aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--doc/examples/basicauthentication.c143
-rw-r--r--doc/examples/hellobrowser.c24
-rw-r--r--doc/examples/logging.c23
-rw-r--r--doc/examples/responseheaders.c84
-rw-r--r--doc/examples/simplepost.c144
-rw-r--r--src/daemon/connection.c59
-rw-r--r--src/daemon/connection_https.c52
-rw-r--r--src/daemon/daemon.c100
-rw-r--r--src/daemon/https/gnutls.h361
-rw-r--r--src/daemon/https/lgl/des.h30
-rw-r--r--src/daemon/https/lgl/gc.h210
-rw-r--r--src/daemon/https/lgl/gettext.h33
-rw-r--r--src/daemon/https/lgl/hmac.h4
-rw-r--r--src/daemon/https/lgl/md5.h24
-rw-r--r--src/daemon/https/lgl/printf-args.h62
-rw-r--r--src/daemon/https/lgl/printf-parse.h78
-rw-r--r--src/daemon/https/lgl/rijndael-alg-fst.c10
-rw-r--r--src/daemon/https/lgl/rijndael-alg-fst.h8
-rw-r--r--src/daemon/https/lgl/rijndael-api-fst.h50
-rw-r--r--src/daemon/https/lgl/sha1.h6
-rw-r--r--src/daemon/https/lgl/vasnprintf.h17
-rw-r--r--src/daemon/https/lgl/xsize.h17
-rw-r--r--src/daemon/https/minitasn1/coding.c2
-rw-r--r--src/daemon/https/minitasn1/decoding.c4
-rw-r--r--src/daemon/https/minitasn1/element.h9
-rw-r--r--src/daemon/https/minitasn1/errors.h2
-rw-r--r--src/daemon/https/minitasn1/gstr.h4
-rw-r--r--src/daemon/https/minitasn1/int.h6
-rw-r--r--src/daemon/https/minitasn1/libtasn1.h114
-rw-r--r--src/daemon/https/minitasn1/mem.h2
-rw-r--r--src/daemon/https/minitasn1/parser_aux.c2
-rw-r--r--src/daemon/https/minitasn1/parser_aux.h55
-rw-r--r--src/daemon/https/minitasn1/structure.h14
-rw-r--r--src/daemon/https/tls/auth_anon.c16
-rw-r--r--src/daemon/https/tls/auth_anon.h2
-rw-r--r--src/daemon/https/tls/auth_cert.c123
-rw-r--r--src/daemon/https/tls/auth_cert.h63
-rw-r--r--src/daemon/https/tls/auth_dh_common.c12
-rw-r--r--src/daemon/https/tls/auth_dh_common.h10
-rw-r--r--src/daemon/https/tls/auth_dhe.c31
-rw-r--r--src/daemon/https/tls/auth_rsa.c24
-rw-r--r--src/daemon/https/tls/auth_rsa_export.c33
-rw-r--r--src/daemon/https/tls/ext_cert_type.c12
-rw-r--r--src/daemon/https/tls/ext_cert_type.h4
-rw-r--r--src/daemon/https/tls/ext_inner_application.c7
-rw-r--r--src/daemon/https/tls/ext_inner_application.h5
-rw-r--r--src/daemon/https/tls/ext_max_record.c12
-rw-r--r--src/daemon/https/tls/ext_max_record.h6
-rw-r--r--src/daemon/https/tls/ext_oprfi.c23
-rw-r--r--src/daemon/https/tls/ext_oprfi.h6
-rw-r--r--src/daemon/https/tls/ext_server_name.c16
-rw-r--r--src/daemon/https/tls/ext_server_name.h4
-rw-r--r--src/daemon/https/tls/gnutls_alert.c2
-rw-r--r--src/daemon/https/tls/gnutls_algorithms.c89
-rw-r--r--src/daemon/https/tls/gnutls_algorithms.h129
-rw-r--r--src/daemon/https/tls/gnutls_anon_cred.c23
-rw-r--r--src/daemon/https/tls/gnutls_auth.c49
-rw-r--r--src/daemon/https/tls/gnutls_auth.h35
-rw-r--r--src/daemon/https/tls/gnutls_auth_int.h15
-rw-r--r--src/daemon/https/tls/gnutls_buffers.c6
-rw-r--r--src/daemon/https/tls/gnutls_buffers.h30
-rw-r--r--src/daemon/https/tls/gnutls_cert.c46
-rw-r--r--src/daemon/https/tls/gnutls_cert.h58
-rw-r--r--src/daemon/https/tls/gnutls_cipher.c88
-rw-r--r--src/daemon/https/tls/gnutls_cipher.h23
-rw-r--r--src/daemon/https/tls/gnutls_cipher_int.c4
-rw-r--r--src/daemon/https/tls/gnutls_cipher_int.h17
-rw-r--r--src/daemon/https/tls/gnutls_compress.c10
-rw-r--r--src/daemon/https/tls/gnutls_compress.h8
-rw-r--r--src/daemon/https/tls/gnutls_compress_int.c8
-rw-r--r--src/daemon/https/tls/gnutls_compress_int.h6
-rw-r--r--src/daemon/https/tls/gnutls_constate.c223
-rw-r--r--src/daemon/https/tls/gnutls_constate.h15
-rw-r--r--src/daemon/https/tls/gnutls_datum.c6
-rw-r--r--src/daemon/https/tls/gnutls_datum.h4
-rw-r--r--src/daemon/https/tls/gnutls_dh.c10
-rw-r--r--src/daemon/https/tls/gnutls_dh.h6
-rw-r--r--src/daemon/https/tls/gnutls_dh_primes.c3
-rw-r--r--src/daemon/https/tls/gnutls_errors.c4
-rw-r--r--src/daemon/https/tls/gnutls_extensions.c11
-rw-r--r--src/daemon/https/tls/gnutls_extensions.h14
-rw-r--r--src/daemon/https/tls/gnutls_global.c21
-rw-r--r--src/daemon/https/tls/gnutls_handshake.c247
-rw-r--r--src/daemon/https/tls/gnutls_handshake.h28
-rw-r--r--src/daemon/https/tls/gnutls_hash_int.c23
-rw-r--r--src/daemon/https/tls/gnutls_hash_int.h19
-rw-r--r--src/daemon/https/tls/gnutls_int.h838
-rw-r--r--src/daemon/https/tls/gnutls_kx.c156
-rw-r--r--src/daemon/https/tls/gnutls_kx.h7
-rw-r--r--src/daemon/https/tls/gnutls_mem.h10
-rw-r--r--src/daemon/https/tls/gnutls_mpi.c3
-rw-r--r--src/daemon/https/tls/gnutls_mpi.h6
-rw-r--r--src/daemon/https/tls/gnutls_pk.c36
-rw-r--r--src/daemon/https/tls/gnutls_pk.h24
-rw-r--r--src/daemon/https/tls/gnutls_priority.c15
-rw-r--r--src/daemon/https/tls/gnutls_record.c84
-rw-r--r--src/daemon/https/tls/gnutls_record.h11
-rw-r--r--src/daemon/https/tls/gnutls_rsa_export.c3
-rw-r--r--src/daemon/https/tls/gnutls_rsa_export.h2
-rw-r--r--src/daemon/https/tls/gnutls_session.c2
-rw-r--r--src/daemon/https/tls/gnutls_session_pack.c57
-rw-r--r--src/daemon/https/tls/gnutls_session_pack.h4
-rw-r--r--src/daemon/https/tls/gnutls_sig.c66
-rw-r--r--src/daemon/https/tls/gnutls_sig.h27
-rw-r--r--src/daemon/https/tls/gnutls_state.c75
-rw-r--r--src/daemon/https/tls/gnutls_state.h29
-rw-r--r--src/daemon/https/tls/gnutls_str.c14
-rw-r--r--src/daemon/https/tls/gnutls_str.h19
-rw-r--r--src/daemon/https/tls/gnutls_supplemental.c3
-rw-r--r--src/daemon/https/tls/gnutls_supplemental.h5
-rw-r--r--src/daemon/https/tls/gnutls_ui.c59
-rw-r--r--src/daemon/https/tls/gnutls_x509.c79
-rw-r--r--src/daemon/https/tls/gnutls_x509.h10
-rw-r--r--src/daemon/https/tls/io_debug.h2
-rw-r--r--src/daemon/https/tls/x509_b64.c28
-rw-r--r--src/daemon/https/tls/x509_b64.h8
-rw-r--r--src/daemon/https/x509/common.c12
-rw-r--r--src/daemon/https/x509/common.h59
-rw-r--r--src/daemon/https/x509/crl.c14
-rw-r--r--src/daemon/https/x509/crl_write.c4
-rw-r--r--src/daemon/https/x509/crq.c18
-rw-r--r--src/daemon/https/x509/dn.c27
-rw-r--r--src/daemon/https/x509/dn.h18
-rw-r--r--src/daemon/https/x509/dsa.c2
-rw-r--r--src/daemon/https/x509/extensions.c18
-rw-r--r--src/daemon/https/x509/extensions.h58
-rw-r--r--src/daemon/https/x509/mpi.c3
-rw-r--r--src/daemon/https/x509/mpi.h26
-rw-r--r--src/daemon/https/x509/pkcs12.h210
-rw-r--r--src/daemon/https/x509/pkcs12_bag.c16
-rw-r--r--src/daemon/https/x509/pkcs7.c16
-rw-r--r--src/daemon/https/x509/privkey.h4
-rw-r--r--src/daemon/https/x509/privkey_pkcs8.c2
-rw-r--r--src/daemon/https/x509/sign.c11
-rw-r--r--src/daemon/https/x509/sign.h18
-rw-r--r--src/daemon/https/x509/verify.h10
-rw-r--r--src/daemon/https/x509/x509.c26
-rw-r--r--src/daemon/https/x509/x509.h1283
-rw-r--r--src/daemon/https/x509/x509_privkey.c14
-rw-r--r--src/daemon/https/x509/x509_verify.c36
-rw-r--r--src/daemon/https/x509/x509_write.c16
-rw-r--r--src/daemon/internal.h16
-rw-r--r--src/include/microhttpd.h66
-rw-r--r--src/include/platform.h2
-rw-r--r--src/testcurl/https/mhds_session_info_test.c24
-rw-r--r--src/testcurl/https/tls_alert_test.c12
-rw-r--r--src/testcurl/https/tls_authentication_test.c2
-rw-r--r--src/testcurl/https/tls_cipher_change_test.c4
-rw-r--r--src/testcurl/https/tls_daemon_options_test.c9
-rw-r--r--src/testcurl/https/tls_session_time_out_test.c6
-rw-r--r--src/testcurl/https/tls_test_keys.h180
151 files changed, 3723 insertions, 3643 deletions
diff --git a/doc/examples/basicauthentication.c b/doc/examples/basicauthentication.c
index fd457c22..b3af2e97 100644
--- a/doc/examples/basicauthentication.c
+++ b/doc/examples/basicauthentication.c
@@ -11,60 +11,75 @@
11#define PASSWORD "and his password" 11#define PASSWORD "and his password"
12 12
13 13
14char* string_to_base64 (const char *message); 14char *string_to_base64 (const char *message);
15 15
16 16
17int ask_for_authentication (struct MHD_Connection *connection, const char *realm) 17int
18ask_for_authentication (struct MHD_Connection *connection, const char *realm)
18{ 19{
19 int ret; 20 int ret;
20 struct MHD_Response *response; 21 struct MHD_Response *response;
21 char *headervalue; 22 char *headervalue;
22 const char *strbase = "Basic realm="; 23 const char *strbase = "Basic realm=";
23 24
24 response = MHD_create_response_from_data (0, NULL, MHD_NO, MHD_NO); 25 response = MHD_create_response_from_data (0, NULL, MHD_NO, MHD_NO);
25 if (!response) return MHD_NO; 26 if (!response)
26 27 return MHD_NO;
28
27 headervalue = malloc (strlen (strbase) + strlen (realm) + 1); 29 headervalue = malloc (strlen (strbase) + strlen (realm) + 1);
28 if (!headervalue) return MHD_NO; 30 if (!headervalue)
31 return MHD_NO;
29 32
30 strcpy (headervalue, strbase); 33 strcpy (headervalue, strbase);
31 strcat (headervalue, realm); 34 strcat (headervalue, realm);
32 35
33 ret = MHD_add_response_header (response, "WWW-Authenticate", headervalue); 36 ret = MHD_add_response_header (response, "WWW-Authenticate", headervalue);
34 free (headervalue); 37 free (headervalue);
35 if (!ret) {MHD_destroy_response (response); return MHD_NO;} 38 if (!ret)
39 {
40 MHD_destroy_response (response);
41 return MHD_NO;
42 }
36 43
37 ret = MHD_queue_response (connection, MHD_HTTP_UNAUTHORIZED, response); 44 ret = MHD_queue_response (connection, MHD_HTTP_UNAUTHORIZED, response);
38 45
39 MHD_destroy_response (response); 46 MHD_destroy_response (response);
40 47
41 return ret; 48 return ret;
42} 49}
43 50
44int is_authenticated (struct MHD_Connection *connection, 51int
45 const char *username, const char *password) 52is_authenticated (struct MHD_Connection *connection,
53 const char *username, const char *password)
46{ 54{
47 const char *headervalue; 55 const char *headervalue;
48 char *expected_b64, *expected; 56 char *expected_b64, *expected;
49 const char *strbase = "Basic "; 57 const char *strbase = "Basic ";
50 int authenticated; 58 int authenticated;
51 59
52 headervalue = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, "Authorization"); 60 headervalue =
53 if (NULL == headervalue) return 0; 61 MHD_lookup_connection_value (connection, MHD_HEADER_KIND,
54 if (0 != strncmp (headervalue, strbase, strlen (strbase))) return 0; 62 "Authorization");
63 if (NULL == headervalue)
64 return 0;
65 if (0 != strncmp (headervalue, strbase, strlen (strbase)))
66 return 0;
55 67
56 expected = malloc (strlen (username) + 1 + strlen (password) + 1); 68 expected = malloc (strlen (username) + 1 + strlen (password) + 1);
57 if (NULL == expected) return 0; 69 if (NULL == expected)
70 return 0;
58 71
59 strcpy (expected, username); 72 strcpy (expected, username);
60 strcat (expected, ":"); 73 strcat (expected, ":");
61 strcat (expected, password); 74 strcat (expected, password);
62 75
63 expected_b64 = string_to_base64 (expected); 76 expected_b64 = string_to_base64 (expected);
64 if (NULL == expected_b64) return 0; 77 if (NULL == expected_b64)
65 78 return 0;
79
66 strcpy (expected, strbase); 80 strcpy (expected, strbase);
67 authenticated = (strcmp (headervalue + strlen (strbase), expected_b64) == 0); 81 authenticated =
82 (strcmp (headervalue + strlen (strbase), expected_b64) == 0);
68 83
69 free (expected_b64); 84 free (expected_b64);
70 85
@@ -72,15 +87,19 @@ int is_authenticated (struct MHD_Connection *connection,
72} 87}
73 88
74 89
75int secret_page (struct MHD_Connection *connection) 90int
91secret_page (struct MHD_Connection *connection)
76{ 92{
77 int ret; 93 int ret;
78 struct MHD_Response *response; 94 struct MHD_Response *response;
79 const char *page = "<html><body>A secret.</body></html>"; 95 const char *page = "<html><body>A secret.</body></html>";
80 96
81 response = MHD_create_response_from_data (strlen (page), (void*) page, MHD_NO, MHD_NO); 97 response =
82 if (!response) return MHD_NO; 98 MHD_create_response_from_data (strlen (page), (void *) page, MHD_NO,
83 99 MHD_NO);
100 if (!response)
101 return MHD_NO;
102
84 ret = MHD_queue_response (connection, MHD_HTTP_OK, response); 103 ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
85 MHD_destroy_response (response); 104 MHD_destroy_response (response);
86 105
@@ -88,64 +107,78 @@ int secret_page (struct MHD_Connection *connection)
88} 107}
89 108
90 109
91int answer_to_connection (void *cls, struct MHD_Connection *connection, 110int
92 const char *url, const char *method, const char *version, 111answer_to_connection (void *cls, struct MHD_Connection *connection,
93 const char *upload_data, unsigned int *upload_data_size, 112 const char *url, const char *method,
94 void **con_cls) 113 const char *version, const char *upload_data,
114 unsigned int *upload_data_size, void **con_cls)
95{ 115{
96 if (0 != strcmp(method, "GET")) return MHD_NO; 116 if (0 != strcmp (method, "GET"))
97 if (NULL == *con_cls) {*con_cls = connection; return MHD_YES;} 117 return MHD_NO;
118 if (NULL == *con_cls)
119 {
120 *con_cls = connection;
121 return MHD_YES;
122 }
123
124 if (!is_authenticated (connection, USER, PASSWORD))
125 return ask_for_authentication (connection, REALM);
98 126
99 if (!is_authenticated (connection, USER, PASSWORD))
100 return ask_for_authentication (connection, REALM);
101
102 return secret_page (connection); 127 return secret_page (connection);
103} 128}
104 129
105 130
106int main () 131int
132main ()
107{ 133{
108 struct MHD_Daemon *daemon; 134 struct MHD_Daemon *daemon;
109 135
110 daemon = MHD_start_daemon(MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, 136 daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL,
111 &answer_to_connection, NULL, MHD_OPTION_END); 137 &answer_to_connection, NULL, MHD_OPTION_END);
112 if (NULL == daemon) return 1; 138 if (NULL == daemon)
139 return 1;
113 140
114 getchar (); 141 getchar ();
115 142
116 MHD_stop_daemon (daemon); 143 MHD_stop_daemon (daemon);
117 return 0; 144 return 0;
118} 145}
119 146
120 147
121char* string_to_base64 (const char *message) 148char *
149string_to_base64 (const char *message)
122{ 150{
123 const char *lookup = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 151 const char *lookup =
152 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
124 unsigned long l; 153 unsigned long l;
125 int i; 154 int i;
126 char *tmp; 155 char *tmp;
127 size_t length = strlen (message); 156 size_t length = strlen (message);
128 157
129 tmp = malloc (length * 2); 158 tmp = malloc (length * 2);
130 if (NULL == tmp) return tmp; 159 if (NULL == tmp)
160 return tmp;
131 161
132 tmp[0] = 0; 162 tmp[0] = 0;
133 163
134 for (i = 0; i < length; i += 3) 164 for (i = 0; i < length; i += 3)
135 { 165 {
136 l = ( ((unsigned long) message[i])<<16 ) 166 l = (((unsigned long) message[i]) << 16)
137 | (((i+1) < length) ? (((unsigned long) message[i+1])<<8 ) : 0 ) 167 | (((i + 1) < length) ? (((unsigned long) message[i + 1]) << 8) : 0)
138 | (((i+2) < length) ? ( (unsigned long) message[i+2] ) : 0 ); 168 | (((i + 2) < length) ? ((unsigned long) message[i + 2]) : 0);
169
139 170
171 strncat (tmp, &lookup[(l >> 18) & 0x3F], 1);
172 strncat (tmp, &lookup[(l >> 12) & 0x3F], 1);
140 173
141 strncat (tmp, &lookup[(l>>18) & 0x3F], 1); 174 if (i + 1 < length)
142 strncat (tmp, &lookup[(l>>12) & 0x3F], 1); 175 strncat (tmp, &lookup[(l >> 6) & 0x3F], 1);
143 176 if (i + 2 < length)
144 if (i+1 < length) strncat (tmp, &lookup[(l>> 6) & 0x3F], 1); 177 strncat (tmp, &lookup[l & 0x3F], 1);
145 if (i+2 < length) strncat (tmp, &lookup[l & 0x3F], 1);
146 } 178 }
147 179
148 if (length % 3) strncat (tmp, "===", 3-length%3); 180 if (length % 3)
149 181 strncat (tmp, "===", 3 - length % 3);
182
150 return tmp; 183 return tmp;
151} 184}
diff --git a/doc/examples/hellobrowser.c b/doc/examples/hellobrowser.c
index 15cb5788..02ac8ef1 100644
--- a/doc/examples/hellobrowser.c
+++ b/doc/examples/hellobrowser.c
@@ -5,30 +5,36 @@
5 5
6#define PORT 8888 6#define PORT 8888
7 7
8int answer_to_connection (void *cls, struct MHD_Connection *connection, const char *url, 8int
9 const char *method, const char *version, const char *upload_data, 9answer_to_connection (void *cls, struct MHD_Connection *connection,
10 unsigned int *upload_data_size, void **con_cls) 10 const char *url, const char *method,
11 const char *version, const char *upload_data,
12 unsigned int *upload_data_size, void **con_cls)
11{ 13{
12 const char *page = "<html><body>Hello, browser!</body></html>"; 14 const char *page = "<html><body>Hello, browser!</body></html>";
13 struct MHD_Response *response; 15 struct MHD_Response *response;
14 int ret; 16 int ret;
15 17
16 response = MHD_create_response_from_data (strlen (page), (void*) page, MHD_NO, MHD_NO); 18 response =
19 MHD_create_response_from_data (strlen (page), (void *) page, MHD_NO,
20 MHD_NO);
17 ret = MHD_queue_response (connection, MHD_HTTP_OK, response); 21 ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
18 MHD_destroy_response (response); 22 MHD_destroy_response (response);
19 23
20 return ret; 24 return ret;
21} 25}
22 26
23int main () 27int
28main ()
24{ 29{
25 struct MHD_Daemon *daemon; 30 struct MHD_Daemon *daemon;
26 31
27 daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, 32 daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL,
28 &answer_to_connection, NULL, MHD_OPTION_END); 33 &answer_to_connection, NULL, MHD_OPTION_END);
29 if (NULL == daemon) return 1; 34 if (NULL == daemon)
35 return 1;
30 36
31 getchar (); 37 getchar ();
32 38
33 MHD_stop_daemon (daemon); 39 MHD_stop_daemon (daemon);
34 return 0; 40 return 0;
diff --git a/doc/examples/logging.c b/doc/examples/logging.c
index 213c12bf..d1dd4f1f 100644
--- a/doc/examples/logging.c
+++ b/doc/examples/logging.c
@@ -6,32 +6,39 @@
6#define PORT 8888 6#define PORT 8888
7 7
8 8
9int print_out_key (void *cls, enum MHD_ValueKind kind, const char *key, const char *value) 9int
10print_out_key (void *cls, enum MHD_ValueKind kind, const char *key,
11 const char *value)
10{ 12{
11 printf ("%s = %s\n", key, value); 13 printf ("%s = %s\n", key, value);
12 return MHD_YES; 14 return MHD_YES;
13} 15}
14 16
15int answer_to_connection (void *cls, struct MHD_Connection *connection, const char *url, 17int
16 const char *method, const char *version, const char *upload_data, 18answer_to_connection (void *cls, struct MHD_Connection *connection,
17 unsigned int *upload_data_size, void **con_cls) 19 const char *url, const char *method,
20 const char *version, const char *upload_data,
21 unsigned int *upload_data_size, void **con_cls)
18{ 22{
19 printf ("New request %s for %s using version %s\n", method, url, version); 23 printf ("New request %s for %s using version %s\n", method, url, version);
20 24
21 MHD_get_connection_values (connection, MHD_HEADER_KIND, print_out_key, NULL); 25 MHD_get_connection_values (connection, MHD_HEADER_KIND, print_out_key,
26 NULL);
22 27
23 return MHD_NO; 28 return MHD_NO;
24} 29}
25 30
26int main () 31int
32main ()
27{ 33{
28 struct MHD_Daemon *daemon; 34 struct MHD_Daemon *daemon;
29 35
30 daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, 36 daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL,
31 &answer_to_connection, NULL, MHD_OPTION_END); 37 &answer_to_connection, NULL, MHD_OPTION_END);
32 if (NULL == daemon) return 1; 38 if (NULL == daemon)
39 return 1;
33 40
34 getchar (); 41 getchar ();
35 42
36 MHD_stop_daemon (daemon); 43 MHD_stop_daemon (daemon);
37 return 0; 44 return 0;
diff --git a/doc/examples/responseheaders.c b/doc/examples/responseheaders.c
index 1555beed..31c3900d 100644
--- a/doc/examples/responseheaders.c
+++ b/doc/examples/responseheaders.c
@@ -9,31 +9,33 @@
9#define MIMETYPE "image/png" 9#define MIMETYPE "image/png"
10 10
11 11
12long get_file_size (const char *filename) 12long
13get_file_size (const char *filename)
13{ 14{
14 FILE *fp; 15 FILE *fp;
15 16
16 fp = fopen (filename, "rb"); 17 fp = fopen (filename, "rb");
17 if (fp) 18 if (fp)
18 { 19 {
19 long size; 20 long size;
20 21
21 if ( (0 != fseek (fp, 0, SEEK_END)) 22 if ((0 != fseek (fp, 0, SEEK_END)) || (-1 == (size = ftell (fp))))
22 || (-1 == (size = ftell (fp))) )
23 size = 0; 23 size = 0;
24 24
25 fclose (fp); 25 fclose (fp);
26 26
27 return size; 27 return size;
28 } 28 }
29 else 29 else
30 return 0; 30 return 0;
31} 31}
32 32
33 33
34int answer_to_connection (void *cls, struct MHD_Connection *connection, const char *url, 34int
35 const char *method, const char *version, const char *upload_data, 35answer_to_connection (void *cls, struct MHD_Connection *connection,
36 unsigned int *upload_data_size, void **con_cls) 36 const char *url, const char *method,
37 const char *version, const char *upload_data,
38 unsigned int *upload_data_size, void **con_cls)
37{ 39{
38 unsigned char *buffer = NULL; 40 unsigned char *buffer = NULL;
39 struct MHD_Response *response; 41 struct MHD_Response *response;
