||
376 | return GNUTLS_E_ASN1_GENERIC_ERROR; | ||
377 | } | ||
378 | } | ||
379 | |||
380 | |||
381 | /* this function will output a message using the | ||
382 | * caller provided function | ||
383 | */ | ||
384 | void | ||
385 | MHD_gtls_log (int level, const char *fmt, ...) | ||
386 | { | ||
387 | va_list args; | ||
388 | char str[MAX_LOG_SIZE]; | ||
389 | void (*log_func) (int, const char *) = MHD__gnutls_log_func; | ||
390 | |||
391 | if (MHD__gnutls_log_func == NULL) | ||
392 | return; | ||
393 | |||
394 | va_start (args, fmt); | ||
395 | vsnprintf (str, MAX_LOG_SIZE - 1, fmt, args); /* Flawfinder: ignore */ | ||
396 | va_end (args); | ||
397 | |||
398 | log_func (level, str); | ||
399 | } | ||
400 | |||
401 | void | ||
402 | MHD__gnutls_null_log (void *n, ...) | ||
403 | { | ||
404 | } | ||
diff --git a/src/daemon/https/tls/gnutls_errors.h b/src/daemon/https/tls/gnutls_errors.h deleted file mode 100644 index ecde580b..00000000 --- a/src/daemon/https/tls/gnutls_errors.h +++ /dev/null | |||
@@ -1,71 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <defines.h> | ||
26 | |||
27 | #define GNUTLS_E_INT_RET_0 -1251 | ||
28 | |||
29 | #ifdef __FILE__ | ||
30 | # ifdef __LINE__ | ||
31 | # define MHD_gnutls_assert() MHD__gnutls_debug_log( "ASSERT: %s:%d\n", __FILE__,__LINE__); | ||
32 | # else | ||
33 | # define MHD_gnutls_assert() | ||
34 | # endif | ||
35 | #else /* __FILE__ not defined */ | ||
36 | # define MHD_gnutls_assert() | ||
37 | #endif | ||
38 | |||
39 | int MHD_gtls_asn2err (int asn_err); | ||
40 | void MHD_gtls_log (int, const char *fmt, ...); | ||
41 | |||
42 | extern int MHD__gnutls_log_level; | ||
43 | |||
44 | #ifdef C99_MACROS | ||
45 | #define LEVEL(l, ...) if (MHD__gnutls_log_level >= l || MHD__gnutls_log_level > 9) \ | ||
46 | MHD_gtls_log( l, __VA_ARGS__) | ||
47 | |||
48 | #define LEVEL_EQ(l, ...) if (MHD__gnutls_log_level == l || MHD__gnutls_log_level > 9) \ | ||
49 | MHD_gtls_log( l, __VA_ARGS__) | ||
50 | |||
51 | # define MHD__gnutls_debug_log(...) LEVEL(2, __VA_ARGS__) | ||
52 | # define MHD__gnutls_handshake_log(...) LEVEL(3, __VA_ARGS__) | ||
53 | # define MHD__gnutls_buffers_log(...) LEVEL_EQ(6, __VA_ARGS__) | ||
54 | # define MHD__gnutls_hard_log(...) LEVEL(9, __VA_ARGS__) | ||
55 | # define MHD__gnutls_record_log(...) LEVEL(4, __VA_ARGS__) | ||
56 | # define MHD__gnutls_read_log(...) LEVEL_EQ(7, __VA_ARGS__) | ||
57 | # define MHD__gnutls_write_log(...) LEVEL_EQ(7, __VA_ARGS__) | ||
58 | # define MHD__gnutls_x509_log(...) LEVEL(1, __VA_ARGS__) | ||
59 | #else | ||
60 | # define MHD__gnutls_debug_log MHD__gnutls_null_log | ||
61 | # define MHD__gnutls_handshake_log MHD__gnutls_null_log | ||
62 | # define MHD__gnutls_buffers_log MHD__gnutls_null_log | ||
63 | # define MHD__gnutls_hard_log MHD__gnutls_null_log | ||
64 | # define MHD__gnutls_record_log MHD__gnutls_null_log | ||
65 | # define MHD__gnutls_read_log MHD__gnutls_null_log | ||
66 | # define MHD__gnutls_write_log MHD__gnutls_null_log | ||
67 | # define MHD__gnutls_x509_log MHD__gnutls_null_log | ||
68 | |||
69 | void MHD__gnutls_null_log (void *, ...); | ||
70 | |||
71 | #endif /* C99_MACROS */ | ||
diff --git a/src/daemon/https/tls/gnutls_extensions.c b/src/daemon/https/tls/gnutls_extensions.c deleted file mode 100644 index 8ee96c65..00000000 --- a/src/daemon/https/tls/gnutls_extensions.c +++ /dev/null | |||
@@ -1,301 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* Functions that relate to the TLS hello extension parsing. | ||
26 | * Hello extensions are packets appended in the TLS hello packet, and | ||
27 | * allow for extra functionality. | ||
28 | */ | ||
29 | |||
30 | #include "MHD_config.h" | ||
31 | #include "gnutls_int.h" | ||
32 | #include "gnutls_extensions.h" | ||
33 | #include "gnutls_errors.h" | ||
34 | #include "ext_max_record.h" | ||
35 | #include <ext_cert_type.h> | ||
36 | #include <ext_server_name.h> | ||
37 | #include <gnutls_num.h> | ||
38 | |||
39 | /* Key Exchange Section */ | ||
40 | #define GNUTLS_EXTENSION_ENTRY(type, parse_type, ext_func_recv, ext_func_send) \ | ||
41 | { #type, type, parse_type, ext_func_recv, ext_func_send } | ||
42 | |||
43 | |||
44 | #define MAX_EXT_SIZE 10 | ||
45 | const int MHD_gtls_extensions_size = MAX_EXT_SIZE; | ||
46 | |||
47 | MHD_gtls_extension_entry MHD_gtls_extensions[MAX_EXT_SIZE] = { | ||
48 | GNUTLS_EXTENSION_ENTRY (GNUTLS_EXTENSION_MAX_RECORD_SIZE, | ||
49 | EXTENSION_TLS, | ||
50 | MHD_gtls_max_record_recv_params, | ||
51 | MHD_gtls_max_record_send_params), | ||
52 | GNUTLS_EXTENSION_ENTRY (GNUTLS_EXTENSION_CERT_TYPE, | ||
53 | EXTENSION_TLS, | ||
54 | MHD_gtls_cert_type_recv_params, | ||
55 | MHD_gtls_cert_type_send_params), | ||
56 | GNUTLS_EXTENSION_ENTRY (GNUTLS_EXTENSION_SERVER_NAME, | ||
57 | EXTENSION_APPLICATION, | ||
58 | MHD_gtls_server_name_recv_params, | ||
59 | MHD_gtls_server_name_send_params), | ||
60 | {0, 0, 0, 0} | ||
61 | }; | ||
62 | |||
63 | #define GNUTLS_EXTENSION_LOOP2(b) \ | ||
64 | MHD_gtls_extension_entry *p; \ | ||
65 | for(p = MHD_gtls_extensions; p->name != NULL; p++) { b ; } | ||
66 | |||
67 | #define GNUTLS_EXTENSION_LOOP(a) \ | ||
68 | GNUTLS_EXTENSION_LOOP2( if(p->type == type) { a; break; } ) | ||
69 | |||
70 | |||
71 | /* EXTENSION functions */ | ||
72 | |||
73 | MHD_gtls_ext_recv_func | ||
74 | MHD_gtls_ext_func_recv (uint16_t type, MHD_gtls_ext_parse_type_t parse_type) | ||
75 | { | ||
76 | MHD_gtls_ext_recv_func ret = NULL; | ||
77 | GNUTLS_EXTENSION_LOOP (if | ||
78 | (parse_type == EXTENSION_ANY | ||
79 | || p->parse_type == parse_type) ret = | ||
80 | p->MHD_gnutls_ext_func_recv); | ||
81 | return ret; | ||
82 | |||
83 | } | ||
84 | |||
85 | MHD_gtls_ext_send_func | ||
86 | MHD_gtls_ext_func_send (uint16_t type) | ||
87 | { | ||
88 | MHD_gtls_ext_send_func ret = NULL; | ||
89 | GNUTLS_EXTENSION_LOOP (ret = p->MHD_gnutls_ext_func_send); | ||
90 | return ret; | ||
91 | |||
92 | } | ||
93 | |||
94 | const char * | ||
95 | MHD_gtls_extension_get_name (uint16_t type) | ||
96 | { | ||
97 | const char *ret = NULL; | ||
98 | |||
99 | /* avoid prefix */ | ||
100 | GNUTLS_EXTENSION_LOOP (ret = p->name + sizeof ("GNUTLS_EXTENSION_") - 1); | ||
101 | |||
102 | return ret; | ||
103 | } | ||
104 | |||
105 | /* Checks if the extension we just received is one of the | ||
106 | * requested ones. Otherwise it's a fatal error. | ||
107 | */ | ||
108 | static int | ||
109 | MHD__gnutls_extension_list_check (MHD_gtls_session_t session, uint16_t type) | ||
110 | { | ||
111 | #if MHD_DEBUG_TLS | ||
112 | if (session->security_parameters.entity == GNUTLS_CLIENT) | ||
113 | { | ||
114 | int i; | ||
115 | for (i = 0; i < session->internals.extensions_sent_size; i++) | ||
116 | { | ||
117 | if (type == session->internals.extensions_sent[i]) | ||
118 | return 0; /* ok found */ | ||
119 | } | ||
120 | return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION; | ||
121 | } | ||
122 | #endif | ||
123 | return 0; | ||
124 | } | ||
125 | |||
126 | int | ||
127 | MHD_gtls_parse_extensions (MHD_gtls_session_t session, | ||
128 | MHD_gtls_ext_parse_type_t parse_type, | ||
129 | const opaque * data, int data_size) | ||
130 | { | ||
131 | int next, ret; | ||
132 | int pos = 0; | ||
133 | uint16_t type; | ||
134 | const opaque *sdata; | ||
135 | MHD_gtls_ext_recv_func ext_recv; | ||
136 | uint16_t size; | ||
137 | |||
138 | #if MHD_DEBUG_TLS | ||
139 | int i; | ||
140 | if (session->security_parameters.entity == GNUTLS_CLIENT) | ||
141 | for (i = 0; i < session->internals.extensions_sent_size; i++) | ||
142 | { | ||
143 | MHD__gnutls_debug_log ("EXT[%d]: expecting extension '%s'\n", | ||
144 | session, | ||
145 | MHD_gtls_extension_get_name | ||
146 | (session->internals.extensions_sent[i])); | ||
147 | } | ||
148 | #endif | ||
149 | |||
150 | DECR_LENGTH_RET (data_size, 2, 0); | ||
151 | next = MHD_gtls_read_uint16 (data); | ||
152 | pos += 2; | ||
153 | |||
154 | DECR_LENGTH_RET (data_size, next, 0); | ||
155 | |||
156 | do | ||
157 | { | ||
158 | DECR_LENGTH_RET (next, 2, 0); | ||
159 | type = MHD_gtls_read_uint16 (&data[pos]); | ||
160 | pos += 2; | ||
161 | |||
162 | MHD__gnutls_debug_log ("EXT[%x]: Received extension '%s/%d'\n", session, | ||
163 | MHD_gtls_extension_get_name (type), type); | ||
164 | |||
165 | if ((ret = MHD__gnutls_extension_list_check (session, type)) < 0) | ||
166 | { | ||
167 | MHD_gnutls_assert (); | ||
168 | return ret; | ||
169 | } | ||
170 | |||
171 | DECR_LENGTH_RET (next, 2, 0); | ||
172 | size = MHD_gtls_read_uint16 (&data[pos]); | ||
173 | pos += 2; | ||
174 | |||
175 | DECR_LENGTH_RET (next, size, 0); | ||
176 | sdata = &data[pos]; | ||
177 | pos += size; | ||
178 | |||
179 | ext_recv = MHD_gtls_ext_func_recv (type, parse_type); | ||
180 | if (ext_recv == NULL) | ||
181 | continue; | ||
182 | if ((ret = ext_recv (session, sdata, size)) < 0) | ||
183 | { | ||
184 | MHD_gnutls_assert (); | ||
185 | return ret; | ||
186 | } | ||
187 | |||
188 | } | ||
189 | while (next > 2); | ||
190 | |||
191 | return 0; | ||
192 | |||
193 | } | ||
194 | |||
195 | /* Adds the extension we want to send in the extensions list. | ||
196 | * This list is used to check whether the (later) received | ||
197 | * extensions are the ones we requested. | ||
198 | */ | ||
199 | static void | ||
200 | MHD__gnutls_extension_list_add (MHD_gtls_session_t session, uint16_t type) | ||
201 | { | ||
202 | #if MHD_DEBUG_TLS | ||
203 | if (session->security_parameters.entity == GNUTLS_CLIENT) | ||
204 | { | ||
205 | if (session->internals.extensions_sent_size < MAX_EXT_TYPES) | ||
206 | { | ||
207 | session->internals.extensions_sent[session->internals. | ||
208 | extensions_sent_size] = type; | ||
209 | session->internals.extensions_sent_size++; | ||
210 | } | ||
211 | else | ||
212 | { | ||
213 | MHD__gnutls_debug_log ("extensions: Increase MAX_EXT_TYPES\n"); | ||
214 | } | ||
215 | } | ||
216 | #endif | ||
217 | } | ||
218 | |||
219 | int | ||
220 | MHD_gtls_gen_extensions (MHD_gtls_session_t session, opaque * data, | ||
221 | size_t data_size) | ||
222 | { | ||
223 | int size; | ||
224 | uint16_t pos = 0; | ||
225 | opaque *sdata; | ||
226 | int sdata_size; | ||
227 | MHD_gtls_ext_send_func ext_send; | ||
228 | MHD_gtls_extension_entry *p; | ||
229 | |||
230 | if (data_size < 2) | ||
231 | { | ||
232 | MHD_gnutls_assert (); | ||
233 | return GNUTLS_E_INTERNAL_ERROR; | ||
234 | } | ||
235 | |||
236 | /* allocate enough data for each extension. | ||
237 | */ | ||
238 | sdata_size = data_size; | ||
239 | sdata = MHD_gnutls_malloc (sdata_size); | ||
240 | if (sdata == NULL) | ||
241 | { | ||
242 | MHD_gnutls_assert (); | ||
243 | return GNUTLS_E_MEMORY_ERROR; | ||
244 | } | ||
245 | |||
246 | pos += 2; | ||
247 | for (p = MHD_gtls_extensions; p->name != NULL; p++) | ||
248 | { | ||
249 | ext_send = MHD_gtls_ext_func_send (p->type); | ||
250 | if (ext_send == NULL) | ||
251 | continue; | ||
252 | size = ext_send (session, sdata, sdata_size); | ||
253 | if (size > 0) | ||
254 | { | ||
255 | if (data_size < pos + (size_t) size + 4) | ||
256 | { | ||
257 | MHD_gnutls_assert (); | ||
258 | MHD_gnutls_free (sdata); | ||
259 | return GNUTLS_E_INTERNAL_ERROR; | ||
260 | } | ||
261 | |||
262 | /* write extension type */ | ||
263 | MHD_gtls_write_uint16 (p->type, &data[pos]); | ||
264 | pos += 2; | ||
265 | |||
266 | /* write size */ | ||
267 | MHD_gtls_write_uint16 (size, &data[pos]); | ||
268 | pos += 2; | ||
269 | |||
270 | memcpy (&data[pos], sdata, size); | ||
271 | pos += size; | ||
272 | |||
273 | /* add this extension to the extension list | ||
274 | */ | ||
275 | MHD__gnutls_extension_list_add (session, p->type); | ||
276 | |||
277 | MHD__gnutls_debug_log ("EXT[%x]: Sending extension %s\n", session, | ||
278 | MHD_gtls_extension_get_name (p->type)); | ||
279 | } | ||
280 | else if (size < 0) | ||
281 | { | ||
282 | MHD_gnutls_assert (); | ||
283 | MHD_gnutls_free (sdata); | ||
284 | return size; | ||
285 | } | ||
286 | } | ||
287 | |||
288 | size = pos; | ||
289 | pos -= 2; /* remove the size of the size header! */ | ||
290 | |||
291 | MHD_gtls_write_uint16 (pos, data); | ||
292 | |||
293 | if (size == 2) | ||
294 | { /* empty */ | ||
295 | size = 0; | ||
296 | } | ||
297 | |||
298 | MHD_gnutls_free (sdata); | ||
299 | return size; | ||
300 | |||
301 | } | ||
diff --git a/src/daemon/https/tls/gnutls_extensions.h b/src/daemon/https/tls/gnutls_extensions.h deleted file mode 100644 index 9623b39b..00000000 --- a/src/daemon/https/tls/gnutls_extensions.h +++ /dev/null | |||
@@ -1,47 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | |||
27 | const char *MHD_gtls_extension_get_name (uint16_t type); | ||
28 | int MHD_gtls_parse_extensions (MHD_gtls_session_t, MHD_gtls_ext_parse_type_t, | ||
29 | const opaque *, int); | ||
30 | int MHD_gtls_gen_extensions (MHD_gtls_session_t session, opaque * data, | ||
31 | size_t data_size); | ||
32 | |||
33 | typedef int (*MHD_gtls_ext_recv_func) (MHD_gtls_session_t, const opaque *, size_t); /* recv data */ | ||
34 | typedef int (*MHD_gtls_ext_send_func) (MHD_gtls_session_t, opaque *, size_t); /* send data */ | ||
35 | |||
36 | MHD_gtls_ext_send_func MHD_gtls_ext_func_send (uint16_t type); | ||
37 | MHD_gtls_ext_recv_func MHD_gtls_ext_func_recv (uint16_t type, | ||
38 | MHD_gtls_ext_parse_type_t); | ||
39 | |||
40 | typedef struct | ||
41 | { | ||
42 | const char *name; | ||
43 | uint16_t type; | ||
44 | MHD_gtls_ext_parse_type_t parse_type; | ||
45 | MHD_gtls_ext_recv_func MHD_gnutls_ext_func_recv; | ||
46 | MHD_gtls_ext_send_func MHD_gnutls_ext_func_send; | ||
47 | } MHD_gtls_extension_entry; | ||
diff --git a/src/daemon/https/tls/gnutls_global.c b/src/daemon/https/tls/gnutls_global.c deleted file mode 100644 index 818a92a1..00000000 --- a/src/daemon/https/tls/gnutls_global.c +++ /dev/null | |||
@@ -1,298 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | #include <gnutls_errors.h> | ||
27 | #include <libtasn1.h> | ||
28 | #include <gnutls_dh.h> | ||
29 | |||
30 | /* this is used in order to make the multi-threaded initialization call to libgcrypt */ | ||
31 | #include <pthread.h> | ||
32 | #include <gcrypt.h> | ||
33 | |||
34 | /* used to set the MHD_tls logging function */ | ||
35 | #include "internal.h" | ||
36 | |||
37 | /* TODO fix : needed by GCRY_THREAD_OPTION_PTHREAD_IMPL but missing otherwise */ | ||
38 | #define ENOMEM 12 /* Out of memory */ | ||
39 | |||
40 | #ifdef HAVE_WINSOCK | ||
41 | # include <winsock2.h> | ||
42 | #endif | ||
43 | |||
44 | |||
45 | GCRY_THREAD_OPTION_PTHREAD_IMPL; | ||
46 | |||
47 | #define MHD_gnutls_log_func LOG_FUNC | ||
48 | |||
49 | /* created by asn1c */ | ||
50 | extern const ASN1_ARRAY_TYPE MHD_gnutlsMHD__asn1_tab[]; | ||
51 | extern const ASN1_ARRAY_TYPE MHD_pkix_asn1_tab[]; | ||
52 | |||
53 | LOG_FUNC MHD__gnutls_log_func; | ||
54 | int MHD__gnutls_log_level = 0; /* default log level */ | ||
55 | |||
56 | ASN1_TYPE MHD__gnutls_pkix1_asn; | ||
57 | ASN1_TYPE MHD__gnutlsMHD__gnutls_asn; | ||
58 | |||
59 | /** | ||
60 | * MHD_gtls_global_set_log_function - This function sets the logging function | ||
61 | * @log_func: it's a log function | ||
62 | * | ||
63 | * This is the function where you set the logging function gnutls | ||
64 | * is going to use. This function only accepts a character array. | ||
65 | * Normally you may not use this function since it is only used | ||
66 | * for debugging purposes. | ||
67 | * | ||
68 | * MHD_gnutls_log_func is of the form, | ||
69 | * void (*MHD_gnutls_log_func)( int level, const char*); | ||
70 | **/ | ||
71 | void | ||
72 | MHD_gtls_global_set_log_function (MHD_gnutls_log_func log_func) | ||
73 | { | ||
74 | MHD__gnutls_log_func = log_func; | ||
75 | } | ||
76 | |||
77 | /** | ||
78 | * MHD_gtls_global_set_log_level - This function sets the logging level | ||
79 | * @level: it's an integer from 0 to 9. | ||
80 | * | ||
81 | * This is the function that allows you to set the log level. | ||
82 | * The level is an integer between 0 and 9. Higher values mean | ||
83 | * more verbosity. The default value is 0. Larger values should | ||
84 | * only be used with care, since they may reveal sensitive information. | ||
85 | * | ||
86 | * Use a log level over 10 to enable all debugging options. | ||
87 | * | ||
88 | **/ | ||
89 | void | ||
90 | MHD_gtls_global_set_log_level (int level) | ||
91 | { | ||
92 | MHD__gnutls_log_level = level; | ||
93 | } | ||
94 | |||
95 | int MHD__gnutls_is_secure_mem_null (const void *); | ||
96 | |||
97 | static int MHD__gnutls_init_level = 0; | ||
98 | |||
99 | /** | ||
100 | * MHD__gnutls_global_init - This function initializes the global data to defaults. | ||
101 | * | ||
102 | * This function initializes the global data to defaults. | ||
103 | * Every gnutls application has a global data which holds common parameters | ||
104 | * shared by gnutls session structures. | ||
105 | * You must call MHD__gnutls_global_deinit() when gnutls usage is no longer needed | ||
106 | * Returns zero on success. | ||
107 | * | ||
108 | * Note that this function will also initialize libgcrypt, if it has not | ||
109 | * been initialized before. Thus if you want to manually initialize libgcrypt | ||
110 | * you must do it before calling this function. This is useful in cases you | ||
111 | * want to disable libgcrypt's internal lockings etc. | ||
112 | * | ||
113 | * This function increment a global counter, so that | ||
114 | * MHD__gnutls_global_deinit() only releases resources when it has been | ||
115 | * called as many times as MHD__gnutls_global_init(). This is useful when | ||
116 | * GnuTLS is used by more than one library in an application. This | ||
117 | * function can be called many times, but will only do something the | ||
118 | * first time. | ||
119 | * | ||
120 | * Note! This function is not thread safe. If two threads call this | ||
121 | * function simultaneously, they can cause a race between checking | ||
122 | * the global counter and incrementing it, causing both threads to | ||
123 | * execute the library initialization code. That would lead to a | ||
124 | * memory leak. To handle this, your application could invoke this | ||
125 | * function after aquiring a thread mutex. To ignore the potential | ||
126 | * memory leak is also an option. | ||
127 | * | ||
128 | **/ | ||
129 | int | ||
130 | MHD__gnutls_global_init () | ||
131 | { | ||
132 | int result = 0; | ||
133 | int res; | ||
134 | |||
135 | if (MHD__gnutls_init_level++) | ||
136 | return 0; | ||
137 | |||
138 | #if HAVE_WINSOCK | ||
139 | { | ||
140 | WORD requested; | ||
141 | WSADATA data; | ||
142 | int err; | ||
143 | |||
144 | requested = MAKEWORD (1, 1); | ||
145 | err = WSAStartup (requested, &data); | ||
146 | if (err != 0) | ||
147 | { | ||
148 | MHD__gnutls_debug_log ("WSAStartup failed: %d.\n", err); | ||
149 | return GNUTLS_E_LIBRARY_VERSION_MISMATCH; | ||
150 | } | ||
151 | |||
152 | if (data.wVersion < requested) | ||
153 | { | ||
154 | MHD__gnutls_debug_log ("WSAStartup version check failed (%d < %d).\n", | ||
155 | data.wVersion, requested); | ||
156 | WSACleanup (); | ||
157 | return GNUTLS_E_LIBRARY_VERSION_MISMATCH; | ||
158 | } | ||
159 | } | ||
160 | #endif | ||
161 | |||
162 | /* bindtextdomain("mhd", "./"); */ | ||
163 | |||
164 | if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P) == 0) | ||
165 | { | ||
166 | const char *p; | ||
167 | |||
168 | /* to enable multi-threading this call must precede any other call made to libgcrypt */ | ||
169 | gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); | ||
170 | |||
171 | /* set p to point at the required version of gcrypt */ | ||
172 | p = strchr (MHD_GCRYPT_VERSION, ':'); | ||
173 | if (p == NULL) | ||
174 | p = MHD_GCRYPT_VERSION; | ||
175 | else | ||
176 | p++; | ||
177 | |||
178 | /* this call initializes libgcrypt */ | ||
179 | if (gcry_check_version (p) == NULL) | ||
180 | { | ||
181 | MHD_gnutls_assert (); | ||
182 | MHD__gnutls_debug_log ("Checking for libgcrypt failed '%s'\n", p); | ||
183 | return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY; | ||
184 | } | ||
185 | |||
186 | /* for gcrypt in order to be able to allocate memory */ | ||
187 | gcry_set_allocation_handler (MHD_gnutls_malloc, | ||
188 | MHD_gnutls_secure_malloc, | ||
189 | MHD__gnutls_is_secure_memory, | ||
190 | MHD_gnutls_realloc, MHD_gnutls_free); | ||
191 | |||
192 | /* gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING, NULL, 0); */ | ||
193 | |||
194 | gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0); | ||
195 | |||
196 | } | ||
197 | |||
198 | if (MHD_gc_init () != GC_OK) | ||
199 | { | ||
200 | MHD_gnutls_assert (); | ||
201 | MHD__gnutls_debug_log ("Initializing crypto backend failed\n"); | ||
202 | return GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY; | ||
203 | } | ||
204 | |||
205 | /* initialize parser | ||
206 | * This should not deal with files in the final | ||
207 | * version. | ||
208 | */ | ||
209 | res = | ||
210 | MHD__asn1_array2tree (MHD_pkix_asn1_tab, &MHD__gnutls_pkix1_asn, NULL); | ||
211 | if (res != ASN1_SUCCESS) | ||
212 | { | ||
213 | result = MHD_gtls_asn2err (res); | ||
214 | return result; | ||
215 | } | ||
216 | |||
217 | res = | ||
218 | MHD__asn1_array2tree (MHD_gnutlsMHD__asn1_tab, | ||
219 | &MHD__gnutlsMHD__gnutls_asn, NULL); | ||
220 | if (res != ASN1_SUCCESS) | ||
221 | { | ||
222 | MHD__asn1_delete_structure (&MHD__gnutls_pkix1_asn); | ||
223 | result = MHD_gtls_asn2err (res); | ||
224 | return result; | ||
225 | } | ||
226 | |||
227 | return result; | ||
228 | } | ||
229 | |||
230 | /** | ||
231 | * MHD__gnutls_global_deinit - This function deinitializes the global data | ||
232 | * | ||
233 | * This function deinitializes the global data, that were initialized | ||
234 | * using MHD__gnutls_global_init(). | ||
235 | * | ||
236 | * Note! This function is not thread safe. See the discussion for | ||
237 | * MHD__gnutls_global_init() for more information. | ||
238 | * | ||
239 | **/ | ||
240 | void | ||
241 | MHD__gnutls_global_deinit () | ||
242 | { | ||
243 | if (MHD__gnutls_init_level == 1) | ||
244 | { | ||
245 | #if HAVE_WINSOCK | ||
246 | WSACleanup (); | ||
247 | #endif | ||
248 | MHD__asn1_delete_structure (&MHD__gnutlsMHD__gnutls_asn); | ||
249 | MHD__asn1_delete_structure (&MHD__gnutls_pkix1_asn); | ||
250 | MHD_gc_done (); | ||
251 | } | ||
252 | MHD__gnutls_init_level--; | ||
253 | } | ||
254 | |||
255 | /* These functions should be elsewere. Kept here for | ||
256 | * historical reasons. | ||
257 | */ | ||
258 | |||
259 | /** | ||
260 | * MHD__gnutls_transport_set_pull_function - This function sets a read like function | ||
261 | * @pull_func: a callback function similar to read() | ||
262 | * @session: gnutls session | ||
263 | * | ||
264 | * This is the function where you set a function for gnutls | ||
265 | * to receive data. Normally, if you use berkeley style sockets, | ||
266 | * do not need to use this function since the default (recv(2)) will | ||
267 | * probably be ok. | ||
268 | * | ||
269 | * PULL_FUNC is of the form, | ||
270 | * ssize_t (*MHD_gtls_pull_func)(MHD_gnutls_transport_ptr_t, void*, size_t); | ||
271 | **/ | ||
272 | void | ||
273 | MHD__gnutls_transport_set_pull_function (MHD_gtls_session_t session, | ||
274 | MHD_gtls_pull_func pull_func) | ||
275 | { | ||
276 | session->internals.MHD__gnutls_pull_func = pull_func; | ||
277 | } | ||
278 | |||
279 | /** | ||
280 | * MHD__gnutls_transport_set_push_function - This function sets the function to send data | ||
281 | * @push_func: a callback function similar to write() | ||
282 | * @session: gnutls session | ||
283 | * | ||
284 | * This is the function where you set a push function for gnutls | ||
285 | * to use in order to send data. If you are going to use berkeley style | ||
286 | * sockets, you do not need to use this function since | ||
287 | * the default (send(2)) will probably be ok. Otherwise you should | ||
288 | * specify this function for gnutls to be able to send data. | ||
289 | * | ||
290 | * PUSH_FUNC is of the form, | ||
291 | * ssize_t (*MHD_gtls_push_func)(MHD_gnutls_transport_ptr_t, const void*, size_t); | ||
292 | **/ | ||
293 | void | ||
294 | MHD__gnutls_transport_set_push_function (MHD_gtls_session_t session, | ||
295 | MHD_gtls_push_func push_func) | ||
296 | { | ||
297 | session->internals.MHD__gnutls_push_func = push_func; | ||
298 | } | ||
diff --git a/src/daemon/https/tls/gnutls_global.h b/src/daemon/https/tls/gnutls_global.h deleted file mode 100644 index 50d6131c..00000000 --- a/src/daemon/https/tls/gnutls_global.h +++ /dev/null | |||
@@ -1,54 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef GNUTLS_GLOBAL_H | ||
26 | #define GNUTLS_GLOBAL_H | ||
27 | |||
28 | #include "MHD_config.h" | ||
29 | #include <libtasn1.h> | ||
30 | #undef HAVE_CONFIG_H | ||
31 | #include <pthread.h> | ||
32 | #define HAVE_CONFIG_H 1 | ||
33 | |||
34 | /* this mutex is used to synchronize threads attempting to call MHD__gnutls_global_init / MHD__gnutls_global_deinit */ | ||
35 | extern pthread_mutex_t MHD_gnutls_init_mutex; | ||
36 | |||
37 | int MHD_gnutls_is_secure_memory (const void *mem); | ||
38 | |||
39 | extern ASN1_TYPE MHD__gnutls_pkix1_asn; | ||
40 | extern ASN1_TYPE MHD__gnutlsMHD__gnutls_asn; | ||
41 | |||
42 | #if !HAVE_MEMMEM | ||
43 | extern void *memmem (void const *__haystack, size_t __haystack_len, | ||
44 | void const *__needle, size_t __needle_len); | ||
45 | #endif | ||
46 | |||
47 | /* removed const from node_asn* to | ||
48 | * prevent warnings, since libtasn1 doesn't | ||
49 | * use the const keywork in its functions. | ||
50 | */ | ||
51 | #define MHD__gnutls_getMHD__gnutls_asn() ((node_asn*) MHD__gnutlsMHD__gnutls_asn) | ||
52 | #define MHD__gnutls_get_pkix() ((node_asn*) MHD__gnutls_pkix1_asn) | ||
53 | |||
54 | #endif | ||
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c deleted file mode 100644 index f12f4015..00000000 --- a/src/daemon/https/tls/gnutls_handshake.c +++ /dev/null | |||
@@ -1,2804 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* Functions that relate to the TLS handshake procedure. | ||
26 | */ | ||
27 | |||
28 | #include "MHD_config.h" | ||
29 | #include "gnutls_int.h" | ||
30 | #include "gnutls_errors.h" | ||
31 | #include "gnutls_dh.h" | ||
32 | #include "debug.h" | ||
33 | #include "gnutls_algorithms.h" | ||
34 | #include "gnutls_cipher.h" | ||
35 | #include "gnutls_buffers.h" | ||
36 | #include "gnutls_kx.h" | ||
37 | #include "gnutls_handshake.h" | ||
38 | #include "gnutls_num.h" | ||
39 | #include "gnutls_hash_int.h" | ||
40 | #include "gnutls_extensions.h" | ||
41 | #include "gnutls_supplemental.h" | ||
42 | #include "gnutls_auth_int.h" | ||
43 | #include "auth_cert.h" | ||
44 | #include "gnutls_cert.h" | ||
45 | #include "gnutls_constate.h" | ||
46 | #include "gnutls_record.h" | ||
47 | #include "gnutls_state.h" | ||
48 | #include "gnutls_rsa_export.h" /* for MHD_gnutls_get_rsa_params() */ | ||
49 | #include "gc.h" | ||
50 | |||
51 | #ifdef HANDSHAKE_DEBUG | ||
52 | #define ERR(x, y) MHD__gnutls_handshake_log( "HSK[%x]: %s (%d)\n", session, x,y) | ||
53 | #else | ||
54 | #define ERR(x, y) | ||
55 | #endif | ||
56 | |||
57 | #define TRUE 1 | ||
58 | #define FALSE 0 | ||
59 | |||
60 | |||
61 | /* This should be sufficient by now. It should hold all the extensions | ||
62 | * plus the headers in a hello message. | ||
63 | */ | ||
64 | #define MAX_EXT_DATA_LENGTH 1024 | ||
65 | |||
66 | |||
67 | static int MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, | ||
68 | cipher_suite_st ** | ||
69 | cipherSuites, | ||
70 | int numCipherSuites, | ||
71 | enum | ||
72 | MHD_GNUTLS_PublicKeyAlgorithm); | ||
73 | static int MHD_gtls_server_select_suite (MHD_gtls_session_t session, | ||
74 | opaque * data, int datalen); | ||
75 | |||
76 | static int MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len); | ||
77 | |||
78 | static int MHD_gtls_handshake_common (MHD_gtls_session_t session); | ||
79 | |||
80 | static int MHD_gtls_handshake_server (MHD_gtls_session_t session); | ||
81 | |||
82 | #if MHD_DEBUG_TLS | ||
83 | static int MHD_gtls_handshake_client (MHD_gtls_session_t session); | ||
84 | #endif | ||
85 | |||
86 | |||
87 | static int MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session, | ||
88 | opaque * data, int datalen); | ||
89 | |||
90 | |||
91 | /* Clears the handshake hash buffers and handles. | ||
92 | */ | ||
93 | static void | ||
94 | MHD__gnutls_handshake_hash_buffers_clear (MHD_gtls_session_t session) | ||
95 | { | ||
96 | MHD_gnutls_hash_deinit (session->internals.handshake_mac_handle_md5, NULL); | ||
97 | MHD_gnutls_hash_deinit (session->internals.handshake_mac_handle_sha, NULL); | ||
98 | session->internals.handshake_mac_handle_md5 = NULL; | ||
99 | session->internals.handshake_mac_handle_sha = NULL; | ||
100 | MHD_gtls_handshake_buffer_clear (session); | ||
101 | } | ||
102 | |||
103 | /** | ||
104 | * gnutls_handshake_set_max_packet_length - This function will set the maximum length of a handshake message | ||
105 | * @session: is a #gnutls_session_t structure. | ||
106 | * @max: is the maximum number. | ||
107 | * | ||
108 | * This function will set the maximum size of a handshake message. | ||
109 | * Handshake messages over this size are rejected. | ||
110 | * The default value is 16kb which is large enough. Set this to 0 if you do not want | ||
111 | * to set an upper limit. | ||
112 | * | ||
113 | **/ | ||
114 | void | ||
115 | MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t session, | ||
116 | size_t max) | ||
117 | { | ||
118 | session->internals.max_handshake_data_buffer_size = max; | ||
119 | } | ||
120 | |||
121 | |||
122 | static void | ||
123 | MHD_gtls_set_server_random (MHD_gtls_session_t session, uint8_t * rnd) | ||
124 | { | ||
125 | memcpy (session->security_parameters.server_random, rnd, TLS_RANDOM_SIZE); | ||
126 | } | ||
127 | |||
128 | static void | ||
129 | MHD_gtls_set_client_random (MHD_gtls_session_t session, uint8_t * rnd) | ||
130 | { | ||
131 | memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE); | ||
132 | } | ||
133 | |||
134 | /* Calculate The SSL3 Finished message */ | ||
135 | #define SSL3_CLIENT_MSG "CLNT" | ||
136 | #define SSL3_SERVER_MSG "SRVR" | ||
137 | #define SSL_MSG_LEN 4 | ||
138 | static int | ||
139 | MHD__gnutls_ssl3_finished (MHD_gtls_session_t session, int type, opaque * ret) | ||
140 | { | ||
141 | const int siz = SSL_MSG_LEN; | ||
142 | mac_hd_t td_md5; | ||
143 | mac_hd_t td_sha; | ||
144 | const char *mesg; | ||
145 | |||
146 | td_md5 = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_md5); | ||
147 | if (td_md5 == NULL) | ||
148 | { | ||
149 | MHD_gnutls_assert (); | ||
150 | return GNUTLS_E_HASH_FAILED; | ||
151 | } | ||
152 | |||
153 | td_sha = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_sha); | ||
154 | if (td_sha == NULL) | ||
155 | { | ||
156 | MHD_gnutls_assert (); | ||
157 | MHD_gnutls_hash_deinit (td_md5, NULL); | ||
158 | return GNUTLS_E_HASH_FAILED; | ||
159 | } | ||
160 | |||
161 | if (type == GNUTLS_SERVER) | ||
162 | { | ||
163 | mesg = SSL3_SERVER_MSG; | ||
164 | } | ||
165 | else | ||
166 | { | ||
167 | mesg = SSL3_CLIENT_MSG; | ||
168 | } | ||
169 | |||
170 | MHD_gnutls_hash (td_md5, mesg, siz); | ||
171 | MHD_gnutls_hash (td_sha, mesg, siz); | ||
172 | |||
173 | MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, ret, | ||
174 | session->security_parameters. | ||
175 | master_secret, TLS_MASTER_SIZE); | ||
176 | MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &ret[16], | ||
177 | session->security_parameters. | ||
178 | master_secret, TLS_MASTER_SIZE); | ||
179 | |||
180 | return 0; | ||
181 | } | ||
182 | |||
183 | /* Hash the handshake messages as required by TLS 1.0 */ | ||
184 | #define SERVER_MSG "server finished" | ||
185 | #define CLIENT_MSG "client finished" | ||
186 | #define TLS_MSG_LEN 15 | ||
187 | static int | ||
188 | MHD__gnutls_finished (MHD_gtls_session_t session, int type, void *ret) | ||
189 | { | ||
190 | const int siz = TLS_MSG_LEN; | ||
191 | opaque concat[36]; | ||
192 | size_t len; | ||
193 | const char *mesg; | ||
194 | mac_hd_t td_md5 = NULL; | ||
195 | mac_hd_t td_sha; | ||
196 | enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session); | ||
197 | |||
198 | if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) | ||
199 | { | ||
200 | td_md5 = | ||
201 | MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_md5); | ||
202 | if (td_md5 == NULL) | ||
203 | { | ||
204 | MHD_gnutls_assert (); | ||
205 | return GNUTLS_E_HASH_FAILED; | ||
206 | } | ||
207 | } | ||
208 | |||
209 | td_sha = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_sha); | ||
210 | if (td_sha == NULL) | ||
211 | { | ||
212 | MHD_gnutls_assert (); | ||
213 | if (td_md5 != NULL) | ||
214 | MHD_gnutls_hash_deinit (td_md5, NULL); | ||
215 | return GNUTLS_E_HASH_FAILED; | ||
216 | } | ||
217 | |||
218 | if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) | ||
219 | { | ||
220 | MHD_gnutls_hash_deinit (td_md5, concat); | ||
221 | MHD_gnutls_hash_deinit (td_sha, &concat[16]); | ||
222 | len = 20 + 16; | ||
223 | } | ||
224 | else | ||
225 | { | ||
226 | MHD_gnutls_hash_deinit (td_sha, concat); | ||
227 | len = 20; | ||
228 | } | ||
229 | |||
230 | if (type == GNUTLS_SERVER) | ||
231 | { | ||
232 | mesg = SERVER_MSG; | ||
233 | } | ||
234 | else | ||
235 | { | ||
236 | mesg = CLIENT_MSG; | ||
237 | } | ||
238 | |||
239 | return MHD_gtls_PRF (session, session->security_parameters.master_secret, | ||
240 | TLS_MASTER_SIZE, mesg, siz, concat, len, 12, ret); | ||
241 | } | ||
242 | |||
243 | /* this function will produce TLS_RANDOM_SIZE==32 bytes of random data | ||
244 | * and put it to dst. | ||
245 | */ | ||
246 | static int | ||
247 | MHD_gtls_tls_create_random (opaque * dst) | ||
248 | { | ||
249 | uint32_t tim; | ||
250 | |||
251 | /* Use weak random numbers for the most of the | ||
252 | * buffer except for the first 4 that are the | ||
253 | * system's time. | ||
254 | */ | ||
255 | |||
256 | tim = time (NULL); | ||
257 | /* generate server random value */ | ||
258 | MHD_gtls_write_uint32 (tim, dst); | ||
259 | |||
260 | if (MHD_gc_nonce ((char *) &dst[4], TLS_RANDOM_SIZE - 4) != GC_OK) | ||
261 | { | ||
262 | MHD_gnutls_assert (); | ||
263 | return GNUTLS_E_RANDOM_FAILED; | ||
264 | } | ||
265 | |||
266 | return 0; | ||
267 | } | ||
268 | |||
269 | /* returns the 0 on success or a negative value. | ||
270 | */ | ||
271 | static int | ||
272 | MHD_gtls_negotiate_version (MHD_gtls_session_t session, | ||
273 | enum MHD_GNUTLS_Protocol adv_version) | ||
274 | { | ||
275 | int ret; | ||
276 | |||
277 | /* if we do not support that version */ | ||
278 | if (MHD_gtls_version_is_supported (session, adv_version) == 0) | ||
279 | { | ||
280 | /* If he requested something we do not support | ||
281 | * then we send him the highest we support. | ||
282 | */ | ||
283 | ret = MHD_gtls_version_max (session); | ||
284 | } | ||
285 | else | ||
286 | { | ||
287 | ret = adv_version; | ||
288 | } | ||
289 | MHD_gtls_set_current_version (session, ret); | ||
290 | |||
291 | return ret; | ||
292 | } | ||
293 | |||
294 | /* Read a client hello packet. | ||
295 | * A client hello must be a known version client hello | ||
296 | * or version 2.0 client hello (only for compatibility | ||
297 | * since SSL version 2.0 is not supported). | ||
298 | */ | ||
299 | static int | ||
300 | MHD__gnutls_read_client_hello (MHD_gtls_session_t session, opaque * data, | ||
301 | int datalen) | ||
302 | { | ||
303 | uint8_t session_id_len; | ||
304 | int pos = 0, ret = 0; | ||
305 | uint16_t suite_size, comp_size; | ||
306 | enum MHD_GNUTLS_Protocol adv_version; | ||
307 | int neg_version; | ||
308 | int len = datalen; | ||
309 | opaque rnd[TLS_RANDOM_SIZE], *suite_ptr, *comp_ptr; | ||
310 | |||
311 | DECR_LEN (len, 2); | ||
312 | |||
313 | MHD__gnutls_handshake_log ("HSK[%x]: Client's version: %d.%d\n", session, | ||
314 | data[pos], data[pos + 1]); | ||
315 | |||
316 | adv_version = MHD_gtls_version_get (data[pos], data[pos + 1]); | ||
317 | set_adv_version (session, data[pos], data[pos + 1]); | ||
318 | pos += 2; | ||
319 | |||
320 | neg_version = MHD_gtls_negotiate_version (session, adv_version); | ||
321 | if (neg_version < 0) | ||
322 | { | ||
323 | MHD_gnutls_assert (); | ||
324 | return ret; | ||
325 | } | ||
326 | |||
327 | /* Read client random value. | ||
328 | */ | ||
329 | DECR_LEN (len, TLS_RANDOM_SIZE); | ||
330 | MHD_gtls_set_client_random (session, &data[pos]); | ||
331 | pos += TLS_RANDOM_SIZE; | ||
332 | |||
333 | MHD_gtls_tls_create_random (rnd); | ||
334 | MHD_gtls_set_server_random (session, rnd); | ||
335 | |||
336 | session->security_parameters.timestamp = time (NULL); | ||
337 | |||
338 | DECR_LEN (len, 1); | ||
339 | session_id_len = data[pos++]; | ||
340 | |||
341 | /* RESUME SESSION */ | ||
342 | if (session_id_len > TLS_MAX_SESSION_ID_SIZE) | ||
343 | { | ||
344 | MHD_gnutls_assert (); | ||
345 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
346 | } | ||
347 | DECR_LEN (len, session_id_len); | ||
348 | |||
349 | pos += session_id_len; | ||
350 | |||
351 | MHD_gtls_generate_session_id (session->security_parameters.session_id, | ||
352 | &session->security_parameters. | ||
353 | session_id_size); | ||
354 | |||
355 | session->internals.resumed = RESUME_FALSE; | ||
356 | /* Remember ciphersuites for later | ||
357 | */ | ||
358 | DECR_LEN (len, 2); | ||
359 | suite_size = MHD_gtls_read_uint16 (&data[pos]); | ||
360 | pos += 2; | ||
361 | |||
362 | DECR_LEN (len, suite_size); | ||
363 | suite_ptr = &data[pos]; | ||
364 | pos += suite_size; | ||
365 | |||
366 | /* Point to the compression methods | ||
367 | */ | ||
368 | DECR_LEN (len, 1); | ||
369 | comp_size = data[pos++]; /* z is the number of compression methods */ | ||
370 | |||
371 | DECR_LEN (len, comp_size); | ||
372 | comp_ptr = &data[pos]; | ||
373 | pos += comp_size; | ||
374 | |||
375 | /* Parse the extensions (if any) | ||
376 | */ | ||
377 | if (neg_version >= MHD_GNUTLS_PROTOCOL_TLS1_0) | ||
378 | { | ||
379 | ret = MHD_gtls_parse_extensions (session, EXTENSION_APPLICATION, &data[pos], len); /* len is the rest of the parsed length */ | ||
380 | if (ret < 0) | ||
381 | { | ||
382 | MHD_gnutls_assert (); | ||
383 | return ret; | ||
384 | } | ||
385 | } | ||
386 | |||
387 | if (neg_version >= MHD_GNUTLS_PROTOCOL_TLS1_0) | ||
388 | { | ||
389 | ret = MHD_gtls_parse_extensions (session, EXTENSION_TLS, &data[pos], len); /* len is the rest of the parsed length */ | ||
390 | if (ret < 0) | ||
391 | { | ||
392 | MHD_gnutls_assert (); | ||
393 | return ret; | ||
394 | } | ||
395 | } | ||
396 | |||
397 | /* select an appropriate cipher suite | ||
398 | */ | ||
399 | ret = MHD_gtls_server_select_suite (session, suite_ptr, suite_size); | ||
400 | if (ret < 0) | ||
401 | { | ||
402 | MHD_gnutls_assert (); | ||
403 | return ret; | ||
404 | } | ||
405 | |||
406 | /* select appropriate compression method */ | ||
407 | ret = MHD__gnutls_server_select_comp_method (session, comp_ptr, comp_size); | ||
408 | if (ret < 0) | ||
409 | { | ||
410 | MHD_gnutls_assert (); | ||
411 | return ret; | ||
412 | } | ||
413 | |||
414 | return 0; | ||
415 | } | ||
416 | |||
417 | /* here we hash all pending data. | ||
418 | */ | ||
419 | static int | ||
420 | MHD__gnutls_handshake_hash_pending (MHD_gtls_session_t session) | ||
421 | { | ||
422 | size_t siz; | ||
423 | int ret; | ||
424 | opaque *data; | ||
425 | |||
426 | if (session->internals.handshake_mac_handle_sha == NULL || | ||
427 | session->internals.handshake_mac_handle_md5 == NULL) | ||
428 | { | ||
429 | MHD_gnutls_assert (); | ||
430 | return GNUTLS_E_INTERNAL_ERROR; | ||
431 | } | ||
432 | |||
433 | /* We check if there are pending data to hash. | ||
434 | */ | ||
435 | if ((ret = MHD_gtls_handshake_buffer_get_ptr (session, &data, &siz)) < 0) | ||
436 | { | ||
437 | MHD_gnutls_assert (); | ||
438 | return ret; | ||
439 | } | ||
440 | |||
441 | if (siz > 0) | ||
442 | { | ||
443 | MHD_gnutls_hash (session->internals.handshake_mac_handle_sha, data, | ||
444 | siz); | ||
445 | MHD_gnutls_hash (session->internals.handshake_mac_handle_md5, data, | ||
446 | siz); | ||
447 | } | ||
448 | |||
449 | MHD_gtls_handshake_buffer_empty (session); | ||
450 | |||
451 | return 0; | ||
452 | } | ||
453 | |||
454 | |||
455 | /* This is to be called after sending CHANGE CIPHER SPEC packet | ||
456 | * and initializing encryption. This is the first encrypted message | ||
457 | * we send. | ||
458 | */ | ||
459 | static int | ||
460 | MHD__gnutls_send_finished (MHD_gtls_session_t session, int again) | ||
461 | { | ||
462 | uint8_t data[36]; | ||
463 | int ret; | ||
464 | int data_size = 0; | ||
465 | |||
466 | |||
467 | if (again == 0) | ||
468 | { | ||
469 | |||
470 | /* This is needed in order to hash all the required | ||
471 | * messages. | ||
472 | */ | ||
473 | if ((ret = MHD__gnutls_handshake_hash_pending (session)) < 0) | ||
474 | { | ||
475 | MHD_gnutls_assert (); | ||
476 | return ret; | ||
477 | } | ||
478 | |||
479 | if (MHD__gnutls_protocol_get_version (session) == | ||
480 | MHD_GNUTLS_PROTOCOL_SSL3) | ||
481 | { | ||
482 | ret = | ||
483 | MHD__gnutls_ssl3_finished (session, | ||
484 | session->security_parameters.entity, | ||
485 | data); | ||
486 | data_size = 36; | ||
487 | } | ||
488 | else | ||
489 | { /* TLS 1.0 */ | ||
490 | ret = | ||
491 | MHD__gnutls_finished (session, | ||
492 | session->security_parameters.entity, data); | ||
493 | data_size = 12; | ||
494 | } | ||
495 | |||
496 | if (ret < 0) | ||
497 | { | ||
498 | MHD_gnutls_assert (); | ||
499 | return ret; | ||
500 | } | ||
501 | |||
502 | } | ||
503 | |||
504 | ret = | ||
505 | MHD_gtls_send_handshake (session, data, data_size, | ||
506 | GNUTLS_HANDSHAKE_FINISHED); | ||
507 | |||
508 | return ret; | ||
509 | } | ||
510 | |||
511 | /* This is to be called after sending our finished message. If everything | ||
512 | * went fine we have negotiated a secure connection | ||
513 | */ | ||
514 | static int | ||
515 | MHD__gnutls_recv_finished (MHD_gtls_session_t session) | ||
516 | { | ||
517 | uint8_t data[36], *vrfy; | ||
518 | int data_size; | ||
519 | int ret; | ||
520 | int vrfysize; | ||
521 | |||
522 | ret = | ||
523 | MHD_gtls_recv_handshake (session, &vrfy, &vrfysize, | ||
524 | GNUTLS_HANDSHAKE_FINISHED, MANDATORY_PACKET); | ||
525 | if (ret < 0) | ||
526 | { | ||
527 | ERR ("recv finished int", ret); | ||
528 | MHD_gnutls_assert (); | ||
529 | return ret; | ||
530 | } | ||
531 | |||
532 | |||
533 | if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) | ||
534 | { | ||
535 | data_size = 36; | ||
536 | } | ||
537 | else | ||
538 | { | ||
539 | data_size = 12; | ||
540 | } | ||
541 | |||
542 | if (vrfysize != data_size) | ||
543 | { | ||
544 | MHD_gnutls_assert (); | ||
545 | MHD_gnutls_free (vrfy); | ||
546 | return GNUTLS_E_ERROR_IN_FINISHED_PACKET; | ||
547 | } | ||
548 | |||
549 | if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) | ||
550 | { | ||
551 | ret = | ||
552 | MHD__gnutls_ssl3_finished (session, | ||
553 | (session->security_parameters.entity + | ||
554 | 1) % 2, data); | ||
555 | } | ||
556 | else | ||
557 | { /* TLS 1.0 */ | ||
558 | ret = | ||
559 | MHD__gnutls_finished (session, | ||
560 | (session->security_parameters.entity + | ||
561 | 1) % 2, data); | ||
562 | } | ||
563 | |||
564 | if (ret < 0) | ||
565 | { | ||
566 | MHD_gnutls_assert (); | ||
567 | MHD_gnutls_free (vrfy); | ||
568 | return ret; | ||
569 | } | ||
570 | |||
571 | if (memcmp (vrfy, data, data_size) != 0) | ||
572 | { | ||
573 | MHD_gnutls_assert (); | ||
574 | ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET; | ||
575 | } | ||
576 | MHD_gnutls_free (vrfy); | ||
577 | |||
578 | return ret; | ||
579 | } | ||
580 | |||
581 | /* returns PK_RSA if the given cipher suite list only supports, | ||
582 | * RSA algorithms, PK_DSA if DSS, and PK_ANY for both or PK_NONE for none. | ||
583 | */ | ||
584 | static int | ||
585 | MHD__gnutls_server_find_pk_algos_in_ciphersuites (const opaque * | ||
586 | data, int datalen) | ||
587 | { | ||
588 | int j; | ||
589 | enum MHD_GNUTLS_PublicKeyAlgorithm algo = GNUTLS_PK_NONE, prev_algo = 0; | ||
590 | enum MHD_GNUTLS_KeyExchangeAlgorithm kx; | ||
591 | cipher_suite_st cs; | ||
592 | |||
593 | if (datalen % 2 != 0) | ||
594 | { | ||
595 | MHD_gnutls_assert (); | ||
596 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
597 | } | ||
598 | |||
599 | for (j = 0; j < datalen; j += 2) | ||
600 | { | ||
601 | memcpy (&cs.suite, &data[j], 2); | ||
602 | kx = MHD_gtls_cipher_suite_get_kx_algo (&cs); | ||
603 | |||
604 | if (MHD_gtls_map_kx_get_cred (kx, 1) == MHD_GNUTLS_CRD_CERTIFICATE) | ||
605 | { | ||
606 | algo = MHD_gtls_map_pk_get_pk (kx); | ||
607 | |||
608 | if (algo != prev_algo && prev_algo != 0) | ||
609 | return GNUTLS_PK_ANY; | ||
610 | prev_algo = algo; | ||
611 | } | ||
612 | } | ||
613 | |||
614 | return algo; | ||
615 | } | ||
616 | |||
617 | |||
618 | /* This selects the best supported ciphersuite from the given ones. Then | ||
619 | * it adds the suite to the session and performs some checks. | ||
620 | */ | ||
621 | static int | ||
622 | MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data, | ||
623 | int datalen) | ||
624 | { | ||
625 | int x, i, j; | ||
626 | cipher_suite_st *ciphers, cs; | ||
627 | int retval, err; | ||
628 | enum MHD_GNUTLS_PublicKeyAlgorithm pk_algo; /* will hold the pk algorithms | ||
629 | * supported by the peer. | ||
630 | */ | ||
631 | |||
632 | pk_algo = MHD__gnutls_server_find_pk_algos_in_ciphersuites (data, datalen); | ||
633 | |||
634 | x = MHD_gtls_supported_ciphersuites (session, &ciphers); | ||
635 | if (x < 0) | ||
636 | { /* the case x==0 is handled within the function. */ | ||
637 | MHD_gnutls_assert (); | ||
638 | return x; | ||
639 | } | ||
640 | |||
641 | /* Here we remove any ciphersuite that does not conform | ||
642 | * the certificate requested, or to the | ||
643 | * authentication requested (e.g. SRP). | ||
644 | */ | ||
645 | x = MHD_gtls_remove_unwanted_ciphersuites (session, &ciphers, x, pk_algo); | ||
646 | if (x <= 0) | ||
647 | { | ||
648 | MHD_gnutls_assert (); | ||
649 | MHD_gnutls_free (ciphers); | ||
650 | if (x < 0) | ||
651 | return x; | ||
652 | else | ||
653 | return GNUTLS_E_UNKNOWN_CIPHER_SUITE; | ||
654 | } | ||
655 | |||
656 | /* Data length should be zero mod 2 since | ||
657 | * every ciphersuite is 2 bytes. (this check is needed | ||
658 | * see below). | ||
659 | */ | ||
660 | if (datalen % 2 != 0) | ||
661 | { | ||
662 | MHD_gnutls_assert (); | ||
663 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
664 | } | ||
665 | memset (session->security_parameters.current_cipher_suite.suite, '\0', 2); | ||
666 | |||
667 | retval = GNUTLS_E_UNKNOWN_CIPHER_SUITE; | ||
668 | |||
669 | for (j = 0; j < datalen; j += 2) | ||
670 | { | ||
671 | for (i = 0; i < x; i++) | ||
672 | { | ||
673 | if (memcmp (ciphers[i].suite, &data[j], 2) == 0) | ||
674 | { | ||
675 | memcpy (&cs.suite, &data[j], 2); | ||
676 | |||
677 | MHD__gnutls_handshake_log | ||
678 | ("HSK[%x]: Selected cipher suite: %s\n", session, | ||
679 | MHD_gtls_cipher_suite_get_name (&cs)); | ||
680 | memcpy (session->security_parameters.current_cipher_suite.suite, | ||
681 | ciphers[i].suite, 2); | ||
682 | retval = 0; | ||
683 | goto finish; | ||
684 | } | ||
685 | } | ||
686 | } | ||
687 | |||
688 | finish: | ||
689 | MHD_gnutls_free (ciphers); | ||
690 | |||
691 | if (retval != 0) | ||
692 | { | ||
693 | MHD_gnutls_assert (); | ||
694 | return retval; | ||
695 | } | ||
696 | |||
697 | /* check if the credentials (username, public key etc.) are ok | ||
698 | */ | ||
699 | if (MHD_gtls_get_kx_cred | ||
700 | (session, | ||
701 | MHD_gtls_cipher_suite_get_kx_algo (&session->security_parameters. | ||
702 | current_cipher_suite), &err) == NULL | ||
703 | && err != 0) | ||
704 | { | ||
705 | MHD_gnutls_assert (); | ||
706 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
707 | } | ||
708 | |||
709 | |||
710 | /* set the MHD_gtls_mod_auth_st to the appropriate struct | ||
711 | * according to the KX algorithm. This is needed since all the | ||
712 | * handshake functions are read from there; | ||
713 | */ | ||
714 | session->internals.auth_struct = | ||
715 | MHD_gtls_kx_auth_struct (MHD_gtls_cipher_suite_get_kx_algo | ||
716 | (&session->security_parameters. | ||
717 | current_cipher_suite)); | ||
718 | if (session->internals.auth_struct == NULL) | ||
719 | { | ||
720 | |||
721 | MHD__gnutls_handshake_log | ||
722 | ("HSK[%x]: Cannot find the appropriate handler for the KX algorithm\n", | ||
723 | session); | ||
724 | MHD_gnutls_assert (); | ||
725 | return GNUTLS_E_INTERNAL_ERROR; | ||
726 | } | ||
727 | |||
728 | return 0; | ||
729 | |||
730 | } | ||
731 | |||
732 | |||
733 | /* This selects the best supported compression method from the ones provided | ||
734 | */ | ||
735 | static int | ||
736 | MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session, | ||
737 | opaque * data, int datalen) | ||
738 | { | ||
739 | int x, i, j; | ||
740 | uint8_t *comps; | ||
741 | |||
742 | x = MHD_gtls_supported_compression_methods (session, &comps); | ||
743 | if (x < 0) | ||
744 | { | ||
745 | MHD_gnutls_assert (); | ||
746 | return x; | ||
747 | } | ||
748 | |||
749 | memset (&session->internals.compression_method, 0, | ||
750 | sizeof (enum MHD_GNUTLS_CompressionMethod)); | ||
751 | |||
752 | for (j = 0; j < datalen; j++) | ||
753 | { | ||
754 | for (i = 0; i < x; i++) | ||
755 | { | ||
756 | if (comps[i] == data[j]) | ||
757 | { | ||
758 | enum MHD_GNUTLS_CompressionMethod method = | ||
759 | MHD_gtls_compression_get_id_from_int (comps[i]); | ||
760 | |||
761 | session->internals.compression_method = method; | ||
762 | MHD_gnutls_free (comps); | ||
763 | return 0; | ||
764 | } | ||
765 | } | ||
766 | } | ||
767 | |||
768 | /* we were not able to find a compatible compression | ||
769 | * algorithm | ||
770 | */ | ||
771 | MHD_gnutls_free (comps); | ||
772 | MHD_gnutls_assert (); | ||
773 | return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; | ||
774 | |||
775 | } | ||
776 | |||
777 | /* This function sends an empty handshake packet. (like hello request). | ||
778 | * If the previous MHD__gnutls_send_empty_handshake() returned | ||
779 | * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again | ||
780 | * (until it returns ok), with NULL parameters. | ||
781 | */ | ||
782 | static int | ||
783 | MHD__gnutls_send_empty_handshake (MHD_gtls_session_t session, | ||
784 | MHD_gnutls_handshake_description_t type, | ||
785 | int again) | ||
786 | { | ||
787 | opaque data = 0; | ||
788 | opaque *ptr; | ||
789 | |||
790 | if (again == 0) | ||
791 | ptr = &data; | ||
792 | else | ||
793 | ptr = NULL; | ||
794 | |||
795 | return MHD_gtls_send_handshake (session, ptr, 0, type); | ||
796 | } | ||
797 | |||
798 | |||
799 | /* This function will hash the handshake message we sent. */ | ||
800 | static int | ||
801 | MHD__gnutls_handshake_hash_add_sent (MHD_gtls_session_t session, | ||
802 | MHD_gnutls_handshake_description_t type, | ||
803 | opaque * dataptr, uint32_t datalen) | ||
804 | { | ||
805 | int ret; | ||
806 | |||
807 | if ((ret = MHD__gnutls_handshake_hash_pending (session)) < 0) | ||
808 | { | ||
809 | MHD_gnutls_assert (); | ||
810 | return ret; | ||
811 | } | ||
812 | |||
813 | if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) | ||
814 | { | ||
815 | MHD_gnutls_hash (session->internals.handshake_mac_handle_sha, dataptr, | ||
816 | datalen); | ||
817 | MHD_gnutls_hash (session->internals.handshake_mac_handle_md5, dataptr, | ||
818 | datalen); | ||
819 | } | ||
820 | |||
821 | return 0; | ||
822 | } | ||
823 | |||
824 | |||
825 | /* This function sends a handshake message of type 'type' containing the | ||
826 | * data specified here. If the previous MHD_gtls_send_handshake() returned | ||
827 | * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again | ||
828 | * (until it returns ok), with NULL parameters. | ||
829 | */ | ||
830 | int | ||
831 | MHD_gtls_send_handshake (MHD_gtls_session_t session, void *i_data, | ||
832 | uint32_t i_datasize, | ||
833 | MHD_gnutls_handshake_description_t type) | ||
834 | { | ||
835 | int ret; | ||
836 | uint8_t *data; | ||
837 | uint32_t datasize; | ||
838 | int pos = 0; | ||
839 | |||
840 | if (i_data == NULL && i_datasize == 0) | ||
841 | { | ||
842 | /* we are resuming a previously interrupted | ||
843 | * send. | ||
844 | */ | ||
845 | ret = MHD_gtls_handshake_io_write_flush (session); | ||
846 | return ret; | ||
847 | |||
848 | } | ||
849 | |||
850 | if (i_data == NULL && i_datasize > 0) | ||
851 | { | ||
852 | MHD_gnutls_assert (); | ||
853 | return GNUTLS_E_INVALID_REQUEST; | ||
854 | } | ||
855 | |||
856 | /* first run */ | ||
857 | datasize = i_datasize + HANDSHAKE_HEADER_SIZE; | ||
858 | data = MHD_gnutls_alloca (datasize); | ||
859 | if (data == NULL) | ||
860 | { | ||
861 | MHD_gnutls_assert (); | ||
862 | return GNUTLS_E_MEMORY_ERROR; | ||
863 | } | ||
864 | |||
865 | data[pos++] = (uint8_t) type; | ||
866 | MHD_gtls_write_uint24 (i_datasize, &data[pos]); | ||
867 | pos += 3; | ||
868 | |||
869 | if (i_datasize > 0) | ||
870 | memcpy (&data[pos], i_data, i_datasize); | ||
871 | |||
872 | /* Here we keep the handshake messages in order to hash them... | ||
873 | */ | ||
874 | if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) | ||
875 | if ((ret = | ||
876 | MHD__gnutls_handshake_hash_add_sent (session, type, data, | ||
877 | datasize)) < 0) | ||
878 | { | ||
879 | MHD_gnutls_assert (); | ||
880 | MHD_gnutls_afree (data); | ||
881 | return ret; | ||
882 | } | ||
883 | |||
884 | session->internals.last_handshake_out = type; | ||
885 | |||
886 | ret = | ||
887 | MHD_gtls_handshake_io_send_int (session, GNUTLS_HANDSHAKE, type, | ||
888 | data, datasize); | ||
889 | |||
890 | MHD__gnutls_handshake_log ("HSK[%x]: %s was sent [%ld bytes]\n", | ||
891 | session, MHD__gnutls_handshake2str (type), | ||
892 | (long) datasize); | ||
893 | |||
894 | MHD_gnutls_afree (data); | ||
895 | |||
896 | return ret; | ||
897 | } | ||
898 | |||
899 | /* This function will read the handshake header and return it to the caller. If the | ||
900 | * received handshake packet is not the one expected then it buffers the header, and | ||
901 | * returns UNEXPECTED_HANDSHAKE_PACKET. | ||
902 | * | ||
903 | * FIXME: This function is complex. | ||
904 | */ | ||
905 | #define SSL2_HEADERS 1 | ||
906 | static int | ||
907 | MHD__gnutls_recv_handshake_header (MHD_gtls_session_t session, | ||
908 | MHD_gnutls_handshake_description_t type, | ||
909 | MHD_gnutls_handshake_description_t * | ||
910 | recv_type) | ||
911 | { | ||
912 | int ret; | ||
913 | uint32_t length32 = 0; | ||
914 | uint8_t *dataptr = NULL; /* for realloc */ | ||
915 | size_t handshake_header_size = HANDSHAKE_HEADER_SIZE; | ||
916 | |||
917 | /* if we have data into the buffer then return them, do not read the next packet. | ||
918 | * In order to return we need a full TLS handshake header, or in case of a version 2 | ||
919 | * packet, then we return the first byte. | ||
920 | */ | ||
921 | if (session->internals.handshake_header_buffer.header_size == | ||
922 | handshake_header_size || (session->internals.v2_hello != 0 | ||
923 | && type == GNUTLS_HANDSHAKE_CLIENT_HELLO | ||
924 | && session->internals. | ||
925 | handshake_header_buffer.packet_length > 0)) | ||
926 | { | ||
927 | |||
928 | *recv_type = session->internals.handshake_header_buffer.recv_type; | ||
929 | |||
930 | return session->internals.handshake_header_buffer.packet_length; | ||
931 | } | ||
932 | |||
933 | /* Note: SSL2_HEADERS == 1 */ | ||
934 | |||
935 | dataptr = session->internals.handshake_header_buffer.header; | ||
936 | |||
937 | /* If we haven't already read the handshake headers. | ||
938 | */ | ||
939 | if (session->internals.handshake_header_buffer.header_size < SSL2_HEADERS) | ||
940 | { | ||
941 | ret = | ||
942 | MHD_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, | ||
943 | type, dataptr, SSL2_HEADERS); | ||
944 | |||
945 | if (ret < 0) | ||
946 | { | ||
947 | MHD_gnutls_assert (); | ||
948 | return ret; | ||
949 | } | ||
950 | |||
951 | /* The case ret==0 is caught here. | ||
952 | */ | ||
953 | if (ret != SSL2_HEADERS) | ||
954 | { | ||
955 | MHD_gnutls_assert (); | ||
956 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
957 | } | ||
958 | session->internals.handshake_header_buffer.header_size = SSL2_HEADERS; | ||
959 | } | ||
960 | |||
961 | if (session->internals.v2_hello == 0 | ||
962 | || type != GNUTLS_HANDSHAKE_CLIENT_HELLO) | ||
963 | { | ||
964 | ret = | ||
965 | MHD_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, | ||
966 | type, | ||
967 | &dataptr | ||
968 | [session->internals. | ||
969 | handshake_header_buffer.header_size], | ||
970 | HANDSHAKE_HEADER_SIZE - | ||
971 | session->internals. | ||
972 | handshake_header_buffer.header_size); | ||
973 | if (ret <= 0) | ||
974 | { | ||
975 | MHD_gnutls_assert (); | ||
976 | return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
977 | } | ||
978 | if ((size_t) ret != | ||
979 | HANDSHAKE_HEADER_SIZE - | ||
980 | session->internals.handshake_header_buffer.header_size) | ||
981 | { | ||
982 | MHD_gnutls_assert (); | ||
983 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
984 | } | ||
985 | *recv_type = dataptr[0]; | ||
986 | |||
987 | /* we do not use DECR_LEN because we know | ||
988 | * that the packet has enough data. | ||
989 | */ | ||
990 | length32 = MHD_gtls_read_uint24 (&dataptr[1]); | ||
991 | handshake_header_size = HANDSHAKE_HEADER_SIZE; | ||
992 | |||
993 | MHD__gnutls_handshake_log ("HSK[%x]: %s was received [%ld bytes]\n", | ||
994 | session, | ||
995 | MHD__gnutls_handshake2str (dataptr[0]), | ||
996 | length32 + HANDSHAKE_HEADER_SIZE); | ||
997 | |||
998 | } | ||
999 | else | ||
1000 | { /* v2 hello */ | ||
1001 | length32 = session->internals.v2_hello - SSL2_HEADERS; /* we've read the first byte */ | ||
1002 | |||
1003 | handshake_header_size = SSL2_HEADERS; /* we've already read one byte */ | ||
1004 | |||
1005 | *recv_type = dataptr[0]; | ||
1006 | |||
1007 | MHD__gnutls_handshake_log ("HSK[%x]: %s(v2) was received [%ld bytes]\n", | ||
1008 | session, | ||
1009 | MHD__gnutls_handshake2str (*recv_type), | ||
1010 | length32 + handshake_header_size); | ||
1011 | |||
1012 | if (*recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO) | ||
1013 | { /* it should be one or nothing */ | ||
1014 | MHD_gnutls_assert (); | ||
1015 | return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; | ||
1016 | } | ||
1017 | } | ||
1018 | |||
1019 | /* put the packet into the buffer */ | ||
1020 | session->internals.handshake_header_buffer.header_size = | ||
1021 | handshake_header_size; | ||
1022 | session->internals.handshake_header_buffer.packet_length = length32; | ||
1023 | session->internals.handshake_header_buffer.recv_type = *recv_type; | ||
1024 | |||
1025 | if (*recv_type != type) | ||
1026 | { | ||
1027 | MHD_gnutls_assert (); | ||
1028 | return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; | ||
1029 | } | ||
1030 | |||
1031 | return length32; | ||
1032 | } | ||
1033 | |||
1034 | #define MHD__gnutls_handshake_header_buffer_clear( session) session->internals.handshake_header_buffer.header_size = 0 | ||
1035 | |||
1036 | /* This function will hash the handshake headers and the | ||
1037 | * handshake data. | ||
1038 | */ | ||
1039 | static int | ||
1040 | MHD__gnutls_handshake_hash_add_recvd (MHD_gtls_session_t session, | ||
1041 | MHD_gnutls_handshake_description_t | ||
1042 | recv_type, opaque * header, | ||
1043 | uint16_t header_size, opaque * dataptr, | ||
1044 | uint32_t datalen) | ||
1045 | { | ||
1046 | int ret; | ||
1047 | |||
1048 | /* The idea here is to hash the previous message we received, | ||
1049 | * and add the one we just received into the handshake_hash_buffer. | ||
1050 | */ | ||
1051 | |||
1052 | if ((ret = MHD__gnutls_handshake_hash_pending (session)) < 0) | ||
1053 | { | ||
1054 | MHD_gnutls_assert (); | ||
1055 | return ret; | ||
1056 | } | ||
1057 | |||
1058 | /* here we buffer the handshake messages - needed at Finished message */ | ||
1059 | if (recv_type != GNUTLS_HANDSHAKE_HELLO_REQUEST) | ||
1060 | { | ||
1061 | |||
1062 | if ((ret = | ||
1063 | MHD_gtls_handshake_buffer_put (session, header, header_size)) < 0) | ||
1064 | { | ||
1065 | MHD_gnutls_assert (); | ||
1066 | return ret; | ||
1067 | } | ||
1068 | |||
1069 | if (datalen > 0) | ||
1070 | { | ||
1071 | if ((ret = | ||
1072 | MHD_gtls_handshake_buffer_put (session, dataptr, datalen)) < 0) | ||
1073 | { | ||
1074 | MHD_gnutls_assert (); | ||
1075 | return ret; | ||
1076 | } | ||
1077 | } | ||
1078 | } | ||
1079 | |||
1080 | return 0; | ||
1081 | } | ||
1082 | |||
1083 | /* This function will receive handshake messages of the given types, | ||
1084 | * and will pass the message to the right place in order to be processed. | ||
1085 | * E.g. for the SERVER_HELLO message (if it is expected), it will be | ||
1086 | * passed to MHD_gtls_recv_hello(). | ||
1087 | */ | ||
1088 | int | ||
1089 | MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t ** data, | ||
1090 | int *datalen, | ||
1091 | MHD_gnutls_handshake_description_t type, | ||
1092 | Optional optional) | ||
1093 | { | ||
1094 | int ret; | ||
1095 | uint32_t length32 = 0; | ||
1096 | opaque *dataptr = NULL; | ||
1097 | MHD_gnutls_handshake_description_t recv_type; | ||
1098 | |||
1099 | ret = MHD__gnutls_recv_handshake_header (session, type, &recv_type); | ||
1100 | if (ret < 0) | ||
1101 | { | ||
1102 | |||
1103 | if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET | ||
1104 | && optional == OPTIONAL_PACKET) | ||
1105 | { | ||
1106 | if (datalen != NULL) | ||
1107 | *datalen = 0; | ||
1108 | if (data != NULL) | ||
1109 | *data = NULL; | ||
1110 | return 0; /* ok just ignore the packet */ | ||
1111 | } | ||
1112 | |||
1113 | return ret; | ||
1114 | } | ||
1115 | |||
1116 | session->internals.last_handshake_in = recv_type; | ||
1117 | |||
1118 | length32 = ret; | ||
1119 | |||
1120 | if (length32 > 0) | ||
1121 | dataptr = MHD_gnutls_malloc (length32); | ||
1122 | else if (recv_type != GNUTLS_HANDSHAKE_SERVER_HELLO_DONE) | ||
1123 | { | ||
1124 | MHD_gnutls_assert (); | ||
1125 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
1126 | } | ||
1127 | |||
1128 | if (dataptr == NULL && length32 > 0) | ||
1129 | { | ||
1130 | MHD_gnutls_assert (); | ||
1131 | return GNUTLS_E_MEMORY_ERROR; | ||
1132 | } | ||
1133 | |||
1134 | if (datalen != NULL) | ||
1135 | *datalen = length32; | ||
1136 | |||
1137 | if (length32 > 0) | ||
1138 | { | ||
1139 | ret = | ||
1140 | MHD_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, | ||
1141 | type, dataptr, length32); | ||
1142 | if (ret <= 0) | ||
1143 | { | ||
1144 | MHD_gnutls_assert (); | ||
1145 | MHD_gnutls_free (dataptr); | ||
1146 | return (ret == 0) ? GNUTLS_E_UNEXPECTED_PACKET_LENGTH : ret; | ||
1147 | } | ||
1148 | } | ||
1149 | |||
1150 | if (data != NULL && length32 > 0) | ||
1151 | *data = dataptr; | ||
1152 | |||
1153 | |||
1154 | ret = MHD__gnutls_handshake_hash_add_recvd (session, recv_type, | ||
1155 | session->internals. | ||
1156 | handshake_header_buffer.header, | ||
1157 | session->internals. | ||
1158 | handshake_header_buffer.header_size, | ||
1159 | dataptr, length32); | ||
1160 | if (ret < 0) | ||
1161 | { | ||
1162 | MHD_gnutls_assert (); | ||
1163 | MHD__gnutls_handshake_header_buffer_clear (session); | ||
1164 | return ret; | ||
1165 | } | ||
1166 | |||
1167 | /* If we fail before this then we will reuse the handshake header | ||
1168 | * have have received above. if we get here the we clear the handshake | ||
1169 | * header we received. | ||
1170 | */ | ||
1171 | MHD__gnutls_handshake_header_buffer_clear (session); | ||
1172 | |||
1173 | switch (recv_type) | ||
1174 | { | ||
1175 | case GNUTLS_HANDSHAKE_CLIENT_HELLO: | ||
1176 | case GNUTLS_HANDSHAKE_SERVER_HELLO: | ||
1177 | ret = MHD_gtls_recv_hello (session, dataptr, length32); | ||
1178 | /* dataptr is freed because the caller does not | ||
1179 | * need it */ | ||
1180 | MHD_gnutls_free (dataptr); | ||
1181 | if (data != NULL) | ||
1182 | *data = NULL; | ||
1183 | break; | ||
1184 | case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: | ||
1185 | if (length32 == 0) | ||
1186 | ret = 0; | ||
1187 | else | ||
1188 | ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
1189 | break; | ||
1190 | case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: | ||
1191 | case GNUTLS_HANDSHAKE_FINISHED: | ||
1192 | case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: | ||
1193 | case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: | ||
1194 | case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: | ||
1195 | case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: | ||
1196 | case GNUTLS_HANDSHAKE_SUPPLEMENTAL: | ||
1197 | ret = length32; | ||
1198 | break; | ||
1199 | default: | ||
1200 | MHD_gnutls_assert (); | ||
1201 | MHD_gnutls_free (dataptr); | ||
1202 | if (data != NULL) | ||
1203 | *data = NULL; | ||
1204 | ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; | ||
1205 | } | ||
1206 | |||
1207 | return ret; | ||
1208 | } | ||
1209 | |||
1210 | #if MHD_DEBUG_TLS | ||
1211 | /* This function checks if the given cipher suite is supported, and sets it | ||
1212 | * to the session; | ||
1213 | */ | ||
1214 | static int | ||
1215 | MHD__gnutls_client_set_ciphersuite (MHD_gtls_session_t session, | ||
1216 | opaque suite[2]) | ||
1217 | { | ||
1218 | uint8_t z; | ||
1219 | cipher_suite_st *cipher_suites; | ||
1220 | int cipher_suite_num; | ||
1221 | int i, err; | ||
1222 | |||
1223 | z = 1; | ||
1224 | cipher_suite_num = | ||
1225 | MHD_gtls_supported_ciphersuites (session, &cipher_suites); | ||
1226 | if (cipher_suite_num < 0) | ||
1227 | { | ||
1228 | MHD_gnutls_assert (); | ||
1229 | return cipher_suite_num; | ||
1230 | } | ||
1231 | |||
1232 | for (i = 0; i < cipher_suite_num; i++) | ||
1233 | { | ||
1234 | if (memcmp (&cipher_suites[i], suite, 2) == 0) | ||
1235 | { | ||
1236 | z = 0; | ||
1237 | break; | ||
1238 | } | ||
1239 | } | ||
1240 | |||
1241 | MHD_gnutls_free (cipher_suites); | ||
1242 | |||
1243 | if (z != 0) | ||
1244 | { | ||
1245 | MHD_gnutls_assert (); | ||
1246 | return GNUTLS_E_UNKNOWN_CIPHER_SUITE; | ||
1247 | } | ||
1248 | |||
1249 | memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2); | ||
1250 | |||
1251 | MHD__gnutls_handshake_log ("HSK[%x]: Selected cipher suite: %s\n", session, | ||
1252 | MHD_gtls_cipher_suite_get_name | ||
1253 | (&session->security_parameters. | ||
1254 | current_cipher_suite)); | ||
1255 | |||
1256 | |||
1257 | /* check if the credentials (username, public key etc.) are ok. | ||
1258 | * Actually checks if they exist. | ||
1259 | */ | ||
1260 | if (MHD_gtls_get_kx_cred | ||
1261 | (session, | ||
1262 | MHD_gtls_cipher_suite_get_kx_algo | ||
1263 | (&session->security_parameters.current_cipher_suite), &err) == NULL | ||
1264 | && err != 0) | ||
1265 | { | ||
1266 | MHD_gnutls_assert (); | ||
1267 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
1268 | } | ||
1269 | |||
1270 | |||
1271 | /* set the MHD_gtls_mod_auth_st to the appropriate struct | ||
1272 | * according to the KX algorithm. This is needed since all the | ||
1273 | * handshake functions are read from there; | ||
1274 | */ | ||
1275 | session->internals.auth_struct = | ||
1276 | MHD_gtls_kx_auth_struct (MHD_gtls_cipher_suite_get_kx_algo | ||
1277 | (&session->security_parameters. | ||
1278 | current_cipher_suite)); | ||
1279 | |||
1280 | if (session->internals.auth_struct == NULL) | ||
1281 | { | ||
1282 | |||
1283 | MHD__gnutls_handshake_log | ||
1284 | ("HSK[%x]: Cannot find the appropriate handler for the KX algorithm\n", | ||
1285 | session); | ||
1286 | MHD_gnutls_assert (); | ||
1287 | return GNUTLS_E_INTERNAL_ERROR; | ||
1288 | } | ||
1289 | |||
1290 | |||
1291 | return 0; | ||
1292 | } | ||
1293 | |||
1294 | |||
1295 | /* This function sets the given comp method to the session. | ||
1296 | */ | ||
1297 | static int | ||
1298 | MHD__gnutls_client_set_comp_method (MHD_gtls_session_t session, | ||
1299 | opaque comp_method) | ||
1300 | { | ||
1301 | int comp_methods_num; | ||
1302 | uint8_t *compression_methods; | ||
1303 | int i; | ||
1304 | |||
1305 | comp_methods_num = MHD_gtls_supported_compression_methods (session, | ||
1306 | &compression_methods); | ||
1307 | if (comp_methods_num < 0) | ||
1308 | { | ||
1309 | MHD_gnutls_assert (); | ||
1310 | return comp_methods_num; | ||
1311 | } | ||
1312 | |||
1313 | for (i = 0; i < comp_methods_num; i++) | ||
1314 | { | ||
1315 | if (compression_methods[i] == comp_method) | ||
1316 | { | ||
1317 | comp_methods_num = 0; | ||
1318 | break; | ||
1319 | } | ||
1320 | } | ||
1321 | |||
1322 | MHD_gnutls_free (compression_methods); | ||
1323 | |||
1324 | if (comp_methods_num != 0) | ||
1325 | { | ||
1326 | MHD_gnutls_assert (); | ||
1327 | return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; | ||
1328 | } | ||
1329 | |||
1330 | session->internals.compression_method = | ||
1331 | MHD_gtls_compression_get_id_from_int (comp_method); | ||
1332 | |||
1333 | |||
1334 | return 0; | ||
1335 | } | ||
1336 | |||
1337 | /* This function returns 0 if we are resuming a session or -1 otherwise. | ||
1338 | * This also sets the variables in the session. Used only while reading a server | ||
1339 | * hello. | ||
1340 | */ | ||
1341 | static int | ||
1342 | MHD__gnutls_client_check_if_resuming (MHD_gtls_session_t session, | ||
1343 | opaque * session_id, int session_id_len) | ||
1344 | { | ||
1345 | opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1]; | ||
1346 | |||
1347 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID length: %d\n", session, | ||
1348 | session_id_len); | ||
1349 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, | ||
1350 | MHD_gtls_bin2hex (session_id, session_id_len, | ||
1351 | (char *) buf, sizeof (buf))); | ||
1352 | |||
1353 | if (session_id_len > 0 && | ||
1354 | session->internals.resumed_security_parameters.session_id_size == | ||
1355 | session_id_len | ||
1356 | && memcmp (session_id, | ||
1357 | session->internals.resumed_security_parameters.session_id, | ||
1358 | session_id_len) == 0) | ||
1359 | { | ||
1360 | /* resume session */ | ||
1361 | memcpy (session->internals.resumed_security_parameters.server_random, | ||