@@ -41,44 +43,53 @@ int answer_to_connection (void *cls, struct MHD_Connection *connection, const ch
41 FILE *fp; 43 FILE *fp;
42 int ret = 0; 44 int ret = 0;
43 45
44 if (0 != strcmp(method, "GET")) return MHD_NO; 46 if (0 != strcmp (method, "GET"))
47 return MHD_NO;
45 48
46 size = get_file_size (FILENAME); 49 size = get_file_size (FILENAME);
47 if (size != 0) 50 if (size != 0)
48 { 51 {
49 fp = fopen (FILENAME, "rb"); 52 fp = fopen (FILENAME, "rb");
50 if (fp) 53 if (fp)
51 { 54 {
52 buffer = malloc (size); 55 buffer = malloc (size);
53 56
54 if (buffer) 57 if (buffer)
55 if (size == fread (buffer, 1, size, fp)) ret = 1; 58 if (size == fread (buffer, 1, size, fp))
56 59 ret = 1;
57 fclose(fp); 60
58 } 61 fclose (fp);
62 }
59 } 63 }
60 64
61 if (!ret) 65 if (!ret)
62 { 66 {
63 const char *errorstr = "<html><body>An internal server error has occured!\ 67 const char *errorstr =
68 "<html><body>An internal server error has occured!\
64 </body></html>"; 69 </body></html>";
65 70
66 if (buffer) free(buffer); 71 if (buffer)
67 72 free (buffer);
68 response = MHD_create_response_from_data(strlen(errorstr), (void*)errorstr, 73
69 MHD_NO, MHD_NO); 74 response =
75 MHD_create_response_from_data (strlen (errorstr), (void *) errorstr,
76 MHD_NO, MHD_NO);
70 77
71 if (response) 78 if (response)
72 { 79 {
73 ret = MHD_queue_response (connection, MHD_HTTP_INTERNAL_SERVER_ERROR, response); 80 ret =
81 MHD_queue_response (connection, MHD_HTTP_INTERNAL_SERVER_ERROR,
82 response);
74 MHD_destroy_response (response); 83 MHD_destroy_response (response);
75 84
76 return MHD_YES; 85 return MHD_YES;
77 } 86 }
78 else return MHD_NO; 87 else
88 return MHD_NO;
79 } 89 }
80 90
81 response = MHD_create_response_from_data (size, (void*)buffer, MHD_YES, MHD_NO); 91 response =
92 MHD_create_response_from_data (size, (void *) buffer, MHD_YES, MHD_NO);
82 93
83 MHD_add_response_header (response, "Content-Type", MIMETYPE); 94 MHD_add_response_header (response, "Content-Type", MIMETYPE);
84 95
@@ -89,18 +100,19 @@ int answer_to_connection (void *cls, struct MHD_Connection *connection, const ch
89} 100}
90 101
91 102
92int main () 103int
104main ()
93{ 105{
94 struct MHD_Daemon *daemon; 106 struct MHD_Daemon *daemon;
95 107
96 daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, 108 daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL,
97 &answer_to_connection, NULL, MHD_OPTION_END); 109 &answer_to_connection, NULL, MHD_OPTION_END);
98 if (NULL == daemon) return 1; 110 if (NULL == daemon)
111 return 1;
99 112
100 getchar (); 113 getchar ();
101 114
102 MHD_stop_daemon (daemon); 115 MHD_stop_daemon (daemon);
103 116
104 return 0; 117 return 0;
105} 118}
106
diff --git a/doc/examples/simplepost.c b/doc/examples/simplepost.c
index 8df0a94d..6a1322db 100644
--- a/doc/examples/simplepost.c
+++ b/doc/examples/simplepost.c
@@ -15,30 +15,36 @@ struct connection_info_struct
15{ 15{
16 int connectiontype; 16 int connectiontype;
17 char *answerstring; 17 char *answerstring;
18 struct MHD_PostProcessor *postprocessor; 18 struct MHD_PostProcessor *postprocessor;
19}; 19};
20 20
21const char* askpage = "<html><body>\ 21const char *askpage = "<html><body>\
22 What's your name, Sir?<br>\ 22 What's your name, Sir?<br>\
23 <form action=\"/namepost\" method=\"post\">\ 23 <form action=\"/namepost\" method=\"post\">\
24 <input name=\"name\" type=\"text\"\ 24 <input name=\"name\" type=\"text\"\
25 <input type=\"submit\" value=\" Send \"></form>\ 25 <input type=\"submit\" value=\" Send \"></form>\
26 </body></html>"; 26 </body></html>";
27 27
28const char* greatingpage = "<html><body><h1>Welcome, %s!</center></h1></body></html>"; 28const char *greatingpage =
29 "<html><body><h1>Welcome, %s!</center></h1></body></html>";
29 30
30const char* errorpage = "<html><body>This doesn't seem to be right.</body></html>"; 31const char *errorpage =
32 "<html><body>This doesn't seem to be right.</body></html>";
31 33
32 34
33int send_page (struct MHD_Connection *connection, const char* page) 35int
36send_page (struct MHD_Connection *connection, const char *page)
34{ 37{
35 int ret; 38 int ret;
36 struct MHD_Response *response; 39 struct MHD_Response *response;
37
38 40
39 response = MHD_create_response_from_data (strlen (page), (void*) page, MHD_NO, MHD_NO); 41
40 if (!response) return MHD_NO; 42 response =
41 43 MHD_create_response_from_data (strlen (page), (void *) page, MHD_NO,
44 MHD_NO);
45 if (!response)
46 return MHD_NO;
47
42 ret = MHD_queue_response (connection, MHD_HTTP_OK, response); 48 ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
43 MHD_destroy_response (response); 49 MHD_destroy_response (response);
44 50
@@ -46,12 +52,15 @@ int send_page (struct MHD_Connection *connection, const char* page)
46} 52}
47 53
48 54
49int iterate_post (void *coninfo_cls, enum MHD_ValueKind kind, const char *key, 55int
50 const char *filename, const char *content_type, 56iterate_post (void *coninfo_cls, enum MHD_ValueKind kind, const char *key,
51 const char *transfer_encoding, const char *data, size_t off, size_t size) 57 const char *filename, const char *content_type,
58 const char *transfer_encoding, const char *data, size_t off,
59 size_t size)
52{ 60{
53 struct connection_info_struct *con_info = (struct connection_info_struct*) coninfo_cls; 61 struct connection_info_struct *con_info =
54 62 (struct connection_info_struct *) coninfo_cls;
63
55 64
56 if (0 == strcmp (key, "name")) 65 if (0 == strcmp (key, "name"))
57 { 66 {
@@ -59,12 +68,14 @@ int iterate_post (void *coninfo_cls, enum MHD_ValueKind kind, const char *key,
59 { 68 {
60 char *answerstring; 69 char *answerstring;
61 answerstring = malloc (MAXANSWERSIZE); 70 answerstring = malloc (MAXANSWERSIZE);
62 if (!answerstring) return MHD_NO; 71 if (!answerstring)
63 72 return MHD_NO;
73
64 snprintf (answerstring, MAXANSWERSIZE, greatingpage, data); 74 snprintf (answerstring, MAXANSWERSIZE, greatingpage, data);
65 con_info->answerstring = answerstring; 75 con_info->answerstring = answerstring;
66 } 76 }
67 else con_info->answerstring = NULL; 77 else
78 con_info->answerstring = NULL;
68 79
69 return MHD_NO; 80 return MHD_NO;
70 } 81 }
@@ -72,91 +83,104 @@ int iterate_post (void *coninfo_cls, enum MHD_ValueKind kind, const char *key,
72 return MHD_YES; 83 return MHD_YES;
73} 84}
74 85
75void request_completed (void *cls, struct MHD_Connection *connection, void **con_cls, 86void
76 enum MHD_RequestTerminationCode toe) 87request_completed (void *cls, struct MHD_Connection *connection,
88 void **con_cls, enum MHD_RequestTerminationCode toe)
77{ 89{
78 struct connection_info_struct *con_info = (struct connection_info_struct*) *con_cls; 90 struct connection_info_struct *con_info =
91 (struct connection_info_struct *) *con_cls;
79 92
80 93
81 if (NULL == con_info) return; 94 if (NULL == con_info)
95 return;
82 96
83 if (con_info->connectiontype == POST) 97 if (con_info->connectiontype == POST)
84 { 98 {
85 MHD_destroy_post_processor (con_info->postprocessor); 99 MHD_destroy_post_processor (con_info->postprocessor);
86 if (con_info->answerstring) free (con_info->answerstring); 100 if (con_info->answerstring)
101 free (con_info->answerstring);
87 } 102 }
88 103
89 free (con_info); 104 free (con_info);
90 *con_cls = NULL; 105 *con_cls = NULL;
91} 106}
92 107
93 108
94int answer_to_connection (void *cls, struct MHD_Connection *connection, const char *url, 109int
95 const char *method, const char *version, const char *upload_data, 110answer_to_connection (void *cls, struct MHD_Connection *connection,
96 unsigned int *upload_data_size, void **con_cls) 111 const char *url, const char *method,
112 const char *version, const char *upload_data,
113 unsigned int *upload_data_size, void **con_cls)
97{ 114{
98 if(NULL == *con_cls) 115 if (NULL == *con_cls)
99 { 116 {
100 struct connection_info_struct *con_info; 117 struct connection_info_struct *con_info;
101 118
102 con_info = malloc (sizeof (struct connection_info_struct)); 119 con_info = malloc (sizeof (struct connection_info_struct));
103 if (NULL == con_info) return MHD_NO; 120 if (NULL == con_info)
121 return MHD_NO;
104 con_info->answerstring = NULL; 122 con_info->answerstring = NULL;
105 123
106 if (0 == strcmp (method, "POST")) 124 if (0 == strcmp (method, "POST"))
107 { 125 {
108 con_info->postprocessor = MHD_create_post_processor (connection, POSTBUFFERSIZE, 126 con_info->postprocessor =
109 iterate_post, (void*) con_info); 127 MHD_create_post_processor (connection, POSTBUFFERSIZE,
128 iterate_post, (void *) con_info);
110 129
111 if (NULL == con_info->postprocessor) 130 if (NULL == con_info->postprocessor)
112 { 131 {
113 free (con_info); 132 free (con_info);
114 return MHD_NO; 133 return MHD_NO;
115 } 134 }
116 135
117 con_info->connectiontype = POST; 136 con_info->connectiontype = POST;
118 } 137 }
119 else con_info->connectiontype = GET; 138 else
139 con_info->connectiontype = GET;
140
141 *con_cls = (void *) con_info;
120 142
121 *con_cls = (void*) con_info;
122
123 return MHD_YES; 143 return MHD_YES;
124 } 144 }
125 145
126 if (0 == strcmp (method, "GET")) 146 if (0 == strcmp (method, "GET"))
127 { 147 {
128 return send_page (connection, askpage); 148 return send_page (connection, askpage);
129 } 149 }
130 150
131 if (0 == strcmp (method, "POST")) 151 if (0 == strcmp (method, "POST"))
132 { 152 {
133 struct connection_info_struct *con_info = *con_cls; 153 struct connection_info_struct *con_info = *con_cls;
134 154
135 if (*upload_data_size != 0) 155 if (*upload_data_size != 0)
136 { 156 {
137 MHD_post_process(con_info->postprocessor, upload_data, *upload_data_size); 157 MHD_post_process (con_info->postprocessor, upload_data,
158 *upload_data_size);
138 *upload_data_size = 0; 159 *upload_data_size = 0;
139 160
140 return MHD_YES; 161 return MHD_YES;
141 } 162 }
142 else 163 else if (NULL != con_info->answerstring)
143 if (NULL != con_info->answerstring) return send_page (connection, con_info->answerstring); 164 return send_page (connection, con_info->answerstring);
144 } 165 }
145 166
146 return send_page(connection, errorpage); 167 return send_page (connection, errorpage);
147} 168}
148 169
149int main () 170int
171main ()
150{ 172{
151 struct MHD_Daemon *daemon; 173 struct MHD_Daemon *daemon;
152 174
153 175
154 daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, 176 daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL,
155 &answer_to_connection, NULL, MHD_OPTION_NOTIFY_COMPLETED, 177 &answer_to_connection, NULL,
156 request_completed, NULL, MHD_OPTION_END); 178 MHD_OPTION_NOTIFY_COMPLETED, request_completed,
157 if (NULL == daemon) return 1; 179 NULL, MHD_OPTION_END);
180 if (NULL == daemon)
181 return 1;
158 182
159 getchar (); 183 getchar ();
160 184
161 MHD_stop_daemon (daemon); 185 MHD_stop_daemon (daemon);
162 186
diff --git a/src/daemon/connection.c b/src/daemon/connection.c
index 6aa8fe3e..e94b1d46 100644
--- a/src/daemon/connection.c
+++ b/src/daemon/connection.c
@@ -178,19 +178,17 @@ MHD_get_connection_values (struct MHD_Connection *connection,
178 */ 178 */
179int 179int
180MHD_set_connection_value (struct MHD_Connection *connection, 180MHD_set_connection_value (struct MHD_Connection *connection,
181 enum MHD_ValueKind kind, 181 enum MHD_ValueKind kind,
182 const char *key, 182 const char *key, const char *value)
183 const char *value)
184{ 183{
185 struct MHD_HTTP_Header * pos; 184 struct MHD_HTTP_Header *pos;
186 185
187 pos = MHD_pool_allocate(connection->pool, 186 pos = MHD_pool_allocate (connection->pool,
188 sizeof(struct MHD_HTTP_Header), 187 sizeof (struct MHD_HTTP_Header), MHD_NO);
189 MHD_NO);
190 if (pos == NULL) 188 if (pos == NULL)
191 return MHD_NO; 189 return MHD_NO;
192 pos->header = (char*) key; 190 pos->header = (char *) key;
193 pos->value = (char*) value; 191 pos->value = (char *) value;
194 pos->kind = kind; 192 pos->kind = kind;
195 pos->next = connection->headers_received; 193 pos->next = connection->headers_received;
196 connection->headers_received = pos; 194 connection->headers_received = pos;
@@ -590,7 +588,7 @@ build_header_response (struct MHD_Connection *connection)
590 while (pos != NULL) 588 while (pos != NULL)
591 { 589 {
592 if (pos->kind == kind) 590 if (pos->kind == kind)
593 off += SPRINTF (&data[off], "%s: %s\r\n", pos->header, pos->value); 591 off += SPRINTF (&data[off], "%s: %s\r\n", pos->header, pos->value);
594 pos = pos->next; 592 pos = pos->next;
595 } 593 }
596 if (connection->state == MHD_CONNECTION_FOOTERS_RECEIVED) 594 if (connection->state == MHD_CONNECTION_FOOTERS_RECEIVED)
@@ -1592,8 +1590,8 @@ MHD_connection_handle_write (struct MHD_Connection *connection)
1592 break; 1590 break;
1593 case MHD_CONNECTION_CONTINUE_SENDING: 1591 case MHD_CONNECTION_CONTINUE_SENDING:
1594 ret = SEND (connection->socket_fd, 1592 ret = SEND (connection->socket_fd,
1595 &HTTP_100_CONTINUE[connection-> 1593 &HTTP_100_CONTINUE
1596 continue_message_write_offset], 1594 [connection->continue_message_write_offset],
1597 strlen (HTTP_100_CONTINUE) - 1595 strlen (HTTP_100_CONTINUE) -
1598 connection->continue_message_write_offset, 1596 connection->continue_message_write_offset,
1599 MSG_NOSIGNAL); 1597 MSG_NOSIGNAL);
@@ -1612,8 +1610,8 @@ MHD_connection_handle_write (struct MHD_Connection *connection)
1612 fprintf (stderr, 1610 fprintf (stderr,
1613 "Sent 100 continue response: `%.*s'\n", 1611 "Sent 100 continue response: `%.*s'\n",
1614 ret, 1612 ret,
1615 &HTTP_100_CONTINUE[connection-> 1613 &HTTP_100_CONTINUE
1616 continue_message_write_offset]); 1614 [connection->continue_message_write_offset]);
1617#endif 1615#endif
1618 connection->continue_message_write_offset += ret; 1616 connection->continue_message_write_offset += ret;
1619 break; 1617 break;
@@ -1646,13 +1644,13 @@ MHD_connection_handle_write (struct MHD_Connection *connection)
1646 if (connection->daemon->options & MHD_USE_SSL) 1644 if (connection->daemon->options & MHD_USE_SSL)
1647 { 1645 {
1648 ret = MHD_gnutls_record_send (connection->tls_session, 1646 ret = MHD_gnutls_record_send (connection->tls_session,
1649 &connection->response-> 1647 &connection->response->data
1650 data[connection-> 1648 [connection->
1651 response_write_position - 1649 response_write_position -
1652 response->data_start], 1650 response->data_start],
1653 response->data_size - 1651 response->data_size -
1654 (connection->response_write_position - 1652 (connection->response_write_position
1655 response->data_start)); 1653 - response->data_start));
1656 } 1654 }
1657 else 1655 else
1658#endif 1656#endif
@@ -1698,8 +1696,7 @@ MHD_connection_handle_write (struct MHD_Connection *connection)
1698 do_write (connection); 1696 do_write (connection);
1699 check_write_done (connection, 1697 check_write_done (connection,
1700 (connection->response->total_size == 1698 (connection->response->total_size ==
1701 connection-> 1699 connection->response_write_position) ?
1702 response_write_position) ?
1703 MHD_CONNECTION_BODY_SENT : 1700 MHD_CONNECTION_BODY_SENT :
1704 MHD_CONNECTION_CHUNKED_BODY_UNREADY); 1701 MHD_CONNECTION_CHUNKED_BODY_UNREADY);
1705 break; 1702 break;
@@ -1829,13 +1826,13 @@ MHD_connection_handle_idle (struct MHD_Connection *connection)
1829 connection->state = MHD_CONNECTION_CONTINUE_SENDING; 1826 connection->state = MHD_CONNECTION_CONTINUE_SENDING;
1830 break; 1827 break;
1831 } 1828 }
1832 if (connection->response != NULL) 1829 if (connection->response != NULL)
1833 { 1830 {
1834 /* we refused (no upload allowed!) */ 1831 /* we refused (no upload allowed!) */
1835 connection->remaining_upload_size = 0; 1832 connection->remaining_upload_size = 0;
1836 /* force close, in case client still tries to upload... */ 1833 /* force close, in case client still tries to upload... */
1837 connection->read_closed = MHD_YES; 1834 connection->read_closed = MHD_YES;
1838 } 1835 }
1839 connection->state = (connection->remaining_upload_size == 0) 1836 connection->state = (connection->remaining_upload_size == 0)
1840 ? MHD_CONNECTION_FOOTERS_RECEIVED : MHD_CONNECTION_CONTINUE_SENT; 1837 ? MHD_CONNECTION_FOOTERS_RECEIVED : MHD_CONNECTION_CONTINUE_SENT;
1841 continue; 1838 continue;
@@ -1995,9 +1992,9 @@ MHD_connection_handle_idle (struct MHD_Connection *connection)
1995 connection, 1992 connection,
1996 &connection->client_context, 1993 &connection->client_context,
1997 MHD_REQUEST_TERMINATED_COMPLETED_OK); 1994 MHD_REQUEST_TERMINATED_COMPLETED_OK);
1998 end = MHD_lookup_connection_value (connection, 1995 end =
1999 MHD_HEADER_KIND, 1996 MHD_lookup_connection_value (connection, MHD_HEADER_KIND,
2000 MHD_HTTP_HEADER_CONNECTION); 1997 MHD_HTTP_HEADER_CONNECTION);
2001 connection->client_context = NULL; 1998 connection->client_context = NULL;
2002 connection->continue_message_write_offset = 0; 1999 connection->continue_message_write_offset = 0;
2003 connection->responseCode = 0; 2000 connection->responseCode = 0;
diff --git a/src/daemon/connection_https.c b/src/daemon/connection_https.c
index e4692119..d02ed737 100644
--- a/src/daemon/connection_https.c
+++ b/src/daemon/connection_https.c
@@ -49,9 +49,8 @@
49 * (or if the infoType is unknown) 49 * (or if the infoType is unknown)
50 */ 50 */
51const union MHD_ConnectionInfo * 51const union MHD_ConnectionInfo *
52MHD_get_connection_info (struct MHD_Connection * connection, 52MHD_get_connection_info (struct MHD_Connection *connection,
53 enum MHD_ConnectionInfoType infoType, 53 enum MHD_ConnectionInfoType infoType, ...)
54 ...)
55{ 54{
56 if (connection->tls_session == NULL) 55 if (connection->tls_session == NULL)
57 return NULL; 56 return NULL;
@@ -59,19 +58,26 @@ MHD_get_connection_info (struct MHD_Connection * connection,
59 { 58 {
60#if HTTPS_SUPPORT 59#if HTTPS_SUPPORT
61 case MHD_SESSION_INFO_CIPHER_ALGO: 60 case MHD_SESSION_INFO_CIPHER_ALGO:
62 return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.read_bulk_cipher_algorithm; 61 return (const union MHD_ConnectionInfo *) &connection->
62 tls_session->security_parameters.read_bulk_cipher_algorithm;
63 case MHD_SESSION_INFO_KX_ALGO: 63 case MHD_SESSION_INFO_KX_ALGO:
64 return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.kx_algorithm; 64 return (const union MHD_ConnectionInfo *) &connection->
65 tls_session->security_parameters.kx_algorithm;
65 case MHD_SESSION_INFO_CREDENTIALS_TYPE: 66 case MHD_SESSION_INFO_CREDENTIALS_TYPE:
66 return (const union MHD_ConnectionInfo*) &connection->tls_session->key->cred->algorithm; 67 return (const union MHD_ConnectionInfo *) &connection->
68 tls_session->key->cred->algorithm;
67 case MHD_SESSION_INFO_MAC_ALGO: 69 case MHD_SESSION_INFO_MAC_ALGO:
68 return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.read_mac_algorithm; 70 return (const union MHD_ConnectionInfo *) &connection->
71 tls_session->security_parameters.read_mac_algorithm;
69 case MHD_SESSION_INFO_COMPRESSION_METHOD: 72 case MHD_SESSION_INFO_COMPRESSION_METHOD:
70 return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.read_compression_algorithm; 73 return (const union MHD_ConnectionInfo *) &connection->
74 tls_session->security_parameters.read_compression_algorithm;
71 case MHD_SESSION_INFO_PROTOCOL: 75 case MHD_SESSION_INFO_PROTOCOL:
72 return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.version; 76 return (const union MHD_ConnectionInfo *) &connection->
77 tls_session->security_parameters.version;
73 case MHD_SESSION_INFO_CERT_TYPE: 78 case MHD_SESSION_INFO_CERT_TYPE:
74 return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.cert_type; 79 return (const union MHD_ConnectionInfo *) &connection->
80 tls_session->security_parameters.cert_type;
75#endif 81#endif
76 default: 82 default:
77 return NULL; 83 return NULL;
@@ -85,7 +91,7 @@ MHD_get_connection_info (struct MHD_Connection * connection,
85 * @param connection: the connection to close 91 * @param connection: the connection to close
86 */ 92 */
87static void 93static void
88MHD_tls_connection_close (struct MHD_Connection * connection) 94MHD_tls_connection_close (struct MHD_Connection *connection)
89{ 95{
90 MHD_gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR); 96 MHD_gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR);
91 connection->tls_session->internals.read_eof = 1; 97 connection->tls_session->internals.read_eof = 1;
@@ -139,13 +145,13 @@ MHD_tls_connection_close_err (struct MHD_Connection *connection,
139 * error code is returned in case of an error. 145 * error code is returned in case of an error.
140 **/ 146 **/
141static ssize_t 147static ssize_t
142MHDS_con_read (struct MHD_Connection * connection) 148MHDS_con_read (struct MHD_Connection *connection)
143{ 149{
144 /* no special handling when GNUTLS_E_AGAIN is returned since this function is called from within a select loop */ 150 /* no special handling when GNUTLS_E_AGAIN is returned since this function is called from within a select loop */
145 ssize_t size = MHD_gnutls_record_recv (connection->tls_session, 151 ssize_t size = MHD_gnutls_record_recv (connection->tls_session,
146 &connection->read_buffer[connection-> 152 &connection->read_buffer
147 read_buffer_offset], 153 [connection->read_buffer_offset],
148 connection->read_buffer_size); 154 connection->read_buffer_size);
149 return size; 155 return size;
150} 156}
151 157
@@ -153,10 +159,12 @@ static ssize_t
153MHDS_con_write (struct MHD_Connection *connection) 159MHDS_con_write (struct MHD_Connection *connection)
154{ 160{
155 ssize_t sent = MHD_gnutls_record_send (connection->tls_session, 161 ssize_t sent = MHD_gnutls_record_send (connection->tls_session,
156 &connection->write_buffer[connection-> 162 &connection->write_buffer
157 write_buffer_send_offset], 163 [connection->
158 connection->write_buffer_append_offset 164 write_buffer_send_offset],
159 - connection->write_buffer_send_offset); 165 connection->write_buffer_append_offset
166 -
167 connection->write_buffer_send_offset);
160 return sent; 168 return sent;
161} 169}
162 170
@@ -191,7 +199,7 @@ MHD_tls_connection_handle_idle (struct MHD_Connection *connection)
191 199
192 switch (connection->state) 200 switch (connection->state)
193 { 201 {
194 /* on newly created connections we might reach here before any reply has been received */ 202 /* on newly created connections we might reach here before any reply has been received */
195 case MHD_TLS_CONNECTION_INIT: 203 case MHD_TLS_CONNECTION_INIT:
196 return MHD_YES; 204 return MHD_YES;
197 /* close connection if necessary */ 205 /* close connection if necessary */
@@ -301,7 +309,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection)
301 * done to decrypt alert message 309 * done to decrypt alert message
302 */ 310 */
303 mhd_gtls_recv_int (connection->tls_session, GNUTLS_ALERT, 311 mhd_gtls_recv_int (connection->tls_session, GNUTLS_ALERT,
304 GNUTLS_HANDSHAKE_FINISHED, 0, 0); 312 GNUTLS_HANDSHAKE_FINISHED, 0, 0);
305 313
306 /* CLOSE_NOTIFY */ 314 /* CLOSE_NOTIFY */
307 if (connection->tls_session->internals.last_alert == 315 if (connection->tls_session->internals.last_alert ==
@@ -318,7 +326,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection)
318 MHD_DLOG (connection->daemon, 326 MHD_DLOG (connection->daemon,
319 "Received TLS alert: %s\n", 327 "Received TLS alert: %s\n",
320 MHD_gnutls_alert_get_name ((int) connection->tls_session-> 328 MHD_gnutls_alert_get_name ((int) connection->tls_session->
321 internals.last_alert)); 329 internals.last_alert));
322#endif 330#endif
323 return MHD_YES; 331 return MHD_YES;
324 } 332 }
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c
index 47ea014a..3e467484 100644
--- a/src/daemon/daemon.c
+++ b/src/daemon/daemon.c
@@ -86,9 +86,9 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon)
86 return -1; 86 return -1;
87 } 87 }
88 return MHD_gnutls_certificate_set_x509_key_file (daemon->x509_cred, 88 return MHD_gnutls_certificate_set_x509_key_file (daemon->x509_cred,
89 daemon->https_cert_path, 89 daemon->https_cert_path,
90 daemon->https_key_path, 90 daemon->https_key_path,
91 GNUTLS_X509_FMT_PEM); 91 GNUTLS_X509_FMT_PEM);
92 } 92 }
93 /* certificate & key loaded from memory */ 93 /* certificate & key loaded from memory */
94 else if (daemon->https_mem_cert && daemon->https_mem_key) 94 else if (daemon->https_mem_cert && daemon->https_mem_key)
@@ -98,8 +98,9 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon)
98 cert.data = (unsigned char *) daemon->https_mem_cert; 98 cert.data = (unsigned char *) daemon->https_mem_cert;
99 cert.size = strlen (daemon->https_mem_cert); 99 cert.size = strlen (daemon->https_mem_cert);
100 100
101 return MHD_gnutls_certificate_set_x509_key_mem (daemon->x509_cred, &cert, 101 return MHD_gnutls_certificate_set_x509_key_mem (daemon->x509_cred,
102 &key, GNUTLS_X509_FMT_PEM); 102 &cert, &key,
103 GNUTLS_X509_FMT_PEM);
103 } 104 }
104 else 105 else
105 { 106 {
@@ -121,16 +122,18 @@ MHD_TLS_init (struct MHD_Daemon *daemon)
121 case MHD_GNUTLS_CRD_ANON: 122 case MHD_GNUTLS_CRD_ANON:
122 ret = MHD_gnutls_anon_allocate_server_credentials (&daemon->anon_cred); 123 ret = MHD_gnutls_anon_allocate_server_credentials (&daemon->anon_cred);
123 ret += MHD_gnutls_dh_params_init (&daemon->dh_params); 124 ret += MHD_gnutls_dh_params_init (&daemon->dh_params);
124 if (ret != 0) { 125 if (ret != 0)
125 return GNUTLS_E_MEMORY_ERROR; 126 {
126 } 127 return GNUTLS_E_MEMORY_ERROR;
128 }
127 MHD_gnutls_dh_params_generate2 (daemon->dh_params, 1024); 129 MHD_gnutls_dh_params_generate2 (daemon->dh_params, 1024);
128 MHD_gnutls_anon_set_server_dh_params (daemon->anon_cred, daemon->dh_params); 130 MHD_gnutls_anon_set_server_dh_params (daemon->anon_cred,
131 daemon->dh_params);
129 return 0; 132 return 0;
130 case MHD_GNUTLS_CRD_CERTIFICATE: 133 case MHD_GNUTLS_CRD_CERTIFICATE:
131 ret = MHD_gnutls_certificate_allocate_credentials (&daemon->x509_cred) ; 134 ret = MHD_gnutls_certificate_allocate_credentials (&daemon->x509_cred);
132 if (ret != 0) 135 if (ret != 0)
133 return GNUTLS_E_MEMORY_ERROR; 136 return GNUTLS_E_MEMORY_ERROR;
134 return MHD_init_daemon_certificate (daemon); 137 return MHD_init_daemon_certificate (daemon);
135 default: 138 default:
136#if HAVE_MESSAGES 139#if HAVE_MESSAGES
@@ -178,9 +181,8 @@ MHD_get_fdset (struct MHD_Daemon *daemon,
178 int fd; 181 int fd;
179 182
180 if ((daemon == NULL) || (read_fd_set == NULL) || (write_fd_set == NULL) 183 if ((daemon == NULL) || (read_fd_set == NULL) || (write_fd_set == NULL)
181 || (except_fd_set == NULL) || (max_fd == NULL) || (-1 == (fd = daemon-> 184 || (except_fd_set == NULL) || (max_fd == NULL)
182 socket_fd)) 185 || (-1 == (fd = daemon->socket_fd)) || (daemon->shutdown == MHD_YES)
183 || (daemon->shutdown == MHD_YES)
184 || ((daemon->options & MHD_USE_THREAD_PER_CONNECTION) != 0)) 186 || ((daemon->options & MHD_USE_THREAD_PER_CONNECTION) != 0))
185 return MHD_NO; 187 return MHD_NO;
186 188
@@ -324,13 +326,14 @@ MHD_TLS_init_connection (void *data)
324 { 326 {
325 /* set needed credentials for certificate authentication. */ 327 /* set needed credentials for certificate authentication. */
326 case MHD_GNUTLS_CRD_CERTIFICATE: 328 case MHD_GNUTLS_CRD_CERTIFICATE:
327 MHD_gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_CERTIFICATE, 329 MHD_gnutls_credentials_set (con->tls_session,
328 con->daemon->x509_cred); 330 MHD_GNUTLS_CRD_CERTIFICATE,
331 con->daemon->x509_cred);
329 break; 332 break;
330 case MHD_GNUTLS_CRD_ANON: 333 case MHD_GNUTLS_CRD_ANON:
331 /* set needed credentials for anonymous authentication. */ 334 /* set needed credentials for anonymous authentication. */
332 MHD_gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_ANON, 335 MHD_gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_ANON,
333 con->daemon->anon_cred); 336 con->daemon->anon_cred);
334 MHD_gnutls_dh_set_prime_bits (con->tls_session, 1024); 337 MHD_gnutls_dh_set_prime_bits (con->tls_session, 1024);
335 break; 338 break;
336 default: 339 default:
@@ -349,8 +352,8 @@ MHD_TLS_init_connection (void *data)
349 */ 352 */
350 353
351 MHD_gnutls_transport_set_ptr (con->tls_session, 354 MHD_gnutls_transport_set_ptr (con->tls_session,
352 (gnutls_transport_ptr_t) ((void *) con-> 355 (gnutls_transport_ptr_t) ((void *)
353 socket_fd)); 356 con->socket_fd));
354 357
355 return MHD_handle_connection (data); 358 return MHD_handle_connection (data);
356} 359}
@@ -432,9 +435,9 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
432 } 435 }
433 436
434 if ((daemon->max_connections == 0) || ((daemon->per_ip_connection_limit 437 if ((daemon->max_connections == 0) || ((daemon->per_ip_connection_limit
435 != 0) && (daemon-> 438 != 0)
436 per_ip_connection_limit <= 439 && (daemon->per_ip_connection_limit
437 have))) 440 <= have)))
438 { 441 {
439 /* above connection limit - reject */ 442 /* above connection limit - reject */
440#if HAVE_MESSAGES 443#if HAVE_MESSAGES
@@ -834,7 +837,7 @@ MHD_start_daemon_va (unsigned int options,
834 return NULL; 837 return NULL;
835 retVal = malloc (sizeof (struct MHD_Daemon)); 838 retVal = malloc (sizeof (struct MHD_Daemon));
836 if (retVal == NULL) 839 if (retVal == NULL)
837 return NULL; 840 return NULL;
838 memset (retVal, 0, sizeof (struct MHD_Daemon)); 841 memset (retVal, 0, sizeof (struct MHD_Daemon));
839 retVal->options = options; 842 retVal->options = options;
840 retVal->port = port; 843 retVal->port = port;
@@ -883,8 +886,8 @@ MHD_start_daemon_va (unsigned int options,
883 case MHD_OPTION_PER_IP_CONNECTION_LIMIT: 886 case MHD_OPTION_PER_IP_CONNECTION_LIMIT:
884 retVal->per_ip_connection_limit = va_arg (ap, unsigned int); 887 retVal->per_ip_connection_limit = va_arg (ap, unsigned int);
885 break; 888 break;
886 case MHD_OPTION_SOCK_ADDR: 889 case MHD_OPTION_SOCK_ADDR:
887 servaddr = va_arg (ap, struct sockaddr *); 890 servaddr = va_arg (ap, struct sockaddr *);
888 break; 891 break;
889#if HTTPS_SUPPORT 892#if HTTPS_SUPPORT
890 case MHD_OPTION_PROTOCOL_VERSION: 893 case MHD_OPTION_PROTOCOL_VERSION:
@@ -921,8 +924,8 @@ MHD_start_daemon_va (unsigned int options,
921#endif 924#endif
922 default: 925 default:
923#if HAVE_MESSAGES 926#if HAVE_MESSAGES
924 if ( (opt >= MHD_OPTION_HTTPS_KEY_PATH) && 927 if ((opt >= MHD_OPTION_HTTPS_KEY_PATH) &&
925 (opt <= MHD_OPTION_TLS_COMP_ALGO) ) 928 (opt <= MHD_OPTION_TLS_COMP_ALGO))
926 { 929 {
927 fprintf (stderr, 930 fprintf (stderr,
928 "MHD HTTPS option %d passed to MHD compiled without HTTPS support\n", 931 "MHD HTTPS option %d passed to MHD compiled without HTTPS support\n",
@@ -932,7 +935,7 @@ MHD_start_daemon_va (unsigned int options,
932 { 935 {
933 fprintf (stderr, 936 fprintf (stderr,
934 "Invalid option %d! (Did you terminate the list with MHD_OPTION_END?)\n", 937 "Invalid option %d! (Did you terminate the list with MHD_OPTION_END?)\n",
935 opt); 938 opt);
936 } 939 }
937#endif 940#endif
938 abort (); 941 abort ();
@@ -949,7 +952,7 @@ MHD_start_daemon_va (unsigned int options,
949 if ((options & MHD_USE_DEBUG) != 0) 952 if ((options & MHD_USE_DEBUG) != 0)
950 fprintf (stderr, "Call to socket failed: %s\n", STRERROR (errno)); 953 fprintf (stderr, "Call to socket failed: %s\n", STRERROR (errno));
951#endif 954#endif
952 free(retVal); 955 free (retVal);
953 return NULL; 956 return NULL;
954 } 957 }
955 if ((SETSOCKOPT (socket_fd, 958 if ((SETSOCKOPT (socket_fd,
@@ -974,19 +977,19 @@ MHD_start_daemon_va (unsigned int options,
974 if (NULL == servaddr) 977 if (NULL == servaddr)
975 { 978 {
976 if ((options & MHD_USE_IPv6) != 0) 979 if ((options & MHD_USE_IPv6) != 0)
977 { 980 {
978 memset (&servaddr6, 0, sizeof (struct sockaddr_in6)); 981 memset (&servaddr6, 0, sizeof (struct sockaddr_in6));
979 servaddr6.sin6_family = AF_INET6; 982 servaddr6.sin6_family = AF_INET6;
980 servaddr6.sin6_port = htons (port); 983 servaddr6.sin6_port = htons (port);
981 servaddr = (struct sockaddr *) &servaddr6; 984 servaddr = (struct sockaddr *) &servaddr6;
982 } 985 }
983 else 986 else
984 { 987 {
985 memset (&servaddr4, 0, sizeof (struct sockaddr_in)); 988 memset (&servaddr4, 0, sizeof (struct sockaddr_in));
986 servaddr4.sin_family = AF_INET; 989 servaddr4.sin_family = AF_INET;
987 servaddr4.sin_port = htons (port); 990 servaddr4.sin_port = htons (port);
988 servaddr = (struct sockaddr *) &servaddr4; 991 servaddr = (struct sockaddr *) &servaddr4;
989 } 992 }
990 } 993 }
991 retVal->socket_fd = socket_fd; 994 retVal->socket_fd = socket_fd;
992 if (BIND (socket_fd, servaddr, addrlen) < 0) 995 if (BIND (socket_fd, servaddr, addrlen) < 0)
@@ -997,7 +1000,7 @@ MHD_start_daemon_va (unsigned int options,
997 "Failed to bind to port %u: %s\n", port, STRERROR (errno)); 1000 "Failed to bind to port %u: %s\n", port, STRERROR (errno));
998#endif 1001#endif
999 CLOSE (socket_fd); 1002 CLOSE (socket_fd);
1000 free(retVal); 1003 free (retVal);
1001 return NULL; 1004 return NULL;
1002 } 1005 }
1003 1006
@@ -1010,7 +1013,7 @@ MHD_start_daemon_va (unsigned int options,
1010 "Failed to listen for connections: %s\n", STRERROR (errno)); 1013 "Failed to listen for connections: %s\n", STRERROR (errno));
1011#endif 1014#endif
1012 CLOSE (socket_fd); 1015 CLOSE (socket_fd);
1013 free(retVal); 1016 free (retVal);
1014 return NULL; 1017 return NULL;
1015 } 1018 }
1016 1019
@@ -1026,20 +1029,19 @@ MHD_start_daemon_va (unsigned int options,
1026 return NULL; 1029 return NULL;
1027 } 1030 }
1028#endif 1031#endif
1029 if (((0 != (options & MHD_USE_THREAD_PER_CONNECTION)) || 1032 if (((0 != (options & MHD_USE_THREAD_PER_CONNECTION)) ||
1030 (0 != (options & MHD_USE_SELECT_INTERNALLY))) 1033 (0 != (options & MHD_USE_SELECT_INTERNALLY)))
1031 && (0 != 1034 && (0 !=
1032 pthread_create (&retVal->pid, NULL, &MHD_select_thread, retVal))) 1035 pthread_create (&retVal->pid, NULL, &MHD_select_thread, retVal)))
1033 { 1036 {
1034#if HAVE_MESSAGES 1037#if HAVE_MESSAGES
1035 MHD_DLOG (retVal, 1038 MHD_DLOG (retVal,
1036 "Failed to create listen thread: %s\n", 1039 "Failed to create listen thread: %s\n", STRERROR (errno));
1037 STRERROR (errno));
1038#endif 1040#endif
1039 free (retVal); 1041 free (retVal);
1040 CLOSE (socket_fd); 1042 CLOSE (socket_fd);
1041 return NULL; 1043 return NULL;
1042 } 1044 }
1043 return retVal; 1045 return retVal;
1044} 1046}
1045 1047
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h
index 9220905f..4ed17b0b 100644
--- a/src/daemon/https/gnutls.h
+++ b/src/daemon/https/gnutls.h
@@ -183,13 +183,13 @@ extern "C"
183 typedef void *gnutls_transport_ptr_t; 183 typedef void *gnutls_transport_ptr_t;
184 184
185 struct MHD_gtls_session_int; 185 struct MHD_gtls_session_int;
186 typedef struct MHD_gtls_session_int * mhd_gtls_session_t; 186 typedef struct MHD_gtls_session_int *mhd_gtls_session_t;
187 187
188 struct MHD_gtls_dh_params_int; 188 struct MHD_gtls_dh_params_int;
189 typedef struct MHD_gtls_dh_params_int * mhd_gtls_dh_params_t; 189 typedef struct MHD_gtls_dh_params_int *mhd_gtls_dh_params_t;
190 190
191 struct MHD_gtls_x509_privkey_int; /* XXX ugly. */ 191 struct MHD_gtls_x509_privkey_int; /* XXX ugly. */
192 typedef struct MHD_gtls_x509_privkey_int * mhd_gtls_rsa_params_t; /* XXX ugly. */ 192 typedef struct MHD_gtls_x509_privkey_int *mhd_gtls_rsa_params_t; /* XXX ugly. */
193 193
194 struct MHD_gtls_priority_st; 194 struct MHD_gtls_priority_st;
195 typedef struct MHD_gtls_priority_st *gnutls_priority_t; 195 typedef struct MHD_gtls_priority_st *gnutls_priority_t;
@@ -212,7 +212,8 @@ extern "C"
212 int deinit; 212 int deinit;
213 } gnutls_params_st; 213 } gnutls_params_st;
214 214
215 typedef int gnutls_params_function (mhd_gtls_session_t, gnutls_params_type_t, 215 typedef int gnutls_params_function (mhd_gtls_session_t,
216 gnutls_params_type_t,
216 gnutls_params_st *); 217 gnutls_params_st *);
217 218
218/* internal functions */ 219/* internal functions */
@@ -220,7 +221,7 @@ extern "C"
220 void MHD_gnutls_global_deinit (void); 221 void MHD_gnutls_global_deinit (void);
221 222
222 int MHD_gnutls_init (mhd_gtls_session_t * session, 223 int MHD_gnutls_init (mhd_gtls_session_t * session,
223 gnutls_connection_end_t con_end); 224 gnutls_connection_end_t con_end);
224 void MHD_gnutls_deinit (mhd_gtls_session_t session); 225 void MHD_gnutls_deinit (mhd_gtls_session_t session);
225 226
226 int MHD_gnutls_bye (mhd_gtls_session_t session, gnutls_close_request_t how); 227 int MHD_gnutls_bye (mhd_gtls_session_t session, gnutls_close_request_t how);
@@ -228,10 +229,10 @@ extern "C"
228 int MHD_gnutls_rehandshake (mhd_gtls_session_t session); 229 int MHD_gnutls_rehandshake (mhd_gtls_session_t session);
229 gnutls_alert_description_t gnutls_alert_get (mhd_gtls_session_t session); 230 gnutls_alert_description_t gnutls_alert_get (mhd_gtls_session_t session);
230 int MHD_gnutls_alert_send (mhd_gtls_session_t session, 231 int MHD_gnutls_alert_send (mhd_gtls_session_t session,
231 gnutls_alert_level_t level, 232 gnutls_alert_level_t level,
232 gnutls_alert_description_t desc); 233 gnutls_alert_description_t desc);
233 int MHD_gnutls_alert_send_appropriate (mhd_gtls_session_t session, int err); 234 int MHD_gnutls_alert_send_appropriate (mhd_gtls_session_t session, int err);
234 const char * MHD_gnutls_alert_get_name (gnutls_alert_description_t alert); 235 const char *MHD_gnutls_alert_get_name (gnutls_alert_description_t alert);
235 236
236// enum MHD_GNUTLS_CipherAlgorithm gnutls_cipher_get (mhd_gtls_session_t session); 237// enum MHD_GNUTLS_CipherAlgorithm gnutls_cipher_get (mhd_gtls_session_t session);
237// enum MHD_GNUTLS_KeyExchangeAlgorithm gnutls_kx_get (mhd_gtls_session_t session); 238// enum MHD_GNUTLS_KeyExchangeAlgorithm gnutls_kx_get (mhd_gtls_session_t session);
@@ -241,41 +242,51 @@ extern "C"
241// enum MHD_GNUTLS_CertificateType gnutls_certificate_type_get (mhd_gtls_session_t 242// enum MHD_GNUTLS_CertificateType gnutls_certificate_type_get (mhd_gtls_session_t
242// session); 243// session);
243 244
244 size_t MHD_gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm algorithm); 245 size_t MHD_gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm
245 size_t MHD_gnutls_mac_get_key_size (enum MHD_GNUTLS_HashAlgorithm algorithm); 246 algorithm);
247 size_t MHD_gnutls_mac_get_key_size (enum MHD_GNUTLS_HashAlgorithm
248 algorithm);
246 249
247/* the name of the specified algorithms */ 250/* the name of the specified algorithms */
248 const char * MHD_gnutls_cipher_get_name (enum MHD_GNUTLS_CipherAlgorithm algorithm); 251 const char *MHD_gnutls_cipher_get_name (enum MHD_GNUTLS_CipherAlgorithm
249 const char * MHD_gnutls_mac_get_name (enum MHD_GNUTLS_HashAlgorithm algorithm); 252 algorithm);
250 const char * MHD_gnutls_compression_get_name (enum MHD_GNUTLS_CompressionMethod 253 const char *MHD_gnutls_mac_get_name (enum MHD_GNUTLS_HashAlgorithm
251 algorithm); 254 algorithm);
252 const char * MHD_gnutls_kx_get_name (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); 255 const char *MHD_gnutls_compression_get_name (enum
253 const char * MHD_gnutls_certificate_type_get_name (enum MHD_GNUTLS_CertificateType 256 MHD_GNUTLS_CompressionMethod
254 type); 257 algorithm);
258 const char *MHD_gnutls_kx_get_name (enum MHD_GNUTLS_KeyExchangeAlgorithm
259 algorithm);
260 const char *MHD_gnutls_certificate_type_get_name (enum
261 MHD_GNUTLS_CertificateType
262 type);
255 263
256 enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name); 264 enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name);
257 enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get_id (const char *name); 265 enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get_id (const char
266 *name);
258 enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name); 267 enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name);
259 enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char *name); 268 enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char *name);
260 enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char *name); 269 enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char *name);
261 enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char *name); 270 enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char
271 *name);
262 272
263 /* list supported algorithms */ 273 /* list supported algorithms */
264 const enum MHD_GNUTLS_CipherAlgorithm * MHD_gtls_cipher_list (void); 274 const enum MHD_GNUTLS_CipherAlgorithm *MHD_gtls_cipher_list (void);
265 const enum MHD_GNUTLS_HashAlgorithm * MHD_gtls_mac_list (void); 275 const enum MHD_GNUTLS_HashAlgorithm *MHD_gtls_mac_list (void);
266 const enum MHD_GNUTLS_CompressionMethod * MHD_gtls_compression_list (void); 276 const enum MHD_GNUTLS_CompressionMethod *MHD_gtls_compression_list (void);
267 const enum MHD_GNUTLS_Protocol * MHD_gtls_protocol_list (void); 277 const enum MHD_GNUTLS_Protocol *MHD_gtls_protocol_list (void);
268 const enum MHD_GNUTLS_CertificateType * MHD_gtls_certificate_type_list (void); 278 const enum MHD_GNUTLS_CertificateType
269 const enum MHD_GNUTLS_KeyExchangeAlgorithm * MHD_gtls_kx_list (void); 279 *MHD_gtls_certificate_type_list (void);
280 const enum MHD_GNUTLS_KeyExchangeAlgorithm *MHD_gtls_kx_list (void);
270 281
271 /* error functions */ 282 /* error functions */
272 int MHD_gtls_error_is_fatal (int error); 283 int MHD_gtls_error_is_fatal (int error);
273 int MHD_gtls_error_to_alert (int err, int *level); 284 int MHD_gtls_error_to_alert (int err, int *level);
274 void MHD_gtls_perror (int error); 285 void MHD_gtls_perror (int error);
275 const char * MHD_gtls_strerror (int error); 286 const char *MHD_gtls_strerror (int error);
276 287
277 void MHD_gtls_handshake_set_private_extensions (mhd_gtls_session_t session, 288 void MHD_gtls_handshake_set_private_extensions (mhd_gtls_session_t session,
278 int allow); 289 int allow);
279 gnutls_handshake_description_t 290 gnutls_handshake_description_t
280 MHD_gtls_handshake_get_last_out (mhd_gtls_session_t session); 291 MHD_gtls_handshake_get_last_out (mhd_gtls_session_t session);
281 gnutls_handshake_description_t 292 gnutls_handshake_description_t
@@ -284,10 +295,10 @@ extern "C"
284/* 295/*
285 * Record layer functions. 296 * Record layer functions.
286 */ 297 */
287 ssize_t MHD_gnutls_record_send (mhd_gtls_session_t session, const void *data, 298 ssize_t MHD_gnutls_record_send (mhd_gtls_session_t session,
288 size_t sizeofdata); 299 const void *data, size_t sizeofdata);
289 ssize_t MHD_gnutls_record_recv (mhd_gtls_session_t session, void *data, 300 ssize_t MHD_gnutls_record_recv (mhd_gtls_session_t session, void *data,
290 size_t sizeofdata); 301 size_t sizeofdata);
291 302
292 /* provides extra compatibility */ 303 /* provides extra compatibility */
293 void MHD_gtls_record_disable_padding (mhd_gtls_session_t session); 304 void MHD_gtls_record_disable_padding (mhd_gtls_session_t session);
@@ -295,20 +306,21 @@ extern "C"
295 306
296 int MHD_gnutls_record_get_direction (mhd_gtls_session_t session); 307 int MHD_gnutls_record_get_direction (mhd_gtls_session_t session);
297 size_t MHD_gnutls_record_get_max_size (mhd_gtls_session_t session); 308 size_t MHD_gnutls_record_get_max_size (mhd_gtls_session_t session);
298 ssize_t MHD_gnutls_record_set_max_size (mhd_gtls_session_t session, size_t size); 309 ssize_t MHD_gnutls_record_set_max_size (mhd_gtls_session_t session,
310 size_t size);
299 311
300 312
301 int MHD_gnutls_prf (mhd_gtls_session_t session, 313 int MHD_gnutls_prf (mhd_gtls_session_t session,
302 size_t label_size, const char *label,
303 int server_random_first,
304 size_t extra_size, const char *extra,
305 size_t outsize, char *out);
306
307 int MHD_gnutls_prf_raw (mhd_gtls_session_t session,
308 size_t label_size, const char *label, 314 size_t label_size, const char *label,
309 size_t seed_size, const char *seed, 315 int server_random_first,
316 size_t extra_size, const char *extra,
310 size_t outsize, char *out); 317 size_t outsize, char *out);
311 318
319 int MHD_gnutls_prf_raw (mhd_gtls_session_t session,
320 size_t label_size, const char *label,
321 size_t seed_size, const char *seed,
322 size_t outsize, char *out);
323
312/* 324/*
313 * TLS Extensions 325 * TLS Extensions
314 */ 326 */
@@ -318,12 +330,12 @@ extern "C"
318 } gnutls_server_name_type_t; 330 } gnutls_server_name_type_t;
319 331
320 int MHD_gnutls_server_name_set (mhd_gtls_session_t session, 332 int MHD_gnutls_server_name_set (mhd_gtls_session_t session,
321 gnutls_server_name_type_t type, 333 gnutls_server_name_type_t type,
322 const void *name, size_t name_length); 334 const void *name, size_t name_length);
323 335
324 int MHD_gnutls_server_name_get (mhd_gtls_session_t session, 336 int MHD_gnutls_server_name_get (mhd_gtls_session_t session,
325 void *data, size_t * data_length, 337 void *data, size_t * data_length,
326 unsigned int *type, unsigned int indx); 338 unsigned int *type, unsigned int indx);
327 339
328 /* Opaque PRF Input 340 /* Opaque PRF Input
329 * http://tools.ietf.org/id/draft-rescorla-tls-opaque-prf-input-00.txt 341 * http://tools.ietf.org/id/draft-rescorla-tls-opaque-prf-input-00.txt
@@ -331,7 +343,7 @@ extern "C"
331 343
332 void 344 void
333 MHD_gtls_oprfi_enable_client (mhd_gtls_session_t session, 345 MHD_gtls_oprfi_enable_client (mhd_gtls_session_t session,
334 size_t len, unsigned char *data); 346 size_t len, unsigned char *data);
335 347
336 typedef int (*gnutls_oprfi_callback_func) (mhd_gtls_session_t session, 348 typedef int (*gnutls_oprfi_callback_func) (mhd_gtls_session_t session,
337 void *userdata, 349 void *userdata,
@@ -341,8 +353,8 @@ extern "C"
341 353
342 void 354 void
343 MHD_gtls_oprfi_enable_server (mhd_gtls_session_t session, 355 MHD_gtls_oprfi_enable_server (mhd_gtls_session_t session,
344 gnutls_oprfi_callback_func cb, 356 gnutls_oprfi_callback_func cb,
345 void *userdata); 357 void *userdata);
346 358
347 /* Supplemental data, RFC 4680. */ 359 /* Supplemental data, RFC 4680. */
348 typedef enum 360 typedef enum
@@ -350,31 +362,36 @@ extern "C"
350 GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0 362 GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
351 } gnutls_supplemental_data_format_type_t; 363 } gnutls_supplemental_data_format_type_t;
352 364
353 const char * MHD_gtls_supplemental_get_name 365 const char *MHD_gtls_supplemental_get_name
354 (gnutls_supplemental_data_format_type_t type); 366 (gnutls_supplemental_data_format_type_t type);
355 367
356 int MHD_gnutls_cipher_set_priority (mhd_gtls_session_t session, const int *list); 368 int MHD_gnutls_cipher_set_priority (mhd_gtls_session_t session,
357 int MHD_gnutls_mac_set_priority (mhd_gtls_session_t session, const int *list); 369 const int *list);
370 int MHD_gnutls_mac_set_priority (mhd_gtls_session_t session,
371 const int *list);
358 int MHD_gnutls_compression_set_priority (mhd_gtls_session_t session, 372 int MHD_gnutls_compression_set_priority (mhd_gtls_session_t session,
359 const int *list); 373 const int *list);
360 int MHD_gnutls_kx_set_priority (mhd_gtls_session_t session, const int *list); 374 int MHD_gnutls_kx_set_priority (mhd_gtls_session_t session,
375 const int *list);
361 int MHD_gnutls_protocol_set_priority (mhd_gtls_session_t session, 376 int MHD_gnutls_protocol_set_priority (mhd_gtls_session_t session,
362 const int *list); 377 const int *list);
363 int MHD_gnutls_certificate_type_set_priority (mhd_gtls_session_t session, 378 int MHD_gnutls_certificate_type_set_priority (mhd_gtls_session_t session,
364 const int *list); 379 const int *list);
365 380
366 int MHD_tls_set_default_priority (gnutls_priority_t *, const char *priority, 381 int MHD_tls_set_default_priority (gnutls_priority_t *, const char *priority,
367 const char **err_pos); 382 const char **err_pos);
368 void MHD_gnutls_priority_deinit (gnutls_priority_t); 383 void MHD_gnutls_priority_deinit (gnutls_priority_t);
369 384
370 int MHD_gnutls_priority_set (mhd_gtls_session_t session, gnutls_priority_t); 385 int MHD_gnutls_priority_set (mhd_gtls_session_t session, gnutls_priority_t);
371 int MHD_gnutls_priority_set_direct (mhd_gtls_session_t session, 386 int MHD_gnutls_priority_set_direct (mhd_gtls_session_t session,
372 const char *priority, const char **err_pos); 387 const char *priority,
388 const char **err_pos);
373 389
374/* get the currently used protocol version */ 390/* get the currently used protocol version */
375 enum MHD_GNUTLS_Protocol MHD_gnutls_protocol_get_version (mhd_gtls_session_t session); 391 enum MHD_GNUTLS_Protocol MHD_gnutls_protocol_get_version (mhd_gtls_session_t
392 session);
376 393
377 const char * MHD_gnutls_protocol_get_name (enum MHD_GNUTLS_Protocol version); 394 const char *MHD_gnutls_protocol_get_name (enum MHD_GNUTLS_Protocol version);
378 395
379/* 396/*
380 * get/set session 397 * get/set session
@@ -388,23 +405,24 @@ extern "C"
388// gnutls_datum_t * data); 405// gnutls_datum_t * data);
389 406
390 int MHD_gtls_session_get_id (mhd_gtls_session_t session, void *session_id, 407 int MHD_gtls_session_get_id (mhd_gtls_session_t session, void *session_id,
391 size_t * session_id_size); 408 size_t * session_id_size);
392 409
393/* returns security values. 410/* returns security values.
394 * Do not use them unless you know what you're doing. 411 * Do not use them unless you know what you're doing.