1362 | session->security_parameters.server_random, TLS_RANDOM_SIZE); | ||
1363 | memcpy (session->internals.resumed_security_parameters.client_random, | ||
1364 | session->security_parameters.client_random, TLS_RANDOM_SIZE); | ||
1365 | session->internals.resumed = RESUME_TRUE; /* we are resuming */ | ||
1366 | |||
1367 | return 0; | ||
1368 | } | ||
1369 | else | ||
1370 | { | ||
1371 | /* keep the new session id */ | ||
1372 | session->internals.resumed = RESUME_FALSE; /* we are not resuming */ | ||
1373 | session->security_parameters.session_id_size = session_id_len; | ||
1374 | memcpy (session->security_parameters.session_id, | ||
1375 | session_id, session_id_len); | ||
1376 | |||
1377 | return -1; | ||
1378 | } | ||
1379 | } | ||
1380 | |||
1381 | /* This function reads and parses the server hello handshake message. | ||
1382 | * This function also restores resumed parameters if we are resuming a | ||
1383 | * session. | ||
1384 | */ | ||
1385 | static int | ||
1386 | MHD__gnutls_read_server_hello (MHD_gtls_session_t session, | ||
1387 | opaque * data, int datalen) | ||
1388 | { | ||
1389 | uint8_t session_id_len = 0; | ||
1390 | int pos = 0; | ||
1391 | int ret = 0; | ||
1392 | enum MHD_GNUTLS_Protocol version; | ||
1393 | int len = datalen; | ||
1394 | |||
1395 | if (datalen < 38) | ||
1396 | { | ||
1397 | MHD_gnutls_assert (); | ||
1398 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
1399 | } | ||
1400 | |||
1401 | MHD__gnutls_handshake_log ("HSK[%x]: Server's version: %d.%d\n", | ||
1402 | session, data[pos], data[pos + 1]); | ||
1403 | |||
1404 | DECR_LEN (len, 2); | ||
1405 | version = MHD_gtls_version_get (data[pos], data[pos + 1]); | ||
1406 | if (MHD_gtls_version_is_supported (session, version) == 0) | ||
1407 | { | ||
1408 | MHD_gnutls_assert (); | ||
1409 | return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; | ||
1410 | } | ||
1411 | else | ||
1412 | { | ||
1413 | MHD_gtls_set_current_version (session, version); | ||
1414 | } | ||
1415 | |||
1416 | pos += 2; | ||
1417 | |||
1418 | DECR_LEN (len, TLS_RANDOM_SIZE); | ||
1419 | MHD_gtls_set_server_random (session, &data[pos]); | ||
1420 | pos += TLS_RANDOM_SIZE; | ||
1421 | |||
1422 | |||
1423 | /* Read session ID | ||
1424 | */ | ||
1425 | DECR_LEN (len, 1); | ||
1426 | session_id_len = data[pos++]; | ||
1427 | |||
1428 | if (len < session_id_len) | ||
1429 | { | ||
1430 | MHD_gnutls_assert (); | ||
1431 | return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; | ||
1432 | } | ||
1433 | DECR_LEN (len, session_id_len); | ||
1434 | |||
1435 | |||
1436 | /* check if we are resuming and set the appropriate | ||
1437 | * values; | ||
1438 | */ | ||
1439 | if (MHD__gnutls_client_check_if_resuming | ||
1440 | (session, &data[pos], session_id_len) == 0) | ||
1441 | return 0; | ||
1442 | pos += session_id_len; | ||
1443 | |||
1444 | |||
1445 | /* Check if the given cipher suite is supported and copy | ||
1446 | * it to the session. | ||
1447 | */ | ||
1448 | |||
1449 | DECR_LEN (len, 2); | ||
1450 | ret = MHD__gnutls_client_set_ciphersuite (session, &data[pos]); | ||
1451 | if (ret < 0) | ||
1452 | { | ||
1453 | MHD_gnutls_assert (); | ||
1454 | return ret; | ||
1455 | } | ||
1456 | pos += 2; | ||
1457 | |||
1458 | |||
1459 | |||
1460 | /* move to compression */ | ||
1461 | DECR_LEN (len, 1); | ||
1462 | |||
1463 | ret = MHD__gnutls_client_set_comp_method (session, data[pos++]); | ||
1464 | if (ret < 0) | ||
1465 | { | ||
1466 | MHD_gnutls_assert (); | ||
1467 | return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; | ||
1468 | } | ||
1469 | |||
1470 | /* Parse extensions. | ||
1471 | */ | ||
1472 | if (version >= MHD_GNUTLS_PROTOCOL_TLS1_0) | ||
1473 | { | ||
1474 | ret = MHD_gtls_parse_extensions (session, EXTENSION_ANY, &data[pos], len); /* len is the rest of the parsed length */ | ||
1475 | if (ret < 0) | ||
1476 | { | ||
1477 | MHD_gnutls_assert (); | ||
1478 | return ret; | ||
1479 | } | ||
1480 | } | ||
1481 | return ret; | ||
1482 | } | ||
1483 | |||
1484 | |||
1485 | /* This function copies the appropriate ciphersuites to a locally allocated buffer | ||
1486 | * Needed in client hello messages. Returns the new data length. | ||
1487 | */ | ||
1488 | int | ||
1489 | MHD__gnutls_copy_ciphersuites (MHD_gtls_session_t session, | ||
1490 | opaque * ret_data, size_t ret_data_size) | ||
1491 | { | ||
1492 | int ret, i; | ||
1493 | cipher_suite_st *cipher_suites; | ||
1494 | uint16_t cipher_num; | ||
1495 | int datalen, pos; | ||
1496 | |||
1497 | ret = MHD_gtls_supported_ciphersuites_sorted (session, &cipher_suites); | ||
1498 | if (ret < 0) | ||
1499 | { | ||
1500 | MHD_gnutls_assert (); | ||
1501 | return ret; | ||
1502 | } | ||
1503 | |||
1504 | /* Here we remove any ciphersuite that does not conform | ||
1505 | * the certificate requested, or to the | ||
1506 | * authentication requested (eg SRP). | ||
1507 | */ | ||
1508 | ret = | ||
1509 | MHD_gtls_remove_unwanted_ciphersuites (session, &cipher_suites, ret, -1); | ||
1510 | if (ret < 0) | ||
1511 | { | ||
1512 | MHD_gnutls_assert (); | ||
1513 | MHD_gnutls_free (cipher_suites); | ||
1514 | return ret; | ||
1515 | } | ||
1516 | |||
1517 | /* If no cipher suites were enabled. | ||
1518 | */ | ||
1519 | if (ret == 0) | ||
1520 | { | ||
1521 | MHD_gnutls_assert (); | ||
1522 | MHD_gnutls_free (cipher_suites); | ||
1523 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
1524 | } | ||
1525 | |||
1526 | cipher_num = ret; | ||
1527 | |||
1528 | cipher_num *= sizeof (uint16_t); /* in order to get bytes */ | ||
1529 | |||
1530 | datalen = pos = 0; | ||
1531 | |||
1532 | datalen += sizeof (uint16_t) + cipher_num; | ||
1533 | |||
1534 | if ((size_t) datalen > ret_data_size) | ||
1535 | { | ||
1536 | MHD_gnutls_assert (); | ||
1537 | return GNUTLS_E_INTERNAL_ERROR; | ||
1538 | } | ||
1539 | |||
1540 | MHD_gtls_write_uint16 (cipher_num, ret_data); | ||
1541 | pos += 2; | ||
1542 | |||
1543 | for (i = 0; i < (cipher_num / 2); i++) | ||
1544 | { | ||
1545 | memcpy (&ret_data[pos], cipher_suites[i].suite, 2); | ||
1546 | pos += 2; | ||
1547 | } | ||
1548 | MHD_gnutls_free (cipher_suites); | ||
1549 | |||
1550 | return datalen; | ||
1551 | } | ||
1552 | |||
1553 | /* This function copies the appropriate compression methods, to a locally allocated buffer | ||
1554 | * Needed in hello messages. Returns the new data length. | ||
1555 | */ | ||
1556 | static int | ||
1557 | MHD__gnutls_copy_comp_methods (MHD_gtls_session_t session, | ||
1558 | opaque * ret_data, size_t ret_data_size) | ||
1559 | { | ||
1560 | int ret, i; | ||
1561 | uint8_t *compression_methods, comp_num; | ||
1562 | int datalen, pos; | ||
1563 | |||
1564 | ret = | ||
1565 | MHD_gtls_supported_compression_methods (session, &compression_methods); | ||
1566 | if (ret < 0) | ||
1567 | { | ||
1568 | MHD_gnutls_assert (); | ||
1569 | return ret; | ||
1570 | } | ||
1571 | |||
1572 | comp_num = ret; | ||
1573 | |||
1574 | datalen = pos = 0; | ||
1575 | datalen += comp_num + 1; | ||
1576 | |||
1577 | if ((size_t) datalen > ret_data_size) | ||
1578 | { | ||
1579 | MHD_gnutls_assert (); | ||
1580 | return GNUTLS_E_INTERNAL_ERROR; | ||
1581 | } | ||
1582 | |||
1583 | ret_data[pos++] = comp_num; /* put the number of compression methods */ | ||
1584 | |||
1585 | for (i = 0; i < comp_num; i++) | ||
1586 | { | ||
1587 | ret_data[pos++] = compression_methods[i]; | ||
1588 | } | ||
1589 | |||
1590 | MHD_gnutls_free (compression_methods); | ||
1591 | |||
1592 | return datalen; | ||
1593 | } | ||
1594 | |||
1595 | static void | ||
1596 | MHD_gtls_set_adv_version (MHD_gtls_session_t session, | ||
1597 | enum MHD_GNUTLS_Protocol ver) | ||
1598 | { | ||
1599 | set_adv_version (session, MHD_gtls_version_get_major (ver), | ||
1600 | MHD_gtls_version_get_minor (ver)); | ||
1601 | } | ||
1602 | |||
1603 | /* This function sends the client hello handshake message. | ||
1604 | */ | ||
1605 | static int | ||
1606 | MHD__gnutls_send_client_hello (MHD_gtls_session_t session, int again) | ||
1607 | { | ||
1608 | opaque *data = NULL; | ||
1609 | int extdatalen; | ||
1610 | int pos = 0; | ||
1611 | int datalen = 0, ret = 0; | ||
1612 | opaque rnd[TLS_RANDOM_SIZE]; | ||
1613 | enum MHD_GNUTLS_Protocol hver; | ||
1614 | opaque extdata[MAX_EXT_DATA_LENGTH]; | ||
1615 | |||
1616 | opaque *SessionID = | ||
1617 | session->internals.resumed_security_parameters.session_id; | ||
1618 | uint8_t session_id_len = | ||
1619 | session->internals.resumed_security_parameters.session_id_size; | ||
1620 | |||
1621 | if (SessionID == NULL) | ||
1622 | session_id_len = 0; | ||
1623 | else if (session_id_len == 0) | ||
1624 | SessionID = NULL; | ||
1625 | |||
1626 | if (again == 0) | ||
1627 | { | ||
1628 | |||
1629 | datalen = 2 + (session_id_len + 1) + TLS_RANDOM_SIZE; | ||
1630 | /* 2 for version, (4 for unix time + 28 for random bytes==TLS_RANDOM_SIZE) | ||
1631 | */ | ||
1632 | |||
1633 | data = MHD_gnutls_malloc (datalen); | ||
1634 | if (data == NULL) | ||
1635 | { | ||
1636 | MHD_gnutls_assert (); | ||
1637 | return GNUTLS_E_MEMORY_ERROR; | ||
1638 | } | ||
1639 | |||
1640 | /* if we are resuming a session then we set the | ||
1641 | * version number to the previously established. | ||
1642 | */ | ||
1643 | if (SessionID == NULL) | ||
1644 | hver = MHD_gtls_version_max (session); | ||
1645 | else | ||
1646 | { /* we are resuming a session */ | ||
1647 | hver = session->internals.resumed_security_parameters.version; | ||
1648 | } | ||
1649 | |||
1650 | if (hver == MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN || hver == 0) | ||
1651 | { | ||
1652 | MHD_gnutls_assert (); | ||
1653 | MHD_gnutls_free (data); | ||
1654 | return GNUTLS_E_INTERNAL_ERROR; | ||
1655 | } | ||
1656 | |||
1657 | data[pos++] = MHD_gtls_version_get_major (hver); | ||
1658 | data[pos++] = MHD_gtls_version_get_minor (hver); | ||
1659 | |||
1660 | /* Set the version we advertized as maximum | ||
1661 | * (RSA uses it). | ||
1662 | */ | ||
1663 | MHD_gtls_set_adv_version (session, hver); | ||
1664 | |||
1665 | /* Some old implementations do not interoperate if we send a | ||
1666 | * different version in the record layer. | ||
1667 | * It seems they prefer to read the record's version | ||
1668 | * as the one we actually requested. | ||
1669 | * The proper behaviour is to use the one in the client hello | ||
1670 | * handshake packet and ignore the one in the packet's record | ||
1671 | * header. | ||
1672 | */ | ||
1673 | MHD_gtls_set_current_version (session, hver); | ||
1674 | |||
1675 | /* In order to know when this session was initiated. | ||
1676 | */ | ||
1677 | session->security_parameters.timestamp = time (NULL); | ||
1678 | |||
1679 | /* Generate random data | ||
1680 | */ | ||
1681 | MHD_gtls_tls_create_random (rnd); | ||
1682 | MHD_gtls_set_client_random (session, rnd); | ||
1683 | |||
1684 | memcpy (&data[pos], rnd, TLS_RANDOM_SIZE); | ||
1685 | pos += TLS_RANDOM_SIZE; | ||
1686 | |||
1687 | /* Copy the Session ID */ | ||
1688 | data[pos++] = session_id_len; | ||
1689 | |||
1690 | if (session_id_len > 0) | ||
1691 | { | ||
1692 | memcpy (&data[pos], SessionID, session_id_len); | ||
1693 | pos += session_id_len; | ||
1694 | } | ||
1695 | |||
1696 | |||
1697 | /* Copy the ciphersuites. | ||
1698 | */ | ||
1699 | extdatalen = | ||
1700 | MHD__gnutls_copy_ciphersuites (session, extdata, sizeof (extdata)); | ||
1701 | if (extdatalen > 0) | ||
1702 | { | ||
1703 | datalen += extdatalen; | ||
1704 | data = MHD_gtls_realloc_fast (data, datalen); | ||
1705 | if (data == NULL) | ||
1706 | { | ||
1707 | MHD_gnutls_assert (); | ||
1708 | return GNUTLS_E_MEMORY_ERROR; | ||
1709 | } | ||
1710 | |||
1711 | memcpy (&data[pos], extdata, extdatalen); | ||
1712 | pos += extdatalen; | ||
1713 | |||
1714 | } | ||
1715 | else | ||
1716 | { | ||
1717 | if (extdatalen == 0) | ||
1718 | extdatalen = GNUTLS_E_INTERNAL_ERROR; | ||
1719 | MHD_gnutls_free (data); | ||
1720 | MHD_gnutls_assert (); | ||
1721 | return extdatalen; | ||
1722 | } | ||
1723 | |||
1724 | |||
1725 | /* Copy the compression methods. | ||
1726 | */ | ||
1727 | extdatalen = | ||
1728 | MHD__gnutls_copy_comp_methods (session, extdata, sizeof (extdata)); | ||
1729 | if (extdatalen > 0) | ||
1730 | { | ||
1731 | datalen += extdatalen; | ||
1732 | data = MHD_gtls_realloc_fast (data, datalen); | ||
1733 | if (data == NULL) | ||
1734 | { | ||
1735 | MHD_gnutls_assert (); | ||
1736 | return GNUTLS_E_MEMORY_ERROR; | ||
1737 | } | ||
1738 | |||
1739 | memcpy (&data[pos], extdata, extdatalen); | ||
1740 | pos += extdatalen; | ||
1741 | |||
1742 | } | ||
1743 | else | ||
1744 | { | ||
1745 | if (extdatalen == 0) | ||
1746 | extdatalen = GNUTLS_E_INTERNAL_ERROR; | ||
1747 | MHD_gnutls_free (data); | ||
1748 | MHD_gnutls_assert (); | ||
1749 | return extdatalen; | ||
1750 | } | ||
1751 | |||
1752 | /* Generate and copy TLS extensions. | ||
1753 | */ | ||
1754 | if (hver >= MHD_GNUTLS_PROTOCOL_TLS1_0) | ||
1755 | { | ||
1756 | extdatalen = | ||
1757 | MHD_gtls_gen_extensions (session, extdata, sizeof (extdata)); | ||
1758 | |||
1759 | if (extdatalen > 0) | ||
1760 | { | ||
1761 | datalen += extdatalen; | ||
1762 | data = MHD_gtls_realloc_fast (data, datalen); | ||
1763 | if (data == NULL) | ||
1764 | { | ||
1765 | MHD_gnutls_assert (); | ||
1766 | return GNUTLS_E_MEMORY_ERROR; | ||
1767 | } | ||
1768 | |||
1769 | memcpy (&data[pos], extdata, extdatalen); | ||
1770 | } | ||
1771 | else if (extdatalen < 0) | ||
1772 | { | ||
1773 | MHD_gnutls_assert (); | ||
1774 | MHD_gnutls_free (data); | ||
1775 | return extdatalen; | ||
1776 | } | ||
1777 | } | ||
1778 | } | ||
1779 | |||
1780 | ret = | ||
1781 | MHD_gtls_send_handshake (session, data, datalen, | ||
1782 | GNUTLS_HANDSHAKE_CLIENT_HELLO); | ||
1783 | MHD_gnutls_free (data); | ||
1784 | |||
1785 | return ret; | ||
1786 | } | ||
1787 | #endif | ||
1788 | |||
1789 | static int | ||
1790 | MHD__gnutls_send_server_hello (MHD_gtls_session_t session, int again) | ||
1791 | { | ||
1792 | opaque *data = NULL; | ||
1793 | opaque extdata[MAX_EXT_DATA_LENGTH]; | ||
1794 | int extdatalen; | ||
1795 | int pos = 0; | ||
1796 | int datalen, ret = 0; | ||
1797 | uint8_t comp; | ||
1798 | opaque *SessionID = session->security_parameters.session_id; | ||
1799 | uint8_t session_id_len = session->security_parameters.session_id_size; | ||
1800 | opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1]; | ||
1801 | |||
1802 | if (SessionID == NULL) | ||
1803 | session_id_len = 0; | ||
1804 | |||
1805 | datalen = 0; | ||
1806 | |||
1807 | if (again == 0) | ||
1808 | { | ||
1809 | datalen = 2 + session_id_len + 1 + TLS_RANDOM_SIZE + 3; | ||
1810 | extdatalen = | ||
1811 | MHD_gtls_gen_extensions (session, extdata, sizeof (extdata)); | ||
1812 | |||
1813 | if (extdatalen < 0) | ||
1814 | { | ||
1815 | MHD_gnutls_assert (); | ||
1816 | return extdatalen; | ||
1817 | } | ||
1818 | |||
1819 | data = MHD_gnutls_alloca (datalen + extdatalen); | ||
1820 | if (data == NULL) | ||
1821 | { | ||
1822 | MHD_gnutls_assert (); | ||
1823 | return GNUTLS_E_MEMORY_ERROR; | ||
1824 | } | ||
1825 | |||
1826 | data[pos++] = | ||
1827 | MHD_gtls_version_get_major (session->security_parameters.version); | ||
1828 | data[pos++] = | ||
1829 | MHD_gtls_version_get_minor (session->security_parameters.version); | ||
1830 | |||
1831 | memcpy (&data[pos], | ||
1832 | session->security_parameters.server_random, TLS_RANDOM_SIZE); | ||
1833 | pos += TLS_RANDOM_SIZE; | ||
1834 | |||
1835 | data[pos++] = session_id_len; | ||
1836 | if (session_id_len > 0) | ||
1837 | { | ||
1838 | memcpy (&data[pos], SessionID, session_id_len); | ||
1839 | } | ||
1840 | pos += session_id_len; | ||
1841 | |||
1842 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, | ||
1843 | MHD_gtls_bin2hex (SessionID, session_id_len, | ||
1844 | (char *) buf, | ||
1845 | sizeof (buf))); | ||
1846 | |||
1847 | memcpy (&data[pos], | ||
1848 | session->security_parameters.current_cipher_suite.suite, 2); | ||
1849 | pos += 2; | ||
1850 | |||
1851 | comp = | ||
1852 | (uint8_t) MHD_gtls_compression_get_num (session-> | ||
1853 | internals.compression_method); | ||
1854 | data[pos++] = comp; | ||
1855 | |||
1856 | |||
1857 | if (extdatalen > 0) | ||
1858 | { | ||
1859 | datalen += extdatalen; | ||
1860 | |||
1861 | memcpy (&data[pos], extdata, extdatalen); | ||
1862 | } | ||
1863 | } | ||
1864 | |||
1865 | ret = | ||
1866 | MHD_gtls_send_handshake (session, data, datalen, | ||
1867 | GNUTLS_HANDSHAKE_SERVER_HELLO); | ||
1868 | MHD_gnutls_afree (data); | ||
1869 | |||
1870 | return ret; | ||
1871 | } | ||
1872 | |||
1873 | int | ||
1874 | MHD_gtls_send_hello (MHD_gtls_session_t session, int again) | ||
1875 | { | ||
1876 | int ret; | ||
1877 | #if MHD_DEBUG_TLS | ||
1878 | if (session->security_parameters.entity == GNUTLS_CLIENT) | ||
1879 | { | ||
1880 | ret = MHD__gnutls_send_client_hello (session, again); | ||
1881 | |||
1882 | } | ||
1883 | else | ||
1884 | #endif | ||
1885 | { /* SERVER */ | ||
1886 | ret = MHD__gnutls_send_server_hello (session, again); | ||
1887 | } | ||
1888 | |||
1889 | return ret; | ||
1890 | } | ||
1891 | |||
1892 | /* RECEIVE A HELLO MESSAGE. This should be called from MHD_gnutls_recv_handshake_int only if a | ||
1893 | * hello message is expected. It uses the security_parameters.current_cipher_suite | ||
1894 | * and internals.compression_method. | ||
1895 | */ | ||
1896 | int | ||
1897 | MHD_gtls_recv_hello (MHD_gtls_session_t session, opaque * data, int datalen) | ||
1898 | { | ||
1899 | int ret; | ||
1900 | #if MHD_DEBUG_TLS | ||
1901 | if (session->security_parameters.entity == GNUTLS_CLIENT) | ||
1902 | { | ||
1903 | ret = MHD__gnutls_read_server_hello (session, data, datalen); | ||
1904 | if (ret < 0) | ||
1905 | { | ||
1906 | MHD_gnutls_assert (); | ||
1907 | return ret; | ||
1908 | } | ||
1909 | } | ||
1910 | else | ||
1911 | #endif | ||
1912 | { /* Server side reading a client hello */ | ||
1913 | |||
1914 | ret = MHD__gnutls_read_client_hello (session, data, datalen); | ||
1915 | if (ret < 0) | ||
1916 | { | ||
1917 | MHD_gnutls_assert (); | ||
1918 | return ret; | ||
1919 | } | ||
1920 | } | ||
1921 | |||
1922 | return ret; | ||
1923 | } | ||
1924 | |||
1925 | /* The packets in MHD__gnutls_handshake (it's more broad than original TLS handshake) | ||
1926 | * | ||
1927 | * Client Server | ||
1928 | * | ||
1929 | * ClientHello --------> | ||
1930 | * <-------- ServerHello | ||
1931 | * | ||
1932 | * Certificate* | ||
1933 | * ServerKeyExchange* | ||
1934 | * <-------- CertificateRequest* | ||
1935 | * | ||
1936 | * <-------- ServerHelloDone | ||
1937 | * Certificate* | ||
1938 | * ClientKeyExchange | ||
1939 | * CertificateVerify* | ||
1940 | * [ChangeCipherSpec] | ||
1941 | * Finished --------> | ||
1942 | * [ChangeCipherSpec] | ||
1943 | * <-------- Finished | ||
1944 | * | ||
1945 | * (*): means optional packet. | ||
1946 | */ | ||
1947 | |||
1948 | /** | ||
1949 | * MHD__gnutls_rehandshake - This function will renegotiate security parameters | ||
1950 | * @session: is a #MHD_gtls_session_t structure. | ||
1951 | * | ||
1952 | * This function will renegotiate security parameters with the | ||
1953 | * client. This should only be called in case of a server. | ||
1954 | * | ||
1955 | * This message informs the peer that we want to renegotiate | ||
1956 | * parameters (perform a handshake). | ||
1957 | * | ||
1958 | * If this function succeeds (returns 0), you must call the | ||
1959 | * MHD__gnutls_handshake() function in order to negotiate the new | ||
1960 | * parameters. | ||
1961 | * | ||
1962 | * If the client does not wish to renegotiate parameters he will | ||
1963 | * should with an alert message, thus the return code will be | ||
1964 | * %GNUTLS_E_WARNING_ALERT_RECEIVED and the alert will be | ||
1965 | * %GNUTLS_A_NO_RENEGOTIATION. A client may also choose to ignore | ||
1966 | * this message. | ||
1967 | * | ||
1968 | * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. | ||
1969 | * | ||
1970 | **/ | ||
1971 | int | ||
1972 | MHD__gnutls_rehandshake (MHD_gtls_session_t session) | ||
1973 | { | ||
1974 | int ret; | ||
1975 | |||
1976 | ret = | ||
1977 | MHD__gnutls_send_empty_handshake (session, GNUTLS_HANDSHAKE_HELLO_REQUEST, | ||
1978 | AGAIN (STATE50)); | ||
1979 | STATE = STATE50; | ||
1980 | |||
1981 | if (ret < 0) | ||
1982 | { | ||
1983 | MHD_gnutls_assert (); | ||
1984 | return ret; | ||
1985 | } | ||
1986 | STATE = STATE0; | ||
1987 | |||
1988 | return 0; | ||
1989 | } | ||
1990 | |||
1991 | inline static int | ||
1992 | MHD__gnutls_abort_handshake (MHD_gtls_session_t session, int ret) | ||
1993 | { | ||
1994 | if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) && | ||
1995 | (MHD_gnutls_alert_get (session) == GNUTLS_A_NO_RENEGOTIATION)) | ||
1996 | || ret == GNUTLS_E_GOT_APPLICATION_DATA) | ||
1997 | return 0; | ||
1998 | |||
1999 | /* this doesn't matter */ | ||
2000 | return GNUTLS_E_INTERNAL_ERROR; | ||
2001 | } | ||
2002 | |||
2003 | /* This function initialized the handshake hash session. | ||
2004 | * required for finished messages. | ||
2005 | */ | ||
2006 | inline static int | ||
2007 | MHD__gnutls_handshake_hash_init (MHD_gtls_session_t session) | ||
2008 | { | ||
2009 | |||
2010 | if (session->internals.handshake_mac_handle_md5 == NULL) | ||
2011 | { | ||
2012 | session->internals.handshake_mac_handle_md5 = | ||
2013 | MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5); | ||
2014 | |||
2015 | if (session->internals.handshake_mac_handle_md5 == GNUTLS_HASH_FAILED) | ||
2016 | { | ||
2017 | MHD_gnutls_assert (); | ||
2018 | return GNUTLS_E_MEMORY_ERROR; | ||
2019 | } | ||
2020 | } | ||
2021 | |||
2022 | if (session->internals.handshake_mac_handle_sha == NULL) | ||
2023 | { | ||
2024 | session->internals.handshake_mac_handle_sha = | ||
2025 | MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1); | ||
2026 | if (session->internals.handshake_mac_handle_sha == GNUTLS_HASH_FAILED) | ||
2027 | { | ||
2028 | MHD_gnutls_assert (); | ||
2029 | return GNUTLS_E_MEMORY_ERROR; | ||
2030 | } | ||
2031 | } | ||
2032 | |||
2033 | return 0; | ||
2034 | } | ||
2035 | |||
2036 | static int | ||
2037 | MHD__gnutls_send_supplemental (MHD_gtls_session_t session, int again) | ||
2038 | { | ||
2039 | int ret = 0; | ||
2040 | |||
2041 | MHD__gnutls_debug_log ("EXT[%x]: Sending supplemental data\n", session); | ||
2042 | |||
2043 | if (again) | ||
2044 | ret = MHD_gtls_send_handshake (session, NULL, 0, | ||
2045 | GNUTLS_HANDSHAKE_SUPPLEMENTAL); | ||
2046 | else | ||
2047 | { | ||
2048 | MHD_gtls_buffer buf; | ||
2049 | MHD_gtls_buffer_init (&buf); | ||
2050 | |||
2051 | ret = MHD__gnutls_gen_supplemental (session, &buf); | ||
2052 | if (ret < 0) | ||
2053 | { | ||
2054 | MHD_gnutls_assert (); | ||
2055 | return ret; | ||
2056 | } | ||
2057 | |||
2058 | ret = MHD_gtls_send_handshake (session, buf.data, buf.length, | ||
2059 | GNUTLS_HANDSHAKE_SUPPLEMENTAL); | ||
2060 | MHD_gtls_buffer_clear (&buf); | ||
2061 | } | ||
2062 | |||
2063 | return ret; | ||
2064 | } | ||
2065 | |||
2066 | static int | ||
2067 | MHD__gnutls_recv_supplemental (MHD_gtls_session_t session) | ||
2068 | { | ||
2069 | uint8_t *data = NULL; | ||
2070 | int datalen = 0; | ||
2071 | int ret; | ||
2072 | |||
2073 | MHD__gnutls_debug_log ("EXT[%x]: Expecting supplemental data\n", session); | ||
2074 | |||
2075 | ret = MHD_gtls_recv_handshake (session, &data, &datalen, | ||
2076 | GNUTLS_HANDSHAKE_SUPPLEMENTAL, | ||
2077 | OPTIONAL_PACKET); | ||
2078 | if (ret < 0) | ||
2079 | { | ||
2080 | MHD_gnutls_assert (); | ||
2081 | return ret; | ||
2082 | } | ||
2083 | |||
2084 | ret = MHD__gnutls_parse_supplemental (session, data, datalen); | ||
2085 | if (ret < 0) | ||
2086 | { | ||
2087 | MHD_gnutls_assert (); | ||
2088 | return ret; | ||
2089 | } | ||
2090 | |||
2091 | MHD_gnutls_free (data); | ||
2092 | |||
2093 | return ret; | ||
2094 | } | ||
2095 | |||
2096 | /** | ||
2097 | * MHD__gnutls_handshake - This is the main function in the handshake protocol. | ||
2098 | * @session: is a #MHD_gtls_session_t structure. | ||
2099 | * | ||
2100 | * This function does the handshake of the TLS/SSL protocol, and | ||
2101 | * initializes the TLS connection. | ||
2102 | * | ||
2103 | * This function will fail if any problem is encountered, and will | ||
2104 | * return a negative error code. In case of a client, if the client | ||
2105 | * has asked to resume a session, but the server couldn't, then a | ||
2106 | * full handshake will be performed. | ||
2107 | * | ||
2108 | * The non-fatal errors such as %GNUTLS_E_AGAIN and | ||
2109 | * %GNUTLS_E_INTERRUPTED interrupt the handshake procedure, which | ||
2110 | * should be later be resumed. Call this function again, until it | ||
2111 | * returns 0; cf. MHD__gnutls_record_get_direction() and | ||
2112 | * MHD_gtls_error_is_fatal(). | ||
2113 | * | ||
2114 | * If this function is called by a server after a rehandshake request | ||
2115 | * then %GNUTLS_E_GOT_APPLICATION_DATA or | ||
2116 | * %GNUTLS_E_WARNING_ALERT_RECEIVED may be returned. Note that these | ||
2117 | * are non fatal errors, only in the specific case of a rehandshake. | ||
2118 | * Their meaning is that the client rejected the rehandshake request. | ||
2119 | * | ||
2120 | * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. | ||
2121 | * | ||
2122 | **/ | ||
2123 | int | ||
2124 | MHD__gnutls_handshake (MHD_gtls_session_t session) | ||
2125 | { | ||
2126 | int ret; | ||
2127 | |||
2128 | if ((ret = MHD__gnutls_handshake_hash_init (session)) < 0) | ||
2129 | { | ||
2130 | MHD_gnutls_assert (); | ||
2131 | return ret; | ||
2132 | } | ||
2133 | #if MHD_DEBUG_TLS | ||
2134 | if (session->security_parameters.entity == GNUTLS_CLIENT) | ||
2135 | { | ||
2136 | ret = MHD_gtls_handshake_client (session); | ||
2137 | } | ||
2138 | else | ||
2139 | #endif | ||
2140 | { | ||
2141 | ret = MHD_gtls_handshake_server (session); | ||
2142 | } | ||
2143 | |||
2144 | if (ret < 0) | ||
2145 | { | ||
2146 | /* In the case of a rehandshake abort | ||
2147 | * we should reset the handshake's internal state. | ||
2148 | */ | ||
2149 | if (MHD__gnutls_abort_handshake (session, ret) == 0) | ||
2150 | STATE = STATE0; | ||
2151 | |||
2152 | return ret; | ||
2153 | } | ||
2154 | |||
2155 | ret = MHD_gtls_handshake_common (session); | ||
2156 | |||
2157 | if (ret < 0) | ||
2158 | { | ||
2159 | if (MHD__gnutls_abort_handshake (session, ret) == 0) | ||
2160 | STATE = STATE0; | ||
2161 | |||
2162 | return ret; | ||
2163 | } | ||
2164 | |||
2165 | STATE = STATE0; | ||
2166 | |||
2167 | MHD__gnutls_handshake_io_buffer_clear (session); | ||
2168 | MHD_gtls_handshake_internal_state_clear (session); | ||
2169 | |||
2170 | return 0; | ||
2171 | } | ||
2172 | |||
2173 | #define IMED_RET( str, ret) do { \ | ||
2174 | if (ret < 0) { \ | ||
2175 | if (MHD_gtls_error_is_fatal(ret)==0) return ret; \ | ||
2176 | MHD_gnutls_assert(); \ | ||
2177 | ERR( str, ret); \ | ||
2178 | MHD__gnutls_handshake_hash_buffers_clear(session); \ | ||
2179 | return ret; \ | ||
2180 | } } while (0) | ||
2181 | |||
2182 | |||
2183 | #if MHD_DEBUG_TLS | ||
2184 | /* | ||
2185 | * MHD_gtls_handshake_client | ||
2186 | * This function performs the client side of the handshake of the TLS/SSL protocol. | ||
2187 | */ | ||
2188 | static int | ||
2189 | MHD_gtls_handshake_client (MHD_gtls_session_t session) | ||
2190 | { | ||
2191 | int ret = 0; | ||
2192 | |||
2193 | switch (STATE) | ||
2194 | { | ||
2195 | case STATE0: | ||
2196 | case STATE1: | ||
2197 | ret = MHD_gtls_send_hello (session, AGAIN (STATE1)); | ||
2198 | STATE = STATE1; | ||
2199 | IMED_RET ("send hello", ret); | ||
2200 | |||
2201 | case STATE2: | ||
2202 | /* receive the server hello */ | ||
2203 | ret = | ||
2204 | MHD_gtls_recv_handshake (session, NULL, NULL, | ||
2205 | GNUTLS_HANDSHAKE_SERVER_HELLO, | ||
2206 | MANDATORY_PACKET); | ||
2207 | STATE = STATE2; | ||
2208 | IMED_RET ("recv hello", ret); | ||
2209 | |||
2210 | case STATE70: | ||
2211 | if (session->security_parameters.extensions.do_recv_supplemental) | ||
2212 | { | ||
2213 | ret = MHD__gnutls_recv_supplemental (session); | ||
2214 | STATE = STATE70; | ||
2215 | IMED_RET ("recv supplemental", ret); | ||
2216 | } | ||
2217 | |||
2218 | case STATE3: | ||
2219 | /* RECV CERTIFICATE */ | ||
2220 | if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ | ||
2221 | ret = MHD_gtls_recv_server_certificate (session); | ||
2222 | STATE = STATE3; | ||
2223 | IMED_RET ("recv server certificate", ret); | ||
2224 | |||
2225 | case STATE4: | ||
2226 | /* receive the server key exchange */ | ||
2227 | if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ | ||
2228 | ret = MHD_gtls_recv_server_kx_message (session); | ||
2229 | STATE = STATE4; | ||
2230 | IMED_RET ("recv server kx message", ret); | ||
2231 | |||
2232 | case STATE5: | ||
2233 | /* receive the server certificate request - if any | ||
2234 | */ | ||
2235 | |||
2236 | if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ | ||
2237 | ret = MHD_gtls_recv_server_certificate_request (session); | ||
2238 | STATE = STATE5; | ||
2239 | IMED_RET ("recv server certificate request message", ret); | ||
2240 | |||
2241 | case STATE6: | ||
2242 | /* receive the server hello done */ | ||
2243 | if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ | ||
2244 | ret = | ||
2245 | MHD_gtls_recv_handshake (session, NULL, NULL, | ||
2246 | GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, | ||
2247 | MANDATORY_PACKET); | ||
2248 | STATE = STATE6; | ||
2249 | IMED_RET ("recv server hello done", ret); | ||
2250 | |||
2251 | case STATE71: | ||
2252 | if (session->security_parameters.extensions.do_send_supplemental) | ||
2253 | { | ||
2254 | ret = MHD__gnutls_send_supplemental (session, AGAIN (STATE71)); | ||
2255 | STATE = STATE71; | ||
2256 | IMED_RET ("send supplemental", ret); | ||
2257 | } | ||
2258 | |||
2259 | case STATE7: | ||
2260 | /* send our certificate - if any and if requested | ||
2261 | */ | ||
2262 | if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ | ||
2263 | ret = MHD_gtls_send_client_certificate (session, AGAIN (STATE7)); | ||
2264 | STATE = STATE7; | ||
2265 | IMED_RET ("send client certificate", ret); | ||
2266 | |||
2267 | case STATE8: | ||
2268 | if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ | ||
2269 | ret = MHD_gtls_send_client_kx_message (session, AGAIN (STATE8)); | ||
2270 | STATE = STATE8; | ||
2271 | IMED_RET ("send client kx", ret); | ||
2272 | |||
2273 | case STATE9: | ||
2274 | /* send client certificate verify */ | ||
2275 | if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ | ||
2276 | ret = | ||
2277 | MHD_gtls_send_client_certificate_verify (session, AGAIN (STATE9)); | ||
2278 | STATE = STATE9; | ||
2279 | IMED_RET ("send client certificate verify", ret); | ||
2280 | |||
2281 | STATE = STATE0; | ||
2282 | default: | ||
2283 | break; | ||
2284 | } | ||
2285 | |||
2286 | |||
2287 | return 0; | ||
2288 | } | ||
2289 | #endif | ||
2290 | |||
2291 | /* This function sends the final handshake packets and initializes connection | ||
2292 | */ | ||
2293 | static int | ||
2294 | MHD__gnutls_send_handshake_final (MHD_gtls_session_t session, int init) | ||
2295 | { | ||
2296 | int ret = 0; | ||
2297 | |||
2298 | /* Send the CHANGE CIPHER SPEC PACKET */ | ||
2299 | |||
2300 | switch (STATE) | ||
2301 | { | ||
2302 | case STATE0: | ||
2303 | case STATE20: | ||
2304 | ret = MHD_gtls_send_change_cipher_spec (session, AGAIN (STATE20)); | ||
2305 | STATE = STATE20; | ||
2306 | if (ret < 0) | ||
2307 | { | ||
2308 | ERR ("send ChangeCipherSpec", ret); | ||
2309 | MHD_gnutls_assert (); | ||
2310 | return ret; | ||
2311 | } | ||
2312 | |||
2313 | /* Initialize the connection session (start encryption) - in case of client | ||
2314 | */ | ||
2315 | if (init == TRUE) | ||
2316 | { | ||
2317 | ret = MHD_gtls_connection_state_init (session); | ||
2318 | if (ret < 0) | ||
2319 | { | ||
2320 | MHD_gnutls_assert (); | ||
2321 | return ret; | ||
2322 | } | ||
2323 | } | ||
2324 | |||
2325 | ret = MHD_gtls_write_connection_state_init (session); | ||
2326 | if (ret < 0) | ||
2327 | { | ||
2328 | MHD_gnutls_assert (); | ||
2329 | return ret; | ||
2330 | } | ||
2331 | |||
2332 | case STATE21: | ||
2333 | /* send the finished message */ | ||
2334 | ret = MHD__gnutls_send_finished (session, AGAIN (STATE21)); | ||
2335 | STATE = STATE21; | ||
2336 | if (ret < 0) | ||
2337 | { | ||
2338 | ERR ("send Finished", ret); | ||
2339 | MHD_gnutls_assert (); | ||
2340 | return ret; | ||
2341 | } | ||
2342 | |||
2343 | STATE = STATE0; | ||
2344 | default: | ||
2345 | break; | ||
2346 | } | ||
2347 | |||
2348 | return 0; | ||
2349 | } | ||
2350 | |||
2351 | /* This function receives the final handshake packets | ||
2352 | * And executes the appropriate function to initialize the | ||
2353 | * read session. | ||
2354 | */ | ||
2355 | static int | ||
2356 | MHD__gnutls_recv_handshake_final (MHD_gtls_session_t session, int init) | ||
2357 | { | ||
2358 | int ret = 0; | ||
2359 | uint8_t ch; | ||
2360 | |||
2361 | switch (STATE) | ||
2362 | { | ||
2363 | case STATE0: | ||
2364 | case STATE30: | ||
2365 | ret = | ||
2366 | MHD_gtls_recv_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, 1); | ||
2367 | STATE = STATE30; | ||
2368 | if (ret <= 0) | ||
2369 | { | ||
2370 | ERR ("recv ChangeCipherSpec", ret); | ||
2371 | MHD_gnutls_assert (); | ||
2372 | return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
2373 | } | ||
2374 | |||
2375 | /* Initialize the connection session (start encryption) - in case of server */ | ||
2376 | if (init == TRUE) | ||
2377 | { | ||
2378 | ret = MHD_gtls_connection_state_init (session); | ||
2379 | if (ret < 0) | ||
2380 | { | ||
2381 | MHD_gnutls_assert (); | ||
2382 | return ret; | ||
2383 | } | ||
2384 | } | ||
2385 | |||
2386 | ret = MHD_gtls_read_connection_state_init (session); | ||
2387 | if (ret < 0) | ||
2388 | { | ||
2389 | MHD_gnutls_assert (); | ||
2390 | return ret; | ||
2391 | } | ||
2392 | |||
2393 | case STATE31: | ||
2394 | ret = MHD__gnutls_recv_finished (session); | ||
2395 | STATE = STATE31; | ||
2396 | if (ret < 0) | ||
2397 | { | ||
2398 | ERR ("recv finished", ret); | ||
2399 | MHD_gnutls_assert (); | ||
2400 | return ret; | ||
2401 | } | ||
2402 | STATE = STATE0; | ||
2403 | default: | ||
2404 | break; | ||
2405 | } | ||
2406 | |||
2407 | |||
2408 | return 0; | ||
2409 | } | ||
2410 | |||
2411 | /* | ||
2412 | * MHD_gtls_handshake_server | ||
2413 | * This function does the server stuff of the handshake protocol. | ||
2414 | */ | ||
2415 | |||
2416 | static int | ||
2417 | MHD_gtls_handshake_server (MHD_gtls_session_t session) | ||
2418 | { | ||
2419 | int ret = 0; | ||
2420 | |||
2421 | switch (STATE) | ||
2422 | { | ||
2423 | case STATE0: | ||
2424 | case STATE1: | ||
2425 | ret = | ||
2426 | MHD_gtls_recv_handshake (session, NULL, NULL, | ||
2427 | GNUTLS_HANDSHAKE_CLIENT_HELLO, | ||
2428 | MANDATORY_PACKET); | ||
2429 | STATE = STATE1; | ||
2430 | IMED_RET ("recv hello", ret); | ||
2431 | |||
2432 | case STATE2: | ||
2433 | ret = MHD_gtls_send_hello (session, AGAIN (STATE2)); | ||
2434 | STATE = STATE2; | ||
2435 | IMED_RET ("send hello", ret); | ||
2436 | |||
2437 | case STATE70: | ||
2438 | if (session->security_parameters.extensions.do_send_supplemental) | ||
2439 | { | ||
2440 | ret = MHD__gnutls_send_supplemental (session, AGAIN (STATE70)); | ||
2441 | STATE = STATE70; | ||
2442 | IMED_RET ("send supplemental data", ret); | ||
2443 | } | ||
2444 | |||
2445 | /* SEND CERTIFICATE + KEYEXCHANGE + CERTIFICATE_REQUEST */ | ||
2446 | case STATE3: | ||
2447 | /* NOTE: these should not be send if we are resuming */ | ||
2448 | |||
2449 | if (session->internals.resumed == RESUME_FALSE) | ||
2450 | ret = MHD_gtls_send_server_certificate (session, AGAIN (STATE3)); | ||
2451 | STATE = STATE3; | ||
2452 | IMED_RET ("send server certificate", ret); | ||
2453 | |||
2454 | case STATE4: | ||
2455 | /* send server key exchange (A) */ | ||
2456 | if (session->internals.resumed == RESUME_FALSE) | ||
2457 | ret = MHD_gtls_send_server_kx_message (session, AGAIN (STATE4)); | ||
2458 | STATE = STATE4; | ||
2459 | IMED_RET ("send server kx", ret); | ||
2460 | |||
2461 | case STATE5: | ||
2462 | /* Send certificate request - if requested to */ | ||
2463 | if (session->internals.resumed == RESUME_FALSE) | ||
2464 | ret = | ||
2465 | MHD_gtls_send_server_certificate_request (session, AGAIN (STATE5)); | ||
2466 | STATE = STATE5; | ||
2467 | IMED_RET ("send server cert request", ret); | ||
2468 | |||
2469 | case STATE6: | ||
2470 | /* send the server hello done */ | ||
2471 | if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ | ||
2472 | ret = | ||
2473 | MHD__gnutls_send_empty_handshake (session, | ||
2474 | GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, | ||
2475 | AGAIN (STATE6)); | ||
2476 | STATE = STATE6; | ||
2477 | IMED_RET ("send server hello done", ret); | ||
2478 | |||
2479 | case STATE71: | ||
2480 | if (session->security_parameters.extensions.do_recv_supplemental) | ||
2481 | { | ||
2482 | ret = MHD__gnutls_recv_supplemental (session); | ||
2483 | STATE = STATE71; | ||
2484 | IMED_RET ("recv client supplemental", ret); | ||
2485 | } | ||
2486 | |||
2487 | /* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */ | ||
2488 | case STATE7: | ||
2489 | /* receive the client certificate message */ | ||
2490 | if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ | ||
2491 | ret = MHD_gtls_recv_client_certificate (session); | ||
2492 | STATE = STATE7; | ||
2493 | IMED_RET ("recv client certificate", ret); | ||
2494 | |||
2495 | case STATE8: | ||
2496 | /* receive the client key exchange message */ | ||
2497 | if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ | ||
2498 | ret = MHD_gtls_recv_client_kx_message (session); | ||
2499 | STATE = STATE8; | ||
2500 | IMED_RET ("recv client kx", ret); | ||
2501 | |||
2502 | case STATE9: | ||
2503 | /* receive the client certificate verify message */ | ||
2504 | if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ | ||
2505 | ret = MHD_gtls_recv_client_certificate_verify_message (session); | ||
2506 | STATE = STATE9; | ||
2507 | IMED_RET ("recv client certificate verify", ret); | ||
2508 | |||
2509 | STATE = STATE0; /* finished thus clear session */ | ||
2510 | default: | ||
2511 | break; | ||
2512 | } | ||
2513 | |||
2514 | return 0; | ||
2515 | } | ||
2516 | |||
2517 | static int | ||
2518 | MHD_gtls_handshake_common (MHD_gtls_session_t session) | ||
2519 | { | ||
2520 | int ret = 0; | ||
2521 | |||
2522 | /* send and recv the change cipher spec and finished messages */ | ||
2523 | if ((session->internals.resumed == RESUME_TRUE | ||
2524 | && session->security_parameters.entity == GNUTLS_CLIENT) | ||
2525 | || (session->internals.resumed == RESUME_FALSE | ||
2526 | && session->security_parameters.entity == GNUTLS_SERVER)) | ||
2527 | { | ||
2528 | /* if we are a client resuming - or we are a server not resuming */ | ||
2529 | |||
2530 | ret = MHD__gnutls_recv_handshake_final (session, TRUE); | ||
2531 | IMED_RET ("recv handshake final", ret); | ||
2532 | |||
2533 | ret = MHD__gnutls_send_handshake_final (session, FALSE); | ||
2534 | IMED_RET ("send handshake final", ret); | ||
2535 | } | ||
2536 | else | ||
2537 | { /* if we are a client not resuming - or we are a server resuming */ | ||
2538 | |||
2539 | ret = MHD__gnutls_send_handshake_final (session, TRUE); | ||
2540 | IMED_RET ("send handshake final 2", ret); | ||
2541 | |||
2542 | ret = MHD__gnutls_recv_handshake_final (session, FALSE); | ||
2543 | IMED_RET ("recv handshake final 2", ret); | ||
2544 | } | ||
2545 | |||
2546 | /* clear handshake buffer */ | ||
2547 | MHD__gnutls_handshake_hash_buffers_clear (session); | ||
2548 | return ret; | ||
2549 | |||
2550 | } | ||
2551 | |||
2552 | static int | ||
2553 | MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len) | ||
2554 | { | ||
2555 | *len = TLS_MAX_SESSION_ID_SIZE; | ||
2556 | |||
2557 | if (MHD_gc_nonce ((char *) session_id, *len) != GC_OK) | ||
2558 | { | ||
2559 | MHD_gnutls_assert (); | ||
2560 | return GNUTLS_E_RANDOM_FAILED; | ||
2561 | } | ||
2562 | |||
2563 | return 0; | ||
2564 | } | ||
2565 | |||
2566 | int | ||
2567 | MHD_gtls_recv_hello_request (MHD_gtls_session_t session, void *data, | ||
2568 | uint32_t data_size) | ||
2569 | { | ||
2570 | uint8_t type; | ||
2571 | |||
2572 | if (session->security_parameters.entity == GNUTLS_SERVER) | ||
2573 | { | ||
2574 | MHD_gnutls_assert (); | ||
2575 | return GNUTLS_E_UNEXPECTED_PACKET; | ||
2576 | } | ||
2577 | if (data_size < 1) | ||
2578 | { | ||
2579 | MHD_gnutls_assert (); | ||
2580 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
2581 | } | ||
2582 | type = ((uint8_t *) data)[0]; | ||
2583 | if (type == GNUTLS_HANDSHAKE_HELLO_REQUEST) | ||
2584 | return GNUTLS_E_REHANDSHAKE; | ||
2585 | else | ||
2586 | { | ||
2587 | MHD_gnutls_assert (); | ||
2588 | return GNUTLS_E_UNEXPECTED_PACKET; | ||
2589 | } | ||
2590 | } | ||
2591 | |||
2592 | /* Returns 1 if the given KX has not the corresponding parameters | ||
2593 | * (DH or RSA) set up. Otherwise returns 0. | ||
2594 | */ | ||
2595 | inline static int | ||
2596 | check_server_params (MHD_gtls_session_t session, | ||
2597 | enum MHD_GNUTLS_KeyExchangeAlgorithm kx, | ||
2598 | enum MHD_GNUTLS_KeyExchangeAlgorithm *alg, int alg_size) | ||
2599 | { | ||
2600 | int cred_type; | ||
2601 | MHD_gtls_dh_params_t dh_params = NULL; | ||
2602 | MHD_gtls_rsa_params_t rsa_params = NULL; | ||
2603 | int j; | ||
2604 | |||
2605 | cred_type = MHD_gtls_map_kx_get_cred (kx, 1); | ||
2606 | |||
2607 | /* Read the Diffie Hellman parameters, if any. | ||
2608 | */ | ||
2609 | if (cred_type == MHD_GNUTLS_CRD_CERTIFICATE) | ||
2610 | { | ||
2611 | int delete; | ||
2612 | MHD_gtls_cert_credentials_t x509_cred = | ||
2613 | (MHD_gtls_cert_credentials_t) MHD_gtls_get_cred (session->key, | ||
2614 | cred_type, NULL); | ||
2615 | |||
2616 | if (x509_cred != NULL) | ||
2617 | { | ||
2618 | dh_params = | ||
2619 | MHD_gtls_get_dh_params (x509_cred->dh_params, | ||
2620 | x509_cred->params_func, session); | ||
2621 | rsa_params = | ||
2622 | MHD_gtls_certificate_get_rsa_params (x509_cred->rsa_params, | ||
2623 | x509_cred->params_func, | ||
2624 | session); | ||
2625 | } | ||
2626 | |||
2627 | /* Check also if the certificate supports the | ||
2628 | * KX method. | ||
2629 | */ | ||
2630 | delete = 1; | ||
2631 | for (j = 0; j < alg_size; j++) | ||
2632 | { | ||
2633 | if (alg[j] == kx) | ||
2634 | { | ||
2635 | delete = 0; | ||
2636 | break; | ||
2637 | } | ||
2638 | } | ||
2639 | |||
2640 | if (delete == 1) | ||
2641 | return 1; | ||
2642 | |||
2643 | } | ||
2644 | else | ||
2645 | return 0; /* no need for params */ | ||
2646 | |||
2647 | |||
2648 | /* If the key exchange method needs RSA or DH params, | ||
2649 | * but they are not set then remove it. | ||
2650 | */ | ||
2651 | if (MHD_gtls_kx_needs_rsa_params (kx) != 0) | ||
2652 | { | ||
2653 | /* needs rsa params. */ | ||
2654 | if (MHD__gnutls_rsa_params_to_mpi (rsa_params) == NULL) | ||
2655 | { | ||
2656 | MHD_gnutls_assert (); | ||
2657 | return 1; | ||
2658 | } | ||
2659 | } | ||
2660 | |||
2661 | if (MHD_gtls_kx_needs_dh_params (kx) != 0) | ||
2662 | { | ||
2663 | /* needs DH params. */ | ||
2664 | if (MHD_gtls_dh_params_to_mpi (dh_params) == NULL) | ||
2665 | { | ||
2666 | MHD_gnutls_assert (); | ||
2667 | return 1; | ||
2668 | } | ||
2669 | } | ||
2670 | |||
2671 | return 0; | ||
2672 | } | ||
2673 | |||
2674 | /* This function will remove algorithms that are not supported by | ||
2675 | * the requested authentication method. We remove an algorithm if | ||
2676 | * we have a certificate with keyUsage bits set. | ||
2677 | * | ||
2678 | * This does a more high level check than MHD_gnutls_supported_ciphersuites(), | ||
2679 | * by checking certificates etc. | ||
2680 | */ | ||
2681 | static int | ||
2682 | MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, | ||
2683 | cipher_suite_st ** cipherSuites, | ||
2684 | int numCipherSuites, | ||
2685 | enum MHD_GNUTLS_PublicKeyAlgorithm | ||
2686 | requested_pk_algo) | ||
2687 | { | ||
2688 | |||
2689 | int ret = 0; | ||
2690 | cipher_suite_st *newSuite, cs; | ||
2691 | int newSuiteSize = 0, i; | ||
2692 | MHD_gtls_cert_credentials_t cert_cred; | ||
2693 | enum MHD_GNUTLS_KeyExchangeAlgorithm kx; | ||
2694 | int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0; | ||
2695 | enum MHD_GNUTLS_KeyExchangeAlgorithm *alg = NULL; | ||
2696 | int alg_size = 0; | ||
2697 | |||
2698 | /* if we should use a specific certificate, | ||
2699 | * we should remove all algorithms that are not supported | ||
2700 | * by that certificate and are on the same authentication | ||
2701 | * method (CERTIFICATE). | ||
2702 | */ | ||
2703 | |||
2704 | cert_cred = | ||
2705 | (MHD_gtls_cert_credentials_t) MHD_gtls_get_cred (session->key, | ||
2706 | MHD_GNUTLS_CRD_CERTIFICATE, | ||
2707 | NULL); | ||
2708 | |||
2709 | /* If there are certificate credentials, find an appropriate certificate | ||
2710 | * or disable them; | ||
2711 | */ | ||
2712 | if (session->security_parameters.entity == GNUTLS_SERVER | ||
2713 | && cert_cred != NULL) | ||
2714 | { | ||
2715 | ret = MHD_gtls_server_select_cert (session, requested_pk_algo); | ||
2716 | if (ret < 0) | ||
2717 | { | ||
2718 | MHD_gnutls_assert (); | ||
2719 | MHD__gnutls_x509_log | ||
2720 | ("Could not find an appropriate certificate: %s\n", | ||
2721 | MHD_gtls_strerror (ret)); | ||
2722 | cert_cred = NULL; | ||
2723 | } | ||
2724 | } | ||
2725 | |||
2726 | /* get all the key exchange algorithms that are | ||
2727 | * supported by the X509 certificate parameters. | ||
2728 | */ | ||
2729 | if ((ret = | ||
2730 | MHD_gtls_selected_cert_supported_kx (session, &alg, &alg_size)) < 0) | ||
2731 | { | ||
2732 | MHD_gnutls_assert (); | ||
2733 | return ret; | ||
2734 | } | ||
2735 | |||
2736 | newSuite = MHD_gnutls_malloc (numCipherSuites * sizeof (cipher_suite_st)); | ||
2737 | if (newSuite == NULL) | ||
2738 | { | ||
2739 | MHD_gnutls_assert (); | ||
2740 | MHD_gnutls_free (alg); | ||
2741 | return GNUTLS_E_MEMORY_ERROR; | ||
2742 | } | ||
2743 | |||
2744 | /* now removes ciphersuites based on the KX algorithm | ||
2745 | */ | ||
2746 | for (i = 0; i < numCipherSuites; i++) | ||
2747 | { | ||
2748 | int delete = 0; | ||
2749 | |||
2750 | /* finds the key exchange algorithm in | ||
2751 | * the ciphersuite | ||
2752 | */ | ||
2753 | kx = MHD_gtls_cipher_suite_get_kx_algo (&(*cipherSuites)[i]); | ||
2754 | |||
2755 | /* if it is defined but had no credentials | ||
2756 | */ | ||
2757 | if (MHD_gtls_get_kx_cred (session, kx, NULL) == NULL) | ||
2758 | { | ||
2759 | delete = 1; | ||
2760 | } | ||
2761 | else | ||
2762 | { | ||
2763 | delete = 0; | ||
2764 | |||
2765 | if (server) | ||
2766 | delete = check_server_params (session, kx, alg, alg_size); | ||
2767 | } | ||
2768 | memcpy (&cs.suite, &(*cipherSuites)[i].suite, 2); | ||
2769 | |||
2770 | if (delete == 0) | ||
2771 | { | ||
2772 | |||
2773 | MHD__gnutls_handshake_log ("HSK[%x]: Keeping ciphersuite: %s\n", | ||
2774 | session, | ||
2775 | MHD_gtls_cipher_suite_get_name (&cs)); | ||
2776 | |||
2777 | memcpy (newSuite[newSuiteSize].suite, (*cipherSuites)[i].suite, 2); | ||
2778 | newSuiteSize++; | ||
2779 | } | ||
2780 | else | ||
2781 | { | ||
2782 | MHD__gnutls_handshake_log ("HSK[%x]: Removing ciphersuite: %s\n", | ||
2783 | session, | ||
2784 | MHD_gtls_cipher_suite_get_name (&cs)); | ||
2785 | |||
2786 | } | ||
2787 | } | ||
2788 | |||
2789 | MHD_gnutls_free (alg); | ||
2790 | MHD_gnutls_free (*cipherSuites); | ||
2791 | *cipherSuites = newSuite; | ||
2792 | |||
2793 | ret = newSuiteSize; | ||
2794 | |||
2795 | return ret; | ||
2796 | |||
2797 | } | ||
2798 | |||
2799 | enum MHD_GNUTLS_Protocol | ||
2800 | MHD_gtls_get_adv_version (MHD_gtls_session_t session) | ||
2801 | { | ||
2802 | return MHD_gtls_version_get (MHD__gnutls_get_adv_version_major (session), | ||
2803 | MHD__gnutls_get_adv_version_minor (session)); | ||
2804 | } | ||
diff --git a/src/daemon/https/tls/gnutls_handshake.h b/src/daemon/https/tls/gnutls_handshake.h deleted file mode 100644 index 58c95a84..00000000 --- a/src/daemon/https/tls/gnutls_handshake.h +++ /dev/null | |||
@@ -1,47 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | typedef enum Optional | ||
26 | { OPTIONAL_PACKET, MANDATORY_PACKET } Optional; | ||
27 | |||
28 | int MHD_gtls_send_handshake (MHD_gtls_session_t session, void *i_data, | ||
29 | uint32_t i_datasize, | ||
30 | MHD_gnutls_handshake_description_t type); | ||
31 | int MHD_gtls_recv_hello_request (MHD_gtls_session_t session, void *data, | ||
32 | uint32_t data_size); | ||
33 | int MHD_gtls_send_hello (MHD_gtls_session_t session, int again); | ||
34 | int MHD_gtls_recv_hello (MHD_gtls_session_t session, opaque * data, | ||
35 | int datalen); | ||
36 | int MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t **, int *, | ||
37 | MHD_gnutls_handshake_description_t, | ||
38 | Optional optional); | ||
39 | void | ||
40 | MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t session, | ||
41 | size_t max); | ||
42 | |||
43 | #define STATE session->internals.handshake_state | ||
44 | /* This returns true if we have got there | ||
45 | * before (and not finished due to an interrupt). | ||
46 | */ | ||
47 | #define AGAIN(target) STATE==target?1:0 | ||
diff --git a/src/daemon/https/tls/gnutls_hash_int.c b/src/daemon/https/tls/gnutls_hash_int.c deleted file mode 100644 index cc61203d..00000000 --- a/src/daemon/https/tls/gnutls_hash_int.c +++ /dev/null | |||
@@ -1,448 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file handles all the internal functions that cope with hashes | ||
26 | * and HMACs. | ||
27 | */ | ||
28 | |||
29 | #include <gnutls_int.h> | ||
30 | #include <gnutls_hash_int.h> | ||
31 | #include <gnutls_errors.h> | ||
32 | |||
33 | static inline Gc_hash | ||
34 | MHD__gnutls_mac2gc (enum MHD_GNUTLS_HashAlgorithm mac) | ||
35 | { | ||
36 | switch (mac) | ||
37 | { | ||
38 | case MHD_GNUTLS_MAC_NULL: | ||
39 | return -1; | ||
40 | break; | ||
41 | case MHD_GNUTLS_MAC_SHA1: | ||
42 | return GC_SHA1; | ||
43 | break; | ||
44 | case MHD_GNUTLS_MAC_SHA256: | ||
45 | return GC_SHA256; | ||
46 | break; | ||
47 | case MHD_GNUTLS_MAC_MD5: | ||
48 | return GC_MD5; | ||
49 | break; | ||
50 | default: | ||
51 | MHD_gnutls_assert (); | ||
52 | return -1; | ||
53 | } | ||
54 | return -1; | ||
55 | } | ||
56 | |||
57 | GNUTLS_HASH_HANDLE | ||
58 | MHD_gtls_hash_init (enum MHD_GNUTLS_HashAlgorithm algorithm) | ||
59 | { | ||
60 | mac_hd_t ret; | ||
61 | int result; | ||
62 | |||
63 | ret = MHD_gnutls_malloc (sizeof (mac_hd_st)); | ||
64 | if (ret == NULL) | ||
65 | { | ||
66 | MHD_gnutls_assert (); | ||
67 | return GNUTLS_HASH_FAILED; | ||
68 | } | ||
69 | |||
70 | ret->algorithm = algorithm; | ||
71 | |||
72 | result = MHD_gc_hash_open (MHD__gnutls_mac2gc (algorithm), 0, &ret->handle); | ||
73 | if (result) | ||
74 | { | ||
75 | MHD_gnutls_assert (); | ||
76 | MHD_gnutls_free (ret); | ||
77 | ret = GNUTLS_HASH_FAILED; | ||
78 | } | ||
79 | |||
80 | return ret; | ||
81 | } | ||
82 | |||
83 | int | ||
84 | MHD_gnutls_hash_get_algo_len (enum MHD_GNUTLS_HashAlgorithm algorithm) | ||
85 | { | ||
86 | int ret; | ||
87 | |||
88 | ret = MHD_gc_hash_digest_length (MHD__gnutls_mac2gc (algorithm)); | ||
89 | |||
90 | return ret; | ||
91 | |||
92 | } | ||
93 | |||
94 | int | ||
95 | MHD_gnutls_hash (GNUTLS_HASH_HANDLE handle, const void *text, size_t textlen) | ||
96 | { | ||
97 | if (textlen > 0) | ||
98 | MHD_gc_hash_write (handle->handle, textlen, text); | ||
99 | return 0; | ||
100 | } | ||
101 | |||
102 | GNUTLS_HASH_HANDLE | ||
103 | MHD_gnutls_hash_copy (GNUTLS_HASH_HANDLE handle) | ||
104 | { | ||
105 | GNUTLS_HASH_HANDLE ret; | ||
106 | int result; | ||
107 | |||
108 | ret = MHD_gnutls_malloc (sizeof (mac_hd_st)); | ||
109 | |||
110 | if (ret == NULL) | ||
111 | return GNUTLS_HASH_FAILED; | ||
112 | |||
113 | ret->algorithm = handle->algorithm; | ||
114 | ret->key = NULL; /* it's a hash anyway */ | ||
115 | ret->keysize = 0; | ||
116 | |||
117 | result = MHD_gc_hash_clone (handle->handle, &ret->handle); | ||
118 | |||
119 | if (result) | ||
120 | { | ||
121 | MHD_gnutls_free (ret); | ||
122 | return GNUTLS_HASH_FAILED; | ||
123 | } | ||
124 | |||
125 | return ret; | ||
126 | } | ||
127 | |||
128 | void | ||
129 | MHD_gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest) | ||
130 | { | ||
131 | const opaque *mac; | ||
132 | int maclen; | ||
133 | |||
134 | maclen = MHD_gnutls_hash_get_algo_len (handle->algorithm); | ||
135 | |||
136 | mac = (unsigned char *) MHD_gc_hash_read (handle->handle); | ||
137 | if (digest != NULL) | ||
138 | memcpy (digest, mac, maclen); | ||
139 | |||
140 | MHD_gc_hash_close (handle->handle); | ||
141 | |||
142 | MHD_gnutls_free (handle); | ||
143 | } | ||
144 | |||
145 | |||
146 | mac_hd_t | ||
147 | MHD_gtls_MHD_hmac_init (enum MHD_GNUTLS_HashAlgorithm algorithm, | ||
148 | const void *key, int keylen) | ||
149 | { | ||
150 | mac_hd_t ret; | ||
151 | int result; | ||
152 | |||
153 | ret = MHD_gnutls_malloc (sizeof (mac_hd_st)); | ||
154 | if (ret == NULL) | ||
155 | return GNUTLS_MAC_FAILED; | ||
156 | |||
157 | result = | ||
158 | MHD_gc_hash_open (MHD__gnutls_mac2gc (algorithm), GC_HMAC, &ret->handle); | ||
159 | if (result) | ||
160 | { | ||
161 | MHD_gnutls_free (ret); | ||
162 | return GNUTLS_MAC_FAILED; | ||
163 | } | ||
164 | |||
165 | MHD_gc_hash_MHD_hmac_setkey (ret->handle, keylen, key); | ||
166 | |||
167 | ret->algorithm = algorithm; | ||
168 | ret->key = key; | ||
169 | ret->keysize = keylen; | ||
170 | |||
171 | return ret; | ||
172 | } | ||
173 | |||
174 | void | ||
175 | MHD_gnutls_MHD_hmac_deinit (mac_hd_t handle, void *digest) | ||
176 | { | ||
177 | const opaque *mac; | ||
178 | int maclen; | ||
179 | |||
180 | maclen = MHD_gnutls_hash_get_algo_len (handle->algorithm); | ||
181 | |||
182 | mac = (unsigned char *) MHD_gc_hash_read (handle->handle); | ||
183 | |||
184 | if (digest != NULL) | ||
185 | memcpy (digest, mac, maclen); | ||
186 | |||
187 | MHD_gc_hash_close (handle->handle); | ||
188 | |||
189 | MHD_gnutls_free (handle); | ||
190 | } | ||
191 | |||
192 | inline static int | ||
193 | get_padsize (enum MHD_GNUTLS_HashAlgorithm algorithm) | ||
194 | { | ||
195 | switch (algorithm) | ||
196 | { | ||
197 | case MHD_GNUTLS_MAC_MD5: | ||
198 | return 48; | ||
199 | case MHD_GNUTLS_MAC_SHA1: | ||
200 | return 40; | ||
201 | default: | ||
202 | return 0; | ||
203 | } | ||
204 | } | ||
205 | |||
206 | mac_hd_t | ||
207 | MHD_gnutls_mac_init_ssl3 (enum MHD_GNUTLS_HashAlgorithm algorithm, void *key, | ||
208 | int keylen) | ||
209 | { | ||
210 | mac_hd_t ret; | ||
211 | opaque ipad[48]; | ||
212 | int padsize; | ||
213 | |||
214 | padsize = get_padsize (algorithm); | ||
215 | if (padsize == 0) | ||
216 | { | ||
217 | MHD_gnutls_assert (); | ||
218 | return GNUTLS_MAC_FAILED; | ||
219 | } | ||
220 | |||
221 | memset (ipad, 0x36, padsize); | ||
222 | |||
223 | ret = MHD_gtls_hash_init (algorithm); | ||
224 | if (ret != GNUTLS_HASH_FAILED) | ||
225 | { | ||
226 | ret->key = key; | ||
227 | ret->keysize = keylen; | ||
228 | |||
229 | if (keylen > 0) | ||
230 | MHD_gnutls_hash (ret, key, keylen); | ||
231 | MHD_gnutls_hash (ret, ipad, padsize); | ||
232 | } | ||
233 | |||
234 | return ret; | ||
235 | } | ||
236 | |||
237 | void | ||
238 | MHD_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest) | ||
239 | { | ||
240 | opaque ret[MAX_HASH_SIZE]; | ||
241 | mac_hd_t td; | ||
242 | opaque opad[48]; | ||
243 | int padsize; | ||
244 | int block; | ||
245 | |||
246 | padsize = get_padsize (handle->algorithm); | ||
247 | if (padsize == 0) | ||
248 | { | ||
249 | MHD_gnutls_assert (); | ||
250 | return; | ||
251 | } | ||
252 | |||
253 | memset (opad, 0x5C, padsize); | ||
254 | |||
255 | td = MHD_gtls_hash_init (handle->algorithm); | ||
256 | if (td != GNUTLS_MAC_FAILED) | ||
257 | { | ||
258 | if (handle->keysize > 0) | ||
259 | MHD_gnutls_hash (td, handle->key, handle->keysize); | ||
260 | |||
261 | MHD_gnutls_hash (td, opad, padsize); | ||
262 | block = MHD_gnutls_hash_get_algo_len (handle->algorithm); | ||
263 | MHD_gnutls_hash_deinit (handle, ret); /* get the previous hash */ | ||
264 | MHD_gnutls_hash (td, ret, block); | ||
265 | |||
266 | MHD_gnutls_hash_deinit (td, digest); | ||
267 | } | ||
268 | } | ||
269 | |||
270 | void | ||
271 | MHD_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle, | ||
272 | void *digest, opaque * key, | ||
273 | uint32_t key_size) | ||
274 | { | ||
275 | opaque ret[MAX_HASH_SIZE]; | ||
276 | mac_hd_t td; | ||
277 | opaque opad[48]; | ||
278 | opaque ipad[48]; | ||
279 | int padsize; | ||
280 | int block; | ||
281 | |||
282 | padsize = get_padsize (handle->algorithm); | ||
283 | if (padsize == 0) | ||
284 | { | ||
285 | MHD_gnutls_assert (); | ||
286 | return; | ||
287 | } | ||
288 | |||
289 | memset (opad, 0x5C, padsize); | ||
290 | memset (ipad, 0x36, padsize); | ||
291 | |||
292 | td = MHD_gtls_hash_init (handle->algorithm); | ||
293 | if (td != GNUTLS_HASH_FAILED) | ||
294 | { | ||
295 | if (key_size > 0) | ||
296 | MHD_gnutls_hash (td, key, key_size); | ||
297 | |||
298 | MHD_gnutls_hash (td, opad, padsize); | ||
299 | block = MHD_gnutls_hash_get_algo_len (handle->algorithm); | ||
300 | |||
301 | if (key_size > 0) | ||
302 | MHD_gnutls_hash (handle, key, key_size); | ||
303 | MHD_gnutls_hash (handle, ipad, padsize); | ||
304 | MHD_gnutls_hash_deinit (handle, ret); /* get the previous hash */ | ||
305 | |||
306 | MHD_gnutls_hash (td, ret, block); | ||
307 | |||
308 | MHD_gnutls_hash_deinit (td, digest); | ||
309 | } | ||
310 | } | ||
311 | |||
312 | static int | ||
313 | ssl3_sha (int i, opaque * secret, int secret_len, | ||
314 | opaque * rnd, int rnd_len, void *digest) | ||
315 | { | ||
316 | int j; | ||
317 | opaque text1[26]; | ||
318 | |||
319 | GNUTLS_HASH_HANDLE td; | ||
320 | |||
321 | for (j = 0; j < i + 1; j++) | ||
322 | { | ||
323 | text1[j] = 65 + i; /* A==65 */ | ||
324 | } | ||
325 | |||
326 | td = MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1); | ||
327 | if (td == NULL) | ||
328 | { | ||
329 | MHD_gnutls_assert (); | ||
330 | return GNUTLS_E_HASH_FAILED; | ||
331 | } | ||
332 | |||
333 | MHD_gnutls_hash (td, text1, i + 1); | ||
334 | MHD_gnutls_hash (td, secret, secret_len); | ||
335 | MHD_gnutls_hash (td, rnd, rnd_len); | ||
336 | |||
337 | MHD_gnutls_hash_deinit (td, digest); | ||
338 | return 0; | ||
339 | } | ||
340 | |||
341 | static int | ||
342 | ssl3_md5 (int i, opaque * secret, int secret_len, | ||
343 | opaque * rnd, int rnd_len, void *digest) | ||
344 | { | ||
345 | opaque tmp[MAX_HASH_SIZE]; | ||
346 | mac_hd_t td; | ||
347 | int ret; | ||
348 | |||
349 | td = MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5); | ||
350 | if (td == NULL) | ||
351 | { | ||
352 | MHD_gnutls_assert (); | ||
353 | return GNUTLS_E_HASH_FAILED; | ||
354 | } | ||
355 | |||
356 | MHD_gnutls_hash (td, secret, secret_len); | ||
357 | |||
358 | ret = ssl3_sha (i, secret, secret_len, rnd, rnd_len, tmp); | ||
359 | if (ret < 0) | ||
360 | { | ||
361 | MHD_gnutls_assert (); | ||
362 | MHD_gnutls_hash_deinit (td, digest); | ||
363 | return ret; | ||
364 | } | ||
365 | |||
366 | MHD_gnutls_hash (td, tmp, | ||
367 | MHD_gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_SHA1)); | ||
368 | |||
369 | MHD_gnutls_hash_deinit (td, digest); | ||
370 | return 0; | ||
371 | } | ||
372 | |||
373 | int | ||
374 | MHD_gnutls_ssl3_hash_md5 (void *first, int first_len, | ||
375 | void *second, int second_len, int ret_len, | ||
376 | opaque * ret) | ||
377 | { | ||
378 | opaque digest[MAX_HASH_SIZE]; | ||
379 | mac_hd_t td; | ||
380 | int block = MHD_gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_MD5); | ||
381 | |||
382 | td = MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5); | ||
383 | if (td == NULL) | ||
384 | { | ||
385 | MHD_gnutls_assert (); | ||
386 | return GNUTLS_E_HASH_FAILED; | ||
387 | } | ||
388 | |||
389 | MHD_gnutls_hash (td, first, first_len); | ||
390 | MHD_gnutls_hash (td, second, second_len); | ||
391 | |||
392 | MHD_gnutls_hash_deinit (td, digest); | ||
393 | |||
394 | if (ret_len > block) | ||
395 | { | ||
396 | MHD_gnutls_assert (); | ||
397 | return GNUTLS_E_INTERNAL_ERROR; | ||
398 | } | ||
399 | |||
400 | memcpy (ret, digest, ret_len); | ||
401 | |||
402 | return 0; | ||
403 | |||
404 | } | ||
405 | |||
406 | int | ||
407 | MHD_gnutls_ssl3_generate_random (void *secret, int secret_len, | ||
408 | void *rnd, int rnd_len, | ||
409 | int ret_bytes, opaque * ret) | ||
410 | { | ||
411 | int i = 0, copy, output_bytes; | ||
412 | opaque digest[MAX_HASH_SIZE]; | ||
413 | int block = MHD_gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_MD5); | ||
414 | int result, times; | ||
415 | |||
416 | output_bytes = 0; | ||
417 | do | ||
418 | { | ||
419 | output_bytes += block; | ||
420 | } | ||
421 | while (output_bytes < ret_bytes); | ||
422 | |||
423 | times = output_bytes / block; | ||
424 | |||
425 | for (i = 0; i < times; i++) | ||
426 | { | ||
427 | |||
428 | result = ssl3_md5 (i, secret, secret_len, rnd, rnd_len, digest); | ||
429 | if (result < 0) | ||
430 | { | ||
431 | MHD_gnutls_assert (); | ||
432 | return result; | ||
433 | } | ||
434 | |||
435 | if ((1 + i) * block < ret_bytes) | ||
436 | { | ||
437 | copy = block; | ||
438 | } | ||
439 | else | ||
440 | { | ||
441 | copy = ret_bytes - (i) * block; | ||
442 | } | ||
443 | |||
444 | memcpy (&ret[i * block], digest, copy); | ||
445 | } | ||
446 | |||
447 | return 0; | ||
448 | } | ||
diff --git a/src/daemon/https/tls/gnutls_hash_int.h b/src/daemon/https/tls/gnutls_hash_int.h deleted file mode 100644 index bd3dec29..00000000 --- a/src/daemon/https/tls/gnutls_hash_int.h +++ /dev/null | |||
@@ -1,72 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef GNUTLS_HASH_INT_H | ||
26 | # define GNUTLS_HASH_INT_H | ||
27 | |||
28 | #include <gnutls_int.h> | ||
29 | |||
30 | /* for message digests */ | ||
31 | |||
32 | typedef struct | ||
33 | { | ||
34 | MHD_gc_hash_handle handle; | ||
35 | enum MHD_GNUTLS_HashAlgorithm algorithm; | ||
36 | const void *key; | ||
37 | int keysize; | ||
38 | } mac_hd_st; | ||
39 | typedef mac_hd_st *mac_hd_t; | ||
40 | typedef mac_hd_t GNUTLS_HASH_HANDLE; | ||
41 | |||
42 | #define GNUTLS_HASH_FAILED NULL | ||
43 | #define GNUTLS_MAC_FAILED NULL | ||
44 | |||
45 | mac_hd_t MHD_gtls_MHD_hmac_init (enum MHD_GNUTLS_HashAlgorithm algorithm, | ||
46 | const void *key, int keylen); | ||
47 | |||
48 | void MHD_gnutls_MHD_hmac_deinit (mac_hd_t handle, void *digest); | ||
49 | |||
50 | mac_hd_t MHD_gnutls_mac_init_ssl3 (enum MHD_GNUTLS_HashAlgorithm algorithm, | ||
51 | void *key, int keylen); | ||
52 | void MHD_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest); | ||
53 | |||
54 | GNUTLS_HASH_HANDLE MHD_gtls_hash_init (enum MHD_GNUTLS_HashAlgorithm | ||
55 | algorithm); | ||
56 | int MHD_gnutls_hash_get_algo_len (enum MHD_GNUTLS_HashAlgorithm algorithm); | ||
57 | int MHD_gnutls_hash (GNUTLS_HASH_HANDLE handle, const void *text, | ||
58 | size_t textlen); | ||
59 | void MHD_gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest); | ||
60 | |||
61 | int MHD_gnutls_ssl3_generate_random (void *secret, int secret_len, | ||
62 | void *rnd, int random_len, int bytes, | ||
63 | opaque * ret); | ||
64 | int MHD_gnutls_ssl3_hash_md5 (void *first, int first_len, void *second, | ||
65 | int second_len, int ret_len, opaque * ret); | ||
66 | |||
67 | void MHD_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle, void *digest, | ||
68 | opaque * key, uint32_t key_size); | ||
69 | |||
70 | GNUTLS_HASH_HANDLE MHD_gnutls_hash_copy (GNUTLS_HASH_HANDLE handle); | ||
71 | |||
72 | #endif /* GNUTLS_HASH_INT_H */ | ||
diff --git a/src/daemon/https/tls/gnutls_int.h b/src/daemon/https/tls/gnutls_int.h deleted file mode 100644 index 25a861ed..00000000 --- a/src/daemon/https/tls/gnutls_int.h +++ /dev/null | |||
@@ -1,642 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef GNUTLS_INT_H | ||
26 | #define GNUTLS_INT_H | ||
27 | |||
28 | #include <defines.h> | ||
29 | |||
30 | #include "gnutls.h" | ||
31 | #include "microhttpd.h" | ||
32 | |||
33 | #include "gnutls_mem.h" | ||
34 | |||
35 | /* FIXME: delete this once opencdk has reentrant keyring functions | ||
36 | */ | ||
37 | #define KEYRING_HACK | ||
38 | |||
39 | #ifndef MAX | ||
40 | #define MAX(X,Y) ((X) > (Y) ? (X) : (Y)) | ||
41 | #endif | ||
42 | |||
43 | #define MAX32 4294967295 | ||
44 | #define MAX24 16777215 | ||
45 | #define MAX16 65535 | ||
46 | |||
47 | /* The size of a handshake message should not | ||
48 | * be larger than this value. | ||
49 | */ | ||
50 | #define MAX_HANDSHAKE_PACKET_SIZE 48*1024 | ||
51 | |||
52 | #define TLS_RANDOM_SIZE 32 | ||
53 | #define TLS_MAX_SESSION_ID_SIZE 32 | ||
54 | #define TLS_MASTER_SIZE 48 | ||
55 | |||
56 | /* The maximum digest size of hash algorithms. | ||
57 | */ | ||
58 | #define MAX_HASH_SIZE 64 | ||
59 | |||
60 | #define MAX_LOG_SIZE 1024 /* maximum size of log message */ | ||
61 | #define MAX_SERVER_NAME_SIZE 128 | ||
62 | |||
63 | /* we can receive up to MAX_EXT_TYPES extensions. | ||
64 | */ | ||
65 | #define MAX_EXT_TYPES 64 | ||
66 | |||
67 | /* The initial size of the receive | ||
68 | * buffer size. This will grow if larger | ||
69 | * packets are received. | ||
70 | */ | ||
71 | #define INITIAL_RECV_BUFFER_SIZE 256 | ||
72 | |||
73 | /* the default for TCP */ | ||
74 | #define DEFAULT_LOWAT 1 | ||
75 | |||
76 | /* expire time for resuming sessions */ | ||
77 | #define DEFAULT_EXPIRE_TIME 3600 | ||
78 | |||
79 | /* the maximum size of encrypted packets */ | ||
80 | #define DEFAULT_MAX_RECORD_SIZE 16384 | ||
81 | #define RECORD_HEADER_SIZE 5 | ||
82 | #define MAX_RECORD_SEND_SIZE (size_t)session->security_parameters.max_record_send_size | ||
83 | #define MAX_RECORD_RECV_SIZE (size_t)session->security_parameters.max_record_recv_size | ||
84 | #define MAX_PAD_SIZE 255 | ||
85 | #define EXTRA_COMP_SIZE 2048 | ||
86 | #define MAX_RECORD_OVERHEAD MAX_PAD_SIZE+EXTRA_COMP_SIZE | ||
87 | #define MAX_RECV_SIZE MAX_RECORD_OVERHEAD+MAX_RECORD_RECV_SIZE+RECORD_HEADER_SIZE | ||
88 | |||
89 | #define HANDSHAKE_HEADER_SIZE 4 | ||
90 | |||
91 | /* defaults for verification functions | ||
92 | */ | ||
93 | #define DEFAULT_VERIFY_DEPTH 32 | ||
94 | #define DEFAULT_VERIFY_BITS 16*1024 | ||
95 | |||
96 | #define DECR_LEN(len, x) do { len-=x; if (len<0) {MHD_gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;} } while (0) | ||
97 | #define DECR_LENGTH_RET(len, x, RET) do { len-=x; if (len<0) {MHD_gnutls_assert(); return RET;} } while (0) | ||
98 | #define DECR_LENGTH_COM(len, x, COM) do { len-=x; if (len<0) {MHD_gnutls_assert(); COM;} } while (0) | ||
99 | |||
100 | #define HASH2MAC(x) ((enum MHD_GNUTLS_HashAlgorithm)x) | ||
101 | |||
102 | /* TODO rm */ | ||
103 | /* Additional cast to bring void* to a type castable to int. */ | ||
104 | #define GNUTLS_POINTER_TO_INT_CAST (long) | ||
105 | |||
106 | #define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_)) | ||
107 | #define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_)) | ||
108 | |||
109 | typedef unsigned char opaque; | ||
110 | typedef struct | ||
111 | { | ||
112 | opaque pint[3]; | ||
113 | } uint24; | ||
114 | |||
115 | #include <gnutls_mpi.h> | ||
116 | |||
117 | typedef enum change_cipher_spec_t | ||
118 | { | ||
119 | GNUTLS_TYPE_CHANGE_CIPHER_SPEC = 1 | ||
120 | } change_cipher_spec_t; | ||
121 | |||
122 | typedef enum handshake_state_t | ||
123 | { | ||
124 | STATE0 = 0, STATE1, STATE2, | ||
125 | STATE3, STATE4, STATE5, | ||
126 | STATE6, STATE7, STATE8, STATE9, STATE20 = 20, STATE21, | ||
127 | STATE30 = 30, STATE31, STATE50 = 50, STATE60 = 60, STATE61, STATE62, | ||
128 | STATE70, STATE71 | ||
129 | } handshake_state_t; | ||
130 | |||
131 | #include <gnutls_str.h> | ||
132 | |||
133 | typedef MHD_gtls_string MHD_gtls_buffer; | ||
134 | |||
135 | #define MHD_gtls_buffer_init(buf) MHD_gtls_string_init(buf, MHD_gnutls_malloc, MHD_gnutls_realloc, MHD_gnutls_free); | ||
136 | #define MHD_gtls_buffer_clear MHD_gtls_string_clear | ||
137 | #define MHD_gtls_buffer_append MHD_gtls_string_append_data | ||
138 | |||
139 | /* This is the maximum number of algorithms (ciphers or macs etc). | ||
140 | * keep it synced with GNUTLS_MAX_ALGORITHM_NUM in gnutls.h | ||
141 | */ | ||
142 | #define MAX_ALGOS 16 | ||
143 | |||
144 | #define MAX_CIPHERSUITES 256 | ||
145 | |||
146 | typedef enum extensions_t | ||
147 | { GNUTLS_EXTENSION_SERVER_NAME = 0, | ||
148 | GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1, | ||
149 | GNUTLS_EXTENSION_CERT_TYPE = 9, | ||
150 | GNUTLS_EXTENSION_SRP = 12, | ||
151 | GNUTLS_EXTENSION_INNER_APPLICATION = 37703 | ||
152 | } extensions_t; | ||
153 | |||
154 | typedef enum | ||
155 | { CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t; | ||
156 | |||
157 | typedef enum valid_session_t | ||
158 | { VALID_TRUE, VALID_FALSE } valid_session_t; | ||
159 | typedef enum resumable_session_t | ||
160 | { RESUME_TRUE, | ||
161 | RESUME_FALSE | ||
162 | } resumable_session_t; | ||
163 | |||
164 | /* Record Protocol */ | ||
165 | typedef enum content_type_t | ||
166 | { | ||
167 | GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT, | ||
168 | GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA, | ||
169 | GNUTLS_INNER_APPLICATION = 24 | ||
170 | } content_type_t; | ||
171 | |||
172 | #define GNUTLS_PK_ANY (enum MHD_GNUTLS_PublicKeyAlgorithm)-1 | ||
173 | #define GNUTLS_PK_NONE (enum MHD_GNUTLS_PublicKeyAlgorithm)-2 | ||
174 | |||
175 | /* STATE (stop) */ | ||
176 | |||
177 | typedef void (*LOG_FUNC) (int, const char *); | ||
178 | |||
179 | /* Store & Retrieve functions defines: */ | ||
180 | typedef struct MHD_gtls_auth_cred_st | ||
181 | { | ||
182 | enum MHD_GNUTLS_CredentialsType algorithm; | ||
183 | |||
184 | /* the type of credentials depends on algorithm | ||
185 | */ | ||
186 | void *credentials; | ||
187 | struct MHD_gtls_auth_cred_st *next; | ||
188 | } auth_cred_st; | ||
189 | |||
190 | struct MHD_gtls_key | ||
191 | { | ||
192 | /* For DH KX */ | ||
193 | MHD_gnutls_datum_t key; | ||
194 | mpi_t KEY; | ||
195 | mpi_t client_Y; | ||
196 | mpi_t client_g; | ||
197 | mpi_t client_p; | ||
198 | mpi_t dh_secret; | ||
199 | /* for SRP */ | ||
200 | mpi_t A; | ||
201 | mpi_t B; | ||