395 */ 412 */
396 const void * MHD_gtls_session_get_server_random (mhd_gtls_session_t session); 413 const void *MHD_gtls_session_get_server_random (mhd_gtls_session_t session);
397 const void * MHD_gtls_session_get_client_random (mhd_gtls_session_t session); 414 const void *MHD_gtls_session_get_client_random (mhd_gtls_session_t session);
398 const void * MHD_gtls_session_get_master_secret (mhd_gtls_session_t session); 415 const void *MHD_gtls_session_get_master_secret (mhd_gtls_session_t session);
399 416
400 int MHD_gtls_session_is_resumed (mhd_gtls_session_t session); 417 int MHD_gtls_session_is_resumed (mhd_gtls_session_t session);
401 418
402 typedef int (*gnutls_handshake_post_client_hello_func) (mhd_gtls_session_t); 419 typedef int (*gnutls_handshake_post_client_hello_func) (mhd_gtls_session_t);
403 void MHD_gnutls_handshake_set_post_client_hello_function (mhd_gtls_session_t, 420 void
404 gnutls_handshake_post_client_hello_func); 421 MHD_gnutls_handshake_set_post_client_hello_function (mhd_gtls_session_t,
422 gnutls_handshake_post_client_hello_func);
405 423
406 void MHD_gnutls_handshake_set_max_packet_length (mhd_gtls_session_t session, 424 void MHD_gnutls_handshake_set_max_packet_length (mhd_gtls_session_t session,
407 size_t max); 425 size_t max);
408 426
409/* 427/*
410 * Functions for setting/clearing credentials 428 * Functions for setting/clearing credentials
@@ -415,47 +433,49 @@ extern "C"
415 * cred is a structure defined by the kx algorithm 433 * cred is a structure defined by the kx algorithm
416 */ 434 */
417 int MHD_gnutls_credentials_set (mhd_gtls_session_t session, 435 int MHD_gnutls_credentials_set (mhd_gtls_session_t session,
418 enum MHD_GNUTLS_CredentialsType type, void *cred); 436 enum MHD_GNUTLS_CredentialsType type,
437 void *cred);
419 438
420/* Credential structures - used in MHD_gnutls_credentials_set(); */ 439/* Credential structures - used in MHD_gnutls_credentials_set(); */
421 struct mhd_gtls_certificate_credentials_st; 440 struct mhd_gtls_certificate_credentials_st;
422 typedef struct mhd_gtls_certificate_credentials_st 441 typedef struct mhd_gtls_certificate_credentials_st
423 * mhd_gtls_cert_credentials_t; 442 *mhd_gtls_cert_credentials_t;
424 typedef mhd_gtls_cert_credentials_t 443 typedef mhd_gtls_cert_credentials_t mhd_gtls_cert_server_credentials;
425 mhd_gtls_cert_server_credentials; 444 typedef mhd_gtls_cert_credentials_t mhd_gtls_cert_client_credentials;
426 typedef mhd_gtls_cert_credentials_t
427 mhd_gtls_cert_client_credentials;
428 445
429 typedef struct mhd_gtls_anon_server_credentials_st 446 typedef struct mhd_gtls_anon_server_credentials_st
430 * mhd_gtls_anon_server_credentials_t; 447 *mhd_gtls_anon_server_credentials_t;
431 typedef struct mhd_gtls_anon_client_credentials_st 448 typedef struct mhd_gtls_anon_client_credentials_st
432 * mhd_gtls_anon_client_credentials_t; 449 *mhd_gtls_anon_client_credentials_t;
433 450
434 void MHD_gnutls_anon_free_server_credentials (mhd_gtls_anon_server_credentials_t 451 void
435 sc); 452 MHD_gnutls_anon_free_server_credentials
453 (mhd_gtls_anon_server_credentials_t sc);
436 int 454 int
437 MHD_gnutls_anon_allocate_server_credentials (mhd_gtls_anon_server_credentials_t 455 MHD_gnutls_anon_allocate_server_credentials
438 * sc); 456 (mhd_gtls_anon_server_credentials_t * sc);
439 457
440 void MHD_gnutls_anon_set_server_dh_params (mhd_gtls_anon_server_credentials_t res, 458 void
441 mhd_gtls_dh_params_t dh_params); 459 MHD_gnutls_anon_set_server_dh_params (mhd_gtls_anon_server_credentials_t
460 res,
461 mhd_gtls_dh_params_t dh_params);
442 462
443 void 463 void
444 MHD_gnutls_anon_set_server_params_function (mhd_gtls_anon_server_credentials_t 464 MHD_gnutls_anon_set_server_params_function
445 res, 465 (mhd_gtls_anon_server_credentials_t res, gnutls_params_function * func);
446 gnutls_params_function * func);
447 466
448 void MHD_gnutls_anon_free_client_credentials (mhd_gtls_anon_client_credentials_t 467 void
449 sc); 468 MHD_gnutls_anon_free_client_credentials
469 (mhd_gtls_anon_client_credentials_t sc);
450 int 470 int
451 MHD_gnutls_anon_allocate_client_credentials (mhd_gtls_anon_client_credentials_t 471 MHD_gnutls_anon_allocate_client_credentials
452 * sc); 472 (mhd_gtls_anon_client_credentials_t * sc);
453 473
454 void MHD_gnutls_certificate_free_credentials (mhd_gtls_cert_credentials_t 474 void MHD_gnutls_certificate_free_credentials (mhd_gtls_cert_credentials_t
455 sc); 475 sc);
456 int 476 int
457 MHD_gnutls_certificate_allocate_credentials (mhd_gtls_cert_credentials_t 477 MHD_gnutls_certificate_allocate_credentials (mhd_gtls_cert_credentials_t
458 * res); 478 * res);
459 479
460 void MHD_gnutls_certificate_free_keys (mhd_gtls_cert_credentials_t sc); 480 void MHD_gnutls_certificate_free_keys (mhd_gtls_cert_credentials_t sc);
461 void MHD_gnutls_certificate_free_cas (mhd_gtls_cert_credentials_t sc); 481 void MHD_gnutls_certificate_free_cas (mhd_gtls_cert_credentials_t sc);
@@ -463,46 +483,50 @@ extern "C"
463 void MHD_gnutls_certificate_free_crls (mhd_gtls_cert_credentials_t sc); 483 void MHD_gnutls_certificate_free_crls (mhd_gtls_cert_credentials_t sc);
464 484
465 void MHD_gnutls_certificate_set_dh_params (mhd_gtls_cert_credentials_t res, 485 void MHD_gnutls_certificate_set_dh_params (mhd_gtls_cert_credentials_t res,
466 mhd_gtls_dh_params_t dh_params); 486 mhd_gtls_dh_params_t dh_params);
467 void 487 void
468 MHD_gnutls_certificate_set_rsa_export_params (mhd_gtls_cert_credentials_t 488 MHD_gnutls_certificate_set_rsa_export_params (mhd_gtls_cert_credentials_t
469 res, 489 res,
470 mhd_gtls_rsa_params_t rsa_params); 490 mhd_gtls_rsa_params_t
491 rsa_params);
471 void MHD_gnutls_certificate_set_verify_flags (mhd_gtls_cert_credentials_t 492 void MHD_gnutls_certificate_set_verify_flags (mhd_gtls_cert_credentials_t
472 res, unsigned int flags); 493 res, unsigned int flags);
473 void MHD_gnutls_certificate_set_verify_limits (mhd_gtls_cert_credentials_t 494 void MHD_gnutls_certificate_set_verify_limits (mhd_gtls_cert_credentials_t
474 res, unsigned int max_bits, 495 res, unsigned int max_bits,
475 unsigned int max_depth); 496 unsigned int max_depth);
476 497
477 int MHD_gnutls_certificate_set_x509_trust_file (mhd_gtls_cert_credentials_t 498 int MHD_gnutls_certificate_set_x509_trust_file (mhd_gtls_cert_credentials_t
478 res, const char *CAFILE, 499 res, const char *CAFILE,
479 gnutls_x509_crt_fmt_t type); 500 gnutls_x509_crt_fmt_t type);
480 int MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t 501 int MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t
481 res, const gnutls_datum_t * CA, 502 res,
482 gnutls_x509_crt_fmt_t type); 503 const gnutls_datum_t * CA,
504 gnutls_x509_crt_fmt_t type);
483 505
484 int MHD_gnutls_certificate_set_x509_crl_file (mhd_gtls_cert_credentials_t 506 int MHD_gnutls_certificate_set_x509_crl_file (mhd_gtls_cert_credentials_t
485 res, const char *crlfile, 507 res, const char *crlfile,
486 gnutls_x509_crt_fmt_t type); 508 gnutls_x509_crt_fmt_t type);
487 int MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t 509 int MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t
488 res, const gnutls_datum_t * CRL, 510 res,
489 gnutls_x509_crt_fmt_t type); 511 const gnutls_datum_t * CRL,
512 gnutls_x509_crt_fmt_t type);
490 513
491 /* 514 /*
492 * CERTFILE is an x509 certificate in PEM form. 515 * CERTFILE is an x509 certificate in PEM form.
493 * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys). 516 * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
494 */ 517 */
495 int MHD_gnutls_certificate_set_x509_key_file (mhd_gtls_cert_credentials_t 518 int MHD_gnutls_certificate_set_x509_key_file (mhd_gtls_cert_credentials_t
496 res, const char *CERTFILE, 519 res, const char *CERTFILE,
497 const char *KEYFILE, 520 const char *KEYFILE,
498 gnutls_x509_crt_fmt_t type); 521 gnutls_x509_crt_fmt_t type);
499 int MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t 522 int MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t
500 res, const gnutls_datum_t * CERT, 523 res,
501 const gnutls_datum_t * KEY, 524 const gnutls_datum_t * CERT,
502 gnutls_x509_crt_fmt_t type); 525 const gnutls_datum_t * KEY,
526 gnutls_x509_crt_fmt_t type);
503 527
504 void MHD_gnutls_certificate_send_x509_rdn_sequence (mhd_gtls_session_t session, 528 void MHD_gnutls_certificate_send_x509_rdn_sequence (mhd_gtls_session_t
505 int status); 529 session, int status);
506 530
507/* 531/*
508 * New functions to allow setting already parsed X.509 stuff. 532 * New functions to allow setting already parsed X.509 stuff.
@@ -539,12 +563,13 @@ extern "C"
539 563
540 extern void 564 extern void
541 MHD_gtls_global_set_mem_functions (gnutls_alloc_function gt_alloc_func, 565 MHD_gtls_global_set_mem_functions (gnutls_alloc_function gt_alloc_func,
542 gnutls_alloc_function 566 gnutls_alloc_function
543 gt_secure_alloc_func, 567 gt_secure_alloc_func,
544 gnutls_is_secure_function 568 gnutls_is_secure_function
545 gt_is_secure_func, 569 gt_is_secure_func,
546 gnutls_realloc_function gt_realloc_func, 570 gnutls_realloc_function
547 gnutls_free_function gt_free_func); 571 gt_realloc_func,
572 gnutls_free_function gt_free_func);
548 573
549/* For use in callbacks */ 574/* For use in callbacks */
550 extern gnutls_alloc_function gnutls_malloc; 575 extern gnutls_alloc_function gnutls_malloc;
@@ -565,7 +590,7 @@ extern "C"
565 int MHD_gnutls_dh_params_init (mhd_gtls_dh_params_t * dh_params); 590 int MHD_gnutls_dh_params_init (mhd_gtls_dh_params_t * dh_params);
566 void MHD_gnutls_dh_params_deinit (mhd_gtls_dh_params_t dh_params); 591 void MHD_gnutls_dh_params_deinit (mhd_gtls_dh_params_t dh_params);
567 int MHD_gnutls_dh_params_generate2 (mhd_gtls_dh_params_t params, 592 int MHD_gnutls_dh_params_generate2 (mhd_gtls_dh_params_t params,
568 unsigned int bits); 593 unsigned int bits);
569// int MHD_gnutls_dh_params_import_raw (mhd_gtls_dh_params_t dh_params, 594// int MHD_gnutls_dh_params_import_raw (mhd_gtls_dh_params_t dh_params,
570// const gnutls_datum_t * prime, 595// const gnutls_datum_t * prime,
571// const gnutls_datum_t * generator); 596// const gnutls_datum_t * generator);
@@ -586,7 +611,7 @@ extern "C"
586 int MHD_gnutls_rsa_params_init (mhd_gtls_rsa_params_t * rsa_params); 611 int MHD_gnutls_rsa_params_init (mhd_gtls_rsa_params_t * rsa_params);
587 void MHD_gnutls_rsa_params_deinit (mhd_gtls_rsa_params_t rsa_params); 612 void MHD_gnutls_rsa_params_deinit (mhd_gtls_rsa_params_t rsa_params);
588 int MHD_gnutls_rsa_params_generate2 (mhd_gtls_rsa_params_t params, 613 int MHD_gnutls_rsa_params_generate2 (mhd_gtls_rsa_params_t params,
589 unsigned int bits); 614 unsigned int bits);
590 615
591// int gnutls_rsa_params_import_raw (mhd_gtls_rsa_params_t rsa_params, 616// int gnutls_rsa_params_import_raw (mhd_gtls_rsa_params_t rsa_params,
592// const gnutls_datum_t * m, 617// const gnutls_datum_t * m,
@@ -604,23 +629,23 @@ extern "C"
604/* 629/*
605 * Session stuff 630 * Session stuff
606 */ 631 */
607 typedef ssize_t (* mhd_gtls_pull_func) (gnutls_transport_ptr_t, void *, 632 typedef ssize_t (*mhd_gtls_pull_func) (gnutls_transport_ptr_t, void *,
608 size_t); 633 size_t);
609 typedef ssize_t (* mhd_gtls_push_func) (gnutls_transport_ptr_t, const void *, 634 typedef ssize_t (*mhd_gtls_push_func) (gnutls_transport_ptr_t, const void *,
610 size_t); 635 size_t);
611 void MHD_gnutls_transport_set_ptr (mhd_gtls_session_t session, 636 void MHD_gnutls_transport_set_ptr (mhd_gtls_session_t session,
612 gnutls_transport_ptr_t ptr); 637 gnutls_transport_ptr_t ptr);
613 void MHD_gnutls_transport_set_ptr2 (mhd_gtls_session_t session, 638 void MHD_gnutls_transport_set_ptr2 (mhd_gtls_session_t session,
614 gnutls_transport_ptr_t recv_ptr, 639 gnutls_transport_ptr_t recv_ptr,
615 gnutls_transport_ptr_t send_ptr); 640 gnutls_transport_ptr_t send_ptr);
616 641
617 void MHD_gnutls_transport_set_lowat (mhd_gtls_session_t session, int num); 642 void MHD_gnutls_transport_set_lowat (mhd_gtls_session_t session, int num);
618 643
619 644
620 void MHD_gnutls_transport_set_push_function (mhd_gtls_session_t session, 645 void MHD_gnutls_transport_set_push_function (mhd_gtls_session_t session,
621 mhd_gtls_push_func push_func); 646 mhd_gtls_push_func push_func);
622 void MHD_gnutls_transport_set_pull_function (mhd_gtls_session_t session, 647 void MHD_gnutls_transport_set_pull_function (mhd_gtls_session_t session,
623 mhd_gtls_pull_func pull_func); 648 mhd_gtls_pull_func pull_func);
624 649
625 void MHD_gnutls_transport_set_errno (mhd_gtls_session_t session, int err); 650 void MHD_gnutls_transport_set_errno (mhd_gtls_session_t session, int err);
626 void MHD_gnutls_transport_set_global_errno (int err); 651 void MHD_gnutls_transport_set_global_errno (int err);
@@ -629,14 +654,14 @@ extern "C"
629 * session specific 654 * session specific
630 */ 655 */
631 void MHD_gnutls_session_set_ptr (mhd_gtls_session_t session, void *ptr); 656 void MHD_gnutls_session_set_ptr (mhd_gtls_session_t session, void *ptr);
632 void * MHD_gtls_session_get_ptr (mhd_gtls_session_t session); 657 void *MHD_gtls_session_get_ptr (mhd_gtls_session_t session);
633 658
634/* 659/*
635 * this function returns the hash of the given data. 660 * this function returns the hash of the given data.
636 */ 661 */
637 int MHD_gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo, 662 int MHD_gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo,
638 const gnutls_datum_t * data, void *result, 663 const gnutls_datum_t * data, void *result,
639 size_t * result_size); 664 size_t * result_size);
640 665
641/* 666/*
642 * SRP 667 * SRP
@@ -810,8 +835,9 @@ extern "C"
810 req_ca_rdn, 835 req_ca_rdn,
811 int nreqs, 836 int nreqs,
812 const 837 const
813 enum MHD_GNUTLS_PublicKeyAlgorithm 838 enum
814 * pk_algos, 839 MHD_GNUTLS_PublicKeyAlgorithm
840 *pk_algos,
815 int 841 int
816 pk_algos_length, 842 pk_algos_length,
817 gnutls_retr_st *); 843 gnutls_retr_st *);
@@ -822,31 +848,34 @@ extern "C"
822 /* 848 /*
823 * Functions that allow auth_info_t structures handling 849 * Functions that allow auth_info_t structures handling
824 */ 850 */
825 enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_get_type (mhd_gtls_session_t session); 851 enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_get_type (mhd_gtls_session_t
826 enum MHD_GNUTLS_CredentialsType 852 session);
853 enum MHD_GNUTLS_CredentialsType
827 MHD_gtls_auth_server_get_type (mhd_gtls_session_t session); 854 MHD_gtls_auth_server_get_type (mhd_gtls_session_t session);
828 enum MHD_GNUTLS_CredentialsType 855 enum MHD_GNUTLS_CredentialsType
829 MHD_gtls_auth_client_get_type (mhd_gtls_session_t session); 856 MHD_gtls_auth_client_get_type (mhd_gtls_session_t session);
830 857
831 /* 858 /*
832 * DH 859 * DH
833 */ 860 */
834 void MHD_gnutls_dh_set_prime_bits (mhd_gtls_session_t session, unsigned int bits); 861 void MHD_gnutls_dh_set_prime_bits (mhd_gtls_session_t session,
862 unsigned int bits);
835 int MHD_gnutls_dh_get_secret_bits (mhd_gtls_session_t session); 863 int MHD_gnutls_dh_get_secret_bits (mhd_gtls_session_t session);
836 int MHD_gnutls_dh_get_peers_public_bits (mhd_gtls_session_t session); 864 int MHD_gnutls_dh_get_peers_public_bits (mhd_gtls_session_t session);
837 int MHD_gnutls_dh_get_prime_bits (mhd_gtls_session_t session); 865 int MHD_gnutls_dh_get_prime_bits (mhd_gtls_session_t session);
838 866
839 int MHD_gnutls_dh_get_group (mhd_gtls_session_t session, gnutls_datum_t * raw_gen, 867 int MHD_gnutls_dh_get_group (mhd_gtls_session_t session,
840 gnutls_datum_t * raw_prime); 868 gnutls_datum_t * raw_gen,
869 gnutls_datum_t * raw_prime);
841 int MHD_gnutls_dh_get_pubkey (mhd_gtls_session_t session, 870 int MHD_gnutls_dh_get_pubkey (mhd_gtls_session_t session,
842 gnutls_datum_t * raw_key); 871 gnutls_datum_t * raw_key);
843 872
844 /* 873 /*
845 * RSA 874 * RSA
846 */ 875 */
847 int MHD_gtls_rsa_export_get_pubkey (mhd_gtls_session_t session, 876 int MHD_gtls_rsa_export_get_pubkey (mhd_gtls_session_t session,
848 gnutls_datum_t * exponent, 877 gnutls_datum_t * exponent,
849 gnutls_datum_t * modulus); 878 gnutls_datum_t * modulus);
850 int MHD_gtls_rsa_export_get_modulus_bits (mhd_gtls_session_t session); 879 int MHD_gtls_rsa_export_get_modulus_bits (mhd_gtls_session_t session);
851 880
852 /* External signing callback. Experimental. */ 881 /* External signing callback. Experimental. */
@@ -858,9 +887,10 @@ extern "C"
858 gnutls_datum_t * signature); 887 gnutls_datum_t * signature);
859 888
860 void MHD_gtls_sign_callback_set (mhd_gtls_session_t session, 889 void MHD_gtls_sign_callback_set (mhd_gtls_session_t session,
861 gnutls_sign_func sign_func, void *userdata); 890 gnutls_sign_func sign_func,
862 gnutls_sign_func 891 void *userdata);
863 MHD_gtls_sign_callback_get (mhd_gtls_session_t session, void **userdata); 892 gnutls_sign_func MHD_gtls_sign_callback_get (mhd_gtls_session_t session,
893 void **userdata);
864 894
865 /* These are set on the credentials structure. 895 /* These are set on the credentials structure.
866 */ 896 */
@@ -872,39 +902,44 @@ extern "C"
872 gnutls_certificate_server_retrieve_function * func); 902 gnutls_certificate_server_retrieve_function * func);
873 903
874 void MHD_gtls_certificate_server_set_request (mhd_gtls_session_t session, 904 void MHD_gtls_certificate_server_set_request (mhd_gtls_session_t session,
875 gnutls_certificate_request_t 905 gnutls_certificate_request_t
876 req); 906 req);
877 907
878 /* get data from the session */ 908 /* get data from the session */
879 const gnutls_datum_t * MHD_gtls_certificate_get_peers (mhd_gtls_session_t 909 const gnutls_datum_t *MHD_gtls_certificate_get_peers (mhd_gtls_session_t
880 session, 910 session,
881 unsigned int 911 unsigned int
882 *list_size); 912 *list_size);
883 const gnutls_datum_t * MHD_gtls_certificate_get_ours (mhd_gtls_session_t 913 const gnutls_datum_t *MHD_gtls_certificate_get_ours (mhd_gtls_session_t
914 session);
915
916 time_t MHD_gtls_certificate_activation_time_peers (mhd_gtls_session_t
917 session);
918 time_t MHD_gtls_certificate_expiration_time_peers (mhd_gtls_session_t
884 session); 919 session);
885 920
886 time_t MHD_gtls_certificate_activation_time_peers (mhd_gtls_session_t session); 921 int MHD_gtls_certificate_client_get_request_status (mhd_gtls_session_t
887 time_t MHD_gtls_certificate_expiration_time_peers (mhd_gtls_session_t session); 922 session);
888
889 int MHD_gtls_certificate_client_get_request_status (mhd_gtls_session_t session);
890 int MHD_gtls_certificate_verify_peers2 (mhd_gtls_session_t session, 923 int MHD_gtls_certificate_verify_peers2 (mhd_gtls_session_t session,
891 unsigned int *status); 924 unsigned int *status);
892 925
893 /* this is obsolete (?). */ 926 /* this is obsolete (?). */
894 int MHD_gtls_certificate_verify_peers (mhd_gtls_session_t session); 927 int MHD_gtls_certificate_verify_peers (mhd_gtls_session_t session);
895 928
896 int MHD_gtls_pem_base64_encode (const char *msg, const gnutls_datum_t * data, 929 int MHD_gtls_pem_base64_encode (const char *msg,
897 char *result, size_t * result_size); 930 const gnutls_datum_t * data, char *result,
931 size_t * result_size);
898 int MHD_gtls_pem_base64_decode (const char *header, 932 int MHD_gtls_pem_base64_decode (const char *header,
899 const gnutls_datum_t * b64_data, 933 const gnutls_datum_t * b64_data,
900 unsigned char *result, size_t * result_size); 934 unsigned char *result,
935 size_t * result_size);
901 936
902 int MHD_gtls_pem_base64_encode_alloc (const char *msg, 937 int MHD_gtls_pem_base64_encode_alloc (const char *msg,
903 const gnutls_datum_t * data, 938 const gnutls_datum_t * data,
904 gnutls_datum_t * result); 939 gnutls_datum_t * result);
905 int MHD_gtls_pem_base64_decode_alloc (const char *header, 940 int MHD_gtls_pem_base64_decode_alloc (const char *header,
906 const gnutls_datum_t * b64_data, 941 const gnutls_datum_t * b64_data,
907 gnutls_datum_t * result); 942 gnutls_datum_t * result);
908 943
909 // void 944 // void
910 // gnutls_certificate_set_params_function (mhd_gtls_cert_credentials_t 945 // gnutls_certificate_set_params_function (mhd_gtls_cert_credentials_t
diff --git a/src/daemon/https/lgl/des.h b/src/daemon/https/lgl/des.h
index fdc8686f..a80ede84 100644
--- a/src/daemon/https/lgl/des.h
+++ b/src/daemon/https/lgl/des.h
@@ -47,8 +47,7 @@ typedef struct
47 47
48/* Check whether the 8 byte key is weak. Does not check the parity 48/* Check whether the 8 byte key is weak. Does not check the parity
49 * bits of the key but simple ignore them. */ 49 * bits of the key but simple ignore them. */
50extern bool 50extern bool gl_des_is_weak_key (const char *key);
51gl_des_is_weak_key (const char * key);
52 51
53/* 52/*
54 * DES 53 * DES
@@ -58,19 +57,17 @@ gl_des_is_weak_key (const char * key);
58/* Fill a DES context CTX with subkeys calculated from 64bit KEY. 57/* Fill a DES context CTX with subkeys calculated from 64bit KEY.