202 | mpi_t u; | ||
203 | mpi_t b; | ||
204 | mpi_t a; | ||
205 | mpi_t x; | ||
206 | /* RSA: e, m | ||
207 | */ | ||
208 | mpi_t rsa[2]; | ||
209 | |||
210 | /* this is used to hold the peers authentication data | ||
211 | */ | ||
212 | /* auth_info_t structures SHOULD NOT contain malloced | ||
213 | * elements. Check MHD_gnutls_session_pack.c, and MHD_gnutls_auth.c. | ||
214 | * Rememember that this should be calloced! | ||
215 | */ | ||
216 | void *auth_info; | ||
217 | enum MHD_GNUTLS_CredentialsType auth_info_type; | ||
218 | int auth_info_size; /* needed in order to store to db for restoring | ||
219 | */ | ||
220 | uint8_t crypt_algo; | ||
221 | |||
222 | auth_cred_st *cred; /* used to specify keys/certificates etc */ | ||
223 | |||
224 | int certificate_requested; | ||
225 | /* some ciphersuites use this | ||
226 | * to provide client authentication. | ||
227 | * 1 if client auth was requested | ||
228 | * by the peer, 0 otherwise | ||
229 | *** In case of a server this | ||
230 | * holds 1 if we should wait | ||
231 | * for a client certificate verify | ||
232 | */ | ||
233 | }; | ||
234 | typedef struct MHD_gtls_key *MHD_gtls_key_st; | ||
235 | |||
236 | /* STATE (cont) */ | ||
237 | #include <gnutls_hash_int.h> | ||
238 | #include <gnutls_cipher_int.h> | ||
239 | #include <gnutls_cert.h> | ||
240 | |||
241 | typedef struct | ||
242 | { | ||
243 | uint8_t suite[2]; | ||
244 | } cipher_suite_st; | ||
245 | |||
246 | /* This structure holds parameters got from TLS extension | ||
247 | * mechanism. (some extensions may hold parameters in auth_info_t | ||
248 | * structures also - see SRP). | ||
249 | */ | ||
250 | typedef struct | ||
251 | { | ||
252 | opaque name[MAX_SERVER_NAME_SIZE]; | ||
253 | unsigned name_length; | ||
254 | MHD_gnutls_server_name_type_t type; | ||
255 | } server_name_st; | ||
256 | |||
257 | #define MAX_SERVER_NAME_EXTENSIONS 3 | ||
258 | typedef struct | ||
259 | { | ||
260 | server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS]; | ||
261 | /* limit server_name extensions */ | ||
262 | unsigned server_names_size; | ||
263 | |||
264 | /* TLS/IA data. */ | ||
265 | int MHD_gnutls_ia_enable, MHD_gnutls_ia_peer_enable; | ||
266 | int MHD_gnutls_ia_allowskip, MHD_gnutls_ia_peer_allowskip; | ||
267 | |||
268 | /* Used by extensions that enable supplemental data. */ | ||
269 | int do_recv_supplemental, do_send_supplemental; | ||
270 | |||
271 | } MHD_gtls_ext_st; | ||
272 | |||
273 | /* This flag indicates for an extension whether | ||
274 | * it is useful to application level or TLS level only. | ||
275 | * This is used to parse the application level extensions | ||
276 | * before the user_hello callback is called. | ||
277 | */ | ||
278 | typedef enum tls_ext_parse_type_t | ||
279 | { | ||
280 | EXTENSION_ANY, | ||
281 | EXTENSION_APPLICATION, | ||
282 | EXTENSION_TLS | ||
283 | } MHD_gtls_ext_parse_type_t; | ||
284 | |||
285 | /* auth_info_t structures now MAY contain malloced | ||
286 | * elements. | ||
287 | */ | ||
288 | |||
289 | /* This structure and auth_info_t, are stored in the resume database, | ||
290 | * and are restored, in case of resume. | ||
291 | * Holds all the required parameters to resume the current | ||
292 | * session. | ||
293 | */ | ||
294 | |||
295 | /* if you add anything in Security_Parameters struct, then | ||
296 | * also modify CPY_COMMON in MHD_gnutls_constate.c | ||
297 | */ | ||
298 | |||
299 | /* Note that the security parameters structure is set up after the | ||
300 | * handshake has finished. The only value you may depend on while | ||
301 | * the handshake is in progress is the cipher suite value. | ||
302 | */ | ||
303 | typedef struct | ||
304 | { | ||
305 | MHD_gnutls_connection_end_t entity; | ||
306 | enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm; | ||
307 | /* we've got separate write/read bulk/macs because | ||
308 | * there is a time in handshake where the peer has | ||
309 | * null cipher and we don't | ||
310 | */ | ||
311 | enum MHD_GNUTLS_CipherAlgorithm read_bulk_cipher_algorithm; | ||
312 | enum MHD_GNUTLS_HashAlgorithm read_mac_algorithm; | ||
313 | enum MHD_GNUTLS_CompressionMethod read_compression_algorithm; | ||
314 | |||
315 | enum MHD_GNUTLS_CipherAlgorithm write_bulk_cipher_algorithm; | ||
316 | enum MHD_GNUTLS_HashAlgorithm write_mac_algorithm; | ||
317 | enum MHD_GNUTLS_CompressionMethod write_compression_algorithm; | ||
318 | |||
319 | /* this is the ciphersuite we are going to use | ||
320 | * moved here from internals in order to be restored | ||
321 | * on resume; | ||
322 | */ | ||
323 | cipher_suite_st current_cipher_suite; | ||
324 | opaque master_secret[TLS_MASTER_SIZE]; | ||
325 | opaque client_random[TLS_RANDOM_SIZE]; | ||
326 | opaque server_random[TLS_RANDOM_SIZE]; | ||
327 | opaque session_id[TLS_MAX_SESSION_ID_SIZE]; | ||
328 | uint8_t session_id_size; | ||
329 | time_t timestamp; | ||
330 | MHD_gtls_ext_st extensions; | ||
331 | |||
332 | /* The send size is the one requested by the programmer. | ||
333 | * The recv size is the one negotiated with the peer. | ||
334 | */ | ||
335 | uint16_t max_record_send_size; | ||
336 | uint16_t max_record_recv_size; | ||
337 | /* holds the negotiated certificate type */ | ||
338 | enum MHD_GNUTLS_CertificateType cert_type; | ||
339 | enum MHD_GNUTLS_Protocol version; /* moved here */ | ||
340 | /* For TLS/IA. XXX: Move to IA credential? */ | ||
341 | opaque inner_secret[TLS_MASTER_SIZE]; | ||
342 | } MHD_gtls_security_param_st; | ||
343 | |||
344 | /* This structure holds the generated keys | ||
345 | */ | ||
346 | typedef struct | ||
347 | { | ||
348 | MHD_gnutls_datum_t server_write_mac_secret; | ||
349 | MHD_gnutls_datum_t client_write_mac_secret; | ||
350 | MHD_gnutls_datum_t server_write_IV; | ||
351 | MHD_gnutls_datum_t client_write_IV; | ||
352 | MHD_gnutls_datum_t server_write_key; | ||
353 | MHD_gnutls_datum_t client_write_key; | ||
354 | int generated_keys; /* zero if keys have not | ||
355 | * been generated. Non zero | ||
356 | * otherwise. | ||
357 | */ | ||
358 | } MHD_gtls_cipher_specs_st; | ||
359 | |||
360 | typedef struct | ||
361 | { | ||
362 | cipher_hd_t write_cipher_state; | ||
363 | cipher_hd_t read_cipher_state; | ||
364 | MHD_gnutls_datum_t read_mac_secret; | ||
365 | MHD_gnutls_datum_t write_mac_secret; | ||
366 | uint64 read_sequence_number; | ||
367 | uint64 write_sequence_number; | ||
368 | } MHD_gtls_conn_stat_st; | ||
369 | |||
370 | typedef struct | ||
371 | { | ||
372 | unsigned int priority[MAX_ALGOS]; | ||
373 | unsigned int num_algorithms; | ||
374 | } MHD_gtls_priority_st; | ||
375 | |||
376 | /* For the external api */ | ||
377 | struct MHD_gtls_priority_st | ||
378 | { | ||
379 | MHD_gtls_priority_st cipher; | ||
380 | MHD_gtls_priority_st mac; | ||
381 | MHD_gtls_priority_st kx; | ||
382 | MHD_gtls_priority_st compression; | ||
383 | MHD_gtls_priority_st protocol; | ||
384 | |||
385 | /* certificate type : x509, OpenPGP, etc. */ | ||
386 | MHD_gtls_priority_st cert_type; | ||
387 | |||
388 | /* to disable record padding */ | ||
389 | int no_padding; | ||
390 | }; | ||
391 | |||
392 | /* DH and RSA parameters types. | ||
393 | */ | ||
394 | typedef struct MHD_gtls_dh_params_int | ||
395 | { | ||
396 | /* [0] is the prime, [1] is the generator. | ||
397 | */ | ||
398 | mpi_t params[2]; | ||
399 | } MHD_gtls_dh_params_st; | ||
400 | |||
401 | typedef struct | ||
402 | { | ||
403 | MHD_gtls_dh_params_t dh_params; | ||
404 | int free_dh_params; | ||
405 | MHD_gtls_rsa_params_t rsa_params; | ||
406 | int free_rsa_params; | ||
407 | } MHD_gtls_internal_params_st; | ||
408 | |||
409 | typedef struct | ||
410 | { | ||
411 | opaque header[HANDSHAKE_HEADER_SIZE]; | ||
412 | /* this holds the number of bytes in the handshake_header[] */ | ||
413 | size_t header_size; | ||
414 | /* this holds the length of the handshake packet */ | ||
415 | size_t packet_length; | ||
416 | MHD_gnutls_handshake_description_t recv_type; | ||
417 | } MHD_gtls_handshake_header_buffer_st; | ||
418 | |||
419 | typedef struct | ||
420 | { | ||
421 | MHD_gtls_buffer application_data_buffer; /* holds data to be delivered to application layer */ | ||
422 | MHD_gtls_buffer handshake_hash_buffer; /* used to keep the last received handshake | ||
423 | * message */ | ||
424 | mac_hd_t handshake_mac_handle_sha; /* hash of the handshake messages */ | ||
425 | mac_hd_t handshake_mac_handle_md5; /* hash of the handshake messages */ | ||
426 | |||
427 | MHD_gtls_buffer handshake_data_buffer; /* this is a buffer that holds the current handshake message */ | ||
428 | MHD_gtls_buffer ia_data_buffer; /* holds inner application data (TLS/IA) */ | ||
429 | resumable_session_t resumable; /* TRUE or FALSE - if we can resume that session */ | ||
430 | handshake_state_t handshake_state; /* holds | ||
431 | * a number which indicates where | ||
432 | * the handshake procedure has been | ||
433 | * interrupted. If it is 0 then | ||
434 | * no interruption has happened. | ||
435 | */ | ||
436 | |||
437 | valid_session_t valid_connection; /* true or FALSE - if this session is valid */ | ||
438 | |||
439 | int may_not_read; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write | ||
440 | */ | ||
441 | int may_not_write; | ||
442 | int read_eof; /* non-zero if we have received a closure alert. */ | ||
443 | |||
444 | int last_alert; /* last alert received */ | ||
445 | int last_alert_level; /* last alert level */ | ||
446 | |||
447 | /* The last handshake messages sent or received. | ||
448 | */ | ||
449 | int last_handshake_in; | ||
450 | int last_handshake_out; | ||
451 | |||
452 | /* this is the compression method we are going to use */ | ||
453 | enum MHD_GNUTLS_CompressionMethod compression_method; | ||
454 | |||
455 | /* priorities */ | ||
456 | struct MHD_gtls_priority_st priorities; | ||
457 | |||
458 | /* resumed session */ | ||
459 | resumable_session_t resumed; /* RESUME_TRUE or FALSE - if we are resuming a session */ | ||
460 | MHD_gtls_security_param_st resumed_security_parameters; | ||
461 | |||
462 | /* sockets internals */ | ||
463 | int lowat; | ||
464 | |||
465 | /* These buffers are used in the handshake | ||
466 | * protocol only. freed using MHD__gnutls_handshake_io_buffer_clear(); | ||
467 | */ | ||
468 | MHD_gtls_buffer handshake_send_buffer; | ||
469 | size_t handshake_send_buffer_prev_size; | ||
470 | content_type_t handshake_send_buffer_type; | ||
471 | MHD_gnutls_handshake_description_t handshake_send_buffer_htype; | ||
472 | content_type_t handshake_recv_buffer_type; | ||
473 | MHD_gnutls_handshake_description_t handshake_recv_buffer_htype; | ||
474 | MHD_gtls_buffer handshake_recv_buffer; | ||
475 | |||
476 | /* this buffer holds a record packet -mostly used for | ||
477 | * non blocking IO. | ||
478 | */ | ||
479 | MHD_gtls_buffer record_recv_buffer; | ||
480 | MHD_gtls_buffer record_send_buffer; /* holds cached data | ||
481 | * for the MHD_gnutls_io_write_buffered() | ||
482 | * function. | ||
483 | */ | ||
484 | size_t record_send_buffer_prev_size; /* holds the | ||
485 | * data written in the previous runs. | ||
486 | */ | ||
487 | size_t record_send_buffer_user_size; /* holds the | ||
488 | * size of the user specified data to | ||
489 | * send. | ||
490 | */ | ||
491 | |||
492 | /* 0 if no peeked data was kept, 1 otherwise. | ||
493 | */ | ||
494 | int have_peeked_data; | ||
495 | |||
496 | int expire_time; /* after expire_time seconds this session will expire */ | ||
497 | struct MHD_gtls_mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */ | ||
498 | |||
499 | /* TODO rm */ | ||
500 | int v2_hello; /* 0 if the client hello is v3+. | ||
501 | * non-zero if we got a v2 hello. | ||
502 | */ | ||
503 | /* keeps the headers of the handshake packet | ||
504 | */ | ||
505 | MHD_gtls_handshake_header_buffer_st handshake_header_buffer; | ||
506 | |||
507 | /* this is the highest version available | ||
508 | * to the peer. (advertized version). | ||
509 | * This is obtained by the Handshake Client Hello | ||
510 | * message. (some implementations read the Record version) | ||
511 | */ | ||
512 | uint8_t adv_version_major; | ||
513 | uint8_t adv_version_minor; | ||
514 | |||
515 | /* if this is non zero a certificate request message | ||
516 | * will be sent to the client. - only if the ciphersuite | ||
517 | * supports it. | ||
518 | */ | ||
519 | int send_cert_req; | ||
520 | |||
521 | /* bits to use for DHE and DHA | ||
522 | * use MHD__gnutls_dh_get_prime_bits() and MHD__gnutls_dh_set_prime_bits() | ||
523 | * to access it. | ||
524 | */ | ||
525 | uint16_t dh_prime_bits; | ||
526 | |||
527 | size_t max_handshake_data_buffer_size; | ||
528 | |||
529 | /* PUSH & PULL functions. | ||
530 | */ | ||
531 | MHD_gtls_pull_func MHD__gnutls_pull_func; | ||
532 | MHD_gtls_push_func MHD__gnutls_push_func; | ||
533 | /* Holds the first argument of PUSH and PULL | ||
534 | * functions; | ||
535 | */ | ||
536 | MHD_gnutls_transport_ptr_t transport_recv_ptr; | ||
537 | MHD_gnutls_transport_ptr_t transport_send_ptr; | ||
538 | |||
539 | /* Holds the record size requested by the | ||
540 | * user. | ||
541 | */ | ||
542 | uint16_t proposed_record_size; | ||
543 | |||
544 | /* holds the selected certificate and key. | ||
545 | * use MHD_gtls_selected_certs_deinit() and MHD_gtls_selected_certs_set() | ||
546 | * to change them. | ||
547 | */ | ||
548 | MHD_gnutls_cert *selected_cert_list; | ||
549 | int selected_cert_list_length; | ||
550 | MHD_gnutls_privkey *selected_key; | ||
551 | int selected_need_free; | ||
552 | |||
553 | /* holds the extensions we sent to the peer | ||
554 | * (in case of a client) | ||
555 | */ | ||
556 | uint16_t extensions_sent[MAX_EXT_TYPES]; | ||
557 | uint16_t extensions_sent_size; | ||
558 | |||
559 | /* This holds the default version that our first | ||
560 | * record packet will have. */ | ||
561 | opaque default_record_version[2]; | ||
562 | |||
563 | void *user_ptr; | ||
564 | |||
565 | /* Holds 0 if the last called function was interrupted while | ||
566 | * receiving, and non zero otherwise. | ||
567 | */ | ||
568 | int direction; | ||
569 | |||
570 | /* If non zero the server will not advertize the CA's he | ||
571 | * trusts (do not send an RDN sequence). | ||
572 | */ | ||
573 | int ignore_rdn_sequence; | ||
574 | |||
575 | /* This is used to set an arbitary version in the RSA | ||
576 | * PMS secret. Can be used by clients to test whether the | ||
577 | * server checks that version. (** only used in gnutls-cli-debug) | ||
578 | */ | ||
579 | opaque rsa_pms_version[2]; | ||
580 | |||
581 | /* Here we cache the DH or RSA parameters got from the | ||
582 | * credentials structure, or from a callback. That is to | ||
583 | * minimize external calls. | ||
584 | */ | ||
585 | MHD_gtls_internal_params_st params; | ||
586 | |||
587 | /* This buffer is used by the record recv functions, | ||
588 | * as a temporary store buffer. | ||
589 | */ | ||
590 | MHD_gnutls_datum_t recv_buffer; | ||
591 | |||
592 | /* To avoid using global variables, and especially on Windows where | ||
593 | * the application may use a different errno variable than GnuTLS, | ||
594 | * it is possible to use MHD__gnutls_transport_set_errno to set a | ||
595 | * session-specific errno variable in the user-replaceable push/pull | ||
596 | * functions. This value is used by the send/recv functions. (The | ||
597 | * strange name of this variable is because 'errno' is typically | ||
598 | * #define'd.) | ||
599 | */ | ||
600 | int errnum; | ||
601 | |||
602 | /* Function used to perform public-key signing operation during | ||
603 | handshake. Used by MHD_gnutls_sig.c:MHD__gnutls_tls_sign(), see also | ||
604 | MHD_gtls_sign_callback_set(). */ | ||
605 | MHD_gnutls_sign_func sign_func; | ||
606 | void *sign_func_userdata; | ||
607 | |||
608 | /* If you add anything here, check MHD_gtls_handshake_internal_state_clear(). | ||
609 | */ | ||
610 | } MHD_gtls_internals_st; | ||
611 | |||
612 | struct MHD_gtls_session_int | ||
613 | { | ||
614 | MHD_gtls_security_param_st security_parameters; | ||
615 | MHD_gtls_cipher_specs_st cipher_specs; | ||
616 | MHD_gtls_conn_stat_st connection_state; | ||
617 | MHD_gtls_internals_st internals; | ||
618 | MHD_gtls_key_st key; | ||
619 | }; | ||
620 | |||
621 | /* functions */ | ||
622 | void MHD_gtls_set_current_version (MHD_gtls_session_t session, | ||
623 | enum MHD_GNUTLS_Protocol version); | ||
624 | |||
625 | void MHD_gtls_free_auth_info (MHD_gtls_session_t session); | ||
626 | |||
627 | /* These two macros return the advertized TLS version of | ||
628 | * the peer. | ||
629 | */ | ||
630 | #define MHD__gnutls_get_adv_version_major( session) \ | ||
631 | session->internals.adv_version_major | ||
632 | |||
633 | #define MHD__gnutls_get_adv_version_minor( session) \ | ||
634 | session->internals.adv_version_minor | ||
635 | |||
636 | #define set_adv_version( session, major, minor) \ | ||
637 | session->internals.adv_version_major = major; \ | ||
638 | session->internals.adv_version_minor = minor | ||
639 | |||
640 | enum MHD_GNUTLS_Protocol MHD_gtls_get_adv_version (MHD_gtls_session_t); | ||
641 | |||
642 | #endif /* GNUTLS_INT_H */ | ||
diff --git a/src/daemon/https/tls/gnutls_kx.c b/src/daemon/https/tls/gnutls_kx.c deleted file mode 100644 index a4041e39..00000000 --- a/src/daemon/https/tls/gnutls_kx.c +++ /dev/null | |||
@@ -1,726 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2004, 2005, 2006 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains functions which are wrappers for the key exchange | ||
26 | * part of TLS. They are called by the handshake functions (MHD__gnutls_handshake) | ||
27 | */ | ||
28 | |||
29 | #include "gnutls_int.h" | ||
30 | #include "gnutls_handshake.h" | ||
31 | #include "gnutls_kx.h" | ||
32 | #include "gnutls_dh.h" | ||
33 | #include "gnutls_errors.h" | ||
34 | #include "gnutls_algorithms.h" | ||
35 | #include "debug.h" | ||
36 | #include "gnutls_mpi.h" | ||
37 | #include <gnutls_state.h> | ||
38 | #include <gnutls_datum.h> | ||
39 | #include <gnutls_rsa_export.h> | ||
40 | |||
41 | /* This file contains important thing for the TLS handshake procedure. | ||
42 | */ | ||
43 | |||
44 | #define MASTER_SECRET "master secret" | ||
45 | static int generate_normal_master (MHD_gtls_session_t session, int); | ||
46 | |||
47 | int | ||
48 | MHD_gtls_generate_master (MHD_gtls_session_t session, int keep_premaster) | ||
49 | { | ||
50 | if (session->internals.resumed == RESUME_FALSE) | ||
51 | return generate_normal_master (session, keep_premaster); | ||
52 | return 0; | ||
53 | } | ||
54 | |||
55 | /* here we generate the TLS Master secret. | ||
56 | */ | ||
57 | #define PREMASTER session->key->key | ||
58 | static int | ||
59 | generate_normal_master (MHD_gtls_session_t session, int keep_premaster) | ||
60 | { | ||
61 | int ret = 0; | ||
62 | char buf[512]; | ||
63 | |||
64 | MHD__gnutls_hard_log ("INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size, | ||
65 | MHD_gtls_bin2hex (PREMASTER.data, PREMASTER.size, buf, | ||
66 | sizeof (buf))); | ||
67 | MHD__gnutls_hard_log ("INT: CLIENT RANDOM[%d]: %s\n", 32, | ||
68 | MHD_gtls_bin2hex (session->security_parameters. | ||
69 | client_random, 32, buf, | ||
70 | sizeof (buf))); | ||
71 | MHD__gnutls_hard_log ("INT: SERVER RANDOM[%d]: %s\n", 32, | ||
72 | MHD_gtls_bin2hex (session->security_parameters. | ||
73 | server_random, 32, buf, | ||
74 | sizeof (buf))); | ||
75 | |||
76 | if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) | ||
77 | { | ||
78 | opaque rnd[2 * TLS_RANDOM_SIZE + 1]; | ||
79 | |||
80 | memcpy (rnd, session->security_parameters.client_random, | ||
81 | TLS_RANDOM_SIZE); | ||
82 | memcpy (&rnd[TLS_RANDOM_SIZE], | ||
83 | session->security_parameters.server_random, TLS_RANDOM_SIZE); | ||
84 | |||
85 | ret = | ||
86 | MHD_gnutls_ssl3_generate_random (PREMASTER.data, PREMASTER.size, | ||
87 | rnd, 2 * TLS_RANDOM_SIZE, | ||
88 | TLS_MASTER_SIZE, | ||
89 | session->security_parameters. | ||
90 | master_secret); | ||
91 | |||
92 | } | ||
93 | else | ||
94 | { | ||
95 | opaque rnd[2 * TLS_RANDOM_SIZE + 1]; | ||
96 | |||
97 | memcpy (rnd, session->security_parameters.client_random, | ||
98 | TLS_RANDOM_SIZE); | ||
99 | memcpy (&rnd[TLS_RANDOM_SIZE], | ||
100 | session->security_parameters.server_random, TLS_RANDOM_SIZE); | ||
101 | |||
102 | ret = | ||
103 | MHD_gtls_PRF (session, PREMASTER.data, PREMASTER.size, | ||
104 | MASTER_SECRET, strlen (MASTER_SECRET), | ||
105 | rnd, 2 * TLS_RANDOM_SIZE, TLS_MASTER_SIZE, | ||
106 | session->security_parameters.master_secret); | ||
107 | } | ||
108 | |||
109 | /* TLS/IA inner secret is derived from the master secret. */ | ||
110 | memcpy (session->security_parameters.inner_secret, | ||
111 | session->security_parameters.master_secret, TLS_MASTER_SIZE); | ||
112 | |||
113 | if (!keep_premaster) | ||
114 | MHD__gnutls_free_datum (&PREMASTER); | ||
115 | |||
116 | if (ret < 0) | ||
117 | return ret; | ||
118 | |||
119 | MHD__gnutls_hard_log ("INT: MASTER SECRET: %s\n", | ||
120 | MHD_gtls_bin2hex (session->security_parameters. | ||
121 | master_secret, TLS_MASTER_SIZE, buf, | ||
122 | sizeof (buf))); | ||
123 | |||
124 | return ret; | ||
125 | } | ||
126 | |||
127 | |||
128 | /* This is called when we want to receive the key exchange message of the | ||
129 | * server. It does nothing if this type of message is not required | ||
130 | * by the selected ciphersuite. | ||
131 | */ | ||
132 | int | ||
133 | MHD_gtls_send_server_kx_message (MHD_gtls_session_t session, int again) | ||
134 | { | ||
135 | uint8_t *data = NULL; | ||
136 | int data_size = 0; | ||
137 | int ret = 0; | ||
138 | |||
139 | if (session->internals.auth_struct->MHD_gtls_gen_server_kx == NULL) | ||
140 | return 0; | ||
141 | |||
142 | data = NULL; | ||
143 | data_size = 0; | ||
144 | |||
145 | if (again == 0) | ||
146 | { | ||
147 | data_size = | ||
148 | session->internals.auth_struct->MHD_gtls_gen_server_kx (session, | ||
149 | &data); | ||
150 | |||
151 | if (data_size == GNUTLS_E_INT_RET_0) | ||
152 | { | ||
153 | MHD_gnutls_assert (); | ||
154 | return 0; | ||
155 | } | ||
156 | |||
157 | if (data_size < 0) | ||
158 | { | ||
159 | MHD_gnutls_assert (); | ||
160 | return data_size; | ||
161 | } | ||
162 | } | ||
163 | |||
164 | ret = | ||
165 | MHD_gtls_send_handshake (session, data, data_size, | ||
166 | GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE); | ||
167 | MHD_gnutls_free (data); | ||
168 | |||
169 | if (ret < 0) | ||
170 | { | ||
171 | MHD_gnutls_assert (); | ||
172 | return ret; | ||
173 | } | ||
174 | return data_size; | ||
175 | } | ||
176 | |||
177 | /* This function sends a certificate request message to the | ||
178 | * client. | ||
179 | */ | ||
180 | int | ||
181 | MHD_gtls_send_server_certificate_request (MHD_gtls_session_t session, | ||
182 | int again) | ||
183 | { | ||
184 | uint8_t *data = NULL; | ||
185 | int data_size = 0; | ||
186 | int ret = 0; | ||
187 | |||
188 | if (session->internals.auth_struct-> | ||
189 | MHD_gtls_gen_server_certificate_request == NULL) | ||
190 | return 0; | ||
191 | |||
192 | if (session->internals.send_cert_req <= 0) | ||
193 | return 0; | ||
194 | |||
195 | data = NULL; | ||
196 | data_size = 0; | ||
197 | |||
198 | if (again == 0) | ||
199 | { | ||
200 | data_size = | ||
201 | session->internals.auth_struct-> | ||
202 | MHD_gtls_gen_server_certificate_request (session, &data); | ||
203 | |||
204 | if (data_size < 0) | ||
205 | { | ||
206 | MHD_gnutls_assert (); | ||
207 | return data_size; | ||
208 | } | ||
209 | } | ||
210 | ret = | ||
211 | MHD_gtls_send_handshake (session, data, data_size, | ||
212 | GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST); | ||
213 | MHD_gnutls_free (data); | ||
214 | |||
215 | if (ret < 0) | ||
216 | { | ||
217 | MHD_gnutls_assert (); | ||
218 | return ret; | ||
219 | } | ||
220 | return data_size; | ||
221 | } | ||
222 | |||
223 | |||
224 | /* This is the function for the client to send the key | ||
225 | * exchange message | ||
226 | */ | ||
227 | int | ||
228 | MHD_gtls_send_client_kx_message (MHD_gtls_session_t session, int again) | ||
229 | { | ||
230 | uint8_t *data; | ||
231 | int data_size; | ||
232 | int ret = 0; | ||
233 | |||
234 | if (session->internals.auth_struct->MHD_gtls_gen_client_kx == NULL) | ||
235 | return 0; | ||
236 | |||
237 | |||
238 | data = NULL; | ||
239 | data_size = 0; | ||
240 | |||
241 | if (again == 0) | ||
242 | { | ||
243 | data_size = | ||
244 | session->internals.auth_struct->MHD_gtls_gen_client_kx (session, | ||
245 | &data); | ||
246 | if (data_size < 0) | ||
247 | { | ||
248 | MHD_gnutls_assert (); | ||
249 | return data_size; | ||
250 | } | ||
251 | } | ||
252 | ret = | ||
253 | MHD_gtls_send_handshake (session, data, data_size, | ||
254 | GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE); | ||
255 | MHD_gnutls_free (data); | ||
256 | |||
257 | if (ret < 0) | ||
258 | { | ||
259 | MHD_gnutls_assert (); | ||
260 | return ret; | ||
261 | } | ||
262 | |||
263 | return ret; | ||
264 | } | ||
265 | |||
266 | |||
267 | /* This is the function for the client to send the certificate | ||
268 | * verify message | ||
269 | */ | ||
270 | int | ||
271 | MHD_gtls_send_client_certificate_verify (MHD_gtls_session_t session, | ||
272 | int again) | ||
273 | { | ||
274 | uint8_t *data; | ||
275 | int ret = 0; | ||
276 | int data_size; | ||
277 | |||
278 | /* This is a packet that is only sent by the client | ||
279 | */ | ||
280 | if (session->security_parameters.entity == GNUTLS_SERVER) | ||
281 | return 0; | ||
282 | |||
283 | /* if certificate verify is not needed just exit | ||
284 | */ | ||
285 | if (session->key->certificate_requested == 0) | ||
286 | return 0; | ||
287 | |||
288 | if (session->internals.auth_struct->MHD_gtls_gen_client_cert_vrfy == NULL) | ||
289 | { | ||
290 | MHD_gnutls_assert (); | ||
291 | return 0; /* this algorithm does not support cli_cert_vrfy | ||
292 | */ | ||
293 | } | ||
294 | |||
295 | data = NULL; | ||
296 | data_size = 0; | ||
297 | |||
298 | if (again == 0) | ||
299 | { | ||
300 | data_size = | ||
301 | session->internals.auth_struct-> | ||
302 | MHD_gtls_gen_client_cert_vrfy (session, &data); | ||
303 | if (data_size < 0) | ||
304 | { | ||
305 | MHD_gnutls_assert (); | ||
306 | return data_size; | ||
307 | } | ||
308 | if (data_size == 0) | ||
309 | return 0; | ||
310 | |||
311 | } | ||
312 | ret = | ||
313 | MHD_gtls_send_handshake (session, data, | ||
314 | data_size, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY); | ||
315 | MHD_gnutls_free (data); | ||
316 | |||
317 | return ret; | ||
318 | } | ||
319 | |||
320 | |||
321 | int | ||
322 | MHD_gtls_recv_server_kx_message (MHD_gtls_session_t session) | ||
323 | { | ||
324 | uint8_t *data = NULL; | ||
325 | int datasize; | ||
326 | int ret = 0; | ||
327 | |||
328 | if (session->internals.auth_struct->MHD_gtls_process_server_kx != NULL) | ||
329 | { | ||
330 | |||
331 | /* EXCEPTION FOR RSA_EXPORT cipher suite | ||
332 | */ | ||
333 | if (MHD_gtls_session_is_export (session) != 0 && | ||
334 | MHD__gnutls_peers_cert_less_512 (session) != 0) | ||
335 | { | ||
336 | MHD_gnutls_assert (); | ||
337 | return 0; | ||
338 | } | ||
339 | |||
340 | ret = | ||
341 | MHD_gtls_recv_handshake (session, &data, | ||
342 | &datasize, | ||
343 | GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE, | ||
344 | MANDATORY_PACKET); | ||
345 | if (ret < 0) | ||
346 | { | ||
347 | MHD_gnutls_assert (); | ||
348 | return ret; | ||
349 | } | ||
350 | |||
351 | ret = | ||
352 | session->internals.auth_struct->MHD_gtls_process_server_kx (session, | ||
353 | data, | ||
354 | datasize); | ||
355 | MHD_gnutls_free (data); | ||
356 | |||
357 | if (ret < 0) | ||
358 | { | ||
359 | MHD_gnutls_assert (); | ||
360 | return ret; | ||
361 | } | ||
362 | |||
363 | } | ||
364 | return ret; | ||
365 | } | ||
366 | |||
367 | int | ||
368 | MHD_gtls_recv_server_certificate_request (MHD_gtls_session_t session) | ||
369 | { | ||
370 | uint8_t *data; | ||
371 | int datasize; | ||
372 | int ret = 0; | ||
373 | |||
374 | if (session->internals.auth_struct-> | ||
375 | MHD_gtls_process_server_certificate_request != NULL) | ||
376 | { | ||
377 | |||
378 | ret = | ||
379 | MHD_gtls_recv_handshake (session, &data, | ||
380 | &datasize, | ||
381 | GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, | ||
382 | OPTIONAL_PACKET); | ||
383 | if (ret < 0) | ||
384 | return ret; | ||
385 | |||
386 | if (ret == 0 && datasize == 0) | ||
387 | return 0; /* ignored */ | ||
388 | |||
389 | ret = | ||
390 | session->internals.auth_struct-> | ||
391 | MHD_gtls_process_server_certificate_request (session, data, datasize); | ||
392 | MHD_gnutls_free (data); | ||
393 | if (ret < 0) | ||
394 | return ret; | ||
395 | |||
396 | } | ||
397 | return ret; | ||
398 | } | ||
399 | |||
400 | int | ||
401 | MHD_gtls_recv_client_kx_message (MHD_gtls_session_t session) | ||
402 | { | ||
403 | uint8_t *data; | ||
404 | int datasize; | ||
405 | int ret = 0; | ||
406 | |||
407 | |||
408 | /* Do key exchange only if the algorithm permits it */ | ||
409 | if (session->internals.auth_struct->MHD_gtls_process_client_kx != NULL) | ||
410 | { | ||
411 | |||
412 | ret = | ||
413 | MHD_gtls_recv_handshake (session, &data, | ||
414 | &datasize, | ||
415 | GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE, | ||
416 | MANDATORY_PACKET); | ||
417 | if (ret < 0) | ||
418 | return ret; | ||
419 | |||
420 | ret = | ||
421 | session->internals.auth_struct->MHD_gtls_process_client_kx (session, | ||
422 | data, | ||
423 | datasize); | ||
424 | MHD_gnutls_free (data); | ||
425 | if (ret < 0) | ||
426 | return ret; | ||
427 | |||
428 | } | ||
429 | |||
430 | return ret; | ||
431 | } | ||
432 | |||
433 | |||
434 | /* This is called when we want send our certificate | ||
435 | */ | ||
436 | int | ||
437 | MHD_gtls_send_client_certificate (MHD_gtls_session_t session, int again) | ||
438 | { | ||
439 | uint8_t *data = NULL; | ||
440 | int data_size = 0; | ||
441 | int ret = 0; | ||
442 | |||
443 | |||
444 | if (session->key->certificate_requested == 0) | ||
445 | return 0; | ||
446 | |||
447 | if (session->internals.auth_struct->MHD_gtls_gen_client_certificate == NULL) | ||
448 | return 0; | ||
449 | |||
450 | data = NULL; | ||
451 | data_size = 0; | ||
452 | |||
453 | if (again == 0) | ||
454 | { | ||
455 | if (MHD__gnutls_protocol_get_version (session) != | ||
456 | MHD_GNUTLS_PROTOCOL_SSL3 | ||
457 | || session->internals.selected_cert_list_length > 0) | ||
458 | { | ||
459 | /* TLS 1.0 or SSL 3.0 with a valid certificate | ||
460 | */ | ||
461 | data_size = | ||
462 | session->internals.auth_struct-> | ||
463 | MHD_gtls_gen_client_certificate (session, &data); | ||
464 | |||
465 | if (data_size < 0) | ||
466 | { | ||
467 | MHD_gnutls_assert (); | ||
468 | return data_size; | ||
469 | } | ||
470 | } | ||
471 | } | ||
472 | |||
473 | /* In the SSL 3.0 protocol we need to send a | ||
474 | * no certificate alert instead of an | ||
475 | * empty certificate. | ||
476 | */ | ||
477 | if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3 | ||
478 | && session->internals.selected_cert_list_length == 0) | ||
479 | { | ||
480 | ret = | ||
481 | MHD__gnutls_alert_send (session, GNUTLS_AL_WARNING, | ||
482 | GNUTLS_A_SSL3_NO_CERTIFICATE); | ||
483 | |||
484 | } | ||
485 | else | ||
486 | { /* TLS 1.0 or SSL 3.0 with a valid certificate | ||
487 | */ | ||
488 | ret = | ||
489 | MHD_gtls_send_handshake (session, data, data_size, | ||
490 | GNUTLS_HANDSHAKE_CERTIFICATE_PKT); | ||
491 | MHD_gnutls_free (data); | ||
492 | } | ||
493 | |||
494 | if (ret < 0) | ||
495 | { | ||
496 | MHD_gnutls_assert (); | ||
497 | return ret; | ||
498 | } | ||
499 | |||
500 | return data_size; | ||
501 | } | ||
502 | |||
503 | |||
504 | /* This is called when we want send our certificate | ||
505 | */ | ||
506 | int | ||
507 | MHD_gtls_send_server_certificate (MHD_gtls_session_t session, int again) | ||
508 | { | ||
509 | uint8_t *data = NULL; | ||
510 | int data_size = 0; | ||
511 | int ret = 0; | ||
512 | |||
513 | |||
514 | if (session->internals.auth_struct->MHD_gtls_gen_server_certificate == NULL) | ||
515 | return 0; | ||
516 | |||
517 | data = NULL; | ||
518 | data_size = 0; | ||
519 | |||
520 | if (again == 0) | ||
521 | { | ||
522 | data_size = | ||
523 | session->internals.auth_struct-> | ||
524 | MHD_gtls_gen_server_certificate (session, &data); | ||
525 | |||
526 | if (data_size < 0) | ||
527 | { | ||
528 | MHD_gnutls_assert (); | ||
529 | return data_size; | ||
530 | } | ||
531 | } | ||
532 | ret = | ||
533 | MHD_gtls_send_handshake (session, data, data_size, | ||
534 | GNUTLS_HANDSHAKE_CERTIFICATE_PKT); | ||
535 | MHD_gnutls_free (data); | ||
536 | |||
537 | if (ret < 0) | ||
538 | { | ||
539 | MHD_gnutls_assert (); | ||
540 | return ret; | ||
541 | } | ||
542 | |||
543 | return data_size; | ||
544 | } | ||
545 | |||
546 | |||
547 | int | ||
548 | MHD_gtls_recv_client_certificate (MHD_gtls_session_t session) | ||
549 | { | ||
550 | int datasize; | ||
551 | opaque *data; | ||
552 | int ret = 0; | ||
553 | int optional; | ||
554 | |||
555 | if (session->internals.auth_struct->MHD_gtls_process_client_certificate != | ||
556 | NULL) | ||
557 | { | ||
558 | |||
559 | /* if we have not requested a certificate then just return | ||
560 | */ | ||
561 | if (session->internals.send_cert_req == 0) | ||
562 | { | ||
563 | return 0; | ||
564 | } | ||
565 | |||
566 | if (session->internals.send_cert_req == GNUTLS_CERT_REQUIRE) | ||
567 | optional = MANDATORY_PACKET; | ||
568 | else | ||
569 | optional = OPTIONAL_PACKET; | ||
570 | |||
571 | ret = | ||
572 | MHD_gtls_recv_handshake (session, &data, | ||
573 | &datasize, | ||
574 | GNUTLS_HANDSHAKE_CERTIFICATE_PKT, optional); | ||
575 | |||
576 | if (ret < 0) | ||
577 | { | ||
578 | /* Handle the case of old SSL3 clients who send | ||
579 | * a warning alert instead of an empty certificate to indicate | ||
580 | * no certificate. | ||
581 | */ | ||
582 | if (optional == OPTIONAL_PACKET && | ||
583 | ret == GNUTLS_E_WARNING_ALERT_RECEIVED && | ||
584 | MHD__gnutls_protocol_get_version (session) == | ||
585 | MHD_GNUTLS_PROTOCOL_SSL3 | ||
586 | && MHD_gnutls_alert_get (session) == | ||
587 | GNUTLS_A_SSL3_NO_CERTIFICATE) | ||
588 | { | ||
589 | |||
590 | /* SSL3 does not send an empty certificate, | ||
591 | * but this alert. So we just ignore it. | ||
592 | */ | ||
593 | MHD_gnutls_assert (); | ||
594 | return 0; | ||
595 | } | ||
596 | |||
597 | /* certificate was required | ||
598 | */ | ||
599 | if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED | ||
600 | || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) | ||
601 | && optional == MANDATORY_PACKET) | ||
602 | { | ||
603 | MHD_gnutls_assert (); | ||
604 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | ||
605 | } | ||
606 | |||
607 | return ret; | ||
608 | } | ||
609 | |||
610 | if (ret == 0 && datasize == 0 && optional == OPTIONAL_PACKET) | ||
611 | { | ||
612 | /* Client has not sent the certificate message. | ||
613 | * well I'm not sure we should accept this | ||
614 | * behaviour. | ||
615 | */ | ||
616 | MHD_gnutls_assert (); | ||
617 | return 0; | ||
618 | } | ||
619 | ret = | ||
620 | session->internals.auth_struct-> | ||
621 | MHD_gtls_process_client_certificate (session, data, datasize); | ||
622 | |||
623 | MHD_gnutls_free (data); | ||
624 | if (ret < 0 && ret != GNUTLS_E_NO_CERTIFICATE_FOUND) | ||
625 | { | ||
626 | MHD_gnutls_assert (); | ||
627 | return ret; | ||
628 | } | ||
629 | |||
630 | /* ok we should expect a certificate verify message now | ||
631 | */ | ||
632 | if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional == OPTIONAL_PACKET) | ||
633 | ret = 0; | ||
634 | else | ||
635 | session->key->certificate_requested = 1; | ||
636 | |||
637 | } | ||
638 | |||
639 | return ret; | ||
640 | } | ||
641 | |||
642 | int | ||
643 | MHD_gtls_recv_server_certificate (MHD_gtls_session_t session) | ||
644 | { | ||
645 | int datasize; | ||
646 | opaque *data; | ||
647 | int ret = 0; | ||
648 | |||
649 | if (session->internals.auth_struct->MHD_gtls_process_server_certificate != | ||
650 | NULL) | ||
651 | { | ||
652 | |||
653 | ret = | ||
654 | MHD_gtls_recv_handshake (session, &data, | ||
655 | &datasize, | ||
656 | GNUTLS_HANDSHAKE_CERTIFICATE_PKT, | ||
657 | MANDATORY_PACKET); | ||
658 | if (ret < 0) | ||
659 | { | ||
660 | MHD_gnutls_assert (); | ||
661 | return ret; | ||
662 | } | ||
663 | |||
664 | ret = | ||
665 | session->internals.auth_struct-> | ||
666 | MHD_gtls_process_server_certificate (session, data, datasize); | ||
667 | MHD_gnutls_free (data); | ||
668 | if (ret < 0) | ||
669 | { | ||
670 | MHD_gnutls_assert (); | ||
671 | return ret; | ||
672 | } | ||
673 | } | ||
674 | |||
675 | return ret; | ||
676 | } | ||
677 | |||
678 | |||
679 | /* Recv the client certificate verify. This packet may not | ||
680 | * arrive if the peer did not send us a certificate. | ||
681 | */ | ||
682 | int | ||
683 | MHD_gtls_recv_client_certificate_verify_message (MHD_gtls_session_t session) | ||
684 | { | ||
685 | uint8_t *data; | ||
686 | int datasize; | ||
687 | int ret = 0; | ||
688 | |||
689 | |||
690 | if (session->internals.auth_struct->MHD_gtls_process_client_cert_vrfy != | ||
691 | NULL) | ||
692 | { | ||
693 | |||
694 | if (session->internals.send_cert_req == 0 || | ||
695 | session->key->certificate_requested == 0) | ||
696 | { | ||
697 | return 0; | ||
698 | } | ||
699 | |||
700 | ret = | ||
701 | MHD_gtls_recv_handshake (session, &data, | ||
702 | &datasize, | ||
703 | GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY, | ||
704 | OPTIONAL_PACKET); | ||
705 | if (ret < 0) | ||
706 | return ret; | ||
707 | |||
708 | if (ret == 0 && datasize == 0 | ||
709 | && session->internals.send_cert_req == GNUTLS_CERT_REQUIRE) | ||
710 | { | ||
711 | /* certificate was required */ | ||
712 | MHD_gnutls_assert (); | ||
713 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | ||
714 | } | ||
715 | |||
716 | ret = | ||
717 | session->internals.auth_struct-> | ||
718 | MHD_gtls_process_client_cert_vrfy (session, data, datasize); | ||
719 | MHD_gnutls_free (data); | ||
720 | if (ret < 0) | ||
721 | return ret; | ||
722 | |||
723 | } | ||
724 | |||
725 | return ret; | ||
726 | } | ||
diff --git a/src/daemon/https/tls/gnutls_kx.h b/src/daemon/https/tls/gnutls_kx.h deleted file mode 100644 index 92144615..00000000 --- a/src/daemon/https/tls/gnutls_kx.h +++ /dev/null | |||
@@ -1,40 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | int MHD_gtls_send_server_kx_message (MHD_gtls_session_t session, int again); | ||
26 | int MHD_gtls_send_client_kx_message (MHD_gtls_session_t session, int again); | ||
27 | int MHD_gtls_recv_server_kx_message (MHD_gtls_session_t session); | ||
28 | int MHD_gtls_recv_client_kx_message (MHD_gtls_session_t session); | ||
29 | int MHD_gtls_send_client_certificate_verify (MHD_gtls_session_t session, | ||
30 | int again); | ||
31 | int MHD_gtls_send_server_certificate (MHD_gtls_session_t session, int again); | ||
32 | int MHD_gtls_generate_master (MHD_gtls_session_t session, int keep_premaster); | ||
33 | int MHD_gtls_recv_client_certificate (MHD_gtls_session_t session); | ||
34 | int MHD_gtls_recv_server_certificate (MHD_gtls_session_t session); | ||
35 | int MHD_gtls_send_client_certificate (MHD_gtls_session_t session, int again); | ||
36 | int MHD_gtls_recv_server_certificate_request (MHD_gtls_session_t session); | ||
37 | int MHD_gtls_send_server_certificate_request (MHD_gtls_session_t session, | ||
38 | int again); | ||
39 | int MHD_gtls_recv_client_certificate_verify_message (MHD_gtls_session_t | ||
40 | session); | ||
diff --git a/src/daemon/https/tls/gnutls_mem.c b/src/daemon/https/tls/gnutls_mem.c deleted file mode 100644 index 44f1ccf5..00000000 --- a/src/daemon/https/tls/gnutls_mem.c +++ /dev/null | |||
@@ -1,65 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | #include <gnutls_errors.h> | ||
27 | #include <gnutls_num.h> | ||
28 | |||
29 | MHD_gnutls_alloc_function MHD_gnutls_secure_malloc = malloc; | ||
30 | MHD_gnutls_alloc_function MHD_gnutls_malloc = malloc; | ||
31 | MHD_gnutls_free_function MHD_gnutls_free = free; | ||
32 | MHD_gnutls_realloc_function MHD_gnutls_realloc = realloc; | ||
33 | |||
34 | void *(*MHD_gnutls_calloc) (size_t, size_t) = calloc; | ||
35 | |||
36 | int | ||
37 | MHD__gnutls_is_secure_mem_null (const void *ign) | ||
38 | { | ||
39 | return 0; | ||
40 | } | ||
41 | |||
42 | int (*MHD__gnutls_is_secure_memory) (const void *) = | ||
43 | MHD__gnutls_is_secure_mem_null; | ||
44 | |||
45 | |||
46 | |||
47 | /* This realloc will free ptr in case realloc | ||
48 | * fails. | ||
49 | */ | ||
50 | void * | ||
51 | MHD_gtls_realloc_fast (void *ptr, size_t size) | ||
52 | { | ||
53 | void *ret; | ||
54 | |||
55 | if (size == 0) | ||
56 | return ptr; | ||
57 | |||
58 | ret = MHD_gnutls_realloc (ptr, size); | ||
59 | if (ret == NULL) | ||
60 | { | ||
61 | MHD_gnutls_free (ptr); | ||
62 | } | ||
63 | |||
64 | return ret; | ||
65 | } | ||
diff --git a/src/daemon/https/tls/gnutls_mem.h b/src/daemon/https/tls/gnutls_mem.h deleted file mode 100644 index 0ea84a10..00000000 --- a/src/daemon/https/tls/gnutls_mem.h +++ /dev/null | |||
@@ -1,61 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef GNUTLS_MEM_H | ||
26 | # define GNUTLS_MEM_H | ||
27 | |||
28 | #ifdef USE_DMALLOC | ||
29 | # include <dmalloc.h> | ||
30 | #endif | ||
31 | |||
32 | typedef void svoid; /* for functions that allocate using MHD_gnutls_secure_malloc */ | ||
33 | |||
34 | #ifdef HAVE_ALLOCA | ||
35 | # ifdef HAVE_ALLOCA_H | ||
36 | # include <alloca.h> | ||
37 | # endif | ||
38 | # ifndef MHD_gnutls_alloca | ||
39 | # define MHD_gnutls_alloca alloca | ||
40 | # define MHD_gnutls_afree(x) | ||
41 | # endif | ||
42 | #else | ||
43 | # ifndef MHD_gnutls_alloca | ||
44 | # define MHD_gnutls_alloca MHD_gnutls_malloc | ||
45 | # define MHD_gnutls_afree MHD_gnutls_free | ||
46 | # endif | ||
47 | #endif /* HAVE_ALLOCA */ | ||
48 | |||
49 | extern int (*MHD__gnutls_is_secure_memory) (const void *); | ||
50 | |||
51 | /* this realloc function will return ptr if size==0, and | ||
52 | * will free the ptr if the new allocation failed. | ||
53 | */ | ||
54 | void *MHD_gtls_realloc_fast (void *ptr, size_t size); | ||
55 | |||
56 | svoid *MHD_gtls_secure_calloc (size_t nmemb, size_t size); | ||
57 | |||
58 | void *MHD_gtls_calloc (size_t nmemb, size_t size); | ||
59 | char *MHD_gtls_strdup (const char *); | ||
60 | |||
61 | #endif /* GNUTLS_MEM_H */ | ||
diff --git a/src/daemon/https/tls/gnutls_mpi.c b/src/daemon/https/tls/gnutls_mpi.c deleted file mode 100644 index 5a4e25a4..00000000 --- a/src/daemon/https/tls/gnutls_mpi.c +++ /dev/null | |||
@@ -1,267 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* Here lie everything that has to do with large numbers, libgcrypt and | ||
26 | * other stuff that didn't fit anywhere else. | ||
27 | */ | ||
28 | |||
29 | #include <gnutls_int.h> | ||
30 | #include <libtasn1.h> | ||
31 | #include <gnutls_errors.h> | ||
32 | #include <gnutls_num.h> | ||
33 | |||
34 | /* Functions that refer to the libgcrypt library. | ||
35 | */ | ||
36 | |||
37 | void | ||
38 | MHD_gtls_mpi_release (mpi_t * x) | ||
39 | { | ||
40 | if (*x == NULL) | ||
41 | return; | ||
42 | gcry_mpi_release (*x); | ||
43 | *x = NULL; | ||
44 | } | ||
45 | |||
46 | /* returns zero on success | ||
47 | */ | ||
48 | int | ||
49 | MHD_gtls_mpi_scan (mpi_t * ret_mpi, const opaque * buffer, size_t * nbytes) | ||
50 | { | ||
51 | int ret; | ||
52 | |||
53 | ret = gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, buffer, *nbytes, nbytes); | ||
54 | if (ret) | ||
55 | return GNUTLS_E_MPI_SCAN_FAILED; | ||
56 | |||
57 | return 0; | ||
58 | } | ||
59 | |||
60 | /* returns zero on success. Fails if the number is zero. | ||
61 | */ | ||
62 | int | ||
63 | MHD_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer, size_t * nbytes) | ||
64 | { | ||
65 | int ret; | ||
66 | |||
67 | ret = gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, buffer, *nbytes, nbytes); | ||
68 | if (ret) | ||
69 | return GNUTLS_E_MPI_SCAN_FAILED; | ||
70 | |||
71 | /* MPIs with 0 bits are illegal | ||
72 | */ | ||
73 | if (MHD__gnutls_mpi_get_nbits (*ret_mpi) == 0) | ||
74 | { | ||
75 | MHD_gtls_mpi_release (ret_mpi); | ||
76 | return GNUTLS_E_MPI_SCAN_FAILED; | ||
77 | } | ||
78 | |||
79 | return 0; | ||
80 | } | ||
81 | |||
82 | int | ||
83 | MHD_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a) | ||
84 | { | ||
85 | int ret; | ||
86 | |||
87 | if (nbytes == NULL || a == NULL) | ||
88 | return GNUTLS_E_INVALID_REQUEST; | ||
89 | |||
90 | ret = gcry_mpi_print (GCRYMPI_FMT_USG, buffer, *nbytes, nbytes, a); | ||
91 | if (!ret) | ||
92 | return 0; | ||
93 | |||
94 | return GNUTLS_E_MPI_PRINT_FAILED; | ||
95 | } | ||
96 | |||
97 | /* Always has the first bit zero */ | ||
98 | static int | ||
99 | MHD_gtls_mpi_print_lz (void *buffer, size_t * nbytes, const mpi_t a) | ||
100 | { | ||
101 | int ret; | ||
102 | |||
103 | if (nbytes == NULL || a == NULL) | ||
104 | return GNUTLS_E_INVALID_REQUEST; | ||
105 | |||
106 | ret = gcry_mpi_print (GCRYMPI_FMT_STD, buffer, *nbytes, nbytes, a); | ||
107 | if (!ret) | ||
108 | return 0; | ||
109 | |||
110 | return GNUTLS_E_MPI_PRINT_FAILED; | ||
111 | } | ||
112 | |||
113 | /* Always has the first bit zero */ | ||
114 | int | ||
115 | MHD_gtls_mpi_dprint_lz (MHD_gnutls_datum_t * dest, const mpi_t a) | ||
116 | { | ||
117 | int ret; | ||
118 | opaque *buf = NULL; | ||
119 | size_t bytes = 0; | ||
120 | |||
121 | if (dest == NULL || a == NULL) | ||
122 | return GNUTLS_E_INVALID_REQUEST; | ||
123 | |||
124 | gcry_mpi_print (GCRYMPI_FMT_STD, NULL, 0, &bytes, a); | ||
125 | |||
126 | if (bytes != 0) | ||
127 | buf = MHD_gnutls_malloc (bytes); | ||
128 | if (buf == NULL) | ||
129 | return GNUTLS_E_MEMORY_ERROR; | ||
130 | |||
131 | ret = gcry_mpi_print (GCRYMPI_FMT_STD, buf, bytes, &bytes, a); | ||
132 | if (!ret) | ||
133 | { | ||
134 | dest->data = buf; | ||
135 | dest->size = bytes; | ||
136 | return 0; | ||
137 | } | ||
138 | |||
139 | MHD_gnutls_free (buf); | ||
140 | return GNUTLS_E_MPI_PRINT_FAILED; | ||
141 | } | ||
142 | |||
143 | int | ||
144 | MHD_gtls_mpi_dprint (MHD_gnutls_datum_t * dest, const mpi_t a) | ||
145 | { | ||
146 | int ret; | ||
147 | opaque *buf = NULL; | ||
148 | size_t bytes = 0; | ||
149 | |||
150 | if (dest == NULL || a == NULL) | ||
151 | return GNUTLS_E_INVALID_REQUEST; | ||
152 | |||
153 | gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &bytes, a); | ||
154 | |||
155 | if (bytes != 0) | ||
156 | buf = MHD_gnutls_malloc (bytes); | ||
157 | if (buf == NULL) | ||
158 | return GNUTLS_E_MEMORY_ERROR; | ||
159 | |||
160 | ret = gcry_mpi_print (GCRYMPI_FMT_USG, buf, bytes, &bytes, a); | ||
161 | if (!ret) | ||
162 | { | ||
163 | dest->data = buf; | ||
164 | dest->size = bytes; | ||
165 | return 0; | ||
166 | } | ||
167 | |||
168 | MHD_gnutls_free (buf); | ||
169 | return GNUTLS_E_MPI_PRINT_FAILED; | ||
170 | } | ||
171 | |||
172 | |||
173 | /* this function reads an integer | ||
174 | * from asn1 structs. Combines the read and mpi_scan | ||
175 | * steps. | ||
176 | */ | ||
177 | int | ||
178 | MHD__gnutls_x509_read_int (ASN1_TYPE node, const char *value, mpi_t * ret_mpi) | ||
179 | { | ||
180 | int result; | ||
181 | size_t s_len; | ||
182 | opaque *tmpstr = NULL; | ||
183 | int tmpstr_size; | ||
184 | |||
185 | tmpstr_size = 0; | ||
186 | result = MHD__asn1_read_value (node, value, NULL, &tmpstr_size); | ||
187 | if (result != ASN1_MEM_ERROR) | ||
188 | { | ||
189 | MHD_gnutls_assert (); | ||
190 | return MHD_gtls_asn2err (result); | ||
191 | } | ||
192 | |||
193 | tmpstr = MHD_gnutls_alloca (tmpstr_size); | ||
194 | if (tmpstr == NULL) | ||
195 | { | ||
196 | MHD_gnutls_assert (); | ||
197 | return GNUTLS_E_MEMORY_ERROR; | ||
198 | } | ||
199 | |||
200 | result = MHD__asn1_read_value (node, value, tmpstr, &tmpstr_size); | ||
201 | if (result != ASN1_SUCCESS) | ||
202 | { | ||
203 | MHD_gnutls_assert (); | ||
204 | MHD_gnutls_afree (tmpstr); | ||
205 | return MHD_gtls_asn2err (result); | ||
206 | } | ||
207 | |||
208 | s_len = tmpstr_size; | ||
209 | if (MHD_gtls_mpi_scan (ret_mpi, tmpstr, &s_len) != 0) | ||
210 | { | ||
211 | MHD_gnutls_assert (); | ||
212 | MHD_gnutls_afree (tmpstr); | ||
213 | return GNUTLS_E_MPI_SCAN_FAILED; | ||
214 | } | ||
215 | |||
216 | MHD_gnutls_afree (tmpstr); | ||
217 | |||
218 | return 0; | ||
219 | } | ||
220 | |||
221 | /* Writes the specified integer into the specified node. | ||
222 | */ | ||
223 | int | ||
224 | MHD__gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi, | ||
225 | int lz) | ||
226 | { | ||
227 | opaque *tmpstr; | ||
228 | size_t s_len; | ||
229 | int result; | ||
230 | |||
231 | s_len = 0; | ||
232 | if (lz) | ||
233 | result = MHD_gtls_mpi_print_lz (NULL, &s_len, mpi); | ||
234 | else | ||
235 | result = MHD_gtls_mpi_print (NULL, &s_len, mpi); | ||
236 | |||
237 | tmpstr = MHD_gnutls_alloca (s_len); | ||
238 | if (tmpstr == NULL) | ||
239 | { | ||
240 | MHD_gnutls_assert (); | ||
241 | return GNUTLS_E_MEMORY_ERROR; | ||
242 | } | ||
243 | |||
244 | if (lz) | ||
245 | result = MHD_gtls_mpi_print_lz (tmpstr, &s_len, mpi); | ||
246 | else | ||
247 | result = MHD_gtls_mpi_print (tmpstr, &s_len, mpi); | ||
248 | |||
249 | if (result != 0) | ||
250 | { | ||
251 | MHD_gnutls_assert (); | ||
252 | MHD_gnutls_afree (tmpstr); | ||
253 | return GNUTLS_E_MPI_PRINT_FAILED; | ||
254 | } | ||
255 | |||
256 | result = MHD__asn1_write_value (node, value, tmpstr, s_len); | ||
257 | |||
258 | MHD_gnutls_afree (tmpstr); | ||
259 | |||
260 | if (result != ASN1_SUCCESS) | ||
261 | { | ||
262 | MHD_gnutls_assert (); | ||
263 | return MHD_gtls_asn2err (result); | ||
264 | } | ||
265 | |||
266 | return 0; | ||
267 | } | ||
diff --git a/src/daemon/https/tls/gnutls_mpi.h b/src/daemon/https/tls/gnutls_mpi.h deleted file mode 100644 index 77b7c9e4..00000000 --- a/src/daemon/https/tls/gnutls_mpi.h +++ /dev/null | |||
@@ -1,55 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef GNUTLS_MPI_H | ||
26 | #define GNUTLS_MPI_H | ||
27 | |||
28 | # include <gnutls_int.h> | ||
29 | # include <gcrypt.h> | ||
30 | # include "gc.h" | ||
31 | |||
32 | typedef gcry_mpi_t mpi_t; | ||
33 | |||
34 | #define MHD__gnutls_mpi_cmp gcry_mpi_cmp | ||
35 | #define MHD__gnutls_mpi_cmp_ui gcry_mpi_cmp_ui | ||
36 | #define MHD__gnutls_mpi_new gcry_mpi_new | ||
37 | #define MHD__gnutls_mpi_snew gcry_mpi_snew | ||
38 | #define MHD__gnutls_mpi_copy gcry_mpi_copy | ||
39 | #define MHD__gnutls_mpi_randomize gcry_mpi_randomize | ||
40 | #define MHD__gnutls_mpi_get_nbits gcry_mpi_get_nbits | ||
41 | #define MHD__gnutls_mpi_powm gcry_mpi_powm | ||
42 | #define MHD__gnutls_mpi_invm gcry_mpi_invm | ||
43 | #define MHD__gnutls_mpi_alloc_like(x) MHD__gnutls_mpi_new(MHD__gnutls_mpi_get_nbits(x)) | ||
44 | |||
45 | void MHD_gtls_mpi_release (mpi_t * x); | ||
46 | |||
47 | int MHD_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer, | ||
48 | size_t * nbytes); | ||
49 | int MHD_gtls_mpi_scan (mpi_t * ret_mpi, const opaque * buffer, | ||
50 | size_t * nbytes); | ||
51 | int MHD_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a); | ||
52 | int MHD_gtls_mpi_dprint_lz (MHD_gnutls_datum_t * dest, const mpi_t a); | ||
53 | int MHD_gtls_mpi_dprint (MHD_gnutls_datum_t * dest, const mpi_t a); | ||
54 | |||
55 | #endif | ||
diff --git a/src/daemon/https/tls/gnutls_num.c b/src/daemon/https/tls/gnutls_num.c deleted file mode 100644 index 06d2e4eb..00000000 --- a/src/daemon/https/tls/gnutls_num.c +++ /dev/null | |||
@@ -1,192 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains the functions needed for 64 bit integer support in | ||
26 | * TLS, and functions which ease the access to TLS vectors (data of given size). | ||
27 | */ | ||
28 | |||
29 | #include <gnutls_int.h> | ||
30 | #include <gnutls_num.h> | ||
31 | #include <gnutls_errors.h> | ||
32 | |||
33 | /* This function will add one to uint64 x. | ||
34 | * Returns 0 on success, or -1 if the uint64 max limit | ||
35 | * has been reached. | ||
36 | */ | ||
37 | int | ||
38 | MHD_gtls_uint64pp (uint64 * x) | ||
39 | { | ||
40 | register int i, y = 0; | ||
41 | |||
42 | for (i = 7; i >= 0; i--) | ||
43 | { | ||
44 | y = 0; | ||
45 | if (x->i[i] == 0xff) | ||
46 | { | ||
47 | x->i[i] = 0; | ||
48 | y = 1; | ||
49 | } | ||
50 | else | ||
51 | x->i[i]++; | ||
52 | |||
53 | if (y == 0) | ||
54 | break; | ||
55 | } | ||
56 | if (y != 0) | ||
57 | return -1; /* over 64 bits! WOW */ | ||
58 | |||
59 | return 0; | ||
60 | } | ||
61 | |||
62 | uint32_t | ||
63 | MHD_gtls_uint24touint32 (uint24 num) | ||
64 | { | ||
65 | uint32_t ret = 0; | ||
66 | |||
67 | ((uint8_t *) & ret)[1] = num.pint[0]; | ||
68 | ((uint8_t *) & ret)[2] = num.pint[1]; | ||
69 | ((uint8_t *) & ret)[3] = num.pint[2]; | ||
70 | return ret; | ||
71 | } | ||
72 | |||
73 | uint24 | ||
74 | MHD_gtls_uint32touint24 (uint32_t num) | ||
75 | { | ||
76 | uint24 ret; | ||
77 | |||
78 | ret.pint[0] = ((uint8_t *) & num)[1]; | ||
79 | ret.pint[1] = ((uint8_t *) & num)[2]; | ||
80 | ret.pint[2] = ((uint8_t *) & num)[3]; | ||
81 | return ret; | ||
82 | |||
83 | } | ||
84 | |||
85 | /* data should be at least 3 bytes */ | ||
86 | uint32_t | ||
87 | MHD_gtls_read_uint24 (const opaque * data) | ||
88 | { | ||
89 | uint32_t res; | ||
90 | uint24 num; | ||
91 | |||
92 | num.pint[0] = data[0]; | ||
93 | num.pint[1] = data[1]; | ||
94 | num.pint[2] = data[2]; | ||
95 | |||
96 | res = MHD_gtls_uint24touint32 (num); | ||
97 | #ifndef WORDS_BIGENDIAN | ||
98 | res = byteswap32 (res); | ||
99 | #endif | ||
100 | return res; | ||
101 | } | ||
102 | |||
103 | void | ||
104 | MHD_gtls_write_uint24 (uint32_t num, opaque * data) | ||
105 | { | ||
106 | uint24 tmp; | ||
107 | |||
108 | #ifndef WORDS_BIGENDIAN | ||
109 | num = byteswap32 (num); | ||
110 | #endif | ||
111 | tmp = MHD_gtls_uint32touint24 (num); | ||
112 | |||
113 | data[0] = tmp.pint[0]; | ||
114 | data[1] = tmp.pint[1]; | ||
115 | data[2] = tmp.pint[2]; | ||
116 | } | ||
117 | |||
118 | uint32_t | ||
119 | MHD_gtls_read_uint32 (const opaque * data) | ||
120 | { | ||
121 | uint32_t res; | ||
122 | |||
123 | memcpy (&res, data, sizeof (uint32_t)); | ||
124 | #ifndef WORDS_BIGENDIAN | ||
125 | res = byteswap32 (res); | ||
126 | #endif | ||
127 | return res; | ||
128 | } | ||
129 | |||
130 | void | ||
131 | MHD_gtls_write_uint32 (uint32_t num, opaque * data) | ||
132 | { | ||
133 | |||
134 | #ifndef WORDS_BIGENDIAN | ||
135 | num = byteswap32 (num); | ||
136 | #endif | ||
137 | memcpy (data, &num, sizeof (uint32_t)); | ||
138 | } | ||
139 | |||
140 | uint16_t | ||
141 | MHD_gtls_read_uint16 (const opaque * data) | ||
142 | { | ||
143 | uint16_t res; | ||
144 | memcpy (&res, data, sizeof (uint16_t)); | ||
145 | #ifndef WORDS_BIGENDIAN | ||
146 | res = byteswap16 (res); | ||
147 | #endif | ||
148 | return res; | ||
149 | } | ||
150 | |||
151 | void | ||
152 | MHD_gtls_write_uint16 (uint16_t num, opaque * data) | ||
153 | { | ||
154 | |||
155 | #ifndef WORDS_BIGENDIAN | ||
156 | num = byteswap16 (num); | ||
157 | #endif | ||
158 | memcpy (data, &num, sizeof (uint16_t)); | ||
159 | } | ||
160 | |||
161 | uint32_t | ||
162 | MHD_gtls_conv_uint32 (uint32_t data) | ||
163 | { | ||
164 | #ifndef WORDS_BIGENDIAN | ||
165 | return byteswap32 (data); | ||
166 | #else | ||
167 | return data; | ||
168 | #endif | ||
169 | } | ||
170 | |||
171 | uint16_t | ||
172 | MHD_gtls_conv_uint16 (uint16_t data) | ||
173 | { | ||
174 | #ifndef WORDS_BIGENDIAN | ||
175 | return byteswap16 (data); | ||
176 | #else | ||
177 | return data; | ||
178 | #endif | ||
179 | } | ||
180 | |||
181 | uint32_t | ||
182 | MHD_gtls_uint64touint32 (const uint64 * num) | ||
183 | { | ||
184 | uint32_t ret; | ||
185 | |||
186 | memcpy (&ret, &num->i[4], 4); | ||
187 | #ifndef WORDS_BIGENDIAN | ||
188 | ret = byteswap32 (ret); | ||
189 | #endif | ||
190 | |||
191 | return ret; | ||
192 | } | ||
diff --git a/src/daemon/https/tls/gnutls_num.h b/src/daemon/https/tls/gnutls_num.h deleted file mode 100644 index 3a0f1f88..00000000 --- a/src/daemon/https/tls/gnutls_num.h +++ /dev/null | |||
@@ -1,49 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | |||
27 | #define rotl32(x,n) (((x) << ((uint16_t)(n))) | ((x) >> (32 - (uint16_t)(n)))) | ||
28 | #define rotr32(x,n) (((x) >> ((uint16_t)(n))) | ((x) << (32 - (uint16_t)(n)))) | ||
29 | #define rotl16(x,n) (((x) << ((uint16_t)(n))) | ((x) >> (16 - (uint16_t)(n)))) | ||
30 | #define rotr16(x,n) (((x) >> ((uint16_t)(n))) | ((x) << (16 - (uint16_t)(n)))) | ||
31 | |||
32 | #define byteswap16(x) ((rotl16(x, 8) & 0x00ff) | (rotr16(x, 8) & 0xff00)) | ||
33 | #define byteswap32(x) ((rotl32(x, 8) & 0x00ff00ffUL) | (rotr32(x, 8) & 0xff00ff00UL)) | ||
34 | |||
35 | uint32_t MHD_gtls_uint24touint32 (uint24 num); | ||
36 | uint24 MHD_gtls_uint32touint24 (uint32_t num); | ||
37 | uint32_t MHD_gtls_read_uint32 (const opaque * data); | ||
38 | uint16_t MHD_gtls_read_uint16 (const opaque * data); | ||
39 | uint32_t MHD_gtls_conv_uint32 (uint32_t data); | ||
40 | uint16_t MHD_gtls_conv_uint16 (uint16_t data); | ||
41 | uint32_t MHD_gtls_read_uint24 (const opaque * data); | ||
42 | void MHD_gtls_write_uint24 (uint32_t num, opaque * data); | ||
43 | void MHD_gtls_write_uint32 (uint32_t num, opaque * data); | ||
44 | void MHD_gtls_write_uint16 (uint16_t num, opaque * data); | ||
45 | uint32_t MHD_gtls_uint64touint32 (const uint64 *); | ||
46 | |||
47 | int MHD_gtls_uint64pp (uint64 *); | ||
48 | #define MHD__gnutls_uint64zero(x) x.i[0] = x.i[1] = x.i[2] = x.i[3] = x.i[4] = x.i[5] = x.i[6] = x.i[7] = 0 | ||
49 | #define UINT64DATA(x) x.i | ||
diff --git a/src/daemon/https/tls/gnutls_pk.c b/src/daemon/https/tls/gnutls_pk.c deleted file mode 100644 index f8514cae..00000000 --- a/src/daemon/https/tls/gnutls_pk.c +++ /dev/null | |||
@@ -1,636 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains the functions needed for RSA/DSA public key | ||
26 | * encryption and signatures. | ||
27 | */ | ||
28 | |||
29 | #include <gnutls_int.h> | ||
30 | #include <gnutls_mpi.h> | ||
31 | #include <gnutls_pk.h> | ||
32 | #include <gnutls_errors.h> | ||
33 | #include <gnutls_datum.h> | ||
34 | #include <gnutls_global.h> | ||
35 | #include <gnutls_num.h> | ||
36 | #include "debug.h" | ||
37 | #include <gc.h> | ||
38 | |||
39 | /* x509 */ | ||
40 | #include "common.h" | ||
41 | #include "mpi.h" | ||
42 | |||
43 | static int MHD__gnutls_pk_encrypt (int algo, mpi_t * resarr, mpi_t data, | ||
44 | mpi_t * pkey, int pkey_len); | ||
45 | static int MHD__gnutls_pk_sign (int algo, mpi_t * data, mpi_t hash, | ||
46 | mpi_t * pkey, int); | ||
47 | static int MHD__gnutls_pk_decrypt (int algo, mpi_t * resarr, mpi_t data, | ||
48 | mpi_t * pkey, int); | ||
49 | |||
50 | |||
51 | /* Do PKCS-1 RSA encryption. | ||
52 | * params is modulus, public exp. | ||
53 | */ | ||
54 | int | ||
55 | MHD_gtls_pkcs1_rsa_encrypt (MHD_gnutls_datum_t * ciphertext, | ||
56 | const MHD_gnutls_datum_t * plaintext, | ||
57 | mpi_t * params, unsigned params_len, | ||
58 | unsigned btype) | ||
59 | { | ||
60 | unsigned int i, pad; | ||
61 | int ret; | ||
62 | mpi_t m, res; | ||
63 | opaque *edata, *ps; | ||
64 | size_t k, psize; | ||
65 | size_t mod_bits; | ||
66 | |||
67 | mod_bits = MHD__gnutls_mpi_get_nbits (params[0]); | ||
68 | k = mod_bits / 8; | ||
69 | if (mod_bits % 8 != 0) | ||
70 | k++; | ||
71 | |||
72 | if (plaintext->size > k - 11) | ||
73 | { | ||
74 | MHD_gnutls_assert (); | ||
75 | return GNUTLS_E_PK_ENCRYPTION_FAILED; | ||
76 | } | ||
77 | |||
78 | edata = MHD_gnutls_alloca (k); | ||
79 | if (edata == NULL) | ||
80 | { | ||
81 | MHD_gnutls_assert (); | ||
82 | return GNUTLS_E_MEMORY_ERROR; | ||
83 | } | ||
84 | |||
85 | /* EB = 00||BT||PS||00||D | ||
86 | * (use block type 'btype') | ||
87 | */ | ||
88 | |||
89 | edata[0] = 0; | ||
90 | edata[1] = btype; | ||
91 | psize = k - 3 - plaintext->size; | ||
92 | |||
93 | ps = &edata[2]; | ||
94 | switch (btype) | ||
95 | { | ||
96 | case 2: | ||
97 | /* using public key */ | ||
98 | if (params_len < RSA_PUBLIC_PARAMS) | ||
99 | { | ||
100 | MHD_gnutls_assert (); | ||
101 | MHD_gnutls_afree (edata); | ||
102 | return GNUTLS_E_INTERNAL_ERROR; | ||
103 | } | ||
104 | |||
105 | if (MHD_gc_pseudo_random ((char *) ps, psize) != GC_OK) | ||
106 | { | ||
107 | MHD_gnutls_assert (); | ||
108 | MHD_gnutls_afree (edata); | ||
109 | return GNUTLS_E_RANDOM_FAILED; | ||
110 | } | ||
111 | for (i = 0; i < psize; i++) | ||
112 | while (ps[i] == 0) | ||
113 | { | ||
114 | if (MHD_gc_pseudo_random ((char *) &ps[i], 1) != GC_OK) | ||
115 | { | ||
116 | MHD_gnutls_assert (); | ||
117 | MHD_gnutls_afree (edata); | ||
118 | return GNUTLS_E_RANDOM_FAILED; | ||
119 | } | ||
120 | } | ||
121 | break; | ||
122 | case 1: | ||
123 | /* using private key */ | ||
124 | |||
125 | if (params_len < RSA_PRIVATE_PARAMS) | ||
126 | { | ||
127 | MHD_gnutls_assert (); | ||
128 | MHD_gnutls_afree (edata); | ||
129 | return GNUTLS_E_INTERNAL_ERROR; | ||
130 | } | ||
131 | |||
132 | for (i = 0; i < psize; i++) | ||
133 | ps[i] = 0xff; | ||
134 | break; | ||
135 | default: | ||
136 | MHD_gnutls_assert (); | ||
137 | MHD_gnutls_afree (edata); | ||
138 | return GNUTLS_E_INTERNAL_ERROR; | ||
139 | } | ||
140 | |||
141 | ps[psize] = 0; | ||
142 | memcpy (&ps[psize + 1], plaintext->data, plaintext->size); | ||
143 | |||
144 | if (MHD_gtls_mpi_scan_nz (&m, edata, &k) != 0) | ||
145 | { | ||
146 | MHD_gnutls_assert (); | ||
147 | MHD_gnutls_afree (edata); | ||
148 | return GNUTLS_E_MPI_SCAN_FAILED; | ||
149 | } | ||
150 | MHD_gnutls_afree (edata); | ||
151 | |||
152 | if (btype == 2) /* encrypt */ | ||
153 | ret = MHD__gnutls_pk_encrypt (GCRY_PK_RSA, &res, m, params, params_len); | ||
154 | else /* sign */ | ||
155 | ret = MHD__gnutls_pk_sign (GCRY_PK_RSA, &res, m, params, params_len); | ||
156 | |||
157 | MHD_gtls_mpi_release (&m); | ||
158 | |||
159 | if (ret < 0) | ||
160 | { | ||
161 | MHD_gnutls_assert (); | ||
162 | return ret; | ||
163 | } | ||
164 | |||
165 | MHD_gtls_mpi_print (NULL, &psize, res); | ||
166 | |||
167 | if (psize < k) | ||
168 | { | ||
169 | /* padding psize */ | ||
170 | pad = k - psize; | ||
171 | psize = k; | ||
172 | } | ||
173 | else if (psize == k) | ||
174 | { | ||
175 | pad = 0; | ||
176 | } | ||
177 | else | ||
178 | { /* psize > k !!! */ | ||
179 | /* This is an impossible situation */ | ||
180 | MHD_gnutls_assert (); | ||
181 | MHD_gtls_mpi_release (&res); | ||
182 | return GNUTLS_E_INTERNAL_ERROR; | ||
183 | } | ||
184 | |||
185 | ciphertext->data = MHD_gnutls_malloc (psize); | ||
186 | if (ciphertext->data == NULL) | ||
187 | { | ||
188 | MHD_gnutls_assert (); | ||
189 | MHD_gtls_mpi_release (&res); | ||
190 | return GNUTLS_E_MEMORY_ERROR; | ||
191 | } | ||
192 | MHD_gtls_mpi_print (&ciphertext->data[pad], &psize, res); | ||
193 | for (i = 0; i < pad; i++) | ||
194 | ciphertext->data[i] = 0; | ||
195 | |||
196 | ciphertext->size = k; | ||
197 | |||
198 | MHD_gtls_mpi_release (&res); | ||
199 | |||
200 | return 0; | ||
201 | } | ||
202 | |||
203 | |||
204 | /* Do PKCS-1 RSA decryption. | ||
205 | * params is modulus, public exp., private key | ||
206 | * Can decrypt block type 1 and type 2 packets. | ||
207 | */ | ||
208 | int | ||
209 | MHD_gtls_pkcs1_rsa_decrypt (MHD_gnutls_datum_t * plaintext, | ||
210 | const MHD_gnutls_datum_t * ciphertext, | ||
211 | mpi_t * params, unsigned params_len, | ||
212 | unsigned btype) | ||
213 | { | ||
214 | unsigned k, i; | ||
215 | int ret; | ||
216 | mpi_t c, res; | ||
217 | opaque *edata; | ||
218 | size_t esize, mod_bits; | ||
219 | |||
220 | mod_bits = MHD__gnutls_mpi_get_nbits (params[0]); | ||
221 | k = mod_bits / 8; | ||
222 | if (mod_bits % 8 != 0) | ||
223 | k++; | ||
224 | |||
225 | esize = ciphertext->size; | ||
226 | |||
227 | if (esize != k) | ||
228 | { | ||
229 | MHD_gnutls_assert (); | ||
230 | return GNUTLS_E_PK_DECRYPTION_FAILED; | ||
231 | } | ||
232 | |||
233 | if (MHD_gtls_mpi_scan_nz (&c, ciphertext->data, &esize) != 0) | ||
234 | { | ||
235 | MHD_gnutls_assert (); | ||
236 | return GNUTLS_E_MPI_SCAN_FAILED; | ||
237 | } | ||
238 | |||
239 | /* we can use btype to see if the private key is | ||
240 | * available. | ||
241 | */ | ||
242 | if (btype == 2) | ||
243 | ret = MHD__gnutls_pk_decrypt (GCRY_PK_RSA, &res, c, params, params_len); | ||
244 | else | ||
245 | { | ||
246 | ret = MHD__gnutls_pk_encrypt (GCRY_PK_RSA, &res, c, params, params_len); | ||
247 | } | ||
248 | MHD_gtls_mpi_release (&c); | ||
249 | |||
250 | if (ret < 0) | ||
251 | { | ||
252 | MHD_gnutls_assert (); | ||
253 | return ret; | ||
254 | } | ||
255 | |||
256 | MHD_gtls_mpi_print (NULL, &esize, res); | ||
257 | edata = MHD_gnutls_alloca (esize + 1); | ||
258 | if (edata == NULL) | ||
259 | { | ||
260 | MHD_gnutls_assert (); | ||
261 | MHD_gtls_mpi_release (&res); | ||
262 | return GNUTLS_E_MEMORY_ERROR; | ||
263 | } | ||
264 | MHD_gtls_mpi_print (&edata[1], &esize, res); | ||
265 | |||
266 | MHD_gtls_mpi_release (&res); | ||
267 | |||
268 | /* EB = 00||BT||PS||00||D | ||
269 | * (use block type 'btype') | ||
270 | * | ||
271 | * From now on, return GNUTLS_E_DECRYPTION_FAILED on errors, to | ||
272 | * avoid attacks similar to the one described by Bleichenbacher in: | ||
273 | * "Chosen Ciphertext Attacks against Protocols Based on RSA | ||
274 | * Encryption Standard PKCS #1". | ||
275 | */ | ||
276 | |||
277 | |||
278 | edata[0] = 0; | ||
279 | esize++; | ||
280 | |||
281 | if (edata[0] != 0 || edata[1] != btype) | ||
282 | { | ||
283 | MHD_gnutls_assert (); | ||
284 | MHD_gnutls_afree (edata); | ||
285 | return GNUTLS_E_DECRYPTION_FAILED; | ||
286 | } | ||
287 | |||
288 | ret = GNUTLS_E_DECRYPTION_FAILED; | ||
289 | switch (btype) | ||
290 | { | ||
291 | case 2: | ||
292 | for (i = 2; i < esize; i++) | ||
293 | { | ||
294 | if (edata[i] == 0) | ||
295 | { | ||
296 | ret = 0; | ||
297 | break; | ||
298 | } | ||
299 | } | ||
300 | break; | ||
301 | case 1: | ||
302 | for (i = 2; i < esize; i++) | ||
303 | { | ||
304 | if (edata[i] == 0 && i > 2) | ||
305 | { | ||
306 | ret = 0; | ||
307 | break; | ||
308 | } | ||
309 | if (edata[i] != 0xff) | ||
310 | { | ||
311 | MHD__gnutls_handshake_log ("PKCS #1 padding error"); | ||
312 | /* PKCS #1 padding error. Don't use | ||
313 | GNUTLS_E_PKCS1_WRONG_PAD here. */ | ||
314 | break; | ||
315 | } | ||
316 | } | ||
317 | break; | ||
318 | default: | ||
319 | MHD_gnutls_assert (); | ||
320 | MHD_gnutls_afree (edata); | ||
321 | return GNUTLS_E_DECRYPTION_FAILED; | ||
322 | } | ||
323 | i++; | ||
324 | |||
325 | if (ret < 0) | ||
326 | { | ||
327 | MHD_gnutls_assert (); | ||
328 | MHD_gnutls_afree (edata); | ||
329 | return GNUTLS_E_DECRYPTION_FAILED; | ||
330 | } | ||
331 | |||
332 | if (MHD__gnutls_sset_datum (plaintext, &edata[i], esize - i) < 0) | ||
333 | { | ||
334 | MHD_gnutls_assert (); | ||
335 | MHD_gnutls_afree (edata); | ||
336 | return GNUTLS_E_MEMORY_ERROR; | ||
337 | } | ||
338 | |||
339 | MHD_gnutls_afree (edata); | ||
340 | |||
341 | return 0; | ||
342 | } | ||
343 | |||
344 | |||
345 | int | ||
346 | MHD_gtls_rsa_verify (const MHD_gnutls_datum_t * vdata, | ||
347 | const MHD_gnutls_datum_t * ciphertext, mpi_t * params, | ||
348 | int params_len, int btype) | ||
349 | { | ||
350 | |||
351 | MHD_gnutls_datum_t plain; | ||
352 | int ret; | ||
353 | |||
354 | /* decrypt signature */ | ||
355 | if ((ret = | ||
356 | MHD_gtls_pkcs1_rsa_decrypt (&plain, ciphertext, params, params_len, | ||
357 | btype)) < 0) | ||
358 | { | ||
359 | MHD_gnutls_assert (); | ||
360 | return ret; | ||
361 | } | ||
362 | |||
363 | if (plain.size != vdata->size) | ||
364 | { | ||
365 | MHD_gnutls_assert (); | ||
366 | MHD__gnutls_free_datum (&plain); | ||
367 | return GNUTLS_E_PK_SIG_VERIFY_FAILED; | ||
368 | } | ||
369 | |||
370 | if (memcmp (plain.data, vdata->data, plain.size) != 0) | ||
371 | { | ||
372 | MHD_gnutls_assert (); | ||
373 | MHD__gnutls_free_datum (&plain); | ||
374 | return GNUTLS_E_PK_SIG_VERIFY_FAILED; | ||
375 | } | ||
376 | |||
377 | MHD__gnutls_free_datum (&plain); | ||
378 | |||
379 | return 0; /* ok */ | ||
380 | } | ||
381 | |||
382 | |||
383 | /* this is taken from gnupg | ||
384 | */ | ||
385 | |||
386 | /**************** | ||
387 | * Emulate our old PK interface here - sometime in the future we might | ||
388 | * change the internal design to directly fit to libgcrypt. | ||
389 | */ | ||
390 | static int | ||
391 | MHD__gnutls_pk_encrypt (int algo, mpi_t * resarr, mpi_t data, | ||
392 | mpi_t * pkey, int pkey_len) | ||
393 | { | ||
394 | gcry_sexp_t s_ciph, s_data, s_pkey; | ||
395 | int rc = -1; | ||
396 | |||
397 | /* make a sexp from pkey */ | ||
398 | switch (algo) | ||
399 | { | ||
400 | case GCRY_PK_RSA: | ||
401 | if (pkey_len >= 2) | ||
402 | rc = gcry_sexp_build (&s_pkey, NULL, | ||
403 | "(public-key(rsa(n%m)(e%m)))", | ||
404 | pkey[0], pkey[1]); | ||
405 | break; | ||
406 | |||
407 | default: | ||
408 | MHD_gnutls_assert (); | ||
409 | return GNUTLS_E_INTERNAL_ERROR; | ||
410 | } | ||
411 | |||
412 | if (rc != 0) | ||
413 | { | ||
414 | MHD_gnutls_assert (); | ||
415 | return GNUTLS_E_INTERNAL_ERROR; | ||
416 | } | ||
417 | |||
418 | /* put the data into a simple list */ | ||
419 | if (gcry_sexp_build (&s_data, NULL, "%m", data)) | ||
420 | { | ||
421 | MHD_gnutls_assert (); | ||
422 | gcry_sexp_release (s_pkey); | ||
423 | return GNUTLS_E_INTERNAL_ERROR; | ||
424 | } | ||
425 | |||
426 | /* pass it to libgcrypt */ | ||
427 | rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey); | ||
428 | gcry_sexp_release (s_data); | ||
429 | gcry_sexp_release (s_pkey); | ||
430 | |||
431 | if (rc != 0) | ||
432 | { | ||
433 | MHD_gnutls_assert (); | ||
434 | return GNUTLS_E_PK_ENCRYPTION_FAILED; | ||
435 | |||
436 | } | ||
437 | else | ||
438 | { /* add better error handling or make gnupg use S-Exp directly */ | ||
439 | gcry_sexp_t list = gcry_sexp_find_token (s_ciph, "a", 0); | ||
440 | if (list == NULL) | ||
441 | { | ||
442 | MHD_gnutls_assert (); | ||
443 | gcry_sexp_release (s_ciph); | ||
444 | return GNUTLS_E_INTERNAL_ERROR; | ||
445 | } | ||
446 | |||
447 | resarr[0] = gcry_sexp_nth_mpi (list, 1, 0); | ||
448 | gcry_sexp_release (list); | ||
449 | |||
450 | if (resarr[0] == NULL) | ||
451 | { | ||
452 | MHD_gnutls_assert (); | ||
453 | gcry_sexp_release (s_ciph); | ||
454 | return GNUTLS_E_INTERNAL_ERROR; | ||