59 * Does not check parity bits, but simply ignore them. Does not check 58 * Does not check parity bits, but simply ignore them. Does not check
60 * for weak keys. */ 59 * for weak keys. */
61extern void 60extern void gl_des_setkey (gl_des_ctx * ctx, const char *key);
62gl_des_setkey (gl_des_ctx *ctx, const char * key);
63 61
64/* Fill a DES context CTX with subkeys calculated from 64bit KEY, with 62/* Fill a DES context CTX with subkeys calculated from 64bit KEY, with
65 * weak key checking. Does not check parity bits, but simply ignore 63 * weak key checking. Does not check parity bits, but simply ignore
66 * them. */ 64 * them. */
67extern bool 65extern bool gl_des_makekey (gl_des_ctx * ctx, const char *key, size_t keylen);
68gl_des_makekey (gl_des_ctx *ctx, const char * key, size_t keylen);
69 66
70/* Electronic Codebook Mode DES encryption/decryption of data 67/* Electronic Codebook Mode DES encryption/decryption of data
71 * according to 'mode'. */ 68 * according to 'mode'. */
72extern void 69extern void
73gl_des_ecb_crypt (gl_des_ctx *ctx, const char * from, char * to, int mode); 70gl_des_ecb_crypt (gl_des_ctx * ctx, const char *from, char *to, int mode);
74 71
75#define gl_des_ecb_encrypt(ctx, from, to) gl_des_ecb_crypt(ctx, from, to, 0) 72#define gl_des_ecb_encrypt(ctx, from, to) gl_des_ecb_crypt(ctx, from, to, 0)
76#define gl_des_ecb_decrypt(ctx, from, to) gl_des_ecb_crypt(ctx, from, to, 1) 73#define gl_des_ecb_decrypt(ctx, from, to) gl_des_ecb_crypt(ctx, from, to, 1)
@@ -83,9 +80,7 @@ gl_des_ecb_crypt (gl_des_ctx *ctx, const char * from, char * to, int mode);
83 * 64bit keys in KEY1 and KEY2. Does not check the parity bits of the 80 * 64bit keys in KEY1 and KEY2. Does not check the parity bits of the
84 * keys, but simply ignore them. Does not check for weak keys. */ 81 * keys, but simply ignore them. Does not check for weak keys. */
85extern void 82extern void
86gl_3des_set2keys (gl_3des_ctx *ctx, 83gl_3des_set2keys (gl_3des_ctx * ctx, const char *key1, const char *key2);
87 const char * key1,
88 const char * key2);
89 84
90/* 85/*
91 * Fill a Triple-DES context CTX with subkeys calculated from three 86 * Fill a Triple-DES context CTX with subkeys calculated from three
@@ -93,27 +88,20 @@ gl_3des_set2keys (gl_3des_ctx *ctx,
93 * of the keys, but simply ignore them. Does not check for weak 88 * of the keys, but simply ignore them. Does not check for weak
94 * keys. */ 89 * keys. */
95extern void 90extern void
96gl_3des_set3keys (gl_3des_ctx *ctx, 91gl_3des_set3keys (gl_3des_ctx * ctx,
97 const char * key1, 92 const char *key1, const char *key2, const char *key3);
98 const char * key2,
99 const char * key3);
100 93
101/* Fill a Triple-DES context CTX with subkeys calculated from three 94/* Fill a Triple-DES context CTX with subkeys calculated from three
102 * concatenated 64bit keys in KEY, with weak key checking. Does not 95 * concatenated 64bit keys in KEY, with weak key checking. Does not
103 * check the parity bits of the keys, but simply ignore them. */ 96 * check the parity bits of the keys, but simply ignore them. */
104extern bool 97extern bool
105gl_3des_makekey (gl_3des_ctx *ctx, 98gl_3des_makekey (gl_3des_ctx * ctx, const char *key, size_t keylen);
106 const char * key,
107 size_t keylen);
108 99
109/* Electronic Codebook Mode Triple-DES encryption/decryption of data 100/* Electronic Codebook Mode Triple-DES encryption/decryption of data
110 * according to 'mode'. Sometimes this mode is named 'EDE' mode 101 * according to 'mode'. Sometimes this mode is named 'EDE' mode
111 * (Encryption-Decryption-Encryption). */ 102 * (Encryption-Decryption-Encryption). */
112extern void 103extern void
113gl_3des_ecb_crypt (gl_3des_ctx *ctx, 104gl_3des_ecb_crypt (gl_3des_ctx * ctx, const char *from, char *to, int mode);
114 const char * from,
115 char * to,
116 int mode);
117 105
118#define gl_3des_ecb_encrypt(ctx, from, to) gl_3des_ecb_crypt(ctx,from,to,0) 106#define gl_3des_ecb_encrypt(ctx, from, to) gl_3des_ecb_crypt(ctx,from,to,0)
119#define gl_3des_ecb_decrypt(ctx, from, to) gl_3des_ecb_crypt(ctx,from,to,1) 107#define gl_3des_ecb_decrypt(ctx, from, to) gl_3des_ecb_crypt(ctx,from,to,1)
diff --git a/src/daemon/https/lgl/gc.h b/src/daemon/https/lgl/gc.h
index 688e624a..1e1f808c 100644
--- a/src/daemon/https/lgl/gc.h
+++ b/src/daemon/https/lgl/gc.h
@@ -25,37 +25,37 @@
25# include <stddef.h> 25# include <stddef.h>
26 26
27enum Gc_rc 27enum Gc_rc
28 { 28{
29 GC_OK = 0, 29 GC_OK = 0,
30 GC_MALLOC_ERROR, 30 GC_MALLOC_ERROR,
31 GC_INIT_ERROR, 31 GC_INIT_ERROR,
32 GC_RANDOM_ERROR, 32 GC_RANDOM_ERROR,
33 GC_INVALID_CIPHER, 33 GC_INVALID_CIPHER,
34 GC_INVALID_HASH, 34 GC_INVALID_HASH,
35 GC_PKCS5_INVALID_ITERATION_COUNT, 35 GC_PKCS5_INVALID_ITERATION_COUNT,
36 GC_PKCS5_INVALID_DERIVED_KEY_LENGTH, 36 GC_PKCS5_INVALID_DERIVED_KEY_LENGTH,
37 GC_PKCS5_DERIVED_KEY_TOO_LONG 37 GC_PKCS5_DERIVED_KEY_TOO_LONG
38 }; 38};
39typedef enum Gc_rc Gc_rc; 39typedef enum Gc_rc Gc_rc;
40 40
41/* Hash types. */ 41/* Hash types. */
42enum Gc_hash 42enum Gc_hash
43 { 43{
44 GC_MD4, 44 GC_MD4,
45 GC_MD5, 45 GC_MD5,
46 GC_SHA1, 46 GC_SHA1,
47 GC_MD2, 47 GC_MD2,
48 GC_RMD160, 48 GC_RMD160,
49 GC_SHA256, 49 GC_SHA256,
50 GC_SHA384, 50 GC_SHA384,
51 GC_SHA512 51 GC_SHA512
52 }; 52};
53typedef enum Gc_hash Gc_hash; 53typedef enum Gc_hash Gc_hash;
54 54
55enum Gc_hash_mode 55enum Gc_hash_mode
56 { 56{
57 GC_HMAC = 1 57 GC_HMAC = 1
58 }; 58};
59typedef enum Gc_hash_mode Gc_hash_mode; 59typedef enum Gc_hash_mode Gc_hash_mode;
60 60
61typedef void *gc_hash_handle; 61typedef void *gc_hash_handle;
@@ -71,88 +71,71 @@ typedef void *gc_hash_handle;
71 71
72/* Cipher types. */ 72/* Cipher types. */
73enum Gc_cipher 73enum Gc_cipher
74 { 74{
75 GC_AES128, 75 GC_AES128,
76 GC_AES192, 76 GC_AES192,
77 GC_AES256, 77 GC_AES256,
78 GC_3DES, 78 GC_3DES,
79 GC_DES, 79 GC_DES,
80 GC_ARCFOUR128, 80 GC_ARCFOUR128,
81 GC_ARCFOUR40, 81 GC_ARCFOUR40,
82 GC_ARCTWO40, 82 GC_ARCTWO40,
83 GC_CAMELLIA128, 83 GC_CAMELLIA128,
84 GC_CAMELLIA256 84 GC_CAMELLIA256
85 }; 85};
86typedef enum Gc_cipher Gc_cipher; 86typedef enum Gc_cipher Gc_cipher;
87 87
88enum Gc_cipher_mode 88enum Gc_cipher_mode
89 { 89{
90 GC_ECB, 90 GC_ECB,
91 GC_CBC, 91 GC_CBC,
92 GC_STREAM 92 GC_STREAM
93 }; 93};
94typedef enum Gc_cipher_mode Gc_cipher_mode; 94typedef enum Gc_cipher_mode Gc_cipher_mode;
95 95
96typedef void * gc_cipher_handle; 96typedef void *gc_cipher_handle;
97 97
98/* Call before respectively after any other functions. */ 98/* Call before respectively after any other functions. */
99Gc_rc gc_init(void); 99Gc_rc gc_init (void);
100void gc_done(void); 100void gc_done (void);
101 101
102/* Memory allocation (avoid). */ 102/* Memory allocation (avoid). */
103typedef void *(*gc_malloc_t)(size_t n); 103typedef void *(*gc_malloc_t) (size_t n);
104typedef int (*gc_secure_check_t)(const void *); 104typedef int (*gc_secure_check_t) (const void *);
105typedef void *(*gc_realloc_t)(void *p, 105typedef void *(*gc_realloc_t) (void *p, size_t n);
106 size_t n); 106typedef void (*gc_free_t) (void *);
107typedef void (*gc_free_t)(void *); 107void gc_set_allocators (gc_malloc_t func_malloc,
108void gc_set_allocators(gc_malloc_t func_malloc, 108 gc_malloc_t secure_malloc,
109 gc_malloc_t secure_malloc, 109 gc_secure_check_t secure_check,
110 gc_secure_check_t secure_check, 110 gc_realloc_t func_realloc, gc_free_t func_free);
111 gc_realloc_t func_realloc,
112 gc_free_t func_free);
113 111
114/* Randomness. */ 112/* Randomness. */
115Gc_rc gc_nonce(char *data, 113Gc_rc gc_nonce (char *data, size_t datalen);
116 size_t datalen); 114Gc_rc gc_pseudo_random (char *data, size_t datalen);
117Gc_rc gc_pseudo_random(char *data, 115Gc_rc gc_random (char *data, size_t datalen);
118 size_t datalen);
119Gc_rc gc_random(char *data,
120 size_t datalen);
121 116
122/* Ciphers. */ 117/* Ciphers. */
123Gc_rc gc_cipher_open(Gc_cipher cipher, 118Gc_rc gc_cipher_open (Gc_cipher cipher,
124 Gc_cipher_mode mode, 119 Gc_cipher_mode mode, gc_cipher_handle * outhandle);
125 gc_cipher_handle *outhandle); 120Gc_rc gc_cipher_setkey (gc_cipher_handle handle,
126Gc_rc gc_cipher_setkey(gc_cipher_handle handle, 121 size_t keylen, const char *key);
127 size_t keylen, 122Gc_rc gc_cipher_setiv (gc_cipher_handle handle, size_t ivlen, const char *iv);
128 const char *key); 123Gc_rc gc_cipher_encrypt_inline (gc_cipher_handle handle,
129Gc_rc gc_cipher_setiv(gc_cipher_handle handle, 124 size_t len, char *data);
130 size_t ivlen, 125Gc_rc gc_cipher_decrypt_inline (gc_cipher_handle handle,
131 const char *iv); 126 size_t len, char *data);
132Gc_rc gc_cipher_encrypt_inline(gc_cipher_handle handle, 127Gc_rc gc_cipher_close (gc_cipher_handle handle);
133 size_t len,
134 char *data);
135Gc_rc gc_cipher_decrypt_inline(gc_cipher_handle handle,
136 size_t len,
137 char *data);
138Gc_rc gc_cipher_close(gc_cipher_handle handle);
139 128
140/* Hashes. */ 129/* Hashes. */
141 130
142Gc_rc gc_hash_open(Gc_hash hash, 131Gc_rc gc_hash_open (Gc_hash hash,
143 Gc_hash_mode mode, 132 Gc_hash_mode mode, gc_hash_handle * outhandle);
144 gc_hash_handle *outhandle); 133Gc_rc gc_hash_clone (gc_hash_handle handle, gc_hash_handle * outhandle);
145Gc_rc gc_hash_clone(gc_hash_handle handle, 134size_t gc_hash_digest_length (Gc_hash hash);
146 gc_hash_handle *outhandle); 135void gc_hash_hmac_setkey (gc_hash_handle handle, size_t len, const char *key);
147size_t gc_hash_digest_length(Gc_hash hash); 136void gc_hash_write (gc_hash_handle handle, size_t len, const char *data);
148void gc_hash_hmac_setkey(gc_hash_handle handle, 137const char *gc_hash_read (gc_hash_handle handle);
149 size_t len, 138void gc_hash_close (gc_hash_handle handle);
150 const char *key);
151void gc_hash_write(gc_hash_handle handle,
152 size_t len,
153 const char *data);
154const char *gc_hash_read(gc_hash_handle handle);
155void gc_hash_close(gc_hash_handle handle);
156 139
157/* Compute a hash value over buffer IN of INLEN bytes size using the 140/* Compute a hash value over buffer IN of INLEN bytes size using the
158 algorithm HASH, placing the result in the pre-allocated buffer OUT. 141 algorithm HASH, placing the result in the pre-allocated buffer OUT.
@@ -160,34 +143,18 @@ void gc_hash_close(gc_hash_handle handle);
160 GC_<HASH>_DIGEST_SIZE. For example, for GC_MD5 the output buffer 143 GC_<HASH>_DIGEST_SIZE. For example, for GC_MD5 the output buffer
161 must be 16 bytes. The return value is 0 (GC_OK) on success, or 144 must be 16 bytes. The return value is 0 (GC_OK) on success, or
162 another Gc_rc error code. */ 145 another Gc_rc error code. */
163Gc_rc gc_hash_buffer(Gc_hash hash, 146Gc_rc gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *out);
164 const void *in,
165 size_t inlen,
166 char *out);
167 147
168/* One-call interface. */ 148/* One-call interface. */
169Gc_rc gc_md2(const void *in, 149Gc_rc gc_md2 (const void *in, size_t inlen, void *resbuf);
170 size_t inlen, 150Gc_rc gc_md4 (const void *in, size_t inlen, void *resbuf);
171 void *resbuf); 151Gc_rc gc_md5 (const void *in, size_t inlen, void *resbuf);
172Gc_rc gc_md4(const void *in, 152Gc_rc gc_sha1 (const void *in, size_t inlen, void *resbuf);
173 size_t inlen, 153Gc_rc gc_hmac_md5 (const void *key,
174 void *resbuf); 154 size_t keylen, const void *in, size_t inlen, char *resbuf);
175Gc_rc gc_md5(const void *in, 155Gc_rc gc_hmac_sha1 (const void *key,
176 size_t inlen, 156 size_t keylen,
177 void *resbuf); 157 const void *in, size_t inlen, char *resbuf);
178Gc_rc gc_sha1(const void *in,
179 size_t inlen,
180 void *resbuf);
181Gc_rc gc_hmac_md5(const void *key,
182 size_t keylen,
183 const void *in,
184 size_t inlen,
185 char *resbuf);
186Gc_rc gc_hmac_sha1(const void *key,
187 size_t keylen,
188 const void *in,
189 size_t inlen,
190 char *resbuf);
191 158
192/* Derive cryptographic keys from a password P of length PLEN, with 159/* Derive cryptographic keys from a password P of length PLEN, with
193 salt S of length SLEN, placing the result in pre-allocated buffer 160 salt S of length SLEN, placing the result in pre-allocated buffer
@@ -196,13 +163,10 @@ Gc_rc gc_hmac_sha1(const void *key,
196 counts are 1000-20000). This function "stretches" the key to be 163 counts are 1000-20000). This function "stretches" the key to be
197 exactly dkLen bytes long. GC_OK is returned on success, otherwise 164 exactly dkLen bytes long. GC_OK is returned on success, otherwise
198 an Gc_rc error code is returned. */ 165 an Gc_rc error code is returned. */
199Gc_rc gc_pbkdf2_sha1(const char *P, 166Gc_rc gc_pbkdf2_sha1 (const char *P,
200 size_t Plen, 167 size_t Plen,
201 const char *S, 168 const char *S,
202 size_t Slen, 169 size_t Slen, unsigned int c, char *DK, size_t dkLen);
203 unsigned int c,
204 char *DK,
205 size_t dkLen);
206 170
207/* 171/*
208 TODO: 172 TODO:
diff --git a/src/daemon/https/lgl/gettext.h b/src/daemon/https/lgl/gettext.h
index bd214d5c..75a3eb1d 100644
--- a/src/daemon/https/lgl/gettext.h
+++ b/src/daemon/https/lgl/gettext.h
@@ -131,8 +131,7 @@ inline
131#endif 131#endif
132static const char * 132static const char *
133pgettext_aux (const char *domain, 133pgettext_aux (const char *domain,
134 const char *msg_ctxt_id, const char *msgid, 134 const char *msg_ctxt_id, const char *msgid, int category)
135 int category)
136{ 135{
137 const char *translation = dcgettext (domain, msg_ctxt_id, category); 136 const char *translation = dcgettext (domain, msg_ctxt_id, category);
138 if (translation == msg_ctxt_id) 137 if (translation == msg_ctxt_id)
@@ -150,9 +149,8 @@ inline
150#endif 149#endif
151static const char * 150static const char *
152npgettext_aux (const char *domain, 151npgettext_aux (const char *domain,
153 const char *msg_ctxt_id, const char *msgid, 152 const char *msg_ctxt_id, const char *msgid,
154 const char *msgid_plural, unsigned long int n, 153 const char *msgid_plural, unsigned long int n, int category)
155 int category)
156{ 154{
157 const char *translation = 155 const char *translation =
158 dcngettext (domain, msg_ctxt_id, msgid_plural, n, category); 156 dcngettext (domain, msg_ctxt_id, msgid_plural, n, category);
@@ -190,8 +188,7 @@ inline
190#endif 188#endif
191static const char * 189static const char *
192dcpgettext_expr (const char *domain, 190dcpgettext_expr (const char *domain,
193 const char *msgctxt, const char *msgid, 191 const char *msgctxt, const char *msgid, int category)
194 int category)
195{ 192{
196 size_t msgctxt_len = strlen (msgctxt) + 1; 193 size_t msgctxt_len = strlen (msgctxt) + 1;
197 size_t msgid_len = strlen (msgid) + 1; 194 size_t msgid_len = strlen (msgid) + 1;
@@ -202,8 +199,7 @@ dcpgettext_expr (const char *domain,
202 char buf[1024]; 199 char buf[1024];
203 char *msg_ctxt_id = 200 char *msg_ctxt_id =
204 (msgctxt_len + msgid_len <= sizeof (buf) 201 (msgctxt_len + msgid_len <= sizeof (buf)
205 ? buf 202 ? buf : (char *) malloc (msgctxt_len + msgid_len));
206 : (char *) malloc (msgctxt_len + msgid_len));
207 if (msg_ctxt_id != NULL) 203 if (msg_ctxt_id != NULL)
208#endif 204#endif
209 { 205 {
@@ -213,10 +209,10 @@ dcpgettext_expr (const char *domain,
213 translation = dcgettext (domain, msg_ctxt_id, category); 209 translation = dcgettext (domain, msg_ctxt_id, category);
214#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS 210#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
215 if (msg_ctxt_id != buf) 211 if (msg_ctxt_id != buf)
216 free (msg_ctxt_id); 212 free (msg_ctxt_id);
217#endif 213#endif
218 if (translation != msg_ctxt_id) 214 if (translation != msg_ctxt_id)
219 return translation; 215 return translation;
220 } 216 }
221 return msgid; 217 return msgid;
222} 218}
@@ -235,9 +231,8 @@ inline
235#endif 231#endif
236static const char * 232static const char *
237dcnpgettext_expr (const char *domain, 233dcnpgettext_expr (const char *domain,
238 const char *msgctxt, const char *msgid, 234 const char *msgctxt, const char *msgid,
239 const char *msgid_plural, unsigned long int n, 235 const char *msgid_plural, unsigned long int n, int category)
240 int category)
241{ 236{
242 size_t msgctxt_len = strlen (msgctxt) + 1; 237 size_t msgctxt_len = strlen (msgctxt) + 1;
243 size_t msgid_len = strlen (msgid) + 1; 238 size_t msgid_len = strlen (msgid) + 1;
@@ -248,21 +243,21 @@ dcnpgettext_expr (const char *domain,
248 char buf[1024]; 243 char buf[1024];
249 char *msg_ctxt_id = 244 char *msg_ctxt_id =
250 (msgctxt_len + msgid_len <= sizeof (buf) 245 (msgctxt_len + msgid_len <= sizeof (buf)
251 ? buf 246 ? buf : (char *) malloc (msgctxt_len + msgid_len));
252 : (char *) malloc (msgctxt_len + msgid_len));
253 if (msg_ctxt_id != NULL) 247 if (msg_ctxt_id != NULL)
254#endif 248#endif
255 { 249 {
256 memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1); 250 memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
257 msg_ctxt_id[msgctxt_len - 1] = '\004'; 251 msg_ctxt_id[msgctxt_len - 1] = '\004';
258 memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len); 252 memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
259 translation = dcngettext (domain, msg_ctxt_id, msgid_plural, n, category); 253 translation =
254 dcngettext (domain, msg_ctxt_id, msgid_plural, n, category);
260#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS 255#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
261 if (msg_ctxt_id != buf) 256 if (msg_ctxt_id != buf)
262 free (msg_ctxt_id); 257 free (msg_ctxt_id);
263#endif 258#endif
264 if (!(translation == msg_ctxt_id || translation == msgid_plural)) 259 if (!(translation == msg_ctxt_id || translation == msgid_plural))
265 return translation; 260 return translation;
266 } 261 }
267 return (n == 1 ? msgid : msgid_plural); 262 return (n == 1 ? msgid : msgid_plural);
268} 263}
diff --git a/src/daemon/https/lgl/hmac.h b/src/daemon/https/lgl/hmac.h
index 5965b603..78bcbb16 100644
--- a/src/daemon/https/lgl/hmac.h
+++ b/src/daemon/https/lgl/hmac.h
@@ -28,7 +28,7 @@
28 RESBUF buffer. Return 0 on success. */ 28 RESBUF buffer. Return 0 on success. */
29int 29int
30hmac_md5 (const void *key, size_t keylen, 30hmac_md5 (const void *key, size_t keylen,
31 const void *buffer, size_t buflen, void *resbuf); 31 const void *buffer, size_t buflen, void *resbuf);
32 32
33/* Compute Hashed Message Authentication Code with SHA-1, over BUFFER 33/* Compute Hashed Message Authentication Code with SHA-1, over BUFFER
34 data of BUFLEN bytes using the KEY of KEYLEN bytes, writing the 34 data of BUFLEN bytes using the KEY of KEYLEN bytes, writing the
@@ -36,6 +36,6 @@ hmac_md5 (const void *key, size_t keylen,
36 success. */ 36 success. */
37int 37int
38hmac_sha1 (const void *key, size_t keylen, 38hmac_sha1 (const void *key, size_t keylen,
39 const void *in, size_t inlen, void *resbuf); 39 const void *in, size_t inlen, void *resbuf);
40 40
41#endif /* HMAC_H */ 41#endif /* HMAC_H */
diff --git a/src/daemon/https/lgl/md5.h b/src/daemon/https/lgl/md5.h
index 6018a6f6..a03f1e8a 100644
--- a/src/daemon/https/lgl/md5.h
+++ b/src/daemon/https/lgl/md5.h
@@ -74,21 +74,23 @@ struct md5_ctx
74 74
75/* Initialize structure containing state of computation. 75/* Initialize structure containing state of computation.
76 (RFC 1321, 3.3: Step 3) */ 76 (RFC 1321, 3.3: Step 3) */
77extern void __md5_init_ctx (struct md5_ctx *ctx) __THROW; 77extern void
78__md5_init_ctx (struct md5_ctx *ctx)
79 __THROW;
78 80
79/* Starting with the result of former calls of this function (or the 81/* Starting with the result of former calls of this function (or the
80 initialization function update the context for the next LEN bytes 82 initialization function update the context for the next LEN bytes
81 starting at BUFFER. 83 starting at BUFFER.
82 It is necessary that LEN is a multiple of 64!!! */ 84 It is necessary that LEN is a multiple of 64!!! */
83extern void __md5_process_block (const void *buffer, size_t len, 85 extern void __md5_process_block (const void *buffer, size_t len,
84 struct md5_ctx *ctx) __THROW; 86 struct md5_ctx *ctx) __THROW;
85 87
86/* Starting with the result of former calls of this function (or the 88/* Starting with the result of former calls of this function (or the
87 initialization function update the context for the next LEN bytes 89 initialization function update the context for the next LEN bytes
88 starting at BUFFER. 90 starting at BUFFER.
89 It is NOT required that LEN is a multiple of 64. */ 91 It is NOT required that LEN is a multiple of 64. */
90extern void __md5_process_bytes (const void *buffer, size_t len, 92 extern void __md5_process_bytes (const void *buffer, size_t len,
91 struct md5_ctx *ctx) __THROW; 93 struct md5_ctx *ctx) __THROW;
92 94
93/* Process the remaining bytes in the buffer and put result from CTX 95/* Process the remaining bytes in the buffer and put result from CTX
94 in first 16 bytes following RESBUF. The result is always in little 96 in first 16 bytes following RESBUF. The result is always in little
@@ -97,7 +99,8 @@ extern void __md5_process_bytes (const void *buffer, size_t len,
97 99
98 IMPORTANT: On some systems, RESBUF must be aligned to a 32-bit 100 IMPORTANT: On some systems, RESBUF must be aligned to a 32-bit
99 boundary. */ 101 boundary. */
100extern void *__md5_finish_ctx (struct md5_ctx *ctx, void *resbuf) __THROW; 102 extern void *__md5_finish_ctx (struct md5_ctx *ctx,
103 void *resbuf) __THROW;
101 104
102 105
103/* Put result from CTX in first 16 bytes following RESBUF. The result is 106/* Put result from CTX in first 16 bytes following RESBUF. The result is
@@ -106,19 +109,20 @@ extern void *__md5_finish_ctx (struct md5_ctx *ctx, void *resbuf) __THROW;
106 109
107 IMPORTANT: On some systems, RESBUF must be aligned to a 32-bit 110 IMPORTANT: On some systems, RESBUF must be aligned to a 32-bit
108 boundary. */ 111 boundary. */
109extern void *__md5_read_ctx (const struct md5_ctx *ctx, void *resbuf) __THROW; 112 extern void *__md5_read_ctx (const struct md5_ctx *ctx,
113 void *resbuf) __THROW;
110 114
111 115
112/* Compute MD5 message digest for bytes read from STREAM. The 116/* Compute MD5 message digest for bytes read from STREAM. The
113 resulting message digest number will be written into the 16 bytes 117 resulting message digest number will be written into the 16 bytes
114 beginning at RESBLOCK. */ 118 beginning at RESBLOCK. */
115extern int __md5_stream (FILE *stream, void *resblock) __THROW; 119 extern int __md5_stream (FILE * stream, void *resblock) __THROW;
116 120
117/* Compute MD5 message digest for LEN bytes beginning at BUFFER. The 121/* Compute MD5 message digest for LEN bytes beginning at BUFFER. The
118 result is always in little endian byte order, so that a byte-wise 122 result is always in little endian byte order, so that a byte-wise
119 output yields to the wanted ASCII representation of the message 123 output yields to the wanted ASCII representation of the message
120 digest. */ 124 digest. */
121extern void *__md5_buffer (const char *buffer, size_t len, 125 extern void *__md5_buffer (const char *buffer, size_t len,
122 void *resblock) __THROW; 126 void *resblock) __THROW;
123 127
124#endif /* md5.h */ 128#endif /* md5.h */
diff --git a/src/daemon/https/lgl/printf-args.h b/src/daemon/https/lgl/printf-args.h
index b663a63b..5edbdf40 100644
--- a/src/daemon/https/lgl/printf-args.h
+++ b/src/daemon/https/lgl/printf-args.h
@@ -77,13 +77,11 @@ typedef enum
77 TYPE_COUNT_INT_POINTER, 77 TYPE_COUNT_INT_POINTER,
78 TYPE_COUNT_LONGINT_POINTER 78 TYPE_COUNT_LONGINT_POINTER
79#if HAVE_LONG_LONG_INT 79#if HAVE_LONG_LONG_INT
80, TYPE_COUNT_LONGLONGINT_POINTER 80 , TYPE_COUNT_LONGLONGINT_POINTER
81#endif 81#endif
82#if ENABLE_UNISTDIO 82#if ENABLE_UNISTDIO
83 /* The unistdio extensions. */ 83 /* The unistdio extensions. */
84, TYPE_U8_STRING 84 , TYPE_U8_STRING, TYPE_U16_STRING, TYPE_U32_STRING
85, TYPE_U16_STRING
86, TYPE_U32_STRING
87#endif 85#endif
88} arg_type; 86} arg_type;
89 87
@@ -93,42 +91,42 @@ typedef struct
93 arg_type type; 91 arg_type type;
94 union 92 union
95 { 93 {
96 signed char a_schar; 94 signed char a_schar;
97 unsigned char a_uchar; 95 unsigned char a_uchar;
98 short a_short; 96 short a_short;
99 unsigned short a_ushort; 97 unsigned short a_ushort;
100 int a_int; 98 int a_int;
101 unsigned int a_uint; 99 unsigned int a_uint;
102 long int a_longint; 100 long int a_longint;
103 unsigned long int a_ulongint; 101 unsigned long int a_ulongint;
104#if HAVE_LONG_LONG_INT 102#if HAVE_LONG_LONG_INT
105 long long int a_longlongint; 103 long long int a_longlongint;
106 unsigned long long int a_ulonglongint; 104 unsigned long long int a_ulonglongint;
107#endif 105#endif
108 float a_float; 106 float a_float;
109 double a_double; 107 double a_double;
110 long double a_longdouble; 108 long double a_longdouble;
111 int a_char; 109 int a_char;
112#if HAVE_WINT_T 110#if HAVE_WINT_T
113 wint_t a_wide_char; 111 wint_t a_wide_char;
114#endif 112#endif
115 const char* a_string; 113 const char *a_string;
116#if HAVE_WCHAR_T 114#if HAVE_WCHAR_T
117 const wchar_t* a_wide_string; 115 const wchar_t *a_wide_string;
118#endif 116#endif
119 void* a_pointer; 117 void *a_pointer;
120 signed char * a_count_schar_pointer; 118 signed char *a_count_schar_pointer;