455 | } | ||
456 | } | ||
457 | |||
458 | gcry_sexp_release (s_ciph); | ||
459 | return rc; | ||
460 | } | ||
461 | |||
462 | static int | ||
463 | MHD__gnutls_pk_decrypt (int algo, mpi_t * resarr, mpi_t data, mpi_t * pkey, | ||
464 | int pkey_len) | ||
465 | { | ||
466 | gcry_sexp_t s_plain, s_data, s_pkey; | ||
467 | int rc = -1; | ||
468 | |||
469 | /* make a sexp from pkey */ | ||
470 | switch (algo) | ||
471 | { | ||
472 | case GCRY_PK_RSA: | ||
473 | if (pkey_len >= 6) | ||
474 | rc = gcry_sexp_build (&s_pkey, NULL, | ||
475 | "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))", | ||
476 | pkey[0], pkey[1], pkey[2], pkey[3], | ||
477 | pkey[4], pkey[5]); | ||
478 | break; | ||
479 | |||
480 | default: | ||
481 | MHD_gnutls_assert (); | ||
482 | return GNUTLS_E_INTERNAL_ERROR; | ||
483 | } | ||
484 | |||
485 | if (rc != 0) | ||
486 | { | ||
487 | MHD_gnutls_assert (); | ||
488 | return GNUTLS_E_INTERNAL_ERROR; | ||
489 | } | ||
490 | |||
491 | /* put the data into a simple list */ | ||
492 | if (gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))", data)) | ||
493 | { | ||
494 | MHD_gnutls_assert (); | ||
495 | gcry_sexp_release (s_pkey); | ||
496 | return GNUTLS_E_INTERNAL_ERROR; | ||
497 | } | ||
498 | |||
499 | /* pass it to libgcrypt */ | ||
500 | rc = gcry_pk_decrypt (&s_plain, s_data, s_pkey); | ||
501 | gcry_sexp_release (s_data); | ||
502 | gcry_sexp_release (s_pkey); | ||
503 | |||
504 | if (rc != 0) | ||
505 | { | ||
506 | MHD_gnutls_assert (); | ||
507 | return GNUTLS_E_PK_DECRYPTION_FAILED; | ||
508 | |||
509 | } | ||
510 | else | ||
511 | { /* add better error handling or make gnupg use S-Exp directly */ | ||
512 | resarr[0] = gcry_sexp_nth_mpi (s_plain, 0, 0); | ||
513 | |||
514 | if (resarr[0] == NULL) | ||
515 | { | ||
516 | MHD_gnutls_assert (); | ||
517 | gcry_sexp_release (s_plain); | ||
518 | return GNUTLS_E_INTERNAL_ERROR; | ||
519 | } | ||
520 | } | ||
521 | |||
522 | gcry_sexp_release (s_plain); | ||
523 | return rc; | ||
524 | } | ||
525 | |||
526 | |||
527 | /* in case of DSA puts into data, r,s | ||
528 | */ | ||
529 | static int | ||
530 | MHD__gnutls_pk_sign (int algo, mpi_t * data, mpi_t hash, mpi_t * pkey, | ||
531 | int pkey_len) | ||
532 | { | ||
533 | gcry_sexp_t s_hash, s_key, s_sig; | ||
534 | int rc = -1; | ||
535 | |||
536 | /* make a sexp from pkey */ | ||
537 | switch (algo) | ||
538 | { | ||
539 | case GCRY_PK_DSA: | ||
540 | if (pkey_len >= 5) | ||
541 | rc = gcry_sexp_build (&s_key, NULL, | ||
542 | "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))", | ||
543 | pkey[0], pkey[1], pkey[2], pkey[3], pkey[4]); | ||
544 | else | ||
545 | { | ||
546 | MHD_gnutls_assert (); | ||
547 | } | ||
548 | |||
549 | break; | ||
550 | case GCRY_PK_RSA: | ||
551 | if (pkey_len >= 6) | ||
552 | rc = gcry_sexp_build (&s_key, NULL, | ||
553 | "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))", | ||
554 | pkey[0], pkey[1], pkey[2], pkey[3], | ||
555 | pkey[4], pkey[5]); | ||
556 | else | ||
557 | { | ||
558 | MHD_gnutls_assert (); | ||
559 | } | ||
560 | break; | ||
561 | |||
562 | default: | ||
563 | MHD_gnutls_assert (); | ||
564 | return GNUTLS_E_INTERNAL_ERROR; | ||
565 | } | ||
566 | |||
567 | if (rc != 0) | ||
568 | { | ||
569 | MHD_gnutls_assert (); | ||
570 | return GNUTLS_E_INTERNAL_ERROR; | ||
571 | } | ||
572 | |||
573 | /* put the data into a simple list */ | ||
574 | if (gcry_sexp_build (&s_hash, NULL, "%m", hash)) | ||
575 | { | ||
576 | MHD_gnutls_assert (); | ||
577 | return GNUTLS_E_INTERNAL_ERROR; | ||
578 | } | ||
579 | |||
580 | /* pass it to libgcrypt */ | ||
581 | rc = gcry_pk_sign (&s_sig, s_hash, s_key); | ||
582 | gcry_sexp_release (s_hash); | ||
583 | gcry_sexp_release (s_key); | ||
584 | |||
585 | if (rc != 0) | ||
586 | { | ||
587 | MHD_gnutls_assert (); | ||
588 | return GNUTLS_E_PK_SIGN_FAILED; | ||
589 | |||
590 | } | ||
591 | else | ||
592 | { | ||
593 | gcry_sexp_t list; | ||
594 | |||
595 | if (algo == GCRY_PK_DSA) | ||
596 | { | ||
597 | list = gcry_sexp_find_token (s_sig, "r", 0); | ||
598 | if (list == NULL) | ||
599 | { | ||
600 | MHD_gnutls_assert (); | ||
601 | gcry_sexp_release (s_sig); | ||
602 | return GNUTLS_E_INTERNAL_ERROR; | ||
603 | } | ||
604 | |||
605 | data[0] = gcry_sexp_nth_mpi (list, 1, 0); | ||
606 | gcry_sexp_release (list); | ||
607 | |||
608 | list = gcry_sexp_find_token (s_sig, "s", 0); | ||
609 | if (list == NULL) | ||
610 | { | ||
611 | MHD_gnutls_assert (); | ||
612 | gcry_sexp_release (s_sig); | ||
613 | return GNUTLS_E_INTERNAL_ERROR; | ||
614 | } | ||
615 | |||
616 | data[1] = gcry_sexp_nth_mpi (list, 1, 0); | ||
617 | gcry_sexp_release (list); | ||
618 | } | ||
619 | else | ||
620 | { /* GCRY_PK_RSA */ | ||
621 | list = gcry_sexp_find_token (s_sig, "s", 0); | ||
622 | if (list == NULL) | ||
623 | { | ||
624 | MHD_gnutls_assert (); | ||
625 | gcry_sexp_release (s_sig); | ||
626 | return GNUTLS_E_INTERNAL_ERROR; | ||
627 | } | ||
628 | |||
629 | data[0] = gcry_sexp_nth_mpi (list, 1, 0); | ||
630 | gcry_sexp_release (list); | ||
631 | } | ||
632 | } | ||
633 | |||
634 | gcry_sexp_release (s_sig); | ||
635 | return 0; | ||
636 | } | ||
diff --git a/src/daemon/https/tls/gnutls_pk.h b/src/daemon/https/tls/gnutls_pk.h deleted file mode 100644 index 4653e76e..00000000 --- a/src/daemon/https/tls/gnutls_pk.h +++ /dev/null | |||
@@ -1,40 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef GNUTLS_PK_H | ||
26 | #define GNUTLS_PK_H | ||
27 | |||
28 | int MHD_gtls_pkcs1_rsa_encrypt (MHD_gnutls_datum_t * ciphertext, | ||
29 | const MHD_gnutls_datum_t * plaintext, | ||
30 | mpi_t * params, unsigned params_len, | ||
31 | unsigned btype); | ||
32 | int MHD_gtls_pkcs1_rsa_decrypt (MHD_gnutls_datum_t * plaintext, | ||
33 | const MHD_gnutls_datum_t * ciphertext, | ||
34 | mpi_t * params, unsigned params_len, | ||
35 | unsigned btype); | ||
36 | int MHD_gtls_rsa_verify (const MHD_gnutls_datum_t * vdata, | ||
37 | const MHD_gnutls_datum_t * ciphertext, | ||
38 | mpi_t * params, int params_len, int btype); | ||
39 | |||
40 | #endif /* GNUTLS_PK_H */ | ||
diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c deleted file mode 100644 index 035c53dc..00000000 --- a/src/daemon/https/tls/gnutls_priority.c +++ /dev/null | |||
@@ -1,242 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* Here lies the code of the MHD_gnutls_*_set_priority() functions. | ||
26 | */ | ||
27 | |||
28 | #include "gnutls_int.h" | ||
29 | #include "gnutls_algorithms.h" | ||
30 | #include "gnutls_errors.h" | ||
31 | #include <gnutls_num.h> | ||
32 | |||
33 | #define MAX_ELEMENTS 48 | ||
34 | |||
35 | static int | ||
36 | _set_priority (MHD_gtls_priority_st * st, const int *list) | ||
37 | { | ||
38 | int num = 0; | ||
39 | |||
40 | while ((list[num] != 0) && (num < MAX_ALGOS)) | ||
41 | num++; | ||
42 | st->num_algorithms = num; | ||
43 | memcpy (st->priority, list, num * sizeof (int)); | ||
44 | return 0; | ||
45 | } | ||
46 | |||
47 | static const int MHD_gtls_protocol_priority[] = { MHD_GNUTLS_PROTOCOL_TLS1_1, | ||
48 | MHD_GNUTLS_PROTOCOL_TLS1_0, | ||
49 | MHD_GNUTLS_PROTOCOL_SSL3, | ||
50 | 0 | ||
51 | }; | ||
52 | |||
53 | static const int MHD_gtls_cipher_priority_secure256[] = | ||
54 | { MHD_GNUTLS_CIPHER_AES_256_CBC, | ||
55 | 0 | ||
56 | }; | ||
57 | |||
58 | static const int MHD_gtls_kx_priority_secure[] = { MHD_GNUTLS_KX_RSA, | ||
59 | 0 | ||
60 | }; | ||
61 | |||
62 | static const int MHD_gtls_mac_priority_secure[] = { MHD_GNUTLS_MAC_SHA1, | ||
63 | 0 | ||
64 | }; | ||
65 | |||
66 | static int MHD_gtls_cert_type_priority[] = { MHD_GNUTLS_CRT_X509, | ||
67 | 0 | ||
68 | }; | ||
69 | |||
70 | static const int MHD_gtls_comp_priority[] = { MHD_GNUTLS_COMP_NULL, | ||
71 | 0 | ||
72 | }; | ||
73 | |||
74 | /** | ||
75 | * MHD__gnutls_priority_set - Sets priorities for the cipher suites supported by gnutls. | ||
76 | * @session: is a #MHD_gtls_session_t structure. | ||
77 | * @priority: is a #MHD_gnutls_priority_t structure. | ||
78 | * | ||
79 | * Sets the priorities to use on the ciphers, key exchange methods, | ||
80 | * macs and compression methods. | ||
81 | * | ||
82 | * On success 0 is returned. | ||
83 | * | ||
84 | **/ | ||
85 | int | ||
86 | MHD__gnutls_priority_set (MHD_gtls_session_t session, | ||
87 | MHD_gnutls_priority_t priority) | ||
88 | { | ||
89 | if (priority == NULL) | ||
90 | { | ||
91 | MHD_gnutls_assert (); | ||
92 | return GNUTLS_E_NO_CIPHER_SUITES; | ||
93 | } | ||
94 | |||
95 | memcpy (&session->internals.priorities, priority, | ||
96 | sizeof (struct MHD_gtls_priority_st)); | ||
97 | |||
98 | return 0; | ||
99 | } | ||
100 | |||
101 | /** | ||
102 | * MHD_tls_set_default_priority - Sets priorities for the cipher suites supported by gnutls. | ||
103 | * @priority_cache: is a #MHD_gnutls_prioritity_t structure. | ||
104 | * @priorities: is a string describing priorities | ||
105 | * @err_pos: In case of an error this will have the position in the string the error occured | ||
106 | * | ||
107 | * Sets priorities for the ciphers, key exchange methods, macs and | ||
108 | * compression methods. This is to avoid using the | ||
109 | * MHD_gnutls_*_priority() functions. | ||
110 | * | ||
111 | * The #priorities option allows you to specify a semi-colon | ||
112 | * separated list of the cipher priorities to enable. | ||
113 | * | ||
114 | * Unless the first keyword is "NONE" the defaults are: | ||
115 | * Protocols: TLS1.1, TLS1.0, and SSL3.0. | ||
116 | * Compression: NULL. | ||
117 | * Certificate types: X.509, OpenPGP. | ||
118 | * | ||
119 | * You can also use predefined sets of ciphersuites: "PERFORMANCE" | ||
120 | * all the "secure" ciphersuites are enabled, limited to 128 bit | ||
121 | * ciphers and sorted by terms of speed performance. | ||
122 | * | ||
123 | * "NORMAL" option enables all "secure" ciphersuites. The 256-bit ciphers | ||
124 | * are included as a fallback only. The ciphers are sorted by security margin. | ||
125 | * | ||
126 | * "SECURE128" flag enables all "secure" ciphersuites with ciphers up to | ||
127 | * 128 bits, sorted by security margin. | ||
128 | * | ||
129 | * "SECURE256" flag enables all "secure" ciphersuites including the 256 bit | ||
130 | * ciphers, sorted by security margin. | ||
131 | * | ||
132 | * "EXPORT" all the ciphersuites are enabled, including the | ||
133 | * low-security 40 bit ciphers. | ||
134 | * | ||
135 | * "NONE" nothing is enabled. This disables even protocols and | ||
136 | * compression methods. | ||
137 | * | ||
138 | * Special keywords: | ||
139 | * '!' or '-' appended with an algorithm will remove this algorithm. | ||
140 | * '+' appended with an algorithm will add this algorithm. | ||
141 | * '%COMPAT' will enable compatibility features for a server. | ||
142 | * | ||
143 | * To avoid collisions in order to specify a compression algorithm in | ||
144 | * this string you have to prefix it with "COMP-", protocol versions | ||
145 | * with "VERS-" and certificate types with "CTYPE-". All other | ||
146 | * algorithms don't need a prefix. | ||
147 | * | ||
148 | * For key exchange algorithms when in NORMAL or SECURE levels the | ||
149 | * perfect forward secrecy algorithms take precendence of the other | ||
150 | * protocols. In all cases all the supported key exchange algorithms | ||
151 | * are enabled (except for the RSA-EXPORT which is only enabled in | ||
152 | * EXPORT level). | ||
153 | * | ||
154 | * Note that although one can select very long key sizes (such as 256 bits) | ||
155 | * for symmetric algorithms, to actually increase security the public key | ||
156 | * algorithms have to use longer key sizes as well. | ||
157 | * | ||
158 | * Examples: "NORMAL:!AES-128-CBC", | ||
159 | * "EXPORT:!VERS-TLS1.0:+COMP-DEFLATE:+CTYPE-OPENPGP", | ||
160 | * "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL", "NORMAL", | ||
161 | * "NORMAL:%COMPAT". | ||
162 | * | ||
163 | * Returns: On syntax error GNUTLS_E_INVALID_REQUEST is returned and | ||
164 | * 0 on success. | ||
165 | **/ | ||
166 | int | ||
167 | MHD_tls_set_default_priority (MHD_gnutls_priority_t * priority_cache, | ||
168 | const char *priorities, const char **err_pos) | ||
169 | { | ||
170 | *priority_cache = | ||
171 | MHD_gnutls_calloc (1, sizeof (struct MHD_gtls_priority_st)); | ||
172 | if (*priority_cache == NULL) | ||
173 | { | ||
174 | MHD_gnutls_assert (); | ||
175 | return GNUTLS_E_MEMORY_ERROR; | ||
176 | } | ||
177 | |||
178 | /* set mode to "SECURE256" */ | ||
179 | _set_priority (&(*priority_cache)->protocol, MHD_gtls_protocol_priority); | ||
180 | _set_priority (&(*priority_cache)->cipher, | ||
181 | MHD_gtls_cipher_priority_secure256); | ||
182 | _set_priority (&(*priority_cache)->kx, MHD_gtls_kx_priority_secure); | ||
183 | _set_priority (&(*priority_cache)->mac, MHD_gtls_mac_priority_secure); | ||
184 | _set_priority (&(*priority_cache)->cert_type, MHD_gtls_cert_type_priority); | ||
185 | _set_priority (&(*priority_cache)->compression, MHD_gtls_comp_priority); | ||
186 | |||
187 | (*priority_cache)->no_padding = 0; | ||
188 | return 0; | ||
189 | } | ||
190 | |||
191 | /** | ||
192 | * MHD__gnutls_priority_deinit - Deinitialize the priorities cache for the cipher suites supported by gnutls. | ||
193 | * @priority_cache: is a #MHD_gnutls_prioritity_t structure. | ||
194 | * | ||
195 | * Deinitializes the priority cache. | ||
196 | * | ||
197 | **/ | ||
198 | void | ||
199 | MHD__gnutls_priority_deinit (MHD_gnutls_priority_t priority_cache) | ||
200 | { | ||
201 | MHD_gnutls_free (priority_cache); | ||
202 | } | ||
203 | |||
204 | /** | ||
205 | * MHD__gnutls_priority_set_direct - Sets priorities for the cipher suites supported by gnutls. | ||
206 | * @session: is a #MHD_gtls_session_t structure. | ||
207 | * @priorities: is a string describing priorities | ||
208 | * @err_pos: In case of an error this will have the position in the string the error occured | ||
209 | * | ||
210 | * Sets the priorities to use on the ciphers, key exchange methods, | ||
211 | * macs and compression methods. This function avoids keeping a | ||
212 | * priority cache and is used to directly set string priorities to a | ||
213 | * TLS session. For documentation check the MHD_tls_set_default_priority(). | ||
214 | * | ||
215 | * On syntax error GNUTLS_E_INVALID_REQUEST is returned and 0 on success. | ||
216 | * | ||
217 | **/ | ||
218 | int | ||
219 | MHD__gnutls_priority_set_direct (MHD_gtls_session_t session, | ||
220 | const char *priorities, const char **err_pos) | ||
221 | { | ||
222 | MHD_gnutls_priority_t prio; | ||
223 | int ret; | ||
224 | |||
225 | ret = MHD_tls_set_default_priority (&prio, priorities, err_pos); | ||
226 | if (ret < 0) | ||
227 | { | ||
228 | MHD_gnutls_assert (); | ||
229 | return ret; | ||
230 | } | ||
231 | |||
232 | ret = MHD__gnutls_priority_set (session, prio); | ||
233 | if (ret < 0) | ||
234 | { | ||
235 | MHD_gnutls_assert (); | ||
236 | return ret; | ||
237 | } | ||
238 | |||
239 | MHD__gnutls_priority_deinit (prio); | ||
240 | |||
241 | return 0; | ||
242 | } | ||
diff --git a/src/daemon/https/tls/gnutls_record.c b/src/daemon/https/tls/gnutls_record.c deleted file mode 100644 index 07a7b46c..00000000 --- a/src/daemon/https/tls/gnutls_record.c +++ /dev/null | |||
@@ -1,1087 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* Functions that are record layer specific, are included in this file. | ||
26 | */ | ||
27 | |||
28 | #include "gnutls_int.h" | ||
29 | #include "gnutls_errors.h" | ||
30 | #include "debug.h" | ||
31 | #include "gnutls_cipher.h" | ||
32 | #include "gnutls_buffers.h" | ||
33 | #include "gnutls_handshake.h" | ||
34 | #include "gnutls_hash_int.h" | ||
35 | #include "gnutls_cipher_int.h" | ||
36 | #include "gnutls_algorithms.h" | ||
37 | #include "gnutls_auth_int.h" | ||
38 | #include "gnutls_num.h" | ||
39 | #include "gnutls_record.h" | ||
40 | #include "gnutls_datum.h" | ||
41 | #include "ext_max_record.h" | ||
42 | #include <gnutls_state.h> | ||
43 | #include <gnutls_dh.h> | ||
44 | |||
45 | /** | ||
46 | * MHD__gnutls_protocol_get_version - Returns the version of the currently used protocol | ||
47 | * @session: is a #MHD_gtls_session_t structure. | ||
48 | * | ||
49 | * Returns: the version of the currently used protocol. | ||
50 | **/ | ||
51 | enum MHD_GNUTLS_Protocol | ||
52 | MHD__gnutls_protocol_get_version (MHD_gtls_session_t session) | ||
53 | { | ||
54 | return session->security_parameters.version; | ||
55 | } | ||
56 | |||
57 | void | ||
58 | MHD_gtls_set_current_version (MHD_gtls_session_t session, | ||
59 | enum MHD_GNUTLS_Protocol version) | ||
60 | { | ||
61 | session->security_parameters.version = version; | ||
62 | } | ||
63 | |||
64 | /** | ||
65 | * MHD__gnutls_transport_set_lowat - Used to set the lowat value in order for select to check for pending data. | ||
66 | * @session: is a #MHD_gtls_session_t structure. | ||
67 | * @num: is the low water value. | ||
68 | * | ||
69 | * Used to set the lowat value in order for select to check if there | ||
70 | * are pending data to socket buffer. Used only if you have changed | ||
71 | * the default low water value (default is 1). Normally you will not | ||
72 | * need that function. This function is only useful if using | ||
73 | * berkeley style sockets. Otherwise it must be called and set lowat | ||
74 | * to zero. | ||
75 | **/ | ||
76 | void | ||
77 | MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num) | ||
78 | { | ||
79 | session->internals.lowat = num; | ||
80 | } | ||
81 | |||
82 | /** | ||
83 | * MHD__gnutls_transport_set_ptr - Used to set first argument of the transport functions | ||
84 | * @session: is a #MHD_gtls_session_t structure. | ||
85 | * @ptr: is the value. | ||
86 | * | ||
87 | * Used to set the first argument of the transport function (like | ||
88 | * PUSH and PULL). In berkeley style sockets this function will set | ||
89 | * the connection handle. | ||
90 | **/ | ||
91 | void | ||
92 | MHD__gnutls_transport_set_ptr (MHD_gtls_session_t session, | ||
93 | MHD_gnutls_transport_ptr_t ptr) | ||
94 | { | ||
95 | session->internals.transport_recv_ptr = ptr; | ||
96 | session->internals.transport_send_ptr = ptr; | ||
97 | } | ||
98 | |||
99 | /** | ||
100 | * MHD__gnutls_bye - This function terminates the current TLS/SSL connection. | ||
101 | * @session: is a #MHD_gtls_session_t structure. | ||
102 | * @how: is an integer | ||
103 | * | ||
104 | * Terminates the current TLS/SSL connection. The connection should | ||
105 | * have been initiated using MHD__gnutls_handshake(). @how should be one | ||
106 | * of %GNUTLS_SHUT_RDWR, %GNUTLS_SHUT_WR. | ||
107 | * | ||
108 | * In case of %GNUTLS_SHUT_RDWR then the TLS connection gets | ||
109 | * terminated and further receives and sends will be disallowed. If | ||
110 | * the return value is zero you may continue using the connection. | ||
111 | * %GNUTLS_SHUT_RDWR actually sends an alert containing a close | ||
112 | * request and waits for the peer to reply with the same message. | ||
113 | * | ||
114 | * In case of %GNUTLS_SHUT_WR then the TLS connection gets terminated | ||
115 | * and further sends will be disallowed. In order to reuse the | ||
116 | * connection you should wait for an EOF from the peer. | ||
117 | * %GNUTLS_SHUT_WR sends an alert containing a close request. | ||
118 | * | ||
119 | * Note that not all implementations will properly terminate a TLS | ||
120 | * connection. Some of them, usually for performance reasons, will | ||
121 | * terminate only the underlying transport layer, thus causing a | ||
122 | * transmission error to the peer. This error cannot be | ||
123 | * distinguished from a malicious party prematurely terminating the | ||
124 | * session, thus this behavior is not recommended. | ||
125 | * | ||
126 | * This function may also return %GNUTLS_E_AGAIN or | ||
127 | * %GNUTLS_E_INTERRUPTED; cf. MHD__gnutls_record_get_direction(). | ||
128 | * | ||
129 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code, see | ||
130 | * function documentation for entire semantics. | ||
131 | **/ | ||
132 | int | ||
133 | MHD__gnutls_bye (MHD_gtls_session_t session, MHD_gnutls_close_request_t how) | ||
134 | { | ||
135 | int ret = 0; | ||
136 | |||
137 | switch (STATE) | ||
138 | { | ||
139 | case STATE0: | ||
140 | case STATE60: | ||
141 | ret = MHD_gtls_io_write_flush (session); | ||
142 | STATE = STATE60; | ||
143 | if (ret < 0) | ||
144 | { | ||
145 | MHD_gnutls_assert (); | ||
146 | return ret; | ||
147 | } | ||
148 | |||
149 | case STATE61: | ||
150 | ret = | ||
151 | MHD__gnutls_alert_send (session, GNUTLS_AL_WARNING, | ||
152 | GNUTLS_A_CLOSE_NOTIFY); | ||
153 | STATE = STATE61; | ||
154 | if (ret < 0) | ||
155 | { | ||
156 | MHD_gnutls_assert (); | ||
157 | return ret; | ||
158 | } | ||
159 | |||
160 | case STATE62: | ||
161 | STATE = STATE62; | ||
162 | if (how == GNUTLS_SHUT_RDWR) | ||
163 | { | ||
164 | do | ||
165 | { | ||
166 | MHD_gtls_io_clear_peeked_data (session); | ||
167 | ret = MHD_gtls_recv_int (session, GNUTLS_ALERT, -1, NULL, 0); | ||
168 | } | ||
169 | while (ret == GNUTLS_E_GOT_APPLICATION_DATA); | ||
170 | |||
171 | if (ret >= 0) | ||
172 | session->internals.may_not_read = 1; | ||
173 | |||
174 | if (ret < 0) | ||
175 | { | ||
176 | MHD_gnutls_assert (); | ||
177 | return ret; | ||
178 | } | ||
179 | } | ||
180 | STATE = STATE62; | ||
181 | |||
182 | break; | ||
183 | default: | ||
184 | MHD_gnutls_assert (); | ||
185 | return GNUTLS_E_INTERNAL_ERROR; | ||
186 | } | ||
187 | |||
188 | STATE = STATE0; | ||
189 | |||
190 | session->internals.may_not_write = 1; | ||
191 | return 0; | ||
192 | } | ||
193 | |||
194 | inline static void | ||
195 | session_invalidate (MHD_gtls_session_t session) | ||
196 | { | ||
197 | session->internals.valid_connection = VALID_FALSE; | ||
198 | } | ||
199 | |||
200 | inline static void | ||
201 | session_unresumable (MHD_gtls_session_t session) | ||
202 | { | ||
203 | session->internals.resumable = RESUME_FALSE; | ||
204 | } | ||
205 | |||
206 | /* returns 0 if session is valid | ||
207 | */ | ||
208 | inline static int | ||
209 | session_is_valid (MHD_gtls_session_t session) | ||
210 | { | ||
211 | if (session->internals.valid_connection == VALID_FALSE) | ||
212 | return GNUTLS_E_INVALID_SESSION; | ||
213 | |||
214 | return 0; | ||
215 | } | ||
216 | |||
217 | /* Copies the record version into the headers. The | ||
218 | * version must have 2 bytes at least. | ||
219 | */ | ||
220 | inline static void | ||
221 | copy_record_version (MHD_gtls_session_t session, | ||
222 | MHD_gnutls_handshake_description_t htype, | ||
223 | opaque version[2]) | ||
224 | { | ||
225 | enum MHD_GNUTLS_Protocol lver; | ||
226 | |||
227 | if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO | ||
228 | || session->internals.default_record_version[0] == 0) | ||
229 | { | ||
230 | lver = MHD__gnutls_protocol_get_version (session); | ||
231 | |||
232 | version[0] = MHD_gtls_version_get_major (lver); | ||
233 | version[1] = MHD_gtls_version_get_minor (lver); | ||
234 | } | ||
235 | else | ||
236 | { | ||
237 | version[0] = session->internals.default_record_version[0]; | ||
238 | version[1] = session->internals.default_record_version[1]; | ||
239 | } | ||
240 | } | ||
241 | |||
242 | /* This function behaves exactly like write(). The only difference is | ||
243 | * that it accepts, the MHD_gtls_session_t and the content_type_t of data to | ||
244 | * send (if called by the user the Content is specific) | ||
245 | * It is intended to transfer data, under the current session. | ||
246 | * | ||
247 | * Oct 30 2001: Removed capability to send data more than MAX_RECORD_SIZE. | ||
248 | * This makes the function much easier to read, and more error resistant | ||
249 | * (there were cases were the old function could mess everything up). | ||
250 | * --nmav | ||
251 | * | ||
252 | * This function may accept a NULL pointer for data, and 0 for size, if | ||
253 | * and only if the previous send was interrupted for some reason. | ||
254 | * | ||
255 | */ | ||
256 | ssize_t | ||
257 | MHD_gtls_send_int (MHD_gtls_session_t session, | ||
258 | content_type_t type, | ||
259 | MHD_gnutls_handshake_description_t htype, | ||
260 | const void *_data, size_t sizeofdata) | ||
261 | { | ||
262 | uint8_t *cipher; | ||
263 | int cipher_size; | ||
264 | int retval, ret; | ||
265 | int data2send_size; | ||
266 | uint8_t headers[5]; | ||
267 | const uint8_t *data = _data; | ||
268 | |||
269 | /* Do not allow null pointer if the send buffer is empty. | ||
270 | * If the previous send was interrupted then a null pointer is | ||
271 | * ok, and means to resume. | ||
272 | */ | ||
273 | if (session->internals.record_send_buffer.length == 0 && (sizeofdata == 0 | ||
274 | && _data == NULL)) | ||
275 | { | ||
276 | MHD_gnutls_assert (); | ||
277 | return GNUTLS_E_INVALID_REQUEST; | ||
278 | } | ||
279 | |||
280 | if (type != GNUTLS_ALERT) /* alert messages are sent anyway */ | ||
281 | if (session_is_valid (session) || session->internals.may_not_write != 0) | ||
282 | { | ||
283 | MHD_gnutls_assert (); | ||
284 | return GNUTLS_E_INVALID_SESSION; | ||
285 | } | ||
286 | |||
287 | headers[0] = type; | ||
288 | |||
289 | /* Use the default record version, if it is | ||
290 | * set. | ||
291 | */ | ||
292 | copy_record_version (session, htype, &headers[1]); | ||
293 | |||
294 | MHD__gnutls_record_log | ||
295 | ("REC[%x]: Sending Packet[%d] %s(%d) with length: %d\n", session, | ||
296 | (int) MHD_gtls_uint64touint32 (&session->connection_state. | ||
297 | write_sequence_number), | ||
298 | MHD__gnutls_packet2str (type), type, sizeofdata); | ||
299 | |||
300 | if (sizeofdata > MAX_RECORD_SEND_SIZE) | ||
301 | data2send_size = MAX_RECORD_SEND_SIZE; | ||
302 | else | ||
303 | data2send_size = sizeofdata; | ||
304 | |||
305 | /* Only encrypt if we don't have data to send | ||
306 | * from the previous run. - probably interrupted. | ||
307 | */ | ||
308 | if (session->internals.record_send_buffer.length > 0) | ||
309 | { | ||
310 | ret = MHD_gtls_io_write_flush (session); | ||
311 | if (ret > 0) | ||
312 | cipher_size = ret; | ||
313 | else | ||
314 | cipher_size = 0; | ||
315 | |||
316 | cipher = NULL; | ||
317 | |||
318 | retval = session->internals.record_send_buffer_user_size; | ||
319 | } | ||
320 | else | ||
321 | { | ||
322 | /* now proceed to packet encryption | ||
323 | */ | ||
324 | cipher_size = data2send_size + MAX_RECORD_OVERHEAD; | ||
325 | cipher = MHD_gnutls_malloc (cipher_size); | ||
326 | if (cipher == NULL) | ||
327 | { | ||
328 | MHD_gnutls_assert (); | ||
329 | return GNUTLS_E_MEMORY_ERROR; | ||
330 | } | ||
331 | |||
332 | cipher_size = | ||
333 | MHD_gtls_encrypt (session, headers, RECORD_HEADER_SIZE, data, | ||
334 | data2send_size, cipher, cipher_size, type, | ||
335 | (session->internals.priorities.no_padding == | ||
336 | 0) ? 1 : 0); | ||
337 | if (cipher_size <= 0) | ||
338 | { | ||
339 | MHD_gnutls_assert (); | ||
340 | if (cipher_size == 0) | ||
341 | cipher_size = GNUTLS_E_ENCRYPTION_FAILED; | ||
342 | MHD_gnutls_free (cipher); | ||
343 | return cipher_size; /* error */ | ||
344 | } | ||
345 | |||
346 | retval = data2send_size; | ||
347 | session->internals.record_send_buffer_user_size = data2send_size; | ||
348 | |||
349 | /* increase sequence number | ||
350 | */ | ||
351 | if (MHD_gtls_uint64pp | ||
352 | (&session->connection_state.write_sequence_number) != 0) | ||
353 | { | ||
354 | session_invalidate (session); | ||
355 | MHD_gnutls_assert (); | ||
356 | MHD_gnutls_free (cipher); | ||
357 | return GNUTLS_E_RECORD_LIMIT_REACHED; | ||
358 | } | ||
359 | |||
360 | ret = MHD_gtls_io_write_buffered (session, cipher, cipher_size); | ||
361 | MHD_gnutls_free (cipher); | ||
362 | } | ||
363 | |||
364 | if (ret != cipher_size) | ||
365 | { | ||
366 | if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0) | ||
367 | { | ||
368 | /* If we have sent any data then just return | ||
369 | * the error value. Do not invalidate the session. | ||
370 | */ | ||
371 | MHD_gnutls_assert (); | ||
372 | return ret; | ||
373 | } | ||
374 | |||
375 | if (ret > 0) | ||
376 | { | ||
377 | MHD_gnutls_assert (); | ||
378 | ret = GNUTLS_E_INTERNAL_ERROR; | ||
379 | } | ||
380 | session_unresumable (session); | ||
381 | session->internals.may_not_write = 1; | ||
382 | MHD_gnutls_assert (); | ||
383 | return ret; | ||
384 | } | ||
385 | |||
386 | session->internals.record_send_buffer_user_size = 0; | ||
387 | |||
388 | MHD__gnutls_record_log ("REC[%x]: Sent Packet[%d] %s(%d) with length: %d\n", | ||
389 | session, | ||
390 | (int) | ||
391 | MHD_gtls_uint64touint32 | ||
392 | (&session->connection_state.write_sequence_number), | ||
393 | MHD__gnutls_packet2str (type), type, cipher_size); | ||
394 | |||
395 | return retval; | ||
396 | } | ||
397 | |||
398 | /* This function is to be called if the handshake was successfully | ||
399 | * completed. This sends a Change Cipher Spec packet to the peer. | ||
400 | */ | ||
401 | ssize_t | ||
402 | MHD_gtls_send_change_cipher_spec (MHD_gtls_session_t session, int again) | ||
403 | { | ||
404 | static const opaque data[1] = { | ||
405 | GNUTLS_TYPE_CHANGE_CIPHER_SPEC | ||
406 | }; | ||
407 | |||
408 | MHD__gnutls_handshake_log ("REC[%x]: Sent ChangeCipherSpec\n", session); | ||
409 | |||
410 | if (again == 0) | ||
411 | return MHD_gtls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, | ||
412 | 1); | ||
413 | else | ||
414 | { | ||
415 | return MHD_gtls_io_write_flush (session); | ||
416 | } | ||
417 | } | ||
418 | |||
419 | inline static int | ||
420 | check_recv_type (content_type_t recv_type) | ||
421 | { | ||
422 | switch (recv_type) | ||
423 | { | ||
424 | case GNUTLS_CHANGE_CIPHER_SPEC: | ||
425 | case GNUTLS_ALERT: | ||
426 | case GNUTLS_HANDSHAKE: | ||
427 | case GNUTLS_APPLICATION_DATA: | ||
428 | case GNUTLS_INNER_APPLICATION: | ||
429 | return 0; | ||
430 | default: | ||
431 | MHD_gnutls_assert (); | ||
432 | return GNUTLS_A_UNEXPECTED_MESSAGE; | ||
433 | } | ||
434 | |||
435 | } | ||
436 | |||
437 | /* Checks if there are pending data in the record buffers. If there are | ||
438 | * then it copies the data. | ||
439 | */ | ||
440 | static int | ||
441 | check_buffers (MHD_gtls_session_t session, | ||
442 | content_type_t type, opaque * data, int sizeofdata) | ||
443 | { | ||
444 | if ((type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE || type | ||
445 | == GNUTLS_INNER_APPLICATION) | ||
446 | && MHD_gnutls_record_buffer_get_size (type, session) > 0) | ||
447 | { | ||
448 | int ret, ret2; | ||
449 | ret = MHD_gtls_record_buffer_get (type, session, data, sizeofdata); | ||
450 | if (ret < 0) | ||
451 | { | ||
452 | MHD_gnutls_assert (); | ||
453 | return ret; | ||
454 | } | ||
455 | |||
456 | /* if the buffer just got empty */ | ||
457 | if (MHD_gnutls_record_buffer_get_size (type, session) == 0) | ||
458 | { | ||
459 | if ((ret2 = MHD_gtls_io_clear_peeked_data (session)) < 0) | ||
460 | { | ||
461 | MHD_gnutls_assert (); | ||
462 | return ret2; | ||
463 | } | ||
464 | } | ||
465 | |||
466 | return ret; | ||
467 | } | ||
468 | |||
469 | return 0; | ||
470 | } | ||
471 | |||
472 | /* Checks the record headers and returns the length, version and | ||
473 | * content type. | ||
474 | */ | ||
475 | static int | ||
476 | record_check_headers (MHD_gtls_session_t session, | ||
477 | uint8_t headers[RECORD_HEADER_SIZE], | ||
478 | content_type_t type, | ||
479 | MHD_gnutls_handshake_description_t htype, | ||
480 | /*output */ content_type_t * recv_type, | ||
481 | opaque version[2], | ||
482 | uint16_t * length, uint16_t * header_size) | ||
483 | { | ||
484 | |||
485 | /* Read the first two bytes to determine if this is a | ||
486 | * version 2 message | ||
487 | */ | ||
488 | |||
489 | if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && type == GNUTLS_HANDSHAKE | ||
490 | && headers[0] > 127) | ||
491 | { | ||
492 | |||
493 | /* if msb set and expecting handshake message | ||
494 | * it should be SSL 2 hello | ||
495 | */ | ||
496 | version[0] = 3; /* assume SSL 3.0 */ | ||
497 | version[1] = 0; | ||
498 | |||
499 | *length = (((headers[0] & 0x7f) << 8)) | headers[1]; | ||
500 | |||
501 | /* SSL 2.0 headers */ | ||
502 | *header_size = 2; | ||
503 | *recv_type = GNUTLS_HANDSHAKE; /* we accept only v2 client hello | ||
504 | */ | ||
505 | |||
506 | /* in order to assist the handshake protocol. | ||
507 | * V2 compatibility is a mess. | ||
508 | */ | ||
509 | session->internals.v2_hello = *length; | ||
510 | |||
511 | MHD__gnutls_record_log ("REC[%x]: V2 packet received. Length: %d\n", | ||
512 | session, *length); | ||
513 | |||
514 | } | ||
515 | else | ||
516 | { | ||
517 | /* version 3.x */ | ||
518 | *recv_type = headers[0]; | ||
519 | version[0] = headers[1]; | ||
520 | version[1] = headers[2]; | ||
521 | |||
522 | /* No DECR_LEN, since headers has enough size. | ||
523 | */ | ||
524 | *length = MHD_gtls_read_uint16 (&headers[3]); | ||
525 | } | ||
526 | |||
527 | return 0; | ||
528 | } | ||
529 | |||
530 | /* Here we check if the advertized version is the one we | ||
531 | * negotiated in the handshake. | ||
532 | */ | ||
533 | inline static int | ||
534 | record_check_version (MHD_gtls_session_t session, | ||
535 | MHD_gnutls_handshake_description_t htype, | ||
536 | opaque version[2]) | ||
537 | { | ||
538 | if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) | ||
539 | { | ||
540 | /* Reject hello packets with major version higher than 3. | ||
541 | */ | ||
542 | if (version[0] > 3) | ||
543 | { | ||
544 | MHD_gnutls_assert (); | ||
545 | MHD__gnutls_record_log | ||
546 | ("REC[%x]: INVALID VERSION PACKET: (%d) %d.%d\n", session, | ||
547 | htype, version[0], version[1]); | ||
548 | return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; | ||
549 | } | ||
550 | } | ||
551 | else if (htype != GNUTLS_HANDSHAKE_SERVER_HELLO | ||
552 | && MHD__gnutls_protocol_get_version (session) | ||
553 | != MHD_gtls_version_get (version[0], version[1])) | ||
554 | { | ||
555 | /* Reject record packets that have a different version than the | ||
556 | * one negotiated. Note that this version is not protected by any | ||
557 | * mac. I don't really think that this check serves any purpose. | ||
558 | */ | ||
559 | MHD_gnutls_assert (); | ||
560 | MHD__gnutls_record_log ("REC[%x]: INVALID VERSION PACKET: (%d) %d.%d\n", | ||
561 | session, htype, version[0], version[1]); | ||
562 | |||
563 | return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; | ||
564 | } | ||
565 | |||
566 | return 0; | ||
567 | } | ||
568 | |||
569 | /* This function will check if the received record type is | ||
570 | * the one we actually expect. | ||
571 | */ | ||
572 | static int | ||
573 | record_check_type (MHD_gtls_session_t session, | ||
574 | content_type_t recv_type, | ||
575 | content_type_t type, | ||
576 | MHD_gnutls_handshake_description_t htype, | ||
577 | opaque * data, int data_size) | ||
578 | { | ||
579 | |||
580 | int ret; | ||
581 | |||
582 | if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type | ||
583 | == GNUTLS_HANDSHAKE | ||
584 | || type == GNUTLS_INNER_APPLICATION)) | ||
585 | { | ||
586 | MHD_gnutls_record_buffer_put (type, session, (void *) data, data_size); | ||
587 | } | ||
588 | else | ||
589 | { | ||
590 | switch (recv_type) | ||
591 | { | ||
592 | case GNUTLS_ALERT: | ||
593 | |||
594 | MHD__gnutls_record_log | ||
595 | ("REC[%x]: Alert[%d|%d] - %s - was received\n", session, | ||
596 | data[0], data[1], MHD__gnutls_alert_get_name ((int) data[1])); | ||
597 | |||
598 | session->internals.last_alert = data[1]; | ||
599 | session->internals.last_alert_level = data[0]; | ||
600 | |||
601 | /* if close notify is received and | ||
602 | * the alert is not fatal | ||
603 | */ | ||
604 | if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL) | ||
605 | { | ||
606 | /* If we have been expecting for an alert do | ||
607 | */ | ||
608 | session->internals.read_eof = 1; | ||
609 | return GNUTLS_E_INT_RET_0; /* EOF */ | ||
610 | } | ||
611 | else | ||
612 | { | ||
613 | |||
614 | /* if the alert is FATAL or WARNING | ||
615 | * return the apropriate message | ||
616 | */ | ||
617 | MHD_gnutls_assert (); | ||
618 | ret = GNUTLS_E_WARNING_ALERT_RECEIVED; | ||
619 | if (data[0] == GNUTLS_AL_FATAL) | ||
620 | { | ||
621 | session_unresumable (session); | ||
622 | session_invalidate (session); | ||
623 | ret = GNUTLS_E_FATAL_ALERT_RECEIVED; | ||
624 | } | ||
625 | |||
626 | return ret; | ||
627 | } | ||
628 | break; | ||
629 | |||
630 | case GNUTLS_CHANGE_CIPHER_SPEC: | ||
631 | /* this packet is now handled in the recv_int() | ||
632 | * function | ||
633 | */ | ||
634 | MHD_gnutls_assert (); | ||
635 | |||
636 | return GNUTLS_E_UNEXPECTED_PACKET; | ||
637 | |||
638 | case GNUTLS_APPLICATION_DATA: | ||
639 | /* even if data is unexpected put it into the buffer */ | ||
640 | if ((ret = | ||
641 | MHD_gnutls_record_buffer_put (recv_type, session, | ||
642 | (void *) data, data_size)) < 0) | ||
643 | { | ||
644 | MHD_gnutls_assert (); | ||
645 | return ret; | ||
646 | } | ||
647 | |||
648 | /* the got_application data is only returned | ||
649 | * if expecting client hello (for rehandshake | ||
650 | * reasons). Otherwise it is an unexpected packet | ||
651 | */ | ||
652 | if (type == GNUTLS_ALERT || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO | ||
653 | && type == GNUTLS_HANDSHAKE)) | ||
654 | return GNUTLS_E_GOT_APPLICATION_DATA; | ||
655 | else | ||
656 | { | ||
657 | MHD_gnutls_assert (); | ||
658 | return GNUTLS_E_UNEXPECTED_PACKET; | ||
659 | } | ||
660 | |||
661 | break; | ||
662 | case GNUTLS_HANDSHAKE: | ||
663 | /* This is legal if HELLO_REQUEST is received - and we are a client. | ||
664 | * If we are a server, a client may initiate a renegotiation at any time. | ||
665 | */ | ||
666 | if (session->security_parameters.entity == GNUTLS_SERVER) | ||
667 | { | ||
668 | MHD_gnutls_assert (); | ||
669 | return GNUTLS_E_REHANDSHAKE; | ||
670 | } | ||
671 | |||
672 | /* If we are already in a handshake then a Hello | ||
673 | * Request is illegal. But here we don't really care | ||
674 | * since this message will never make it up here. | ||
675 | */ | ||
676 | |||
677 | /* So we accept it */ | ||
678 | return MHD_gtls_recv_hello_request (session, data, data_size); | ||
679 | |||
680 | break; | ||
681 | case GNUTLS_INNER_APPLICATION: | ||
682 | /* even if data is unexpected put it into the buffer */ | ||
683 | if ((ret = | ||
684 | MHD_gnutls_record_buffer_put (recv_type, session, | ||
685 | (void *) data, data_size)) < 0) | ||
686 | { | ||
687 | MHD_gnutls_assert (); | ||
688 | return ret; | ||
689 | } | ||
690 | MHD_gnutls_assert (); | ||
691 | return GNUTLS_E_UNEXPECTED_PACKET; | ||
692 | break; | ||
693 | default: | ||
694 | |||
695 | MHD__gnutls_record_log | ||
696 | ("REC[%x]: Received Unknown packet %d expecting %d\n", | ||
697 | session, recv_type, type); | ||
698 | |||
699 | MHD_gnutls_assert (); | ||
700 | return GNUTLS_E_INTERNAL_ERROR; | ||
701 | } | ||
702 | } | ||
703 | |||
704 | return 0; | ||
705 | |||
706 | } | ||
707 | |||
708 | /* This function will return the internal (per session) temporary | ||
709 | * recv buffer. If the buffer was not initialized before it will | ||
710 | * also initialize it. | ||
711 | */ | ||
712 | inline static int | ||
713 | get_temp_recv_buffer (MHD_gtls_session_t session, MHD_gnutls_datum_t * tmp) | ||
714 | { | ||
715 | size_t max_record_size; | ||
716 | |||
717 | max_record_size = MAX_RECORD_RECV_SIZE; | ||
718 | |||
719 | /* We allocate MAX_RECORD_RECV_SIZE length | ||
720 | * because we cannot predict the output data by the record | ||
721 | * packet length (due to compression). | ||
722 | */ | ||
723 | |||
724 | if (max_record_size > session->internals.recv_buffer.size | ||
725 | || session->internals.recv_buffer.data == NULL) | ||
726 | { | ||
727 | |||
728 | /* Initialize the internal buffer. | ||
729 | */ | ||
730 | session->internals.recv_buffer.data | ||
731 | = | ||
732 | MHD_gnutls_realloc (session->internals.recv_buffer.data, | ||
733 | max_record_size); | ||
734 | |||
735 | if (session->internals.recv_buffer.data == NULL) | ||
736 | { | ||
737 | MHD_gnutls_assert (); | ||
738 | return GNUTLS_E_MEMORY_ERROR; | ||
739 | } | ||
740 | |||
741 | session->internals.recv_buffer.size = max_record_size; | ||
742 | } | ||
743 | |||
744 | tmp->data = session->internals.recv_buffer.data; | ||
745 | tmp->size = session->internals.recv_buffer.size; | ||
746 | |||
747 | return 0; | ||
748 | } | ||
749 | |||
750 | #define MAX_EMPTY_PACKETS_SEQUENCE 4 | ||
751 | |||
752 | /* This function behaves exactly like read(). The only difference is | ||
753 | * that it accepts the MHD_gtls_session_t and the content_type_t of data to | ||
754 | * receive (if called by the user the Content is Userdata only) | ||
755 | * It is intended to receive data, under the current session. | ||
756 | * | ||
757 | * The MHD_gnutls_handshake_description_t was introduced to support SSL V2.0 client hellos. | ||
758 | */ | ||
759 | ssize_t | ||
760 | MHD_gtls_recv_int (MHD_gtls_session_t session, | ||
761 | content_type_t type, | ||
762 | MHD_gnutls_handshake_description_t htype, | ||
763 | opaque * data, size_t sizeofdata) | ||
764 | { | ||
765 | MHD_gnutls_datum_t tmp; | ||
766 | int decrypted_length; | ||
767 | opaque version[2]; | ||
768 | uint8_t *headers; | ||
769 | content_type_t recv_type; | ||
770 | uint16_t length; | ||
771 | uint8_t *ciphertext; | ||
772 | uint8_t *recv_data; | ||
773 | int ret, ret2; | ||
774 | uint16_t header_size; | ||
775 | int empty_packet = 0; | ||
776 | |||
777 | if (type != GNUTLS_ALERT && (sizeofdata == 0 || data == NULL)) | ||
778 | { | ||
779 | return GNUTLS_E_INVALID_REQUEST; | ||
780 | } | ||
781 | |||
782 | begin: | ||
783 | |||
784 | if (empty_packet > MAX_EMPTY_PACKETS_SEQUENCE) | ||
785 | { | ||
786 | MHD_gnutls_assert (); | ||
787 | return GNUTLS_E_TOO_MANY_EMPTY_PACKETS; | ||
788 | } | ||
789 | |||
790 | if (session->internals.read_eof != 0) | ||
791 | { | ||
792 | /* if we have already read an EOF | ||
793 | */ | ||
794 | return 0; | ||
795 | } | ||
796 | else if (session_is_valid (session) != 0 || session->internals.may_not_read | ||
797 | != 0) | ||
798 | { | ||
799 | MHD_gnutls_assert (); | ||
800 | return GNUTLS_E_INVALID_SESSION; | ||
801 | } | ||
802 | |||
803 | /* If we have enough data in the cache do not bother receiving | ||
804 | * a new packet. (in order to flush the cache) | ||
805 | */ | ||
806 | ret = check_buffers (session, type, data, sizeofdata); | ||
807 | if (ret != 0) | ||
808 | return ret; | ||
809 | |||
810 | /* default headers for TLS 1.0 | ||
811 | */ | ||
812 | header_size = RECORD_HEADER_SIZE; | ||
813 | |||
814 | if ((ret = MHD_gtls_io_read_buffered (session, &headers, header_size, -1)) | ||
815 | != header_size) | ||
816 | { | ||
817 | if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0) | ||
818 | return ret; | ||
819 | |||
820 | session_invalidate (session); | ||
821 | if (type == GNUTLS_ALERT) | ||
822 | { | ||
823 | MHD_gnutls_assert (); | ||
824 | return 0; /* we were expecting close notify */ | ||
825 | } | ||
826 | session_unresumable (session); | ||
827 | MHD_gnutls_assert (); | ||
828 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
829 | } | ||
830 | |||
831 | if ((ret = record_check_headers (session, headers, type, htype, &recv_type, | ||
832 | version, &length, &header_size)) < 0) | ||
833 | { | ||
834 | MHD_gnutls_assert (); | ||
835 | return ret; | ||
836 | } | ||
837 | |||
838 | /* Here we check if the Type of the received packet is | ||
839 | * ok. | ||
840 | */ | ||
841 | if ((ret = check_recv_type (recv_type)) < 0) | ||
842 | { | ||
843 | MHD_gnutls_assert (); | ||
844 | return ret; | ||
845 | } | ||
846 | |||
847 | /* Here we check if the advertized version is the one we | ||
848 | * negotiated in the handshake. | ||
849 | */ | ||
850 | if ((ret = record_check_version (session, htype, version)) < 0) | ||
851 | { | ||
852 | MHD_gnutls_assert (); | ||
853 | session_invalidate (session); | ||
854 | return ret; | ||
855 | } | ||
856 | |||
857 | MHD__gnutls_record_log | ||
858 | ("REC[%x]: Expected Packet[%d] %s(%d) with length: %d\n", session, | ||
859 | (int) MHD_gtls_uint64touint32 (&session->connection_state. | ||
860 | read_sequence_number), | ||
861 | MHD__gnutls_packet2str (type), type, sizeofdata); | ||
862 | MHD__gnutls_record_log | ||
863 | ("REC[%x]: Received Packet[%d] %s(%d) with length: %d\n", session, | ||
864 | (int) MHD_gtls_uint64touint32 (&session->connection_state. | ||
865 | read_sequence_number), | ||
866 | MHD__gnutls_packet2str (recv_type), recv_type, length); | ||
867 | |||
868 | if (length > MAX_RECV_SIZE) | ||
869 | { | ||
870 | MHD__gnutls_record_log | ||
871 | ("REC[%x]: FATAL ERROR: Received packet with length: %d\n", | ||
872 | session, length); | ||
873 | |||
874 | session_unresumable (session); | ||
875 | session_invalidate (session); | ||
876 | MHD_gnutls_assert (); | ||
877 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
878 | } | ||
879 | |||
880 | /* check if we have that data into buffer. | ||
881 | */ | ||
882 | if ((ret = MHD_gtls_io_read_buffered (session, &recv_data, | ||
883 | header_size + length, recv_type)) | ||
884 | != header_size + length) | ||
885 | { | ||
886 | if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0) | ||
887 | return ret; | ||
888 | |||
889 | session_unresumable (session); | ||
890 | session_invalidate (session); | ||
891 | MHD_gnutls_assert (); | ||
892 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
893 | } | ||
894 | |||
895 | /* ok now we are sure that we can read all the data - so | ||
896 | * move on ! | ||
897 | */ | ||
898 | MHD_gtls_io_clear_read_buffer (session); | ||
899 | ciphertext = &recv_data[header_size]; | ||
900 | |||
901 | ret = get_temp_recv_buffer (session, &tmp); | ||
902 | if (ret < 0) | ||
903 | { | ||
904 | MHD_gnutls_assert (); | ||
905 | return ret; | ||
906 | } | ||
907 | |||
908 | /* decrypt the data we got. */ | ||
909 | ret = MHD_gtls_decrypt (session, ciphertext, length, tmp.data, tmp.size, | ||
910 | recv_type); | ||
911 | if (ret < 0) | ||
912 | { | ||
913 | session_unresumable (session); | ||
914 | session_invalidate (session); | ||
915 | MHD_gnutls_assert (); | ||
916 | return ret; | ||
917 | } | ||
918 | decrypted_length = ret; | ||
919 | |||
920 | /* Check if this is a CHANGE_CIPHER_SPEC | ||
921 | */ | ||
922 | if (type == GNUTLS_CHANGE_CIPHER_SPEC && recv_type | ||
923 | == GNUTLS_CHANGE_CIPHER_SPEC) | ||
924 | { | ||
925 | |||
926 | MHD__gnutls_record_log | ||
927 | ("REC[%x]: ChangeCipherSpec Packet was received\n", session); | ||
928 | |||
929 | if ((size_t) ret != sizeofdata) | ||
930 | { /* sizeofdata should be 1 */ | ||
931 | MHD_gnutls_assert (); | ||
932 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
933 | } | ||
934 | memcpy (data, tmp.data, sizeofdata); | ||
935 | |||
936 | return ret; | ||
937 | } | ||
938 | |||
939 | MHD__gnutls_record_log | ||
940 | ("REC[%x]: Decrypted Packet[%d] %s(%d) with length: %d\n", session, | ||
941 | (int) MHD_gtls_uint64touint32 (&session->connection_state. | ||
942 | read_sequence_number), | ||
943 | MHD__gnutls_packet2str (recv_type), recv_type, decrypted_length); | ||
944 | |||
945 | /* increase sequence number | ||
946 | */ | ||
947 | if (MHD_gtls_uint64pp (&session->connection_state.read_sequence_number) != | ||
948 | 0) | ||
949 | { | ||
950 | session_invalidate (session); | ||
951 | MHD_gnutls_assert (); | ||
952 | return GNUTLS_E_RECORD_LIMIT_REACHED; | ||
953 | } | ||
954 | |||
955 | /* check type - this will also invalidate sessions if a fatal alert has been received */ | ||
956 | ret = record_check_type (session, recv_type, type, htype, tmp.data, | ||
957 | decrypted_length); | ||
958 | if (ret < 0) | ||
959 | { | ||
960 | if (ret == GNUTLS_E_INT_RET_0) | ||
961 | return 0; | ||
962 | MHD_gnutls_assert (); | ||
963 | return ret; | ||
964 | } | ||
965 | |||
966 | /* Get Application data from buffer | ||
967 | */ | ||
968 | if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type | ||
969 | == GNUTLS_HANDSHAKE | ||
970 | || type == GNUTLS_INNER_APPLICATION)) | ||
971 | { | ||
972 | |||
973 | ret = MHD_gtls_record_buffer_get (type, session, data, sizeofdata); | ||
974 | if (ret < 0) | ||
975 | { | ||
976 | MHD_gnutls_assert (); | ||
977 | return ret; | ||
978 | } | ||
979 | |||
980 | /* if the buffer just got empty | ||
981 | */ | ||
982 | if (MHD_gnutls_record_buffer_get_size (type, session) == 0) | ||
983 | { | ||
984 | if ((ret2 = MHD_gtls_io_clear_peeked_data (session)) < 0) | ||
985 | { | ||
986 | MHD_gnutls_assert (); | ||
987 | return ret2; | ||
988 | } | ||
989 | } | ||
990 | } | ||
991 | else | ||
992 | { | ||
993 | MHD_gnutls_assert (); | ||
994 | return GNUTLS_E_UNEXPECTED_PACKET; | ||
995 | /* we didn't get what we wanted to | ||
996 | */ | ||
997 | } | ||
998 | |||
999 | /* (originally for) TLS 1.0 CBC protection. | ||
1000 | * Actually this code is called if we just received | ||
1001 | * an empty packet. An empty TLS packet is usually | ||
1002 | * sent to protect some vulnerabilities in the CBC mode. | ||
1003 | * In that case we go to the beginning and start reading | ||
1004 | * the next packet. | ||
1005 | */ | ||
1006 | if (ret == 0) | ||
1007 | { | ||
1008 | empty_packet++; | ||
1009 | goto begin; | ||
1010 | } | ||
1011 | |||
1012 | return ret; | ||
1013 | } | ||
1014 | |||
1015 | /** | ||
1016 | * MHD__gnutls_record_send - sends to the peer the specified data | ||
1017 | * @session: is a #MHD_gtls_session_t structure. | ||
1018 | * @data: contains the data to send | ||
1019 | * @sizeofdata: is the length of the data | ||
1020 | * | ||
1021 | * This function has the similar semantics with send(). The only | ||
1022 | * difference is that is accepts a GNUTLS session, and uses different | ||
1023 | * error codes. | ||
1024 | * | ||
1025 | * Note that if the send buffer is full, send() will block this | ||
1026 | * function. See the send() documentation for full information. You | ||
1027 | * can replace the default push function by using | ||
1028 | * MHD__gnutls_transport_set_ptr2() with a call to send() with a | ||
1029 | * MSG_DONTWAIT flag if blocking is a problem. | ||
1030 | * | ||
1031 | * If the EINTR is returned by the internal push function (the | ||
1032 | * default is send()} then %GNUTLS_E_INTERRUPTED will be returned. If | ||
1033 | * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must | ||
1034 | * call this function again, with the same parameters; alternatively | ||
1035 | * you could provide a %NULL pointer for data, and 0 for | ||
1036 | * size. cf. MHD__gnutls_record_get_direction(). | ||
1037 | * | ||
1038 | * Returns: the number of bytes sent, or a negative error code. The | ||
1039 | * number of bytes sent might be less than @sizeofdata. The maximum | ||
1040 | * number of bytes this function can send in a single call depends on | ||
1041 | * the negotiated maximum record size. | ||
1042 | **/ | ||
1043 | ssize_t | ||
1044 | MHD__gnutls_record_send (MHD_gtls_session_t session, | ||
1045 | const void *data, size_t sizeofdata) | ||
1046 | { | ||
1047 | return MHD_gtls_send_int (session, GNUTLS_APPLICATION_DATA, -1, data, | ||
1048 | sizeofdata); | ||
1049 | } | ||
1050 | |||
1051 | /** | ||
1052 | * MHD__gnutls_record_recv - reads data from the TLS record protocol | ||
1053 | * @session: is a #MHD_gtls_session_t structure. | ||
1054 | * @data: the buffer that the data will be read into | ||
1055 | * @sizeofdata: the number of requested bytes | ||
1056 | * | ||
1057 | * This function has the similar semantics with recv(). The only | ||
1058 | * difference is that is accepts a GNUTLS session, and uses different | ||
1059 | * error codes. | ||
1060 | * | ||
1061 | * In the special case that a server requests a renegotiation, the | ||
1062 | * client may receive an error code of %GNUTLS_E_REHANDSHAKE. This | ||
1063 | * message may be simply ignored, replied with an alert containing | ||
1064 | * NO_RENEGOTIATION, or replied with a new handshake, depending on | ||
1065 | * the client's will. | ||
1066 | * | ||
1067 | * If %EINTR is returned by the internal push function (the default | ||
1068 | * is recv()) then %GNUTLS_E_INTERRUPTED will be returned. If | ||
1069 | * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must | ||
1070 | * call this function again to get the data. See also | ||
1071 | * MHD__gnutls_record_get_direction(). | ||
1072 | * | ||
1073 | * A server may also receive %GNUTLS_E_REHANDSHAKE when a client has | ||
1074 | * initiated a handshake. In that case the server can only initiate a | ||
1075 | * handshake or terminate the connection. | ||
1076 | * | ||
1077 | * Returns: the number of bytes received and zero on EOF. A negative | ||
1078 | * error code is returned in case of an error. The number of bytes | ||
1079 | * received might be less than @sizeofdata. | ||
1080 | **/ | ||
1081 | ssize_t | ||
1082 | MHD__gnutls_record_recv (MHD_gtls_session_t session, void *data, | ||
1083 | size_t sizeofdata) | ||
1084 | { | ||
1085 | return MHD_gtls_recv_int (session, GNUTLS_APPLICATION_DATA, -1, data, | ||
1086 | sizeofdata); | ||
1087 | } | ||
diff --git a/src/daemon/https/tls/gnutls_record.h b/src/daemon/https/tls/gnutls_record.h deleted file mode 100644 index fe7300b6..00000000 --- a/src/daemon/https/tls/gnutls_record.h +++ /dev/null | |||
@@ -1,33 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | ssize_t MHD_gtls_send_int (MHD_gtls_session_t session, content_type_t type, | ||
26 | MHD_gnutls_handshake_description_t htype, | ||
27 | const void *data, size_t sizeofdata); | ||
28 | ssize_t MHD_gtls_recv_int (MHD_gtls_session_t session, content_type_t type, | ||
29 | MHD_gnutls_handshake_description_t, opaque * data, | ||
30 | size_t sizeofdata); | ||
31 | ssize_t MHD_gtls_send_change_cipher_spec (MHD_gtls_session_t session, | ||
32 | int again); | ||
33 | void MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num); | ||
diff --git a/src/daemon/https/tls/gnutls_rsa_export.c b/src/daemon/https/tls/gnutls_rsa_export.c deleted file mode 100644 index 65f97c76..00000000 --- a/src/daemon/https/tls/gnutls_rsa_export.c +++ /dev/null | |||
@@ -1,63 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains code for RSA temporary keys. These keys are | ||
26 | * only used in export cipher suites. | ||
27 | */ | ||
28 | |||
29 | #include <gnutls_int.h> | ||
30 | #include <gnutls_errors.h> | ||
31 | #include <gnutls_datum.h> | ||
32 | #include <gnutls_rsa_export.h> | ||
33 | #include "debug.h" | ||
34 | /* x509 */ | ||
35 | #include "x509.h" | ||
36 | #include "privkey.h" | ||
37 | |||
38 | /* returns e and m, depends on the requested bits. | ||
39 | * We only support limited key sizes. | ||
40 | */ | ||
41 | const mpi_t * | ||
42 | MHD__gnutls_rsa_params_to_mpi (MHD_gtls_rsa_params_t rsa_params) | ||
43 | { | ||
44 | if (rsa_params == NULL) | ||
45 | { | ||
46 | return NULL; | ||
47 | } | ||
48 | return rsa_params->params; | ||
49 | } | ||
50 | |||
51 | |||
52 | /** | ||
53 | * MHD__gnutls_rsa_params_deinit - This function will deinitialize the RSA parameters | ||
54 | * @rsa_params: Is a structure that holds the parameters | ||
55 | * | ||
56 | * This function will deinitialize the RSA parameters structure. | ||
57 | * | ||
58 | **/ | ||
59 | void | ||
60 | MHD__gnutls_rsa_params_deinit (MHD_gtls_rsa_params_t rsa_params) | ||
61 | { | ||
62 | MHD_gnutls_x509_privkey_deinit (rsa_params); | ||
63 | } | ||
diff --git a/src/daemon/https/tls/gnutls_rsa_export.h b/src/daemon/https/tls/gnutls_rsa_export.h deleted file mode 100644 index a28f4297..00000000 --- a/src/daemon/https/tls/gnutls_rsa_export.h +++ /dev/null | |||
@@ -1,26 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | const mpi_t *MHD__gnutls_rsa_params_to_mpi (MHD_gtls_rsa_params_t); | ||
26 | int MHD__gnutls_peers_cert_less_512 (MHD_gtls_session_t session); | ||
diff --git a/src/daemon/https/tls/gnutls_sig.c b/src/daemon/https/tls/gnutls_sig.c deleted file mode 100644 index e27c4684..00000000 --- a/src/daemon/https/tls/gnutls_sig.c +++ /dev/null | |||
@@ -1,476 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | #include <gnutls_errors.h> | ||
27 | #include <x509_b64.h> | ||
28 | #include <auth_cert.h> | ||
29 | #include <gnutls_cert.h> | ||
30 | #include <gnutls_datum.h> | ||
31 | #include <gnutls_mpi.h> | ||
32 | #include <gnutls_global.h> | ||
33 | #include <gnutls_pk.h> | ||
34 | #include <debug.h> | ||
35 | #include <gnutls_buffers.h> | ||
36 | #include <gnutls_sig.h> | ||
37 | #include <gnutls_kx.h> | ||
38 | |||
39 | static int MHD__gnutls_tls_sign (MHD_gtls_session_t session, | ||
40 | MHD_gnutls_cert * cert, | ||
41 | MHD_gnutls_privkey * pkey, | ||
42 | const MHD_gnutls_datum_t * hash_concat, | ||
43 | MHD_gnutls_datum_t * signature); | ||
44 | |||
45 | /* Generates a signature of all the previous sent packets in the | ||
46 | * handshake procedure. (20040227: now it works for SSL 3.0 as well) | ||
47 | */ | ||
48 | int | ||
49 | MHD_gtls_tls_sign_hdata (MHD_gtls_session_t session, | ||
50 | MHD_gnutls_cert * cert, | ||
51 | MHD_gnutls_privkey * pkey, | ||
52 | MHD_gnutls_datum_t * signature) | ||
53 | { | ||
54 | MHD_gnutls_datum_t dconcat; | ||
55 | int ret; | ||
56 | opaque concat[36]; | ||
57 | mac_hd_t td_md5; | ||
58 | mac_hd_t td_sha; | ||
59 | enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session); | ||
60 | |||
61 | td_sha = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_sha); | ||
62 | if (td_sha == NULL) | ||
63 | { | ||
64 | MHD_gnutls_assert (); | ||
65 | return GNUTLS_E_HASH_FAILED; | ||
66 | } | ||
67 | |||
68 | if (ver == MHD_GNUTLS_PROTOCOL_SSL3) | ||
69 | { | ||
70 | ret = MHD_gtls_generate_master (session, 1); | ||
71 | if (ret < 0) | ||
72 | { | ||
73 | MHD_gnutls_assert (); | ||
74 | return ret; | ||
75 | } | ||
76 | |||
77 | MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], | ||
78 | session->security_parameters. | ||
79 | master_secret, TLS_MASTER_SIZE); | ||
80 | } | ||
81 | else | ||
82 | MHD_gnutls_hash_deinit (td_sha, &concat[16]); | ||
83 | |||
84 | switch (cert->subject_pk_algorithm) | ||
85 | { | ||
86 | case MHD_GNUTLS_PK_RSA: | ||
87 | td_md5 = | ||
88 | MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_md5); | ||
89 | if (td_md5 == NULL) | ||
90 | { | ||
91 | MHD_gnutls_assert (); | ||
92 | return GNUTLS_E_HASH_FAILED; | ||
93 | } | ||
94 | |||
95 | if (ver == MHD_GNUTLS_PROTOCOL_SSL3) | ||
96 | MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, | ||
97 | session->security_parameters. | ||
98 | master_secret, TLS_MASTER_SIZE); | ||
99 | else | ||
100 | MHD_gnutls_hash_deinit (td_md5, concat); | ||
101 | |||
102 | dconcat.data = concat; | ||
103 | dconcat.size = 36; | ||
104 | break; | ||
105 | default: | ||
106 | MHD_gnutls_assert (); | ||
107 | return GNUTLS_E_INTERNAL_ERROR; | ||
108 | } | ||
109 | ret = MHD__gnutls_tls_sign (session, cert, pkey, &dconcat, signature); | ||
110 | if (ret < 0) | ||
111 | { | ||
112 | MHD_gnutls_assert (); | ||
113 | } | ||
114 | |||
115 | return ret; | ||
116 | } | ||
117 | |||
118 | /* Generates a signature of all the random data and the parameters. | ||
119 | * Used in DHE_* ciphersuites. | ||
120 | */ | ||
121 | int | ||
122 | MHD_gtls_tls_sign_params (MHD_gtls_session_t session, | ||
123 | MHD_gnutls_cert * cert, | ||
124 | MHD_gnutls_privkey * pkey, | ||
125 | MHD_gnutls_datum_t * params, | ||
126 | MHD_gnutls_datum_t * signature) | ||
127 | { | ||
128 | MHD_gnutls_datum_t dconcat; | ||
129 | int ret; | ||
130 | mac_hd_t td_sha; | ||
131 | opaque concat[36]; | ||
132 | enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session); | ||
133 | |||
134 | td_sha = MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1); | ||
135 | if (td_sha == NULL) | ||
136 | { | ||
137 | MHD_gnutls_assert (); | ||
138 | return GNUTLS_E_HASH_FAILED; | ||
139 | } | ||
140 | |||
141 | MHD_gnutls_hash (td_sha, session->security_parameters.client_random, | ||
142 | TLS_RANDOM_SIZE); | ||
143 | MHD_gnutls_hash (td_sha, session->security_parameters.server_random, | ||
144 | TLS_RANDOM_SIZE); | ||
145 | MHD_gnutls_hash (td_sha, params->data, params->size); | ||
146 | |||
147 | switch (cert->subject_pk_algorithm) | ||
148 | { | ||
149 | case MHD_GNUTLS_PK_RSA: | ||
150 | if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) | ||
151 | { | ||
152 | mac_hd_t td_md5 = MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5); | ||
153 | if (td_md5 == NULL) | ||
154 | { | ||
155 | MHD_gnutls_assert (); | ||
156 | return GNUTLS_E_HASH_FAILED; | ||
157 | } | ||
158 | |||
159 | MHD_gnutls_hash (td_md5, session->security_parameters.client_random, | ||
160 | TLS_RANDOM_SIZE); | ||
161 | MHD_gnutls_hash (td_md5, session->security_parameters.server_random, | ||
162 | TLS_RANDOM_SIZE); | ||
163 | MHD_gnutls_hash (td_md5, params->data, params->size); | ||
164 | |||
165 | MHD_gnutls_hash_deinit (td_md5, concat); | ||
166 | MHD_gnutls_hash_deinit (td_sha, &concat[16]); | ||
167 | |||
168 | dconcat.size = 36; | ||
169 | } | ||
170 | else | ||
171 | { | ||
172 | #if 1 | ||
173 | /* Use NULL parameters. */ | ||
174 | memcpy (concat, | ||
175 | "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14", | ||
176 | 15); | ||
177 | MHD_gnutls_hash_deinit (td_sha, &concat[15]); | ||
178 | dconcat.size = 35; | ||
179 | #else | ||
180 | /* No parameters field. */ | ||
181 | memcpy (concat, | ||
182 | "\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14", 13); | ||
183 | MHD_gnutls_hash_deinit (td_sha, &concat[13]); | ||
184 | dconcat.size = 33; | ||
185 | #endif | ||
186 | } | ||
187 | dconcat.data = concat; | ||
188 | break; | ||
189 | default: | ||
190 | MHD_gnutls_assert (); | ||
191 | MHD_gnutls_hash_deinit (td_sha, NULL); | ||
192 | return GNUTLS_E_INTERNAL_ERROR; | ||
193 | } | ||
194 | ret = MHD__gnutls_tls_sign (session, cert, pkey, &dconcat, signature); | ||
195 | if (ret < 0) | ||
196 | { | ||
197 | MHD_gnutls_assert (); | ||
198 | } | ||
199 | |||
200 | return ret; | ||
201 | |||
202 | } | ||
203 | |||
204 | /* This will create a PKCS1 or DSA signature, using the given parameters, and the | ||
205 | * given data. The output will be allocated and be put in signature. | ||
206 | */ | ||
207 | static int | ||
208 | MHD_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, | ||
209 | mpi_t * params, | ||
210 | int params_size, | ||
211 | const MHD_gnutls_datum_t * data, | ||
212 | MHD_gnutls_datum_t * signature) | ||
213 | { | ||
214 | int ret; | ||
215 | |||
216 | switch (algo) | ||
217 | { | ||
218 | case MHD_GNUTLS_PK_RSA: | ||
219 | /* encrypt */ | ||
220 | if ((ret = | ||
221 | MHD_gtls_pkcs1_rsa_encrypt (signature, data, params, params_size, | ||
222 | 1)) < 0) | ||
223 | { | ||
224 | MHD_gnutls_assert (); | ||
225 | return ret; | ||
226 | } | ||
227 | |||
228 | break; | ||
229 | default: | ||
230 | MHD_gnutls_assert (); | ||
231 | return GNUTLS_E_INTERNAL_ERROR; | ||
232 | break; | ||
233 | } | ||
234 | |||
235 | return 0; | ||
236 | } | ||
237 | |||
238 | /* This will create a PKCS1 or DSA signature, as defined in the TLS protocol. | ||
239 | * Cert is the certificate of the corresponding private key. It is only checked if | ||
240 | * it supports signing. | ||
241 | */ | ||
242 | static int | ||
243 | MHD__gnutls_tls_sign (MHD_gtls_session_t session, | ||
244 | MHD_gnutls_cert * cert, | ||
245 | MHD_gnutls_privkey * pkey, | ||
246 | const MHD_gnutls_datum_t * hash_concat, | ||
247 | MHD_gnutls_datum_t * signature) | ||
248 | { | ||
249 | |||
250 | /* If our certificate supports signing | ||
251 | */ | ||
252 | |||
253 | if (cert != NULL) | ||
254 | if (cert->key_usage != 0) | ||
255 | if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE)) | ||
256 | { | ||
257 | MHD_gnutls_assert (); | ||
258 | return GNUTLS_E_KEY_USAGE_VIOLATION; | ||
259 | } | ||
260 | |||
261 | /* External signing. */ | ||
262 | if (!pkey || pkey->params_size == 0) | ||
263 | { | ||
264 | if (!session->internals.sign_func) | ||
265 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
266 | |||
267 | return (*session->internals.sign_func) (session, | ||
268 | session->internals. | ||
269 | sign_func_userdata, | ||
270 | cert->cert_type, &cert->raw, | ||
271 | hash_concat, signature); | ||
272 | } | ||
273 | |||
274 | return MHD_gtls_sign (pkey->pk_algorithm, pkey->params, pkey->params_size, | ||
275 | hash_concat, signature); | ||
276 | } | ||
277 | |||
278 | static int | ||
279 | MHD__gnutls_verify_sig (MHD_gnutls_cert * cert, | ||
280 | const MHD_gnutls_datum_t * hash_concat, | ||
281 | MHD_gnutls_datum_t * signature, size_t sha1pos) | ||
282 | { | ||
283 | int ret; | ||
284 | MHD_gnutls_datum_t vdata; | ||
285 | |||
286 | if ((cert == NULL) || (cert->version == 0)) | ||
287 | { /* this is the only way to check | ||
288 | * if it is initialized | ||
289 | */ | ||
290 | MHD_gnutls_assert (); | ||
291 | return GNUTLS_E_CERTIFICATE_ERROR; | ||
292 | } | ||
293 | |||
294 | /* If the certificate supports signing continue. | ||
295 | */ | ||
296 | if (cert != NULL) | ||
297 | if (cert->key_usage != 0) | ||
298 | if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE)) | ||
299 | { | ||
300 | MHD_gnutls_assert (); | ||
301 | return GNUTLS_E_KEY_USAGE_VIOLATION; | ||
302 | } | ||
303 | |||
304 | switch (cert->subject_pk_algorithm) | ||
305 | { | ||
306 | case MHD_GNUTLS_PK_RSA: | ||
307 | |||
308 | vdata.data = hash_concat->data; | ||
309 | vdata.size = hash_concat->size; | ||
310 | |||
311 | /* verify signature */ | ||
312 | if ((ret = MHD_gtls_rsa_verify (&vdata, signature, cert->params, | ||
313 | cert->params_size, 1)) < 0) | ||
314 | { | ||
315 | MHD_gnutls_assert (); | ||
316 | return ret; | ||
317 | } | ||
318 | |||
319 | break; | ||
320 | default: | ||
321 | MHD_gnutls_assert (); | ||
322 | return GNUTLS_E_INTERNAL_ERROR; | ||
323 | } | ||
324 | |||
325 | return 0; | ||
326 | } | ||
327 | |||
328 | /* Verifies a TLS signature (like the one in the client certificate | ||
329 | * verify message). | ||
330 | */ | ||
331 | int | ||
332 | MHD_gtls_verify_sig_hdata (MHD_gtls_session_t session, | ||
333 | MHD_gnutls_cert * cert, | ||
334 | MHD_gnutls_datum_t * signature) | ||
335 | { | ||
336 | int ret; | ||
337 | opaque concat[36]; | ||
338 | mac_hd_t td_md5; | ||
339 | mac_hd_t td_sha; | ||
340 | MHD_gnutls_datum_t dconcat; | ||
341 | enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session); | ||
342 | |||
343 | td_md5 = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_md5); | ||
344 | if (td_md5 == NULL) | ||
345 | { | ||
346 | MHD_gnutls_assert (); | ||
347 | return GNUTLS_E_HASH_FAILED; | ||
348 | } | ||
349 | |||
350 | td_sha = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_sha); | ||
351 | if (td_sha == NULL) | ||
352 | { | ||
353 | MHD_gnutls_assert (); | ||
354 | MHD_gnutls_hash_deinit (td_md5, NULL); | ||
355 | return GNUTLS_E_HASH_FAILED; | ||
356 | } | ||
357 | |||
358 | if (ver == MHD_GNUTLS_PROTOCOL_SSL3) | ||
359 | { | ||
360 | ret = MHD_gtls_generate_master (session, 1); | ||
361 | if (ret < 0) | ||
362 | { | ||
363 | MHD_gnutls_assert (); | ||
364 | return ret; | ||
365 | } | ||
366 | |||
367 | MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, | ||
368 | session->security_parameters. | ||
369 | master_secret, TLS_MASTER_SIZE); | ||
370 | MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], | ||
371 | session->security_parameters. | ||
372 | master_secret, TLS_MASTER_SIZE); | ||
373 | } | ||
374 | else | ||
375 | { | ||
376 | MHD_gnutls_hash_deinit (td_md5, concat); | ||
377 | MHD_gnutls_hash_deinit (td_sha, &concat[16]); | ||
378 | } | ||
379 | |||
380 | dconcat.data = concat; | ||
381 | dconcat.size = 20 + 16; /* md5+ sha */ | ||
382 | |||
383 | ret = MHD__gnutls_verify_sig (cert, &dconcat, signature, 16); | ||
384 | if (ret < 0) | ||
385 | { | ||
386 | MHD_gnutls_assert (); | ||
387 | return ret; | ||
388 | } | ||
389 | |||
390 | return ret; | ||
391 | |||
392 | } | ||
393 | |||
394 | /* Generates a signature of all the random data and the parameters. | ||
395 | * Used in DHE_* ciphersuites. | ||
396 | */ | ||
397 | int | ||
398 | MHD_gtls_verify_sig_params (MHD_gtls_session_t session, | ||
399 | MHD_gnutls_cert * cert, | ||
400 | const MHD_gnutls_datum_t * params, | ||
401 | MHD_gnutls_datum_t * signature) | ||
402 | { | ||
403 | MHD_gnutls_datum_t dconcat; | ||
404 | int ret; | ||
405 | mac_hd_t td_md5 = NULL; | ||
406 | mac_hd_t td_sha; | ||
407 | opaque concat[36]; | ||
408 | enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session); | ||
409 | |||
410 | if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) | ||
411 | { | ||
412 | td_md5 = MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5); | ||
413 | if (td_md5 == NULL) | ||
414 | { | ||
415 | MHD_gnutls_assert (); | ||
416 | return GNUTLS_E_HASH_FAILED; | ||
417 | } | ||
418 | |||
419 | MHD_gnutls_hash (td_md5, session->security_parameters.client_random, | ||
420 | TLS_RANDOM_SIZE); | ||
421 | MHD_gnutls_hash (td_md5, session->security_parameters.server_random, | ||
422 | TLS_RANDOM_SIZE); | ||
423 | MHD_gnutls_hash (td_md5, params->data, params->size); | ||
424 | } | ||
425 | |||
426 | td_sha = MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1); | ||
427 | if (td_sha == NULL) | ||
428 | { | ||
429 | MHD_gnutls_assert (); | ||
430 | if (td_md5) | ||
431 | MHD_gnutls_hash_deinit (td_md5, NULL); | ||
432 | return GNUTLS_E_HASH_FAILED; | ||
433 | } | ||
434 | |||
435 | MHD_gnutls_hash (td_sha, session->security_parameters.client_random, | ||
436 | TLS_RANDOM_SIZE); | ||
437 | MHD_gnutls_hash (td_sha, session->security_parameters.server_random, | ||
438 | TLS_RANDOM_SIZE); | ||
439 | MHD_gnutls_hash (td_sha, params->data, params->size); | ||
440 | |||
441 | if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) | ||
442 | { | ||
443 | MHD_gnutls_hash_deinit (td_md5, concat); | ||
444 | MHD_gnutls_hash_deinit (td_sha, &concat[16]); | ||
445 | dconcat.size = 36; | ||
446 | } | ||
447 | else | ||
448 | { | ||
449 | #if 1 | ||
450 | /* Use NULL parameters. */ | ||
451 | memcpy (concat, | ||
452 | "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14", | ||
453 | 15); | ||
454 | MHD_gnutls_hash_deinit (td_sha, &concat[15]); | ||
455 | dconcat.size = 35; | ||
456 | #else | ||
457 | /* No parameters field. */ | ||
458 | memcpy (concat, | ||
459 | "\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14", 13); | ||