121 short * a_count_short_pointer; 119 short *a_count_short_pointer;
122 int * a_count_int_pointer; 120 int *a_count_int_pointer;
123 long int * a_count_longint_pointer; 121 long int *a_count_longint_pointer;
124#if HAVE_LONG_LONG_INT 122#if HAVE_LONG_LONG_INT
125 long long int * a_count_longlongint_pointer; 123 long long int *a_count_longlongint_pointer;
126#endif 124#endif
127#if ENABLE_UNISTDIO 125#if ENABLE_UNISTDIO
128 /* The unistdio extensions. */ 126 /* The unistdio extensions. */
129 const uint8_t * a_u8_string; 127 const uint8_t *a_u8_string;
130 const uint16_t * a_u16_string; 128 const uint16_t *a_u16_string;
131 const uint32_t * a_u32_string; 129 const uint32_t *a_u32_string;
132#endif 130#endif
133 } 131 }
134 a; 132 a;
@@ -149,6 +147,6 @@ STATIC
149#else 147#else
150extern 148extern
151#endif 149#endif
152int PRINTF_FETCHARGS (va_list args, arguments *a); 150int PRINTF_FETCHARGS (va_list args, arguments * a);
153 151
154#endif /* _PRINTF_ARGS_H */ 152#endif /* _PRINTF_ARGS_H */
diff --git a/src/daemon/https/lgl/printf-parse.h b/src/daemon/https/lgl/printf-parse.h
index f9013278..2493d481 100644
--- a/src/daemon/https/lgl/printf-parse.h
+++ b/src/daemon/https/lgl/printf-parse.h
@@ -25,11 +25,11 @@
25#include "printf-args.h" 25#include "printf-args.h"
26 26
27/* Flags */ 27/* Flags */
28#define FLAG_GROUP 1 /* ' flag */ 28#define FLAG_GROUP 1 /* ' flag */
29#define FLAG_LEFT 2 /* - flag */ 29#define FLAG_LEFT 2 /* - flag */
30#define FLAG_SHOWSIGN 4 /* + flag */ 30#define FLAG_SHOWSIGN 4 /* + flag */
31#define FLAG_SPACE 8 /* space flag */ 31#define FLAG_SPACE 8 /* space flag */
32#define FLAG_ALT 16 /* # flag */ 32#define FLAG_ALT 16 /* # flag */
33#define FLAG_ZERO 32 33#define FLAG_ZERO 32
34 34
35/* arg_index value indicating that no argument is consumed. */ 35/* arg_index value indicating that no argument is consumed. */
@@ -41,16 +41,16 @@
41/* A parsed directive. */ 41/* A parsed directive. */
42typedef struct 42typedef struct
43{ 43{
44 const char* dir_start; 44 const char *dir_start;
45 const char* dir_end; 45 const char *dir_end;
46 int flags; 46 int flags;
47 const char* width_start; 47 const char *width_start;
48 const char* width_end; 48 const char *width_end;
49 size_t width_arg_index; 49 size_t width_arg_index;
50 const char* precision_start; 50 const char *precision_start;
51 const char* precision_end; 51 const char *precision_end;
52 size_t precision_arg_index; 52 size_t precision_arg_index;
53 char conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ 53 char conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */
54 size_t arg_index; 54 size_t arg_index;
55} 55}
56char_directive; 56char_directive;
@@ -70,16 +70,16 @@ char_directives;
70/* A parsed directive. */ 70/* A parsed directive. */
71typedef struct 71typedef struct
72{ 72{
73 const uint8_t* dir_start; 73 const uint8_t *dir_start;
74 const uint8_t* dir_end; 74 const uint8_t *dir_end;
75 int flags; 75 int flags;
76 const uint8_t* width_start; 76 const uint8_t *width_start;
77 const uint8_t* width_end; 77 const uint8_t *width_end;
78 size_t width_arg_index; 78 size_t width_arg_index;
79 const uint8_t* precision_start; 79 const uint8_t *precision_start;
80 const uint8_t* precision_end; 80 const uint8_t *precision_end;
81 size_t precision_arg_index; 81 size_t precision_arg_index;
82 uint8_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ 82 uint8_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */
83 size_t arg_index; 83 size_t arg_index;
84} 84}
85u8_directive; 85u8_directive;
@@ -97,16 +97,16 @@ u8_directives;
97/* A parsed directive. */ 97/* A parsed directive. */
98typedef struct 98typedef struct
99{ 99{
100 const uint16_t* dir_start; 100 const uint16_t *dir_start;
101 const uint16_t* dir_end; 101 const uint16_t *dir_end;
102 int flags; 102 int flags;
103 const uint16_t* width_start; 103 const uint16_t *width_start;
104 const uint16_t* width_end; 104 const uint16_t *width_end;
105 size_t width_arg_index; 105 size_t width_arg_index;
106 const uint16_t* precision_start; 106 const uint16_t *precision_start;
107 const uint16_t* precision_end; 107 const uint16_t *precision_end;
108 size_t precision_arg_index; 108 size_t precision_arg_index;
109 uint16_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ 109 uint16_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */
110 size_t arg_index; 110 size_t arg_index;
111} 111}
112u16_directive; 112u16_directive;
@@ -124,16 +124,16 @@ u16_directives;
124/* A parsed directive. */ 124/* A parsed directive. */
125typedef struct 125typedef struct
126{ 126{
127 const uint32_t* dir_start; 127 const uint32_t *dir_start;
128 const uint32_t* dir_end; 128 const uint32_t *dir_end;
129 int flags; 129 int flags;
130 const uint32_t* width_start; 130 const uint32_t *width_start;
131 const uint32_t* width_end; 131 const uint32_t *width_end;
132 size_t width_arg_index; 132 size_t width_arg_index;
133 const uint32_t* precision_start; 133 const uint32_t *precision_start;
134 const uint32_t* precision_end; 134 const uint32_t *precision_end;
135 size_t precision_arg_index; 135 size_t precision_arg_index;
136 uint32_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ 136 uint32_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */
137 size_t arg_index; 137 size_t arg_index;
138} 138}
139u32_directive; 139u32_directive;
@@ -157,22 +157,20 @@ u32_directives;
157 arguments and the needed count of arguments. */ 157 arguments and the needed count of arguments. */
158#if ENABLE_UNISTDIO 158#if ENABLE_UNISTDIO
159extern int 159extern int
160 ulc_printf_parse (const char *format, char_directives *d, arguments *a); 160ulc_printf_parse (const char *format, char_directives * d, arguments * a);
161extern int 161extern int
162 u8_printf_parse (const uint8_t *format, u8_directives *d, arguments *a); 162u8_printf_parse (const uint8_t * format, u8_directives * d, arguments * a);
163extern int 163extern int
164 u16_printf_parse (const uint16_t *format, u16_directives *d, 164u16_printf_parse (const uint16_t * format, u16_directives * d, arguments * a);
165 arguments *a);
166extern int 165extern int
167 u32_printf_parse (const uint32_t *format, u32_directives *d, 166u32_printf_parse (const uint32_t * format, u32_directives * d, arguments * a);
168 arguments *a);
169#else 167#else
170# ifdef STATIC 168# ifdef STATIC
171STATIC 169STATIC
172# else 170# else
173extern 171extern
174# endif 172# endif
175int printf_parse (const char *format, char_directives *d, arguments *a); 173int printf_parse (const char *format, char_directives * d, arguments * a);
176#endif 174#endif
177 175
178#endif /* _PRINTF_PARSE_H */ 176#endif /* _PRINTF_PARSE_H */
diff --git a/src/daemon/https/lgl/rijndael-alg-fst.c b/src/daemon/https/lgl/rijndael-alg-fst.c
index 5baa0e95..a39ec382 100644
--- a/src/daemon/https/lgl/rijndael-alg-fst.c
+++ b/src/daemon/https/lgl/rijndael-alg-fst.c
@@ -135,6 +135,7 @@ static const uint32_t Te0[256] = {
135 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, 135 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
136 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a, 136 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a,
137}; 137};
138
138static const uint32_t Te1[256] = { 139static const uint32_t Te1[256] = {
139 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, 140 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b,
140 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5, 141 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5,
@@ -201,6 +202,7 @@ static const uint32_t Te1[256] = {
201 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f, 202 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f,
202 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616, 203 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616,
203}; 204};
205
204static const uint32_t Te2[256] = { 206static const uint32_t Te2[256] = {
205 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b, 207 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b,
206 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5, 208 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5,
@@ -267,6 +269,7 @@ static const uint32_t Te2[256] = {
267 0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f, 269 0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f,
268 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16, 270 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16,
269}; 271};
272
270static const uint32_t Te3[256] = { 273static const uint32_t Te3[256] = {
271 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6, 274 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6,
272 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491, 275 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491,
@@ -333,6 +336,7 @@ static const uint32_t Te3[256] = {
333 0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e, 336 0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e,
334 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c, 337 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c,
335}; 338};
339
336static const uint32_t Te4[256] = { 340static const uint32_t Te4[256] = {
337 0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b, 341 0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b,
338 0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5, 342 0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5,
@@ -399,6 +403,7 @@ static const uint32_t Te4[256] = {
399 0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f, 403 0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f,
400 0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616, 404 0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616,
401}; 405};
406
402static const uint32_t Td0[256] = { 407static const uint32_t Td0[256] = {
403 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, 408 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
404 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, 409 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
@@ -465,6 +470,7 @@ static const uint32_t Td0[256] = {
465 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190, 470 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
466 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742, 471 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742,
467}; 472};
473
468static const uint32_t Td1[256] = { 474static const uint32_t Td1[256] = {
469 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, 475 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e,
470 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303, 476 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303,
@@ -531,6 +537,7 @@ static const uint32_t Td1[256] = {
531 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1, 537 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1,
532 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857, 538 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857,
533}; 539};
540
534static const uint32_t Td2[256] = { 541static const uint32_t Td2[256] = {
535 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27, 542 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27,
536 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x03934be3, 543 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x03934be3,
@@ -597,6 +604,7 @@ static const uint32_t Td2[256] = {
597 0x017139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456, 604 0x017139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456,
598 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8, 605 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8,
599}; 606};
607
600static const uint32_t Td3[256] = { 608static const uint32_t Td3[256] = {
601 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a, 609 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a,
602 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b, 610 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b,
@@ -663,6 +671,7 @@ static const uint32_t Td3[256] = {
663 0xa8017139, 0x0cb3de08, 0xb4e49cd8, 0x56c19064, 671 0xa8017139, 0x0cb3de08, 0xb4e49cd8, 0x56c19064,
664 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0, 672 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0,
665}; 673};
674
666static const uint32_t Td4[256] = { 675static const uint32_t Td4[256] = {
667 0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5, 676 0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5,
668 0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838, 677 0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838,
@@ -729,6 +738,7 @@ static const uint32_t Td4[256] = {
729 0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363, 738 0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363,
730 0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d, 739 0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d,
731}; 740};
741
732static const uint32_t rcon[] = { 742static const uint32_t rcon[] = {
733 0x01000000, 0x02000000, 0x04000000, 0x08000000, 743 0x01000000, 0x02000000, 0x04000000, 0x08000000,
734 0x10000000, 0x20000000, 0x40000000, 0x80000000, 744 0x10000000, 0x20000000, 0x40000000, 0x80000000,
diff --git a/src/daemon/https/lgl/rijndael-alg-fst.h b/src/daemon/https/lgl/rijndael-alg-fst.h
index 88391023..657d6697 100644
--- a/src/daemon/https/lgl/rijndael-alg-fst.h
+++ b/src/daemon/https/lgl/rijndael-alg-fst.h
@@ -56,12 +56,12 @@
56#define RIJNDAEL_MAXNR 14 56#define RIJNDAEL_MAXNR 14
57 57
58int rijndaelKeySetupEnc (uint32_t rk[ /*4*(Nr + 1) */ ], 58int rijndaelKeySetupEnc (uint32_t rk[ /*4*(Nr + 1) */ ],
59 const char cipherKey[], size_t keyBits); 59 const char cipherKey[], size_t keyBits);
60int rijndaelKeySetupDec (uint32_t rk[ /*4*(Nr + 1) */ ], 60int rijndaelKeySetupDec (uint32_t rk[ /*4*(Nr + 1) */ ],
61 const char cipherKey[], size_t keyBits); 61 const char cipherKey[], size_t keyBits);
62void rijndaelEncrypt (const uint32_t rk[ /*4*(Nr + 1) */ ], size_t Nr, 62void rijndaelEncrypt (const uint32_t rk[ /*4*(Nr + 1) */ ], size_t Nr,
63 const char pt[16], char ct[16]); 63 const char pt[16], char ct[16]);
64void rijndaelDecrypt (const uint32_t rk[ /*4*(Nr + 1) */ ], size_t Nr, 64void rijndaelDecrypt (const uint32_t rk[ /*4*(Nr + 1) */ ], size_t Nr,
65 const char ct[16], char pt[16]); 65 const char ct[16], char pt[16]);
66 66
67#endif /* __RIJNDAEL_ALG_FST_H */ 67#endif /* __RIJNDAEL_ALG_FST_H */
diff --git a/src/daemon/https/lgl/rijndael-api-fst.h b/src/daemon/https/lgl/rijndael-api-fst.h
index d0ff60ac..cbe6411f 100644
--- a/src/daemon/https/lgl/rijndael-api-fst.h
+++ b/src/daemon/https/lgl/rijndael-api-fst.h
@@ -95,15 +95,15 @@ typedef enum
95 95
96typedef enum 96typedef enum
97{ 97{
98 RIJNDAEL_DIR_ENCRYPT = 0, /* Are we encrypting? */ 98 RIJNDAEL_DIR_ENCRYPT = 0, /* Are we encrypting? */
99 RIJNDAEL_DIR_DECRYPT = 1 /* Are we decrypting? */ 99 RIJNDAEL_DIR_DECRYPT = 1 /* Are we decrypting? */
100} rijndael_direction; 100} rijndael_direction;
101 101
102typedef enum 102typedef enum
103{ 103{
104 RIJNDAEL_MODE_ECB = 1, /* Are we ciphering in ECB mode? */ 104 RIJNDAEL_MODE_ECB = 1, /* Are we ciphering in ECB mode? */
105 RIJNDAEL_MODE_CBC = 2, /* Are we ciphering in CBC mode? */ 105 RIJNDAEL_MODE_CBC = 2, /* Are we ciphering in CBC mode? */
106 RIJNDAEL_MODE_CFB1 = 3 /* Are we ciphering in 1-bit CFB mode? */ 106 RIJNDAEL_MODE_CFB1 = 3 /* Are we ciphering in 1-bit CFB mode? */
107} rijndael_mode; 107} rijndael_mode;
108 108
109/* The structure for key information */ 109/* The structure for key information */
@@ -125,8 +125,8 @@ typedef struct
125 125
126/* The structure for cipher information */ 126/* The structure for cipher information */
127typedef struct 127typedef struct
128{ /* changed order of the components */ 128{ /* changed order of the components */
129 rijndael_mode mode; /* MODE_ECB, MODE_CBC, or MODE_CFB1 */ 129 rijndael_mode mode; /* MODE_ECB, MODE_CBC, or MODE_CFB1 */
130 /* A possible Initialization Vector for ciphering */ 130 /* A possible Initialization Vector for ciphering */
131 char IV[RIJNDAEL_MAX_IV_SIZE]; 131 char IV[RIJNDAEL_MAX_IV_SIZE];
132} rijndaelCipherInstance; 132} rijndaelCipherInstance;
@@ -137,16 +137,16 @@ typedef struct
137 from KEYMATERIAL, a hex string, of KEYLEN size. KEYLEN should be 137 from KEYMATERIAL, a hex string, of KEYLEN size. KEYLEN should be
138 128, 192 or 256. Returns 0 on success, or an error code. */ 138 128, 192 or 256. Returns 0 on success, or an error code. */
139extern rijndael_rc 139extern rijndael_rc
140rijndaelMakeKey (rijndaelKeyInstance *key, rijndael_direction direction, 140rijndaelMakeKey (rijndaelKeyInstance * key, rijndael_direction direction,
141 size_t keyLen, const char *keyMaterial); 141 size_t keyLen, const char *keyMaterial);
142 142
143/* Initialize cipher state CIPHER for encryption MODE (e.g., 143/* Initialize cipher state CIPHER for encryption MODE (e.g.,
144 RIJNDAEL_MODE_CBC) with initialization vector IV, a hex string of 144 RIJNDAEL_MODE_CBC) with initialization vector IV, a hex string of
145 2*RIJNDAEL_MAX_IV_SIZE length. IV may be NULL for modes that do 145 2*RIJNDAEL_MAX_IV_SIZE length. IV may be NULL for modes that do
146 not need an IV (i.e., RIJNDAEL_MODE_ECB). */ 146 not need an IV (i.e., RIJNDAEL_MODE_ECB). */
147extern rijndael_rc 147extern rijndael_rc
148rijndaelCipherInit (rijndaelCipherInstance *cipher, 148rijndaelCipherInit (rijndaelCipherInstance * cipher,
149 rijndael_mode mode, const char *IV); 149 rijndael_mode mode, const char *IV);
150 150
151/* Encrypt data in INPUT, of INPUTLEN/8 bytes length, placing the 151/* Encrypt data in INPUT, of INPUTLEN/8 bytes length, placing the
152 output in the pre-allocated OUTBUFFER which must hold at least 152 output in the pre-allocated OUTBUFFER which must hold at least
@@ -156,10 +156,9 @@ rijndaelCipherInit (rijndaelCipherInstance *cipher,
156 calling this function. Return the number of bits written, or a 156 calling this function. Return the number of bits written, or a
157 negative rijndael_rc error code. */ 157 negative rijndael_rc error code. */
158extern int 158extern int
159rijndaelBlockEncrypt (rijndaelCipherInstance *cipher, 159rijndaelBlockEncrypt (rijndaelCipherInstance * cipher,
160 const rijndaelKeyInstance *key, 160 const rijndaelKeyInstance * key,
161 const char *input, size_t inputLen, 161 const char *input, size_t inputLen, char *outBuffer);
162 char *outBuffer);
163 162
164/* Encrypt data in INPUT, of INPUTOCTETS bytes length, placing the 163/* Encrypt data in INPUT, of INPUTOCTETS bytes length, placing the
165 output in the pre-allocated OUTBUFFER which must hold at least 164 output in the pre-allocated OUTBUFFER which must hold at least
@@ -171,10 +170,9 @@ rijndaelBlockEncrypt (rijndaelCipherInstance *cipher,
171 calling this function. Return the number of bits written, or a 170 calling this function. Return the number of bits written, or a
172 negative rijndael_rc error code. */ 171 negative rijndael_rc error code. */
173extern int 172extern int
174rijndaelPadEncrypt (rijndaelCipherInstance *cipher, 173rijndaelPadEncrypt (rijndaelCipherInstance * cipher,
175 const rijndaelKeyInstance *key, 174 const rijndaelKeyInstance * key,
176 const char *input, size_t inputOctets, 175 const char *input, size_t inputOctets, char *outBuffer);
177 char *outBuffer);
178 176
179/* Decrypt data in INPUT, of INPUTLEN/8 bytes length, placing the 177/* Decrypt data in INPUT, of INPUTLEN/8 bytes length, placing the
180 output in the pre-allocated OUTBUFFER which must hold at least 178 output in the pre-allocated OUTBUFFER which must hold at least
@@ -184,10 +182,9 @@ rijndaelPadEncrypt (rijndaelCipherInstance *cipher,
184 calling this function. Return the number of bits written, or a 182 calling this function. Return the number of bits written, or a
185 negative rijndael_rc error code. */ 183 negative rijndael_rc error code. */
186extern int 184extern int
187rijndaelBlockDecrypt (rijndaelCipherInstance *cipher, 185rijndaelBlockDecrypt (rijndaelCipherInstance * cipher,
188 const rijndaelKeyInstance *key, 186 const rijndaelKeyInstance * key,
189 const char *input, size_t inputLen, 187 const char *input, size_t inputLen, char *outBuffer);
190 char *outBuffer);
191 188
192/* Decrypt data in INPUT, of INPUTOCTETS bytes length, placing the 189/* Decrypt data in INPUT, of INPUTOCTETS bytes length, placing the
193 output in the pre-allocated OUTBUFFER which must hold at least 190 output in the pre-allocated OUTBUFFER which must hold at least
@@ -199,9 +196,8 @@ rijndaelBlockDecrypt (rijndaelCipherInstance *cipher,
199 calling this function. Return the number of bits written, or a 196 calling this function. Return the number of bits written, or a
200 negative rijndael_rc error code. */ 197 negative rijndael_rc error code. */
201extern int 198extern int
202rijndaelPadDecrypt (rijndaelCipherInstance *cipher, 199rijndaelPadDecrypt (rijndaelCipherInstance * cipher,
203 const rijndaelKeyInstance *key, 200 const rijndaelKeyInstance * key,
204 const char *input, size_t inputOctets, 201 const char *input, size_t inputOctets, char *outBuffer);
205 char *outBuffer);
206 202
207#endif /* __RIJNDAEL_API_FST_H */ 203#endif /* __RIJNDAEL_API_FST_H */
diff --git a/src/daemon/https/lgl/sha1.h b/src/daemon/https/lgl/sha1.h
index ed0de2b4..7bfd376c 100644
--- a/src/daemon/https/lgl/sha1.h
+++ b/src/daemon/https/lgl/sha1.h
@@ -45,14 +45,14 @@ extern void sha1_init_ctx (struct sha1_ctx *ctx);
45 starting at BUFFER. 45 starting at BUFFER.
46 It is necessary that LEN is a multiple of 64!!! */ 46 It is necessary that LEN is a multiple of 64!!! */
47extern void sha1_process_block (const void *buffer, size_t len, 47extern void sha1_process_block (const void *buffer, size_t len,
48 struct sha1_ctx *ctx); 48 struct sha1_ctx *ctx);
49 49
50/* Starting with the result of former calls of this function (or the 50/* Starting with the result of former calls of this function (or the
51 initialization function update the context for the next LEN bytes 51 initialization function update the context for the next LEN bytes
52 starting at BUFFER. 52 starting at BUFFER.
53 It is NOT required that LEN is a multiple of 64. */ 53 It is NOT required that LEN is a multiple of 64. */
54extern void sha1_process_bytes (const void *buffer, size_t len, 54extern void sha1_process_bytes (const void *buffer, size_t len,
55 struct sha1_ctx *ctx); 55 struct sha1_ctx *ctx);
56 56
57/* Process the remaining bytes in the buffer and put result from CTX 57/* Process the remaining bytes in the buffer and put result from CTX
58 in first 20 bytes following RESBUF. The result is always in little 58 in first 20 bytes following RESBUF. The result is always in little
@@ -76,7 +76,7 @@ extern void *sha1_read_ctx (const struct sha1_ctx *ctx, void *resbuf);
76/* Compute SHA1 message digest for bytes read from STREAM. The 76/* Compute SHA1 message digest for bytes read from STREAM. The
77 resulting message digest number will be written into the 20 bytes 77 resulting message digest number will be written into the 20 bytes
78 beginning at RESBLOCK. */ 78 beginning at RESBLOCK. */
79extern int sha1_stream (FILE *stream, void *resblock); 79extern int sha1_stream (FILE * stream, void *resblock);
80 80
81/* Compute SHA1 message digest for LEN bytes beginning at BUFFER. The 81/* Compute SHA1 message digest for LEN bytes beginning at BUFFER. The
82 result is always in little endian byte order, so that a byte-wise 82 result is always in little endian byte order, so that a byte-wise
diff --git a/src/daemon/https/lgl/vasnprintf.h b/src/daemon/https/lgl/vasnprintf.h
index 4524ce77..e4c57f5b 100644
--- a/src/daemon/https/lgl/vasnprintf.h
+++ b/src/daemon/https/lgl/vasnprintf.h
@@ -27,7 +27,7 @@
27#ifndef __attribute__ 27#ifndef __attribute__
28/* This feature is available in gcc versions 2.5 and later. */ 28/* This feature is available in gcc versions 2.5 and later. */
29# if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) || __STRICT_ANSI__ 29# if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) || __STRICT_ANSI__
30# define __attribute__(Spec) /* empty */ 30# define __attribute__(Spec) /* empty */
31# endif 31# endif
32/* The __-protected variants of `format' and `printf' attributes 32/* The __-protected variants of `format' and `printf' attributes
33 are accepted by gcc versions 2.6.4 (effectively 2.7) and later. */ 33 are accepted by gcc versions 2.6.4 (effectively 2.7) and later. */
@@ -38,7 +38,8 @@
38#endif 38#endif
39 39
40#ifdef __cplusplus 40#ifdef __cplusplus
41extern "C" { 41extern "C"
42{
42#endif 43#endif
43 44
44/* Write formatted output to a string dynamically allocated with malloc(). 45/* Write formatted output to a string dynamically allocated with malloc().
@@ -69,13 +70,15 @@ extern "C" {
69# define asnprintf rpl_asnprintf 70# define asnprintf rpl_asnprintf
70# define vasnprintf rpl_vasnprintf 71# define vasnprintf rpl_vasnprintf
71#endif 72#endif
72extern char * asnprintf (char *resultbuf, size_t *lengthp, const char *format, ...) 73 extern char *asnprintf (char *resultbuf, size_t * lengthp,
73 __attribute__ ((__format__ (__printf__, 3, 4))); 74 const char *format, ...)