460 | MHD_gnutls_hash_deinit (td_sha, &concat[13]); | ||
461 | dconcat.size = 33; | ||
462 | #endif | ||
463 | } | ||
464 | |||
465 | dconcat.data = concat; | ||
466 | |||
467 | ret = MHD__gnutls_verify_sig (cert, &dconcat, signature, dconcat.size - 20); | ||
468 | if (ret < 0) | ||
469 | { | ||
470 | MHD_gnutls_assert (); | ||
471 | return ret; | ||
472 | } | ||
473 | |||
474 | return ret; | ||
475 | |||
476 | } | ||
diff --git a/src/daemon/https/tls/gnutls_sig.h b/src/daemon/https/tls/gnutls_sig.h deleted file mode 100644 index 020ef489..00000000 --- a/src/daemon/https/tls/gnutls_sig.h +++ /dev/null | |||
@@ -1,49 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef GNUTLS_SIG_H | ||
26 | # define GNUTLS_SIG_H | ||
27 | |||
28 | int MHD_gtls_tls_sign_hdata (MHD_gtls_session_t session, | ||
29 | MHD_gnutls_cert * cert, | ||
30 | MHD_gnutls_privkey * pkey, | ||
31 | MHD_gnutls_datum_t * signature); | ||
32 | |||
33 | int MHD_gtls_tls_sign_params (MHD_gtls_session_t session, | ||
34 | MHD_gnutls_cert * cert, | ||
35 | MHD_gnutls_privkey * pkey, | ||
36 | MHD_gnutls_datum_t * params, | ||
37 | MHD_gnutls_datum_t * signature); | ||
38 | |||
39 | int MHD_gtls_verify_sig_hdata (MHD_gtls_session_t session, | ||
40 | MHD_gnutls_cert * cert, | ||
41 | MHD_gnutls_datum_t * signature); | ||
42 | |||
43 | int MHD_gtls_verify_sig_params (MHD_gtls_session_t session, | ||
44 | MHD_gnutls_cert * cert, | ||
45 | const MHD_gnutls_datum_t * params, | ||
46 | MHD_gnutls_datum_t * signature); | ||
47 | |||
48 | |||
49 | #endif | ||
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c deleted file mode 100644 index 01f51abc..00000000 --- a/src/daemon/https/tls/gnutls_state.c +++ /dev/null | |||
@@ -1,804 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* Functions to manipulate the session (MHD_gnutls_int.h), and some other stuff | ||
26 | * are included here. The file's name is traditionally MHD_gnutls_state even if the | ||
27 | * state has been renamed to session. | ||
28 | */ | ||
29 | |||
30 | #include <gnutls_int.h> | ||
31 | #include <gnutls_errors.h> | ||
32 | #include <gnutls_auth_int.h> | ||
33 | #include <gnutls_num.h> | ||
34 | #include <gnutls_datum.h> | ||
35 | #include <gnutls_record.h> | ||
36 | #include <gnutls_handshake.h> | ||
37 | #include <gnutls_dh.h> | ||
38 | #include <gnutls_buffers.h> | ||
39 | #include <gnutls_state.h> | ||
40 | #include <auth_cert.h> | ||
41 | #include <gnutls_algorithms.h> | ||
42 | #include <gnutls_rsa_export.h> | ||
43 | |||
44 | void | ||
45 | MHD__gnutls_session_cert_type_set (MHD_gtls_session_t session, | ||
46 | enum MHD_GNUTLS_CertificateType ct) | ||
47 | { | ||
48 | session->security_parameters.cert_type = ct; | ||
49 | } | ||
50 | |||
51 | /** | ||
52 | * MHD_gnutls_cipher_get - Returns the currently used cipher. | ||
53 | * @session: is a #MHD_gtls_session_t structure. | ||
54 | * | ||
55 | * Returns: the currently used cipher. | ||
56 | **/ | ||
57 | enum MHD_GNUTLS_CipherAlgorithm | ||
58 | MHD_gnutls_cipher_get (MHD_gtls_session_t session) | ||
59 | { | ||
60 | return session->security_parameters.read_bulk_cipher_algorithm; | ||
61 | } | ||
62 | |||
63 | /** | ||
64 | * MHD_gnutls_certificate_type_get - Returns the currently used certificate type. | ||
65 | * @session: is a #MHD_gtls_session_t structure. | ||
66 | * | ||
67 | * The certificate type is by default X.509, unless it is negotiated | ||
68 | * as a TLS extension. | ||
69 | * | ||
70 | * Returns: the currently used %enum MHD_GNUTLS_CertificateType certificate | ||
71 | * type. | ||
72 | **/ | ||
73 | enum MHD_GNUTLS_CertificateType | ||
74 | MHD_gnutls_certificate_type_get (MHD_gtls_session_t session) | ||
75 | { | ||
76 | return session->security_parameters.cert_type; | ||
77 | } | ||
78 | |||
79 | /** | ||
80 | * MHD_gnutls_kx_get - Returns the key exchange algorithm. | ||
81 | * @session: is a #MHD_gtls_session_t structure. | ||
82 | * | ||
83 | * Returns: the key exchange algorithm used in the last handshake. | ||
84 | **/ | ||
85 | enum MHD_GNUTLS_KeyExchangeAlgorithm | ||
86 | MHD_gnutls_kx_get (MHD_gtls_session_t session) | ||
87 | { | ||
88 | return session->security_parameters.kx_algorithm; | ||
89 | } | ||
90 | |||
91 | /* Check if the given certificate type is supported. | ||
92 | * This means that it is enabled by the priority functions, | ||
93 | * and a matching certificate exists. | ||
94 | */ | ||
95 | int | ||
96 | MHD_gtls_session_cert_type_supported (MHD_gtls_session_t session, | ||
97 | enum MHD_GNUTLS_CertificateType | ||
98 | cert_type) | ||
99 | { | ||
100 | unsigned i; | ||
101 | unsigned cert_found = 0; | ||
102 | MHD_gtls_cert_credentials_t cred; | ||
103 | |||
104 | if (session->security_parameters.entity == GNUTLS_SERVER) | ||
105 | { | ||
106 | cred | ||
107 | = (MHD_gtls_cert_credentials_t) MHD_gtls_get_cred (session->key, | ||
108 | MHD_GNUTLS_CRD_CERTIFICATE, | ||
109 | NULL); | ||
110 | |||
111 | if (cred == NULL) | ||
112 | return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; | ||
113 | |||
114 | if (cred->server_get_cert_callback == NULL) | ||
115 | { | ||
116 | for (i = 0; i < cred->ncerts; i++) | ||
117 | { | ||
118 | if (cred->cert_list[i][0].cert_type == cert_type) | ||
119 | { | ||
120 | cert_found = 1; | ||
121 | break; | ||
122 | } | ||
123 | } | ||
124 | |||
125 | if (cert_found == 0) | ||
126 | /* no certificate is of that type. | ||
127 | */ | ||
128 | return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; | ||
129 | } | ||
130 | } | ||
131 | |||
132 | if (session->internals.priorities.cert_type.num_algorithms == 0 && cert_type | ||
133 | == DEFAULT_CERT_TYPE) | ||
134 | return 0; | ||
135 | |||
136 | for (i = 0; i < session->internals.priorities.cert_type.num_algorithms; i++) | ||
137 | { | ||
138 | if (session->internals.priorities.cert_type.priority[i] == cert_type) | ||
139 | { | ||
140 | return 0; /* ok */ | ||
141 | } | ||
142 | } | ||
143 | |||
144 | return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; | ||
145 | } | ||
146 | |||
147 | /* this function deinitializes all the internal parameters stored | ||
148 | * in a session struct. | ||
149 | */ | ||
150 | inline static void | ||
151 | deinit_internal_params (MHD_gtls_session_t session) | ||
152 | { | ||
153 | if (session->internals.params.free_dh_params) | ||
154 | MHD__gnutls_dh_params_deinit (session->internals.params.dh_params); | ||
155 | |||
156 | if (session->internals.params.free_rsa_params) | ||
157 | MHD__gnutls_rsa_params_deinit (session->internals.params.rsa_params); | ||
158 | |||
159 | memset (&session->internals.params, 0, sizeof (session->internals.params)); | ||
160 | } | ||
161 | |||
162 | /* This function will clear all the variables in internals | ||
163 | * structure within the session, which depend on the current handshake. | ||
164 | * This is used to allow further handshakes. | ||
165 | */ | ||
166 | void | ||
167 | MHD_gtls_handshake_internal_state_clear (MHD_gtls_session_t session) | ||
168 | { | ||
169 | session->internals.extensions_sent_size = 0; | ||
170 | |||
171 | /* by default no selected certificate */ | ||
172 | session->internals.proposed_record_size = DEFAULT_MAX_RECORD_SIZE; | ||
173 | session->internals.adv_version_major = 0; | ||
174 | session->internals.adv_version_minor = 0; | ||
175 | session->internals.v2_hello = 0; | ||
176 | memset (&session->internals.handshake_header_buffer, 0, | ||
177 | sizeof (MHD_gtls_handshake_header_buffer_st)); | ||
178 | session->internals.adv_version_minor = 0; | ||
179 | session->internals.adv_version_minor = 0; | ||
180 | session->internals.direction = 0; | ||
181 | |||
182 | /* use out of band data for the last | ||
183 | * handshake messages received. | ||
184 | */ | ||
185 | session->internals.last_handshake_in = -1; | ||
186 | session->internals.last_handshake_out = -1; | ||
187 | |||
188 | session->internals.resumable = RESUME_TRUE; | ||
189 | MHD__gnutls_free_datum (&session->internals.recv_buffer); | ||
190 | |||
191 | deinit_internal_params (session); | ||
192 | |||
193 | } | ||
194 | |||
195 | #define MIN_DH_BITS 727 | ||
196 | /** | ||
197 | * MHD__gnutls_init - This function initializes the session to null (null encryption etc...). | ||
198 | * @con_end: indicate if this session is to be used for server or client. | ||
199 | * @session: is a pointer to a #MHD_gtls_session_t structure. | ||
200 | * | ||
201 | * This function initializes the current session to null. Every | ||
202 | * session must be initialized before use, so internal structures can | ||
203 | * be allocated. This function allocates structures which can only | ||
204 | * be free'd by calling MHD__gnutls_deinit(). Returns zero on success. | ||
205 | * | ||
206 | * @con_end can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER. | ||
207 | * | ||
208 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code. | ||
209 | **/ | ||
210 | |||
211 | /* TODO rm redundent pointer ref */ | ||
212 | int | ||
213 | MHD__gnutls_init (MHD_gtls_session_t * session, | ||
214 | MHD_gnutls_connection_end_t con_end) | ||
215 | { | ||
216 | *session = MHD_gnutls_calloc (1, sizeof (struct MHD_gtls_session_int)); | ||
217 | if (*session == NULL) | ||
218 | return GNUTLS_E_MEMORY_ERROR; | ||
219 | |||
220 | (*session)->security_parameters.entity = con_end; | ||
221 | |||
222 | /* the default certificate type for TLS */ | ||
223 | (*session)->security_parameters.cert_type = DEFAULT_CERT_TYPE; | ||
224 | |||
225 | /* Set the defaults for initial handshake */ | ||
226 | (*session)->security_parameters.read_bulk_cipher_algorithm = | ||
227 | (*session)->security_parameters.write_bulk_cipher_algorithm = | ||
228 | MHD_GNUTLS_CIPHER_NULL; | ||
229 | |||
230 | (*session)->security_parameters.read_mac_algorithm = | ||
231 | (*session)->security_parameters.write_mac_algorithm = MHD_GNUTLS_MAC_NULL; | ||
232 | |||
233 | /* Initialize buffers */ | ||
234 | MHD_gtls_buffer_init (&(*session)->internals.application_data_buffer); | ||
235 | MHD_gtls_buffer_init (&(*session)->internals.handshake_data_buffer); | ||
236 | MHD_gtls_buffer_init (&(*session)->internals.handshake_hash_buffer); | ||
237 | MHD_gtls_buffer_init (&(*session)->internals.ia_data_buffer); | ||
238 | |||
239 | MHD_gtls_buffer_init (&(*session)->internals.record_send_buffer); | ||
240 | MHD_gtls_buffer_init (&(*session)->internals.record_recv_buffer); | ||
241 | |||
242 | MHD_gtls_buffer_init (&(*session)->internals.handshake_send_buffer); | ||
243 | MHD_gtls_buffer_init (&(*session)->internals.handshake_recv_buffer); | ||
244 | |||
245 | (*session)->key = MHD_gnutls_calloc (1, sizeof (struct MHD_gtls_key)); | ||
246 | if ((*session)->key == NULL) | ||
247 | { | ||
248 | cleanup_session:MHD_gnutls_free (*session); | ||
249 | *session = NULL; | ||
250 | return GNUTLS_E_MEMORY_ERROR; | ||
251 | } | ||
252 | |||
253 | (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */ | ||
254 | |||
255 | MHD__gnutls_dh_set_prime_bits ((*session), MIN_DH_BITS); | ||
256 | |||
257 | MHD__gnutls_transport_set_lowat ((*session), DEFAULT_LOWAT); /* the default for tcp */ | ||
258 | |||
259 | MHD__gnutls_handshake_set_max_packet_length ((*session), | ||
260 | MAX_HANDSHAKE_PACKET_SIZE); | ||
261 | |||
262 | /* Allocate a minimum size for recv_data | ||
263 | * This is allocated in order to avoid small messages, making | ||
264 | * the receive procedure slow. | ||
265 | */ | ||
266 | (*session)->internals.record_recv_buffer.data | ||
267 | = MHD_gnutls_malloc (INITIAL_RECV_BUFFER_SIZE); | ||
268 | if ((*session)->internals.record_recv_buffer.data == NULL) | ||
269 | { | ||
270 | MHD_gnutls_free ((*session)->key); | ||
271 | goto cleanup_session; | ||
272 | } | ||
273 | |||
274 | /* set the socket pointers to -1; */ | ||
275 | (*session)->internals.transport_recv_ptr = (MHD_gnutls_transport_ptr_t) - 1; | ||
276 | (*session)->internals.transport_send_ptr = (MHD_gnutls_transport_ptr_t) - 1; | ||
277 | |||
278 | /* set the default maximum record size for TLS | ||
279 | */ | ||
280 | (*session)->security_parameters.max_record_recv_size | ||
281 | = DEFAULT_MAX_RECORD_SIZE; | ||
282 | (*session)->security_parameters.max_record_send_size | ||
283 | = DEFAULT_MAX_RECORD_SIZE; | ||
284 | |||
285 | /* everything else not initialized here is initialized | ||
286 | * as NULL or 0. This is why calloc is used. | ||
287 | */ | ||
288 | |||
289 | MHD_gtls_handshake_internal_state_clear (*session); | ||
290 | |||
291 | return 0; | ||
292 | } | ||
293 | |||
294 | |||
295 | /** | ||
296 | * MHD__gnutls_deinit - This function clears all buffers associated with a session | ||
297 | * @session: is a #MHD_gtls_session_t structure. | ||
298 | * | ||
299 | * This function clears all buffers associated with the @session. | ||
300 | * This function will also remove session data from the session | ||
301 | * database if the session was terminated abnormally. | ||
302 | **/ | ||
303 | void | ||
304 | MHD__gnutls_deinit (MHD_gtls_session_t session) | ||
305 | { | ||
306 | |||
307 | if (session == NULL) | ||
308 | return; | ||
309 | |||
310 | /* remove auth info firstly */ | ||
311 | MHD_gtls_free_auth_info (session); | ||
312 | |||
313 | MHD_gtls_handshake_internal_state_clear (session); | ||
314 | MHD__gnutls_handshake_io_buffer_clear (session); | ||
315 | |||
316 | MHD__gnutls_free_datum (&session->connection_state.read_mac_secret); | ||
317 | MHD__gnutls_free_datum (&session->connection_state.write_mac_secret); | ||
318 | |||
319 | MHD_gtls_buffer_clear (&session->internals.ia_data_buffer); | ||
320 | MHD_gtls_buffer_clear (&session->internals.handshake_hash_buffer); | ||
321 | MHD_gtls_buffer_clear (&session->internals.handshake_data_buffer); | ||
322 | MHD_gtls_buffer_clear (&session->internals.application_data_buffer); | ||
323 | MHD_gtls_buffer_clear (&session->internals.record_recv_buffer); | ||
324 | MHD_gtls_buffer_clear (&session->internals.record_send_buffer); | ||
325 | |||
326 | MHD__gnutls_credentials_clear (session); | ||
327 | MHD_gtls_selected_certs_deinit (session); | ||
328 | |||
329 | if (session->connection_state.read_cipher_state != NULL) | ||
330 | MHD_gnutls_cipher_deinit (session->connection_state.read_cipher_state); | ||
331 | if (session->connection_state.write_cipher_state != NULL) | ||
332 | MHD_gnutls_cipher_deinit (session->connection_state.write_cipher_state); | ||
333 | |||
334 | MHD__gnutls_free_datum (&session->cipher_specs.server_write_mac_secret); | ||
335 | MHD__gnutls_free_datum (&session->cipher_specs.client_write_mac_secret); | ||
336 | MHD__gnutls_free_datum (&session->cipher_specs.server_write_IV); | ||
337 | MHD__gnutls_free_datum (&session->cipher_specs.client_write_IV); | ||
338 | MHD__gnutls_free_datum (&session->cipher_specs.server_write_key); | ||
339 | MHD__gnutls_free_datum (&session->cipher_specs.client_write_key); | ||
340 | |||
341 | if (session->key != NULL) | ||
342 | { | ||
343 | MHD_gtls_mpi_release (&session->key->KEY); | ||
344 | MHD_gtls_mpi_release (&session->key->client_Y); | ||
345 | MHD_gtls_mpi_release (&session->key->client_p); | ||
346 | MHD_gtls_mpi_release (&session->key->client_g); | ||
347 | |||
348 | MHD_gtls_mpi_release (&session->key->u); | ||
349 | MHD_gtls_mpi_release (&session->key->a); | ||
350 | MHD_gtls_mpi_release (&session->key->x); | ||
351 | MHD_gtls_mpi_release (&session->key->A); | ||
352 | MHD_gtls_mpi_release (&session->key->B); | ||
353 | MHD_gtls_mpi_release (&session->key->b); | ||
354 | |||
355 | /* RSA */ | ||
356 | MHD_gtls_mpi_release (&session->key->rsa[0]); | ||
357 | MHD_gtls_mpi_release (&session->key->rsa[1]); | ||
358 | |||
359 | MHD_gtls_mpi_release (&session->key->dh_secret); | ||
360 | MHD_gnutls_free (session->key); | ||
361 | |||
362 | session->key = NULL; | ||
363 | } | ||
364 | |||
365 | memset (session, 0, sizeof (struct MHD_gtls_session_int)); | ||
366 | MHD_gnutls_free (session); | ||
367 | } | ||
368 | |||
369 | /* Returns the minimum prime bits that are acceptable. | ||
370 | */ | ||
371 | int | ||
372 | MHD_gtls_dh_get_allowed_prime_bits (MHD_gtls_session_t session) | ||
373 | { | ||
374 | return session->internals.dh_prime_bits; | ||
375 | } | ||
376 | |||
377 | int | ||
378 | MHD_gtls_dh_set_peer_public (MHD_gtls_session_t session, mpi_t public) | ||
379 | { | ||
380 | MHD_gtls_dh_info_st *dh; | ||
381 | int ret; | ||
382 | |||
383 | switch (MHD_gtls_auth_get_type (session)) | ||
384 | { | ||
385 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
386 | { | ||
387 | cert_auth_info_t info; | ||
388 | |||
389 | info = MHD_gtls_get_auth_info (session); | ||
390 | if (info == NULL) | ||
391 | return GNUTLS_E_INTERNAL_ERROR; | ||
392 | |||
393 | dh = &info->dh; | ||
394 | break; | ||
395 | } | ||
396 | default: | ||
397 | MHD_gnutls_assert (); | ||
398 | return GNUTLS_E_INTERNAL_ERROR; | ||
399 | } | ||
400 | |||
401 | ret = MHD_gtls_mpi_dprint_lz (&dh->public_key, public); | ||
402 | if (ret < 0) | ||
403 | { | ||
404 | MHD_gnutls_assert (); | ||
405 | return ret; | ||
406 | } | ||
407 | |||
408 | return 0; | ||
409 | } | ||
410 | |||
411 | int | ||
412 | MHD_gtls_dh_set_secret_bits (MHD_gtls_session_t session, unsigned bits) | ||
413 | { | ||
414 | switch (MHD_gtls_auth_get_type (session)) | ||
415 | { | ||
416 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
417 | { | ||
418 | cert_auth_info_t info; | ||
419 | |||
420 | info = MHD_gtls_get_auth_info (session); | ||
421 | if (info == NULL) | ||
422 | return GNUTLS_E_INTERNAL_ERROR; | ||
423 | |||
424 | info->dh.secret_bits = bits; | ||
425 | break; | ||
426 | default: | ||
427 | MHD_gnutls_assert (); | ||
428 | return GNUTLS_E_INTERNAL_ERROR; | ||
429 | } | ||
430 | } | ||
431 | |||
432 | return 0; | ||
433 | } | ||
434 | |||
435 | /* This function will set in the auth info structure the | ||
436 | * RSA exponent and the modulus. | ||
437 | */ | ||
438 | int | ||
439 | MHD_gtls_rsa_export_set_pubkey (MHD_gtls_session_t session, | ||
440 | mpi_t exponent, mpi_t modulus) | ||
441 | { | ||
442 | cert_auth_info_t info; | ||
443 | int ret; | ||
444 | |||
445 | info = MHD_gtls_get_auth_info (session); | ||
446 | if (info == NULL) | ||
447 | return GNUTLS_E_INTERNAL_ERROR; | ||
448 | |||
449 | ret = MHD_gtls_mpi_dprint_lz (&info->rsa_export.modulus, modulus); | ||
450 | if (ret < 0) | ||
451 | { | ||
452 | MHD_gnutls_assert (); | ||
453 | return ret; | ||
454 | } | ||
455 | |||
456 | ret = MHD_gtls_mpi_dprint_lz (&info->rsa_export.exponent, exponent); | ||
457 | if (ret < 0) | ||
458 | { | ||
459 | MHD_gnutls_assert (); | ||
460 | MHD__gnutls_free_datum (&info->rsa_export.modulus); | ||
461 | return ret; | ||
462 | } | ||
463 | |||
464 | return 0; | ||
465 | } | ||
466 | |||
467 | /* Sets the prime and the generator in the auth info structure. | ||
468 | */ | ||
469 | int | ||
470 | MHD_gtls_dh_set_group (MHD_gtls_session_t session, mpi_t gen, mpi_t prime) | ||
471 | { | ||
472 | MHD_gtls_dh_info_st *dh; | ||
473 | int ret; | ||
474 | |||
475 | switch (MHD_gtls_auth_get_type (session)) | ||
476 | { | ||
477 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
478 | { | ||
479 | cert_auth_info_t info; | ||
480 | |||
481 | info = MHD_gtls_get_auth_info (session); | ||
482 | if (info == NULL) | ||
483 | return GNUTLS_E_INTERNAL_ERROR; | ||
484 | |||
485 | dh = &info->dh; | ||
486 | break; | ||
487 | } | ||
488 | default: | ||
489 | MHD_gnutls_assert (); | ||
490 | return GNUTLS_E_INTERNAL_ERROR; | ||
491 | } | ||
492 | |||
493 | /* prime | ||
494 | */ | ||
495 | ret = MHD_gtls_mpi_dprint_lz (&dh->prime, prime); | ||
496 | if (ret < 0) | ||
497 | { | ||
498 | MHD_gnutls_assert (); | ||
499 | return ret; | ||
500 | } | ||
501 | |||
502 | /* generator | ||
503 | */ | ||
504 | ret = MHD_gtls_mpi_dprint_lz (&dh->generator, gen); | ||
505 | if (ret < 0) | ||
506 | { | ||
507 | MHD_gnutls_assert (); | ||
508 | MHD__gnutls_free_datum (&dh->prime); | ||
509 | return ret; | ||
510 | } | ||
511 | |||
512 | return 0; | ||
513 | } | ||
514 | |||
515 | /** | ||
516 | * MHD__gnutls_certificate_send_x509_rdn_sequence - This function will order gnutls to send or not the x.509 rdn sequence | ||
517 | * @session: is a pointer to a #MHD_gtls_session_t structure. | ||
518 | * @status: is 0 or 1 | ||
519 | * | ||
520 | * If status is non zero, this function will order gnutls not to send | ||
521 | * the rdnSequence in the certificate request message. That is the | ||
522 | * server will not advertize it's trusted CAs to the peer. If status | ||
523 | * is zero then the default behaviour will take effect, which is to | ||
524 | * advertize the server's trusted CAs. | ||
525 | * | ||
526 | * This function has no effect in clients, and in authentication | ||
527 | * methods other than certificate with X.509 certificates. | ||
528 | **/ | ||
529 | void | ||
530 | MHD__gnutls_certificate_send_x509_rdn_sequence (MHD_gtls_session_t session, | ||
531 | int status) | ||
532 | { | ||
533 | session->internals.ignore_rdn_sequence = status; | ||
534 | } | ||
535 | |||
536 | /*- | ||
537 | * MHD__gnutls_record_set_default_version - Used to set the default version for the first record packet | ||
538 | * @session: is a #MHD_gtls_session_t structure. | ||
539 | * @major: is a tls major version | ||
540 | * @minor: is a tls minor version | ||
541 | * | ||
542 | * This function sets the default version that we will use in the first | ||
543 | * record packet (client hello). This function is only useful to people | ||
544 | * that know TLS internals and want to debug other implementations. | ||
545 | * | ||
546 | -*/ | ||
547 | void | ||
548 | MHD__gnutls_record_set_default_version (MHD_gtls_session_t session, | ||
549 | unsigned char major, | ||
550 | unsigned char minor) | ||
551 | { | ||
552 | session->internals.default_record_version[0] = major; | ||
553 | session->internals.default_record_version[1] = minor; | ||
554 | } | ||
555 | |||
556 | inline static int | ||
557 | MHD__gnutls_cal_PRF_A (enum MHD_GNUTLS_HashAlgorithm algorithm, | ||
558 | const void *secret, | ||
559 | int secret_size, | ||
560 | const void *seed, int seed_size, void *result) | ||
561 | { | ||
562 | mac_hd_t td1; | ||
563 | |||
564 | td1 = MHD_gtls_MHD_hmac_init (algorithm, secret, secret_size); | ||
565 | if (td1 == GNUTLS_MAC_FAILED) | ||
566 | { | ||
567 | MHD_gnutls_assert (); | ||
568 | return GNUTLS_E_INTERNAL_ERROR; | ||
569 | } | ||
570 | |||
571 | MHD_gnutls_hash (td1, seed, seed_size); | ||
572 | MHD_gnutls_MHD_hmac_deinit (td1, result); | ||
573 | |||
574 | return 0; | ||
575 | } | ||
576 | |||
577 | #define MAX_SEED_SIZE 200 | ||
578 | |||
579 | /* Produces "total_bytes" bytes using the hash algorithm specified. | ||
580 | * (used in the PRF function) | ||
581 | */ | ||
582 | static int | ||
583 | MHD__gnutls_P_hash (enum MHD_GNUTLS_HashAlgorithm algorithm, | ||
584 | const opaque * secret, | ||
585 | int secret_size, | ||
586 | const opaque * seed, | ||
587 | int seed_size, int total_bytes, opaque * ret) | ||
588 | { | ||
589 | |||
590 | mac_hd_t td2; | ||
591 | int i, times, how, blocksize, A_size; | ||
592 | opaque final[20], Atmp[MAX_SEED_SIZE]; | ||
593 | int output_bytes, result; | ||
594 | |||
595 | if (seed_size > MAX_SEED_SIZE || total_bytes <= 0) | ||
596 | { | ||
597 | MHD_gnutls_assert (); | ||
598 | return GNUTLS_E_INTERNAL_ERROR; | ||
599 | } | ||
600 | |||
601 | blocksize = MHD_gnutls_hash_get_algo_len (algorithm); | ||
602 | |||
603 | output_bytes = 0; | ||
604 | do | ||
605 | { | ||
606 | output_bytes += blocksize; | ||
607 | } | ||
608 | while (output_bytes < total_bytes); | ||
609 | |||
610 | /* calculate A(0) */ | ||
611 | |||
612 | memcpy (Atmp, seed, seed_size); | ||
613 | A_size = seed_size; | ||
614 | |||
615 | times = output_bytes / blocksize; | ||
616 | |||
617 | for (i = 0; i < times; i++) | ||
618 | { | ||
619 | td2 = MHD_gtls_MHD_hmac_init (algorithm, secret, secret_size); | ||
620 | if (td2 == GNUTLS_MAC_FAILED) | ||
621 | { | ||
622 | MHD_gnutls_assert (); | ||
623 | return GNUTLS_E_INTERNAL_ERROR; | ||
624 | } | ||
625 | |||
626 | /* here we calculate A(i+1) */ | ||
627 | if ((result = | ||
628 | MHD__gnutls_cal_PRF_A (algorithm, secret, secret_size, Atmp, | ||
629 | A_size, Atmp)) < 0) | ||
630 | { | ||
631 | MHD_gnutls_assert (); | ||
632 | MHD_gnutls_MHD_hmac_deinit (td2, final); | ||
633 | return result; | ||
634 | } | ||
635 | |||
636 | A_size = blocksize; | ||
637 | |||
638 | MHD_gnutls_hash (td2, Atmp, A_size); | ||
639 | MHD_gnutls_hash (td2, seed, seed_size); | ||
640 | MHD_gnutls_MHD_hmac_deinit (td2, final); | ||
641 | |||
642 | if ((1 + i) * blocksize < total_bytes) | ||
643 | { | ||
644 | how = blocksize; | ||
645 | } | ||
646 | else | ||
647 | { | ||
648 | how = total_bytes - (i) * blocksize; | ||
649 | } | ||
650 | |||
651 | if (how > 0) | ||
652 | { | ||
653 | memcpy (&ret[i * blocksize], final, how); | ||
654 | } | ||
655 | } | ||
656 | |||
657 | return 0; | ||
658 | } | ||
659 | |||
660 | /* Xor's two buffers and puts the output in the first one. | ||
661 | */ | ||
662 | inline static void | ||
663 | MHD__gnutls_xor (opaque * o1, opaque * o2, int length) | ||
664 | { | ||
665 | int i; | ||
666 | for (i = 0; i < length; i++) | ||
667 | { | ||
668 | o1[i] ^= o2[i]; | ||
669 | } | ||
670 | } | ||
671 | |||
672 | #define MAX_PRF_BYTES 200 | ||
673 | |||
674 | /* The PRF function expands a given secret | ||
675 | * needed by the TLS specification. ret must have a least total_bytes | ||
676 | * available. | ||
677 | */ | ||
678 | int | ||
679 | MHD_gtls_PRF (MHD_gtls_session_t session, | ||
680 | const opaque * secret, | ||
681 | int secret_size, | ||
682 | const char *label, | ||
683 | int label_size, | ||
684 | const opaque * seed, int seed_size, int total_bytes, void *ret) | ||
685 | { | ||
686 | int l_s, s_seed_size; | ||
687 | const opaque *s1, *s2; | ||
688 | opaque s_seed[MAX_SEED_SIZE]; | ||
689 | opaque o1[MAX_PRF_BYTES], o2[MAX_PRF_BYTES]; | ||
690 | int result; | ||
691 | enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session); | ||
692 | |||
693 | if (total_bytes > MAX_PRF_BYTES) | ||
694 | { | ||
695 | MHD_gnutls_assert (); | ||
696 | return GNUTLS_E_INTERNAL_ERROR; | ||
697 | } | ||
698 | /* label+seed = s_seed */ | ||
699 | s_seed_size = seed_size + label_size; | ||
700 | |||
701 | if (s_seed_size > MAX_SEED_SIZE) | ||
702 | { | ||
703 | MHD_gnutls_assert (); | ||
704 | return GNUTLS_E_INTERNAL_ERROR; | ||
705 | } | ||
706 | |||
707 | memcpy (s_seed, label, label_size); | ||
708 | memcpy (&s_seed[label_size], seed, seed_size); | ||
709 | |||
710 | if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_2) | ||
711 | { | ||
712 | result = | ||
713 | MHD__gnutls_P_hash (MHD_GNUTLS_MAC_SHA1, secret, secret_size, s_seed, | ||
714 | s_seed_size, total_bytes, ret); | ||
715 | if (result < 0) | ||
716 | { | ||
717 | MHD_gnutls_assert (); | ||
718 | return result; | ||
719 | } | ||
720 | } | ||
721 | else | ||
722 | { | ||
723 | l_s = secret_size / 2; | ||
724 | |||
725 | s1 = &secret[0]; | ||
726 | s2 = &secret[l_s]; | ||
727 | |||
728 | if (secret_size % 2 != 0) | ||
729 | { | ||
730 | l_s++; | ||
731 | } | ||
732 | |||
733 | result = | ||
734 | MHD__gnutls_P_hash (MHD_GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size, | ||
735 | total_bytes, o1); | ||
736 | if (result < 0) | ||
737 | { | ||
738 | MHD_gnutls_assert (); | ||
739 | return result; | ||
740 | } | ||
741 | |||
742 | result = | ||
743 | MHD__gnutls_P_hash (MHD_GNUTLS_MAC_SHA1, s2, l_s, s_seed, s_seed_size, | ||
744 | total_bytes, o2); | ||
745 | if (result < 0) | ||
746 | { | ||
747 | MHD_gnutls_assert (); | ||
748 | return result; | ||
749 | } | ||
750 | |||
751 | MHD__gnutls_xor (o1, o2, total_bytes); | ||
752 | |||
753 | memcpy (ret, o1, total_bytes); | ||
754 | } | ||
755 | |||
756 | return 0; /* ok */ | ||
757 | |||
758 | } | ||
759 | |||
760 | |||
761 | /*- | ||
762 | * MHD_gtls_session_is_export - Used to check whether this session is of export grade | ||
763 | * @session: is a #MHD_gtls_session_t structure. | ||
764 | * | ||
765 | * This function will return non zero if this session is of export grade. | ||
766 | * | ||
767 | -*/ | ||
768 | int | ||
769 | MHD_gtls_session_is_export (MHD_gtls_session_t session) | ||
770 | { | ||
771 | enum MHD_GNUTLS_CipherAlgorithm cipher; | ||
772 | |||
773 | cipher = | ||
774 | MHD_gtls_cipher_suite_get_cipher_algo (&session->security_parameters. | ||
775 | current_cipher_suite); | ||
776 | |||
777 | if (MHD_gtls_cipher_get_export_flag (cipher) != 0) | ||
778 | return 1; | ||
779 | |||
780 | return 0; | ||
781 | } | ||
782 | |||
783 | /** | ||
784 | * MHD__gnutls_record_get_direction - This function will return the direction of the last interrupted function call | ||
785 | * @session: is a #MHD_gtls_session_t structure. | ||
786 | * | ||
787 | * This function provides information about the internals of the | ||
788 | * record protocol and is only useful if a prior gnutls function call | ||
789 | * (e.g. MHD__gnutls_handshake()) was interrupted for some reason, that | ||
790 | * is, if a function returned %GNUTLS_E_INTERRUPTED or | ||
791 | * %GNUTLS_E_AGAIN. In such a case, you might want to call select() | ||
792 | * or poll() before calling the interrupted gnutls function again. | ||
793 | * To tell you whether a file descriptor should be selected for | ||
794 | * either reading or writing, MHD__gnutls_record_get_direction() returns 0 | ||
795 | * if the interrupted function was trying to read data, and 1 if it | ||
796 | * was trying to write data. | ||
797 | * | ||
798 | * Returns: 0 if trying to read data, 1 if trying to write data. | ||
799 | **/ | ||
800 | int | ||
801 | MHD__gnutls_record_get_direction (MHD_gtls_session_t session) | ||
802 | { | ||
803 | return session->internals.direction; | ||
804 | } | ||
diff --git a/src/daemon/https/tls/gnutls_state.h b/src/daemon/https/tls/gnutls_state.h deleted file mode 100644 index a6ff5892..00000000 --- a/src/daemon/https/tls/gnutls_state.h +++ /dev/null | |||
@@ -1,77 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef GNUTLS_STATE_H | ||
26 | # define GNUTLS_STATE_H | ||
27 | |||
28 | #include <gnutls_int.h> | ||
29 | |||
30 | void MHD__gnutls_session_cert_type_set (MHD_gtls_session_t session, | ||
31 | enum MHD_GNUTLS_CertificateType); | ||
32 | enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gnutls_kx_get (MHD_gtls_session_t | ||
33 | session); | ||
34 | enum MHD_GNUTLS_CipherAlgorithm MHD_gnutls_cipher_get (MHD_gtls_session_t | ||
35 | session); | ||
36 | enum MHD_GNUTLS_CertificateType | ||
37 | MHD_gnutls_certificate_type_get (MHD_gtls_session_t); | ||
38 | |||
39 | #include <gnutls_auth_int.h> | ||
40 | |||
41 | #define CHECK_AUTH(auth, ret) if (MHD_gtls_auth_get_type(session) != auth) { \ | ||
42 | MHD_gnutls_assert(); \ | ||
43 | return ret; \ | ||
44 | } | ||
45 | |||
46 | #endif | ||
47 | |||
48 | int MHD_gtls_session_cert_type_supported (MHD_gtls_session_t, | ||
49 | enum MHD_GNUTLS_CertificateType); | ||
50 | |||
51 | int MHD_gtls_dh_set_secret_bits (MHD_gtls_session_t session, unsigned bits); | ||
52 | |||
53 | int MHD_gtls_dh_set_peer_public (MHD_gtls_session_t session, mpi_t public); | ||
54 | int MHD_gtls_dh_set_group (MHD_gtls_session_t session, mpi_t gen, | ||
55 | mpi_t prime); | ||
56 | |||
57 | int MHD_gtls_dh_get_allowed_prime_bits (MHD_gtls_session_t session); | ||
58 | void MHD_gtls_handshake_internal_state_clear (MHD_gtls_session_t); | ||
59 | |||
60 | int MHD_gtls_rsa_export_set_pubkey (MHD_gtls_session_t session, | ||
61 | mpi_t exponent, mpi_t modulus); | ||
62 | |||
63 | int MHD_gtls_session_is_resumable (MHD_gtls_session_t session); | ||
64 | int MHD_gtls_session_is_export (MHD_gtls_session_t session); | ||
65 | |||
66 | int MHD_gtls_openpgp_send_fingerprint (MHD_gtls_session_t session); | ||
67 | |||
68 | int MHD_gtls_PRF (MHD_gtls_session_t session, | ||
69 | const opaque * secret, int secret_size, | ||
70 | const char *label, int label_size, | ||
71 | const opaque * seed, int seed_size, | ||
72 | int total_bytes, void *ret); | ||
73 | |||
74 | int MHD__gnutls_init (MHD_gtls_session_t * session, | ||
75 | MHD_gnutls_connection_end_t con_end); | ||
76 | |||
77 | #define DEFAULT_CERT_TYPE MHD_GNUTLS_CRT_X509 | ||
diff --git a/src/daemon/https/tls/gnutls_str.c b/src/daemon/https/tls/gnutls_str.c deleted file mode 100644 index c8f17c25..00000000 --- a/src/daemon/https/tls/gnutls_str.c +++ /dev/null | |||
@@ -1,157 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2002, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | #include <gnutls_errors.h> | ||
27 | #include <gnutls_num.h> | ||
28 | #include <gnutls_str.h> | ||
29 | |||
30 | /* These function are like strcat, strcpy. They only | ||
31 | * do bound checking (they shouldn't cause buffer overruns), | ||
32 | * and they always produce null terminated strings. | ||
33 | * | ||
34 | * They should be used only with null terminated strings. | ||
35 | */ | ||
36 | void | ||
37 | MHD_gtls_str_cat (char *dest, size_t dest_tot_size, const char *src) | ||
38 | { | ||
39 | size_t str_size = strlen (src); | ||
40 | size_t dest_size = strlen (dest); | ||
41 | |||
42 | if (dest_tot_size - dest_size > str_size) | ||
43 | { | ||
44 | strcat (dest, src); | ||
45 | } | ||
46 | else | ||
47 | { | ||
48 | if (dest_tot_size - dest_size > 0) | ||
49 | { | ||
50 | strncat (dest, src, (dest_tot_size - dest_size) - 1); | ||
51 | dest[dest_tot_size - 1] = 0; | ||
52 | } | ||
53 | } | ||
54 | } | ||
55 | |||
56 | void | ||
57 | MHD_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src) | ||
58 | { | ||
59 | size_t str_size = strlen (src); | ||
60 | |||
61 | if (dest_tot_size > str_size) | ||
62 | { | ||
63 | strcpy (dest, src); | ||
64 | } | ||
65 | else | ||
66 | { | ||
67 | if (dest_tot_size > 0) | ||
68 | { | ||
69 | strncpy (dest, src, (dest_tot_size) - 1); | ||
70 | dest[dest_tot_size - 1] = 0; | ||
71 | } | ||
72 | } | ||
73 | } | ||
74 | |||
75 | void | ||
76 | MHD_gtls_string_init (MHD_gtls_string * str, | ||
77 | MHD_gnutls_alloc_function alloc_func, | ||
78 | MHD_gnutls_realloc_function realloc_func, | ||
79 | MHD_gnutls_free_function free_func) | ||
80 | { | ||
81 | str->data = NULL; | ||
82 | str->max_length = 0; | ||
83 | str->length = 0; | ||
84 | |||
85 | str->alloc_func = alloc_func; | ||
86 | str->free_func = free_func; | ||
87 | str->realloc_func = realloc_func; | ||
88 | } | ||
89 | |||
90 | void | ||
91 | MHD_gtls_string_clear (MHD_gtls_string * str) | ||
92 | { | ||
93 | if (str == NULL || str->data == NULL) | ||
94 | return; | ||
95 | str->free_func (str->data); | ||
96 | |||
97 | str->data = NULL; | ||
98 | str->max_length = 0; | ||
99 | str->length = 0; | ||
100 | } | ||
101 | |||
102 | #define MIN_CHUNK 256 | ||
103 | |||
104 | |||
105 | int | ||
106 | MHD_gtls_string_append_data (MHD_gtls_string * dest, | ||
107 | const void *data, size_t data_size) | ||
108 | { | ||
109 | size_t tot_len = data_size + dest->length; | ||
110 | |||
111 | if (dest->max_length >= tot_len) | ||
112 | { | ||
113 | memcpy (&dest->data[dest->length], data, data_size); | ||
114 | dest->length = tot_len; | ||
115 | |||
116 | return tot_len; | ||
117 | } | ||
118 | else | ||
119 | { | ||
120 | size_t new_len = | ||
121 | MAX (data_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK); | ||
122 | dest->data = dest->realloc_func (dest->data, new_len); | ||
123 | if (dest->data == NULL) | ||
124 | { | ||
125 | MHD_gnutls_assert (); | ||
126 | return GNUTLS_E_MEMORY_ERROR; | ||
127 | } | ||
128 | dest->max_length = new_len; | ||
129 | |||
130 | memcpy (&dest->data[dest->length], data, data_size); | ||
131 | dest->length = tot_len; | ||
132 | |||
133 | return tot_len; | ||
134 | } | ||
135 | } | ||
136 | |||
137 | /* Converts the given string (old) to hex. A buffer must be provided | ||
138 | * to hold the new hex string. The new string will be null terminated. | ||
139 | * If the buffer does not have enough space to hold the string, a | ||
140 | * truncated hex string is returned (always null terminated). | ||
141 | */ | ||
142 | char * | ||
143 | MHD_gtls_bin2hex (const void *_old, | ||
144 | size_t oldlen, char *buffer, size_t buffer_size) | ||
145 | { | ||
146 | unsigned int i, j; | ||
147 | const opaque *old = _old; | ||
148 | |||
149 | for (i = j = 0; i < oldlen && j + 2 < buffer_size; j += 2) | ||
150 | { | ||
151 | sprintf (&buffer[j], "%.2x", old[i]); | ||
152 | i++; | ||
153 | } | ||
154 | buffer[j] = '\0'; | ||
155 | |||
156 | return buffer; | ||
157 | } | ||
diff --git a/src/daemon/https/tls/gnutls_str.h b/src/daemon/https/tls/gnutls_str.h deleted file mode 100644 index 51ed1bd1..00000000 --- a/src/daemon/https/tls/gnutls_str.h +++ /dev/null | |||
@@ -1,53 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef GNUTLS_STR_H | ||
26 | #define GNUTLS_STR_H | ||
27 | |||
28 | #include <gnutls_int.h> | ||
29 | |||
30 | void MHD_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src); | ||
31 | void MHD_gtls_str_cat (char *dest, size_t dest_tot_size, const char *src); | ||
32 | |||
33 | typedef struct | ||
34 | { | ||
35 | opaque *data; | ||
36 | size_t max_length; | ||
37 | size_t length; | ||
38 | MHD_gnutls_realloc_function realloc_func; | ||
39 | MHD_gnutls_alloc_function alloc_func; | ||
40 | MHD_gnutls_free_function free_func; | ||
41 | } MHD_gtls_string; | ||
42 | |||
43 | void MHD_gtls_string_init (MHD_gtls_string *, MHD_gnutls_alloc_function, | ||
44 | MHD_gnutls_realloc_function, | ||
45 | MHD_gnutls_free_function); | ||
46 | void MHD_gtls_string_clear (MHD_gtls_string *); | ||
47 | |||
48 | int MHD_gtls_string_append_data (MHD_gtls_string *, const void *data, | ||
49 | size_t data_size); | ||
50 | char *MHD_gtls_bin2hex (const void *old, size_t oldlen, char *buffer, | ||
51 | size_t buffer_size); | ||
52 | |||
53 | #endif | ||
diff --git a/src/daemon/https/tls/gnutls_supplemental.c b/src/daemon/https/tls/gnutls_supplemental.c deleted file mode 100644 index 3b9641d4..00000000 --- a/src/daemon/https/tls/gnutls_supplemental.c +++ /dev/null | |||
@@ -1,199 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Simon Josefsson | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains support functions for 'TLS Handshake Message for | ||
26 | * Supplemental Data' (RFC 4680). | ||
27 | * | ||
28 | * The idea here is simple. MHD__gnutls_handshake() in gnuts_handshake.c | ||
29 | * will call MHD__gnutls_gen_supplemental and MHD__gnutls_parse_supplemental | ||
30 | * when some extension requested that supplemental data be sent or | ||
31 | * received. Extension request this by setting the flags | ||
32 | * do_recv_supplemental or do_send_supplemental in the session. | ||
33 | * | ||
34 | * The functions in this file iterate through the MHD__gnutls_supplemental | ||
35 | * array, and calls the send/recv functions for each respective data | ||
36 | * type. | ||
37 | * | ||
38 | * The receive function of each data type is responsible for decoding | ||
39 | * its own data. If the extension did not expect to receive | ||
40 | * supplemental data, it should return GNUTLS_E_UNEXPECTED_PACKET. | ||
41 | * Otherwise, it just parse the data as normal. | ||
42 | * | ||
43 | * The send function needs to append the 2-byte data format type, and | ||
44 | * append the 2-byte length of its data, and the data. If it doesn't | ||
45 | * want to send any data, it is fine to return without doing anything. | ||
46 | */ | ||
47 | |||
48 | #include "gnutls_int.h" | ||
49 | #include "gnutls_supplemental.h" | ||
50 | #include "gnutls_errors.h" | ||
51 | #include "gnutls_num.h" | ||
52 | |||
53 | typedef int (*supp_recv_func) (MHD_gtls_session_t session, | ||
54 | const opaque * data, size_t data_size); | ||
55 | typedef int (*supp_send_func) (MHD_gtls_session_t session, | ||
56 | MHD_gtls_buffer * buf); | ||
57 | |||
58 | typedef struct | ||
59 | { | ||
60 | const char *name; | ||
61 | MHD_gnutls_supplemental_data_format_type_t type; | ||
62 | supp_recv_func supp_recv_func; | ||
63 | supp_send_func supp_send_func; | ||
64 | } MHD_gnutls_supplemental_entry; | ||
65 | |||
66 | MHD_gnutls_supplemental_entry MHD__gnutls_supplemental[] = { | ||
67 | {0, 0, 0, 0} | ||
68 | }; | ||
69 | |||
70 | |||
71 | static supp_recv_func | ||
72 | get_supp_func_recv (MHD_gnutls_supplemental_data_format_type_t type) | ||
73 | { | ||
74 | MHD_gnutls_supplemental_entry *p; | ||
75 | |||
76 | for (p = MHD__gnutls_supplemental; p->name != NULL; p++) | ||
77 | if (p->type == type) | ||
78 | return p->supp_recv_func; | ||
79 | |||
80 | return NULL; | ||
81 | } | ||
82 | |||
83 | int | ||
84 | MHD__gnutls_gen_supplemental (MHD_gtls_session_t session, | ||
85 | MHD_gtls_buffer * buf) | ||
86 | { | ||
87 | MHD_gnutls_supplemental_entry *p; | ||
88 | int ret; | ||
89 | |||
90 | /* Make room for 3 byte length field. */ | ||
91 | ret = MHD_gtls_buffer_append (buf, "\0\0\0", 3); | ||
92 | if (ret < 0) | ||
93 | { | ||
94 | MHD_gnutls_assert (); | ||
95 | return ret; | ||
96 | } | ||
97 | |||
98 | for (p = MHD__gnutls_supplemental; p->name; p++) | ||
99 | { | ||
100 | supp_send_func supp_send = p->supp_send_func; | ||
101 | size_t sizepos = buf->length; | ||
102 | int ret; | ||
103 | |||
104 | /* Make room for supplement type and length byte length field. */ | ||
105 | ret = MHD_gtls_buffer_append (buf, "\0\0\0\0", 4); | ||
106 | if (ret < 0) | ||
107 | { | ||
108 | MHD_gnutls_assert (); | ||
109 | return ret; | ||
110 | } | ||
111 | |||
112 | ret = supp_send (session, buf); | ||
113 | if (ret < 0) | ||
114 | { | ||
115 | MHD_gnutls_assert (); | ||
116 | return ret; | ||
117 | } | ||
118 | |||
119 | /* If data were added, store type+length, otherwise reset. */ | ||
120 | if (buf->length > sizepos + 4) | ||
121 | { | ||
122 | buf->data[sizepos] = 0; | ||
123 | buf->data[sizepos + 1] = p->type; | ||
124 | buf->data[sizepos + 2] = ((buf->length - sizepos - 4) >> 8) & 0xFF; | ||
125 | buf->data[sizepos + 3] = (buf->length - sizepos - 4) & 0xFF; | ||
126 | } | ||
127 | else | ||
128 | buf->length -= 4; | ||
129 | } | ||
130 | |||
131 | buf->data[0] = ((buf->length - 3) >> 16) & 0xFF; | ||
132 | buf->data[1] = ((buf->length - 3) >> 8) & 0xFF; | ||
133 | buf->data[2] = (buf->length - 3) & 0xFF; | ||
134 | |||
135 | MHD__gnutls_debug_log ("EXT[%x]: Sending %d bytes of supplemental data\n", | ||
136 | session, buf->length); | ||
137 | |||
138 | return buf->length; | ||
139 | } | ||
140 | |||
141 | int | ||
142 | MHD__gnutls_parse_supplemental (MHD_gtls_session_t session, | ||
143 | const uint8_t * data, int datalen) | ||
144 | { | ||
145 | const opaque *p = data; | ||
146 | ssize_t dsize = datalen; | ||
147 | size_t total_size; | ||
148 | |||
149 | DECR_LEN (dsize, 3); | ||
150 | total_size = MHD_gtls_read_uint24 (p); | ||
151 | p += 3; | ||
152 | |||
153 | if (dsize != total_size) | ||
154 | { | ||
155 | MHD_gnutls_assert (); | ||
156 | return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; | ||
157 | } | ||
158 | |||
159 | do | ||
160 | { | ||
161 | uint16_t supp_data_type; | ||
162 | uint16_t supp_data_length; | ||
163 | supp_recv_func recv_func; | ||
164 | |||
165 | DECR_LEN (dsize, 2); | ||
166 | supp_data_type = MHD_gtls_read_uint16 (p); | ||
167 | p += 2; | ||
168 | |||
169 | DECR_LEN (dsize, 2); | ||
170 | supp_data_length = MHD_gtls_read_uint16 (p); | ||
171 | p += 2; | ||
172 | |||
173 | MHD__gnutls_debug_log | ||
174 | ("EXT[%x]: Got supplemental type=%02x length=%d\n", session, | ||
175 | supp_data_type, supp_data_length); | ||
176 | |||
177 | recv_func = get_supp_func_recv (supp_data_type); | ||
178 | if (recv_func) | ||
179 | { | ||
180 | int ret = recv_func (session, p, supp_data_length); | ||
181 | if (ret < 0) | ||
182 | { | ||
183 | MHD_gnutls_assert (); | ||
184 | return ret; | ||
185 | } | ||
186 | } | ||
187 | else | ||
188 | { | ||
189 | MHD_gnutls_assert (); | ||
190 | return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; | ||
191 | } | ||
192 | |||
193 | DECR_LEN (dsize, supp_data_length); | ||
194 | p += supp_data_length; | ||
195 | } | ||
196 | while (dsize > 0); | ||
197 | |||
198 | return 0; | ||
199 | } | ||
diff --git a/src/daemon/https/tls/gnutls_supplemental.h b/src/daemon/https/tls/gnutls_supplemental.h deleted file mode 100644 index b7ad0c29..00000000 --- a/src/daemon/https/tls/gnutls_supplemental.h +++ /dev/null | |||
@@ -1,30 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Simon Josefsson | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | |||
27 | int MHD__gnutls_parse_supplemental (MHD_gtls_session_t session, | ||
28 | const uint8_t * data, int data_size); | ||
29 | int MHD__gnutls_gen_supplemental (MHD_gtls_session_t session, | ||
30 | MHD_gtls_buffer * buf); | ||
diff --git a/src/daemon/https/tls/gnutls_ui.c b/src/daemon/https/tls/gnutls_ui.c deleted file mode 100644 index 5a1bfd3d..00000000 --- a/src/daemon/https/tls/gnutls_ui.c +++ /dev/null | |||
@@ -1,58 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains certificate authentication functions to be exported in the | ||
26 | * API and did not fit elsewhere. | ||
27 | */ | ||
28 | |||
29 | #include <gnutls_int.h> | ||
30 | #include <auth_cert.h> | ||
31 | #include <gnutls_errors.h> | ||
32 | #include <gnutls_auth_int.h> | ||
33 | #include <gnutls_state.h> | ||
34 | #include <gnutls_datum.h> | ||
35 | |||
36 | /* ANON & DHE */ | ||
37 | |||
38 | /** | ||
39 | * MHD__gnutls_dh_set_prime_bits - Used to set the bits for a DH ciphersuite | ||
40 | * @session: is a #MHD_gtls_session_t structure. | ||
41 | * @bits: is the number of bits | ||
42 | * | ||
43 | * This function sets the number of bits, for use in an | ||
44 | * Diffie Hellman key exchange. This is used both in DH ephemeral and | ||
45 | * DH anonymous cipher suites. This will set the | ||
46 | * minimum size of the prime that will be used for the handshake. | ||
47 | * | ||
48 | * In the client side it sets the minimum accepted number of bits. | ||
49 | * If a server sends a prime with less bits than that | ||
50 | * GNUTLS_E_DH_PRIME_UNACCEPTABLE will be returned by the | ||
51 | * handshake. | ||
52 | * | ||
53 | **/ | ||
54 | void | ||
55 | MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session, unsigned int bits) | ||
56 | { | ||
57 | session->internals.dh_prime_bits = bits; | ||
58 | } | ||
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c deleted file mode 100644 index 685c9642..00000000 --- a/src/daemon/https/tls/gnutls_x509.c +++ /dev/null | |||
@@ -1,604 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | #include "gnutls_auth_int.h" | ||
27 | #include "gnutls_errors.h" | ||
28 | #include <gnutls_cert.h> | ||
29 | #include <auth_cert.h> | ||
30 | #include "gnutls_dh.h" | ||
31 | #include "gnutls_num.h" | ||
32 | #include "gnutls_datum.h" | ||
33 | #include <gnutls_pk.h> | ||
34 | #include <gnutls_algorithms.h> | ||
35 | #include <gnutls_global.h> | ||
36 | #include <gnutls_record.h> | ||
37 | #include <gnutls_sig.h> | ||
38 | #include <gnutls_state.h> | ||
39 | #include <gnutls_pk.h> | ||
40 | #include <gnutls_str.h> | ||
41 | #include <debug.h> | ||
42 | #include <x509_b64.h> | ||
43 | #include <gnutls_x509.h> | ||
44 | #include <sys/types.h> | ||
45 | #include <sys/stat.h> | ||
46 | #include <fcntl.h> | ||
47 | |||
48 | /* x509 */ | ||
49 | #include "common.h" | ||
50 | #include "x509.h" | ||
51 | #include "mpi.h" | ||
52 | #include "privkey.h" | ||
53 | |||
54 | |||
55 | /* | ||
56 | * some x509 certificate parsing functions. | ||
57 | */ | ||
58 | |||
59 | /* Check if the number of bits of the key in the certificate | ||
60 | * is unacceptable. | ||
61 | */ | ||
62 | inline static int | ||
63 | check_bits (MHD_gnutls_x509_crt_t crt, unsigned int max_bits) | ||
64 | { | ||
65 | int ret; | ||
66 | unsigned int bits; | ||
67 | |||
68 | ret = MHD_gnutls_x509_crt_get_pk_algorithm (crt, &bits); | ||
69 | if (ret < 0) | ||
70 | { | ||
71 | MHD_gnutls_assert (); | ||
72 | return ret; | ||
73 | } | ||
74 | |||
75 | if (bits > max_bits && max_bits > 0) | ||
76 | { | ||
77 | MHD_gnutls_assert (); | ||
78 | return GNUTLS_E_CONSTRAINT_ERROR; | ||
79 | } | ||
80 | |||
81 | return 0; | ||
82 | } | ||
83 | |||
84 | |||
85 | #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) { \ | ||
86 | if (peer_certificate_list[x]) \ | ||
87 | MHD_gnutls_x509_crt_deinit(peer_certificate_list[x]); \ | ||
88 | } \ | ||
89 | MHD_gnutls_free( peer_certificate_list) | ||
90 | |||
91 | /* | ||
92 | * Read certificates and private keys, from memory etc. | ||
93 | */ | ||
94 | |||
95 | /* returns error if the certificate has different algorithm than | ||
96 | * the given key parameters. | ||
97 | */ | ||
98 | static int | ||
99 | MHD__gnutls_check_key_cert_match (MHD_gtls_cert_credentials_t res) | ||
100 | { | ||
101 | MHD_gnutls_datum_t cid; | ||
102 | MHD_gnutls_datum_t kid; | ||
103 | unsigned pk = res->cert_list[res->ncerts - 1][0].subject_pk_algorithm; | ||
104 | |||
105 | if (res->pkey[res->ncerts - 1].pk_algorithm != pk) | ||
106 | { | ||
107 | MHD_gnutls_assert (); | ||
108 | return GNUTLS_E_CERTIFICATE_KEY_MISMATCH; | ||
109 | } | ||
110 | |||
111 | MHD__gnutls_x509_write_rsa_params (res->pkey[res->ncerts - 1].params, | ||
112 | res->pkey[res->ncerts - | ||
113 | 1].params_size, &kid); | ||
114 | |||
115 | |||
116 | MHD__gnutls_x509_write_rsa_params (res-> | ||
117 | cert_list[res->ncerts - 1][0].params, | ||
118 | res->cert_list[res->ncerts - | ||
119 | 1][0].params_size, &cid); | ||
120 | |||
121 | if (cid.size != kid.size) | ||
122 | { | ||
123 | MHD_gnutls_assert (); | ||
124 | MHD__gnutls_free_datum (&kid); | ||
125 | MHD__gnutls_free_datum (&cid); | ||
126 | return GNUTLS_E_CERTIFICATE_KEY_MISMATCH; | ||
127 | } | ||
128 | |||
129 | if (memcmp (kid.data, cid.data, kid.size) != 0) | ||
130 | { | ||
131 | MHD_gnutls_assert (); | ||
132 | MHD__gnutls_free_datum (&kid); | ||
133 | MHD__gnutls_free_datum (&cid); | ||
134 | return GNUTLS_E_CERTIFICATE_KEY_MISMATCH; | ||
135 | } | ||
136 | |||
137 | MHD__gnutls_free_datum (&kid); | ||
138 | MHD__gnutls_free_datum (&cid); | ||
139 | return 0; | ||
140 | } | ||
141 | |||
142 | /* Reads a DER encoded certificate list from memory and stores it to | ||
143 | * a MHD_gnutls_cert structure. | ||
144 | * Returns the number of certificates parsed. | ||
145 | */ | ||
146 | static int | ||
147 | parse_crt_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, | ||
148 | MHD_gnutls_x509_crt_t cert) | ||
149 | { | ||
150 | int i; | ||
151 | int ret; | ||
152 | |||
153 | i = *ncerts + 1; | ||
154 | |||
155 | *cert_list = | ||
156 | (MHD_gnutls_cert *) MHD_gtls_realloc_fast (*cert_list, | ||
157 | i * sizeof (MHD_gnutls_cert)); | ||
158 | |||
159 | if (*cert_list == NULL) | ||
160 | { | ||
161 | MHD_gnutls_assert (); | ||
162 | return GNUTLS_E_MEMORY_ERROR; | ||
163 | } | ||
164 | |||
165 | ret = MHD_gtls_x509_crt_to_gcert (&cert_list[0][i - 1], cert, 0); | ||
166 | if (ret < 0) | ||
167 | { | ||
168 | MHD_gnutls_assert (); | ||
169 | return ret; | ||
170 | } | ||
171 | |||
172 | *ncerts = i; | ||
173 | |||
174 | return 1; /* one certificate parsed */ | ||
175 | } | ||
176 | |||
177 | /* Reads a DER encoded certificate list from memory and stores it to | ||
178 | * a MHD_gnutls_cert structure. | ||
179 | * Returns the number of certificates parsed. | ||
180 | */ | ||
181 | static int | ||
182 | parse_der_cert_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, | ||
183 | const void *input_cert, int input_cert_size) | ||
184 | { | ||
185 | MHD_gnutls_datum_t tmp; | ||
186 | MHD_gnutls_x509_crt_t cert; | ||
187 | int ret; | ||
188 | |||
189 | ret = MHD_gnutls_x509_crt_init (&cert); | ||
190 | if (ret < 0) | ||
191 | { | ||
192 | MHD_gnutls_assert (); | ||
193 | return ret; | ||
194 | } | ||
195 | |||
196 | tmp.data = (opaque *) input_cert; | ||
197 | tmp.size = input_cert_size; | ||
198 | |||
199 | ret = MHD_gnutls_x509_crt_import (cert, &tmp, GNUTLS_X509_FMT_DER); | ||
200 | if (ret < 0) | ||
201 | { | ||
202 | MHD_gnutls_assert (); | ||
203 | MHD_gnutls_x509_crt_deinit (cert); | ||
204 | return ret; | ||
205 | } | ||
206 | |||
207 | ret = parse_crt_mem (cert_list, ncerts, cert); | ||
208 | MHD_gnutls_x509_crt_deinit (cert); | ||
209 | |||
210 | return ret; | ||
211 | } | ||
212 | |||
213 | /* Reads a base64 encoded certificate list from memory and stores it to | ||
214 | * a MHD_gnutls_cert structure. Returns the number of certificate parsed. | ||
215 | */ | ||
216 | static int | ||
217 | parse_pem_cert_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, | ||
218 | const char *input_cert, int input_cert_size) | ||
219 | { | ||
220 | int size, siz2, i; | ||
221 | const char *ptr; | ||
222 | opaque *ptr2; | ||
223 | MHD_gnutls_datum_t tmp; | ||
224 | int ret, count; | ||
225 | |||
226 | /* move to the certificate | ||
227 | */ | ||
228 | ptr = memmem (input_cert, input_cert_size, | ||
229 | PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); | ||
230 | if (ptr == NULL) | ||
231 | ptr = memmem (input_cert, input_cert_size, | ||
232 | PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); | ||
233 | |||
234 | if (ptr == NULL) | ||
235 | { | ||
236 | MHD_gnutls_assert (); | ||
237 | return GNUTLS_E_BASE64_DECODING_ERROR; | ||
238 | } | ||
239 | size = input_cert_size - (ptr - input_cert); | ||
240 | |||
241 | i = *ncerts + 1; | ||
242 | count = 0; | ||
243 | |||
244 | do | ||
245 | { | ||
246 | |||
247 | siz2 = | ||
248 | MHD__gnutls_fbase64_decode (NULL, (const unsigned char *) ptr, size, | ||
249 | &ptr2); | ||
250 | |||
251 | if (siz2 < 0) | ||
252 | { | ||
253 | MHD_gnutls_assert (); | ||
254 | return GNUTLS_E_BASE64_DECODING_ERROR; | ||
255 | } | ||
256 | |||
257 | *cert_list = | ||
258 | (MHD_gnutls_cert *) MHD_gtls_realloc_fast (*cert_list, | ||
259 | i * | ||
260 | sizeof (MHD_gnutls_cert)); | ||
261 | |||
262 | if (*cert_list == NULL) | ||
263 | { | ||
264 | MHD_gnutls_assert (); | ||
265 | return GNUTLS_E_MEMORY_ERROR; | ||
266 | } | ||
267 | |||
268 | tmp.data = ptr2; | ||
269 | tmp.size = siz2; | ||
270 | |||
271 | ret = MHD_gtls_x509_raw_cert_to_gcert (&cert_list[0][i - 1], &tmp, 0); | ||
272 | if (ret < 0) | ||
273 | { | ||
274 | MHD_gnutls_assert (); | ||
275 | return ret; | ||
276 | } | ||
277 | MHD__gnutls_free_datum (&tmp); /* free ptr2 */ | ||
278 | |||
279 | /* now we move ptr after the pem header | ||
280 | */ | ||
281 | ptr++; | ||
282 | /* find the next certificate (if any) | ||
283 | */ | ||
284 | size = input_cert_size - (ptr - input_cert); | ||
285 | |||
286 | if (size > 0) | ||
287 | { | ||
288 | char *ptr3; | ||
289 | |||
290 | ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); | ||
291 | if (ptr3 == NULL) | ||
292 | ptr3 = memmem (ptr, size, PEM_CERT_SEP2, | ||
293 | sizeof (PEM_CERT_SEP2) - 1); | ||
294 | |||
295 | ptr = ptr3; | ||
296 | } | ||
297 | else | ||
298 | ptr = NULL; | ||
299 | |||
300 | i++; | ||
301 | count++; | ||
302 | |||
303 | } | ||
304 | while (ptr != NULL); | ||
305 | |||
306 | *ncerts = i - 1; | ||
307 | |||
308 | return count; | ||
309 | } | ||
310 | |||
311 | |||
312 | |||
313 | /* Reads a DER or PEM certificate from memory | ||
314 | */ | ||
315 | static int | ||
316 | read_cert_mem (MHD_gtls_cert_credentials_t res, const void *cert, | ||
317 | int cert_size, MHD_gnutls_x509_crt_fmt_t type) | ||
318 | { | ||
319 | int ret; | ||
320 | |||
321 | /* allocate space for the certificate to add | ||
322 | */ | ||
323 | res->cert_list = MHD_gtls_realloc_fast (res->cert_list, | ||
324 | (1 + | ||
325 | res->ncerts) * | ||
326 | sizeof (MHD_gnutls_cert *)); | ||
327 | if (res->cert_list == NULL) | ||
328 | { | ||
329 | MHD_gnutls_assert (); | ||
330 | return GNUTLS_E_MEMORY_ERROR; | ||
331 | } | ||
332 | |||
333 | res->cert_list_length = MHD_gtls_realloc_fast (res->cert_list_length, | ||
334 | (1 + | ||
335 | res->ncerts) * | ||
336 | sizeof (int)); | ||
337 | if (res->cert_list_length == NULL) | ||
338 | { | ||
339 | MHD_gnutls_assert (); | ||
340 | return GNUTLS_E_MEMORY_ERROR; | ||
341 | } | ||
342 | |||
343 | res->cert_list[res->ncerts] = NULL; /* for realloc */ | ||
344 | res->cert_list_length[res->ncerts] = 0; | ||
345 | |||
346 | if (type == GNUTLS_X509_FMT_DER) | ||
347 | ret = parse_der_cert_mem (&res->cert_list[res->ncerts], | ||
348 | &res->cert_list_length[res->ncerts], | ||
349 | cert, cert_size); | ||
350 | else | ||
351 | ret = | ||
352 | parse_pem_cert_mem (&res->cert_list[res->ncerts], | ||
353 | &res->cert_list_length[res->ncerts], cert, | ||
354 | cert_size); | ||
355 | |||
356 | if (ret < 0) | ||
357 | { | ||
358 | MHD_gnutls_assert (); | ||
359 | return ret; | ||
360 | } | ||
361 | |||
362 | return ret; | ||
363 | } | ||
364 | |||
365 | |||
366 | int | ||
367 | MHD__gnutls_x509_privkey_to_gkey (MHD_gnutls_privkey * dest, | ||
368 | MHD_gnutls_x509_privkey_t src) | ||
369 | { | ||
370 | int i, ret; | ||
371 | |||
372 | memset (dest, 0, sizeof (MHD_gnutls_privkey)); | ||
373 | |||
374 | for (i = 0; i < src->params_size; i++) | ||
375 | { | ||
376 | dest->params[i] = MHD__gnutls_mpi_copy (src->params[i]); | ||
377 | if (dest->params[i] == NULL) | ||
378 | { | ||
379 | MHD_gnutls_assert (); | ||
380 | ret = GNUTLS_E_MEMORY_ERROR; | ||
381 | goto cleanup; | ||
382 | } | ||
383 | } | ||
384 | |||
385 | dest->pk_algorithm = src->pk_algorithm; | ||
386 | dest->params_size = src->params_size; | ||
387 | |||
388 | return 0; | ||
389 | |||
390 | cleanup: | ||
391 | |||
392 | for (i = 0; i < src->params_size; i++) | ||
393 | { | ||
394 | MHD_gtls_mpi_release (&dest->params[i]); | ||
395 | } | ||
396 | return ret; | ||
397 | } | ||
398 | |||
399 | void | ||
400 | MHD_gtls_gkey_deinit (MHD_gnutls_privkey * key) | ||
401 | { | ||
402 | int i; | ||
403 | if (key == NULL) | ||
404 | return; | ||
405 | |||
406 | for (i = 0; i < key->params_size; i++) | ||
407 | { | ||
408 | MHD_gtls_mpi_release (&key->params[i]); | ||
409 | } | ||
410 | } | ||
411 | |||
412 | int | ||
413 | MHD__gnutls_x509_raw_privkey_to_gkey (MHD_gnutls_privkey * privkey, | ||
414 | const MHD_gnutls_datum_t * raw_key, | ||
415 | MHD_gnutls_x509_crt_fmt_t type) | ||
416 | { | ||
417 | MHD_gnutls_x509_privkey_t tmpkey; | ||
418 | int ret; | ||
419 | |||
420 | ret = MHD_gnutls_x509_privkey_init (&tmpkey); | ||
421 | if (ret < 0) | ||
422 | { | ||
423 | MHD_gnutls_assert (); | ||
424 | return ret; | ||
425 | } | ||
426 | |||
427 | ret = MHD_gnutls_x509_privkey_import (tmpkey, raw_key, type); | ||
428 | if (ret < 0) | ||
429 | { | ||
430 | MHD_gnutls_assert (); | ||
431 | MHD_gnutls_x509_privkey_deinit (tmpkey); | ||
432 | return ret; | ||
433 | } | ||
434 | |||
435 | ret = MHD__gnutls_x509_privkey_to_gkey (privkey, tmpkey); | ||
436 | if (ret < 0) | ||
437 | { | ||
438 | MHD_gnutls_assert (); | ||
439 | MHD_gnutls_x509_privkey_deinit (tmpkey); | ||
440 | return ret; | ||
441 | } | ||
442 | |||
443 | MHD_gnutls_x509_privkey_deinit (tmpkey); | ||
444 | |||
445 | return 0; | ||
446 | } | ||
447 | |||
448 | /* Reads a PEM encoded PKCS-1 RSA/DSA private key from memory. Type | ||
449 | * indicates the certificate format. KEY can be NULL, to indicate | ||
450 | * that GnuTLS doesn't know the private key. | ||
451 | */ | ||
452 | static int | ||
453 | read_key_mem (MHD_gtls_cert_credentials_t res, | ||
454 | const void *key, int key_size, MHD_gnutls_x509_crt_fmt_t type) | ||
455 | { | ||
456 | int ret; | ||
457 | MHD_gnutls_datum_t tmp; | ||
458 | |||
459 | /* allocate space for the pkey list | ||
460 | */ | ||
461 | res->pkey = | ||
462 | MHD_gtls_realloc_fast (res->pkey, | ||
463 | (res->ncerts + 1) * sizeof (MHD_gnutls_privkey)); | ||
464 | if (res->pkey == NULL) | ||
465 | { | ||
466 | MHD_gnutls_assert (); | ||
467 | return GNUTLS_E_MEMORY_ERROR; | ||
468 | } | ||
469 | |||
470 | if (key) | ||
471 | { | ||
472 | tmp.data = (opaque *) key; | ||
473 | tmp.size = key_size; | ||
474 | |||
475 | ret = | ||
476 | MHD__gnutls_x509_raw_privkey_to_gkey (&res->pkey[res->ncerts], &tmp, | ||
477 | type); | ||
478 | if (ret < 0) | ||
479 | { | ||
480 | MHD_gnutls_assert (); | ||
481 | return ret; | ||
482 | } | ||
483 | } | ||
484 | else | ||
485 | memset (&res->pkey[res->ncerts], 0, sizeof (MHD_gnutls_privkey)); | ||
486 | |||
487 | return 0; | ||
488 | } | ||
489 | |||
490 | /** | ||
491 | * MHD__gnutls_certificate_set_x509_key_mem - Used to set keys in a MHD_gtls_cert_credentials_t structure | ||
492 | * @res: is an #MHD_gtls_cert_credentials_t structure. | ||
493 | * @cert: contains a certificate list (path) for the specified private key | ||
494 | * @key: is the private key, or %NULL | ||
495 | * @type: is PEM or DER | ||
496 | * | ||
497 | * This function sets a certificate/private key pair in the | ||
498 | * MHD_gtls_cert_credentials_t structure. This function may be called | ||
499 | * more than once (in case multiple keys/certificates exist for the | ||
500 | * server). | ||
501 | * | ||
502 | * Currently are supported: RSA PKCS-1 encoded private keys, | ||
503 | * DSA private keys. | ||
504 | * | ||
505 | * DSA private keys are encoded the OpenSSL way, which is an ASN.1 | ||
506 | * DER sequence of 6 INTEGERs - version, p, q, g, pub, priv. | ||
507 | * | ||
508 | * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates | ||
509 | * is supported. This means that certificates intended for signing cannot | ||
510 | * be used for ciphersuites that require encryption. | ||
511 | * | ||
512 | * If the certificate and the private key are given in PEM encoding | ||
513 | * then the strings that hold their values must be null terminated. | ||
514 | * | ||
515 | * The @key may be %NULL if you are using a sign callback, see | ||
516 | * MHD_gtls_sign_callback_set(). | ||
517 | * | ||
518 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code. | ||
519 | **/ | ||
520 | int | ||
521 | MHD__gnutls_certificate_set_x509_key_mem (MHD_gtls_cert_credentials_t | ||
522 | res, | ||
523 | const MHD_gnutls_datum_t * cert, | ||
524 | const MHD_gnutls_datum_t * key, | ||
525 | MHD_gnutls_x509_crt_fmt_t type) | ||
526 | { | ||
527 | int ret; | ||
528 | |||
529 | /* this should be first | ||
530 | */ | ||
531 | if ((ret = read_key_mem (res, key ? key->data : NULL, | ||
532 | key ? key->size : 0, type)) < 0) | ||
533 | return ret; | ||
534 | |||
535 | if ((ret = read_cert_mem (res, cert->data, cert->size, type)) < 0) | ||
536 | return ret; | ||
537 | |||
538 | res->ncerts++; | ||
539 | |||
540 | if (key && (ret = MHD__gnutls_check_key_cert_match (res)) < 0) | ||
541 | { | ||
542 | MHD_gnutls_assert (); | ||
543 | return ret; | ||
544 | } | ||
545 | |||
546 | return 0; | ||
547 | } | ||
548 | |||
549 | /* Returns 0 if it's ok to use the enum MHD_GNUTLS_KeyExchangeAlgorithm with this | ||
550 | * certificate (uses the KeyUsage field). | ||
551 | */ | ||
552 | int | ||
553 | MHD__gnutls_check_key_usage (const MHD_gnutls_cert * cert, | ||
554 | enum MHD_GNUTLS_KeyExchangeAlgorithm alg) | ||
555 | { | ||
556 | unsigned int key_usage = 0; | ||
557 | int encipher_type; | ||
558 | |||
559 | if (cert == NULL) | ||
560 | { | ||
561 | MHD_gnutls_assert (); | ||
562 | return GNUTLS_E_INTERNAL_ERROR; | ||
563 | } | ||
564 | |||
565 | if (MHD_gtls_map_kx_get_cred (alg, 1) == MHD_GNUTLS_CRD_CERTIFICATE || | ||
566 | MHD_gtls_map_kx_get_cred (alg, 0) == MHD_GNUTLS_CRD_CERTIFICATE) | ||
567 | { | ||
568 | |||
569 | key_usage = cert->key_usage; | ||
570 | |||
571 | encipher_type = MHD_gtls_kx_encipher_type (alg); | ||
572 | |||
573 | if (key_usage != 0 && encipher_type != CIPHER_IGN) | ||
574 | { | ||
575 | /* If key_usage has been set in the certificate | ||
576 | */ | ||
577 | |||
578 | if (encipher_type == CIPHER_ENCRYPT) | ||
579 | { | ||
580 | /* If the key exchange method requires an encipher | ||
581 | * type algorithm, and key's usage does not permit | ||
582 | * encipherment, then fail. | ||
583 | */ | ||
584 | if (!(key_usage & KEY_KEY_ENCIPHERMENT)) | ||
585 | { | ||
586 | MHD_gnutls_assert (); | ||
587 | return GNUTLS_E_KEY_USAGE_VIOLATION; | ||
588 | } | ||
589 | } | ||
590 | |||
591 | if (encipher_type == CIPHER_SIGN) | ||
592 | { | ||
593 | /* The same as above, but for sign only keys | ||
594 | */ | ||
595 | if (!(key_usage & KEY_DIGITAL_SIGNATURE)) | ||
596 | { | ||
597 | MHD_gnutls_assert (); | ||
598 | return GNUTLS_E_KEY_USAGE_VIOLATION; | ||
599 | } | ||
600 | } | ||
601 | } | ||
602 | } | ||
603 | return 0; | ||
604 | } | ||
diff --git a/src/daemon/https/tls/gnutls_x509.h b/src/daemon/https/tls/gnutls_x509.h deleted file mode 100644 index 07269328..00000000 --- a/src/daemon/https/tls/gnutls_x509.h +++ /dev/null | |||
@@ -1,50 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <libtasn1.h> | ||
26 | |||
27 | int MHD__gnutls_x509_cert_verify_peers (MHD_gtls_session_t session, | ||
28 | unsigned int *status); | ||
29 | |||
30 | #define PEM_CERT_SEP2 "-----BEGIN X509 CERTIFICATE" | ||
31 | #define PEM_CERT_SEP "-----BEGIN CERTIFICATE" | ||
32 | |||
33 | #define PEM_CRL_SEP "-----BEGIN X509 CRL" | ||
34 | |||
35 | #define PEM_KEY_RSA_SEP "-----BEGIN RSA" | ||
36 | #define PEM_KEY_DSA_SEP "-----BEGIN DSA" | ||
37 | |||
38 | int MHD__gnutls_check_key_usage (const MHD_gnutls_cert * cert, | ||
39 | enum MHD_GNUTLS_KeyExchangeAlgorithm alg); | ||
40 | |||
41 | int MHD__gnutls_x509_read_rsa_params (opaque * der, int dersize, | ||
42 | mpi_t * params); | ||
43 | int MHD__gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, | ||
44 | mpi_t * params); | ||
45 | |||
46 | int MHD__gnutls_x509_raw_privkey_to_gkey (MHD_gnutls_privkey * privkey, | ||
47 | const MHD_gnutls_datum_t * raw_key, | ||
48 | MHD_gnutls_x509_crt_fmt_t type); | ||
49 | int MHD__gnutls_x509_privkey_to_gkey (MHD_gnutls_privkey * privkey, | ||
50 | MHD_gnutls_x509_privkey_t); | ||
diff --git a/src/daemon/https/tls/libgnutls-config b/src/daemon/https/tls/libgnutls-config deleted file mode 100644 index 80580a89..00000000 --- a/src/daemon/https/tls/libgnutls-config +++ /dev/null | |||
@@ -1,104 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | prefix=/home/lama/workbench/programming/c/gnunet/gnutls-2.2.3/build | ||
4 | exec_prefix=${prefix} | ||
5 | exec_prefix_set=no | ||
6 | |||
7 | gnutls_libs="-L${exec_prefix}/lib -lgnutls -L/usr/lib -ltasn1 -lgcrypt " | ||
8 | gnutls_cflags=" -I/usr/include -I${prefix}/include" | ||
9 | gnutls_la_file="${exec_prefix}/lib/libgnutls.la" | ||
10 | |||
11 | usage() | ||
12 | { | ||
13 | cat <<EOF | ||
14 | Usage: libgnutls-config [OPTIONS] | ||
15 | Options: | ||
16 | [--prefix[=DIR]] | ||
17 | [--exec-prefix[=DIR]] | ||
18 | [--version] | ||
19 | [--libs] | ||
20 | [--cflags] | ||
21 | EOF | ||
22 | exit $1 | ||
23 | } | ||
24 | |||
25 | if test $# -eq 0; then | ||
26 | usage 1 1>&2 | ||
27 | fi | ||
28 | |||
29 | while test $# -gt 0; do | ||
30 | case "$1" in | ||
31 | -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; | ||
32 | *) optarg= ;; | ||
33 | esac | ||
34 | |||
35 | case $1 in | ||
36 | --prefix=*) | ||
37 | prefix=$optarg | ||
38 | if test $exec_prefix_set = no ; then | ||
39 | exec_prefix=$optarg | ||
40 | fi | ||
41 | ;; | ||
42 | --prefix) | ||
43 | echo_prefix=yes | ||
44 | ;; | ||
45 | --exec-prefix=*) | ||
46 | exec_prefix=$optarg | ||
47 | exec_prefix_set=yes | ||
48 | ;; | ||
49 | --exec-prefix) | ||
50 | echo_exec_prefix=yes | ||
51 | ;; | ||
52 | --version) | ||
53 | echo "2.2.3" | ||
54 | exit 0 | ||
55 | ;; | ||
56 | --cflags) | ||
57 | echo_cflags=yes | ||
58 | ;; | ||
59 | --libs) | ||
60 | echo_libs=yes | ||
61 | ;; | ||
62 | --la-file) | ||
63 | echo_la_file=yes | ||
64 | ;; | ||
65 | --help) | ||
66 | usage 0 | ||
67 | ;; | ||
68 | *) | ||
69 | usage 1 1>&2 | ||
70 | ;; | ||
71 | esac | ||
72 | shift | ||
73 | done | ||
74 | |||
75 | if test "$echo_prefix" = "yes"; then | ||
76 | echo $prefix | ||
77 | fi | ||
78 | |||
79 | if test "$echo_exec_prefix" = "yes"; then | ||
80 | echo $exec_prefix | ||
81 | fi | ||
82 | |||
83 | if test "$echo_cflags" = "yes"; then | ||
84 | if test "${prefix}/include" != "/usr/include" ; then | ||
85 | includes="-I${prefix}/include" | ||
86 | for i in $gnutls_cflags ; do | ||
87 | if test "$i" = "-I${prefix}/include" ; then | ||
88 | includes="" | ||
89 | fi | ||
90 | done | ||
91 | fi | ||
92 | echo $includes $gnutls_cflags | ||
93 | fi | ||
94 | |||
95 | if test "$echo_la_file" = "yes"; then | ||
96 | echo ${gnutls_la_file} | ||
97 | fi | ||
98 | |||
99 | if test "$echo_libs" = "yes"; then | ||
100 | echo ${gnutls_libs} | ||
101 | fi | ||
102 | |||
103 | |||
104 | |||
diff --git a/src/daemon/https/tls/libgnutls.m4 b/src/daemon/https/tls/libgnutls.m4 deleted file mode 100644 index 1851ca23..00000000 --- a/src/daemon/https/tls/libgnutls.m4 +++ /dev/null | |||
@@ -1,160 +0,0 @@ | |||
1 | dnl Autoconf macros for libgnutls | ||
2 | dnl $id$ | ||
3 | |||
4 | # Modified for LIBGNUTLS -- nmav | ||
5 | # Configure paths for LIBGCRYPT | ||
6 | # Shamelessly stolen from the one of XDELTA by Owen Taylor | ||
7 | # Werner Koch 99-12-09 | ||
8 | |||
9 | dnl AM_PATH_LIBGNUTLS([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) | ||
10 | dnl Test for libgnutls, and define LIBGNUTLS_CFLAGS and LIBGNUTLS_LIBS | ||
11 | dnl | ||
12 | AC_DEFUN([AM_PATH_LIBGNUTLS], | ||
13 | [dnl | ||
14 | dnl Get the cflags and libraries from the libgnutls-config script | ||
15 | dnl | ||
16 | AC_ARG_WITH(libgnutls-prefix, | ||
17 | [ --with-libgnutls-prefix=PFX Prefix where libgnutls is installed (optional)], | ||
18 | libgnutls_config_prefix="$withval", libgnutls_config_prefix="") | ||
19 | |||
20 | if test x$libgnutls_config_prefix != x ; then | ||
21 | if test x${LIBGNUTLS_CONFIG+set} != xset ; then | ||
22 | LIBGNUTLS_CONFIG=$libgnutls_config_prefix/bin/libgnutls-config | ||
23 | fi | ||
24 | fi | ||
25 | |||
26 | AC_PATH_PROG(LIBGNUTLS_CONFIG, libgnutls-config, no) | ||
27 | min_libgnutls_version=ifelse([$1], ,0.1.0,$1) | ||
28 | AC_MSG_CHECKING(for libgnutls - version >= $min_libgnutls_version) | ||
29 | no_libgnutls="" | ||
30 | if test "$LIBGNUTLS_CONFIG" = "no" ; then | ||
31 | no_libgnutls=yes | ||
32 | else | ||
33 | LIBGNUTLS_CFLAGS=`$LIBGNUTLS_CONFIG $libgnutls_config_args --cflags` | ||
34 | LIBGNUTLS_LIBS=`$LIBGNUTLS_CONFIG $libgnutls_config_args --libs` | ||
35 | libgnutls_config_version=`$LIBGNUTLS_CONFIG $libgnutls_config_args --version` | ||
36 | |||
37 | |||
38 | ac_save_CFLAGS="$CFLAGS" | ||
39 | ac_save_LIBS="$LIBS" | ||
40 | CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS" | ||
41 | LIBS="$LIBS $LIBGNUTLS_LIBS" | ||
42 | dnl | ||
43 | dnl Now check if the installed libgnutls is sufficiently new. Also sanity | ||
44 | dnl checks the results of libgnutls-config to some extent | ||
45 | dnl | ||
46 | rm -f conf.libgnutlstest | ||
47 | AC_TRY_RUN([ | ||
48 | #include <stdio.h> | ||
49 | #include <stdlib.h> | ||
50 | #include <string.h> | ||
51 | #include <gnutls.h> | ||
52 | |||
53 | int | ||
54 | main () | ||
55 | { | ||
56 | system ("touch conf.libgnutlstest"); | ||
57 | |||
58 | if( strcmp( gnutls_check_version(NULL), "$libgnutls_config_version" ) ) | ||
59 | { | ||
60 | printf("\n*** 'libgnutls-config --version' returned %s, but LIBGNUTLS (%s)\n", | ||
61 | "$libgnutls_config_version", gnutls_check_version(NULL) ); | ||
62 | printf("*** was found! If libgnutls-config was correct, then it is best\n"); | ||
63 | printf("*** to remove the old version of LIBGNUTLS. You may also be able to fix the error\n"); | ||
64 | printf("*** by modifying your LD_LIBRARY_PATH enviroment variable, or by editing\n"); | ||
65 | printf("*** /etc/ld.so.conf. Make sure you have run ldconfig if that is\n"); | ||
66 | printf("*** required on your system.\n"); | ||
67 | printf("*** If libgnutls-config was wrong, set the environment variable LIBGNUTLS_CONFIG\n"); | ||
68 | printf("*** to point to the correct copy of libgnutls-config, and remove the file config.cache\n"); | ||
69 | printf("*** before re-running configure\n"); | ||
70 | } | ||
71 | else if ( strcmp(gnutls_check_version(NULL), LIBGNUTLS_VERSION ) ) | ||
72 | { | ||
73 | printf("\n*** LIBGNUTLS header file (version %s) does not match\n", LIBGNUTLS_VERSION); | ||
74 | printf("*** library (version %s)\n", gnutls_check_version(NULL) ); | ||
75 | } | ||
76 | else | ||
77 | { | ||
78 | if ( gnutls_check_version( "$min_libgnutls_version" ) ) | ||
79 | { | ||
80 | return 0; | ||
81 | } | ||
82 | else | ||
83 | { | ||
84 | printf("no\n*** An old version of LIBGNUTLS (%s) was found.\n", | ||
85 | gnutls_check_version(NULL) ); | ||
86 | printf("*** You need a version of LIBGNUTLS newer than %s. The latest version of\n", | ||
87 | "$min_libgnutls_version" ); | ||
88 | printf("*** LIBGNUTLS is always available from ftp://gnutls.hellug.gr/pub/gnutls.\n"); | ||
89 | printf("*** \n"); | ||
90 | printf("*** If you have already installed a sufficiently new version, this error\n"); | ||
91 | printf("*** probably means that the wrong copy of the libgnutls-config shell script is\n"); | ||
92 | printf("*** being found. The easiest way to fix this is to remove the old version\n"); | ||
93 | printf("*** of LIBGNUTLS, but you can also set the LIBGNUTLS_CONFIG environment to point to the\n"); | ||
94 | printf("*** correct copy of libgnutls-config. (In this case, you will have to\n"); | ||
95 | printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit /etc/ld.so.conf\n"); | ||
96 | printf("*** so that the correct libraries are found at run-time))\n"); | ||
97 | } | ||
98 | } | ||
99 | return 1; | ||
100 | } | ||
101 | ],, no_libgnutls=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"]) | ||
102 | CFLAGS="$ac_save_CFLAGS" | ||
103 | LIBS="$ac_save_LIBS" | ||
104 | fi | ||
105 | |||
106 | if test "x$no_libgnutls" = x ; then | ||
107 | AC_MSG_RESULT(yes) | ||
108 | ifelse([$2], , :, [$2]) | ||
109 | else | ||
110 | if test -f conf.libgnutlstest ; then | ||
111 | : | ||
112 | else | ||
113 | AC_MSG_RESULT(no) | ||
114 | fi | ||
115 | if test "$LIBGNUTLS_CONFIG" = "no" ; then | ||
116 | echo "*** The libgnutls-config script installed by LIBGNUTLS could not be found" | ||
117 | echo "*** If LIBGNUTLS was installed in PREFIX, make sure PREFIX/bin is in" | ||
118 | echo "*** your path, or set the LIBGNUTLS_CONFIG environment variable to the" | ||
119 | echo "*** full path to libgnutls-config." | ||
120 | else | ||
121 | if test -f conf.libgnutlstest ; then | ||
122 | : | ||
123 | else | ||
124 | echo "*** Could not run libgnutls test program, checking why..." | ||
125 | CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS" | ||
126 | LIBS="$LIBS $LIBGNUTLS_LIBS" | ||
127 | AC_TRY_LINK([ | ||
128 | #include <stdio.h> | ||
129 | #include <stdlib.h> | ||
130 | #include <string.h> | ||
131 | #include <gnutls.h> | ||
132 | ], [ return !!gnutls_check_version(NULL); ], | ||
133 | [ echo "*** The test program compiled, but did not run. This usually means" | ||
134 | echo "*** that the run-time linker is not finding LIBGNUTLS or finding the wrong" | ||
135 | echo "*** version of LIBGNUTLS. If it is not finding LIBGNUTLS, you'll need to set your" | ||
136 | echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point" | ||
137 | echo "*** to the installed location Also, make sure you have run ldconfig if that" | ||
138 | echo "*** is required on your system" | ||
139 | echo "***" | ||
140 | echo "*** If you have an old version installed, it is best to remove it, although" | ||
141 | echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" | ||
142 | echo "***" ], | ||
143 | [ echo "*** The test program failed to compile or link. See the file config.log for the" | ||
144 | echo "*** exact error that occured. This usually means LIBGNUTLS was incorrectly installed" | ||
145 | echo "*** or that you have moved LIBGNUTLS since it was installed. In the latter case, you" | ||
146 | echo "*** may want to edit the libgnutls-config script: $LIBGNUTLS_CONFIG" ]) | ||
147 | CFLAGS="$ac_save_CFLAGS" | ||
148 | LIBS="$ac_save_LIBS" | ||
149 | fi | ||
150 | fi | ||
151 | LIBGNUTLS_CFLAGS="" | ||
152 | LIBGNUTLS_LIBS="" | ||
153 | ifelse([$3], , :, [$3]) | ||
154 | fi | ||
155 | rm -f conf.libgnutlstest | ||
156 | AC_SUBST(LIBGNUTLS_CFLAGS) | ||
157 | AC_SUBST(LIBGNUTLS_LIBS) | ||
158 | ]) | ||
159 | |||
160 | dnl *-*wedit:notab*-* Please keep this as the last line. | ||
diff --git a/src/daemon/https/tls/libgnutls.vers b/src/daemon/https/tls/libgnutls.vers deleted file mode 100644 index f793617b..00000000 --- a/src/daemon/https/tls/libgnutls.vers +++ /dev/null | |||
@@ -1,27 +0,0 @@ | |||
1 | # libgnutls.vers -- Versioning script to control what symbols to export. | ||
2 | # Copyright (C) 2005, 2006, 2007 Free Software Foundation | ||
3 | # | ||
4 | # Author: Simon Josefsson | ||
5 | # | ||
6 | # This file is part of GNUTLS. | ||
7 | # | ||
8 | # The GNUTLS library is free software; you can redistribute it and/or | ||
9 | # modify it under the terms of the GNU Lesser General Public License | ||
10 | # as published by the Free Software Foundation; either version 2.1 of | ||
11 | # the License, or (at your option) any later version. | ||
12 | # | ||
13 | # The GNUTLS library is distributed in the hope that it will be | ||
14 | #useful, but WITHOUT ANY WARRANTY; without even the implied warranty | ||
15 | #of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | #Lesser General Public License for more details. | ||
17 | # | ||
18 | # You should have received a copy of the GNU Lesser General Public | ||
19 | # License along with the GNUTLS library; if not, write to the Free | ||
20 | # Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, | ||
21 | # MA 02110-1301, USA | ||
22 | |||
23 | GNUTLS_1_4 | ||
24 | { | ||
25 | global: _gnutls*; gnutls*; | ||
26 | local: *; | ||
27 | }; | ||
diff --git a/src/daemon/https/tls/memmem.c b/src/daemon/https/tls/memmem.c deleted file mode 100644 index 77143a7e..00000000 --- a/src/daemon/https/tls/memmem.c +++ /dev/null | |||
@@ -1,78 +0,0 @@ | |||
1 | /* Copyright (C) 1991,92,93,94,96,97,98,2000,2004,2007,2008 Free Software | ||
2 | Foundation, Inc. | ||
3 | This file is part of the GNU C Library. | ||
4 | |||
5 | This program is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU Lesser General Public License as published by | ||
7 | the Free Software Foundation; either version 2.1, or (at your option) | ||
8 | any later version. | ||
9 | |||
10 | This program is distributed in the hope that it will be useful, | ||
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
13 | GNU Lesser General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Lesser General Public License along | ||
16 | with this program; if not, write to the Free Software Foundation, | ||
17 | Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ | ||
18 | |||
19 | /* This particular implementation was written by Eric Blake, 2008. */ | ||
20 | |||
21 | /* Specification of memmem. */ | ||
22 | #include "gnutls_global.h" | ||
23 | #include <string.h> | ||
24 | |||
25 | #if !HAVE_MEMMEM | ||
26 | |||
27 | #ifndef _LIBC | ||
28 | # define __builtin_expect(expr, val) (expr) | ||
29 | #endif | ||
30 | |||
31 | #define RETURN_TYPE void * | ||
32 | #define AVAILABLE(h, h_l, j, n_l) ((j) <= (h_l) - (n_l)) | ||
33 | #include "str-two-way.h" | ||
34 | |||
35 | /* Return the first occurrence of NEEDLE in HAYSTACK. Return HAYSTACK | ||
36 | if NEEDLE_LEN is 0, otherwise NULL if NEEDLE is not found in | ||
37 | HAYSTACK. */ | ||
38 | void * | ||
39 | memmem (const void *haystack_start, size_t haystack_len, | ||
40 | const void *needle_start, size_t needle_len) | ||
41 | { | ||
42 | /* Abstract memory is considered to be an array of 'unsigned char' values, | ||
43 | not an array of 'char' values. See ISO C 99 section 6.2.6.1. */ | ||
44 | const unsigned char *haystack = (const unsigned char *) haystack_start; | ||
45 | const unsigned char *needle = (const unsigned char *) needle_start; | ||
46 | |||
47 | if (needle_len == 0) | ||
48 | /* The first occurrence of the empty string is deemed to occur at | ||
49 | the beginning of the string. */ | ||
50 | return (void *) haystack; | ||
51 | |||
52 | /* Sanity check, otherwise the loop might search through the whole | ||
53 | memory. */ | ||
54 | if (__builtin_expect (haystack_len < needle_len, 0)) | ||
55 | return NULL; | ||
56 | |||
57 | /* Use optimizations in memchr when possible, to reduce the search | ||
58 | size of haystack using a linear algorithm with a smaller | ||
59 | coefficient. However, avoid memchr for long needles, since we | ||
60 | can often achieve sublinear performance. */ | ||
61 | if (needle_len < LONG_NEEDLE_THRESHOLD) | ||
62 | { | ||
63 | haystack = memchr (haystack, *needle, haystack_len); | ||
64 | if (!haystack || __builtin_expect (needle_len == 1, 0)) | ||
65 | return (void *) haystack; | ||
66 | haystack_len -= haystack - (const unsigned char *) haystack_start; | ||
67 | if (haystack_len < needle_len) | ||
68 | return NULL; | ||
69 | return two_way_short_needle (haystack, haystack_len, needle, | ||
70 | needle_len); | ||
71 | } | ||
72 | else | ||
73 | return two_way_long_needle (haystack, haystack_len, needle, needle_len); | ||
74 | } | ||
75 | |||
76 | #undef LONG_NEEDLE_THRESHOLD | ||
77 | |||
78 | #endif /* !HAVE_MEMMEM */ | ||
diff --git a/src/daemon/https/tls/pkix.asn b/src/daemon/https/tls/pkix.asn deleted file mode 100644 index d46dfa07..00000000 --- a/src/daemon/https/tls/pkix.asn +++ /dev/null | |||
@@ -1,1241 +0,0 @@ | |||
1 | |||
2 | PKIX1 { } | ||
3 | |||
4 | DEFINITIONS IMPLICIT TAGS ::= | ||
5 | |||
6 | BEGIN | ||
7 | |||
8 | -- This contains both PKIX1Implicit88 and RFC2630 ASN.1 modules. | ||
9 | |||
10 | -- ISO arc for standard certificate and CRL extensions | ||
11 | |||
12 | id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} | ||
13 | |||
14 | |||
15 | -- authority key identifier OID and syntax | ||
16 | |||
17 | id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } | ||
18 | |||
19 | AuthorityKeyIdentifier ::= SEQUENCE { | ||
20 | keyIdentifier [0] KeyIdentifier OPTIONAL, | ||
21 | authorityCertIssuer [1] GeneralNames OPTIONAL, | ||
22 | authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } | ||
23 | -- authorityCertIssuer and authorityCertSerialNumber shall both | ||
24 | -- be present or both be absgent | ||
25 | |||
26 | KeyIdentifier ::= OCTET STRING | ||
27 | |||
28 | -- subject key identifier OID and syntax | ||
29 | |||
30 | id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } | ||
31 | |||
32 | SubjectKeyIdentifier ::= KeyIdentifier | ||
33 | |||
34 | -- key usage extension OID and syntax | ||
35 | |||
36 | id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } | ||
37 | |||
38 | KeyUsage ::= BIT STRING { | ||
39 | digitalSignature (0), | ||
40 | nonRepudiation (1), | ||
41 | keyEncipherment (2), | ||
42 | dataEncipherment (3), | ||
43 | keyAgreement (4), | ||
44 | keyCertSign (5), | ||
45 | cRLSign (6), | ||
46 | encipherOnly (7), | ||
47 | decipherOnly (8) } | ||
48 | |||
49 | -- private key usage period extension OID and syntax | ||
50 | |||
51 | id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 } | ||
52 | |||
53 | PrivateKeyUsagePeriod ::= SEQUENCE { | ||
54 | notBefore [0] GeneralizedTime OPTIONAL, | ||
55 | notAfter [1] GeneralizedTime OPTIONAL } | ||
56 | -- either notBefore or notAfter shall be present | ||
57 | |||
58 | -- certificate policies extension OID and syntax | ||
59 | |||
60 | id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } | ||
61 | |||
62 | CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation | ||
63 | |||
64 | PolicyInformation ::= SEQUENCE { | ||
65 | policyIdentifier CertPolicyId, | ||
66 | policyQualifiers SEQUENCE SIZE (1..MAX) OF | ||
67 | PolicyQualifierInfo OPTIONAL } | ||
68 | |||
69 | CertPolicyId ::= OBJECT IDENTIFIER | ||
70 | |||
71 | PolicyQualifierInfo ::= SEQUENCE { | ||
72 | policyQualifierId PolicyQualifierId, | ||
73 | qualifier ANY DEFINED BY policyQualifierId } | ||
74 | |||
75 | -- Implementations that recognize additional policy qualifiers shall | ||
76 | -- augment the following definition for PolicyQualifierId | ||
77 | |||
78 | PolicyQualifierId ::= | ||
79 | OBJECT IDENTIFIER -- ( id-qt-cps | id-qt-unotice ) | ||
80 | |||
81 | -- CPS pointer qualifier | ||
82 | |||
83 | CPSuri ::= IA5String | ||
84 | |||
85 | -- user notice qualifier | ||
86 | |||
87 | UserNotice ::= SEQUENCE { | ||
88 | noticeRef NoticeReference OPTIONAL, | ||
89 | explicitText DisplayText OPTIONAL} | ||
90 | |||
91 | NoticeReference ::= SEQUENCE { | ||
92 | organization DisplayText, | ||
93 | noticeNumbers SEQUENCE OF INTEGER } | ||
94 | |||
95 | DisplayText ::= CHOICE { | ||
96 | visibleString VisibleString (SIZE (1..200)), | ||
97 | bmpString BMPString (SIZE (1..200)), | ||
98 | utf8String UTF8String (SIZE (1..200)) } | ||
99 | |||
100 | -- policy mapping extension OID and syntax | ||
101 | |||
102 | id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } | ||
103 | |||
104 | PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { | ||
105 | issuerDomainPolicy CertPolicyId, | ||
106 | subjectDomainPolicy CertPolicyId } | ||
107 | |||
108 | -- subject alternative name extension OID and syntax | ||
109 | |||
110 | -- Directory string type -- | ||
111 | |||
112 | DirectoryString ::= CHOICE { | ||
113 | teletexString TeletexString (SIZE (1..MAX)), | ||
114 | printableString PrintableString (SIZE (1..MAX)), | ||
115 | universalString UniversalString (SIZE (1..MAX)), | ||
116 | utf8String UTF8String (SIZE (1..MAX)), | ||
117 | bmpString BMPString (SIZE(1..MAX)), | ||
118 | -- IA5String is added here to handle old UID encoded as ia5String -- | ||
119 | -- See tests/userid/ for more information. It shouldn't be here, -- | ||
120 | -- so if it causes problems, considering dropping it. -- | ||
121 | ia5String IA5String (SIZE(1..MAX)) } | ||
122 | |||
123 | id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } | ||
124 | |||
125 | SubjectAltName ::= GeneralNames | ||
126 | |||
127 | GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName | ||
128 | |||
129 | GeneralName ::= CHOICE { | ||
130 | otherName [0] AnotherName, | ||
131 | rfc822Name [1] IA5String, | ||
132 | dNSName [2] IA5String, | ||
133 | x400Address [3] ORAddress, | ||
134 | -- Changed to work with the libtasn1 parser. | ||
135 | directoryName [4] EXPLICIT RDNSequence, --Name, | ||
136 | ediPartyName [5] EDIPartyName, | ||
137 | uniformResourceIdentifier [6] IA5String, | ||
138 | iPAddress [7] OCTET STRING, | ||
139 | registeredID [8] OBJECT IDENTIFIER } | ||
140 | |||
141 | -- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as | ||
142 | -- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax | ||
143 | |||
144 | AnotherName ::= SEQUENCE { | ||
145 | type-id OBJECT IDENTIFIER, | ||
146 | value [0] EXPLICIT ANY DEFINED BY type-id } | ||
147 | |||
148 | EDIPartyName ::= SEQUENCE { | ||
149 | nameAssigner [0] DirectoryString OPTIONAL, | ||
150 | partyName [1] DirectoryString } | ||
151 | |||
152 | -- issuer alternative name extension OID and syntax | ||
153 | |||
154 | id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } | ||
155 | |||
156 | IssuerAltName ::= GeneralNames | ||
157 | |||
158 | id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } | ||
159 | |||
160 | SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute | ||
161 | |||
162 | -- basic constraints extension OID and syntax | ||
163 | |||
164 | id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } | ||
165 | |||
166 | BasicConstraints ::= SEQUENCE { | ||
167 | cA BOOLEAN DEFAULT FALSE, | ||
168 | pathLenConstraint INTEGER (0..MAX) OPTIONAL } | ||
169 | |||
170 | -- name constraints extension OID and syntax | ||
171 | |||
172 | id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } | ||
173 | |||
174 | NameConstraints ::= SEQUENCE { | ||
175 | permittedSubtrees [0] GeneralSubtrees OPTIONAL, | ||
176 | excludedSubtrees [1] GeneralSubtrees OPTIONAL } | ||
177 | |||
178 | GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree | ||
179 | |||
180 | GeneralSubtree ::= SEQUENCE { | ||
181 | base GeneralName, | ||
182 | minimum [0] BaseDistance DEFAULT 0, | ||
183 | maximum [1] BaseDistance OPTIONAL } | ||
184 | |||
185 | BaseDistance ::= INTEGER (0..MAX) | ||
186 | |||
187 | -- policy constraints extension OID and syntax | ||
188 | |||
189 | id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } | ||
190 | |||
191 | PolicyConstraints ::= SEQUENCE { | ||
192 | requireExplicitPolicy [0] SkipCerts OPTIONAL, | ||
193 | inhibitPolicyMapping [1] SkipCerts OPTIONAL } | ||
194 | |||
195 | SkipCerts ::= INTEGER (0..MAX) | ||
196 | |||
197 | -- CRL distribution points extension OID and syntax | ||
198 | |||
199 | id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31} | ||
200 | |||
201 | CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint | ||
202 | |||
203 | DistributionPoint ::= SEQUENCE { | ||
204 | distributionPoint [0] EXPLICIT DistributionPointName OPTIONAL, | ||
205 | reasons [1] ReasonFlags OPTIONAL, | ||
206 | cRLIssuer [2] GeneralNames OPTIONAL | ||
207 | } | ||
208 | |||
209 | DistributionPointName ::= CHOICE { | ||
210 | fullName [0] GeneralNames, | ||
211 | nameRelativeToCRLIssuer [1] RelativeDistinguishedName | ||
212 | } | ||
213 | |||
214 | ReasonFlags ::= BIT STRING { | ||
215 | unused (0), | ||
216 | keyCompromise (1), | ||
217 | cACompromise (2), | ||
218 | affiliationChanged (3), | ||
219 | superseded (4), | ||
220 | cessationOfOperation (5), | ||
221 | certificateHold (6), | ||
222 | privilegeWithdrawn (7), | ||
223 | aACompromise (8) } | ||
224 | |||
225 | -- extended key usage extension OID and syntax | ||
226 | |||
227 | id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37} | ||
228 | |||
229 | ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId | ||
230 | |||
231 | KeyPurposeId ::= OBJECT IDENTIFIER | ||
232 | |||
233 | -- extended key purpose OIDs | ||
234 | id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } | ||
235 | id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } | ||
236 | id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } | ||
237 | id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } | ||
238 | id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 } | ||
239 | id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 } | ||
240 | id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 } | ||
241 | id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } | ||
242 | |||
243 | -- authority info access | ||
244 | |||
245 | id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } | ||
246 | |||
247 | AuthorityInfoAccessSyntax ::= | ||
248 | SEQUENCE SIZE (1..MAX) OF AccessDescription | ||
249 | |||
250 | AccessDescription ::= SEQUENCE { | ||
251 | accessMethod OBJECT IDENTIFIER, | ||
252 | accessLocation GeneralName } | ||
253 | |||
254 | -- CRL number extension OID and syntax | ||
255 | |||
256 | id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } | ||
257 | |||
258 | CRLNumber ::= INTEGER (0..MAX) | ||
259 | |||
260 | -- issuing distribution point extension OID and syntax | ||
261 | |||
262 | id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 } | ||
263 | |||
264 | IssuingDistributionPoint ::= SEQUENCE { | ||
265 | distributionPoint [0] DistributionPointName OPTIONAL, | ||
266 | onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, | ||
267 | onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, | ||
268 | onlySomeReasons [3] ReasonFlags OPTIONAL, | ||
269 | indirectCRL [4] BOOLEAN DEFAULT FALSE } | ||
270 | |||
271 | |||
272 | id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 } | ||
273 | |||
274 | -- deltaCRLIndicator ::= BaseCRLNumber | ||
275 | |||
276 | BaseCRLNumber ::= CRLNumber | ||
277 | |||
278 | -- CRL reasons extension OID and syntax | ||
279 | |||
280 | id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 } | ||
281 | |||
282 | CRLReason ::= ENUMERATED { | ||
283 | unspecified (0), | ||
284 | keyCompromise (1), | ||
285 | cACompromise (2), | ||
286 | affiliationChanged (3), | ||
287 | superseded (4), | ||
288 | cessationOfOperation (5), | ||
289 | certificateHold (6), | ||
290 | removeFromCRL (8) } | ||
291 | |||
292 | -- certificate issuer CRL entry extension OID and syntax | ||
293 | |||
294 | id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 } | ||
295 | |||
296 | CertificateIssuer ::= GeneralNames | ||
297 | |||
298 | -- hold instruction extension OID and syntax | ||
299 | |||
300 | id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 } | ||
301 | |||
302 | HoldInstructionCode ::= OBJECT IDENTIFIER | ||
303 | |||
304 | -- ANSI x9 holdinstructions | ||
305 | |||
306 | -- ANSI x9 arc holdinstruction arc | ||
307 | holdInstruction OBJECT IDENTIFIER ::= | ||
308 | {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2} | ||
309 | |||
310 | -- ANSI X9 holdinstructions referenced by this standard | ||
311 | id-holdinstruction-none OBJECT IDENTIFIER ::= | ||
312 | {holdInstruction 1} -- deprecated | ||
313 | id-holdinstruction-callissuer OBJECT IDENTIFIER ::= | ||
314 | {holdInstruction 2} | ||
315 | id-holdinstruction-reject OBJECT IDENTIFIER ::= | ||
316 | {holdInstruction 3} | ||
317 | |||
318 | -- invalidity date CRL entry extension OID and syntax | ||
319 | |||
320 | id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 } | ||
321 | |||
322 | InvalidityDate ::= GeneralizedTime | ||
323 | |||
324 | |||
325 | -- -------------------------------------- | ||
326 | -- EXPLICIT | ||
327 | -- -------------------------------------- | ||
328 | |||
329 | -- UNIVERSAL Types defined in '93 and '98 ASN.1 | ||
330 | -- but required by this specification | ||
331 | |||
332 | VisibleString ::= [UNIVERSAL 26] IMPLICIT OCTET STRING | ||
333 | |||
334 | NumericString ::= [UNIVERSAL 18] IMPLICIT OCTET STRING | ||
335 | |||
336 | IA5String ::= [UNIVERSAL 22] IMPLICIT OCTET STRING | ||
337 | |||
338 | TeletexString ::= [UNIVERSAL 20] IMPLICIT OCTET STRING | ||
339 | |||
340 | PrintableString ::= [UNIVERSAL 19] IMPLICIT OCTET STRING | ||
341 | |||
342 | UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING | ||
343 | -- UniversalString is defined in ASN.1:1993 | ||
344 | |||
345 | BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING | ||
346 | -- BMPString is the subtype of UniversalString and models | ||
347 | -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1 | ||
348 | |||
349 | UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING | ||
350 | -- The content of this type conforms to RFC 2279. | ||
351 | |||
352 | |||
353 | -- PKIX specific OIDs | ||
354 | |||
355 | id-pkix OBJECT IDENTIFIER ::= | ||
356 | { iso(1) identified-organization(3) dod(6) internet(1) | ||
357 | security(5) mechanisms(5) pkix(7) } | ||
358 | |||
359 | -- PKIX arcs | ||
360 | |||
361 | id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } | ||
362 | -- arc for private certificate extensions | ||
363 | id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } | ||
364 | -- arc for policy qualifier types | ||
365 | id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } | ||
366 | -- arc for extended key purpose OIDS | ||
367 | id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } | ||
368 | -- arc for access descriptors | ||
369 | |||
370 | -- policyQualifierIds for Internet policy qualifiers | ||
371 | |||
372 | id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } | ||
373 | -- OID for CPS qualifier | ||
374 | id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } | ||
375 | -- OID for user notice qualifier | ||
376 | |||
377 | -- access descriptor definitions | ||
378 | |||
379 | id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } | ||
380 | id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } | ||
381 | |||
382 | -- attribute data types -- | ||
383 | |||
384 | Attribute ::= SEQUENCE { | ||
385 | type AttributeType, | ||
386 | values SET OF AttributeValue | ||
387 | -- at least one value is required -- | ||
388 | } | ||
389 | |||
390 | AttributeType ::= OBJECT IDENTIFIER | ||
391 | |||
392 | AttributeValue ::= ANY DEFINED BY type | ||
393 | |||
394 | AttributeTypeAndValue ::= SEQUENCE { | ||
395 | type AttributeType, | ||
396 | value AttributeValue } | ||
397 | |||
398 | -- suggested naming attributes: Definition of the following | ||
399 | -- information object set may be augmented to meet local | ||
400 | -- requirements. Note that deleting members of the set may | ||
401 | -- prevent interoperability with conforming implementations. | ||
402 | -- presented in pairs: the AttributeType followed by the | ||
403 | -- type definition for the corresponding AttributeValue | ||
404 | |||
405 | -- Arc for standard naming attributes | ||
406 | id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} | ||
407 | |||
408 | -- Attributes of type NameDirectoryString | ||
409 | id-at-initials AttributeType ::= { id-at 43 } | ||
410 | X520initials ::= DirectoryString | ||
411 | |||
412 | id-at-generationQualifier AttributeType ::= { id-at 44 } | ||
413 | X520generationQualifier ::= DirectoryString | ||
414 | |||
415 | id-at-surname AttributeType ::= { id-at 4 } | ||
416 | X520surName ::= DirectoryString | ||
417 | |||
418 | id-at-givenName AttributeType ::= { id-at 42 } | ||
419 | X520givenName ::= DirectoryString | ||
420 | |||
421 | id-at-name AttributeType ::= { id-at 41 } | ||
422 | X520name ::= DirectoryString | ||
423 | |||
424 | id-at-commonName AttributeType ::= {id-at 3} | ||
425 | X520CommonName ::= DirectoryString | ||
426 | |||
427 | id-at-localityName AttributeType ::= {id-at 7} | ||
428 | X520LocalityName ::= DirectoryString | ||
429 | |||
430 | id-at-stateOrProvinceName AttributeType ::= {id-at 8} | ||
431 | X520StateOrProvinceName ::= DirectoryString | ||
432 | |||
433 | id-at-organizationName AttributeType ::= {id-at 10} | ||
434 | X520OrganizationName ::= DirectoryString | ||
435 | |||
436 | id-at-organizationalUnitName AttributeType ::= {id-at 11} | ||
437 | X520OrganizationalUnitName ::= DirectoryString | ||
438 | |||
439 | id-at-title AttributeType ::= {id-at 12} | ||
440 | X520Title ::= DirectoryString | ||
441 | |||
442 | id-at-description AttributeType ::= {id-at 13} | ||
443 | X520Description ::= DirectoryString | ||
444 | |||
445 | id-at-dnQualifier AttributeType ::= {id-at 46} | ||
446 | X520dnQualifier ::= PrintableString | ||
447 | |||
448 | id-at-countryName AttributeType ::= {id-at 6} | ||
449 | X520countryName ::= PrintableString (SIZE (2)) -- IS 3166 codes | ||
450 | |||
451 | id-at-serialNumber AttributeType ::= {id-at 5} | ||
452 | X520serialNumber ::= PrintableString | ||
453 | |||
454 | id-at-telephoneNumber AttributeType ::= {id-at 20} | ||
455 | X520telephoneNumber ::= PrintableString | ||
456 | |||
457 | id-at-facsimileTelephoneNumber AttributeType ::= {id-at 23} | ||
458 | X520facsimileTelephoneNumber ::= PrintableString | ||
459 | |||
460 | id-at-pseudonym AttributeType ::= {id-at 65} | ||
461 | X520pseudonym ::= DirectoryString | ||
462 | |||
463 | id-at-name AttributeType ::= {id-at 41} | ||
464 | X520name ::= DirectoryString | ||
465 | |||
466 | id-at-streetAddress AttributeType ::= {id-at 9} | ||
467 | X520streetAddress ::= DirectoryString | ||
468 | |||
469 | id-at-postalAddress AttributeType ::= {id-at 16} | ||
470 | X520postalAddress ::= PostalAddress | ||
471 | |||
472 | PostalAddress ::= SEQUENCE OF DirectoryString | ||
473 | |||
474 | |||
475 | -- Legacy attributes | ||
476 | |||
477 | pkcs OBJECT IDENTIFIER ::= | ||
478 | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) } | ||
479 | |||
480 | pkcs-9 OBJECT IDENTIFIER ::= | ||
481 | { pkcs 9 } | ||
482 | |||
483 | |||
484 | emailAddress AttributeType ::= { pkcs-9 1 } | ||
485 | |||
486 | Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length)) | ||
487 | |||
488 | -- naming data types -- | ||
489 | |||
490 | Name ::= CHOICE { -- only one possibility for now -- | ||
491 | rdnSequence RDNSequence } | ||
492 | |||
493 | RDNSequence ::= SEQUENCE OF RelativeDistinguishedName | ||
494 | |||
495 | DistinguishedName ::= RDNSequence | ||
496 | |||
497 | RelativeDistinguishedName ::= | ||
498 | SET SIZE (1 .. MAX) OF AttributeTypeAndValue | ||
499 | |||
500 | |||
501 | |||
502 | -- -------------------------------------------------------- | ||
503 | -- certificate and CRL specific structures begin here | ||
504 | -- -------------------------------------------------------- | ||
505 | |||
506 | Certificate ::= SEQUENCE { | ||
507 | tbsCertificate TBSCertificate, | ||
508 | signatureAlgorithm AlgorithmIdentifier, | ||
509 | signature BIT STRING } | ||
510 | |||
511 | TBSCertificate ::= SEQUENCE { | ||
512 | version [0] EXPLICIT Version DEFAULT v1, | ||
513 | serialNumber CertificateSerialNumber, | ||
514 | signature AlgorithmIdentifier, | ||
515 | issuer Name, | ||
516 | validity Validity, | ||
517 | subject Name, | ||
518 | subjectPublicKeyInfo SubjectPublicKeyInfo, | ||
519 | issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, | ||
520 | -- If present, version shall be v2 or v3 | ||
521 | subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, | ||
522 | -- If present, version shall be v2 or v3 | ||
523 | extensions [3] EXPLICIT Extensions OPTIONAL | ||
524 | -- If present, version shall be v3 -- | ||
525 | } | ||
526 | |||
527 | Version ::= INTEGER { v1(0), v2(1), v3(2) } | ||
528 | |||
529 | CertificateSerialNumber ::= INTEGER | ||
530 | |||
531 | Validity ::= SEQUENCE { | ||
532 | notBefore Time, | ||
533 | notAfter Time } | ||
534 | |||
535 | Time ::= CHOICE { | ||
536 | utcTime UTCTime, | ||
537 | generalTime GeneralizedTime } | ||
538 | |||
539 | UniqueIdentifier ::= BIT STRING | ||
540 | |||
541 | SubjectPublicKeyInfo ::= SEQUENCE { | ||
542 | algorithm AlgorithmIdentifier, | ||
543 | subjectPublicKey BIT STRING } | ||
544 | |||
545 | Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension | ||
546 | |||
547 | Extension ::= SEQUENCE { | ||
548 | extnID OBJECT IDENTIFIER, | ||
549 | critical BOOLEAN DEFAULT FALSE, | ||
550 | extnValue OCTET STRING } | ||
551 | |||
552 | |||
553 | -- ------------------------------------------ | ||
554 | -- CRL structures | ||
555 | -- ------------------------------------------ | ||
556 | |||
557 | CertificateList ::= SEQUENCE { | ||
558 | tbsCertList TBSCertList, | ||
559 | signatureAlgorithm AlgorithmIdentifier, | ||
560 | signature BIT STRING } | ||
561 | |||
562 | TBSCertList ::= SEQUENCE { | ||
563 | version Version OPTIONAL, | ||
564 | -- if present, shall be v2 | ||
565 | signature AlgorithmIdentifier, | ||
566 | issuer Name, | ||
567 | thisUpdate Time, | ||
568 | nextUpdate Time OPTIONAL, | ||
569 | revokedCertificates SEQUENCE OF SEQUENCE { | ||
570 | userCertificate CertificateSerialNumber, | ||
571 | revocationDate Time, | ||
572 | crlEntryExtensions Extensions OPTIONAL | ||
573 | -- if present, shall be v2 | ||
574 | } OPTIONAL, | ||
575 | crlExtensions [0] EXPLICIT Extensions OPTIONAL | ||
576 | -- if present, shall be v2 -- | ||
577 | } | ||
578 | |||
579 | -- Version, Time, CertificateSerialNumber, and Extensions were | ||
580 | -- defined earlier for use in the certificate structure | ||
581 | |||
582 | AlgorithmIdentifier ::= SEQUENCE { | ||
583 | algorithm OBJECT IDENTIFIER, | ||
584 | parameters ANY DEFINED BY algorithm OPTIONAL } | ||
585 | -- contains a value of the type | ||
586 | -- registered for use with the | ||
587 | -- algorithm object identifier value | ||
588 | |||
589 | -- Algorithm OIDs and parameter structures | ||
590 | |||
591 | pkcs-1 OBJECT IDENTIFIER ::= { | ||
592 | pkcs 1 } | ||
593 | |||
594 | rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } | ||
595 | |||
596 | md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 } | ||
597 | |||
598 | md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 } | ||
599 | |||
600 | sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 } | ||
601 | |||
602 | id-dsa-with-sha1 OBJECT IDENTIFIER ::= { | ||
603 | iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 } | ||
604 | |||
605 | Dss-Sig-Value ::= SEQUENCE { | ||
606 | r INTEGER, | ||
607 | s INTEGER | ||
608 | } | ||
609 | |||
610 | dhpublicnumber OBJECT IDENTIFIER ::= { | ||
611 | iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 } | ||
612 | |||
613 | DomainParameters ::= SEQUENCE { | ||
614 | p INTEGER, -- odd prime, p=jq +1 | ||
615 | g INTEGER, -- generator, g | ||
616 | q INTEGER, -- factor of p-1 | ||
617 | j INTEGER OPTIONAL, -- subgroup factor, j>= 2 | ||
618 | validationParms ValidationParms OPTIONAL } | ||
619 | |||
620 | ValidationParms ::= SEQUENCE { | ||
621 | seed BIT STRING, | ||
622 | pgenCounter INTEGER } | ||
623 | |||
624 | id-dsa OBJECT IDENTIFIER ::= { | ||
625 | iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 } | ||
626 | |||
627 | Dss-Parms ::= SEQUENCE { | ||
628 | p INTEGER, | ||
629 | q INTEGER, | ||
630 | g INTEGER } | ||
631 | |||
632 | -- x400 address syntax starts here | ||
633 | -- OR Names | ||
634 | |||
635 | ORAddress ::= SEQUENCE { | ||
636 | built-in-standard-attributes BuiltInStandardAttributes, | ||
637 | built-in-domain-defined-attributes | ||
638 | BuiltInDomainDefinedAttributes OPTIONAL, | ||
639 | -- see also teletex-domain-defined-attributes | ||
640 | extension-attributes ExtensionAttributes OPTIONAL } | ||
641 | -- The OR-address is semantically absent from the OR-name if the | ||
642 | -- built-in-standard-attribute sequence is empty and the | ||
643 | -- built-in-domain-defined-attributes and extension-attributes are | ||
644 | -- both omitted. | ||
645 | |||
646 | -- Built-in Standard Attributes | ||
647 | |||
648 | BuiltInStandardAttributes ::= SEQUENCE { | ||
649 | country-name CountryName OPTIONAL, | ||
650 | administration-domain-name AdministrationDomainName OPTIONAL, | ||
651 | network-address [0] EXPLICIT NetworkAddress OPTIONAL, | ||
652 | -- see also extended-network-address | ||
653 | terminal-identifier [1] EXPLICIT TerminalIdentifier OPTIONAL, | ||
654 | private-domain-name [2] EXPLICIT PrivateDomainName OPTIONAL, | ||
655 | organization-name [3] EXPLICIT OrganizationName OPTIONAL, | ||
656 | -- see also teletex-organization-name | ||
657 | numeric-user-identifier [4] EXPLICIT NumericUserIdentifier OPTIONAL, | ||
658 | personal-name [5] EXPLICIT PersonalName OPTIONAL, | ||
659 | -- see also teletex-personal-name | ||
660 | organizational-unit-names [6] EXPLICIT OrganizationalUnitNames OPTIONAL | ||
661 | -- see also teletex-organizational-unit-names -- | ||
662 | } | ||
663 | |||
664 | CountryName ::= [APPLICATION 1] CHOICE { | ||
665 | x121-dcc-code NumericString | ||
666 | (SIZE (ub-country-name-numeric-length)), | ||
667 | iso-3166-alpha2-code PrintableString | ||
668 | (SIZE (ub-country-name-alpha-length)) } | ||
669 | |||
670 | AdministrationDomainName ::= [APPLICATION 2] EXPLICIT CHOICE { | ||
671 | numeric NumericString (SIZE (0..ub-domain-name-length)), | ||
672 | printable PrintableString (SIZE (0..ub-domain-name-length)) } | ||
673 | |||
674 | NetworkAddress ::= X121Address -- see also extended-network-address | ||
675 | |||
676 | X121Address ::= NumericString (SIZE (1..ub-x121-address-length)) | ||
677 | |||
678 | TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length)) | ||
679 | |||
680 | PrivateDomainName ::= CHOICE { | ||
681 | numeric NumericString (SIZE (1..ub-domain-name-length)), | ||
682 | printable PrintableString (SIZE (1..ub-domain-name-length)) } | ||
683 | |||
684 | OrganizationName ::= PrintableString | ||
685 | (SIZE (1..ub-organization-name-length)) | ||
686 | -- see also teletex-organization-name | ||
687 | |||
688 | NumericUserIdentifier ::= NumericString | ||
689 | (SIZE (1..ub-numeric-user-id-length)) | ||
690 | |||
691 | PersonalName ::= SET { | ||
692 | surname [0] PrintableString (SIZE (1..ub-surname-length)), | ||
693 | given-name [1] PrintableString | ||
694 | (SIZE (1..ub-given-name-length)) OPTIONAL, | ||
695 | initials [2] PrintableString (SIZE (1..ub-initials-length)) OPTIONAL, | ||
696 | generation-qualifier [3] PrintableString | ||
697 | (SIZE (1..ub-generation-qualifier-length)) OPTIONAL } | ||
698 | -- see also teletex-personal-name | ||
699 | |||
700 | OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units) | ||
701 | OF OrganizationalUnitName | ||
702 | -- see also teletex-organizational-unit-names | ||
703 | |||
704 | OrganizationalUnitName ::= PrintableString (SIZE | ||
705 | (1..ub-organizational-unit-name-length)) | ||
706 | |||
707 | -- Built-in Domain-defined Attributes | ||
708 | |||
709 | BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE | ||
710 | (1..ub-domain-defined-attributes) OF | ||
711 | BuiltInDomainDefinedAttribute | ||
712 | |||
713 | BuiltInDomainDefinedAttribute ::= SEQUENCE { | ||
714 | type PrintableString (SIZE | ||
715 | (1..ub-domain-defined-attribute-type-length)), | ||
716 | value PrintableString (SIZE | ||
717 | (1..ub-domain-defined-attribute-value-length))} | ||
718 | |||
719 | -- Extension Attributes | ||
720 | |||
721 | ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF | ||
722 | ExtensionAttribute | ||
723 | |||
724 | ExtensionAttribute ::= SEQUENCE { | ||
725 | extension-attribute-type [0] EXPLICIT INTEGER (0..ub-extension-attributes), | ||
726 | extension-attribute-value [1] EXPLICIT | ||
727 | ANY DEFINED BY extension-attribute-type } | ||
728 | |||
729 | -- Extension types and attribute values | ||
730 | -- | ||
731 | |||
732 | common-name INTEGER ::= 1 | ||
733 | |||
734 | CommonName ::= PrintableString (SIZE (1..ub-common-name-length)) | ||
735 | |||
736 | teletex-common-name INTEGER ::= 2 | ||
737 | |||
738 | TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length)) | ||
739 | |||
740 | teletex-organization-name INTEGER ::= 3 | ||
741 | |||
742 | TeletexOrganizationName ::= | ||
743 | TeletexString (SIZE (1..ub-organization-name-length)) | ||
744 | |||
745 | teletex-personal-name INTEGER ::= 4 | ||
746 | |||
747 | TeletexPersonalName ::= SET { | ||
748 | surname [0] EXPLICIT TeletexString (SIZE (1..ub-surname-length)), | ||
749 | given-name [1] EXPLICIT TeletexString | ||
750 | (SIZE (1..ub-given-name-length)) OPTIONAL, | ||
751 | initials [2] EXPLICIT TeletexString (SIZE (1..ub-initials-length)) OPTIONAL, | ||
752 | generation-qualifier [3] EXPLICIT TeletexString (SIZE | ||
753 | (1..ub-generation-qualifier-length)) OPTIONAL } | ||
754 | |||
755 | teletex-organizational-unit-names INTEGER ::= 5 | ||
756 | |||
757 | TeletexOrganizationalUnitNames ::= SEQUENCE SIZE | ||
758 | (1..ub-organizational-units) OF TeletexOrganizationalUnitName | ||
759 | |||
760 | TeletexOrganizationalUnitName ::= TeletexString | ||
761 | (SIZE (1..ub-organizational-unit-name-length)) | ||
762 | |||
763 | pds-name INTEGER ::= 7 | ||
764 | |||
765 | PDSName ::= PrintableString (SIZE (1..ub-pds-name-length)) | ||
766 | |||
767 | physical-delivery-country-name INTEGER ::= 8 | ||
768 | |||
769 | PhysicalDeliveryCountryName ::= CHOICE { | ||
770 | x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)), | ||
771 | iso-3166-alpha2-code PrintableString | ||
772 | (SIZE (ub-country-name-alpha-length)) } | ||
773 | |||
774 | postal-code INTEGER ::= 9 | ||
775 | |||
776 | PostalCode ::= CHOICE { | ||
777 | numeric-code NumericString (SIZE (1..ub-postal-code-length)), | ||
778 | printable-code PrintableString (SIZE (1..ub-postal-code-length)) } | ||
779 | |||
780 | physical-delivery-office-name INTEGER ::= 10 | ||
781 | |||
782 | PhysicalDeliveryOfficeName ::= PDSParameter | ||
783 | |||
784 | physical-delivery-office-number INTEGER ::= 11 | ||
785 | |||
786 | PhysicalDeliveryOfficeNumber ::= PDSParameter | ||
787 | |||
788 | extension-OR-address-components INTEGER ::= 12 | ||
789 | |||
790 | ExtensionORAddressComponents ::= PDSParameter | ||
791 | |||
792 | physical-delivery-personal-name INTEGER ::= 13 | ||
793 | |||
794 | PhysicalDeliveryPersonalName ::= PDSParameter | ||
795 | |||
796 | physical-delivery-organization-name INTEGER ::= 14 | ||
797 | |||
798 | PhysicalDeliveryOrganizationName ::= PDSParameter | ||
799 | |||
800 | extension-physical-delivery-address-components INTEGER ::= 15 | ||
801 | |||
802 | ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter | ||
803 | |||
804 | unformatted-postal-address INTEGER ::= 16 | ||
805 | |||
806 | UnformattedPostalAddress ::= SET { | ||
807 | printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) OF | ||
808 | PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL, | ||
809 | teletex-string TeletexString | ||
810 | (SIZE (1..ub-unformatted-address-length)) OPTIONAL } | ||
811 | |||
812 | street-address INTEGER ::= 17 | ||
813 | |||
814 | StreetAddress ::= PDSParameter | ||
815 | |||
816 | post-office-box-address INTEGER ::= 18 | ||
817 | |||
818 | PostOfficeBoxAddress ::= PDSParameter | ||
819 | |||
820 | poste-restante-address INTEGER ::= 19 | ||
821 | |||
822 | PosteRestanteAddress ::= PDSParameter | ||
823 | |||
824 | unique-postal-name INTEGER ::= 20 | ||
825 | |||
826 | UniquePostalName ::= PDSParameter | ||
827 | |||
828 | local-postal-attributes INTEGER ::= 21 | ||
829 | |||
830 | LocalPostalAttributes ::= PDSParameter | ||
831 | |||
832 | PDSParameter ::= SET { | ||
833 | printable-string PrintableString | ||
834 | (SIZE(1..ub-pds-parameter-length)) OPTIONAL, | ||
835 | teletex-string TeletexString | ||
836 | (SIZE(1..ub-pds-parameter-length)) OPTIONAL } | ||
837 | |||
838 | extended-network-address INTEGER ::= 22 | ||
839 | |||
840 | ExtendedNetworkAddress ::= CHOICE { | ||
841 | e163-4-address SEQUENCE { | ||
842 | number [0] EXPLICIT NumericString (SIZE (1..ub-e163-4-number-length)), | ||
843 | sub-address [1] EXPLICIT NumericString | ||
844 | (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL }, | ||
845 | psap-address [0] EXPLICIT PresentationAddress } | ||
846 | |||
847 | PresentationAddress ::= SEQUENCE { | ||
848 | pSelector [0] EXPLICIT OCTET STRING OPTIONAL, | ||
849 | sSelector [1] EXPLICIT OCTET STRING OPTIONAL, | ||
850 | tSelector [2] EXPLICIT OCTET STRING OPTIONAL, | ||
851 | nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING } | ||
852 | |||
853 | terminal-type INTEGER ::= 23 | ||
854 | |||
855 | TerminalType ::= INTEGER { | ||
856 | telex (3), | ||
857 | teletex (4), | ||
858 | g3-facsimile (5), | ||
859 | g4-facsimile (6), | ||
860 | ia5-terminal (7), | ||
861 | videotex (8) } -- (0..ub-integer-options) | ||
862 | |||
863 | -- Extension Domain-defined Attributes | ||
864 | |||
865 | teletex-domain-defined-attributes INTEGER ::= 6 | ||
866 | |||
867 | TeletexDomainDefinedAttributes ::= SEQUENCE SIZE | ||
868 | (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute | ||
869 | |||
870 | TeletexDomainDefinedAttribute ::= SEQUENCE { | ||
871 | type TeletexString | ||
872 | (SIZE (1..ub-domain-defined-attribute-type-length)), | ||
873 | value TeletexString | ||
874 | (SIZE (1..ub-domain-defined-attribute-value-length)) } | ||
875 | |||
876 | -- specifications of Upper Bounds shall be regarded as mandatory | ||
877 | -- from Annex B of ITU-T X.411 Reference Definition of MTS Parameter | ||
878 | -- Upper Bounds | ||
879 | |||
880 | -- Upper Bounds | ||
881 | ub-name INTEGER ::= 32768 | ||
882 | ub-common-name INTEGER ::= 64 | ||
883 | ub-locality-name INTEGER ::= 128 | ||
884 | ub-state-name INTEGER ::= 128 | ||
885 | ub-organization-name INTEGER ::= 64 | ||
886 | ub-organizational-unit-name INTEGER ::= 64 | ||
887 | ub-title INTEGER ::= 64 | ||
888 | ub-match INTEGER ::= 128 | ||
889 | |||
890 | ub-emailaddress-length INTEGER ::= 128 | ||
891 | |||
892 | ub-common-name-length INTEGER ::= 64 | ||
893 | ub-country-name-alpha-length INTEGER ::= 2 | ||
894 | ub-country-name-numeric-length INTEGER ::= 3 | ||
895 | ub-domain-defined-attributes INTEGER ::= 4 | ||
896 | ub-domain-defined-attribute-type-length INTEGER ::= 8 | ||
897 | ub-domain-defined-attribute-value-length INTEGER ::= 128 | ||
898 | ub-domain-name-length INTEGER ::= 16 | ||
899 | ub-extension-attributes INTEGER ::= 256 | ||
900 | ub-e163-4-number-length INTEGER ::= 15 | ||
901 | ub-e163-4-sub-address-length INTEGER ::= 40 | ||
902 | ub-generation-qualifier-length INTEGER ::= 3 | ||
903 | ub-given-name-length INTEGER ::= 16 | ||
904 | ub-initials-length INTEGER ::= 5 | ||
905 | ub-integer-options INTEGER ::= 256 | ||
906 | ub-numeric-user-id-length INTEGER ::= 32 | ||
907 | ub-organization-name-length INTEGER ::= 64 | ||
908 | ub-organizational-unit-name-length INTEGER ::= 32 | ||
909 | ub-organizational-units INTEGER ::= 4 | ||
910 | ub-pds-name-length INTEGER ::= 16 | ||
911 | ub-pds-parameter-length INTEGER ::= 30 | ||
912 | ub-pds-physical-address-lines INTEGER ::= 6 | ||
913 | ub-postal-code-length INTEGER ::= 16 | ||
914 | ub-surname-length INTEGER ::= 40 | ||
915 | ub-terminal-id-length INTEGER ::= 24 | ||
916 | ub-unformatted-address-length INTEGER ::= 180 | ||
917 | ub-x121-address-length INTEGER ::= 16 | ||
918 | |||
919 | -- Note - upper bounds on string types, such as TeletexString, are | ||
920 | -- measured in characters. Excepting PrintableString or IA5String, a | ||
921 | -- significantly greater number of octets will be required to hold | ||
922 | -- such a value. As a minimum, 16 octets, or twice the specified upper | ||
923 | -- bound, whichever is the larger, should be allowed for TeletexString. | ||
924 | -- For UTF8String or UniversalString at least four times the upper | ||
925 | -- bound should be allowed. | ||
926 | |||
927 | |||
928 | |||
929 | -- END of PKIX1Implicit88 | ||
930 | |||
931 | |||
932 | -- BEGIN of RFC2630 | ||
933 | |||
934 | -- Cryptographic Message Syntax | ||
935 | |||
936 | pkcs-7-ContentInfo ::= SEQUENCE { | ||
937 | contentType pkcs-7-ContentType, | ||
938 | content [0] EXPLICIT ANY DEFINED BY contentType } | ||
939 | |||
940 | pkcs-7-DigestInfo ::= SEQUENCE { | ||
941 | digestAlgorithm pkcs-7-DigestAlgorithmIdentifier, | ||
942 | digest pkcs-7-Digest | ||
943 | } | ||
944 | |||
945 | pkcs-7-Digest ::= OCTET STRING | ||
946 | |||
947 | pkcs-7-ContentType ::= OBJECT IDENTIFIER | ||
948 | |||
949 | pkcs-7-SignedData ::= SEQUENCE { | ||
950 | version pkcs-7-CMSVersion, | ||
951 | digestAlgorithms pkcs-7-DigestAlgorithmIdentifiers, | ||
952 | encapContentInfo pkcs-7-EncapsulatedContentInfo, | ||
953 | certificates [0] IMPLICIT pkcs-7-CertificateSet OPTIONAL, | ||
954 | crls [1] IMPLICIT pkcs-7-CertificateRevocationLists OPTIONAL, | ||
955 | signerInfos pkcs-7-SignerInfos | ||
956 | } | ||
957 | |||
958 | pkcs-7-CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) } | ||
959 | |||
960 | pkcs-7-DigestAlgorithmIdentifiers ::= SET OF pkcs-7-DigestAlgorithmIdentifier | ||
961 | |||
962 | pkcs-7-DigestAlgorithmIdentifier ::= AlgorithmIdentifier | ||
963 | |||
964 | pkcs-7-EncapsulatedContentInfo ::= SEQUENCE { | ||
965 | eContentType pkcs-7-ContentType, | ||
966 | eContent [0] EXPLICIT OCTET STRING OPTIONAL } | ||
967 | |||
968 | -- We don't use CertificateList here since we only want | ||
969 | -- to read the raw data. | ||
970 | pkcs-7-CertificateRevocationLists ::= SET OF ANY | ||
971 | |||
972 | pkcs-7-CertificateChoices ::= CHOICE { | ||
973 | -- Although the paper uses Certificate type, we | ||
974 | -- don't use it since, we don't need to parse it. | ||
975 | -- We only need to read and store it. | ||
976 | certificate ANY | ||
977 | } | ||
978 | |||
979 | pkcs-7-CertificateSet ::= SET OF pkcs-7-CertificateChoices | ||
980 | |||
981 | pkcs-7-SignerInfos ::= SET OF ANY -- this is not correct but we don't use it | ||
982 | -- anyway | ||
983 | |||
984 | |||
985 | -- BEGIN of RFC2986 | ||
986 | |||
987 | -- Certificate requests | ||
988 | pkcs-10-CertificationRequestInfo ::= SEQUENCE { | ||
989 | version INTEGER { v1(0) }, | ||
990 | subject Name, | ||
991 | subjectPKInfo SubjectPublicKeyInfo, | ||
992 | attributes [0] Attributes | ||
993 | } | ||
994 | |||
995 | Attributes ::= SET OF Attribute | ||
996 | |||
997 | pkcs-10-CertificationRequest ::= SEQUENCE { | ||
998 | certificationRequestInfo pkcs-10-CertificationRequestInfo, | ||
999 | signatureAlgorithm AlgorithmIdentifier, | ||
1000 | signature BIT STRING | ||
1001 | } | ||
1002 | |||
1003 | -- stuff from PKCS#9 | ||
1004 | |||
1005 | pkcs-9-ub-challengePassword INTEGER ::= 255 | ||
1006 | |||
1007 | pkcs-9-certTypes OBJECT IDENTIFIER ::= {pkcs-9 22} | ||
1008 | pkcs-9-crlTypes OBJECT IDENTIFIER ::= {pkcs-9 23} | ||
1009 | |||
1010 | pkcs-9-at-challengePassword OBJECT IDENTIFIER ::= {pkcs-9 7} | ||
1011 | |||
1012 | pkcs-9-challengePassword ::= CHOICE { | ||
1013 | printableString PrintableString (SIZE (1..pkcs-9-ub-challengePassword)), | ||
1014 | utf8String UTF8String (SIZE (1..pkcs-9-ub-challengePassword)) } | ||
1015 | |||
1016 | pkcs-9-at-localKeyId OBJECT IDENTIFIER ::= {pkcs-9 21} | ||
1017 | |||
1018 | pkcs-9-localKeyId ::= OCTET STRING | ||
1019 | |||
1020 | pkcs-9-at-friendlyName OBJECT IDENTIFIER ::= {pkcs-9 20} | ||
1021 | |||
1022 | pkcs-9-friendlyName ::= BMPString (SIZE (1..255)) | ||
1023 | |||
1024 | -- PKCS #8 stuff | ||
1025 | |||
1026 | -- Private-key information syntax | ||
1027 | |||
1028 | pkcs-8-PrivateKeyInfo ::= SEQUENCE { | ||
1029 | version pkcs-8-Version, | ||
1030 | privateKeyAlgorithm AlgorithmIdentifier, | ||
1031 | privateKey pkcs-8-PrivateKey, | ||
1032 | attributes [0] Attributes OPTIONAL } | ||
1033 | |||
1034 | pkcs-8-Version ::= INTEGER {v1(0)} | ||
1035 | |||
1036 | pkcs-8-PrivateKey ::= OCTET STRING | ||
1037 | |||
1038 | pkcs-8-Attributes ::= SET OF Attribute | ||
1039 | |||
1040 | -- Encrypted private-key information syntax | ||
1041 | |||
1042 | pkcs-8-EncryptedPrivateKeyInfo ::= SEQUENCE { | ||
1043 | encryptionAlgorithm AlgorithmIdentifier, | ||
1044 | encryptedData pkcs-8-EncryptedData | ||
1045 | } | ||
1046 | |||
1047 | pkcs-8-EncryptedData ::= OCTET STRING | ||
1048 | |||
1049 | -- PKCS #5 stuff | ||
1050 | |||
1051 | pkcs-5 OBJECT IDENTIFIER ::= | ||
1052 | { pkcs 5 } | ||
1053 | |||
1054 | pkcs-5-encryptionAlgorithm OBJECT IDENTIFIER ::= | ||
1055 | { iso(1) member-body(2) us(840) rsadsi(113549) 3 } | ||
1056 | |||
1057 | pkcs-5-des-EDE3-CBC OBJECT IDENTIFIER ::= {pkcs-5-encryptionAlgorithm 7} | ||
1058 | |||
1059 | pkcs-5-des-EDE3-CBC-params ::= OCTET STRING (SIZE(8)) | ||
1060 | |||
1061 | pkcs-5-id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} | ||
1062 | |||
1063 | pkcs-5-PBES2-params ::= SEQUENCE { | ||
1064 | keyDerivationFunc AlgorithmIdentifier, | ||
1065 | encryptionScheme AlgorithmIdentifier } | ||
1066 | |||
1067 | -- PBKDF2 | ||
1068 | |||
1069 | pkcs-5-id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} | ||
1070 | |||
1071 | -- pkcs-5-id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) 2 7} | ||
1072 | |||
1073 | -- pkcs-5-algid-hmacWithSHA1 AlgorithmIdentifier ::= | ||
1074 | -- {algorithm pkcs-5-id-hmacWithSHA1, parameters NULL : NULL} | ||
1075 | |||
1076 | pkcs-5-PBKDF2-params ::= SEQUENCE { | ||
1077 | salt CHOICE { | ||
1078 | specified OCTET STRING, | ||
1079 | otherSource AlgorithmIdentifier | ||
1080 | }, | ||
1081 | iterationCount INTEGER (1..MAX), | ||
1082 | keyLength INTEGER (1..MAX) OPTIONAL, | ||
1083 | prf AlgorithmIdentifier OPTIONAL -- DEFAULT pkcs-5-id-hmacWithSHA1 | ||
1084 | } | ||
1085 | |||
1086 | -- PKCS #12 stuff | ||
1087 | |||
1088 | pkcs-12 OBJECT IDENTIFIER ::= {pkcs 12} | ||
1089 | |||
1090 | pkcs-12-PFX ::= SEQUENCE { | ||
1091 | version INTEGER {v3(3)}, | ||
1092 | authSafe pkcs-7-ContentInfo, | ||
1093 | macData pkcs-12-MacData OPTIONAL | ||
1094 | } | ||
1095 | |||
1096 | pkcs-12-PbeParams ::= SEQUENCE { | ||
1097 | salt OCTET STRING, | ||
1098 | iterations INTEGER | ||
1099 | } | ||
1100 | |||
1101 | pkcs-12-MacData ::= SEQUENCE { | ||
1102 | mac pkcs-7-DigestInfo, | ||
1103 | macSalt OCTET STRING, | ||
1104 | iterations INTEGER DEFAULT 1 | ||
1105 | -- Note: The default is for historical reasons and its use is | ||
1106 | -- deprecated. A higher value, like 1024 is recommended. | ||
1107 | } | ||
1108 | |||
1109 | pkcs-12-AuthenticatedSafe ::= SEQUENCE OF pkcs-7-ContentInfo | ||
1110 | -- Data if unencrypted | ||
1111 | -- EncryptedData if password-encrypted | ||
1112 | -- EnvelopedData if public key-encrypted | ||
1113 | |||
1114 | pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag | ||
1115 | |||
1116 | pkcs-12-SafeBag ::= SEQUENCE { | ||
1117 | bagId OBJECT IDENTIFIER, | ||
1118 | bagValue [0] EXPLICIT ANY DEFINED BY badId, | ||
1119 | bagAttributes SET OF pkcs-12-PKCS12Attribute OPTIONAL | ||
1120 | } | ||
1121 | |||
1122 | -- Bag types | ||
1123 | |||
1124 | |||
1125 | pkcs-12-bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1} | ||
1126 | |||
1127 | pkcs-12-keyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 1} | ||
1128 | pkcs-12-pkcs8ShroudedKeyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 2} | ||
1129 | pkcs-12-certBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 3} | ||
1130 | pkcs-12-crlBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 4} | ||
1131 | |||
1132 | pkcs-12-KeyBag ::= pkcs-8-PrivateKeyInfo | ||
1133 | |||
1134 | -- Shrouded KeyBag | ||
1135 | |||
1136 | pkcs-12-PKCS8ShroudedKeyBag ::= pkcs-8-EncryptedPrivateKeyInfo | ||
1137 | |||
1138 | -- CertBag | ||
1139 | |||
1140 | pkcs-12-CertBag ::= SEQUENCE { | ||
1141 | certId OBJECT IDENTIFIER, | ||
1142 | certValue [0] EXPLICIT ANY DEFINED BY certId | ||
1143 | } | ||
1144 | |||
1145 | -- x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-certTypes 1}} | ||
1146 | -- DER-encoded X.509 certificate stored in OCTET STRING | ||
1147 | |||
1148 | pkcs-12-CRLBag ::= SEQUENCE { | ||
1149 | crlId OBJECT IDENTIFIER, | ||
1150 | crlValue [0] EXPLICIT ANY DEFINED BY crlId | ||
1151 | } | ||
1152 | |||
1153 | -- x509CRL BAG-TYPE ::= | ||
1154 | -- {OCTET STRING IDENTIFIED BY {pkcs-9-crlTypes 1}} | ||
1155 | -- DER-encoded X.509 CRL stored in OCTET STRING | ||
1156 | |||
1157 | pkcs-12-PKCS12Attribute ::= Attribute | ||
1158 | |||
1159 | -- PKCS #7 stuff (needed in PKCS 12) | ||
1160 | |||
1161 | pkcs-7-data OBJECT IDENTIFIER ::= { iso(1) member-body(2) | ||
1162 | us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 } | ||
1163 | |||
1164 | pkcs-7-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) | ||
1165 | us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 } | ||
1166 | |||
1167 | pkcs-7-Data ::= OCTET STRING | ||
1168 | |||
1169 | pkcs-7-EncryptedData ::= SEQUENCE { | ||
1170 | version pkcs-7-CMSVersion, | ||
1171 | encryptedContentInfo pkcs-7-EncryptedContentInfo, | ||
1172 | unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL } | ||
1173 | |||
1174 | pkcs-7-EncryptedContentInfo ::= SEQUENCE { | ||
1175 | contentType pkcs-7-ContentType, | ||
1176 | contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier, | ||
1177 | encryptedContent [0] IMPLICIT pkcs-7-EncryptedContent OPTIONAL } | ||
1178 | |||
1179 | pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier | ||
1180 | |||
1181 | pkcs-7-EncryptedContent ::= OCTET STRING | ||
1182 | |||
1183 | pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute | ||
1184 | |||
1185 | -- LDAP stuff | ||
1186 | -- may not be correct | ||
1187 | |||
1188 | id-at-ldap-DC AttributeType ::= { 0 9 2342 19200300 100 1 25 } | ||
1189 | |||
1190 | ldap-DC ::= IA5String | ||
1191 | |||
1192 | id-at-ldap-UID AttributeType ::= { 0 9 2342 19200300 100 1 1 } | ||
1193 | |||
1194 | ldap-UID ::= DirectoryString | ||
1195 | |||
1196 | -- rfc3039 | ||
1197 | |||
1198 | id-pda OBJECT IDENTIFIER ::= { id-pkix 9 } | ||
1199 | |||
1200 | id-pda-dateOfBirth AttributeType ::= { id-pda 1 } | ||
1201 | DateOfBirth ::= GeneralizedTime | ||
1202 | |||
1203 | id-pda-placeOfBirth AttributeType ::= { id-pda 2 } | ||
1204 | PlaceOfBirth ::= DirectoryString | ||
1205 | |||
1206 | id-pda-gender AttributeType ::= { id-pda 3 } | ||
1207 | Gender ::= PrintableString (SIZE(1)) | ||
1208 | -- "M", "F", "m" or "f" | ||
1209 | |||
1210 | id-pda-countryOfCitizenship AttributeType ::= { id-pda 4 } | ||
1211 | CountryOfCitizenship ::= PrintableString (SIZE (2)) | ||
1212 | -- ISO 3166 Country Code | ||
1213 | |||
1214 | id-pda-countryOfResidence AttributeType ::= { id-pda 5 } | ||
1215 | CountryOfResidence ::= PrintableString (SIZE (2)) | ||
1216 | -- ISO 3166 Country Code | ||
1217 | |||
1218 | -- rfc3820 | ||
1219 | |||
1220 | id-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pe 14 } | ||
1221 | |||
1222 | id-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix 21 1 } | ||
1223 | id-ppl-independent OBJECT IDENTIFIER ::= { id-pkix 21 2 } | ||
1224 | |||
1225 | ProxyCertInfo ::= SEQUENCE { | ||
1226 | pCPathLenConstraint INTEGER (0..MAX) OPTIONAL, | ||
1227 | proxyPolicy ProxyPolicy } | ||
1228 | |||
1229 | ProxyPolicy ::= SEQUENCE { | ||
1230 | policyLanguage OBJECT IDENTIFIER, | ||
1231 | policy OCTET STRING OPTIONAL } | ||
1232 | |||
1233 | -- rfc3920 section 5.1.1 | ||
1234 | |||
1235 | id-on OBJECT IDENTIFIER ::= { id-pkix 8 } -- other name forms | ||
1236 | |||
1237 | id-on-xmppAddr OBJECT IDENTIFIER ::= { id-on 5 } | ||
1238 | |||
1239 | XmppAddr ::= UTF8String | ||
1240 | |||
1241 | END | ||
diff --git a/src/daemon/https/tls/pkix_asn1_tab.c b/src/daemon/https/tls/pkix_asn1_tab.c deleted file mode 100644 index 30b5ddd1..00000000 --- a/src/daemon/https/tls/pkix_asn1_tab.c +++ /dev/null | |||
@@ -1,1130 +0,0 @@ | |||
1 | #if HAVE_CONFIG_H | ||
2 | #include "MHD_config.h" | ||
3 | #endif | ||
4 | |||
5 | #include <libtasn1.h> | ||
6 | |||
7 | const ASN1_ARRAY_TYPE MHD_pkix_asn1_tab[] = { | ||
8 | {"PKIX1", 536875024, 0}, | ||
9 | {0, 1073741836, 0}, | ||
10 | {"id-ce", 1879048204, 0}, | ||
11 | {"joint-iso-ccitt", 1073741825, "2"}, | ||
12 | {"ds", 1073741825, "5"}, | ||
13 | {0, 1, "29"}, | ||
14 | {"id-ce-authorityKeyIdentifier", 1879048204, 0}, | ||
15 | {0, 1073741825, "id-ce"}, | ||
16 | {0, 1, "35"}, | ||
17 | {"AuthorityKeyIdentifier", 1610612741, 0}, | ||
18 | {"keyIdentifier", 1610637314, "KeyIdentifier"}, | ||
19 | {0, 4104, "0"}, | ||
20 | {"authorityCertIssuer", 1610637314, "GeneralNames"}, | ||
21 | {0, 4104, "1"}, | ||
22 | {"authorityCertSerialNumber", 536895490, "CertificateSerialNumber"}, | ||
23 | {0, 4104, "2"}, | ||
24 | {"KeyIdentifier", 1073741831, 0}, | ||
25 | {"id-ce-subjectKeyIdentifier", 1879048204, 0}, | ||
26 | {0, 1073741825, "id-ce"}, | ||
27 | {0, 1, "14"}, | ||
28 | {"SubjectKeyIdentifier", 1073741826, "KeyIdentifier"}, | ||
29 | {"id-ce-keyUsage", 1879048204, 0}, | ||
30 | {0, 1073741825, "id-ce"}, | ||
31 | {0, 1, "15"}, | ||
32 | {"KeyUsage", 1610874886, 0}, | ||
33 | {"digitalSignature", 1073741825, "0"}, | ||
34 | {"nonRepudiation", 1073741825, "1"}, | ||
35 | {"keyEncipherment", 1073741825, "2"}, | ||
36 | {"dataEncipherment", 1073741825, "3"}, | ||
37 | {"keyAgreement", 1073741825, "4"}, | ||
38 | {"keyCertSign", 1073741825, "5"}, | ||
39 | {"cRLSign", 1073741825, "6"}, | ||
40 | {"encipherOnly", 1073741825, "7"}, | ||
41 | {"decipherOnly", 1, "8"}, | ||
42 | {"id-ce-privateKeyUsagePeriod", 1879048204, 0}, | ||
43 | {0, 1073741825, "id-ce"}, | ||
44 | {0, 1, "16"}, | ||
45 | {"PrivateKeyUsagePeriod", 1610612741, 0}, | ||
46 | {"notBefore", 1619025937, 0}, | ||
47 | {0, 4104, "0"}, | ||
48 | {"notAfter", 545284113, 0}, | ||
49 | {0, 4104, "1"}, | ||
50 | {"id-ce-certificatePolicies", 1879048204, 0}, | ||
51 | {0, 1073741825, "id-ce"}, | ||
52 | {0, 1, "32"}, | ||
53 | {"CertificatePolicies", 1612709899, 0}, | ||
54 | {"MAX", 1074266122, "1"}, | ||
55 | {0, 2, "PolicyInformation"}, | ||
56 | {"PolicyInformation", 1610612741, 0}, | ||
57 | {"policyIdentifier", 1073741826, "CertPolicyId"}, | ||
58 | {"policyQualifiers", 538984459, 0}, | ||
59 | {"MAX", 1074266122, "1"}, | ||
60 | {0, 2, "PolicyQualifierInfo"}, | ||
61 | {"CertPolicyId", 1073741836, 0}, | ||
62 | {"PolicyQualifierInfo", 1610612741, 0}, | ||
63 | {"policyQualifierId", 1073741826, "PolicyQualifierId"}, | ||
64 | {"qualifier", 541065229, 0}, | ||
65 | {"policyQualifierId", 1, 0}, | ||
66 | {"PolicyQualifierId", 1073741836, 0}, | ||
67 | {"CPSuri", 1073741826, "IA5String"}, | ||
68 | {"UserNotice", 1610612741, 0}, | ||
69 | {"noticeRef", 1073758210, "NoticeReference"}, | ||
70 | {"explicitText", 16386, "DisplayText"}, | ||
71 | {"NoticeReference", 1610612741, 0}, | ||
72 | {"organization", 1073741826, "DisplayText"}, | ||
73 | {"noticeNumbers", 536870923, 0}, | ||
74 | {0, 3, 0}, | ||
75 | {"DisplayText", 1610612754, 0}, | ||
76 | {"visibleString", 1612709890, "VisibleString"}, | ||
77 | {"200", 524298, "1"}, | ||
78 | {"bmpString", 1612709890, "BMPString"}, | ||
79 | {"200", 524298, "1"}, | ||
80 | {"utf8String", 538968066, "UTF8String"}, | ||
81 | {"200", 524298, "1"}, | ||
82 | {"id-ce-policyMappings", 1879048204, 0}, | ||
83 | {0, 1073741825, "id-ce"}, | ||
84 | {0, 1, "33"}, | ||
85 | {"PolicyMappings", 1612709899, 0}, | ||
86 | {"MAX", 1074266122, "1"}, | ||
87 | {0, 536870917, 0}, | ||
88 | {"issuerDomainPolicy", 1073741826, "CertPolicyId"}, | ||
89 | {"subjectDomainPolicy", 2, "CertPolicyId"}, | ||
90 | {"DirectoryString", 1610612754, 0}, | ||
91 | {"teletexString", 1612709890, "TeletexString"}, | ||
92 | {"MAX", 524298, "1"}, | ||
93 | {"printableString", 1612709890, "PrintableString"}, | ||
94 | {"MAX", 524298, "1"}, | ||
95 | {"universalString", 1612709890, "UniversalString"}, | ||
96 | {"MAX", 524298, "1"}, | ||
97 | {"utf8String", 1612709890, "UTF8String"}, | ||
98 | {"MAX", 524298, "1"}, | ||
99 | {"bmpString", 1612709890, "BMPString"}, | ||
100 | {"MAX", 524298, "1"}, | ||
101 | {"ia5String", 538968066, "IA5String"}, | ||
102 | {"MAX", 524298, "1"}, | ||
103 | {"id-ce-subjectAltName", 1879048204, 0}, | ||
104 | {0, 1073741825, "id-ce"}, | ||
105 | {0, 1, "17"}, | ||
106 | {"SubjectAltName", 1073741826, "GeneralNames"}, | ||
107 | {"GeneralNames", 1612709899, 0}, | ||
108 | {"MAX", 1074266122, "1"}, | ||
109 | {0, 2, "GeneralName"}, | ||
110 | {"GeneralName", 1610612754, 0}, | ||
111 | {"otherName", 1610620930, "AnotherName"}, | ||
112 | {0, 4104, "0"}, | ||
113 | {"rfc822Name", 1610620930, "IA5String"}, | ||
114 | {0, 4104, "1"}, | ||
115 | {"dNSName", 1610620930, "IA5String"}, | ||
116 | {0, 4104, "2"}, | ||
117 | {"x400Address", 1610620930, "ORAddress"}, | ||
118 | {0, 4104, "3"}, | ||
119 | {"directoryName", 1610620930, "RDNSequence"}, | ||
120 | {0, 2056, "4"}, | ||
121 | {"ediPartyName", 1610620930, "EDIPartyName"}, | ||
122 | {0, 4104, "5"}, | ||
123 | {"uniformResourceIdentifier", 1610620930, "IA5String"}, | ||
124 | {0, 4104, "6"}, | ||
125 | {"iPAddress", 1610620935, 0}, | ||
126 | {0, 4104, "7"}, | ||
127 | {"registeredID", 536879116, 0}, | ||
128 | {0, 4104, "8"}, | ||
129 | {"AnotherName", 1610612741, 0}, | ||
130 | {"type-id", 1073741836, 0}, | ||
131 | {"value", 541073421, 0}, | ||
132 | {0, 1073743880, "0"}, | ||
133 | {"type-id", 1, 0}, | ||
134 | {"EDIPartyName", 1610612741, 0}, | ||
135 | {"nameAssigner", 1610637314, "DirectoryString"}, | ||
136 | {0, 4104, "0"}, | ||
137 | {"partyName", 536879106, "DirectoryString"}, | ||
138 | {0, 4104, "1"}, | ||
139 | {"id-ce-issuerAltName", 1879048204, 0}, | ||
140 | {0, 1073741825, "id-ce"}, | ||
141 | {0, 1, "18"}, | ||
142 | {"IssuerAltName", 1073741826, "GeneralNames"}, | ||
143 | {"id-ce-subjectDirectoryAttributes", 1879048204, 0}, | ||
144 | {0, 1073741825, "id-ce"}, | ||
145 | {0, 1, "9"}, | ||
146 | {"SubjectDirectoryAttributes", 1612709899, 0}, | ||
147 | {"MAX", 1074266122, "1"}, | ||
148 | {0, 2, "Attribute"}, | ||
149 | {"id-ce-basicConstraints", 1879048204, 0}, | ||
150 | {0, 1073741825, "id-ce"}, | ||
151 | {0, 1, "19"}, | ||
152 | {"BasicConstraints", 1610612741, 0}, | ||
153 | {"cA", 1610645508, 0}, | ||
154 | {0, 131081, 0}, | ||
155 | {"pathLenConstraint", 537411587, 0}, | ||
156 | {"0", 10, "MAX"}, | ||
157 | {"id-ce-nameConstraints", 1879048204, 0}, | ||
158 | {0, 1073741825, "id-ce"}, | ||
159 | {0, 1, "30"}, | ||
160 | {"NameConstraints", 1610612741, 0}, | ||
161 | {"permittedSubtrees", 1610637314, "GeneralSubtrees"}, | ||
162 | {0, 4104, "0"}, | ||
163 | {"excludedSubtrees", 536895490, "GeneralSubtrees"}, | ||
164 | {0, 4104, "1"}, | ||
165 | {"GeneralSubtrees", 1612709899, 0}, | ||
166 | {"MAX", 1074266122, "1"}, | ||
167 | {0, 2, "GeneralSubtree"}, | ||
168 | {"GeneralSubtree", 1610612741, 0}, | ||
169 | {"base", 1073741826, "GeneralName"}, | ||
170 | {"minimum", 1610653698, "BaseDistance"}, | ||
171 | {0, 1073741833, "0"}, | ||
172 | {0, 4104, "0"}, | ||
173 | {"maximum", 536895490, "BaseDistance"}, | ||
174 | {0, 4104, "1"}, | ||
175 | {"BaseDistance", 1611137027, 0}, | ||
176 | {"0", 10, "MAX"}, | ||
177 | {"id-ce-policyConstraints", 1879048204, 0}, | ||
178 | {0, 1073741825, "id-ce"}, | ||
179 | {0, 1, "36"}, | ||
180 | {"PolicyConstraints", 1610612741, 0}, | ||
181 | {"requireExplicitPolicy", 1610637314, "SkipCerts"}, | ||
182 | {0, 4104, "0"}, | ||
183 | {"inhibitPolicyMapping", 536895490, "SkipCerts"}, | ||
184 | {0, 4104, "1"}, | ||
185 | {"SkipCerts", 1611137027, 0}, | ||
186 | {"0", 10, "MAX"}, | ||
187 | {"id-ce-cRLDistributionPoints", 1879048204, 0}, | ||
188 | {0, 1073741825, "id-ce"}, | ||
189 | {0, 1, "31"}, | ||
190 | {"CRLDistributionPoints", 1612709899, 0}, | ||
191 | {"MAX", 1074266122, "1"}, | ||
192 | {0, 2, "DistributionPoint"}, | ||
193 | {"DistributionPoint", 1610612741, 0}, | ||
194 | {"distributionPoint", 1610637314, "DistributionPointName"}, | ||
195 | {0, 2056, "0"}, | ||
196 | {"reasons", 1610637314, "ReasonFlags"}, | ||
197 | {0, 4104, "1"}, | ||
198 | {"cRLIssuer", 536895490, "GeneralNames"}, | ||
199 | {0, 4104, "2"}, | ||
200 | {"DistributionPointName", 1610612754, 0}, | ||
201 | {"fullName", 1610620930, "GeneralNames"}, | ||
202 | {0, 4104, "0"}, | ||
203 | {"nameRelativeToCRLIssuer", 536879106, "RelativeDistinguishedName"}, | ||
204 | {0, 4104, "1"}, | ||
205 | {"ReasonFlags", 1610874886, 0}, | ||
206 | {"unused", 1073741825, "0"}, | ||
207 | {"keyCompromise", 1073741825, "1"}, | ||
208 | {"cACompromise", 1073741825, "2"}, | ||
209 | {"affiliationChanged", 1073741825, "3"}, | ||
210 | {"superseded", 1073741825, "4"}, | ||
211 | {"cessationOfOperation", 1073741825, "5"}, | ||
212 | {"certificateHold", 1073741825, "6"}, | ||
213 | {"privilegeWithdrawn", 1073741825, "7"}, | ||
214 | {"aACompromise", 1, "8"}, | ||
215 | {"id-ce-extKeyUsage", 1879048204, 0}, | ||
216 | {0, 1073741825, "id-ce"}, | ||
217 | {0, 1, "37"}, | ||
218 | {"ExtKeyUsageSyntax", 1612709899, 0}, | ||
219 | {"MAX", 1074266122, "1"}, | ||
220 | {0, 2, "KeyPurposeId"}, | ||
221 | {"KeyPurposeId", 1073741836, 0}, | ||
222 | {"id-kp-serverAuth", 1879048204, 0}, | ||
223 | {0, 1073741825, "id-kp"}, | ||
224 | {0, 1, "1"}, | ||
225 | {"id-kp-clientAuth", 1879048204, 0}, | ||
226 | {0, 1073741825, "id-kp"}, | ||
227 | {0, 1, "2"}, | ||
228 | {"id-kp-codeSigning", 1879048204, 0}, | ||
229 | {0, 1073741825, "id-kp"}, | ||
230 | {0, 1, "3"}, | ||
231 | {"id-kp-emailProtection", 1879048204, 0}, | ||
232 | {0, 1073741825, "id-kp"}, | ||
233 | {0, 1, "4"}, | ||
234 | {"id-kp-ipsecEndSystem", 1879048204, 0}, | ||
235 | {0, 1073741825, "id-kp"}, | ||
236 | {0, 1, "5"}, | ||
237 | {"id-kp-ipsecTunnel", 1879048204, 0}, | ||
238 | {0, 1073741825, "id-kp"}, | ||
239 | {0, 1, "6"}, | ||
240 | {"id-kp-ipsecUser", 1879048204, 0}, | ||
241 | {0, 1073741825, "id-kp"}, | ||
242 | {0, 1, "7"}, | ||
243 | {"id-kp-timeStamping", 1879048204, 0}, | ||
244 | {0, 1073741825, "id-kp"}, | ||
245 | {0, 1, "8"}, | ||
246 | {"id-pe-authorityInfoAccess", 1879048204, 0}, | ||
247 | {0, 1073741825, "id-pe"}, | ||
248 | {0, 1, "1"}, | ||
249 | {"AuthorityInfoAccessSyntax", 1612709899, 0}, | ||
250 | {"MAX", 1074266122, "1"}, | ||
251 | {0, 2, "AccessDescription"}, | ||
252 | {"AccessDescription", 1610612741, 0}, | ||
253 | {"accessMethod", 1073741836, 0}, | ||
254 | {"accessLocation", 2, "GeneralName"}, | ||
255 | {"id-ce-cRLNumber", 1879048204, 0}, | ||
256 | {0, 1073741825, "id-ce"}, | ||
257 | {0, 1, "20"}, | ||
258 | {"CRLNumber", 1611137027, 0}, | ||
259 | {"0", 10, "MAX"}, | ||
260 | {"id-ce-issuingDistributionPoint", 1879048204, 0}, | ||
261 | {0, 1073741825, "id-ce"}, | ||
262 | {0, 1, "28"}, | ||
263 | {"IssuingDistributionPoint", 1610612741, 0}, | ||
264 | {"distributionPoint", 1610637314, "DistributionPointName"}, | ||
265 | {0, 4104, "0"}, | ||
266 | {"onlyContainsUserCerts", 1610653700, 0}, | ||
267 | {0, 1073872905, 0}, | ||
268 | {0, 4104, "1"}, | ||
269 | {"onlyContainsCACerts", 1610653700, 0}, | ||
270 | {0, 1073872905, 0}, | ||
271 | {0, 4104, "2"}, | ||
272 | {"onlySomeReasons", 1610637314, "ReasonFlags"}, | ||
273 | {0, 4104, "3"}, | ||
274 | {"indirectCRL", 536911876, 0}, | ||
275 | {0, 1073872905, 0}, | ||
276 | {0, 4104, "4"}, | ||
277 | {"id-ce-deltaCRLIndicator", 1879048204, 0}, | ||
278 | {0, 1073741825, "id-ce"}, | ||
279 | {0, 1, "27"}, | ||
280 | {"BaseCRLNumber", 1073741826, "CRLNumber"}, | ||
281 | {"id-ce-cRLReasons", 1879048204, 0}, | ||
282 | {0, 1073741825, "id-ce"}, | ||
283 | {0, 1, "21"}, | ||
284 | {"CRLReason", 1610874901, 0}, | ||
285 | {"unspecified", 1073741825, "0"}, | ||
286 | {"keyCompromise", 1073741825, "1"}, | ||
287 | {"cACompromise", 1073741825, "2"}, | ||
288 | {"affiliationChanged", 1073741825, "3"}, | ||
289 | {"superseded", 1073741825, "4"}, | ||