74extern char * vasnprintf (char *resultbuf, size_t *lengthp, const char *format, va_list args) 75 __attribute__ ((__format__ (__printf__, 3, 4)));
75 __attribute__ ((__format__ (__printf__, 3, 0))); 76 extern char *vasnprintf (char *resultbuf, size_t * lengthp,
77 const char *format, va_list args)
78 __attribute__ ((__format__ (__printf__, 3, 0)));
76 79
77#ifdef __cplusplus 80#ifdef __cplusplus
78} 81}
79#endif 82#endif
80 83
81#endif /* _VASNPRINTF_H */ 84#endif /* _VASNPRINTF_H */
diff --git a/src/daemon/https/lgl/xsize.h b/src/daemon/https/lgl/xsize.h
index d37de38a..d8e1b5fe 100644
--- a/src/daemon/https/lgl/xsize.h
+++ b/src/daemon/https/lgl/xsize.h
@@ -51,9 +51,9 @@
51/* Sum of two sizes, with overflow check. */ 51/* Sum of two sizes, with overflow check. */
52static inline size_t 52static inline size_t
53#if __GNUC__ >= 3 53#if __GNUC__ >= 3
54__attribute__ ((__pure__)) 54 __attribute__ ((__pure__))
55#endif 55#endif
56xsum (size_t size1, size_t size2) 56 xsum (size_t size1, size_t size2)
57{ 57{
58 size_t sum = size1 + size2; 58 size_t sum = size1 + size2;
59 return (sum >= size1 ? sum : SIZE_MAX); 59 return (sum >= size1 ? sum : SIZE_MAX);
@@ -62,9 +62,9 @@ xsum (size_t size1, size_t size2)
62/* Sum of three sizes, with overflow check. */ 62/* Sum of three sizes, with overflow check. */
63static inline size_t 63static inline size_t
64#if __GNUC__ >= 3 64#if __GNUC__ >= 3
65__attribute__ ((__pure__)) 65 __attribute__ ((__pure__))
66#endif 66#endif
67xsum3 (size_t size1, size_t size2, size_t size3) 67 xsum3 (size_t size1, size_t size2, size_t size3)
68{ 68{
69 return xsum (xsum (size1, size2), size3); 69 return xsum (xsum (size1, size2), size3);
70} 70}
@@ -72,9 +72,9 @@ xsum3 (size_t size1, size_t size2, size_t size3)
72/* Sum of four sizes, with overflow check. */ 72/* Sum of four sizes, with overflow check. */
73static inline size_t 73static inline size_t
74#if __GNUC__ >= 3 74#if __GNUC__ >= 3
75__attribute__ ((__pure__)) 75 __attribute__ ((__pure__))
76#endif 76#endif
77xsum4 (size_t size1, size_t size2, size_t size3, size_t size4) 77 xsum4 (size_t size1, size_t size2, size_t size3, size_t size4)
78{ 78{
79 return xsum (xsum (xsum (size1, size2), size3), size4); 79 return xsum (xsum (xsum (size1, size2), size3), size4);
80} 80}
@@ -82,9 +82,9 @@ xsum4 (size_t size1, size_t size2, size_t size3, size_t size4)
82/* Maximum of two sizes, with overflow check. */ 82/* Maximum of two sizes, with overflow check. */
83static inline size_t 83static inline size_t
84#if __GNUC__ >= 3 84#if __GNUC__ >= 3
85__attribute__ ((__pure__)) 85 __attribute__ ((__pure__))
86#endif 86#endif
87xmax (size_t size1, size_t size2) 87 xmax (size_t size1, size_t size2)
88{ 88{
89 /* No explicit check is needed here, because for any n: 89 /* No explicit check is needed here, because for any n:
90 max (SIZE_MAX, n) == SIZE_MAX and max (n, SIZE_MAX) == SIZE_MAX. */ 90 max (SIZE_MAX, n) == SIZE_MAX and max (n, SIZE_MAX) == SIZE_MAX. */
@@ -106,4 +106,3 @@ xmax (size_t size1, size_t size2)
106 ((SIZE) != SIZE_MAX) 106 ((SIZE) != SIZE_MAX)
107 107
108#endif /* _XSIZE_H */ 108#endif /* _XSIZE_H */
109
diff --git a/src/daemon/https/minitasn1/coding.c b/src/daemon/https/minitasn1/coding.c
index 10870e01..385577a0 100644
--- a/src/daemon/https/minitasn1/coding.c
+++ b/src/daemon/https/minitasn1/coding.c
@@ -385,7 +385,7 @@ _asn1_complete_explicit_tag (node_asn * node, unsigned char *der,
385 p = node->down; 385 p = node->down;
386 /* When there are nested tags we must complete them reverse to 386 /* When there are nested tags we must complete them reverse to
387 the order they were created. This is because completing a tag 387 the order they were created. This is because completing a tag
388 modifies all data within it, including the incomplete tags 388 modifies all data within it, including the incomplete tags
389 which store buffer positions -- simon@josefsson.org 2002-09-06 389 which store buffer positions -- simon@josefsson.org 2002-09-06
390 */ 390 */
391 while (p->right) 391 while (p->right)
diff --git a/src/daemon/https/minitasn1/decoding.c b/src/daemon/https/minitasn1/decoding.c
index 0e00cd92..5c763d85 100644
--- a/src/daemon/https/minitasn1/decoding.c
+++ b/src/daemon/https/minitasn1/decoding.c
@@ -2557,7 +2557,7 @@ asn1_expand_any_defined_by (ASN1_TYPE definitions, ASN1_TYPE * element)
2557 if ((result == ASN1_SUCCESS) 2557 if ((result == ASN1_SUCCESS)
2558 && (!strcmp (p3->value, value))) 2558 && (!strcmp (p3->value, value)))
2559 { 2559 {
2560 p2 = p2->right; /* pointer to the structure to 2560 p2 = p2->right; /* pointer to the structure to
2561 use for expansion */ 2561 use for expansion */
2562 while ((p2) && (p2->type & CONST_ASSIGN)) 2562 while ((p2) && (p2->type & CONST_ASSIGN))
2563 p2 = p2->right; 2563 p2 = p2->right;
@@ -2747,7 +2747,7 @@ asn1_expand_octet_string (ASN1_TYPE definitions, ASN1_TYPE * element,
2747 && (!strcmp (objectNode->value, value))) 2747 && (!strcmp (objectNode->value, value)))
2748 { 2748 {
2749 2749
2750 p2 = p2->right; /* pointer to the structure to 2750 p2 = p2->right; /* pointer to the structure to
2751 use for expansion */ 2751 use for expansion */
2752 while ((p2) && (p2->type & CONST_ASSIGN)) 2752 while ((p2) && (p2->type & CONST_ASSIGN))
2753 p2 = p2->right; 2753 p2 = p2->right;
diff --git a/src/daemon/https/minitasn1/element.h b/src/daemon/https/minitasn1/element.h
index 3db95295..b6341e8a 100644
--- a/src/daemon/https/minitasn1/element.h
+++ b/src/daemon/https/minitasn1/element.h
@@ -3,11 +3,12 @@
3#define _ELEMENT_H 3#define _ELEMENT_H
4 4
5 5
6asn1_retCode _asn1_append_sequence_set(node_asn *node); 6asn1_retCode _asn1_append_sequence_set (node_asn * node);
7 7
8asn1_retCode _asn1_convert_integer(const char *value,unsigned char *value_out, 8asn1_retCode _asn1_convert_integer (const char *value,
9 int value_out_size, int *len); 9 unsigned char *value_out,
10 int value_out_size, int *len);
10 11
11void _asn1_hierarchical_name(node_asn *node,char *name,int name_size); 12void _asn1_hierarchical_name (node_asn * node, char *name, int name_size);
12 13
13#endif 14#endif
diff --git a/src/daemon/https/minitasn1/errors.h b/src/daemon/https/minitasn1/errors.h
index f8bf2242..05faa321 100644
--- a/src/daemon/https/minitasn1/errors.h
+++ b/src/daemon/https/minitasn1/errors.h
@@ -25,6 +25,6 @@
25 25
26#include "int.h" 26#include "int.h"
27 27
28void _libtasn1_log( const char *fmt, ...); 28void _libtasn1_log (const char *fmt, ...);
29 29
30#endif /* ERRORS_H */ 30#endif /* ERRORS_H */
diff --git a/src/daemon/https/minitasn1/gstr.h b/src/daemon/https/minitasn1/gstr.h
index 5508d26e..360c6d88 100644
--- a/src/daemon/https/minitasn1/gstr.h
+++ b/src/daemon/https/minitasn1/gstr.h
@@ -1,5 +1,5 @@
1void _asn1_str_cpy( char* dest, size_t dest_tot_size, const char* src); 1void _asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src);
2void _asn1_str_cat( char* dest, size_t dest_tot_size, const char* src); 2void _asn1_str_cat (char *dest, size_t dest_tot_size, const char *src);
3 3
4#define Estrcpy(x,y) _asn1_str_cpy(x,MAX_ERROR_DESCRIPTION_SIZE,y) 4#define Estrcpy(x,y) _asn1_str_cpy(x,MAX_ERROR_DESCRIPTION_SIZE,y)
5#define Estrcat(x,y) _asn1_str_cat(x,MAX_ERROR_DESCRIPTION_SIZE,y) 5#define Estrcat(x,y) _asn1_str_cat(x,MAX_ERROR_DESCRIPTION_SIZE,y)
diff --git a/src/daemon/https/minitasn1/int.h b/src/daemon/https/minitasn1/int.h
index d9d18c77..a99fb6db 100644
--- a/src/daemon/https/minitasn1/int.h
+++ b/src/daemon/https/minitasn1/int.h
@@ -34,7 +34,7 @@
34 34
35#include <mem.h> 35#include <mem.h>
36 36
37#define MAX_LOG_SIZE 1024 /* maximum number of characters of a log message */ 37#define MAX_LOG_SIZE 1024 /* maximum number of characters of a log message */
38 38
39/* Define used for visiting trees. */ 39/* Define used for visiting trees. */
40#define UP 1 40#define UP 1
@@ -82,13 +82,13 @@
82#define CONST_EXPLICIT (1<<11) 82#define CONST_EXPLICIT (1<<11)
83#define CONST_IMPLICIT (1<<12) 83#define CONST_IMPLICIT (1<<12)
84 84
85#define CONST_TAG (1<<13) /* Used in ASN.1 assignement */ 85#define CONST_TAG (1<<13) /* Used in ASN.1 assignement */
86#define CONST_OPTION (1<<14) 86#define CONST_OPTION (1<<14)
87#define CONST_DEFAULT (1<<15) 87#define CONST_DEFAULT (1<<15)
88#define CONST_TRUE (1<<16) 88#define CONST_TRUE (1<<16)
89#define CONST_FALSE (1<<17) 89#define CONST_FALSE (1<<17)
90 90
91#define CONST_LIST (1<<18) /* Used with TYPE_INTEGER and TYPE_BIT_STRING */ 91#define CONST_LIST (1<<18) /* Used with TYPE_INTEGER and TYPE_BIT_STRING */
92#define CONST_MIN_MAX (1<<19) 92#define CONST_MIN_MAX (1<<19)
93 93
94#define CONST_1_PARAM (1<<20) 94#define CONST_1_PARAM (1<<20)
diff --git a/src/daemon/https/minitasn1/libtasn1.h b/src/daemon/https/minitasn1/libtasn1.h
index 0b48c305..58862e63 100644
--- a/src/daemon/https/minitasn1/libtasn1.h
+++ b/src/daemon/https/minitasn1/libtasn1.h
@@ -24,7 +24,7 @@
24#ifndef LIBTASN1_H 24#ifndef LIBTASN1_H
25# define LIBTASN1_H 25# define LIBTASN1_H
26 26
27#include <stdio.h> /* for FILE* */ 27#include <stdio.h> /* for FILE* */
28 28
29#ifdef __cplusplus 29#ifdef __cplusplus
30extern "C" 30extern "C"
@@ -36,14 +36,14 @@ extern "C"
36#include <sys/types.h> 36#include <sys/types.h>
37#include <time.h> 37#include <time.h>
38 38
39#define MAX_NAME_SIZE 128 /* maximum number of characters of a name */ 39#define MAX_NAME_SIZE 128 /* maximum number of characters of a name */
40 /* inside a file with ASN1 definitons */ 40 /* inside a file with ASN1 definitons */
41#define MAX_ERROR_DESCRIPTION_SIZE 128 /* maximum number of characters */ 41#define MAX_ERROR_DESCRIPTION_SIZE 128 /* maximum number of characters */
42 /* of a description message */ 42 /* of a description message */
43 /* (null character included) */ 43 /* (null character included) */
44 44
45 45
46 typedef int asn1_retCode; /* type returned by libtasn1 functions */ 46 typedef int asn1_retCode; /* type returned by libtasn1 functions */
47 47
48 /*****************************************/ 48 /*****************************************/
49 /* Errors returned by libtasn1 functions */ 49 /* Errors returned by libtasn1 functions */
@@ -78,10 +78,10 @@ extern "C"
78/*****************************************/ 78/*****************************************/
79/* Constants returned by asn1_read_tag */ 79/* Constants returned by asn1_read_tag */
80/*****************************************/ 80/*****************************************/
81#define ASN1_CLASS_UNIVERSAL 0x00 /* old: 1 */ 81#define ASN1_CLASS_UNIVERSAL 0x00 /* old: 1 */
82#define ASN1_CLASS_APPLICATION 0x40 /* old: 2 */ 82#define ASN1_CLASS_APPLICATION 0x40 /* old: 2 */
83#define ASN1_CLASS_CONTEXT_SPECIFIC 0x80 /* old: 3 */ 83#define ASN1_CLASS_CONTEXT_SPECIFIC 0x80 /* old: 3 */
84#define ASN1_CLASS_PRIVATE 0xC0 /* old: 4 */ 84#define ASN1_CLASS_PRIVATE 0xC0 /* old: 4 */
85#define ASN1_CLASS_STRUCTURED 0x20 85#define ASN1_CLASS_STRUCTURED 0x20
86 86
87/*****************************************/ 87/*****************************************/
@@ -107,13 +107,13 @@ extern "C"
107 107
108 struct node_asn_struct 108 struct node_asn_struct
109 { 109 {
110 char *name; /* Node name */ 110 char *name; /* Node name */
111 unsigned int type; /* Node type */ 111 unsigned int type; /* Node type */
112 unsigned char *value; /* Node value */ 112 unsigned char *value; /* Node value */
113 int value_len; 113 int value_len;
114 struct node_asn_struct *down; /* Pointer to the son node */ 114 struct node_asn_struct *down; /* Pointer to the son node */
115 struct node_asn_struct *right; /* Pointer to the brother node */ 115 struct node_asn_struct *right; /* Pointer to the brother node */
116 struct node_asn_struct *left; /* Pointer to the next list element */ 116 struct node_asn_struct *left; /* Pointer to the next list element */
117 }; 117 };
118 118
119 typedef struct node_asn_struct node_asn; 119 typedef struct node_asn_struct node_asn;
@@ -124,9 +124,9 @@ extern "C"
124 124
125 struct static_struct_asn 125 struct static_struct_asn
126 { 126 {
127 const char *name; /* Node name */ 127 const char *name; /* Node name */
128 unsigned int type; /* Node type */ 128 unsigned int type; /* Node type */
129 const void *value; /* Node value */ 129 const void *value; /* Node value */
130 }; 130 };
131 131
132 typedef struct static_struct_asn ASN1_ARRAY_TYPE; 132 typedef struct static_struct_asn ASN1_ARRAY_TYPE;
@@ -138,68 +138,68 @@ extern "C"
138 /***********************************/ 138 /***********************************/
139 139
140 asn1_retCode asn1_parser2tree (const char *file_name, 140 asn1_retCode asn1_parser2tree (const char *file_name,
141 ASN1_TYPE * definitions, 141 ASN1_TYPE * definitions,
142 char *errorDescription); 142 char *errorDescription);
143 143
144 asn1_retCode asn1_parser2array (const char *inputFileName, 144 asn1_retCode asn1_parser2array (const char *inputFileName,
145 const char *outputFileName, 145 const char *outputFileName,
146 const char *vectorName, 146 const char *vectorName,
147 char *errorDescription); 147 char *errorDescription);
148 148
149 asn1_retCode asn1_array2tree (const ASN1_ARRAY_TYPE * array, 149 asn1_retCode asn1_array2tree (const ASN1_ARRAY_TYPE * array,
150 ASN1_TYPE * definitions, 150 ASN1_TYPE * definitions,
151 char *errorDescription); 151 char *errorDescription);
152 152
153 void asn1_print_structure (FILE *out, ASN1_TYPE structure, const char *name, 153 void asn1_print_structure (FILE * out, ASN1_TYPE structure,
154 int mode); 154 const char *name, int mode);
155 155
156 asn1_retCode asn1_create_element (ASN1_TYPE definitions, 156 asn1_retCode asn1_create_element (ASN1_TYPE definitions,
157 const char *source_name, 157 const char *source_name,
158 ASN1_TYPE * element); 158 ASN1_TYPE * element);
159 159
160 asn1_retCode asn1_delete_structure (ASN1_TYPE * structure); 160 asn1_retCode asn1_delete_structure (ASN1_TYPE * structure);
161 161
162 asn1_retCode asn1_delete_element (ASN1_TYPE structure, 162 asn1_retCode asn1_delete_element (ASN1_TYPE structure,
163 const char *element_name); 163 const char *element_name);
164 164
165 asn1_retCode asn1_write_value (ASN1_TYPE node_root, const char *name, 165 asn1_retCode asn1_write_value (ASN1_TYPE node_root, const char *name,
166 const void *ivalue, int len); 166 const void *ivalue, int len);
167 167
168 asn1_retCode asn1_read_value (ASN1_TYPE root, const char *name, 168 asn1_retCode asn1_read_value (ASN1_TYPE root, const char *name,
169 void *ivalue, int *len); 169 void *ivalue, int *len);
170 170
171 asn1_retCode asn1_number_of_elements (ASN1_TYPE element, const char *name, 171 asn1_retCode asn1_number_of_elements (ASN1_TYPE element, const char *name,
172 int *num); 172 int *num);
173 173
174 asn1_retCode asn1_der_coding (ASN1_TYPE element, const char *name, 174 asn1_retCode asn1_der_coding (ASN1_TYPE element, const char *name,
175 void *ider, int *len, char *ErrorDescription); 175 void *ider, int *len, char *ErrorDescription);
176 176
177 asn1_retCode asn1_der_decoding (ASN1_TYPE * element, const void *ider, 177 asn1_retCode asn1_der_decoding (ASN1_TYPE * element, const void *ider,
178 int len, char *errorDescription); 178 int len, char *errorDescription);
179 179
180 asn1_retCode asn1_der_decoding_element (ASN1_TYPE * structure, 180 asn1_retCode asn1_der_decoding_element (ASN1_TYPE * structure,
181 const char *elementName, 181 const char *elementName,
182 const void *ider, int len, 182 const void *ider, int len,
183 char *errorDescription); 183 char *errorDescription);
184 184
185 asn1_retCode asn1_der_decoding_startEnd (ASN1_TYPE element, 185 asn1_retCode asn1_der_decoding_startEnd (ASN1_TYPE element,
186 const void *ider, int len, 186 const void *ider, int len,
187 const char *name_element, 187 const char *name_element,
188 int *start, int *end); 188 int *start, int *end);
189 189
190 asn1_retCode asn1_expand_any_defined_by (ASN1_TYPE definitions, 190 asn1_retCode asn1_expand_any_defined_by (ASN1_TYPE definitions,
191 ASN1_TYPE * element); 191 ASN1_TYPE * element);
192 192
193 asn1_retCode asn1_expand_octet_string (ASN1_TYPE definitions, 193 asn1_retCode asn1_expand_octet_string (ASN1_TYPE definitions,
194 ASN1_TYPE * element, 194 ASN1_TYPE * element,
195 const char *octetName, 195 const char *octetName,
196 const char *objectName); 196 const char *objectName);
197 197
198 asn1_retCode asn1_read_tag (node_asn * root, const char *name, 198 asn1_retCode asn1_read_tag (node_asn * root, const char *name,
199 int *tagValue, int *classValue); 199 int *tagValue, int *classValue);
200 200
201 const char *asn1_find_structure_from_oid (ASN1_TYPE definitions, 201 const char *asn1_find_structure_from_oid (ASN1_TYPE definitions,
202 const char *oidValue); 202 const char *oidValue);
203 203
204 const char *asn1_check_version (const char *req_version); 204 const char *asn1_check_version (const char *req_version);
205 205
@@ -210,37 +210,37 @@ extern "C"
210 /* DER utility functions. */ 210 /* DER utility functions. */
211 211
212 int asn1_get_tag_der (const unsigned char *der, int der_len, 212 int asn1_get_tag_der (const unsigned char *der, int der_len,
213 unsigned char *cls, int *len, unsigned long *tag); 213 unsigned char *cls, int *len, unsigned long *tag);
214 214
215 void asn1_octet_der (const unsigned char *str, int str_len, 215 void asn1_octet_der (const unsigned char *str, int str_len,
216 unsigned char *der, int *der_len); 216 unsigned char *der, int *der_len);
217 217
218 asn1_retCode asn1_get_octet_der (const unsigned char *der, int der_len, 218 asn1_retCode asn1_get_octet_der (const unsigned char *der, int der_len,
219 int *ret_len, unsigned char *str, 219 int *ret_len, unsigned char *str,
220 int str_size, int *str_len); 220 int str_size, int *str_len);
221 221
222 void asn1_bit_der (const unsigned char *str, int bit_len, 222 void asn1_bit_der (const unsigned char *str, int bit_len,
223 unsigned char *der, int *der_len); 223 unsigned char *der, int *der_len);
224 224
225 asn1_retCode asn1_get_bit_der (const unsigned char *der, int der_len, 225 asn1_retCode asn1_get_bit_der (const unsigned char *der, int der_len,
226 int *ret_len, unsigned char *str, 226 int *ret_len, unsigned char *str,
227 int str_size, int *bit_len); 227 int str_size, int *bit_len);
228 228
229 signed long asn1_get_length_der (const unsigned char *der, int der_len, 229 signed long asn1_get_length_der (const unsigned char *der, int der_len,
230 int *len); 230 int *len);
231 231
232 void asn1_length_der (unsigned long int len, unsigned char *ans, 232 void asn1_length_der (unsigned long int len, unsigned char *ans,
233 int *ans_len); 233 int *ans_len);
234 234
235 /* Other utility functions. */ 235 /* Other utility functions. */
236 236
237 ASN1_TYPE asn1_find_node (ASN1_TYPE pointer, const char *name); 237 ASN1_TYPE asn1_find_node (ASN1_TYPE pointer, const char *name);
238 238
239 asn1_retCode asn1_copy_node (ASN1_TYPE dst, const char *dst_name, 239 asn1_retCode asn1_copy_node (ASN1_TYPE dst, const char *dst_name,
240 ASN1_TYPE src, const char *src_name); 240 ASN1_TYPE src, const char *src_name);
241 241
242#ifdef __cplusplus 242#ifdef __cplusplus
243} 243}
244#endif 244#endif
245 245
246#endif /* LIBTASN1_H */ 246#endif /* LIBTASN1_H */
diff --git a/src/daemon/https/minitasn1/mem.h b/src/daemon/https/minitasn1/mem.h
index 267f62f3..3a5c7aa9 100644
--- a/src/daemon/https/minitasn1/mem.h
+++ b/src/daemon/https/minitasn1/mem.h
@@ -23,5 +23,3 @@
23#define _asn1_strdup strdup 23#define _asn1_strdup strdup
24 24
25#endif /* MEM_H */ 25#endif /* MEM_H */
26
27
diff --git a/src/daemon/https/minitasn1/parser_aux.c b/src/daemon/https/minitasn1/parser_aux.c
index 7d975b3d..dcaee0a9 100644
--- a/src/daemon/https/minitasn1/parser_aux.c
+++ b/src/daemon/https/minitasn1/parser_aux.c
@@ -161,7 +161,7 @@ asn1_find_node (ASN1_TYPE pointer, const char *name)
161 161
162 p = p->down; 162 p = p->down;
163 163
164 /* The identifier "?LAST" indicates the last element 164 /* The identifier "?LAST" indicates the last element
165 in the right chain. */ 165 in the right chain. */
166 if (!strcmp (n, "?LAST")) 166 if (!strcmp (n, "?LAST"))
167 { 167 {
diff --git a/src/daemon/https/minitasn1/parser_aux.h b/src/daemon/https/minitasn1/parser_aux.h
index 3055510c..4f7d3f1b 100644
--- a/src/daemon/https/minitasn1/parser_aux.h
+++ b/src/daemon/https/minitasn1/parser_aux.h
@@ -6,58 +6,45 @@
6/***************************************/ 6/***************************************/
7/* Functions used by ASN.1 parser */ 7/* Functions used by ASN.1 parser */
8/***************************************/ 8/***************************************/
9node_asn * 9node_asn *_asn1_add_node (unsigned int type);
10_asn1_add_node(unsigned int type);
11 10
12node_asn * 11node_asn *_asn1_set_value (node_asn * node, const void *value,
13_asn1_set_value(node_asn *node,const void *value,unsigned int len); 12 unsigned int len);
14 13
15node_asn * 14node_asn *_asn1_set_name (node_asn * node, const char *name);
16_asn1_set_name(node_asn *node,const char *name);
17 15
18node_asn * 16node_asn *_asn1_set_right (node_asn * node, node_asn * right);
19_asn1_set_right(node_asn *node,node_asn *right);
20 17
21node_asn * 18node_asn *_asn1_get_right (node_asn * node);
22_asn1_get_right(node_asn *node);
23 19
24node_asn * 20node_asn *_asn1_get_last_right (node_asn * node);
25_asn1_get_last_right(node_asn *node);
26 21
27node_asn * 22node_asn *_asn1_set_down (node_asn * node, node_asn * down);
28_asn1_set_down(node_asn *node,node_asn *down);
29 23
30char * 24char *_asn1_get_name (node_asn * node);
31_asn1_get_name(node_asn *node);
32 25
33node_asn * 26node_asn *_asn1_get_down (node_asn * node);
34_asn1_get_down(node_asn *node);
35 27
36node_asn * 28node_asn *_asn1_mod_type (node_asn * node, unsigned int value);
37_asn1_mod_type(node_asn *node,unsigned int value);
38 29
39void 30void _asn1_remove_node (node_asn * node);
40_asn1_remove_node(node_asn *node);
41 31
42void _asn1_delete_list(void); 32void _asn1_delete_list (void);
43 33
44void _asn1_delete_list_and_nodes(void); 34void _asn1_delete_list_and_nodes (void);
45 35
46char * _asn1_ltostr(long v,char *str); 36char *_asn1_ltostr (long v, char *str);
47 37
48node_asn * _asn1_find_up(node_asn *node); 38node_asn *_asn1_find_up (node_asn * node);
49 39
50asn1_retCode _asn1_change_integer_value(ASN1_TYPE node); 40asn1_retCode _asn1_change_integer_value (ASN1_TYPE node);
51 41
52asn1_retCode _asn1_expand_object_id(ASN1_TYPE node); 42asn1_retCode _asn1_expand_object_id (ASN1_TYPE node);
53 43
54asn1_retCode _asn1_type_set_config(ASN1_TYPE node); 44asn1_retCode _asn1_type_set_config (ASN1_TYPE node);
55 45
56asn1_retCode _asn1_check_identifier(ASN1_TYPE node); 46asn1_retCode _asn1_check_identifier (ASN1_TYPE node);
57 47
58asn1_retCode _asn1_set_default_tag(ASN1_TYPE node); 48asn1_retCode _asn1_set_default_tag (ASN1_TYPE node);
59 49
60#endif 50#endif
61
62
63
diff --git a/src/daemon/https/minitasn1/structure.h b/src/daemon/https/minitasn1/structure.h
index 4c78391e..9fdb3343 100644
--- a/src/daemon/https/minitasn1/structure.h
+++ b/src/daemon/https/minitasn1/structure.h
@@ -8,16 +8,16 @@
8#ifndef _STRUCTURE_H 8#ifndef _STRUCTURE_H
9#define _STRUCTURE_H 9#define _STRUCTURE_H
10 10
11asn1_retCode _asn1_create_static_structure(node_asn *pointer, 11asn1_retCode _asn1_create_static_structure (node_asn * pointer,
12 char* output_file_name,char *vector_name); 12 char *output_file_name,
13 char *vector_name);
13 14
14node_asn* _asn1_copy_structure3(node_asn *source_node); 15node_asn *_asn1_copy_structure3 (node_asn * source_node);
15 16
16node_asn* _asn1_copy_structure2(node_asn *root,const char *source_name); 17node_asn *_asn1_copy_structure2 (node_asn * root, const char *source_name);
17 18
18node_asn * _asn1_add_node_only(unsigned int type); 19node_asn *_asn1_add_node_only (unsigned int type);
19 20
20node_asn * _asn1_find_left(node_asn *node); 21node_asn *_asn1_find_left (node_asn * node);
21 22
22#endif 23#endif
23
diff --git a/src/daemon/https/tls/auth_anon.c b/src/daemon/https/tls/auth_anon.c
index 9f1373dc..d20e55cf 100644
--- a/src/daemon/https/tls/auth_anon.c
+++ b/src/daemon/https/tls/auth_anon.c
@@ -41,15 +41,17 @@
41#include <auth_dh_common.h> 41#include <auth_dh_common.h>
42 42
43static int mhd_gtls_gen_anon_server_kx (mhd_gtls_session_t, opaque **); 43static int mhd_gtls_gen_anon_server_kx (mhd_gtls_session_t, opaque **);
44static int mhd_gtls_proc_anon_client_kx (mhd_gtls_session_t, opaque *, size_t); 44static int mhd_gtls_proc_anon_client_kx (mhd_gtls_session_t, opaque *,
45static int mhd_gtls_proc_anon_server_kx (mhd_gtls_session_t, opaque *, size_t); 45 size_t);
46static int mhd_gtls_proc_anon_server_kx (mhd_gtls_session_t, opaque *,
47 size_t);
46 48
47const mhd_gtls_mod_auth_st mhd_gtls_anon_auth_struct = { 49const mhd_gtls_mod_auth_st mhd_gtls_anon_auth_struct = {
48 "ANON", 50 "ANON",
49 NULL, 51 NULL,
50 NULL, 52 NULL,
51 mhd_gtls_gen_anon_server_kx, 53 mhd_gtls_gen_anon_server_kx,
52 mhd_gtls_gen_dh_common_client_kx, /* this can be shared */ 54 mhd_gtls_gen_dh_common_client_kx, /* this can be shared */
53 NULL, 55 NULL,
54 NULL, 56 NULL,
55 57
@@ -92,7 +94,7 @@ mhd_gtls_gen_anon_server_kx (mhd_gtls_session_t session, opaque ** data)
92 94
93 if ((ret = 95 if ((ret =
94 mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, 96 mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
95 sizeof (anon_auth_info_st), 1)) < 0) 97 sizeof (anon_auth_info_st), 1)) < 0)
96 { 98 {
97 gnutls_assert (); 99 gnutls_assert ();
98 return ret; 100 return ret;
@@ -112,7 +114,7 @@ mhd_gtls_gen_anon_server_kx (mhd_gtls_session_t session, opaque ** data)
112 114
113static int 115static int
114mhd_gtls_proc_anon_client_kx (mhd_gtls_session_t session, opaque * data, 116mhd_gtls_proc_anon_client_kx (mhd_gtls_session_t session, opaque * data,
115 size_t _data_size) 117 size_t _data_size)
116{ 118{
117 mhd_gtls_anon_server_credentials_t cred; 119 mhd_gtls_anon_server_credentials_t cred;
118 int bits; 120 int bits;
@@ -151,7 +153,7 @@ mhd_gtls_proc_anon_client_kx (mhd_gtls_session_t session, opaque * data,
151 153
152int 154int
153mhd_gtls_proc_anon_server_kx (mhd_gtls_session_t session, opaque * data, 155mhd_gtls_proc_anon_server_kx (mhd_gtls_session_t session, opaque * data,
154 size_t _data_size) 156 size_t _data_size)
155{ 157{
156 158
157 int ret; 159 int ret;
@@ -159,7 +161,7 @@ mhd_gtls_proc_anon_server_kx (mhd_gtls_session_t session, opaque * data,
159 /* set auth_info */ 161 /* set auth_info */
160 if ((ret = 162 if ((ret =
161 mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, 163 mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
162 sizeof (anon_auth_info_st), 1)) < 0) 164 sizeof (anon_auth_info_st), 1)) < 0)
163 { 165 {
164 gnutls_assert (); 166 gnutls_assert ();
165 return ret; 167 return ret;
diff --git a/src/daemon/https/tls/auth_anon.h b/src/daemon/https/tls/auth_anon.h
index bdb0c1e4..ca5f3bfb 100644
--- a/src/daemon/https/tls/auth_anon.h
+++ b/src/daemon/https/tls/auth_anon.h
@@ -43,6 +43,6 @@ typedef struct mhd_gtls_anon_client_credentials_st
43typedef struct mhd_gtls_anon_auth_info_st 43typedef struct mhd_gtls_anon_auth_info_st
44{ 44{
45 mhd_gtls_dh_info_st dh; 45 mhd_gtls_dh_info_st dh;
46} * mhd_anon_auth_info_t; 46} *mhd_anon_auth_info_t;
47 47
48typedef struct mhd_gtls_anon_auth_info_st anon_auth_info_st; 48typedef struct mhd_gtls_anon_auth_info_st anon_auth_info_st;
diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c
index 69a581ab..e007517c 100644
--- a/src/daemon/https/tls/auth_cert.c
+++ b/src/daemon/https/tls/auth_cert.c
@@ -50,7 +50,7 @@ static gnutls_cert *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs,
50static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key); 50static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key);
51 51
52 52
53/* Copies data from a internal certificate struct (gnutls_cert) to 53/* Copies data from a internal certificate struct (gnutls_cert) to
54 * exported certificate struct (cert_auth_info_t) 54 * exported certificate struct (cert_auth_info_t)
55 */ 55 */
56static int 56static int
@@ -81,8 +81,7 @@ _gnutls_copy_certificate_auth_info (cert_auth_info_t info,
81 if (cert->raw.size > 0) 81 if (cert->raw.size > 0)
82 { 82 {
83 ret = 83 ret =
84 _gnutls_set_datum (&info-> 84 _gnutls_set_datum (&info->raw_certificate_list[i],
85 raw_certificate_list[i],
86 cert[i].raw.data, cert[i].raw.size); 85 cert[i].raw.data, cert[i].raw.size);
87 if (ret < 0) 86 if (ret < 0)
88 { 87 {
@@ -113,9 +112,10 @@ clear:
113 * -1 otherwise. 112 * -1 otherwise.
114 */ 113 */
115inline static int 114inline static int
116_gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm * 115_gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm
117 pk_algos, int pk_algos_length, 116 *pk_algos, int pk_algos_length,
118 enum MHD_GNUTLS_PublicKeyAlgorithm algo_to_check) 117 enum MHD_GNUTLS_PublicKeyAlgorithm
118 algo_to_check)
119{ 119{
120 int i; 120 int i;
121 for (i = 0; i < pk_algos_length; i++) 121 for (i = 0; i < pk_algos_length; i++)
@@ -129,7 +129,7 @@ _gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm *
129} 129}
130 130
131 131
132/* Returns the issuer's Distinguished name in odn, of the certificate 132/* Returns the issuer's Distinguished name in odn, of the certificate
133 * specified in cert. 133 * specified in cert.
134 */ 134 */
135static int 135static int
@@ -179,13 +179,13 @@ _gnutls_cert_get_issuer_dn (gnutls_cert * cert, gnutls_datum_t * odn)
179/* Locates the most appropriate x509 certificate using the 179/* Locates the most appropriate x509 certificate using the
180 * given DN. If indx == -1 then no certificate was found. 180 * given DN. If indx == -1 then no certificate was found.
181 * 181 *
182 * That is to guess which certificate to use, based on the 182 * That is to guess which certificate to use, based on the
183 * CAs and sign algorithms supported by the peer server. 183 * CAs and sign algorithms supported by the peer server.