290 | {"cessationOfOperation", 1073741825, "5"}, | ||
291 | {"certificateHold", 1073741825, "6"}, | ||
292 | {"removeFromCRL", 1, "8"}, | ||
293 | {"id-ce-certificateIssuer", 1879048204, 0}, | ||
294 | {0, 1073741825, "id-ce"}, | ||
295 | {0, 1, "29"}, | ||
296 | {"CertificateIssuer", 1073741826, "GeneralNames"}, | ||
297 | {"id-ce-holdInstructionCode", 1879048204, 0}, | ||
298 | {0, 1073741825, "id-ce"}, | ||
299 | {0, 1, "23"}, | ||
300 | {"HoldInstructionCode", 1073741836, 0}, | ||
301 | {"holdInstruction", 1879048204, 0}, | ||
302 | {"joint-iso-itu-t", 1073741825, "2"}, | ||
303 | {"member-body", 1073741825, "2"}, | ||
304 | {"us", 1073741825, "840"}, | ||
305 | {"x9cm", 1073741825, "10040"}, | ||
306 | {0, 1, "2"}, | ||
307 | {"id-holdinstruction-none", 1879048204, 0}, | ||
308 | {0, 1073741825, "holdInstruction"}, | ||
309 | {0, 1, "1"}, | ||
310 | {"id-holdinstruction-callissuer", 1879048204, 0}, | ||
311 | {0, 1073741825, "holdInstruction"}, | ||
312 | {0, 1, "2"}, | ||
313 | {"id-holdinstruction-reject", 1879048204, 0}, | ||
314 | {0, 1073741825, "holdInstruction"}, | ||
315 | {0, 1, "3"}, | ||
316 | {"id-ce-invalidityDate", 1879048204, 0}, | ||
317 | {0, 1073741825, "id-ce"}, | ||
318 | {0, 1, "24"}, | ||
319 | {"InvalidityDate", 1082130449, 0}, | ||
320 | {"VisibleString", 1610620935, 0}, | ||
321 | {0, 4360, "26"}, | ||
322 | {"NumericString", 1610620935, 0}, | ||
323 | {0, 4360, "18"}, | ||
324 | {"IA5String", 1610620935, 0}, | ||
325 | {0, 4360, "22"}, | ||
326 | {"TeletexString", 1610620935, 0}, | ||
327 | {0, 4360, "20"}, | ||
328 | {"PrintableString", 1610620935, 0}, | ||
329 | {0, 4360, "19"}, | ||
330 | {"UniversalString", 1610620935, 0}, | ||
331 | {0, 4360, "28"}, | ||
332 | {"BMPString", 1610620935, 0}, | ||
333 | {0, 4360, "30"}, | ||
334 | {"UTF8String", 1610620935, 0}, | ||
335 | {0, 4360, "12"}, | ||
336 | {"id-pkix", 1879048204, 0}, | ||
337 | {"iso", 1073741825, "1"}, | ||
338 | {"identified-organization", 1073741825, "3"}, | ||
339 | {"dod", 1073741825, "6"}, | ||
340 | {"internet", 1073741825, "1"}, | ||
341 | {"security", 1073741825, "5"}, | ||
342 | {"mechanisms", 1073741825, "5"}, | ||
343 | {"pkix", 1, "7"}, | ||
344 | {"id-pe", 1879048204, 0}, | ||
345 | {0, 1073741825, "id-pkix"}, | ||
346 | {0, 1, "1"}, | ||
347 | {"id-qt", 1879048204, 0}, | ||
348 | {0, 1073741825, "id-pkix"}, | ||
349 | {0, 1, "2"}, | ||
350 | {"id-kp", 1879048204, 0}, | ||
351 | {0, 1073741825, "id-pkix"}, | ||
352 | {0, 1, "3"}, | ||
353 | {"id-ad", 1879048204, 0}, | ||
354 | {0, 1073741825, "id-pkix"}, | ||
355 | {0, 1, "48"}, | ||
356 | {"id-qt-cps", 1879048204, 0}, | ||
357 | {0, 1073741825, "id-qt"}, | ||
358 | {0, 1, "1"}, | ||
359 | {"id-qt-unotice", 1879048204, 0}, | ||
360 | {0, 1073741825, "id-qt"}, | ||
361 | {0, 1, "2"}, | ||
362 | {"id-ad-ocsp", 1879048204, 0}, | ||
363 | {0, 1073741825, "id-ad"}, | ||
364 | {0, 1, "1"}, | ||
365 | {"id-ad-caIssuers", 1879048204, 0}, | ||
366 | {0, 1073741825, "id-ad"}, | ||
367 | {0, 1, "2"}, | ||
368 | {"Attribute", 1610612741, 0}, | ||
369 | {"type", 1073741826, "AttributeType"}, | ||
370 | {"values", 536870927, 0}, | ||
371 | {0, 2, "AttributeValue"}, | ||
372 | {"AttributeType", 1073741836, 0}, | ||
373 | {"AttributeValue", 1614807053, 0}, | ||
374 | {"type", 1, 0}, | ||
375 | {"AttributeTypeAndValue", 1610612741, 0}, | ||
376 | {"type", 1073741826, "AttributeType"}, | ||
377 | {"value", 2, "AttributeValue"}, | ||
378 | {"id-at", 1879048204, 0}, | ||
379 | {"joint-iso-ccitt", 1073741825, "2"}, | ||
380 | {"ds", 1073741825, "5"}, | ||
381 | {0, 1, "4"}, | ||
382 | {"id-at-initials", 1880096780, "AttributeType"}, | ||
383 | {0, 1073741825, "id-at"}, | ||
384 | {0, 1, "43"}, | ||
385 | {"X520initials", 1073741826, "DirectoryString"}, | ||
386 | {"id-at-generationQualifier", 1880096780, "AttributeType"}, | ||
387 | {0, 1073741825, "id-at"}, | ||
388 | {0, 1, "44"}, | ||
389 | {"X520generationQualifier", 1073741826, "DirectoryString"}, | ||
390 | {"id-at-surname", 1880096780, "AttributeType"}, | ||
391 | {0, 1073741825, "id-at"}, | ||
392 | {0, 1, "4"}, | ||
393 | {"X520surName", 1073741826, "DirectoryString"}, | ||
394 | {"id-at-givenName", 1880096780, "AttributeType"}, | ||
395 | {0, 1073741825, "id-at"}, | ||
396 | {0, 1, "42"}, | ||
397 | {"X520givenName", 1073741826, "DirectoryString"}, | ||
398 | {"id-at-name", 1880096780, "AttributeType"}, | ||
399 | {0, 1073741825, "id-at"}, | ||
400 | {0, 1, "41"}, | ||
401 | {"X520name", 1073741826, "DirectoryString"}, | ||
402 | {"id-at-commonName", 1880096780, "AttributeType"}, | ||
403 | {0, 1073741825, "id-at"}, | ||
404 | {0, 1, "3"}, | ||
405 | {"X520CommonName", 1073741826, "DirectoryString"}, | ||
406 | {"id-at-localityName", 1880096780, "AttributeType"}, | ||
407 | {0, 1073741825, "id-at"}, | ||
408 | {0, 1, "7"}, | ||
409 | {"X520LocalityName", 1073741826, "DirectoryString"}, | ||
410 | {"id-at-stateOrProvinceName", 1880096780, "AttributeType"}, | ||
411 | {0, 1073741825, "id-at"}, | ||
412 | {0, 1, "8"}, | ||
413 | {"X520StateOrProvinceName", 1073741826, "DirectoryString"}, | ||
414 | {"id-at-organizationName", 1880096780, "AttributeType"}, | ||
415 | {0, 1073741825, "id-at"}, | ||
416 | {0, 1, "10"}, | ||
417 | {"X520OrganizationName", 1073741826, "DirectoryString"}, | ||
418 | {"id-at-organizationalUnitName", 1880096780, "AttributeType"}, | ||
419 | {0, 1073741825, "id-at"}, | ||
420 | {0, 1, "11"}, | ||
421 | {"X520OrganizationalUnitName", 1073741826, "DirectoryString"}, | ||
422 | {"id-at-title", 1880096780, "AttributeType"}, | ||
423 | {0, 1073741825, "id-at"}, | ||
424 | {0, 1, "12"}, | ||
425 | {"X520Title", 1073741826, "DirectoryString"}, | ||
426 | {"id-at-description", 1880096780, "AttributeType"}, | ||
427 | {0, 1073741825, "id-at"}, | ||
428 | {0, 1, "13"}, | ||
429 | {"X520Description", 1073741826, "DirectoryString"}, | ||
430 | {"id-at-dnQualifier", 1880096780, "AttributeType"}, | ||
431 | {0, 1073741825, "id-at"}, | ||
432 | {0, 1, "46"}, | ||
433 | {"X520dnQualifier", 1073741826, "PrintableString"}, | ||
434 | {"id-at-countryName", 1880096780, "AttributeType"}, | ||
435 | {0, 1073741825, "id-at"}, | ||
436 | {0, 1, "6"}, | ||
437 | {"X520countryName", 1612709890, "PrintableString"}, | ||
438 | {0, 1048586, "2"}, | ||
439 | {"id-at-serialNumber", 1880096780, "AttributeType"}, | ||
440 | {0, 1073741825, "id-at"}, | ||
441 | {0, 1, "5"}, | ||
442 | {"X520serialNumber", 1073741826, "PrintableString"}, | ||
443 | {"id-at-telephoneNumber", 1880096780, "AttributeType"}, | ||
444 | {0, 1073741825, "id-at"}, | ||
445 | {0, 1, "20"}, | ||
446 | {"X520telephoneNumber", 1073741826, "PrintableString"}, | ||
447 | {"id-at-facsimileTelephoneNumber", 1880096780, "AttributeType"}, | ||
448 | {0, 1073741825, "id-at"}, | ||
449 | {0, 1, "23"}, | ||
450 | {"X520facsimileTelephoneNumber", 1073741826, "PrintableString"}, | ||
451 | {"id-at-pseudonym", 1880096780, "AttributeType"}, | ||
452 | {0, 1073741825, "id-at"}, | ||
453 | {0, 1, "65"}, | ||
454 | {"X520pseudonym", 1073741826, "DirectoryString"}, | ||
455 | {"id-at-name", 1880096780, "AttributeType"}, | ||
456 | {0, 1073741825, "id-at"}, | ||
457 | {0, 1, "41"}, | ||
458 | {"X520name", 1073741826, "DirectoryString"}, | ||
459 | {"id-at-streetAddress", 1880096780, "AttributeType"}, | ||
460 | {0, 1073741825, "id-at"}, | ||
461 | {0, 1, "9"}, | ||
462 | {"X520streetAddress", 1073741826, "DirectoryString"}, | ||
463 | {"id-at-postalAddress", 1880096780, "AttributeType"}, | ||
464 | {0, 1073741825, "id-at"}, | ||
465 | {0, 1, "16"}, | ||
466 | {"X520postalAddress", 1073741826, "PostalAddress"}, | ||
467 | {"PostalAddress", 1610612747, 0}, | ||
468 | {0, 2, "DirectoryString"}, | ||
469 | {"pkcs", 1879048204, 0}, | ||
470 | {"iso", 1073741825, "1"}, | ||
471 | {"member-body", 1073741825, "2"}, | ||
472 | {"us", 1073741825, "840"}, | ||
473 | {"rsadsi", 1073741825, "113549"}, | ||
474 | {"pkcs", 1, "1"}, | ||
475 | {"pkcs-9", 1879048204, 0}, | ||
476 | {0, 1073741825, "pkcs"}, | ||
477 | {0, 1, "9"}, | ||
478 | {"emailAddress", 1880096780, "AttributeType"}, | ||
479 | {0, 1073741825, "pkcs-9"}, | ||
480 | {0, 1, "1"}, | ||
481 | {"Pkcs9email", 1612709890, "IA5String"}, | ||
482 | {"ub-emailaddress-length", 524298, "1"}, | ||
483 | {"Name", 1610612754, 0}, | ||
484 | {"rdnSequence", 2, "RDNSequence"}, | ||
485 | {"RDNSequence", 1610612747, 0}, | ||
486 | {0, 2, "RelativeDistinguishedName"}, | ||
487 | {"DistinguishedName", 1073741826, "RDNSequence"}, | ||
488 | {"RelativeDistinguishedName", 1612709903, 0}, | ||
489 | {"MAX", 1074266122, "1"}, | ||
490 | {0, 2, "AttributeTypeAndValue"}, | ||
491 | {"Certificate", 1610612741, 0}, | ||
492 | {"tbsCertificate", 1073741826, "TBSCertificate"}, | ||
493 | {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, | ||
494 | {"signature", 6, 0}, | ||
495 | {"TBSCertificate", 1610612741, 0}, | ||
496 | {"version", 1610653698, "Version"}, | ||
497 | {0, 1073741833, "v1"}, | ||
498 | {0, 2056, "0"}, | ||
499 | {"serialNumber", 1073741826, "CertificateSerialNumber"}, | ||
500 | {"signature", 1073741826, "AlgorithmIdentifier"}, | ||
501 | {"issuer", 1073741826, "Name"}, | ||
502 | {"validity", 1073741826, "Validity"}, | ||
503 | {"subject", 1073741826, "Name"}, | ||
504 | {"subjectPublicKeyInfo", 1073741826, "SubjectPublicKeyInfo"}, | ||
505 | {"issuerUniqueID", 1610637314, "UniqueIdentifier"}, | ||
506 | {0, 4104, "1"}, | ||
507 | {"subjectUniqueID", 1610637314, "UniqueIdentifier"}, | ||
508 | {0, 4104, "2"}, | ||
509 | {"extensions", 536895490, "Extensions"}, | ||
510 | {0, 2056, "3"}, | ||
511 | {"Version", 1610874883, 0}, | ||
512 | {"v1", 1073741825, "0"}, | ||
513 | {"v2", 1073741825, "1"}, | ||
514 | {"v3", 1, "2"}, | ||
515 | {"CertificateSerialNumber", 1073741827, 0}, | ||
516 | {"Validity", 1610612741, 0}, | ||
517 | {"notBefore", 1073741826, "Time"}, | ||
518 | {"notAfter", 2, "Time"}, | ||
519 | {"Time", 1610612754, 0}, | ||
520 | {"utcTime", 1090519057, 0}, | ||
521 | {"generalTime", 8388625, 0}, | ||
522 | {"UniqueIdentifier", 1073741830, 0}, | ||
523 | {"SubjectPublicKeyInfo", 1610612741, 0}, | ||
524 | {"algorithm", 1073741826, "AlgorithmIdentifier"}, | ||
525 | {"subjectPublicKey", 6, 0}, | ||
526 | {"Extensions", 1612709899, 0}, | ||
527 | {"MAX", 1074266122, "1"}, | ||
528 | {0, 2, "Extension"}, | ||
529 | {"Extension", 1610612741, 0}, | ||
530 | {"extnID", 1073741836, 0}, | ||
531 | {"critical", 1610645508, 0}, | ||
532 | {0, 131081, 0}, | ||
533 | {"extnValue", 7, 0}, | ||
534 | {"CertificateList", 1610612741, 0}, | ||
535 | {"tbsCertList", 1073741826, "TBSCertList"}, | ||
536 | {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, | ||
537 | {"signature", 6, 0}, | ||
538 | {"TBSCertList", 1610612741, 0}, | ||
539 | {"version", 1073758210, "Version"}, | ||
540 | {"signature", 1073741826, "AlgorithmIdentifier"}, | ||
541 | {"issuer", 1073741826, "Name"}, | ||
542 | {"thisUpdate", 1073741826, "Time"}, | ||
543 | {"nextUpdate", 1073758210, "Time"}, | ||
544 | {"revokedCertificates", 1610629131, 0}, | ||
545 | {0, 536870917, 0}, | ||
546 | {"userCertificate", 1073741826, "CertificateSerialNumber"}, | ||
547 | {"revocationDate", 1073741826, "Time"}, | ||
548 | {"crlEntryExtensions", 16386, "Extensions"}, | ||
549 | {"crlExtensions", 536895490, "Extensions"}, | ||
550 | {0, 2056, "0"}, | ||
551 | {"AlgorithmIdentifier", 1610612741, 0}, | ||
552 | {"algorithm", 1073741836, 0}, | ||
553 | {"parameters", 541081613, 0}, | ||
554 | {"algorithm", 1, 0}, | ||
555 | {"pkcs-1", 1879048204, 0}, | ||
556 | {0, 1073741825, "pkcs"}, | ||
557 | {0, 1, "1"}, | ||
558 | {"rsaEncryption", 1879048204, 0}, | ||
559 | {0, 1073741825, "pkcs-1"}, | ||
560 | {0, 1, "1"}, | ||
561 | {"md2WithRSAEncryption", 1879048204, 0}, | ||
562 | {0, 1073741825, "pkcs-1"}, | ||
563 | {0, 1, "2"}, | ||
564 | {"md5WithRSAEncryption", 1879048204, 0}, | ||
565 | {0, 1073741825, "pkcs-1"}, | ||
566 | {0, 1, "4"}, | ||
567 | {"sha1WithRSAEncryption", 1879048204, 0}, | ||
568 | {0, 1073741825, "pkcs-1"}, | ||
569 | {0, 1, "5"}, | ||
570 | {"id-dsa-with-sha1", 1879048204, 0}, | ||
571 | {"iso", 1073741825, "1"}, | ||
572 | {"member-body", 1073741825, "2"}, | ||
573 | {"us", 1073741825, "840"}, | ||
574 | {"x9-57", 1073741825, "10040"}, | ||
575 | {"x9algorithm", 1073741825, "4"}, | ||
576 | {0, 1, "3"}, | ||
577 | {"Dss-Sig-Value", 1610612741, 0}, | ||
578 | {"r", 1073741827, 0}, | ||
579 | {"s", 3, 0}, | ||
580 | {"dhpublicnumber", 1879048204, 0}, | ||
581 | {"iso", 1073741825, "1"}, | ||
582 | {"member-body", 1073741825, "2"}, | ||
583 | {"us", 1073741825, "840"}, | ||
584 | {"ansi-x942", 1073741825, "10046"}, | ||
585 | {"number-type", 1073741825, "2"}, | ||
586 | {0, 1, "1"}, | ||
587 | {"DomainParameters", 1610612741, 0}, | ||
588 | {"p", 1073741827, 0}, | ||
589 | {"g", 1073741827, 0}, | ||
590 | {"q", 1073741827, 0}, | ||
591 | {"j", 1073758211, 0}, | ||
592 | {"validationParms", 16386, "ValidationParms"}, | ||
593 | {"ValidationParms", 1610612741, 0}, | ||
594 | {"seed", 1073741830, 0}, | ||
595 | {"pgenCounter", 3, 0}, | ||
596 | {"id-dsa", 1879048204, 0}, | ||
597 | {"iso", 1073741825, "1"}, | ||
598 | {"member-body", 1073741825, "2"}, | ||
599 | {"us", 1073741825, "840"}, | ||
600 | {"x9-57", 1073741825, "10040"}, | ||
601 | {"x9algorithm", 1073741825, "4"}, | ||
602 | {0, 1, "1"}, | ||
603 | {"Dss-Parms", 1610612741, 0}, | ||
604 | {"p", 1073741827, 0}, | ||
605 | {"q", 1073741827, 0}, | ||
606 | {"g", 3, 0}, | ||
607 | {"ORAddress", 1610612741, 0}, | ||
608 | {"built-in-standard-attributes", 1073741826, "BuiltInStandardAttributes"}, | ||
609 | {"built-in-domain-defined-attributes", 1073758210, | ||
610 | "BuiltInDomainDefinedAttributes"}, | ||
611 | {"extension-attributes", 16386, "ExtensionAttributes"}, | ||
612 | {"BuiltInStandardAttributes", 1610612741, 0}, | ||
613 | {"country-name", 1073758210, "CountryName"}, | ||
614 | {"administration-domain-name", 1073758210, "AdministrationDomainName"}, | ||
615 | {"network-address", 1610637314, "NetworkAddress"}, | ||
616 | {0, 2056, "0"}, | ||
617 | {"terminal-identifier", 1610637314, "TerminalIdentifier"}, | ||
618 | {0, 2056, "1"}, | ||
619 | {"private-domain-name", 1610637314, "PrivateDomainName"}, | ||
620 | {0, 2056, "2"}, | ||
621 | {"organization-name", 1610637314, "OrganizationName"}, | ||
622 | {0, 2056, "3"}, | ||
623 | {"numeric-user-identifier", 1610637314, "NumericUserIdentifier"}, | ||
624 | {0, 2056, "4"}, | ||
625 | {"personal-name", 1610637314, "PersonalName"}, | ||
626 | {0, 2056, "5"}, | ||
627 | {"organizational-unit-names", 536895490, "OrganizationalUnitNames"}, | ||
628 | {0, 2056, "6"}, | ||
629 | {"CountryName", 1610620946, 0}, | ||
630 | {0, 1073746952, "1"}, | ||
631 | {"x121-dcc-code", 1612709890, "NumericString"}, | ||
632 | {0, 1048586, "ub-country-name-numeric-length"}, | ||
633 | {"iso-3166-alpha2-code", 538968066, "PrintableString"}, | ||
634 | {0, 1048586, "ub-country-name-alpha-length"}, | ||
635 | {"AdministrationDomainName", 1610620946, 0}, | ||
636 | {0, 1073744904, "2"}, | ||
637 | {"numeric", 1612709890, "NumericString"}, | ||
638 | {"ub-domain-name-length", 524298, "0"}, | ||
639 | {"printable", 538968066, "PrintableString"}, | ||
640 | {"ub-domain-name-length", 524298, "0"}, | ||
641 | {"NetworkAddress", 1073741826, "X121Address"}, | ||
642 | {"X121Address", 1612709890, "NumericString"}, | ||
643 | {"ub-x121-address-length", 524298, "1"}, | ||
644 | {"TerminalIdentifier", 1612709890, "PrintableString"}, | ||
645 | {"ub-terminal-id-length", 524298, "1"}, | ||
646 | {"PrivateDomainName", 1610612754, 0}, | ||
647 | {"numeric", 1612709890, "NumericString"}, | ||
648 | {"ub-domain-name-length", 524298, "1"}, | ||
649 | {"printable", 538968066, "PrintableString"}, | ||
650 | {"ub-domain-name-length", 524298, "1"}, | ||
651 | {"OrganizationName", 1612709890, "PrintableString"}, | ||
652 | {"ub-organization-name-length", 524298, "1"}, | ||
653 | {"NumericUserIdentifier", 1612709890, "NumericString"}, | ||
654 | {"ub-numeric-user-id-length", 524298, "1"}, | ||
655 | {"PersonalName", 1610612750, 0}, | ||
656 | {"surname", 1814044674, "PrintableString"}, | ||
657 | {0, 1073745928, "0"}, | ||
658 | {"ub-surname-length", 524298, "1"}, | ||
659 | {"given-name", 1814061058, "PrintableString"}, | ||
660 | {0, 1073745928, "1"}, | ||
661 | {"ub-given-name-length", 524298, "1"}, | ||
662 | {"initials", 1814061058, "PrintableString"}, | ||
663 | {0, 1073745928, "2"}, | ||
664 | {"ub-initials-length", 524298, "1"}, | ||
665 | {"generation-qualifier", 740319234, "PrintableString"}, | ||
666 | {0, 1073745928, "3"}, | ||
667 | {"ub-generation-qualifier-length", 524298, "1"}, | ||
668 | {"OrganizationalUnitNames", 1612709899, 0}, | ||
669 | {"ub-organizational-units", 1074266122, "1"}, | ||
670 | {0, 2, "OrganizationalUnitName"}, | ||
671 | {"OrganizationalUnitName", 1612709890, "PrintableString"}, | ||
672 | {"ub-organizational-unit-name-length", 524298, "1"}, | ||
673 | {"BuiltInDomainDefinedAttributes", 1612709899, 0}, | ||
674 | {"ub-domain-defined-attributes", 1074266122, "1"}, | ||
675 | {0, 2, "BuiltInDomainDefinedAttribute"}, | ||
676 | {"BuiltInDomainDefinedAttribute", 1610612741, 0}, | ||
677 | {"type", 1612709890, "PrintableString"}, | ||
678 | {"ub-domain-defined-attribute-type-length", 524298, "1"}, | ||
679 | {"value", 538968066, "PrintableString"}, | ||
680 | {"ub-domain-defined-attribute-value-length", 524298, "1"}, | ||
681 | {"ExtensionAttributes", 1612709903, 0}, | ||
682 | {"ub-extension-attributes", 1074266122, "1"}, | ||
683 | {0, 2, "ExtensionAttribute"}, | ||
684 | {"ExtensionAttribute", 1610612741, 0}, | ||
685 | {"extension-attribute-type", 1611145219, 0}, | ||
686 | {0, 1073743880, "0"}, | ||
687 | {"0", 10, "ub-extension-attributes"}, | ||
688 | {"extension-attribute-value", 541073421, 0}, | ||
689 | {0, 1073743880, "1"}, | ||
690 | {"extension-attribute-type", 1, 0}, | ||
691 | {"common-name", 1342177283, "1"}, | ||
692 | {"CommonName", 1612709890, "PrintableString"}, | ||
693 | {"ub-common-name-length", 524298, "1"}, | ||
694 | {"teletex-common-name", 1342177283, "2"}, | ||
695 | {"TeletexCommonName", 1612709890, "TeletexString"}, | ||
696 | {"ub-common-name-length", 524298, "1"}, | ||
697 | {"teletex-organization-name", 1342177283, "3"}, | ||
698 | {"TeletexOrganizationName", 1612709890, "TeletexString"}, | ||
699 | {"ub-organization-name-length", 524298, "1"}, | ||
700 | {"teletex-personal-name", 1342177283, "4"}, | ||
701 | {"TeletexPersonalName", 1610612750, 0}, | ||
702 | {"surname", 1814044674, "TeletexString"}, | ||
703 | {0, 1073743880, "0"}, | ||
704 | {"ub-surname-length", 524298, "1"}, | ||
705 | {"given-name", 1814061058, "TeletexString"}, | ||
706 | {0, 1073743880, "1"}, | ||
707 | {"ub-given-name-length", 524298, "1"}, | ||
708 | {"initials", 1814061058, "TeletexString"}, | ||
709 | {0, 1073743880, "2"}, | ||
710 | {"ub-initials-length", 524298, "1"}, | ||
711 | {"generation-qualifier", 740319234, "TeletexString"}, | ||
712 | {0, 1073743880, "3"}, | ||
713 | {"ub-generation-qualifier-length", 524298, "1"}, | ||
714 | {"teletex-organizational-unit-names", 1342177283, "5"}, | ||
715 | {"TeletexOrganizationalUnitNames", 1612709899, 0}, | ||
716 | {"ub-organizational-units", 1074266122, "1"}, | ||
717 | {0, 2, "TeletexOrganizationalUnitName"}, | ||
718 | {"TeletexOrganizationalUnitName", 1612709890, "TeletexString"}, | ||
719 | {"ub-organizational-unit-name-length", 524298, "1"}, | ||
720 | {"pds-name", 1342177283, "7"}, | ||
721 | {"PDSName", 1612709890, "PrintableString"}, | ||
722 | {"ub-pds-name-length", 524298, "1"}, | ||
723 | {"physical-delivery-country-name", 1342177283, "8"}, | ||
724 | {"PhysicalDeliveryCountryName", 1610612754, 0}, | ||
725 | {"x121-dcc-code", 1612709890, "NumericString"}, | ||
726 | {0, 1048586, "ub-country-name-numeric-length"}, | ||
727 | {"iso-3166-alpha2-code", 538968066, "PrintableString"}, | ||
728 | {0, 1048586, "ub-country-name-alpha-length"}, | ||
729 | {"postal-code", 1342177283, "9"}, | ||
730 | {"PostalCode", 1610612754, 0}, | ||
731 | {"numeric-code", 1612709890, "NumericString"}, | ||
732 | {"ub-postal-code-length", 524298, "1"}, | ||
733 | {"printable-code", 538968066, "PrintableString"}, | ||
734 | {"ub-postal-code-length", 524298, "1"}, | ||
735 | {"physical-delivery-office-name", 1342177283, "10"}, | ||
736 | {"PhysicalDeliveryOfficeName", 1073741826, "PDSParameter"}, | ||
737 | {"physical-delivery-office-number", 1342177283, "11"}, | ||
738 | {"PhysicalDeliveryOfficeNumber", 1073741826, "PDSParameter"}, | ||
739 | {"extension-OR-address-components", 1342177283, "12"}, | ||
740 | {"ExtensionORAddressComponents", 1073741826, "PDSParameter"}, | ||
741 | {"physical-delivery-personal-name", 1342177283, "13"}, | ||
742 | {"PhysicalDeliveryPersonalName", 1073741826, "PDSParameter"}, | ||
743 | {"physical-delivery-organization-name", 1342177283, "14"}, | ||
744 | {"PhysicalDeliveryOrganizationName", 1073741826, "PDSParameter"}, | ||
745 | {"extension-physical-delivery-address-components", 1342177283, "15"}, | ||
746 | {"ExtensionPhysicalDeliveryAddressComponents", 1073741826, "PDSParameter"}, | ||
747 | {"unformatted-postal-address", 1342177283, "16"}, | ||
748 | {"UnformattedPostalAddress", 1610612750, 0}, | ||
749 | {"printable-address", 1814052875, 0}, | ||
750 | {"ub-pds-physical-address-lines", 1074266122, "1"}, | ||
751 | {0, 538968066, "PrintableString"}, | ||
752 | {"ub-pds-parameter-length", 524298, "1"}, | ||
753 | {"teletex-string", 740311042, "TeletexString"}, | ||
754 | {"ub-unformatted-address-length", 524298, "1"}, | ||
755 | {"street-address", 1342177283, "17"}, | ||
756 | {"StreetAddress", 1073741826, "PDSParameter"}, | ||
757 | {"post-office-box-address", 1342177283, "18"}, | ||
758 | {"PostOfficeBoxAddress", 1073741826, "PDSParameter"}, | ||
759 | {"poste-restante-address", 1342177283, "19"}, | ||
760 | {"PosteRestanteAddress", 1073741826, "PDSParameter"}, | ||
761 | {"unique-postal-name", 1342177283, "20"}, | ||
762 | {"UniquePostalName", 1073741826, "PDSParameter"}, | ||
763 | {"local-postal-attributes", 1342177283, "21"}, | ||
764 | {"LocalPostalAttributes", 1073741826, "PDSParameter"}, | ||
765 | {"PDSParameter", 1610612750, 0}, | ||
766 | {"printable-string", 1814052866, "PrintableString"}, | ||
767 | {"ub-pds-parameter-length", 524298, "1"}, | ||
768 | {"teletex-string", 740311042, "TeletexString"}, | ||
769 | {"ub-pds-parameter-length", 524298, "1"}, | ||
770 | {"extended-network-address", 1342177283, "22"}, | ||
771 | {"ExtendedNetworkAddress", 1610612754, 0}, | ||
772 | {"e163-4-address", 1610612741, 0}, | ||
773 | {"number", 1612718082, "NumericString"}, | ||
774 | {0, 1073743880, "0"}, | ||
775 | {"ub-e163-4-number-length", 524298, "1"}, | ||
776 | {"sub-address", 538992642, "NumericString"}, | ||
777 | {0, 1073743880, "1"}, | ||
778 | {"ub-e163-4-sub-address-length", 524298, "1"}, | ||
779 | {"psap-address", 536879106, "PresentationAddress"}, | ||
780 | {0, 2056, "0"}, | ||
781 | {"PresentationAddress", 1610612741, 0}, | ||
782 | {"pSelector", 1610637319, 0}, | ||
783 | {0, 2056, "0"}, | ||
784 | {"sSelector", 1610637319, 0}, | ||
785 | {0, 2056, "1"}, | ||
786 | {"tSelector", 1610637319, 0}, | ||
787 | {0, 2056, "2"}, | ||
788 | {"nAddresses", 538976271, 0}, | ||
789 | {0, 1073743880, "3"}, | ||
790 | {"MAX", 1074266122, "1"}, | ||
791 | {0, 7, 0}, | ||
792 | {"terminal-type", 1342177283, "23"}, | ||
793 | {"TerminalType", 1610874883, 0}, | ||
794 | {"telex", 1073741825, "3"}, | ||
795 | {"teletex", 1073741825, "4"}, | ||
796 | {"g3-facsimile", 1073741825, "5"}, | ||
797 | {"g4-facsimile", 1073741825, "6"}, | ||
798 | {"ia5-terminal", 1073741825, "7"}, | ||
799 | {"videotex", 1, "8"}, | ||
800 | {"teletex-domain-defined-attributes", 1342177283, "6"}, | ||
801 | {"TeletexDomainDefinedAttributes", 1612709899, 0}, | ||
802 | {"ub-domain-defined-attributes", 1074266122, "1"}, | ||
803 | {0, 2, "TeletexDomainDefinedAttribute"}, | ||
804 | {"TeletexDomainDefinedAttribute", 1610612741, 0}, | ||
805 | {"type", 1612709890, "TeletexString"}, | ||
806 | {"ub-domain-defined-attribute-type-length", 524298, "1"}, | ||
807 | {"value", 538968066, "TeletexString"}, | ||
808 | {"ub-domain-defined-attribute-value-length", 524298, "1"}, | ||
809 | {"ub-name", 1342177283, "32768"}, | ||
810 | {"ub-common-name", 1342177283, "64"}, | ||
811 | {"ub-locality-name", 1342177283, "128"}, | ||
812 | {"ub-state-name", 1342177283, "128"}, | ||
813 | {"ub-organization-name", 1342177283, "64"}, | ||
814 | {"ub-organizational-unit-name", 1342177283, "64"}, | ||
815 | {"ub-title", 1342177283, "64"}, | ||
816 | {"ub-match", 1342177283, "128"}, | ||
817 | {"ub-emailaddress-length", 1342177283, "128"}, | ||
818 | {"ub-common-name-length", 1342177283, "64"}, | ||
819 | {"ub-country-name-alpha-length", 1342177283, "2"}, | ||
820 | {"ub-country-name-numeric-length", 1342177283, "3"}, | ||
821 | {"ub-domain-defined-attributes", 1342177283, "4"}, | ||
822 | {"ub-domain-defined-attribute-type-length", 1342177283, "8"}, | ||
823 | {"ub-domain-defined-attribute-value-length", 1342177283, "128"}, | ||
824 | {"ub-domain-name-length", 1342177283, "16"}, | ||
825 | {"ub-extension-attributes", 1342177283, "256"}, | ||
826 | {"ub-e163-4-number-length", 1342177283, "15"}, | ||
827 | {"ub-e163-4-sub-address-length", 1342177283, "40"}, | ||
828 | {"ub-generation-qualifier-length", 1342177283, "3"}, | ||
829 | {"ub-given-name-length", 1342177283, "16"}, | ||
830 | {"ub-initials-length", 1342177283, "5"}, | ||
831 | {"ub-integer-options", 1342177283, "256"}, | ||
832 | {"ub-numeric-user-id-length", 1342177283, "32"}, | ||
833 | {"ub-organization-name-length", 1342177283, "64"}, | ||
834 | {"ub-organizational-unit-name-length", 1342177283, "32"}, | ||
835 | {"ub-organizational-units", 1342177283, "4"}, | ||
836 | {"ub-pds-name-length", 1342177283, "16"}, | ||
837 | {"ub-pds-parameter-length", 1342177283, "30"}, | ||
838 | {"ub-pds-physical-address-lines", 1342177283, "6"}, | ||
839 | {"ub-postal-code-length", 1342177283, "16"}, | ||
840 | {"ub-surname-length", 1342177283, "40"}, | ||
841 | {"ub-terminal-id-length", 1342177283, "24"}, | ||
842 | {"ub-unformatted-address-length", 1342177283, "180"}, | ||
843 | {"ub-x121-address-length", 1342177283, "16"}, | ||
844 | {"pkcs-7-ContentInfo", 1610612741, 0}, | ||
845 | {"contentType", 1073741826, "pkcs-7-ContentType"}, | ||
846 | {"content", 541073421, 0}, | ||
847 | {0, 1073743880, "0"}, | ||
848 | {"contentType", 1, 0}, | ||
849 | {"pkcs-7-DigestInfo", 1610612741, 0}, | ||
850 | {"digestAlgorithm", 1073741826, "pkcs-7-DigestAlgorithmIdentifier"}, | ||
851 | {"digest", 2, "pkcs-7-Digest"}, | ||
852 | {"pkcs-7-Digest", 1073741831, 0}, | ||
853 | {"pkcs-7-ContentType", 1073741836, 0}, | ||
854 | {"pkcs-7-SignedData", 1610612741, 0}, | ||
855 | {"version", 1073741826, "pkcs-7-CMSVersion"}, | ||
856 | {"digestAlgorithms", 1073741826, "pkcs-7-DigestAlgorithmIdentifiers"}, | ||
857 | {"encapContentInfo", 1073741826, "pkcs-7-EncapsulatedContentInfo"}, | ||
858 | {"certificates", 1610637314, "pkcs-7-CertificateSet"}, | ||
859 | {0, 4104, "0"}, | ||
860 | {"crls", 1610637314, "pkcs-7-CertificateRevocationLists"}, | ||
861 | {0, 4104, "1"}, | ||
862 | {"signerInfos", 2, "pkcs-7-SignerInfos"}, | ||
863 | {"pkcs-7-CMSVersion", 1610874883, 0}, | ||
864 | {"v0", 1073741825, "0"}, | ||
865 | {"v1", 1073741825, "1"}, | ||
866 | {"v2", 1073741825, "2"}, | ||
867 | {"v3", 1073741825, "3"}, | ||
868 | {"v4", 1, "4"}, | ||
869 | {"pkcs-7-DigestAlgorithmIdentifiers", 1610612751, 0}, | ||
870 | {0, 2, "pkcs-7-DigestAlgorithmIdentifier"}, | ||
871 | {"pkcs-7-DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, | ||
872 | {"pkcs-7-EncapsulatedContentInfo", 1610612741, 0}, | ||
873 | {"eContentType", 1073741826, "pkcs-7-ContentType"}, | ||
874 | {"eContent", 536895495, 0}, | ||
875 | {0, 2056, "0"}, | ||
876 | {"pkcs-7-CertificateRevocationLists", 1610612751, 0}, | ||
877 | {0, 13, 0}, | ||
878 | {"pkcs-7-CertificateChoices", 1610612754, 0}, | ||
879 | {"certificate", 13, 0}, | ||
880 | {"pkcs-7-CertificateSet", 1610612751, 0}, | ||
881 | {0, 2, "pkcs-7-CertificateChoices"}, | ||
882 | {"pkcs-7-SignerInfos", 1610612751, 0}, | ||
883 | {0, 13, 0}, | ||
884 | {"pkcs-10-CertificationRequestInfo", 1610612741, 0}, | ||
885 | {"version", 1610874883, 0}, | ||
886 | {"v1", 1, "0"}, | ||
887 | {"subject", 1073741826, "Name"}, | ||
888 | {"subjectPKInfo", 1073741826, "SubjectPublicKeyInfo"}, | ||
889 | {"attributes", 536879106, "Attributes"}, | ||
890 | {0, 4104, "0"}, | ||
891 | {"Attributes", 1610612751, 0}, | ||
892 | {0, 2, "Attribute"}, | ||
893 | {"pkcs-10-CertificationRequest", 1610612741, 0}, | ||
894 | {"certificationRequestInfo", 1073741826, | ||
895 | "pkcs-10-CertificationRequestInfo"}, | ||
896 | {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, | ||
897 | {"signature", 6, 0}, | ||
898 | {"pkcs-9-ub-challengePassword", 1342177283, "255"}, | ||
899 | {"pkcs-9-certTypes", 1879048204, 0}, | ||
900 | {0, 1073741825, "pkcs-9"}, | ||
901 | {0, 1, "22"}, | ||
902 | {"pkcs-9-crlTypes", 1879048204, 0}, | ||
903 | {0, 1073741825, "pkcs-9"}, | ||
904 | {0, 1, "23"}, | ||
905 | {"pkcs-9-at-challengePassword", 1879048204, 0}, | ||
906 | {0, 1073741825, "pkcs-9"}, | ||
907 | {0, 1, "7"}, | ||
908 | {"pkcs-9-challengePassword", 1610612754, 0}, | ||
909 | {"printableString", 1612709890, "PrintableString"}, | ||
910 | {"pkcs-9-ub-challengePassword", 524298, "1"}, | ||
911 | {"utf8String", 538968066, "UTF8String"}, | ||
912 | {"pkcs-9-ub-challengePassword", 524298, "1"}, | ||
913 | {"pkcs-9-at-localKeyId", 1879048204, 0}, | ||
914 | {0, 1073741825, "pkcs-9"}, | ||
915 | {0, 1, "21"}, | ||
916 | {"pkcs-9-localKeyId", 1073741831, 0}, | ||
917 | {"pkcs-9-at-friendlyName", 1879048204, 0}, | ||
918 | {0, 1073741825, "pkcs-9"}, | ||
919 | {0, 1, "20"}, | ||
920 | {"pkcs-9-friendlyName", 1612709890, "BMPString"}, | ||
921 | {"255", 524298, "1"}, | ||
922 | {"pkcs-8-PrivateKeyInfo", 1610612741, 0}, | ||
923 | {"version", 1073741826, "pkcs-8-Version"}, | ||
924 | {"privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"}, | ||
925 | {"privateKey", 1073741826, "pkcs-8-PrivateKey"}, | ||
926 | {"attributes", 536895490, "Attributes"}, | ||
927 | {0, 4104, "0"}, | ||
928 | {"pkcs-8-Version", 1610874883, 0}, | ||
929 | {"v1", 1, "0"}, | ||
930 | {"pkcs-8-PrivateKey", 1073741831, 0}, | ||
931 | {"pkcs-8-Attributes", 1610612751, 0}, | ||
932 | {0, 2, "Attribute"}, | ||
933 | {"pkcs-8-EncryptedPrivateKeyInfo", 1610612741, 0}, | ||
934 | {"encryptionAlgorithm", 1073741826, "AlgorithmIdentifier"}, | ||
935 | {"encryptedData", 2, "pkcs-8-EncryptedData"}, | ||
936 | {"pkcs-8-EncryptedData", 1073741831, 0}, | ||
937 | {"pkcs-5", 1879048204, 0}, | ||
938 | {0, 1073741825, "pkcs"}, | ||
939 | {0, 1, "5"}, | ||
940 | {"pkcs-5-encryptionAlgorithm", 1879048204, 0}, | ||
941 | {"iso", 1073741825, "1"}, | ||
942 | {"member-body", 1073741825, "2"}, | ||
943 | {"us", 1073741825, "840"}, | ||
944 | {"rsadsi", 1073741825, "113549"}, | ||
945 | {0, 1, "3"}, | ||
946 | {"pkcs-5-des-EDE3-CBC", 1879048204, 0}, | ||
947 | {0, 1073741825, "pkcs-5-encryptionAlgorithm"}, | ||
948 | {0, 1, "7"}, | ||
949 | {"pkcs-5-des-EDE3-CBC-params", 1612709895, 0}, | ||
950 | {0, 1048586, "8"}, | ||
951 | {"pkcs-5-id-PBES2", 1879048204, 0}, | ||
952 | {0, 1073741825, "pkcs-5"}, | ||
953 | {0, 1, "13"}, | ||
954 | {"pkcs-5-PBES2-params", 1610612741, 0}, | ||
955 | {"keyDerivationFunc", 1073741826, "AlgorithmIdentifier"}, | ||
956 | {"encryptionScheme", 2, "AlgorithmIdentifier"}, | ||
957 | {"pkcs-5-id-PBKDF2", 1879048204, 0}, | ||
958 | {0, 1073741825, "pkcs-5"}, | ||
959 | {0, 1, "12"}, | ||
960 | {"pkcs-5-PBKDF2-params", 1610612741, 0}, | ||
961 | {"salt", 1610612754, 0}, | ||
962 | {"specified", 1073741831, 0}, | ||
963 | {"otherSource", 2, "AlgorithmIdentifier"}, | ||
964 | {"iterationCount", 1611137027, 0}, | ||
965 | {"1", 10, "MAX"}, | ||
966 | {"keyLength", 1611153411, 0}, | ||
967 | {"1", 10, "MAX"}, | ||
968 | {"prf", 16386, "AlgorithmIdentifier"}, | ||
969 | {"pkcs-12", 1879048204, 0}, | ||
970 | {0, 1073741825, "pkcs"}, | ||
971 | {0, 1, "12"}, | ||
972 | {"pkcs-12-PFX", 1610612741, 0}, | ||
973 | {"version", 1610874883, 0}, | ||
974 | {"v3", 1, "3"}, | ||
975 | {"authSafe", 1073741826, "pkcs-7-ContentInfo"}, | ||
976 | {"macData", 16386, "pkcs-12-MacData"}, | ||
977 | {"pkcs-12-PbeParams", 1610612741, 0}, | ||
978 | {"salt", 1073741831, 0}, | ||
979 | {"iterations", 3, 0}, | ||
980 | {"pkcs-12-MacData", 1610612741, 0}, | ||
981 | {"mac", 1073741826, "pkcs-7-DigestInfo"}, | ||
982 | {"macSalt", 1073741831, 0}, | ||
983 | {"iterations", 536903683, 0}, | ||
984 | {0, 9, "1"}, | ||
985 | {"pkcs-12-AuthenticatedSafe", 1610612747, 0}, | ||
986 | {0, 2, "pkcs-7-ContentInfo"}, | ||
987 | {"pkcs-12-SafeContents", 1610612747, 0}, | ||
988 | {0, 2, "pkcs-12-SafeBag"}, | ||
989 | {"pkcs-12-SafeBag", 1610612741, 0}, | ||
990 | {"bagId", 1073741836, 0}, | ||
991 | {"bagValue", 1614815245, 0}, | ||
992 | {0, 1073743880, "0"}, | ||
993 | {"badId", 1, 0}, | ||
994 | {"bagAttributes", 536887311, 0}, | ||
995 | {0, 2, "pkcs-12-PKCS12Attribute"}, | ||
996 | {"pkcs-12-bagtypes", 1879048204, 0}, | ||
997 | {0, 1073741825, "pkcs-12"}, | ||
998 | {0, 1073741825, "10"}, | ||
999 | {0, 1, "1"}, | ||
1000 | {"pkcs-12-keyBag", 1879048204, 0}, | ||
1001 | {0, 1073741825, "pkcs-12-bagtypes"}, | ||
1002 | {0, 1, "1"}, | ||
1003 | {"pkcs-12-pkcs8ShroudedKeyBag", 1879048204, 0}, | ||
1004 | {0, 1073741825, "pkcs-12-bagtypes"}, | ||
1005 | {0, 1, "2"}, | ||
1006 | {"pkcs-12-certBag", 1879048204, 0}, | ||
1007 | {0, 1073741825, "pkcs-12-bagtypes"}, | ||
1008 | {0, 1, "3"}, | ||
1009 | {"pkcs-12-crlBag", 1879048204, 0}, | ||
1010 | {0, 1073741825, "pkcs-12-bagtypes"}, | ||
1011 | {0, 1, "4"}, | ||
1012 | {"pkcs-12-KeyBag", 1073741826, "pkcs-8-PrivateKeyInfo"}, | ||
1013 | {"pkcs-12-PKCS8ShroudedKeyBag", 1073741826, | ||
1014 | "pkcs-8-EncryptedPrivateKeyInfo"}, | ||
1015 | {"pkcs-12-CertBag", 1610612741, 0}, | ||
1016 | {"certId", 1073741836, 0}, | ||
1017 | {"certValue", 541073421, 0}, | ||
1018 | {0, 1073743880, "0"}, | ||
1019 | {"certId", 1, 0}, | ||
1020 | {"pkcs-12-CRLBag", 1610612741, 0}, | ||
1021 | {"crlId", 1073741836, 0}, | ||
1022 | {"crlValue", 541073421, 0}, | ||
1023 | {0, 1073743880, "0"}, | ||
1024 | {"crlId", 1, 0}, | ||
1025 | {"pkcs-12-PKCS12Attribute", 1073741826, "Attribute"}, | ||
1026 | {"pkcs-7-data", 1879048204, 0}, | ||
1027 | {"iso", 1073741825, "1"}, | ||
1028 | {"member-body", 1073741825, "2"}, | ||
1029 | {"us", 1073741825, "840"}, | ||
1030 | {"rsadsi", 1073741825, "113549"}, | ||
1031 | {"pkcs", 1073741825, "1"}, | ||
1032 | {"pkcs7", 1073741825, "7"}, | ||
1033 | {0, 1, "1"}, | ||
1034 | {"pkcs-7-encryptedData", 1879048204, 0}, | ||
1035 | {"iso", 1073741825, "1"}, | ||
1036 | {"member-body", 1073741825, "2"}, | ||
1037 | {"us", 1073741825, "840"}, | ||
1038 | {"rsadsi", 1073741825, "113549"}, | ||
1039 | {"pkcs", 1073741825, "1"}, | ||
1040 | {"pkcs7", 1073741825, "7"}, | ||
1041 | {0, 1, "6"}, | ||
1042 | {"pkcs-7-Data", 1073741831, 0}, | ||
1043 | {"pkcs-7-EncryptedData", 1610612741, 0}, | ||
1044 | {"version", 1073741826, "pkcs-7-CMSVersion"}, | ||
1045 | {"encryptedContentInfo", 1073741826, "pkcs-7-EncryptedContentInfo"}, | ||
1046 | {"unprotectedAttrs", 536895490, "pkcs-7-UnprotectedAttributes"}, | ||
1047 | {0, 4104, "1"}, | ||
1048 | {"pkcs-7-EncryptedContentInfo", 1610612741, 0}, | ||
1049 | {"contentType", 1073741826, "pkcs-7-ContentType"}, | ||
1050 | {"contentEncryptionAlgorithm", 1073741826, | ||
1051 | "pkcs-7-ContentEncryptionAlgorithmIdentifier"}, | ||
1052 | {"encryptedContent", 536895490, "pkcs-7-EncryptedContent"}, | ||
1053 | {0, 4104, "0"}, | ||
1054 | {"pkcs-7-ContentEncryptionAlgorithmIdentifier", 1073741826, | ||
1055 | "AlgorithmIdentifier"}, | ||
1056 | {"pkcs-7-EncryptedContent", 1073741831, 0}, | ||
1057 | {"pkcs-7-UnprotectedAttributes", 1612709903, 0}, | ||
1058 | {"MAX", 1074266122, "1"}, | ||
1059 | {0, 2, "Attribute"}, | ||
1060 | {"id-at-ldap-DC", 1880096780, "AttributeType"}, | ||
1061 | {0, 1073741825, "0"}, | ||
1062 | {0, 1073741825, "9"}, | ||
1063 | {0, 1073741825, "2342"}, | ||
1064 | {0, 1073741825, "19200300"}, | ||
1065 | {0, 1073741825, "100"}, | ||
1066 | {0, 1073741825, "1"}, | ||
1067 | {0, 1, "25"}, | ||
1068 | {"ldap-DC", 1073741826, "IA5String"}, | ||
1069 | {"id-at-ldap-UID", 1880096780, "AttributeType"}, | ||
1070 | {0, 1073741825, "0"}, | ||
1071 | {0, 1073741825, "9"}, | ||
1072 | {0, 1073741825, "2342"}, | ||
1073 | {0, 1073741825, "19200300"}, | ||
1074 | {0, 1073741825, "100"}, | ||
1075 | {0, 1073741825, "1"}, | ||
1076 | {0, 1, "1"}, | ||
1077 | {"ldap-UID", 1073741826, "DirectoryString"}, | ||
1078 | {"id-pda", 1879048204, 0}, | ||
1079 | {0, 1073741825, "id-pkix"}, | ||
1080 | {0, 1, "9"}, | ||
1081 | {"id-pda-dateOfBirth", 1880096780, "AttributeType"}, | ||
1082 | {0, 1073741825, "id-pda"}, | ||
1083 | {0, 1, "1"}, | ||
1084 | {"DateOfBirth", 1082130449, 0}, | ||
1085 | {"id-pda-placeOfBirth", 1880096780, "AttributeType"}, | ||
1086 | {0, 1073741825, "id-pda"}, | ||
1087 | {0, 1, "2"}, | ||
1088 | {"PlaceOfBirth", 1073741826, "DirectoryString"}, | ||
1089 | {"id-pda-gender", 1880096780, "AttributeType"}, | ||
1090 | {0, 1073741825, "id-pda"}, | ||
1091 | {0, 1, "3"}, | ||
1092 | {"Gender", 1612709890, "PrintableString"}, | ||
1093 | {0, 1048586, "1"}, | ||
1094 | {"id-pda-countryOfCitizenship", 1880096780, "AttributeType"}, | ||
1095 | {0, 1073741825, "id-pda"}, | ||
1096 | {0, 1, "4"}, | ||
1097 | {"CountryOfCitizenship", 1612709890, "PrintableString"}, | ||
1098 | {0, 1048586, "2"}, | ||
1099 | {"id-pda-countryOfResidence", 1880096780, "AttributeType"}, | ||
1100 | {0, 1073741825, "id-pda"}, | ||
1101 | {0, 1, "5"}, | ||
1102 | {"CountryOfResidence", 1612709890, "PrintableString"}, | ||
1103 | {0, 1048586, "2"}, | ||
1104 | {"id-pe-proxyCertInfo", 1879048204, 0}, | ||
1105 | {0, 1073741825, "id-pe"}, | ||
1106 | {0, 1, "14"}, | ||
1107 | {"id-ppl-inheritAll", 1879048204, 0}, | ||
1108 | {0, 1073741825, "id-pkix"}, | ||
1109 | {0, 1073741825, "21"}, | ||
1110 | {0, 1, "1"}, | ||
1111 | {"id-ppl-independent", 1879048204, 0}, | ||
1112 | {0, 1073741825, "id-pkix"}, | ||
1113 | {0, 1073741825, "21"}, | ||
1114 | {0, 1, "2"}, | ||
1115 | {"ProxyCertInfo", 1610612741, 0}, | ||
1116 | {"pCPathLenConstraint", 1611153411, 0}, | ||
1117 | {"0", 10, "MAX"}, | ||
1118 | {"proxyPolicy", 2, "ProxyPolicy"}, | ||
1119 | {"ProxyPolicy", 1610612741, 0}, | ||
1120 | {"policyLanguage", 1073741836, 0}, | ||
1121 | {"policy", 16391, 0}, | ||
1122 | {"id-on", 1879048204, 0}, | ||
1123 | {0, 1073741825, "id-pkix"}, | ||
1124 | {0, 1, "8"}, | ||
1125 | {"id-on-xmppAddr", 1879048204, 0}, | ||
1126 | {0, 1073741825, "id-on"}, | ||
1127 | {0, 1, "5"}, | ||
1128 | {"XmppAddr", 2, "UTF8String"}, | ||
1129 | {0, 0, 0} | ||
1130 | }; | ||
diff --git a/src/daemon/https/tls/str-two-way.h b/src/daemon/https/tls/str-two-way.h deleted file mode 100644 index 29bb09f6..00000000 --- a/src/daemon/https/tls/str-two-way.h +++ /dev/null | |||
@@ -1,429 +0,0 @@ | |||
1 | /* Byte-wise substring search, using the Two-Way algorithm. | ||
2 | Copyright (C) 2008 Free Software Foundation, Inc. | ||
3 | This file is part of the GNU C Library. | ||
4 | Written by Eric Blake <ebb9@byu.net>, 2008. | ||
5 | |||
6 | This program is free software; you can redistribute it and/or modify | ||
7 | it under the terms of the GNU Lesser General Public License as published by | ||
8 | the Free Software Foundation; either version 2.1, or (at your option) | ||
9 | any later version. | ||
10 | |||
11 | This program is distributed in the hope that it will be useful, | ||
12 | but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | GNU Lesser General Public License for more details. | ||
15 | |||
16 | You should have received a copy of the GNU Lesser General Public License along | ||
17 | with this program; if not, write to the Free Software Foundation, | ||
18 | Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ | ||
19 | |||
20 | /* Before including this file, you need to include <config.h> and | ||
21 | <string.h>, and define: | ||
22 | RESULT_TYPE A macro that expands to the return type. | ||
23 | AVAILABLE(h, h_l, j, n_l) | ||
24 | A macro that returns nonzero if there are | ||
25 | at least N_L bytes left starting at H[J]. | ||
26 | H is 'unsigned char *', H_L, J, and N_L | ||
27 | are 'size_t'; H_L is an lvalue. For | ||
28 | NUL-terminated searches, H_L can be | ||
29 | modified each iteration to avoid having | ||
30 | to compute the end of H up front. | ||
31 | |||
32 | For case-insensitivity, you may optionally define: | ||
33 | CMP_FUNC(p1, p2, l) A macro that returns 0 iff the first L | ||
34 | characters of P1 and P2 are equal. | ||
35 | CANON_ELEMENT(c) A macro that canonicalizes an element right after | ||
36 | it has been fetched from one of the two strings. | ||
37 | The argument is an 'unsigned char'; the result | ||
38 | must be an 'unsigned char' as well. | ||
39 | |||
40 | This file undefines the macros documented above, and defines | ||
41 | LONG_NEEDLE_THRESHOLD. | ||
42 | */ | ||
43 | |||
44 | #include <limits.h> | ||
45 | #include <stdint.h> | ||
46 | |||
47 | /* We use the Two-Way string matching algorithm, which guarantees | ||
48 | linear complexity with constant space. Additionally, for long | ||
49 | needles, we also use a bad character shift table similar to the | ||
50 | Boyer-Moore algorithm to achieve improved (potentially sub-linear) | ||
51 | performance. | ||
52 | |||
53 | See http://www-igm.univ-mlv.fr/~lecroq/string/node26.html#SECTION00260 | ||
54 | and http://en.wikipedia.org/wiki/Boyer-Moore_string_search_algorithm | ||
55 | */ | ||
56 | |||
57 | /* Point at which computing a bad-byte shift table is likely to be | ||
58 | worthwhile. Small needles should not compute a table, since it | ||
59 | adds (1 << CHAR_BIT) + NEEDLE_LEN computations of preparation for a | ||
60 | speedup no greater than a factor of NEEDLE_LEN. The larger the | ||
61 | needle, the better the potential performance gain. On the other | ||
62 | hand, on non-POSIX systems with CHAR_BIT larger than eight, the | ||
63 | memory required for the table is prohibitive. */ | ||
64 | #if CHAR_BIT < 10 | ||
65 | # define LONG_NEEDLE_THRESHOLD 32U | ||
66 | #else | ||
67 | # define LONG_NEEDLE_THRESHOLD SIZE_MAX | ||
68 | #endif | ||
69 | |||
70 | #ifndef MAX | ||
71 | # define MAX(a, b) ((a < b) ? (b) : (a)) | ||
72 | #endif | ||
73 | |||
74 | #ifndef CANON_ELEMENT | ||
75 | # define CANON_ELEMENT(c) c | ||
76 | #endif | ||
77 | #ifndef CMP_FUNC | ||
78 | # define CMP_FUNC memcmp | ||
79 | #endif | ||
80 | |||
81 | /* Perform a critical factorization of NEEDLE, of length NEEDLE_LEN. | ||
82 | Return the index of the first byte in the right half, and set | ||
83 | *PERIOD to the global period of the right half. | ||
84 | |||
85 | The global period of a string is the smallest index (possibly its | ||
86 | length) at which all remaining bytes in the string are repetitions | ||
87 | of the prefix (the last repetition may be a subset of the prefix). | ||
88 | |||
89 | When NEEDLE is factored into two halves, a local period is the | ||
90 | length of the smallest word that shares a suffix with the left half | ||
91 | and shares a prefix with the right half. All factorizations of a | ||
92 | non-empty NEEDLE have a local period of at least 1 and no greater | ||
93 | than NEEDLE_LEN. | ||
94 | |||
95 | A critical factorization has the property that the local period | ||
96 | equals the global period. All strings have at least one critical | ||
97 | factorization with the left half smaller than the global period. | ||
98 | |||
99 | Given an ordered alphabet, a critical factorization can be computed | ||
100 | in linear time, with 2 * NEEDLE_LEN comparisons, by computing the | ||
101 | larger of two ordered maximal suffixes. The ordered maximal | ||
102 | suffixes are determined by lexicographic comparison of | ||
103 | periodicity. */ | ||
104 | static size_t | ||
105 | critical_factorization (const unsigned char *needle, size_t needle_len, | ||
106 | size_t * period) | ||
107 | { | ||
108 | /* Index of last byte of left half, or SIZE_MAX. */ | ||
109 | size_t max_suffix, max_suffix_rev; | ||
110 | size_t j; /* Index into NEEDLE for current candidate suffix. */ | ||
111 | size_t k; /* Offset into current period. */ | ||
112 | size_t p; /* Intermediate period. */ | ||
113 | unsigned char a, b; /* Current comparison bytes. */ | ||
114 | |||
115 | /* Invariants: | ||
116 | 0 <= j < NEEDLE_LEN - 1 | ||
117 | -1 <= max_suffix{,_rev} < j (treating SIZE_MAX as if it were signed) | ||
118 | min(max_suffix, max_suffix_rev) < global period of NEEDLE | ||
119 | 1 <= p <= global period of NEEDLE | ||
120 | p == global period of the substring NEEDLE[max_suffix{,_rev}+1...j] | ||
121 | 1 <= k <= p | ||
122 | */ | ||
123 | |||
124 | /* Perform lexicographic search. */ | ||
125 | max_suffix = SIZE_MAX; | ||
126 | j = 0; | ||
127 | k = p = 1; | ||
128 | while (j + k < needle_len) | ||
129 | { | ||
130 | a = CANON_ELEMENT (needle[j + k]); | ||
131 | b = CANON_ELEMENT (needle[max_suffix + k]); | ||
132 | if (a < b) | ||
133 | { | ||
134 | /* Suffix is smaller, period is entire prefix so far. */ | ||
135 | j += k; | ||
136 | k = 1; | ||
137 | p = j - max_suffix; | ||
138 | } | ||
139 | else if (a == b) | ||
140 | { | ||
141 | /* Advance through repetition of the current period. */ | ||
142 | if (k != p) | ||
143 | ++k; | ||
144 | else | ||
145 | { | ||
146 | j += p; | ||
147 | k = 1; | ||
148 | } | ||
149 | } | ||
150 | else /* b < a */ | ||
151 | { | ||
152 | /* Suffix is larger, start over from current location. */ | ||
153 | max_suffix = j++; | ||
154 | k = p = 1; | ||
155 | } | ||
156 | } | ||
157 | *period = p; | ||
158 | |||
159 | /* Perform reverse lexicographic search. */ | ||
160 | max_suffix_rev = SIZE_MAX; | ||
161 | j = 0; | ||
162 | k = p = 1; | ||
163 | while (j + k < needle_len) | ||
164 | { | ||
165 | a = CANON_ELEMENT (needle[j + k]); | ||
166 | b = CANON_ELEMENT (needle[max_suffix_rev + k]); | ||
167 | if (b < a) | ||
168 | { | ||
169 | /* Suffix is smaller, period is entire prefix so far. */ | ||
170 | j += k; | ||
171 | k = 1; | ||
172 | p = j - max_suffix_rev; | ||
173 | } | ||
174 | else if (a == b) | ||
175 | { | ||
176 | /* Advance through repetition of the current period. */ | ||
177 | if (k != p) | ||
178 | ++k; | ||
179 | else | ||
180 | { | ||
181 | j += p; | ||
182 | k = 1; | ||
183 | } | ||
184 | } | ||
185 | else /* a < b */ | ||
186 | { | ||
187 | /* Suffix is larger, start over from current location. */ | ||
188 | max_suffix_rev = j++; | ||
189 | k = p = 1; | ||
190 | } | ||
191 | } | ||
192 | |||
193 | /* Choose the longer suffix. Return the first byte of the right | ||
194 | half, rather than the last byte of the left half. */ | ||
195 | if (max_suffix_rev + 1 < max_suffix + 1) | ||
196 | return max_suffix + 1; | ||
197 | *period = p; | ||
198 | return max_suffix_rev + 1; | ||
199 | } | ||
200 | |||
201 | /* Return the first location of non-empty NEEDLE within HAYSTACK, or | ||
202 | NULL. HAYSTACK_LEN is the minimum known length of HAYSTACK. This | ||
203 | method is optimized for NEEDLE_LEN < LONG_NEEDLE_THRESHOLD. | ||
204 | Performance is guaranteed to be linear, with an initialization cost | ||
205 | of 2 * NEEDLE_LEN comparisons. | ||
206 | |||
207 | If AVAILABLE does not modify HAYSTACK_LEN (as in memmem), then at | ||
208 | most 2 * HAYSTACK_LEN - NEEDLE_LEN comparisons occur in searching. | ||
209 | If AVAILABLE modifies HAYSTACK_LEN (as in strstr), then at most 3 * | ||
210 | HAYSTACK_LEN - NEEDLE_LEN comparisons occur in searching. */ | ||
211 | static RETURN_TYPE | ||
212 | two_way_short_needle (const unsigned char *haystack, size_t haystack_len, | ||
213 | const unsigned char *needle, size_t needle_len) | ||
214 | { | ||
215 | size_t i; /* Index into current byte of NEEDLE. */ | ||
216 | size_t j; /* Index into current window of HAYSTACK. */ | ||
217 | size_t period; /* The period of the right half of needle. */ | ||
218 | size_t suffix; /* The index of the right half of needle. */ | ||
219 | |||
220 | /* Factor the needle into two halves, such that the left half is | ||
221 | smaller than the global period, and the right half is | ||
222 | periodic (with a period as large as NEEDLE_LEN - suffix). */ | ||
223 | suffix = critical_factorization (needle, needle_len, &period); | ||
224 | |||
225 | /* Perform the search. Each iteration compares the right half | ||
226 | first. */ | ||
227 | if (CMP_FUNC (needle, needle + period, suffix) == 0) | ||
228 | { | ||
229 | /* Entire needle is periodic; a mismatch can only advance by the | ||
230 | period, so use memory to avoid rescanning known occurrences | ||
231 | of the period. */ | ||
232 | size_t memory = 0; | ||
233 | j = 0; | ||
234 | while (AVAILABLE (haystack, haystack_len, j, needle_len)) | ||
235 | { | ||
236 | /* Scan for matches in right half. */ | ||
237 | i = MAX (suffix, memory); | ||
238 | while (i < needle_len && (CANON_ELEMENT (needle[i]) | ||
239 | == CANON_ELEMENT (haystack[i + j]))) | ||
240 | ++i; | ||
241 | if (needle_len <= i) | ||
242 | { | ||
243 | /* Scan for matches in left half. */ | ||
244 | i = suffix - 1; | ||
245 | while (memory < i + 1 && (CANON_ELEMENT (needle[i]) | ||
246 | == CANON_ELEMENT (haystack[i + j]))) | ||
247 | --i; | ||
248 | if (i + 1 < memory + 1) | ||
249 | return (RETURN_TYPE) (haystack + j); | ||
250 | /* No match, so remember how many repetitions of period | ||
251 | on the right half were scanned. */ | ||
252 | j += period; | ||
253 | memory = needle_len - period; | ||
254 | } | ||
255 | else | ||
256 | { | ||
257 | j += i - suffix + 1; | ||
258 | memory = 0; | ||
259 | } | ||
260 | } | ||
261 | } | ||
262 | else | ||
263 | { | ||
264 | /* The two halves of needle are distinct; no extra memory is | ||
265 | required, and any mismatch results in a maximal shift. */ | ||
266 | period = MAX (suffix, needle_len - suffix) + 1; | ||
267 | j = 0; | ||
268 | while (AVAILABLE (haystack, haystack_len, j, needle_len)) | ||
269 | { | ||
270 | /* Scan for matches in right half. */ | ||
271 | i = suffix; | ||
272 | while (i < needle_len && (CANON_ELEMENT (needle[i]) | ||
273 | == CANON_ELEMENT (haystack[i + j]))) | ||
274 | ++i; | ||
275 | if (needle_len <= i) | ||
276 | { | ||
277 | /* Scan for matches in left half. */ | ||
278 | i = suffix - 1; | ||
279 | while (i != SIZE_MAX && (CANON_ELEMENT (needle[i]) | ||
280 | == CANON_ELEMENT (haystack[i + j]))) | ||
281 | --i; | ||
282 | if (i == SIZE_MAX) | ||
283 | return (RETURN_TYPE) (haystack + j); | ||
284 | j += period; | ||
285 | } | ||
286 | else | ||
287 | j += i - suffix + 1; | ||
288 | } | ||
289 | } | ||
290 | return NULL; | ||
291 | } | ||
292 | |||
293 | /* Return the first location of non-empty NEEDLE within HAYSTACK, or | ||
294 | NULL. HAYSTACK_LEN is the minimum known length of HAYSTACK. This | ||
295 | method is optimized for LONG_NEEDLE_THRESHOLD <= NEEDLE_LEN. | ||
296 | Performance is guaranteed to be linear, with an initialization cost | ||
297 | of 3 * NEEDLE_LEN + (1 << CHAR_BIT) operations. | ||
298 | |||
299 | If AVAILABLE does not modify HAYSTACK_LEN (as in memmem), then at | ||
300 | most 2 * HAYSTACK_LEN - NEEDLE_LEN comparisons occur in searching, | ||
301 | and sublinear performance O(HAYSTACK_LEN / NEEDLE_LEN) is possible. | ||
302 | If AVAILABLE modifies HAYSTACK_LEN (as in strstr), then at most 3 * | ||
303 | HAYSTACK_LEN - NEEDLE_LEN comparisons occur in searching, and | ||
304 | sublinear performance is not possible. */ | ||
305 | static RETURN_TYPE | ||
306 | two_way_long_needle (const unsigned char *haystack, size_t haystack_len, | ||
307 | const unsigned char *needle, size_t needle_len) | ||
308 | { | ||
309 | size_t i; /* Index into current byte of NEEDLE. */ | ||
310 | size_t j; /* Index into current window of HAYSTACK. */ | ||
311 | size_t period; /* The period of the right half of needle. */ | ||
312 | size_t suffix; /* The index of the right half of needle. */ | ||
313 | size_t shift_table[1U << CHAR_BIT]; /* See below. */ | ||
314 | |||
315 | /* Factor the needle into two halves, such that the left half is | ||
316 | smaller than the global period, and the right half is | ||
317 | periodic (with a period as large as NEEDLE_LEN - suffix). */ | ||
318 | suffix = critical_factorization (needle, needle_len, &period); | ||
319 | |||
320 | /* Populate shift_table. For each possible byte value c, | ||
321 | shift_table[c] is the distance from the last occurrence of c to | ||
322 | the end of NEEDLE, or NEEDLE_LEN if c is absent from the NEEDLE. | ||
323 | shift_table[NEEDLE[NEEDLE_LEN - 1]] contains the only 0. */ | ||
324 | for (i = 0; i < 1U << CHAR_BIT; i++) | ||
325 | shift_table[i] = needle_len; | ||
326 | for (i = 0; i < needle_len; i++) | ||
327 | shift_table[CANON_ELEMENT (needle[i])] = needle_len - i - 1; | ||
328 | |||
329 | /* Perform the search. Each iteration compares the right half | ||
330 | first. */ | ||
331 | if (CMP_FUNC (needle, needle + period, suffix) == 0) | ||
332 | { | ||
333 | /* Entire needle is periodic; a mismatch can only advance by the | ||
334 | period, so use memory to avoid rescanning known occurrences | ||
335 | of the period. */ | ||
336 | size_t memory = 0; | ||
337 | size_t shift; | ||
338 | j = 0; | ||
339 | while (AVAILABLE (haystack, haystack_len, j, needle_len)) | ||
340 | { | ||
341 | /* Check the last byte first; if it does not match, then | ||
342 | shift to the next possible match location. */ | ||
343 | shift = shift_table[CANON_ELEMENT (haystack[j + needle_len - 1])]; | ||
344 | if (0 < shift) | ||
345 | { | ||
346 | if (memory && shift < period) | ||
347 | { | ||
348 | /* Since needle is periodic, but the last period has | ||
349 | a byte out of place, there can be no match until | ||
350 | after the mismatch. */ | ||
351 | shift = needle_len - period; | ||
352 | memory = 0; | ||
353 | } | ||
354 | j += shift; | ||
355 | continue; | ||
356 | } | ||
357 | /* Scan for matches in right half. The last byte has | ||
358 | already been matched, by virtue of the shift table. */ | ||
359 | i = MAX (suffix, memory); | ||
360 | while (i < needle_len - 1 && (CANON_ELEMENT (needle[i]) | ||
361 | == CANON_ELEMENT (haystack[i + j]))) | ||
362 | ++i; | ||
363 | if (needle_len - 1 <= i) | ||
364 | { | ||
365 | /* Scan for matches in left half. */ | ||
366 | i = suffix - 1; | ||
367 | while (memory < i + 1 && (CANON_ELEMENT (needle[i]) | ||
368 | == CANON_ELEMENT (haystack[i + j]))) | ||
369 | --i; | ||
370 | if (i + 1 < memory + 1) | ||
371 | return (RETURN_TYPE) (haystack + j); | ||
372 | /* No match, so remember how many repetitions of period | ||
373 | on the right half were scanned. */ | ||
374 | j += period; | ||
375 | memory = needle_len - period; | ||
376 | } | ||
377 | else | ||
378 | { | ||
379 | j += i - suffix + 1; | ||
380 | memory = 0; | ||
381 | } | ||
382 | } | ||
383 | } | ||
384 | else | ||
385 | { | ||
386 | /* The two halves of needle are distinct; no extra memory is | ||
387 | required, and any mismatch results in a maximal shift. */ | ||
388 | size_t shift; | ||
389 | period = MAX (suffix, needle_len - suffix) + 1; | ||
390 | j = 0; | ||
391 | while (AVAILABLE (haystack, haystack_len, j, needle_len)) | ||
392 | { | ||
393 | /* Check the last byte first; if it does not match, then | ||
394 | shift to the next possible match location. */ | ||
395 | shift = shift_table[CANON_ELEMENT (haystack[j + needle_len - 1])]; | ||
396 | if (0 < shift) | ||
397 | { | ||
398 | j += shift; | ||
399 | continue; | ||
400 | } | ||
401 | /* Scan for matches in right half. The last byte has | ||
402 | already been matched, by virtue of the shift table. */ | ||
403 | i = suffix; | ||
404 | while (i < needle_len - 1 && (CANON_ELEMENT (needle[i]) | ||
405 | == CANON_ELEMENT (haystack[i + j]))) | ||
406 | ++i; | ||
407 | if (needle_len - 1 <= i) | ||
408 | { | ||
409 | /* Scan for matches in left half. */ | ||
410 | i = suffix - 1; | ||
411 | while (i != SIZE_MAX && (CANON_ELEMENT (needle[i]) | ||
412 | == CANON_ELEMENT (haystack[i + j]))) | ||
413 | --i; | ||
414 | if (i == SIZE_MAX) | ||
415 | return (RETURN_TYPE) (haystack + j); | ||
416 | j += period; | ||
417 | } | ||
418 | else | ||
419 | j += i - suffix + 1; | ||
420 | } | ||
421 | } | ||
422 | return NULL; | ||
423 | } | ||
424 | |||
425 | #undef AVAILABLE | ||
426 | #undef CANON_ELEMENT | ||
427 | #undef CMP_FUNC | ||
428 | #undef MAX | ||
429 | #undef RETURN_TYPE | ||
diff --git a/src/daemon/https/tls/x509_b64.c b/src/daemon/https/tls/x509_b64.c deleted file mode 100644 index 152f7409..00000000 --- a/src/daemon/https/tls/x509_b64.c +++ /dev/null | |||
@@ -1,413 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* Functions that relate to base64 encoding and decoding. | ||
26 | */ | ||
27 | |||
28 | #include "gnutls_int.h" | ||
29 | #include "gnutls_errors.h" | ||
30 | #include <gnutls_datum.h> | ||
31 | #include <x509_b64.h> | ||
32 | |||
33 | static const uint8_t b64table[] = | ||
34 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; | ||
35 | |||
36 | static const uint8_t asciitable[128] = { | ||
37 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | ||
38 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | ||
39 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | ||
40 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | ||
41 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | ||
42 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | ||
43 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | ||
44 | 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f, | ||
45 | 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, | ||
46 | 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff, | ||
47 | 0xff, 0xf1, 0xff, 0xff, 0xff, 0x00, /* 0xf1 for '=' */ | ||
48 | 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, | ||
49 | 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, | ||
50 | 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, | ||
51 | 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, | ||
52 | 0x19, 0xff, 0xff, 0xff, 0xff, 0xff, | ||
53 | 0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, | ||
54 | 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, | ||
55 | 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, | ||
56 | 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, | ||
57 | 0x31, 0x32, 0x33, 0xff, 0xff, 0xff, | ||
58 | 0xff, 0xff | ||
59 | }; | ||
60 | |||
61 | #define INCR(what, size) \ | ||
62 | do { \ | ||
63 | what+=size; \ | ||
64 | if (what > ret) { \ | ||
65 | MHD_gnutls_assert(); \ | ||
66 | MHD_gnutls_free( (*result)); *result = NULL; \ | ||
67 | return GNUTLS_E_INTERNAL_ERROR; \ | ||
68 | } \ | ||
69 | } while(0) | ||
70 | |||
71 | |||
72 | inline static int | ||
73 | encode (char *result, const uint8_t * data, int left) | ||
74 | { | ||
75 | |||
76 | int data_len; | ||
77 | |||
78 | if (left > 3) | ||
79 | data_len = 3; | ||
80 | else | ||
81 | data_len = left; | ||
82 | |||
83 | switch (data_len) | ||
84 | { | ||
85 | case 3: | ||
86 | result[0] = b64table[(data[0] >> 2)]; | ||
87 | result[1] = | ||
88 | b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) | | ||
89 | (data[1] >> 4))]; | ||
90 | result[2] = | ||
91 | b64table[((((data[1] & 0x0f) << 2) & 0xff) | (data[2] >> 6))]; | ||
92 | result[3] = b64table[(((data[2] << 2) & 0xff) >> 2)]; | ||
93 | break; | ||
94 | case 2: | ||
95 | result[0] = b64table[(data[0] >> 2)]; | ||
96 | result[1] = | ||
97 | b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) | | ||
98 | (data[1] >> 4))]; | ||
99 | result[2] = b64table[(((data[1] << 4) & 0xff) >> 2)]; | ||
100 | result[3] = '='; | ||
101 | break; | ||
102 | case 1: | ||
103 | result[0] = b64table[(data[0] >> 2)]; | ||
104 | result[1] = b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff))]; | ||
105 | result[2] = '='; | ||
106 | result[3] = '='; | ||
107 | break; | ||
108 | default: | ||
109 | return -1; | ||
110 | } | ||
111 | |||
112 | return 4; | ||
113 | |||
114 | } | ||
115 | |||
116 | /* data must be 4 bytes | ||
117 | * result should be 3 bytes | ||
118 | */ | ||
119 | #define TOASCII(c) (c < 127 ? asciitable[c] : 0xff) | ||
120 | inline static int | ||
121 | decode (uint8_t * result, const opaque * data) | ||
122 | { | ||
123 | uint8_t a1, a2; | ||
124 | int ret = 3; | ||
125 | |||
126 | a1 = TOASCII (data[0]); | ||
127 | a2 = TOASCII (data[1]); | ||
128 | if (a1 == 0xff || a2 == 0xff) | ||
129 | return -1; | ||
130 | result[0] = ((a1 << 2) & 0xff) | ((a2 >> 4) & 0xff); | ||
131 | |||
132 | a1 = a2; | ||
133 | a2 = TOASCII (data[2]); | ||
134 | if (a2 == 0xff) | ||
135 | return -1; | ||
136 | result[1] = ((a1 << 4) & 0xff) | ((a2 >> 2) & 0xff); | ||
137 | |||
138 | a1 = a2; | ||
139 | a2 = TOASCII (data[3]); | ||
140 | if (a2 == 0xff) | ||
141 | return -1; | ||
142 | result[2] = ((a1 << 6) & 0xff) | (a2 & 0xff); | ||
143 | |||
144 | if (data[2] == '=') | ||
145 | ret--; | ||
146 | |||
147 | if (data[3] == '=') | ||
148 | ret--; | ||
149 | return ret; | ||
150 | } | ||
151 | |||
152 | /* encodes data and puts the result into result (locally allocated) | ||
153 | * The result_size (including the null terminator) is the return value. | ||
154 | */ | ||
155 | int | ||
156 | MHD__gnutls_fbase64_encode (const char *msg, const uint8_t * data, | ||
157 | int data_size, uint8_t ** result) | ||
158 | { | ||
159 | int i, ret, tmp, j; | ||
160 | char tmpres[4]; | ||
161 | uint8_t *ptr; | ||
162 | uint8_t top[80]; | ||
163 | uint8_t bottom[80]; | ||
164 | int pos, bytes, top_len, bottom_len; | ||
165 | size_t msglen = strlen (msg); | ||
166 | |||
167 | if (msglen > 50) | ||
168 | { | ||
169 | MHD_gnutls_assert (); | ||
170 | return GNUTLS_E_BASE64_ENCODING_ERROR; | ||
171 | } | ||
172 | |||
173 | memset (bottom, 0, sizeof (bottom)); | ||
174 | memset (top, 0, sizeof (top)); | ||
175 | |||
176 | strcat ((char *) top, "-----BEGIN "); /* Flawfinder: ignore */ | ||
177 | strcat ((char *) top, msg); /* Flawfinder: ignore */ | ||
178 | strcat ((char *) top, "-----"); /* Flawfinder: ignore */ | ||
179 | |||
180 | strcat ((char *) bottom, "\n-----END "); /* Flawfinder: ignore */ | ||
181 | strcat ((char *) bottom, msg); /* Flawfinder: ignore */ | ||
182 | strcat ((char *) bottom, "-----\n"); /* Flawfinder: ignore */ | ||
183 | |||
184 | top_len = strlen ((char *) top); | ||
185 | bottom_len = strlen ((char *) bottom); | ||
186 | |||
187 | ret = B64FSIZE (msglen, data_size); | ||
188 | |||
189 | (*result) = MHD_gnutls_calloc (1, ret + 1); | ||
190 | if ((*result) == NULL) | ||
191 | { | ||
192 | MHD_gnutls_assert (); | ||
193 | return GNUTLS_E_MEMORY_ERROR; | ||
194 | } | ||
195 | |||
196 | bytes = pos = 0; | ||
197 | INCR (bytes, top_len); | ||
198 | pos = top_len; | ||
199 | |||
200 | strcpy ((char *) *result, (char *) top); /* Flawfinder: ignore */ | ||
201 | |||
202 | for (i = j = 0; i < data_size; i += 3, j += 4) | ||
203 | { | ||
204 | |||
205 | tmp = encode (tmpres, &data[i], data_size - i); | ||
206 | if (tmp == -1) | ||
207 | { | ||
208 | MHD_gnutls_assert (); | ||
209 | MHD_gnutls_free ((*result)); | ||
210 | *result = NULL; | ||
211 | return GNUTLS_E_BASE64_ENCODING_ERROR; | ||
212 | } | ||
213 | |||
214 | INCR (bytes, 4); | ||
215 | ptr = &(*result)[j + pos]; | ||
216 | |||
217 | if ((j) % 64 == 0) | ||
218 | { | ||
219 | INCR (bytes, 1); | ||
220 | pos++; | ||
221 | *ptr++ = '\n'; | ||
222 | } | ||
223 | *ptr++ = tmpres[0]; | ||
224 | |||
225 | if ((j + 1) % 64 == 0) | ||
226 | { | ||
227 | INCR (bytes, 1); | ||
228 | pos++; | ||
229 | *ptr++ = '\n'; | ||
230 | } | ||
231 | *ptr++ = tmpres[1]; | ||
232 | |||
233 | if ((j + 2) % 64 == 0) | ||
234 | { | ||
235 | INCR (bytes, 1); | ||
236 | pos++; | ||
237 | *ptr++ = '\n'; | ||
238 | } | ||
239 | *ptr++ = tmpres[2]; | ||
240 | |||
241 | if ((j + 3) % 64 == 0) | ||
242 | { | ||
243 | INCR (bytes, 1); | ||
244 | pos++; | ||
245 | *ptr++ = '\n'; | ||
246 | } | ||
247 | *ptr++ = tmpres[3]; | ||
248 | } | ||
249 | |||
250 | INCR (bytes, bottom_len); | ||
251 | |||
252 | memcpy (&(*result)[bytes - bottom_len], bottom, bottom_len); | ||
253 | (*result)[bytes] = 0; | ||
254 | |||
255 | return ret + 1; | ||
256 | } | ||
257 | |||
258 | /* decodes data and puts the result into result (locally allocated) | ||
259 | * The result_size is the return value | ||
260 | */ | ||
261 | int | ||
262 | MHD__gnutls_base64_decode (const uint8_t * data, size_t data_size, | ||
263 | uint8_t ** result) | ||
264 | { | ||
265 | unsigned int i, j; | ||
266 | int ret, tmp, est; | ||
267 | uint8_t tmpres[3]; | ||
268 | |||
269 | est = ((data_size * 3) / 4) + 1; | ||
270 | (*result) = MHD_gnutls_malloc (est); | ||
271 | if ((*result) == NULL) | ||
272 | return GNUTLS_E_MEMORY_ERROR; | ||
273 | |||
274 | ret = 0; | ||
275 | for (i = j = 0; i < data_size; i += 4, j += 3) | ||
276 | { | ||
277 | tmp = decode (tmpres, &data[i]); | ||
278 | if (tmp < 0) | ||
279 | { | ||
280 | MHD_gnutls_free (*result); | ||
281 | *result = NULL; | ||
282 | return tmp; | ||
283 | } | ||
284 | memcpy (&(*result)[j], tmpres, tmp); | ||
285 | ret += tmp; | ||
286 | } | ||
287 | return ret; | ||
288 | } | ||
289 | |||
290 | /* copies data to result but removes newlines and <CR> | ||
291 | * returns the size of the data copied. | ||
292 | */ | ||
293 | inline static int | ||
294 | cpydata (const uint8_t * data, int data_size, uint8_t ** result) | ||
295 | { | ||
296 | int i, j; | ||
297 | |||
298 | (*result) = MHD_gnutls_malloc (data_size); | ||
299 | if (*result == NULL) | ||
300 | return GNUTLS_E_MEMORY_ERROR; | ||
301 | |||
302 | for (j = i = 0; i < data_size; i++) | ||
303 | { | ||
304 | if (data[i] == '\n' || data[i] == '\r') | ||
305 | continue; | ||
306 | (*result)[j] = data[i]; | ||
307 | j++; | ||
308 | } | ||
309 | return j; | ||
310 | } | ||
311 | |||
312 | /* Searches the given string for ONE PEM encoded certificate, and | ||
313 | * stores it in the result. | ||
314 | * | ||
315 | * The result_size is the return value | ||
316 | */ | ||
317 | #define ENDSTR "-----\n" | ||
318 | #define ENDSTR2 "-----\r" | ||
319 | int | ||
320 | MHD__gnutls_fbase64_decode (const char *header, const opaque * data, | ||
321 | size_t data_size, uint8_t ** result) | ||
322 | { | ||
323 | int ret; | ||
324 | static const char top[] = "-----BEGIN "; | ||
325 | static const char bottom[] = "\n-----END "; | ||
326 | uint8_t *rdata; | ||
327 | int rdata_size; | ||
328 | uint8_t *kdata; | ||
329 | int kdata_size; | ||
330 | char pem_header[128]; | ||
331 | |||
332 | MHD_gtls_str_cpy (pem_header, sizeof (pem_header), top); | ||
333 | if (header != NULL) | ||
334 | MHD_gtls_str_cat (pem_header, sizeof (pem_header), header); | ||
335 | |||
336 | rdata = memmem (data, data_size, pem_header, strlen (pem_header)); | ||
337 | |||
338 | if (rdata == NULL) | ||
339 | { | ||
340 | MHD_gnutls_assert (); | ||
341 | MHD__gnutls_debug_log ("Could not find '%s'\n", pem_header); | ||
342 | return GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR; | ||
343 | } | ||
344 | |||
345 | data_size -= (unsigned long int) rdata - (unsigned long int) data; | ||
346 | |||
347 | if (data_size < 4 + strlen (bottom)) | ||
348 | { | ||
349 | MHD_gnutls_assert (); | ||
350 | return GNUTLS_E_BASE64_DECODING_ERROR; | ||
351 | } | ||
352 | |||
353 | kdata = memmem (rdata, data_size, ENDSTR, sizeof (ENDSTR) - 1); | ||
354 | /* allow CR as well. | ||
355 | */ | ||
356 | if (kdata == NULL) | ||
357 | kdata = memmem (rdata, data_size, ENDSTR2, sizeof (ENDSTR2) - 1); | ||
358 | |||
359 | if (kdata == NULL) | ||
360 | { | ||
361 | MHD_gnutls_assert (); | ||
362 | MHD__gnutls_x509_log ("Could not find '%s'\n", ENDSTR); | ||
363 | return GNUTLS_E_BASE64_DECODING_ERROR; | ||
364 | } | ||
365 | data_size -= strlen (ENDSTR); | ||
366 | data_size -= (unsigned long int) kdata - (unsigned long int) rdata; | ||
367 | |||
368 | rdata = kdata + strlen (ENDSTR); | ||
369 | |||
370 | /* position is now after the ---BEGIN--- headers */ | ||
371 | |||
372 | kdata = memmem (rdata, data_size, bottom, strlen (bottom)); | ||
373 | if (kdata == NULL) | ||
374 | { | ||
375 | MHD_gnutls_assert (); | ||
376 | return GNUTLS_E_BASE64_DECODING_ERROR; | ||
377 | } | ||
378 | |||
379 | /* position of kdata is before the ----END--- footer | ||
380 | */ | ||
381 | rdata_size = (unsigned long int) kdata - (unsigned long int) rdata; | ||
382 | |||
383 | if (rdata_size < 4) | ||
384 | { | ||
385 | MHD_gnutls_assert (); | ||
386 | return GNUTLS_E_BASE64_DECODING_ERROR; | ||
387 | } | ||
388 | |||
389 | kdata_size = cpydata (rdata, rdata_size, &kdata); | ||
390 | |||
391 | if (kdata_size < 0) | ||
392 | { | ||
393 | MHD_gnutls_assert (); | ||
394 | return kdata_size; | ||
395 | } | ||
396 | |||
397 | if (kdata_size < 4) | ||
398 | { | ||
399 | MHD_gnutls_assert (); | ||
400 | MHD_gnutls_free (kdata); | ||
401 | return GNUTLS_E_BASE64_DECODING_ERROR; | ||
402 | } | ||
403 | |||
404 | if ((ret = MHD__gnutls_base64_decode (kdata, kdata_size, result)) < 0) | ||
405 | { | ||
406 | MHD_gnutls_free (kdata); | ||
407 | MHD_gnutls_assert (); | ||
408 | return GNUTLS_E_BASE64_DECODING_ERROR; | ||
409 | } | ||
410 | MHD_gnutls_free (kdata); | ||
411 | |||
412 | return ret; | ||
413 | } | ||
diff --git a/src/daemon/https/tls/x509_b64.h b/src/daemon/https/tls/x509_b64.h deleted file mode 100644 index ebb48639..00000000 --- a/src/daemon/https/tls/x509_b64.h +++ /dev/null | |||
@@ -1,43 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | int MHD__gnutls_fbase64_encode (const char *msg, const uint8_t * data, | ||
26 | int data_size, uint8_t ** result); | ||
27 | int MHD__gnutls_base64_decode (const uint8_t * data, size_t data_size, | ||
28 | uint8_t ** result); | ||
29 | int MHD__gnutls_fbase64_decode (const char *header, const uint8_t * data, | ||
30 | size_t data_size, uint8_t ** result); | ||
31 | |||
32 | #define B64SIZE( data_size) ((data_size%3==0)?((data_size*4)/3):(4+((data_size/3)*4))) | ||
33 | |||
34 | /* The size for B64 encoding + newlines plus header | ||
35 | */ | ||
36 | |||
37 | #define HEADSIZE( hsize) \ | ||
38 | sizeof("-----BEGIN ")-1+sizeof("-----")-1+ \ | ||
39 | sizeof("\n-----END ")-1+sizeof("-----\n")-1+hsize+hsize | ||
40 | |||
41 | #define B64FSIZE( hsize, dsize) \ | ||
42 | (B64SIZE(dsize) + HEADSIZE(hsize) + /*newlines*/ \ | ||
43 | B64SIZE(dsize)/64 + (((B64SIZE(dsize) % 64) > 0) ? 1 : 0)) | ||
diff --git a/src/daemon/https/x509/Makefile.am b/src/daemon/https/x509/Makefile.am deleted file mode 100644 index 78844a11..00000000 --- a/src/daemon/https/x509/Makefile.am +++ /dev/null | |||
@@ -1,24 +0,0 @@ | |||
1 | AM_CPPFLAGS = \ | ||
2 | -I$(top_srcdir)/src/include \ | ||
3 | -I$(top_srcdir)/src/daemon/https \ | ||
4 | -I$(top_srcdir)/src/daemon/https/minitasn1 \ | ||
5 | -I$(top_srcdir)/src/daemon/https/lgl \ | ||
6 | -I$(top_srcdir)/src/daemon/https/tls \ | ||
7 | -I$(top_srcdir)/src/daemon/https/x509 \ | ||
8 | @LIBGCRYPT_CFLAGS@ | ||
9 | |||
10 | noinst_LTLIBRARIES = libx509.la | ||
11 | |||
12 | if USE_COVERAGE | ||
13 | AM_CFLAGS = -fprofile-arcs -ftest-coverage | ||
14 | endif | ||
15 | |||
16 | |||
17 | libx509_la_SOURCES = \ | ||
18 | common.c common.h \ | ||
19 | extensions.c extensions.h \ | ||
20 | mpi.c mpi.h \ | ||
21 | x509_privkey.c privkey.h \ | ||
22 | x509.c x509.h | ||
23 | libx509_la_LIBADD = @LIBGCRYPT_LIBS@ | ||
24 | |||
diff --git a/src/daemon/https/x509/common.c b/src/daemon/https/x509/common.c deleted file mode 100644 index 0c8410d1..00000000 --- a/src/daemon/https/x509/common.c +++ /dev/null | |||
@@ -1,447 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | #include <libtasn1.h> | ||
27 | #include <gnutls_datum.h> | ||
28 | #include <gnutls_global.h> | ||
29 | #include <gnutls_errors.h> | ||
30 | #include <gnutls_str.h> | ||
31 | #include <gnutls_x509.h> | ||
32 | #include <gnutls_num.h> | ||
33 | #include <x509_b64.h> | ||
34 | #include <common.h> | ||
35 | #include <mpi.h> | ||
36 | #include <time.h> | ||
37 | |||
38 | /* A generic export function. Will export the given ASN.1 encoded data | ||
39 | * to PEM or DER raw data. | ||
40 | */ | ||
41 | int | ||
42 | MHD__gnutls_x509_export_int (ASN1_TYPE MHD__asn1_data, | ||
43 | MHD_gnutls_x509_crt_fmt_t format, | ||
44 | char *pem_header, | ||
45 | unsigned char *output_data, | ||
46 | size_t * output_data_size) | ||
47 | { | ||
48 | int result, len; | ||
49 | |||
50 | if (format == GNUTLS_X509_FMT_DER) | ||
51 | { | ||
52 | |||
53 | if (output_data == NULL) | ||
54 | *output_data_size = 0; | ||
55 | |||
56 | len = *output_data_size; | ||
57 | |||
58 | if ((result = | ||
59 | MHD__asn1_der_coding (MHD__asn1_data, "", output_data, &len, | ||
60 | NULL)) != ASN1_SUCCESS) | ||
61 | { | ||
62 | *output_data_size = len; | ||
63 | if (result == ASN1_MEM_ERROR) | ||
64 | { | ||
65 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
66 | } | ||
67 | MHD_gnutls_assert (); | ||
68 | return MHD_gtls_asn2err (result); | ||
69 | } | ||
70 | |||
71 | *output_data_size = len; | ||
72 | |||
73 | } | ||
74 | else | ||
75 | { /* PEM */ | ||
76 | opaque *out; | ||
77 | MHD_gnutls_datum_t tmp; | ||
78 | |||
79 | result = MHD__gnutls_x509_der_encode (MHD__asn1_data, "", &tmp, 0); | ||
80 | if (result < 0) | ||
81 | { | ||
82 | MHD_gnutls_assert (); | ||
83 | return result; | ||
84 | } | ||
85 | |||
86 | result = | ||
87 | MHD__gnutls_fbase64_encode (pem_header, tmp.data, tmp.size, &out); | ||
88 | |||
89 | MHD__gnutls_free_datum (&tmp); | ||
90 | |||
91 | if (result < 0) | ||
92 | { | ||
93 | MHD_gnutls_assert (); | ||
94 | return result; | ||
95 | } | ||
96 | |||
97 | if (result == 0) | ||
98 | { /* oooops */ | ||
99 | MHD_gnutls_assert (); | ||
100 | return GNUTLS_E_INTERNAL_ERROR; | ||
101 | } | ||
102 | |||
103 | if ((unsigned) result > *output_data_size) | ||
104 | { | ||
105 | MHD_gnutls_assert (); | ||
106 | MHD_gnutls_free (out); | ||
107 | *output_data_size = result; | ||
108 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
109 | } | ||
110 | |||
111 | *output_data_size = result; | ||
112 | |||
113 | if (output_data) | ||
114 | { | ||
115 | memcpy (output_data, out, result); | ||
116 | |||
117 | /* do not include the null character into output size. | ||
118 | */ | ||
119 | *output_data_size = result - 1; | ||
120 | } | ||
121 | MHD_gnutls_free (out); | ||
122 | |||
123 | } | ||
124 | |||
125 | return 0; | ||
126 | } | ||
127 | |||
128 | /* Decodes an octet string. Leave string_type null for a normal | ||
129 | * octet string. Otherwise put something like BMPString, PrintableString | ||
130 | * etc. | ||
131 | */ | ||
132 | static int | ||
133 | MHD__gnutls_x509_decode_octet_string (const char *string_type, | ||
134 | const opaque * der, | ||
135 | size_t der_size, | ||
136 | opaque * output, size_t * output_size) | ||
137 | { | ||
138 | ASN1_TYPE c2 = ASN1_TYPE_EMPTY; | ||
139 | int result, tmp_output_size; | ||
140 | char strname[64]; | ||
141 | |||
142 | if (string_type == NULL) | ||
143 | MHD_gtls_str_cpy (strname, sizeof (strname), "PKIX1.pkcs-7-Data"); | ||
144 | else | ||
145 | { | ||
146 | MHD_gtls_str_cpy (strname, sizeof (strname), "PKIX1."); | ||
147 | MHD_gtls_str_cat (strname, sizeof (strname), string_type); | ||
148 | } | ||
149 | |||
150 | if ((result = | ||
151 | MHD__asn1_create_element (MHD__gnutls_get_pkix (), strname, | ||
152 | &c2)) != ASN1_SUCCESS) | ||
153 | { | ||
154 | MHD_gnutls_assert (); | ||
155 | result = MHD_gtls_asn2err (result); | ||
156 | goto cleanup; | ||
157 | } | ||
158 | |||
159 | result = MHD__asn1_der_decoding (&c2, der, der_size, NULL); | ||
160 | if (result != ASN1_SUCCESS) | ||
161 | { | ||
162 | MHD_gnutls_assert (); | ||
163 | result = MHD_gtls_asn2err (result); | ||
164 | goto cleanup; | ||
165 | } | ||
166 | |||
167 | tmp_output_size = *output_size; | ||
168 | result = MHD__asn1_read_value (c2, "", output, &tmp_output_size); | ||
169 | *output_size = tmp_output_size; | ||
170 | |||
171 | if (result != ASN1_SUCCESS) | ||
172 | { | ||
173 | MHD_gnutls_assert (); | ||
174 | result = MHD_gtls_asn2err (result); | ||
175 | goto cleanup; | ||
176 | } | ||
177 | |||
178 | return 0; | ||
179 | |||
180 | cleanup:if (c2) | ||
181 | MHD__asn1_delete_structure (&c2); | ||
182 | |||
183 | return result; | ||
184 | } | ||
185 | |||
186 | /* Reads a value from an ASN1 tree, and puts the output | ||
187 | * in an allocated variable in the given datum. | ||
188 | * flags == 0 do nothing with the DER output | ||
189 | * flags == 1 parse the DER output as OCTET STRING | ||
190 | * flags == 2 the value is a BIT STRING | ||
191 | */ | ||
192 | int | ||
193 | MHD__gnutls_x509_read_value (ASN1_TYPE c, | ||
194 | const char *root, MHD_gnutls_datum_t * ret, | ||
195 | int flags) | ||
196 | { | ||
197 | int len = 0, result; | ||
198 | size_t slen; | ||
199 | opaque *tmp = NULL; | ||
200 | |||
201 | result = MHD__asn1_read_value (c, root, NULL, &len); | ||
202 | if (result != ASN1_MEM_ERROR) | ||
203 | { | ||
204 | MHD_gnutls_assert (); | ||
205 | result = MHD_gtls_asn2err (result); | ||
206 | return result; | ||
207 | } | ||
208 | |||
209 | if (flags == 2) | ||
210 | len /= 8; | ||
211 | |||
212 | tmp = MHD_gnutls_malloc (len); | ||
213 | if (tmp == NULL) | ||
214 | { | ||
215 | MHD_gnutls_assert (); | ||
216 | result = GNUTLS_E_MEMORY_ERROR; | ||
217 | goto cleanup; | ||
218 | } | ||
219 | |||
220 | result = MHD__asn1_read_value (c, root, tmp, &len); | ||
221 | if (result != ASN1_SUCCESS) | ||
222 | { | ||
223 | MHD_gnutls_assert (); | ||
224 | result = MHD_gtls_asn2err (result); | ||
225 | goto cleanup; | ||
226 | } | ||
227 | |||
228 | if (flags == 2) | ||
229 | len /= 8; | ||
230 | |||
231 | /* Extract the OCTET STRING. | ||
232 | */ | ||
233 | |||
234 | if (flags == 1) | ||
235 | { | ||
236 | slen = len; | ||
237 | result = | ||
238 | MHD__gnutls_x509_decode_octet_string (NULL, tmp, slen, tmp, &slen); | ||
239 | if (result < 0) | ||
240 | { | ||
241 | MHD_gnutls_assert (); | ||
242 | goto cleanup; | ||
243 | } | ||
244 | len = slen; | ||
245 | } | ||
246 | |||
247 | ret->data = tmp; | ||
248 | ret->size = len; | ||
249 | |||
250 | return 0; | ||
251 | |||
252 | cleanup:MHD_gnutls_free (tmp); | ||
253 | return result; | ||
254 | |||
255 | } | ||
256 | |||
257 | /* DER Encodes the src ASN1_TYPE and stores it to | ||
258 | * the given datum. If str is non null then the data are encoded as | ||
259 | * an OCTET STRING. | ||
260 | */ | ||
261 | int | ||
262 | MHD__gnutls_x509_der_encode (ASN1_TYPE src, | ||
263 | const char *src_name, MHD_gnutls_datum_t * res, | ||
264 | int str) | ||
265 | { | ||
266 | int size, result; | ||
267 | int asize; | ||
268 | opaque *data = NULL; | ||
269 | ASN1_TYPE c2 = ASN1_TYPE_EMPTY; | ||
270 | |||
271 | size = 0; | ||
272 | result = MHD__asn1_der_coding (src, src_name, NULL, &size, NULL); | ||
273 | if (result != ASN1_MEM_ERROR) | ||
274 | { | ||
275 | MHD_gnutls_assert (); | ||
276 | result = MHD_gtls_asn2err (result); | ||
277 | goto cleanup; | ||
278 | } | ||
279 | |||
280 | /* allocate data for the der | ||
281 | */ | ||
282 | |||
283 | if (str) | ||
284 | size += 16; /* for later to include the octet tags */ | ||
285 | asize = size; | ||
286 | |||
287 | data = MHD_gnutls_malloc (size); | ||
288 | if (data == NULL) | ||
289 | { | ||
290 | MHD_gnutls_assert (); | ||
291 | result = GNUTLS_E_MEMORY_ERROR; | ||
292 | goto cleanup; | ||
293 | } | ||
294 | |||
295 | result = MHD__asn1_der_coding (src, src_name, data, &size, NULL); | ||
296 | if (result != ASN1_SUCCESS) | ||
297 | { | ||
298 | MHD_gnutls_assert (); | ||
299 | result = MHD_gtls_asn2err (result); | ||
300 | goto cleanup; | ||
301 | } | ||
302 | |||
303 | if (str) | ||
304 | { | ||
305 | if ((result = | ||
306 | MHD__asn1_create_element (MHD__gnutls_get_pkix (), | ||
307 | "PKIX1.pkcs-7-Data", | ||
308 | &c2)) != ASN1_SUCCESS) | ||
309 | { | ||
310 | MHD_gnutls_assert (); | ||
311 | result = MHD_gtls_asn2err (result); | ||
312 | goto cleanup; | ||
313 | } | ||
314 | |||
315 | result = MHD__asn1_write_value (c2, "", data, size); | ||
316 | if (result != ASN1_SUCCESS) | ||
317 | { | ||
318 | MHD_gnutls_assert (); | ||
319 | result = MHD_gtls_asn2err (result); | ||
320 | goto cleanup; | ||
321 | } | ||
322 | |||
323 | result = MHD__asn1_der_coding (c2, "", data, &asize, NULL); | ||
324 | if (result != ASN1_SUCCESS) | ||
325 | { | ||
326 | MHD_gnutls_assert (); | ||
327 | result = MHD_gtls_asn2err (result); | ||
328 | goto cleanup; | ||
329 | } | ||
330 | |||
331 | size = asize; | ||
332 | |||
333 | MHD__asn1_delete_structure (&c2); | ||
334 | } | ||
335 | |||
336 | res->data = data; | ||
337 | res->size = size; | ||
338 | return 0; | ||
339 | |||
340 | cleanup:MHD_gnutls_free (data); | ||
341 | MHD__asn1_delete_structure (&c2); | ||
342 | return result; | ||
343 | |||
344 | } | ||
345 | |||
346 | /* Reads and returns the PK algorithm of the given certificate-like | ||
347 | * ASN.1 structure. src_name should be something like "tbsCertificate.subjectPublicKeyInfo". | ||
348 | */ | ||
349 | int | ||
350 | MHD__gnutls_x509_get_pk_algorithm (ASN1_TYPE src, | ||
351 | const char *src_name, unsigned int *bits) | ||
352 | { | ||
353 | int result; | ||
354 | opaque *str = NULL; | ||
355 | int algo; | ||
356 | char oid[64]; | ||
357 | int len; | ||
358 | mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; | ||
359 | char name[128]; | ||
360 | |||
361 | MHD_gtls_str_cpy (name, sizeof (name), src_name); | ||
362 | MHD_gtls_str_cat (name, sizeof (name), ".algorithm.algorithm"); | ||
363 | |||
364 | len = sizeof (oid); | ||
365 | result = MHD__asn1_read_value (src, name, oid, &len); | ||
366 | |||
367 | if (result != ASN1_SUCCESS) | ||
368 | { | ||
369 | MHD_gnutls_assert (); | ||
370 | return MHD_gtls_asn2err (result); | ||
371 | } | ||
372 | |||
373 | algo = MHD_gtls_x509_oid2pk_algorithm (oid); | ||
374 | |||
375 | if (bits == NULL) | ||
376 | { | ||
377 | MHD_gnutls_free (str); | ||
378 | return algo; | ||
379 | } | ||
380 | |||
381 | /* Now read the parameters' bits | ||
382 | */ | ||
383 | MHD_gtls_str_cpy (name, sizeof (name), src_name); | ||
384 | MHD_gtls_str_cat (name, sizeof (name), ".subjectPublicKey"); | ||
385 | |||
386 | len = 0; | ||
387 | result = MHD__asn1_read_value (src, name, NULL, &len); | ||
388 | if (result != ASN1_MEM_ERROR) | ||
389 | { | ||
390 | MHD_gnutls_assert (); | ||
391 | return MHD_gtls_asn2err (result); | ||
392 | } | ||
393 | |||
394 | if (len % 8 != 0) | ||
395 | { | ||
396 | MHD_gnutls_assert (); | ||
397 | return GNUTLS_E_CERTIFICATE_ERROR; | ||
398 | } | ||
399 | |||
400 | len /= 8; | ||
401 | |||
402 | str = MHD_gnutls_malloc (len); | ||
403 | if (str == NULL) | ||
404 | { | ||
405 | MHD_gnutls_assert (); | ||
406 | return GNUTLS_E_MEMORY_ERROR; | ||
407 | } | ||
408 | |||
409 | MHD_gtls_str_cpy (name, sizeof (name), src_name); | ||
410 | MHD_gtls_str_cat (name, sizeof (name), ".subjectPublicKey"); | ||
411 | |||
412 | result = MHD__asn1_read_value (src, name, str, &len); | ||
413 | |||
414 | if (result != ASN1_SUCCESS) | ||
415 | { | ||
416 | MHD_gnutls_assert (); | ||
417 | MHD_gnutls_free (str); | ||
418 | return MHD_gtls_asn2err (result); | ||
419 | } | ||
420 | |||
421 | len /= 8; | ||
422 | |||
423 | switch (algo) | ||
424 | { | ||
425 | case MHD_GNUTLS_PK_RSA: | ||
426 | { | ||
427 | if ((result = | ||
428 | MHD__gnutls_x509_read_rsa_params (str, len, params)) < 0) | ||
429 | { | ||
430 | MHD_gnutls_assert (); | ||
431 | return result; | ||
432 | } | ||
433 | |||
434 | bits[0] = MHD__gnutls_mpi_get_nbits (params[0]); | ||
435 | |||
436 | MHD_gtls_mpi_release (¶ms[0]); | ||
437 | MHD_gtls_mpi_release (¶ms[1]); | ||
438 | } | ||
439 | break; | ||
440 | default: | ||
441 | MHD__gnutls_x509_log | ||
442 | ("MHD__gnutls_x509_get_pk_algorithm: unhandled algorithm %d\n", algo); | ||
443 | } | ||
444 | |||
445 | MHD_gnutls_free (str); | ||
446 | return algo; | ||
447 | } | ||
diff --git a/src/daemon/https/x509/common.h b/src/daemon/https/x509/common.h deleted file mode 100644 index d78c7cc2..00000000 --- a/src/daemon/https/x509/common.h +++ /dev/null | |||
@@ -1,84 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef COMMON_H | ||
26 | # define COMMON_H | ||
27 | |||
28 | #include <gnutls.h> | ||
29 | #include <gnutls_algorithms.h> | ||
30 | |||
31 | #define MAX_STRING_LEN 512 | ||
32 | |||
33 | #define GNUTLS_XML_SHOW_ALL 1 | ||
34 | |||
35 | #define PEM_CRL "X509 CRL" | ||
36 | #define PEM_X509_CERT "X509 CERTIFICATE" | ||
37 | #define PEM_X509_CERT2 "CERTIFICATE" | ||
38 | #define PEM_PKCS7 "PKCS7" | ||
39 | #define PEM_PKCS12 "PKCS12" | ||
40 | |||
41 | /* public key algorithm's OIDs | ||
42 | */ | ||
43 | #define PK_PKIX1_RSA_OID "1.2.840.113549.1.1.1" | ||
44 | #define PK_DSA_OID "1.2.840.10040.4.1" | ||
45 | #define PK_GOST_R3410_94_OID "1.2.643.2.2.20" | ||
46 | #define PK_GOST_R3410_2001_OID "1.2.643.2.2.19" | ||
47 | |||
48 | /* signature OIDs | ||
49 | */ | ||
50 | #define SIG_DSA_SHA1_OID "1.2.840.10040.4.3" | ||
51 | #define SIG_RSA_MD5_OID "1.2.840.113549.1.1.4" | ||
52 | #define SIG_RSA_MD2_OID "1.2.840.113549.1.1.2" | ||
53 | #define SIG_RSA_SHA1_OID "1.2.840.113549.1.1.5" | ||
54 | #define SIG_RSA_SHA256_OID "1.2.840.113549.1.1.11" | ||
55 | #define SIG_RSA_SHA384_OID "1.2.840.113549.1.1.12" | ||
56 | #define SIG_RSA_SHA512_OID "1.2.840.113549.1.1.13" | ||
57 | #define SIG_RSA_RMD160_OID "1.3.36.3.3.1.2" | ||
58 | #define SIG_GOST_R3410_94_OID "1.2.643.2.2.4" | ||
59 | #define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3" | ||
60 | |||
61 | int MHD__gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, | ||
62 | MHD_gnutls_datum_t * res, int str); | ||
63 | |||
64 | int MHD__gnutls_x509_export_int (ASN1_TYPE MHD__asn1_data, | ||
65 | MHD_gnutls_x509_crt_fmt_t format, | ||
66 | char *pem_header, unsigned char *output_data, | ||
67 | size_t * output_data_size); | ||
68 | |||
69 | int MHD__gnutls_x509_read_value (ASN1_TYPE c, const char *root, | ||
70 | MHD_gnutls_datum_t * ret, int str); | ||
71 | |||
72 | int MHD__gnutls_x509_decode_and_read_attribute (ASN1_TYPE MHD__asn1_struct, | ||
73 | const char *where, char *oid, | ||
74 | int oid_size, | ||
75 | MHD_gnutls_datum_t * value, | ||
76 | int multi, int octet); | ||
77 | |||
78 | int MHD__gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, | ||
79 | unsigned int *bits); | ||
80 | |||
81 | int MHD__gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name, | ||
82 | ASN1_TYPE src, const char *src_name); | ||
83 | |||
84 | #endif | ||
diff --git a/src/daemon/https/x509/extensions.c b/src/daemon/https/x509/extensions.c deleted file mode 100644 index 82fddc5d..00000000 --- a/src/daemon/https/x509/extensions.c +++ /dev/null | |||
@@ -1,218 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* Functions that relate to the X.509 extension parsing. | ||
26 | */ | ||
27 | |||
28 | #include <gnutls_int.h> | ||
29 | #include <gnutls_errors.h> | ||
30 | #include <gnutls_global.h> | ||
31 | #include <mpi.h> | ||
32 | #include <libtasn1.h> | ||
33 | #include <common.h> | ||
34 | #include <x509.h> | ||
35 | #include <extensions.h> | ||
36 | #include <gnutls_datum.h> | ||
37 | |||
38 | /* This function will attempt to return the requested extension found in | ||
39 | * the given X509v3 certificate. The return value is allocated and stored into | ||
40 | * ret. | ||
41 | * | ||
42 | * Critical will be either 0 or 1. | ||
43 | * | ||
44 | * If the extension does not exist, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will | ||
45 | * be returned. | ||
46 | */ | ||
47 | int | ||
48 | MHD__gnutls_x509_crt_get_extension (MHD_gnutls_x509_crt_t cert, | ||
49 | const char *extension_id, int indx, | ||
50 | MHD_gnutls_datum_t * ret, | ||
51 | unsigned int *_critical) | ||
52 | { | ||
53 | int k, result, len; | ||
54 | char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE]; | ||
55 | char str[1024]; | ||
56 | char str_critical[10]; | ||
57 | int critical = 0; | ||
58 | char extnID[128]; | ||
59 | MHD_gnutls_datum_t value; | ||
60 | int indx_counter = 0; | ||
61 | |||
62 | ret->data = NULL; | ||
63 | ret->size = 0; | ||
64 | |||
65 | k = 0; | ||
66 | do | ||
67 | { | ||
68 | k++; | ||
69 | |||
70 | snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u", k); | ||
71 | |||
72 | len = sizeof (str) - 1; | ||
73 | result = MHD__asn1_read_value (cert->cert, name, str, &len); | ||
74 | |||
75 | /* move to next | ||
76 | */ | ||
77 | |||
78 | if (result == ASN1_ELEMENT_NOT_FOUND) | ||
79 | { | ||
80 | break; | ||
81 | } | ||
82 | |||
83 | do | ||
84 | { | ||
85 | |||
86 | MHD_gtls_str_cpy (name2, sizeof (name2), name); | ||
87 | MHD_gtls_str_cat (name2, sizeof (name2), ".extnID"); | ||
88 | |||
89 | len = sizeof (extnID) - 1; | ||
90 | result = MHD__asn1_read_value (cert->cert, name2, extnID, &len); | ||
91 | |||
92 | if (result == ASN1_ELEMENT_NOT_FOUND) | ||
93 | { | ||
94 | MHD_gnutls_assert (); | ||
95 | break; | ||
96 | } | ||
97 | else if (result != ASN1_SUCCESS) | ||
98 | { | ||
99 | MHD_gnutls_assert (); | ||
100 | return MHD_gtls_asn2err (result); | ||
101 | } | ||
102 | |||
103 | /* Handle Extension | ||
104 | */ | ||
105 | if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++) | ||
106 | { | ||
107 | /* extension was found | ||
108 | */ | ||
109 | |||
110 | /* read the critical status. | ||
111 | */ | ||
112 | MHD_gtls_str_cpy (name2, sizeof (name2), name); | ||
113 | MHD_gtls_str_cat (name2, sizeof (name2), ".critical"); | ||
114 | |||
115 | len = sizeof (str_critical); | ||
116 | result = | ||
117 | MHD__asn1_read_value (cert->cert, name2, str_critical, &len); | ||
118 | |||
119 | if (result == ASN1_ELEMENT_NOT_FOUND) | ||
120 | { | ||
121 | MHD_gnutls_assert (); | ||
122 | break; | ||
123 | } | ||
124 | else if (result != ASN1_SUCCESS) | ||
125 | { | ||
126 | MHD_gnutls_assert (); | ||
127 | return MHD_gtls_asn2err (result); | ||
128 | } | ||
129 | |||
130 | if (str_critical[0] == 'T') | ||
131 | critical = 1; | ||
132 | else | ||
133 | critical = 0; | ||
134 | |||
135 | /* read the value. | ||
136 | */ | ||
137 | MHD_gtls_str_cpy (name2, sizeof (name2), name); | ||
138 | MHD_gtls_str_cat (name2, sizeof (name2), ".extnValue"); | ||
139 | |||
140 | result = | ||
141 | MHD__gnutls_x509_read_value (cert->cert, name2, &value, 0); | ||
142 | if (result < 0) | ||
143 | { | ||
144 | MHD_gnutls_assert (); | ||
145 | return result; | ||
146 | } | ||
147 | |||
148 | ret->data = value.data; | ||
149 | ret->size = value.size; | ||
150 | |||
151 | if (_critical) | ||
152 | *_critical = critical; | ||
153 | |||
154 | return 0; | ||
155 | } | ||
156 | |||
157 | |||
158 | } | ||
159 | while (0); | ||
160 | } | ||
161 | while (1); | ||
162 | |||
163 | if (result == ASN1_ELEMENT_NOT_FOUND) | ||
164 | { | ||
165 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; | ||
166 | } | ||
167 | else | ||
168 | { | ||
169 | MHD_gnutls_assert (); | ||
170 | return MHD_gtls_asn2err (result); | ||
171 | } | ||
172 | } | ||
173 | |||
174 | /* Here we only extract the KeyUsage field, from the DER encoded | ||
175 | * extension. | ||
176 | */ | ||
177 | int | ||
178 | MHD__gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage, | ||
179 | opaque * extnValue, int extnValueLen) | ||
180 | { | ||
181 | ASN1_TYPE ext = ASN1_TYPE_EMPTY; | ||
182 | int len, result; | ||
183 | uint8_t str[2]; | ||
184 | |||
185 | str[0] = str[1] = 0; | ||
186 | *keyUsage = 0; | ||
187 | |||
188 | if ((result = MHD__asn1_create_element | ||
189 | (MHD__gnutls_get_pkix (), "PKIX1.KeyUsage", &ext)) != ASN1_SUCCESS) | ||
190 | { | ||
191 | MHD_gnutls_assert (); | ||
192 | return MHD_gtls_asn2err (result); | ||
193 | } | ||
194 | |||
195 | result = MHD__asn1_der_decoding (&ext, extnValue, extnValueLen, NULL); | ||
196 | |||
197 | if (result != ASN1_SUCCESS) | ||
198 | { | ||
199 | MHD_gnutls_assert (); | ||
200 | MHD__asn1_delete_structure (&ext); | ||
201 | return MHD_gtls_asn2err (result); | ||
202 | } | ||
203 | |||
204 | len = sizeof (str); | ||
205 | result = MHD__asn1_read_value (ext, "", str, &len); | ||
206 | if (result != ASN1_SUCCESS) | ||
207 | { | ||
208 | MHD_gnutls_assert (); | ||
209 | MHD__asn1_delete_structure (&ext); | ||
210 | return 0; | ||
211 | } | ||
212 | |||
213 | *keyUsage = str[0] | (str[1] << 8); | ||
214 | |||
215 | MHD__asn1_delete_structure (&ext); | ||
216 | |||
217 | return 0; | ||
218 | } | ||
diff --git a/src/daemon/https/x509/extensions.h b/src/daemon/https/x509/extensions.h deleted file mode 100644 index 5a945cb1..00000000 --- a/src/daemon/https/x509/extensions.h +++ /dev/null | |||
@@ -1,35 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | int MHD__gnutls_x509_crt_get_extension (MHD_gnutls_x509_crt_t cert, | ||
26 | const char *extension_id, int indx, | ||
27 | MHD_gnutls_datum_t * ret, | ||
28 | unsigned int *critical); | ||
29 | |||
30 | int MHD__gnutls_x509_crt_get_extension_oid (MHD_gnutls_x509_crt_t cert, | ||
31 | int indx, void *ret, | ||
32 | size_t * ret_size); | ||
33 | int MHD__gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage, | ||
34 | opaque * extnValue, | ||
35 | int extnValueLen); | ||
diff --git a/src/daemon/https/x509/mpi.c b/src/daemon/https/x509/mpi.c deleted file mode 100644 index 4a540702..00000000 --- a/src/daemon/https/x509/mpi.c +++ /dev/null | |||
@@ -1,212 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | #include <gnutls_errors.h> | ||
27 | #include <gnutls_global.h> | ||
28 | #include <libtasn1.h> | ||
29 | #include <gnutls_datum.h> | ||
30 | #include "common.h" | ||
31 | #include "x509.h" | ||
32 | #include <gnutls_num.h> | ||
33 | #include "mpi.h" | ||
34 | |||
35 | /* | ||
36 | * some x509 certificate parsing functions that relate to MPI parameter | ||
37 | * extraction. This reads the BIT STRING subjectPublicKey. | ||
38 | * Returns 2 parameters (m,e). | ||
39 | */ | ||
40 | int | ||
41 | MHD__gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params) | ||
42 | { | ||
43 | int result; | ||
44 | ASN1_TYPE spk = ASN1_TYPE_EMPTY; | ||
45 | |||
46 | if ((result = | ||
47 | MHD__asn1_create_element (MHD__gnutls_getMHD__gnutls_asn (), | ||
48 | "GNUTLS.RSAPublicKey", | ||
49 | &spk)) != ASN1_SUCCESS) | ||
50 | { | ||
51 | MHD_gnutls_assert (); | ||
52 | return MHD_gtls_asn2err (result); | ||
53 | } | ||
54 | |||
55 | result = MHD__asn1_der_decoding (&spk, der, dersize, NULL); | ||
56 | |||
57 | if (result != ASN1_SUCCESS) | ||
58 | { | ||
59 | MHD_gnutls_assert (); | ||
60 | MHD__asn1_delete_structure (&spk); | ||
61 | return MHD_gtls_asn2err (result); | ||
62 | } | ||
63 | |||
64 | if ((result = MHD__gnutls_x509_read_int (spk, "modulus", ¶ms[0])) < 0) | ||
65 | { | ||
66 | MHD_gnutls_assert (); | ||
67 | MHD__asn1_delete_structure (&spk); | ||
68 | return GNUTLS_E_ASN1_GENERIC_ERROR; | ||
69 | } | ||
70 | |||
71 | if ((result = | ||
72 | MHD__gnutls_x509_read_int (spk, "publicExponent", ¶ms[1])) < 0) | ||
73 | { | ||
74 | MHD_gnutls_assert (); | ||
75 | MHD_gtls_mpi_release (¶ms[0]); | ||
76 | MHD__asn1_delete_structure (&spk); | ||
77 | return GNUTLS_E_ASN1_GENERIC_ERROR; | ||
78 | } | ||
79 | |||
80 | MHD__asn1_delete_structure (&spk); | ||
81 | |||
82 | return 0; | ||
83 | |||
84 | } | ||
85 | |||
86 | |||
87 | /* Extracts DSA and RSA parameters from a certificate. | ||
88 | */ | ||
89 | int | ||
90 | MHD__gnutls_x509_crt_get_mpis (MHD_gnutls_x509_crt_t cert, | ||
91 | mpi_t * params, int *params_size) | ||
92 | { | ||
93 | int result; | ||
94 | int pk_algorithm; | ||
95 | MHD_gnutls_datum_t tmp = { NULL, 0 }; | ||
96 | |||
97 | /* Read the algorithm's OID | ||
98 | */ | ||
99 | pk_algorithm = MHD_gnutls_x509_crt_get_pk_algorithm (cert, NULL); | ||
100 | |||
101 | /* Read the algorithm's parameters | ||
102 | */ | ||
103 | result | ||
104 | = MHD__gnutls_x509_read_value (cert->cert, | ||
105 | "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey", | ||
106 | &tmp, 2); | ||
107 | |||
108 | if (result < 0) | ||
109 | { | ||
110 | MHD_gnutls_assert (); | ||
111 | return result; | ||
112 | } | ||
113 | |||
114 | switch (pk_algorithm) | ||
115 | { | ||
116 | case MHD_GNUTLS_PK_RSA: | ||
117 | /* params[0] is the modulus, | ||
118 | * params[1] is the exponent | ||
119 | */ | ||
120 | if (*params_size < RSA_PUBLIC_PARAMS) | ||
121 | { | ||
122 | MHD_gnutls_assert (); | ||
123 | /* internal error. Increase the mpi_ts in params */ | ||
124 | result = GNUTLS_E_INTERNAL_ERROR; | ||
125 | goto error; | ||
126 | } | ||
127 | |||
128 | if ((result = | ||
129 | MHD__gnutls_x509_read_rsa_params (tmp.data, tmp.size, params)) < 0) | ||
130 | { | ||
131 | MHD_gnutls_assert (); | ||
132 | goto error; | ||
133 | } | ||
134 | *params_size = RSA_PUBLIC_PARAMS; | ||
135 | |||
136 | break; | ||
137 | default: | ||
138 | /* other types like DH | ||
139 | * currently not supported | ||
140 | */ | ||
141 | MHD_gnutls_assert (); | ||
142 | result = GNUTLS_E_X509_CERTIFICATE_ERROR; | ||
143 | goto error; | ||
144 | } | ||
145 | |||
146 | result = 0; | ||
147 | |||
148 | error:MHD__gnutls_free_datum (&tmp); | ||
149 | return result; | ||
150 | } | ||
151 | |||
152 | /* | ||
153 | * some x509 certificate functions that relate to MPI parameter | ||
154 | * setting. This writes the BIT STRING subjectPublicKey. | ||
155 | * Needs 2 parameters (m,e). | ||
156 | * | ||
157 | * Allocates the space used to store the DER data. | ||
158 | */ | ||
159 | int | ||
160 | MHD__gnutls_x509_write_rsa_params (mpi_t * params, | ||
161 | int params_size, MHD_gnutls_datum_t * der) | ||
162 | { | ||
163 | int result; | ||
164 | ASN1_TYPE spk = ASN1_TYPE_EMPTY; | ||
165 | |||
166 | der->data = NULL; | ||
167 | der->size = 0; | ||
168 | |||
169 | if (params_size < 2) | ||
170 | { | ||
171 | MHD_gnutls_assert (); | ||
172 | result = GNUTLS_E_INVALID_REQUEST; | ||
173 | goto cleanup; | ||
174 | } | ||
175 | |||
176 | if ((result = | ||
177 | MHD__asn1_create_element (MHD__gnutls_getMHD__gnutls_asn (), | ||
178 | "GNUTLS.RSAPublicKey", | ||
179 | &spk)) != ASN1_SUCCESS) | ||
180 | { | ||
181 | MHD_gnutls_assert (); | ||
182 | return MHD_gtls_asn2err (result); | ||
183 | } | ||
184 | |||
185 | result = MHD__gnutls_x509_write_int (spk, "modulus", params[0], 0); | ||
186 | if (result < 0) | ||
187 | { | ||
188 | MHD_gnutls_assert (); | ||
189 | goto cleanup; | ||
190 | } | ||
191 | |||
192 | result = MHD__gnutls_x509_write_int (spk, "publicExponent", params[1], 0); | ||
193 | if (result < 0) | ||
194 | { | ||
195 | MHD_gnutls_assert (); | ||
196 | goto cleanup; | ||
197 | } | ||
198 | |||
199 | result = MHD__gnutls_x509_der_encode (spk, "", der, 0); | ||
200 | if (result < 0) | ||
201 | { | ||
202 | MHD_gnutls_assert (); | ||
203 | goto cleanup; | ||
204 | } | ||
205 | |||
206 | MHD__asn1_delete_structure (&spk); | ||
207 | return 0; | ||
208 | |||
209 | cleanup:MHD__asn1_delete_structure (&spk); | ||
210 | |||
211 | return result; | ||
212 | } | ||
diff --git a/src/daemon/https/x509/mpi.h b/src/daemon/https/x509/mpi.h deleted file mode 100644 index ff9fdc19..00000000 --- a/src/daemon/https/x509/mpi.h +++ /dev/null | |||
@@ -1,37 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | #include "x509.h" | ||
27 | |||
28 | int MHD__gnutls_x509_crt_get_mpis (MHD_gnutls_x509_crt_t cert, | ||
29 | mpi_t * params, int *params_size); | ||
30 | int MHD__gnutls_x509_read_rsa_params (opaque * der, int dersize, | ||
31 | mpi_t * params); | ||
32 | int MHD__gnutls_x509_write_rsa_params (mpi_t * params, int params_size, | ||
33 | MHD_gnutls_datum_t * der); | ||
34 | int MHD__gnutls_x509_read_int (ASN1_TYPE node, const char *value, | ||
35 | mpi_t * ret_mpi); | ||
36 | int MHD__gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi, | ||
37 | int lz); | ||
diff --git a/src/daemon/https/x509/privkey.h b/src/daemon/https/x509/privkey.h deleted file mode 100644 index 37c68703..00000000 --- a/src/daemon/https/x509/privkey.h +++ /dev/null | |||
@@ -1,32 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include "x509.h" | ||
26 | |||
27 | ASN1_TYPE MHD__gnutls_privkey_decode_pkcs1_rsa_key (const MHD_gnutls_datum_t * | ||
28 | raw_key, | ||
29 | MHD_gnutls_x509_privkey_t | ||
30 | pkey); | ||
31 | |||
32 | int MHD__gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params); | ||
diff --git a/src/daemon/https/x509/x509.c b/src/daemon/https/x509/x509.c deleted file mode 100644 index ff0d21e8..00000000 --- a/src/daemon/https/x509/x509.c +++ /dev/null | |||
@@ -1,364 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * Author: Nikos Mavrogiannopoulos, Simon Josefsson, Howard Chu | ||
4 | * | ||
5 | * This file is part of GNUTLS. | ||
6 | * | ||
7 | * The GNUTLS library is free software; you can redistribute it and/or | ||
8 | * modify it under the terms of the GNU Lesser General Public License | ||
9 | * as published by the Free Software Foundation; either version 2.1 of | ||
10 | * the License, or (at your option) any later version. | ||
11 | * | ||
12 | * This library is distributed in the hope that it will be useful, but | ||
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
15 | * Lesser General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU Lesser General Public | ||
18 | * License along with this library; if not, write to the Free Software | ||
19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
20 | * USA | ||
21 | * | ||
22 | */ | ||
23 | |||
24 | /* Functions on X.509 Certificate parsing | ||
25 | */ | ||
26 | |||
27 | #include <gnutls_int.h> | ||
28 | #include <gnutls_datum.h> | ||
29 | #include <gnutls_global.h> | ||
30 | #include <gnutls_errors.h> | ||
31 | #include <common.h> | ||
32 | #include <gnutls_x509.h> | ||
33 | #include <x509_b64.h> | ||
34 | #include <x509.h> | ||
35 | #include <extensions.h> | ||
36 | #include <libtasn1.h> | ||
37 | #include <mpi.h> | ||
38 | #include <privkey.h> | ||
39 | |||
40 | /** | ||
41 | * MHD_gnutls_x509_crt_init - This function initializes a MHD_gnutls_x509_crt_t structure | ||
42 | * @cert: The structure to be initialized | ||
43 | * | ||
44 | * This function will initialize an X.509 certificate structure. | ||
45 | * | ||
46 | * Returns 0 on success. | ||
47 | * | ||
48 | **/ | ||
49 | int | ||
50 | MHD_gnutls_x509_crt_init (MHD_gnutls_x509_crt_t * cert) | ||
51 | { | ||
52 | MHD_gnutls_x509_crt_t tmp = | ||
53 | MHD_gnutls_calloc (1, sizeof (MHD_gnutls_x509_crt_int)); | ||
54 | int result; | ||
55 | |||
56 | if (!tmp) | ||
57 | return GNUTLS_E_MEMORY_ERROR; | ||
58 | |||
59 | result = MHD__asn1_create_element (MHD__gnutls_get_pkix (), | ||
60 | "PKIX1.Certificate", &tmp->cert); | ||
61 | if (result != ASN1_SUCCESS) | ||
62 | { | ||
63 | MHD_gnutls_assert (); | ||
64 | MHD_gnutls_free (tmp); | ||
65 | return MHD_gtls_asn2err (result); | ||
66 | } | ||
67 | |||
68 | *cert = tmp; | ||
69 | |||
70 | return 0; /* success */ | ||
71 | } | ||
72 | |||
73 | /** | ||
74 | * MHD_gnutls_x509_crt_deinit - This function deinitializes memory used by a MHD_gnutls_x509_crt_t structure | ||
75 | * @cert: The structure to be initialized | ||
76 | * | ||
77 | * This function will deinitialize a CRL structure. | ||
78 | * | ||
79 | **/ | ||
80 | void | ||
81 | MHD_gnutls_x509_crt_deinit (MHD_gnutls_x509_crt_t cert) | ||
82 | { | ||
83 | if (!cert) | ||
84 | return; | ||
85 | |||
86 | if (cert->cert) | ||
87 | MHD__asn1_delete_structure (&cert->cert); | ||
88 | |||
89 | MHD_gnutls_free (cert); | ||
90 | } | ||
91 | |||
92 | /** | ||
93 | * MHD_gnutls_x509_crt_import - This function will import a DER or PEM encoded Certificate | ||
94 | * @cert: The structure to store the parsed certificate. | ||
95 | * @data: The DER or PEM encoded certificate. | ||
96 | * @format: One of DER or PEM | ||
97 | * | ||
98 | * This function will convert the given DER or PEM encoded Certificate | ||
99 | * to the native MHD_gnutls_x509_crt_t format. The output will be stored in @cert. | ||
100 | * | ||
101 | * If the Certificate is PEM encoded it should have a header of "X509 CERTIFICATE", or | ||
102 | * "CERTIFICATE". | ||
103 | * | ||
104 | * Returns 0 on success. | ||
105 | * | ||
106 | **/ | ||
107 | int | ||
108 | MHD_gnutls_x509_crt_import (MHD_gnutls_x509_crt_t cert, | ||
109 | const MHD_gnutls_datum_t * data, | ||
110 | MHD_gnutls_x509_crt_fmt_t format) | ||
111 | { | ||
112 | int result = 0, need_free = 0; | ||
113 | MHD_gnutls_datum_t _data; | ||
114 | opaque *signature = NULL; | ||
115 | |||
116 | if (cert == NULL) | ||
117 | { | ||
118 | MHD_gnutls_assert (); | ||
119 | return GNUTLS_E_INVALID_REQUEST; | ||
120 | } | ||
121 | |||
122 | _data.data = data->data; | ||
123 | _data.size = data->size; | ||
124 | |||
125 | /* If the Certificate is in PEM format then decode it | ||
126 | */ | ||
127 | if (format == GNUTLS_X509_FMT_PEM) | ||
128 | { | ||
129 | opaque *out; | ||
130 | |||
131 | /* Try the first header */ | ||
132 | result = | ||
133 | MHD__gnutls_fbase64_decode (PEM_X509_CERT2, data->data, data->size, | ||
134 | &out); | ||
135 | |||
136 | if (result <= 0) | ||
137 | { | ||
138 | /* try for the second header */ | ||
139 | result = MHD__gnutls_fbase64_decode (PEM_X509_CERT, data->data, | ||
140 | data->size, &out); | ||
141 | |||
142 | if (result <= 0) | ||
143 | { | ||
144 | if (result == 0) | ||
145 | result = GNUTLS_E_INTERNAL_ERROR; | ||
146 | MHD_gnutls_assert (); | ||
147 | return result; | ||
148 | } | ||
149 | } | ||
150 | |||
151 | _data.data = out; | ||
152 | _data.size = result; | ||
153 | |||
154 | need_free = 1; | ||
155 | } | ||
156 | |||
157 | result = MHD__asn1_der_decoding (&cert->cert, _data.data, _data.size, NULL); | ||
158 | if (result != ASN1_SUCCESS) | ||
159 | { | ||
160 | result = MHD_gtls_asn2err (result); | ||
161 | MHD_gnutls_assert (); | ||
162 | goto cleanup; | ||
163 | } | ||
164 | |||
165 | /* Since we do not want to disable any extension | ||
166 | */ | ||
167 | cert->use_extensions = 1; | ||
168 | if (need_free) | ||
169 | MHD__gnutls_free_datum (&_data); | ||
170 | |||
171 | return 0; | ||
172 | |||
173 | cleanup:MHD_gnutls_free (signature); | ||
174 | if (need_free) | ||
175 | MHD__gnutls_free_datum (&_data); | ||
176 | return result; | ||
177 | } | ||
178 | |||
179 | /** | ||
180 | * MHD_gnutls_x509_crt_get_version - This function returns the Certificate's version number | ||
181 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
182 | * | ||
183 | * This function will return the version of the specified Certificate. | ||
184 | * | ||
185 | * Returns a negative value on error. | ||
186 | * | ||
187 | **/ | ||
188 | int | ||
189 | MHD_gnutls_x509_crt_get_version (MHD_gnutls_x509_crt_t cert) | ||
190 | { | ||
191 | opaque version[5]; | ||
192 | int len, result; | ||
193 | |||
194 | if (cert == NULL) | ||
195 | { | ||
196 | MHD_gnutls_assert (); | ||
197 | return GNUTLS_E_INVALID_REQUEST; | ||
198 | } | ||
199 | |||
200 | len = sizeof (version); | ||
201 | if ((result = | ||
202 | MHD__asn1_read_value (cert->cert, "tbsCertificate.version", version, | ||
203 | &len)) != ASN1_SUCCESS) | ||
204 | { | ||
205 | |||
206 | if (result == ASN1_ELEMENT_NOT_FOUND) | ||
207 | return 1; /* the DEFAULT version */ | ||
208 | MHD_gnutls_assert (); | ||
209 | return MHD_gtls_asn2err (result); | ||
210 | } | ||
211 | |||
212 | return (int) version[0] + 1; | ||
213 | } | ||
214 | |||
215 | /** | ||
216 | * MHD_gnutls_x509_crt_get_pk_algorithm - This function returns the certificate's PublicKey algorithm | ||
217 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
218 | * @bits: if bits is non null it will hold the size of the parameters' in bits | ||
219 | * | ||
220 | * This function will return the public key algorithm of an X.509 | ||
221 | * certificate. | ||
222 | * | ||
223 | * If bits is non null, it should have enough size to hold the parameters | ||
224 | * size in bits. For RSA the bits returned is the modulus. | ||
225 | * For DSA the bits returned are of the public | ||
226 | * exponent. | ||
227 | * | ||
228 | * Returns a member of the enum MHD_GNUTLS_PublicKeyAlgorithm enumeration on success, | ||
229 | * or a negative value on error. | ||
230 | * | ||
231 | **/ | ||
232 | int | ||
233 | MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert, | ||
234 | unsigned int *bits) | ||
235 | { | ||
236 | int result; | ||
237 | |||
238 | if (cert == NULL) | ||
239 | { | ||
240 | MHD_gnutls_assert (); | ||
241 | return GNUTLS_E_INVALID_REQUEST; | ||
242 | } | ||
243 | |||
244 | result = MHD__gnutls_x509_get_pk_algorithm (cert->cert, | ||
245 | "tbsCertificate.subjectPublicKeyInfo", | ||
246 | bits); | ||
247 | |||
248 | if (result < 0) | ||
249 | { | ||
250 | MHD_gnutls_assert (); | ||
251 | return result; | ||
252 | } | ||
253 | |||
254 | return result; | ||
255 | |||
256 | } | ||
257 | |||
258 | inline static int | ||
259 | is_type_printable (int type) | ||
260 | { | ||
261 | if (type == GNUTLS_SAN_DNSNAME || type == GNUTLS_SAN_RFC822NAME || type | ||
262 | == GNUTLS_SAN_URI) | ||
263 | return 1; | ||
264 | else | ||
265 | return 0; | ||
266 | } | ||
267 | |||
268 | /** | ||
269 | * MHD_gnutls_x509_crt_get_key_usage - This function returns the certificate's key usage | ||
270 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
271 | * @key_usage: where the key usage bits will be stored | ||
272 | * @critical: will be non zero if the extension is marked as critical | ||
273 | * | ||
274 | * This function will return certificate's key usage, by reading the | ||
275 | * keyUsage X.509 extension (2.5.29.15). The key usage value will ORed values of the: | ||
276 | * GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_NON_REPUDIATION, | ||
277 | * GNUTLS_KEY_KEY_ENCIPHERMENT, GNUTLS_KEY_DATA_ENCIPHERMENT, | ||
278 | * GNUTLS_KEY_KEY_AGREEMENT, GNUTLS_KEY_KEY_CERT_SIGN, | ||
279 | * GNUTLS_KEY_CRL_SIGN, GNUTLS_KEY_ENCIPHER_ONLY, | ||
280 | * GNUTLS_KEY_DECIPHER_ONLY. | ||
281 | * | ||
282 | * A negative value may be returned in case of parsing error. | ||
283 | * If the certificate does not contain the keyUsage extension | ||
284 | * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. | ||
285 | * | ||
286 | **/ | ||
287 | int | ||
288 | MHD_gnutls_x509_crt_get_key_usage (MHD_gnutls_x509_crt_t cert, | ||
289 | unsigned int *key_usage, | ||
290 | unsigned int *critical) | ||
291 | { | ||
292 | int result; | ||
293 | MHD_gnutls_datum_t keyUsage; | ||
294 | uint16_t _usage; | ||
295 | |||
296 | if (cert == NULL) | ||
297 | { | ||
298 | MHD_gnutls_assert (); | ||
299 | return GNUTLS_E_INVALID_REQUEST; | ||
300 | } | ||
301 | |||
302 | if ((result = | ||
303 | MHD__gnutls_x509_crt_get_extension (cert, "2.5.29.15", 0, &keyUsage, | ||
304 | critical)) < 0) | ||
305 | { | ||
306 | return result; | ||
307 | } | ||
308 | |||
309 | if (keyUsage.size == 0 || keyUsage.data == NULL) | ||
310 | { | ||
311 | MHD_gnutls_assert (); | ||
312 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; | ||
313 | } | ||
314 | |||
315 | result = MHD__gnutls_x509_ext_extract_keyUsage (&_usage, keyUsage.data, | ||
316 | keyUsage.size); | ||
317 | MHD__gnutls_free_datum (&keyUsage); | ||
318 | |||
319 | *key_usage = _usage; | ||
320 | |||
321 | if (result < 0) | ||
322 | { | ||
323 | MHD_gnutls_assert (); | ||
324 | return result; | ||
325 | } | ||
326 | |||
327 | return 0; | ||
328 | } | ||
329 | |||
330 | |||
331 | /** | ||
332 | * MHD_gnutls_x509_crt_export - This function will export the certificate | ||
333 | * @cert: Holds the certificate | ||
334 | * @format: the format of output params. One of PEM or DER. | ||
335 | * @output_data: will contain a certificate PEM or DER encoded | ||
336 | * @output_data_size: holds the size of output_data (and will be | ||
337 | * replaced by the actual size of parameters) | ||
338 | * | ||
339 | * This function will export the certificate to DER or PEM format. | ||
340 | * | ||
341 | * If the buffer provided is not long enough to hold the output, then | ||
342 | * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will | ||
343 | * be returned. | ||
344 | * | ||
345 | * If the structure is PEM encoded, it will have a header | ||
346 | * of "BEGIN CERTIFICATE". | ||
347 | * | ||
348 | * Return value: In case of failure a negative value will be | ||
349 | * returned, and 0 on success. | ||
350 | **/ | ||
351 | int | ||
352 | MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert, | ||
353 | MHD_gnutls_x509_crt_fmt_t format, | ||
354 | void *output_data, size_t * output_data_size) | ||
355 | { | ||
356 | if (cert == NULL) | ||
357 | { | ||
358 | MHD_gnutls_assert (); | ||
359 | return GNUTLS_E_INVALID_REQUEST; | ||
360 | } | ||
361 | |||
362 | return MHD__gnutls_x509_export_int (cert->cert, format, "CERTIFICATE", | ||
363 | output_data, output_data_size); | ||
364 | } | ||
diff --git a/src/daemon/https/x509/x509.h b/src/daemon/https/x509/x509.h deleted file mode 100644 index 9a01d95b..00000000 --- a/src/daemon/https/x509/x509.h +++ /dev/null | |||
@@ -1,409 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #ifndef X509_H | ||
26 | #define X509_H | ||
27 | |||
28 | #ifndef MIN | ||
29 | #define MIN(X,Y) ((X) > (Y) ? (Y) : (X)); | ||
30 | #endif | ||
31 | |||
32 | #ifdef __cplusplus | ||
33 | extern "C" | ||
34 | { | ||
35 | #endif | ||
36 | |||
37 | #include <gnutls.h> | ||
38 | #include <libtasn1.h> | ||
39 | #include "gnutls_mpi.h" | ||
40 | |||
41 | /* Some OIDs usually found in Distinguished names, or | ||
42 | * in Subject Directory Attribute extensions. | ||
43 | */ | ||
44 | #define GNUTLS_OID_X520_COUNTRY_NAME "2.5.4.6" | ||
45 | #define GNUTLS_OID_X520_ORGANIZATION_NAME "2.5.4.10" | ||
46 | #define GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11" | ||
47 | #define GNUTLS_OID_X520_COMMON_NAME "2.5.4.3" | ||
48 | #define GNUTLS_OID_X520_LOCALITY_NAME "2.5.4.7" | ||
49 | #define GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8" | ||
50 | |||
51 | #define GNUTLS_OID_X520_INITIALS "2.5.4.43" | ||
52 | #define GNUTLS_OID_X520_GENERATION_QUALIFIER "2.5.4.44" | ||
53 | #define GNUTLS_OID_X520_SURNAME "2.5.4.4" | ||
54 | #define GNUTLS_OID_X520_GIVEN_NAME "2.5.4.42" | ||
55 | #define GNUTLS_OID_X520_TITLE "2.5.4.12" | ||
56 | #define GNUTLS_OID_X520_DN_QUALIFIER "2.5.4.46" | ||
57 | #define GNUTLS_OID_X520_PSEUDONYM "2.5.4.65" | ||
58 | |||
59 | #define GNUTLS_OID_LDAP_DC "0.9.2342.19200300.100.1.25" | ||
60 | #define GNUTLS_OID_LDAP_UID "0.9.2342.19200300.100.1.1" | ||
61 | |||
62 | /* The following should not be included in DN. | ||
63 | */ | ||
64 | #define GNUTLS_OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" | ||
65 | |||
66 | #define GNUTLS_OID_PKIX_DATE_OF_BIRTH "1.3.6.1.5.5.7.9.1" | ||
67 | #define GNUTLS_OID_PKIX_PLACE_OF_BIRTH "1.3.6.1.5.5.7.9.2" | ||
68 | #define GNUTLS_OID_PKIX_GENDER "1.3.6.1.5.5.7.9.3" | ||
69 | #define GNUTLS_OID_PKIX_COUNTRY_OF_CITIZENSHIP "1.3.6.1.5.5.7.9.4" | ||
70 | #define GNUTLS_OID_PKIX_COUNTRY_OF_RESIDENCE "1.3.6.1.5.5.7.9.5" | ||
71 | |||
72 | /* Key purpose Object Identifiers. | ||
73 | */ | ||
74 | #define GNUTLS_KP_TLS_WWW_SERVER "1.3.6.1.5.5.7.3.1" | ||
75 | #define GNUTLS_KP_TLS_WWW_CLIENT "1.3.6.1.5.5.7.3.2" | ||
76 | #define GNUTLS_KP_CODE_SIGNING "1.3.6.1.5.5.7.3.3" | ||
77 | #define GNUTLS_KP_EMAIL_PROTECTION "1.3.6.1.5.5.7.3.4" | ||
78 | #define GNUTLS_KP_TIME_STAMPING "1.3.6.1.5.5.7.3.8" | ||
79 | #define GNUTLS_KP_OCSP_SIGNING "1.3.6.1.5.5.7.3.9" | ||
80 | #define GNUTLS_KP_ANY "2.5.29.37.0" | ||
81 | |||
82 | /* Certificate handling functions. | ||
83 | */ | ||
84 | typedef enum MHD_gnutls_certificate_import_flags | ||
85 | { | ||
86 | /* Fail if the certificates in the buffer are more than the space | ||
87 | * allocated for certificates. The error code will be | ||
88 | * GNUTLS_E_SHORT_MEMORY_BUFFER. | ||
89 | */ | ||
90 | GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1 | ||
91 | } MHD_gnutls_certificate_import_flags; | ||
92 | |||
93 | int MHD_gnutls_x509_crt_init (MHD_gnutls_x509_crt_t * cert); | ||
94 | void MHD_gnutls_x509_crt_deinit (MHD_gnutls_x509_crt_t cert); | ||
95 | int MHD_gnutls_x509_crt_import (MHD_gnutls_x509_crt_t cert, | ||
96 | const MHD_gnutls_datum_t * data, | ||
97 | MHD_gnutls_x509_crt_fmt_t format); | ||
98 | int MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert, | ||
99 | MHD_gnutls_x509_crt_fmt_t format, | ||
100 | void *output_data, | ||
101 | size_t * output_data_size); | ||
102 | int MHD_gnutls_x509_crt_get_version (MHD_gnutls_x509_crt_t cert); | ||
103 | |||
104 | #define GNUTLS_CRL_REASON_UNUSED 128 | ||
105 | #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 | ||
106 | #define GNUTLS_CRL_REASON_CA_COMPROMISE 32 | ||
107 | #define GNUTLS_CRL_REASON_AFFILIATION_CHANGED 16 | ||
108 | #define GNUTLS_CRL_REASON_SUPERSEEDED 8 | ||
109 | #define GNUTLS_CRL_REASON_CESSATION_OF_OPERATION 4 | ||
110 | #define GNUTLS_CRL_REASON_CERTIFICATE_HOLD 2 | ||
111 | #define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 | ||
112 | #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 | ||
113 | |||
114 | int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert, | ||
115 | unsigned int *bits); | ||
116 | int MHD_gnutls_x509_crt_get_ca_status (MHD_gnutls_x509_crt_t cert, | ||
117 | unsigned int *critical); | ||
118 | /* The key_usage flags are defined in gnutls.h. They are the | ||
119 | * GNUTLS_KEY_* definitions. | ||
120 | */ | ||
121 | int MHD_gnutls_x509_crt_get_key_usage (MHD_gnutls_x509_crt_t cert, | ||
122 | unsigned int *key_usage, | ||
123 | unsigned int *critical); | ||
124 | int MHD_gnutls_x509_crt_set_key_usage (MHD_gnutls_x509_crt_t crt, | ||
125 | unsigned int usage); | ||
126 | |||
127 | /* Read extensions by sequence number. */ | ||
128 | int MHD_gnutls_x509_crt_set_extension_by_oid (MHD_gnutls_x509_crt_t crt, | ||
129 | const char *oid, | ||
130 | const void *buf, | ||
131 | size_t sizeof_buf, | ||
132 | unsigned int critical); | ||
133 | |||
134 | /* X.509 Certificate writing. | ||
135 | */ | ||
136 | int MHD_gnutls_x509_crt_set_dn_by_oid (MHD_gnutls_x509_crt_t crt, | ||
137 | const char *oid, | ||
138 | unsigned int raw_flag, | ||
139 | const void *name, | ||
140 | unsigned int sizeof_name); | ||
141 | int MHD_gnutls_x509_crt_set_issuer_dn_by_oid (MHD_gnutls_x509_crt_t crt, | ||
142 | const char *oid, | ||
143 | unsigned int raw_flag, | ||
144 | const void *name, | ||
145 | unsigned int sizeof_name); | ||
146 | int MHD_gnutls_x509_crt_set_version (MHD_gnutls_x509_crt_t crt, | ||
147 | unsigned int version); | ||
148 | int MHD_gnutls_x509_crt_set_key (MHD_gnutls_x509_crt_t crt, | ||
149 | MHD_gnutls_x509_privkey_t key); | ||
150 | int MHD_gnutls_x509_crt_set_ca_status (MHD_gnutls_x509_crt_t crt, | ||
151 | unsigned int ca); | ||
152 | int MHD_gnutls_x509_crt_set_basic_constraints (MHD_gnutls_x509_crt_t crt, | ||
153 | unsigned int ca, | ||
154 | int pathLenConstraint); | ||
155 | int MHD_gnutls_x509_crt_set_subject_alternative_name (MHD_gnutls_x509_crt_t | ||
156 | crt, | ||
157 | MHD_gnutls_x509_subject_alt_name_t | ||
158 | type, | ||
159 | const char | ||
160 | *data_string); | ||
161 | int MHD_gnutls_x509_crt_sign (MHD_gnutls_x509_crt_t crt, | ||
162 | MHD_gnutls_x509_crt_t issuer, | ||
163 | MHD_gnutls_x509_privkey_t issuer_key); | ||
164 | int MHD_gnutls_x509_crt_sign2 (MHD_gnutls_x509_crt_t crt, | ||
165 | MHD_gnutls_x509_crt_t issuer, | ||
166 | MHD_gnutls_x509_privkey_t issuer_key, | ||
167 | enum MHD_GNUTLS_HashAlgorithm, | ||
168 | unsigned int flags); | ||
169 | int MHD_gnutls_x509_crt_set_serial (MHD_gnutls_x509_crt_t cert, | ||
170 | const void *serial, size_t serial_size); | ||
171 | |||
172 | int MHD_gnutls_x509_crt_set_subject_key_id (MHD_gnutls_x509_crt_t cert, | ||
173 | const void *id, size_t id_size); | ||
174 | |||
175 | int MHD_gnutls_x509_crt_set_proxy_dn (MHD_gnutls_x509_crt_t crt, | ||
176 | MHD_gnutls_x509_crt_t eecrt, | ||
177 | unsigned int raw_flag, | ||
178 | const void *name, | ||
179 | unsigned int sizeof_name); | ||
180 | int MHD_gnutls_x509_crt_set_proxy (MHD_gnutls_x509_crt_t crt, | ||
181 | int pathLenConstraint, | ||
182 | const char *policyLanguage, | ||
183 | const char *policy, | ||
184 | size_t sizeof_policy); | ||
185 | |||
186 | typedef enum MHD_gnutls_certificate_print_formats | ||
187 | { | ||
188 | GNUTLS_X509_CRT_FULL, | ||
189 | GNUTLS_X509_CRT_ONELINE, | ||
190 | GNUTLS_X509_CRT_UNSIGNED_FULL | ||
191 | } MHD_gnutls_certificate_print_formats_t; | ||
192 | |||
193 | int MHD_gnutls_x509_crt_print (MHD_gnutls_x509_crt_t cert, | ||
194 | MHD_gnutls_certificate_print_formats_t | ||
195 | format, MHD_gnutls_datum_t * out); | ||
196 | /* Access to internal Certificate fields. | ||
197 | */ | ||
198 | |||
199 | typedef void *MHD_gnutls_x509_dn_t; | ||
200 | |||
201 | /* X.509 Certificate verification functions. | ||
202 | */ | ||
203 | typedef enum MHD_gnutls_certificate_verify_flags | ||
204 | { | ||
205 | /* If set a signer does not have to be a certificate authority. This | ||
206 | * flag should normaly be disabled, unless you know what this means. | ||
207 | */ | ||
208 | GNUTLS_VERIFY_DISABLE_CA_SIGN = 1, | ||
209 | |||
210 | /* Allow only trusted CA certificates that have version 1. This is | ||
211 | * safer than GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT, and should be | ||
212 | * used instead. That way only signers in your trusted list will be | ||
213 | * allowed to have certificates of version 1. | ||
214 | */ | ||
215 | GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2, | ||
216 | |||
217 | /* If a certificate is not signed by anyone trusted but exists in | ||
218 | * the trusted CA list do not treat it as trusted. | ||
219 | */ | ||
220 | GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4, | ||
221 | |||
222 | /* Allow CA certificates that have version 1 (both root and | ||
223 | * intermediate). This might be dangerous since those haven't the | ||
224 | * basicConstraints extension. Must be used in combination with | ||
225 | * GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT. | ||
226 | */ | ||
227 | GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8, | ||
228 | |||
229 | /* Allow certificates to be signed using the broken MD2 algorithm. | ||
230 | */ | ||
231 | GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 16, | ||
232 | |||
233 | /* Allow certificates to be signed using the broken MD5 algorithm. | ||
234 | */ | ||
235 | GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32 | ||
236 | } MHD_gnutls_certificate_verify_flags; | ||
237 | |||
238 | |||
239 | /* Flags for the MHD_gnutls_x509_privkey_export_pkcs8() function. | ||
240 | */ | ||
241 | typedef enum MHD_gnutls_pkcs_encrypt_flags_t | ||
242 | { | ||
243 | GNUTLS_PKCS_PLAIN = 1, /* if set the private key will not | ||
244 | * be encrypted. | ||
245 | */ | ||
246 | GNUTLS_PKCS_USE_PKCS12_3DES = 2, | ||
247 | GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4, | ||
248 | GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8, | ||
249 | GNUTLS_PKCS_USE_PBES2_3DES = 16 | ||
250 | } MHD_gnutls_pkcs_encrypt_flags_t; | ||
251 | |||
252 | #define GNUTLS_PKCS8_PLAIN GNUTLS_PKCS_PLAIN | ||
253 | #define GNUTLS_PKCS8_USE_PKCS12_3DES GNUTLS_PKCS_USE_PKCS12_3DES | ||
254 | #define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR | ||
255 | #define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40 | ||
256 | |||
257 | int MHD_gnutls_x509_privkey_init (MHD_gnutls_x509_privkey_t * key); | ||
258 | void MHD_gnutls_x509_privkey_deinit (MHD_gnutls_x509_privkey_t key); | ||
259 | int MHD_gnutls_x509_privkey_import (MHD_gnutls_x509_privkey_t key, | ||
260 | const MHD_gnutls_datum_t * data, | ||
261 | MHD_gnutls_x509_crt_fmt_t format); | ||
262 | int MHD_gnutls_x509_privkey_get_key_id (MHD_gnutls_x509_privkey_t key, | ||
263 | unsigned int flags, | ||
264 | unsigned char *output_data, | ||
265 | size_t * output_data_size); | ||
266 | |||
267 | int MHD_gnutls_x509_privkey_export (MHD_gnutls_x509_privkey_t key, | ||
268 | MHD_gnutls_x509_crt_fmt_t format, | ||
269 | void *output_data, | ||
270 | size_t * output_data_size); | ||
271 | int MHD_gnutls_x509_privkey_export_pkcs8 (MHD_gnutls_x509_privkey_t key, | ||
272 | MHD_gnutls_x509_crt_fmt_t format, | ||
273 | const char *password, | ||
274 | unsigned int flags, | ||
275 | void *output_data, | ||
276 | size_t * output_data_size); | ||
277 | int MHD_gnutls_x509_privkey_export_rsa_raw (MHD_gnutls_x509_privkey_t key, | ||
278 | MHD_gnutls_datum_t * m, | ||
279 | MHD_gnutls_datum_t * e, | ||
280 | MHD_gnutls_datum_t * d, | ||
281 | MHD_gnutls_datum_t * p, | ||
282 | MHD_gnutls_datum_t * q, | ||
283 | MHD_gnutls_datum_t * u); | ||
284 | |||
285 | int MHD_gnutls_x509_privkey_verify_data (MHD_gnutls_x509_privkey_t key, | ||
286 | unsigned int flags, | ||
287 | const MHD_gnutls_datum_t * data, | ||
288 | const MHD_gnutls_datum_t * | ||
289 | signature); | ||
290 | |||
291 | #ifdef __cplusplus | ||
292 | } | ||
293 | #endif | ||
294 | |||
295 | #define HASH_OID_SHA1 "1.3.14.3.2.26" | ||
296 | #define HASH_OID_MD5 "1.2.840.113549.2.5" | ||
297 | #define HASH_OID_MD2 "1.2.840.113549.2.2" | ||
298 | #define HASH_OID_RMD160 "1.3.36.3.2.1" | ||
299 | #define HASH_OID_SHA256 "2.16.840.1.101.3.4.2.1" | ||
300 | #define HASH_OID_SHA384 "2.16.840.1.101.3.4.2.2" | ||
301 | #define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3" | ||
302 | |||
303 | typedef struct MHD_gnutls_x509_crt_int | ||
304 | { | ||
305 | ASN1_TYPE cert; | ||
306 | int use_extensions; | ||
307 | } MHD_gnutls_x509_crt_int; | ||
308 | |||
309 | #define MAX_PRIV_PARAMS_SIZE 6 /* ok for RSA and DSA */ | ||
310 | |||
311 | /* parameters should not be larger than this limit */ | ||
312 | #define DSA_PRIVATE_PARAMS 5 | ||
313 | #define DSA_PUBLIC_PARAMS 4 | ||
314 | #define RSA_PRIVATE_PARAMS 6 | ||
315 | #define RSA_PUBLIC_PARAMS 2 | ||
316 | |||
317 | #if MAX_PRIV_PARAMS_SIZE - RSA_PRIVATE_PARAMS < 0 | ||
318 | # error INCREASE MAX_PRIV_PARAMS | ||
319 | #endif | ||
320 | |||
321 | #if MAX_PRIV_PARAMS_SIZE - DSA_PRIVATE_PARAMS < 0 | ||
322 | # error INCREASE MAX_PRIV_PARAMS | ||
323 | #endif | ||
324 | |||
325 | typedef struct MHD_gtls_x509_privkey_int | ||
326 | { | ||
327 | mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public | ||
328 | * key algorithm | ||
329 | */ | ||
330 | /* | ||
331 | * RSA: [0] is modulus | ||
332 | * [1] is public exponent | ||
333 | * [2] is private exponent | ||
334 | * [3] is prime1 (p) | ||
335 | * [4] is prime2 (q) | ||
336 | * [5] is coefficient (u == inverse of p mod q) | ||
337 | * note that other packages used inverse of q mod p, | ||
338 | * so we need to perform conversions. | ||
339 | * DSA: [0] is p | ||
340 | * [1] is q | ||
341 | * [2] is g | ||
342 | * [3] is y (public key) | ||
343 | * [4] is x (private key) | ||
344 | */ | ||
345 | int params_size; /* holds the number of params */ | ||
346 | |||
347 | enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; | ||
348 | |||
349 | int crippled; /* The crippled keys will not use the ASN1_TYPE key. | ||
350 | * The encoding will only be performed at the export | ||
351 | * phase, to optimize copying etc. Cannot be used with | ||
352 | * the exported API (used internally only). | ||
353 | */ | ||
354 | ASN1_TYPE key; | ||
355 | } MHD_gnutls_x509_privkey_int; | ||
356 | |||
357 | int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert, | ||
358 | unsigned int *bits); | ||
359 | |||
360 | int MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert, | ||
361 | void *result, size_t * result_size); | ||
362 | |||
363 | int MHD_gnutls_x509_crt_init (MHD_gnutls_x509_crt_t * cert); | ||
364 | void MHD_gnutls_x509_crt_deinit (MHD_gnutls_x509_crt_t cert); | ||
365 | int MHD_gnutls_x509_crt_import (MHD_gnutls_x509_crt_t cert, | ||
366 | const MHD_gnutls_datum_t * data, | ||
367 | MHD_gnutls_x509_crt_fmt_t format); | ||
368 | int MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert, | ||
369 | MHD_gnutls_x509_crt_fmt_t format, | ||
370 | void *output_data, size_t * output_data_size); | ||
371 | |||
372 | int MHD_gnutls_x509_crt_get_key_usage (MHD_gnutls_x509_crt_t cert, | ||
373 | unsigned int *key_usage, | ||
374 | unsigned int *critical); | ||
375 | int MHD_gnutls_x509_crt_get_version (MHD_gnutls_x509_crt_t cert); | ||
376 | |||
377 | int MHD_gnutls_x509_privkey_init (MHD_gnutls_x509_privkey_t * key); | ||
378 | void MHD_gnutls_x509_privkey_deinit (MHD_gnutls_x509_privkey_t key); | ||
379 | |||
380 | int MHD_gnutls_x509_privkey_generate (MHD_gnutls_x509_privkey_t key, | ||
381 | enum MHD_GNUTLS_PublicKeyAlgorithm algo, | ||
382 | unsigned int bits, unsigned int flags); | ||
383 | |||
384 | int MHD_gnutls_x509_privkey_import (MHD_gnutls_x509_privkey_t key, | ||
385 | const MHD_gnutls_datum_t * data, | ||
386 | MHD_gnutls_x509_crt_fmt_t format); | ||
387 | int MHD_gnutls_x509_privkey_export_rsa_raw (MHD_gnutls_x509_privkey_t key, | ||
388 | MHD_gnutls_datum_t * m, | ||
389 | MHD_gnutls_datum_t * e, | ||
390 | MHD_gnutls_datum_t * d, | ||
391 | MHD_gnutls_datum_t * p, | ||
392 | MHD_gnutls_datum_t * q, | ||
393 | MHD_gnutls_datum_t * u); | ||
394 | int MHD_gnutls_x509_privkey_export (MHD_gnutls_x509_privkey_t key, | ||
395 | MHD_gnutls_x509_crt_fmt_t format, | ||
396 | void *output_data, | ||
397 | size_t * output_data_size); | ||
398 | |||
399 | #define GNUTLS_CRL_REASON_UNUSED 128 | ||
400 | #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 | ||
401 | #define GNUTLS_CRL_REASON_CA_COMPROMISE 32 | ||
402 | #define GNUTLS_CRL_REASON_AFFILIATION_CHANGED 16 | ||
403 | #define GNUTLS_CRL_REASON_SUPERSEEDED 8 | ||
404 | #define GNUTLS_CRL_REASON_CESSATION_OF_OPERATION 4 | ||
405 | #define GNUTLS_CRL_REASON_CERTIFICATE_HOLD 2 | ||
406 | #define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 | ||
407 | #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 | ||
408 | |||
409 | #endif | ||
diff --git a/src/daemon/https/x509/x509_privkey.c b/src/daemon/https/x509/x509_privkey.c deleted file mode 100644 index e22da040..00000000 --- a/src/daemon/https/x509/x509_privkey.c +++ /dev/null | |||
@@ -1,289 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | #include <gnutls_datum.h> | ||
27 | #include <gnutls_global.h> | ||
28 | #include <gnutls_errors.h> | ||
29 | #include <gnutls_rsa_export.h> | ||
30 | #include <gnutls_sig.h> | ||
31 | #include <common.h> | ||
32 | #include <gnutls_x509.h> | ||
33 | #include <x509_b64.h> | ||
34 | #include <x509.h> | ||
35 | #include <mpi.h> | ||
36 | #include <extensions.h> | ||
37 | |||
38 | /* remove this when libgcrypt can handle the PKCS #1 coefficients from | ||
39 | * rsa keys | ||
40 | */ | ||
41 | #define CALC_COEFF 1 | ||
42 | |||
43 | /** | ||
44 | * MHD_gnutls_x509_privkey_init - This function initializes a MHD_gnutls_crl structure | ||
45 | * @key: The structure to be initialized | ||
46 | * | ||
47 | * This function will initialize an private key structure. | ||
48 | * | ||
49 | * Returns 0 on success. | ||
50 | * | ||
51 | **/ | ||
52 | int | ||
53 | MHD_gnutls_x509_privkey_init (MHD_gnutls_x509_privkey_t * key) | ||
54 | { | ||
55 | *key = MHD_gnutls_calloc (1, sizeof (MHD_gnutls_x509_privkey_int)); | ||
56 | |||
57 | if (*key) | ||
58 | { | ||
59 | (*key)->key = ASN1_TYPE_EMPTY; | ||
60 | (*key)->pk_algorithm = MHD_GNUTLS_PK_UNKNOWN; | ||
61 | return 0; /* success */ | ||
62 | } | ||
63 | |||
64 | return GNUTLS_E_MEMORY_ERROR; | ||
65 | } | ||
66 | |||
67 | /** | ||
68 | * MHD_gnutls_x509_privkey_deinit - This function deinitializes memory used by a MHD_gnutls_x509_privkey_t structure | ||
69 | * @key: The structure to be initialized | ||
70 | * | ||
71 | * This function will deinitialize a private key structure. | ||
72 | * | ||
73 | **/ | ||
74 | void | ||
75 | MHD_gnutls_x509_privkey_deinit (MHD_gnutls_x509_privkey_t key) | ||
76 | { | ||
77 | int i; | ||
78 | |||
79 | if (!key) | ||
80 | return; | ||
81 | |||
82 | for (i = 0; i < key->params_size; i++) | ||
83 | { | ||
84 | MHD_gtls_mpi_release (&key->params[i]); | ||
85 | } | ||
86 | |||
87 | MHD__asn1_delete_structure (&key->key); | ||
88 | MHD_gnutls_free (key); | ||
89 | } | ||
90 | |||
91 | |||
92 | /* Converts an RSA PKCS#1 key to | ||
93 | * an internal structure (MHD_gnutls_private_key) | ||
94 | */ | ||
95 | ASN1_TYPE | ||
96 | MHD__gnutls_privkey_decode_pkcs1_rsa_key (const MHD_gnutls_datum_t * raw_key, | ||
97 | MHD_gnutls_x509_privkey_t pkey) | ||
98 | { | ||
99 | int result; | ||
100 | ASN1_TYPE pkey_asn; | ||
101 | |||
102 | if ((result = MHD__asn1_create_element (MHD__gnutls_getMHD__gnutls_asn (), | ||
103 | "GNUTLS.RSAPrivateKey", | ||
104 | &pkey_asn)) != ASN1_SUCCESS) | ||
105 | { | ||
106 | MHD_gnutls_assert (); | ||
107 | return NULL; | ||
108 | } | ||
109 | |||
110 | if ((sizeof (pkey->params) / sizeof (mpi_t)) < RSA_PRIVATE_PARAMS) | ||
111 | { | ||
112 | MHD_gnutls_assert (); | ||
113 | /* internal error. Increase the mpi_ts in params */ | ||
114 | return NULL; | ||
115 | } | ||
116 | |||
117 | result = | ||
118 | MHD__asn1_der_decoding (&pkey_asn, raw_key->data, raw_key->size, NULL); | ||
119 | if (result != ASN1_SUCCESS) | ||
120 | { | ||
121 | MHD_gnutls_assert (); | ||
122 | goto error; | ||
123 | } | ||
124 | |||
125 | if ((result = | ||
126 | MHD__gnutls_x509_read_int (pkey_asn, "modulus", &pkey->params[0])) < 0) | ||
127 | { | ||
128 | MHD_gnutls_assert (); | ||
129 | goto error; | ||
130 | } | ||
131 | |||
132 | if ((result = MHD__gnutls_x509_read_int (pkey_asn, "publicExponent", | ||
133 | &pkey->params[1])) < 0) | ||
134 | { | ||
135 | MHD_gnutls_assert (); | ||
136 | goto error; | ||
137 | } | ||
138 | |||
139 | if ((result = MHD__gnutls_x509_read_int (pkey_asn, "privateExponent", | ||
140 | &pkey->params[2])) < 0) | ||
141 | { | ||
142 | MHD_gnutls_assert (); | ||
143 | goto error; | ||
144 | } | ||
145 | |||
146 | if ((result = | ||
147 | MHD__gnutls_x509_read_int (pkey_asn, "prime1", &pkey->params[3])) < 0) | ||
148 | { | ||
149 | MHD_gnutls_assert (); | ||
150 | goto error; | ||
151 | } | ||
152 | |||
153 | if ((result = | ||
154 | MHD__gnutls_x509_read_int (pkey_asn, "prime2", &pkey->params[4])) < 0) | ||
155 | { | ||
156 | MHD_gnutls_assert (); | ||
157 | goto error; | ||
158 | } | ||
159 | |||
160 | #ifdef CALC_COEFF | ||
161 | /* Calculate the coefficient. This is because the gcrypt | ||
162 | * library is uses the p,q in the reverse order. | ||
163 | */ | ||
164 | pkey->params[5] = | ||
165 | MHD__gnutls_mpi_snew (MHD__gnutls_mpi_get_nbits (pkey->params[0])); | ||
166 | |||
167 | if (pkey->params[5] == NULL) | ||
168 | { | ||
169 | MHD_gnutls_assert (); | ||
170 | goto error; | ||
171 | } | ||
172 | |||
173 | MHD__gnutls_mpi_invm (pkey->params[5], pkey->params[3], pkey->params[4]); | ||
174 | /* p, q */ | ||
175 | #else | ||
176 | if ((result = MHD__gnutls_x509_read_int (pkey_asn, "coefficient", | ||
177 | &pkey->params[5])) < 0) | ||
178 | { | ||
179 | MHD_gnutls_assert (); | ||
180 | goto error; | ||
181 | } | ||
182 | #endif | ||
183 | pkey->params_size = 6; | ||
184 | |||
185 | return pkey_asn; | ||
186 | |||
187 | error:MHD__asn1_delete_structure (&pkey_asn); | ||
188 | MHD_gtls_mpi_release (&pkey->params[0]); | ||
189 | MHD_gtls_mpi_release (&pkey->params[1]); | ||
190 | MHD_gtls_mpi_release (&pkey->params[2]); | ||
191 | MHD_gtls_mpi_release (&pkey->params[3]); | ||
192 | MHD_gtls_mpi_release (&pkey->params[4]); | ||
193 | MHD_gtls_mpi_release (&pkey->params[5]); | ||
194 | return NULL; | ||
195 | |||
196 | } | ||
197 | |||
198 | #define PEM_KEY_RSA "RSA PRIVATE KEY" | ||
199 | |||
200 | /** | ||
201 | * MHD_gnutls_x509_privkey_import - This function will import a DER or PEM encoded key | ||
202 | * @key: The structure to store the parsed key | ||
203 | * @data: The DER or PEM encoded certificate. | ||
204 | * @format: One of DER or PEM | ||
205 | * | ||
206 | * This function will convert the given DER or PEM encoded key | ||
207 | * to the native MHD_gnutls_x509_privkey_t format. The output will be stored in @key . | ||
208 | * | ||
209 | * If the key is PEM encoded it should have a header of "RSA PRIVATE KEY", or | ||
210 | * "DSA PRIVATE KEY". | ||
211 | * | ||
212 | * Returns 0 on success. | ||
213 | * | ||
214 | **/ | ||
215 | int | ||
216 | MHD_gnutls_x509_privkey_import (MHD_gnutls_x509_privkey_t key, | ||
217 | const MHD_gnutls_datum_t * data, | ||
218 | MHD_gnutls_x509_crt_fmt_t format) | ||
219 | { | ||
220 | int result = 0, need_free = 0; | ||
221 | MHD_gnutls_datum_t _data; | ||
222 | |||
223 | if (key == NULL) | ||
224 | { | ||
225 | MHD_gnutls_assert (); | ||
226 | return GNUTLS_E_INVALID_REQUEST; | ||
227 | } | ||
228 | |||
229 | _data.data = data->data; | ||
230 | _data.size = data->size; | ||
231 | |||
232 | key->pk_algorithm = MHD_GNUTLS_PK_UNKNOWN; | ||
233 | |||
234 | /* If the Certificate is in PEM format then decode it */ | ||
235 | if (format == GNUTLS_X509_FMT_PEM) | ||
236 | { | ||
237 | opaque *out; | ||
238 | |||
239 | /* Try the first header */ | ||
240 | result | ||
241 | = | ||
242 | MHD__gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, | ||
243 | &out); | ||
244 | key->pk_algorithm = MHD_GNUTLS_PK_RSA; | ||
245 | |||
246 | _data.data = out; | ||
247 | _data.size = result; | ||
248 | |||
249 | need_free = 1; | ||
250 | } | ||
251 | |||
252 | if (key->pk_algorithm == MHD_GNUTLS_PK_RSA) | ||
253 | { | ||
254 | key->key = MHD__gnutls_privkey_decode_pkcs1_rsa_key (&_data, key); | ||
255 | if (key->key == NULL) | ||
256 | MHD_gnutls_assert (); | ||
257 | } | ||
258 | else | ||
259 | { | ||
260 | /* Try decoding with both, and accept the one that succeeds. */ | ||
261 | key->pk_algorithm = MHD_GNUTLS_PK_RSA; | ||
262 | key->key = MHD__gnutls_privkey_decode_pkcs1_rsa_key (&_data, key); | ||
263 | |||
264 | // TODO rm | ||
265 | // if (key->key == NULL) | ||
266 | // { | ||
267 | // key->pk_algorithm = GNUTLS_PK_DSA; | ||
268 | // key->key = decode_dsa_key(&_data, key); | ||
269 | // if (key->key == NULL) | ||
270 | // MHD_gnutls_assert(); | ||
271 | // } | ||
272 | } | ||
273 | |||
274 | if (key->key == NULL) | ||
275 | { | ||
276 | MHD_gnutls_assert (); | ||
277 | result = GNUTLS_E_ASN1_DER_ERROR; | ||
278 | key->pk_algorithm = MHD_GNUTLS_PK_UNKNOWN; | ||
279 | return result; | ||
280 | } | ||
281 | |||
282 | if (need_free) | ||
283 | MHD__gnutls_free_datum (&_data); | ||
284 | |||
285 | /* The key has now been decoded. | ||
286 | */ | ||
287 | |||
288 | return 0; | ||
289 | } | ||
diff --git a/src/daemon/internal.h b/src/daemon/internal.h index 71c4f7ff..805d8848 100644 --- a/src/daemon/internal.h +++ b/src/daemon/internal.h | |||
@@ -30,7 +30,7 @@ | |||
30 | #include "platform.h" | 30 | #include "platform.h" |
31 | #include "microhttpd.h" | 31 | #include "microhttpd.h" |
32 | #if HTTPS_SUPPORT | 32 | #if HTTPS_SUPPORT |
33 | #include "gnutls.h" | 33 | #include <gnutls/gnutls.h> |
34 | #endif | 34 | #endif |
35 | 35 | ||
36 | #define EXTRA_CHECKS MHD_YES | 36 | #define EXTRA_CHECKS MHD_YES |
@@ -660,7 +660,17 @@ struct MHD_Connection | |||
660 | /** | 660 | /** |
661 | * State required for HTTPS/SSL/TLS support. | 661 | * State required for HTTPS/SSL/TLS support. |
662 | */ | 662 | */ |
663 | MHD_gtls_session_t tls_session; | 663 | gnutls_session_t tls_session; |
664 | |||
665 | /** | ||
666 | * Memory location to return for protocol session info. | ||
667 | */ | ||
668 | int protocol; | ||
669 | |||
670 | /** | ||
671 | * Memory location to return for protocol session info. | ||
672 | */ | ||
673 | int cipher; | ||
664 | #endif | 674 | #endif |
665 | }; | 675 | }; |
666 | 676 | ||
@@ -799,22 +809,17 @@ struct MHD_Daemon | |||
799 | * What kind of credentials are we offering | 809 | * What kind of credentials are we offering |
800 | * for SSL/TLS? | 810 | * for SSL/TLS? |
801 | */ | 811 | */ |
802 | enum MHD_GNUTLS_CredentialsType cred_type; | 812 | gnutls_credentials_type_t cred_type; |
803 | 813 | ||
804 | /** | 814 | /** |
805 | * Server x509 credentials | 815 | * Server x509 credentials |
806 | */ | 816 | */ |
807 | MHD_gtls_cert_credentials_t x509_cred; | 817 | gnutls_certificate_credentials_t x509_cred; |
808 | |||
809 | /** | ||
810 | * Cipher priority cache | ||
811 | */ | ||
812 | MHD_gnutls_priority_t priority_cache; | ||
813 | 818 | ||
814 | /** | 819 | /** |
815 | * Diffie-Hellman parameters | 820 | * Diffie-Hellman parameters |
816 | */ | 821 | */ |
817 | MHD_gtls_dh_params_t dh_params; | 822 | gnutls_dh_params_t dh_params; |
818 | 823 | ||
819 | /** | 824 | /** |
820 | * Pointer to our SSL/TLS key (in ASCII) in memory. | 825 | * Pointer to our SSL/TLS key (in ASCII) in memory. |
@@ -825,6 +830,7 @@ struct MHD_Daemon | |||
825 | * Pointer to our SSL/TLS certificate (in ASCII) in memory. | 830 | * Pointer to our SSL/TLS certificate (in ASCII) in memory. |
826 | */ | 831 | */ |
827 | const char *https_mem_cert; | 832 | const char *https_mem_cert; |
833 | |||
828 | #endif | 834 | #endif |
829 | 835 | ||
830 | /** | 836 | /** |