184 */ 184 */
185static int 185static int
186_find_x509_cert (const mhd_gtls_cert_credentials_t cred, 186_find_x509_cert (const mhd_gtls_cert_credentials_t cred,
187 opaque * _data, size_t _data_size, 187 opaque * _data, size_t _data_size,
188 const enum MHD_GNUTLS_PublicKeyAlgorithm * pk_algos, 188 const enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos,
189 int pk_algos_length, int *indx) 189 int pk_algos_length, int *indx)
190{ 190{
191 unsigned size; 191 unsigned size;
@@ -210,8 +210,8 @@ _find_x509_cert (const mhd_gtls_cert_credentials_t cred,
210 for (j = 0; j < cred->cert_list_length[i]; j++) 210 for (j = 0; j < cred->cert_list_length[i]; j++)
211 { 211 {
212 if ((result = 212 if ((result =
213 _gnutls_cert_get_issuer_dn (&cred-> 213 _gnutls_cert_get_issuer_dn (&cred->cert_list[i][j],
214 cert_list[i][j], &odn)) < 0) 214 &odn)) < 0)
215 { 215 {
216 gnutls_assert (); 216 gnutls_assert ();
217 return result; 217 return result;
@@ -271,7 +271,7 @@ get_issuers_num (mhd_gtls_session_t session, opaque * data, ssize_t data_size)
271 if (data_size > 0) 271 if (data_size > 0)
272 do 272 do
273 { 273 {
274 /* This works like DECR_LEN() 274 /* This works like DECR_LEN()
275 */ 275 */
276 result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; 276 result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
277 DECR_LENGTH_COM (data_size, 2, goto error); 277 DECR_LENGTH_COM (data_size, 2, goto error);
@@ -348,14 +348,16 @@ static int
348call_get_cert_callback (mhd_gtls_session_t session, 348call_get_cert_callback (mhd_gtls_session_t session,
349 gnutls_datum_t * issuers_dn, 349 gnutls_datum_t * issuers_dn,
350 int issuers_dn_length, 350 int issuers_dn_length,
351 enum MHD_GNUTLS_PublicKeyAlgorithm * pk_algos, int pk_algos_length) 351 enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos,
352 int pk_algos_length)
352{ 353{
353 unsigned i; 354 unsigned i;
354 gnutls_cert *local_certs = NULL; 355 gnutls_cert *local_certs = NULL;
355 gnutls_privkey *local_key = NULL; 356 gnutls_privkey *local_key = NULL;
356 gnutls_retr_st st; 357 gnutls_retr_st st;
357 int ret; 358 int ret;
358 enum MHD_GNUTLS_CertificateType type = gnutls_certificate_type_get (session); 359 enum MHD_GNUTLS_CertificateType type =
360 gnutls_certificate_type_get (session);
359 mhd_gtls_cert_credentials_t cred; 361 mhd_gtls_cert_credentials_t cred;
360 362
361 cred = (mhd_gtls_cert_credentials_t) 363 cred = (mhd_gtls_cert_credentials_t)
@@ -411,8 +413,8 @@ call_get_cert_callback (mhd_gtls_session_t session,
411 } 413 }
412 414
413 mhd_gtls_selected_certs_set (session, local_certs, 415 mhd_gtls_selected_certs_set (session, local_certs,
414 (local_certs != NULL) ? st.ncerts : 0, 416 (local_certs != NULL) ? st.ncerts : 0,
415 local_key, 1); 417 local_key, 1);
416 418
417 ret = 0; 419 ret = 0;
418 420
@@ -443,7 +445,8 @@ cleanup:
443static int 445static int
444_select_client_cert (mhd_gtls_session_t session, 446_select_client_cert (mhd_gtls_session_t session,
445 opaque * _data, size_t _data_size, 447 opaque * _data, size_t _data_size,
446 enum MHD_GNUTLS_PublicKeyAlgorithm * pk_algos, int pk_algos_length) 448 enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos,
449 int pk_algos_length)
447{ 450{
448 int result; 451 int result;
449 int indx = -1; 452 int indx = -1;
@@ -464,7 +467,7 @@ _select_client_cert (mhd_gtls_session_t session,
464 if (cred->client_get_cert_callback != NULL) 467 if (cred->client_get_cert_callback != NULL)
465 { 468 {
466 469
467 /* use a callback to get certificate 470 /* use a callback to get certificate
468 */ 471 */
469 if (session->security_parameters.cert_type != MHD_GNUTLS_CRT_X509) 472 if (session->security_parameters.cert_type != MHD_GNUTLS_CRT_X509)
470 issuers_dn_length = 0; 473 issuers_dn_length = 0;
@@ -523,9 +526,9 @@ _select_client_cert (mhd_gtls_session_t session,
523 if (indx >= 0) 526 if (indx >= 0)
524 { 527 {
525 mhd_gtls_selected_certs_set (session, 528 mhd_gtls_selected_certs_set (session,
526 &cred->cert_list[indx][0], 529 &cred->cert_list[indx][0],
527 cred->cert_list_length[indx], 530 cred->cert_list_length[indx],
528 &cred->pkey[indx], 0); 531 &cred->pkey[indx], 0);
529 } 532 }
530 else 533 else
531 { 534 {
@@ -553,11 +556,11 @@ mhd_gtls_gen_x509_crt (mhd_gtls_session_t session, opaque ** data)
553 gnutls_privkey *apr_pkey; 556 gnutls_privkey *apr_pkey;
554 int apr_cert_list_length; 557 int apr_cert_list_length;
555 558
556 /* find the appropriate certificate 559 /* find the appropriate certificate
557 */ 560 */
558 if ((ret = 561 if ((ret =
559 mhd_gtls_get_selected_cert (session, &apr_cert_list, 562 mhd_gtls_get_selected_cert (session, &apr_cert_list,
560 &apr_cert_list_length, &apr_pkey)) < 0) 563 &apr_cert_list_length, &apr_pkey)) < 0)
561 { 564 {
562 gnutls_assert (); 565 gnutls_assert ();
563 return ret; 566 return ret;
@@ -576,7 +579,7 @@ mhd_gtls_gen_x509_crt (mhd_gtls_session_t session, opaque ** data)
576 * instead of: 579 * instead of:
577 * 0B 00 00 00 // empty certificate handshake 580 * 0B 00 00 00 // empty certificate handshake
578 * 581 *
579 * ( the above is the whole handshake message, not 582 * ( the above is the whole handshake message, not
580 * the one produced here ) 583 * the one produced here )
581 */ 584 */
582 585
@@ -600,7 +603,8 @@ mhd_gtls_gen_x509_crt (mhd_gtls_session_t session, opaque ** data)
600} 603}
601 604
602int 605int
603mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, opaque ** data) 606mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session,
607 opaque ** data)
604{ 608{
605 switch (session->security_parameters.cert_type) 609 switch (session->security_parameters.cert_type)
606 { 610 {
@@ -614,7 +618,8 @@ mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, opaque ** data
614} 618}
615 619
616int 620int
617mhd_gtls_gen_cert_server_certificate (mhd_gtls_session_t session, opaque ** data) 621mhd_gtls_gen_cert_server_certificate (mhd_gtls_session_t session,
622 opaque ** data)
618{ 623{
619 switch (session->security_parameters.cert_type) 624 switch (session->security_parameters.cert_type)
620 { 625 {
@@ -632,7 +637,7 @@ mhd_gtls_gen_cert_server_certificate (mhd_gtls_session_t session, opaque ** data
632#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) mhd_gtls_gcert_deinit(&peer_certificate_list[x]) 637#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) mhd_gtls_gcert_deinit(&peer_certificate_list[x])
633int 638int
634mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session, 639mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session,
635 opaque * data, size_t data_size) 640 opaque * data, size_t data_size)
636{ 641{
637 int size, len, ret; 642 int size, len, ret;
638 opaque *p = data; 643 opaque *p = data;
@@ -655,7 +660,7 @@ mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session,
655 660
656 if ((ret = 661 if ((ret =
657 mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, 662 mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
658 sizeof (cert_auth_info_st), 1)) < 0) 663 sizeof (cert_auth_info_st), 1)) < 0)
659 { 664 {
660 gnutls_assert (); 665 gnutls_assert ();
661 return ret; 666 return ret;
@@ -703,7 +708,7 @@ mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session,
703 } 708 }
704 709
705 /* Ok we now allocate the memory to hold the 710 /* Ok we now allocate the memory to hold the
706 * certificate list 711 * certificate list
707 */ 712 */
708 713
709 peer_certificate_list = 714 peer_certificate_list =
@@ -734,8 +739,8 @@ mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session,
734 739
735 if ((ret = 740 if ((ret =
736 mhd_gtls_x509_raw_cert_to_gcert (&peer_certificate_list 741 mhd_gtls_x509_raw_cert_to_gcert (&peer_certificate_list
737 [j], &tmp, 742 [j], &tmp,
738 CERT_ONLY_EXTENSIONS)) < 0) 743 CERT_ONLY_EXTENSIONS)) < 0)
739 { 744 {
740 gnutls_assert (); 745 gnutls_assert ();
741 goto cleanup; 746 goto cleanup;
@@ -775,7 +780,7 @@ cleanup:
775 780
776int 781int
777mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session, 782mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session,
778 opaque * data, size_t data_size) 783 opaque * data, size_t data_size)
779{ 784{
780 switch (session->security_parameters.cert_type) 785 switch (session->security_parameters.cert_type)
781 { 786 {
@@ -792,7 +797,7 @@ typedef enum CertificateSigType
792{ RSA_SIGN = 1, DSA_SIGN 797{ RSA_SIGN = 1, DSA_SIGN
793} CertificateSigType; 798} CertificateSigType;
794 799
795/* Checks if we support the given signature algorithm 800/* Checks if we support the given signature algorithm
796 * (RSA or DSA). Returns the corresponding enum MHD_GNUTLS_PublicKeyAlgorithm 801 * (RSA or DSA). Returns the corresponding enum MHD_GNUTLS_PublicKeyAlgorithm
797 * if true; 802 * if true;
798 */ 803 */
@@ -810,7 +815,7 @@ _gnutls_check_supported_sign_algo (CertificateSigType algo)
810 815
811int 816int
812mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, 817mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data,
813 size_t data_size) 818 size_t data_size)
814{ 819{
815 int size, ret; 820 int size, ret;
816 opaque *p; 821 opaque *p;
@@ -832,7 +837,7 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data,
832 837
833 if ((ret = 838 if ((ret =
834 mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, 839 mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
835 sizeof (cert_auth_info_st), 0)) < 0) 840 sizeof (cert_auth_info_st), 0)) < 0)
836 { 841 {
837 gnutls_assert (); 842 gnutls_assert ();
838 return ret; 843 return ret;
@@ -898,7 +903,7 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data,
898 return ret; 903 return ret;
899 } 904 }
900 905
901 /* We should reply with a certificate message, 906 /* We should reply with a certificate message,
902 * even if we have no certificate to send. 907 * even if we have no certificate to send.
903 */ 908 */
904 session->key->certificate_requested = 1; 909 session->key->certificate_requested = 1;
@@ -907,7 +912,8 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data,
907} 912}
908 913
909int 914int
910mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, opaque ** data) 915mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session,
916 opaque ** data)
911{ 917{
912 int ret; 918 int ret;
913 gnutls_cert *apr_cert_list; 919 gnutls_cert *apr_cert_list;
@@ -920,7 +926,7 @@ mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, opaque ** data)
920 /* find the appropriate certificate */ 926 /* find the appropriate certificate */
921 if ((ret = 927 if ((ret =
922 mhd_gtls_get_selected_cert (session, &apr_cert_list, 928 mhd_gtls_get_selected_cert (session, &apr_cert_list,
923 &apr_cert_list_length, &apr_pkey)) < 0) 929 &apr_cert_list_length, &apr_pkey)) < 0)
924 { 930 {
925 gnutls_assert (); 931 gnutls_assert ();
926 return ret; 932 return ret;
@@ -930,8 +936,8 @@ mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, opaque ** data)
930 { 936 {
931 if ((ret = 937 if ((ret =
932 mhd_gtls_tls_sign_hdata (session, 938 mhd_gtls_tls_sign_hdata (session,
933 &apr_cert_list[0], 939 &apr_cert_list[0],
934 apr_pkey, &signature)) < 0) 940 apr_pkey, &signature)) < 0)
935 { 941 {
936 gnutls_assert (); 942 gnutls_assert ();
937 return ret; 943 return ret;
@@ -960,7 +966,7 @@ mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, opaque ** data)
960 966
961int 967int
962mhd_gtls_proc_cert_client_cert_vrfy (mhd_gtls_session_t session, 968mhd_gtls_proc_cert_client_cert_vrfy (mhd_gtls_session_t session,
963 opaque * data, size_t data_size) 969 opaque * data, size_t data_size)
964{ 970{
965 int size, ret; 971 int size, ret;
966 ssize_t dsize = data_size; 972 ssize_t dsize = data_size;
@@ -986,9 +992,9 @@ mhd_gtls_proc_cert_client_cert_vrfy (mhd_gtls_session_t session,
986 sig.size = size; 992 sig.size = size;
987 993
988 ret = mhd_gtls_raw_cert_to_gcert (&peer_cert, 994 ret = mhd_gtls_raw_cert_to_gcert (&peer_cert,
989 session->security_parameters.cert_type, 995 session->security_parameters.cert_type,
990 &info->raw_certificate_list[0], 996 &info->raw_certificate_list[0],
991 CERT_NO_COPY); 997 CERT_NO_COPY);
992 998
993 if (ret < 0) 999 if (ret < 0)
994 { 1000 {
@@ -1029,7 +1035,7 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data)
1029 return GNUTLS_E_INSUFFICIENT_CREDENTIALS; 1035 return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
1030 } 1036 }
1031 1037
1032 size = CERTTYPE_SIZE + 2; /* 2 for enum MHD_GNUTLS_CertificateType + 2 for size of rdn_seq 1038 size = CERTTYPE_SIZE + 2; /* 2 for enum MHD_GNUTLS_CertificateType + 2 for size of rdn_seq
1033 */ 1039 */
1034 1040
1035 if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509 && 1041 if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509 &&
@@ -1079,7 +1085,7 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data)
1079} 1085}
1080 1086
1081 1087
1082/* This function will return the appropriate certificate to use. 1088/* This function will return the appropriate certificate to use.
1083 * Fills in the apr_cert_list, apr_cert_list_length and apr_pkey. 1089 * Fills in the apr_cert_list, apr_cert_list_length and apr_pkey.
1084 * The return value is a negative value on error. 1090 * The return value is a negative value on error.
1085 * 1091 *
@@ -1088,9 +1094,9 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data)
1088 */ 1094 */
1089int 1095int
1090mhd_gtls_get_selected_cert (mhd_gtls_session_t session, 1096mhd_gtls_get_selected_cert (mhd_gtls_session_t session,
1091 gnutls_cert ** apr_cert_list, 1097 gnutls_cert ** apr_cert_list,
1092 int *apr_cert_list_length, 1098 int *apr_cert_list_length,
1093 gnutls_privkey ** apr_pkey) 1099 gnutls_privkey ** apr_pkey)
1094{ 1100{
1095 if (session->security_parameters.entity == GNUTLS_SERVER) 1101 if (session->security_parameters.entity == GNUTLS_SERVER)
1096 { 1102 {
@@ -1110,7 +1116,7 @@ mhd_gtls_get_selected_cert (mhd_gtls_session_t session,
1110 1116
1111 } 1117 }
1112 else 1118 else
1113 { /* CLIENT SIDE 1119 { /* CLIENT SIDE
1114 */ 1120 */
1115 1121
1116 /* we have already decided which certificate 1122 /* we have already decided which certificate
@@ -1223,8 +1229,8 @@ mhd_gtls_selected_certs_deinit (mhd_gtls_session_t session)
1223 1229
1224void 1230void
1225mhd_gtls_selected_certs_set (mhd_gtls_session_t session, 1231mhd_gtls_selected_certs_set (mhd_gtls_session_t session,
1226 gnutls_cert * certs, int ncerts, 1232 gnutls_cert * certs, int ncerts,
1227 gnutls_privkey * key, int need_free) 1233 gnutls_privkey * key, int need_free)
1228{ 1234{
1229 mhd_gtls_selected_certs_deinit (session); 1235 mhd_gtls_selected_certs_deinit (session);
1230 1236
@@ -1248,7 +1254,8 @@ mhd_gtls_selected_certs_set (mhd_gtls_session_t session,
1248 */ 1254 */
1249int 1255int
1250mhd_gtls_server_select_cert (mhd_gtls_session_t session, 1256mhd_gtls_server_select_cert (mhd_gtls_session_t session,
1251 enum MHD_GNUTLS_PublicKeyAlgorithm requested_algo) 1257 enum MHD_GNUTLS_PublicKeyAlgorithm
1258 requested_algo)
1252{ 1259{
1253 unsigned i; 1260 unsigned i;
1254 int idx, ret; 1261 int idx, ret;
@@ -1276,12 +1283,12 @@ mhd_gtls_server_select_cert (mhd_gtls_session_t session,
1276 1283
1277 for (i = 0; i < cred->ncerts; i++) 1284 for (i = 0; i < cred->ncerts; i++)
1278 { 1285 {
1279 /* find one compatible certificate 1286 /* find one compatible certificate
1280 */ 1287 */
1281 if (requested_algo == GNUTLS_PK_ANY || 1288 if (requested_algo == GNUTLS_PK_ANY ||
1282 requested_algo == cred->cert_list[i][0].subject_pk_algorithm) 1289 requested_algo == cred->cert_list[i][0].subject_pk_algorithm)
1283 { 1290 {
1284 /* if cert type matches 1291 /* if cert type matches
1285 */ 1292 */
1286 if (session->security_parameters.cert_type == 1293 if (session->security_parameters.cert_type ==
1287 cred->cert_list[i][0].cert_type) 1294 cred->cert_list[i][0].cert_type)
@@ -1298,9 +1305,9 @@ mhd_gtls_server_select_cert (mhd_gtls_session_t session,
1298 if (idx >= 0 && ret == 0) 1305 if (idx >= 0 && ret == 0)
1299 { 1306 {
1300 mhd_gtls_selected_certs_set (session, 1307 mhd_gtls_selected_certs_set (session,
1301 &cred->cert_list[idx][0], 1308 &cred->cert_list[idx][0],
1302 cred->cert_list_length[idx], 1309 cred->cert_list_length[idx],
1303 &cred->pkey[idx], 0); 1310 &cred->pkey[idx], 0);
1304 } 1311 }
1305 else 1312 else
1306 /* Certificate does not support REQUESTED_ALGO. */ 1313 /* Certificate does not support REQUESTED_ALGO. */
diff --git a/src/daemon/https/tls/auth_cert.h b/src/daemon/https/tls/auth_cert.h
index 5b420761..9df2bd0d 100644
--- a/src/daemon/https/tls/auth_cert.h
+++ b/src/daemon/https/tls/auth_cert.h
@@ -53,9 +53,9 @@ typedef struct mhd_gtls_certificate_credentials_st
53 /* contains the number of the certificates in a 53 /* contains the number of the certificates in a
54 * row (should be 1 for OpenPGP keys). 54 * row (should be 1 for OpenPGP keys).
55 */ 55 */
56 unsigned ncerts; /* contains the number of columns in cert_list. 56 unsigned ncerts; /* contains the number of columns in cert_list.
57 * This is the same with the number of pkeys. 57 * This is the same with the number of pkeys.
58 */ 58 */
59 59
60 gnutls_privkey *pkey; 60 gnutls_privkey *pkey;
61 /* private keys. It contains ncerts private 61 /* private keys. It contains ncerts private
@@ -75,16 +75,16 @@ typedef struct mhd_gtls_certificate_credentials_st
75 /* X509 specific stuff */ 75 /* X509 specific stuff */
76 76
77 gnutls_x509_crt_t *x509_ca_list; 77 gnutls_x509_crt_t *x509_ca_list;
78 unsigned x509_ncas; /* number of CAs in the ca_list 78 unsigned x509_ncas; /* number of CAs in the ca_list
79 */ 79 */
80 80
81 gnutls_x509_crl_t *x509_crl_list; 81 gnutls_x509_crl_t *x509_crl_list;
82 unsigned x509_ncrls; /* number of CRLs in the crl_list 82 unsigned x509_ncrls; /* number of CRLs in the crl_list
83 */ 83 */
84 84
85 unsigned int verify_flags; /* flags to be used at 85 unsigned int verify_flags; /* flags to be used at
86 * certificate verification. 86 * certificate verification.
87 */ 87 */
88 unsigned int verify_depth; 88 unsigned int verify_depth;
89 unsigned int verify_bits; 89 unsigned int verify_bits;
90 90
@@ -107,9 +107,9 @@ typedef struct mhd_gtls_rsa_info_st
107 107
108typedef struct mhd_gtls_cert_auth_info_st 108typedef struct mhd_gtls_cert_auth_info_st
109{ 109{
110 int certificate_requested; /* if the peer requested certificate 110 int certificate_requested; /* if the peer requested certificate
111 * this is non zero; 111 * this is non zero;
112 */ 112 */
113 113
114 /* These (dh/rsa) are just copies from the credentials_t structure. 114 /* These (dh/rsa) are just copies from the credentials_t structure.
115 * They must be freed. 115 * They must be freed.
@@ -117,11 +117,11 @@ typedef struct mhd_gtls_cert_auth_info_st
117 mhd_gtls_dh_info_st dh; 117 mhd_gtls_dh_info_st dh;
118 rsa_info_st rsa_export; 118 rsa_info_st rsa_export;
119 119
120 gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the 120 gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the
121 * peer. 121 * peer.
122 */ 122 */
123 unsigned int ncerts; /* holds the size of the list above */ 123 unsigned int ncerts; /* holds the size of the list above */
124} * cert_auth_info_t; 124} *cert_auth_info_t;
125 125
126typedef struct mhd_gtls_cert_auth_info_st cert_auth_info_st; 126typedef struct mhd_gtls_cert_auth_info_st cert_auth_info_st;
127 127
@@ -133,26 +133,27 @@ int mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t, opaque **);
133int mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t, opaque **); 133int mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t, opaque **);
134int mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t, opaque **); 134int mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t, opaque **);
135int mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t, opaque *, size_t); 135int mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t, opaque *, size_t);
136int mhd_gtls_proc_cert_client_cert_vrfy (mhd_gtls_session_t, opaque *, size_t); 136int mhd_gtls_proc_cert_client_cert_vrfy (mhd_gtls_session_t, opaque *,
137int mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t, opaque *, size_t); 137 size_t);
138int mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t, opaque *,
139 size_t);
138int mhd_gtls_get_selected_cert (mhd_gtls_session_t session, 140int mhd_gtls_get_selected_cert (mhd_gtls_session_t session,
139 gnutls_cert ** apr_cert_list, 141 gnutls_cert ** apr_cert_list,
140 int *apr_cert_list_length, 142 int *apr_cert_list_length,
141 gnutls_privkey ** apr_pkey); 143 gnutls_privkey ** apr_pkey);
142 144
143int mhd_gtls_server_select_cert (struct MHD_gtls_session_int *, 145int mhd_gtls_server_select_cert (struct MHD_gtls_session_int *,
144 enum MHD_GNUTLS_PublicKeyAlgorithm); 146 enum MHD_GNUTLS_PublicKeyAlgorithm);
145void mhd_gtls_selected_certs_deinit (mhd_gtls_session_t session); 147void mhd_gtls_selected_certs_deinit (mhd_gtls_session_t session);
146void mhd_gtls_selected_certs_set (mhd_gtls_session_t session, 148void mhd_gtls_selected_certs_set (mhd_gtls_session_t session,
147 gnutls_cert * certs, int ncerts, 149 gnutls_cert * certs, int ncerts,
148 gnutls_privkey * key, int need_free); 150 gnutls_privkey * key, int need_free);
149 151
150#define _gnutls_proc_cert_client_certificate mhd_gtls_proc_cert_server_certificate 152#define _gnutls_proc_cert_client_certificate mhd_gtls_proc_cert_server_certificate
151 153
152mhd_gtls_rsa_params_t mhd_gtls_certificate_get_rsa_params (mhd_gtls_rsa_params_t 154mhd_gtls_rsa_params_t
153 rsa_params, 155mhd_gtls_certificate_get_rsa_params (mhd_gtls_rsa_params_t rsa_params,
154 gnutls_params_function 156 gnutls_params_function * func,
155 * func, 157 mhd_gtls_session_t);
156 mhd_gtls_session_t);
157 158
158#endif 159#endif
diff --git a/src/daemon/https/tls/auth_dh_common.c b/src/daemon/https/tls/auth_dh_common.c
index 85f4a187..4d471045 100644
--- a/src/daemon/https/tls/auth_dh_common.c
+++ b/src/daemon/https/tls/auth_dh_common.c
@@ -52,8 +52,8 @@ mhd_gtls_free_dh_info (mhd_gtls_dh_info_st * dh)
52 52
53int 53int
54mhd_gtls_proc_dh_common_client_kx (mhd_gtls_session_t session, 54mhd_gtls_proc_dh_common_client_kx (mhd_gtls_session_t session,
55 opaque * data, size_t _data_size, 55 opaque * data, size_t _data_size,
56 mpi_t g, mpi_t p) 56 mpi_t g, mpi_t p)
57{ 57{
58 uint16_t n_Y; 58 uint16_t n_Y;
59 size_t _n_Y; 59 size_t _n_Y;
@@ -108,7 +108,7 @@ mhd_gtls_gen_dh_common_client_kx (mhd_gtls_session_t session, opaque ** data)
108 *data = NULL; 108 *data = NULL;
109 109
110 X = mhd_gtls_calc_dh_secret (&x, session->key->client_g, 110 X = mhd_gtls_calc_dh_secret (&x, session->key->client_g,
111 session->key->client_p); 111 session->key->client_p);
112 if (X == NULL || x == NULL) 112 if (X == NULL || x == NULL)
113 { 113 {
114 gnutls_assert (); 114 gnutls_assert ();
@@ -170,7 +170,7 @@ error:
170 170
171int 171int
172mhd_gtls_proc_dh_common_server_kx (mhd_gtls_session_t session, 172mhd_gtls_proc_dh_common_server_kx (mhd_gtls_session_t session,
173 opaque * data, size_t _data_size, int psk) 173 opaque * data, size_t _data_size, int psk)
174{ 174{
175 uint16_t n_Y, n_g, n_p; 175 uint16_t n_Y, n_g, n_p;
176 size_t _n_Y, _n_g, _n_p; 176 size_t _n_Y, _n_g, _n_p;
@@ -251,7 +251,7 @@ mhd_gtls_proc_dh_common_server_kx (mhd_gtls_session_t session,
251 } 251 }
252 252
253 mhd_gtls_dh_set_group (session, session->key->client_g, 253 mhd_gtls_dh_set_group (session, session->key->client_g,
254 session->key->client_p); 254 session->key->client_p);
255 mhd_gtls_dh_set_peer_public (session, session->key->client_Y); 255 mhd_gtls_dh_set_peer_public (session, session->key->client_Y);
256 256
257 ret = n_Y + n_p + n_g + 6; 257 ret = n_Y + n_p + n_g + 6;
@@ -265,7 +265,7 @@ mhd_gtls_proc_dh_common_server_kx (mhd_gtls_session_t session,
265 * be inserted */ 265 * be inserted */
266int 266int
267mhd_gtls_dh_common_print_server_kx (mhd_gtls_session_t session, 267mhd_gtls_dh_common_print_server_kx (mhd_gtls_session_t session,
268 mpi_t g, mpi_t p, opaque ** data, int psk) 268 mpi_t g, mpi_t p, opaque ** data, int psk)
269{ 269{
270 mpi_t x, X; 270 mpi_t x, X;
271 size_t n_X, n_g, n_p; 271 size_t n_X, n_g, n_p;
diff --git a/src/daemon/https/tls/auth_dh_common.h b/src/daemon/https/tls/auth_dh_common.h
index 440ab5b4..c6129958 100644
--- a/src/daemon/https/tls/auth_dh_common.h
+++ b/src/daemon/https/tls/auth_dh_common.h
@@ -37,12 +37,12 @@ typedef struct
37void mhd_gtls_free_dh_info (mhd_gtls_dh_info_st * dh); 37void mhd_gtls_free_dh_info (mhd_gtls_dh_info_st * dh);
38int mhd_gtls_gen_dh_common_client_kx (mhd_gtls_session_t, opaque **); 38int mhd_gtls_gen_dh_common_client_kx (mhd_gtls_session_t, opaque **);
39int mhd_gtls_proc_dh_common_client_kx (mhd_gtls_session_t session, 39int mhd_gtls_proc_dh_common_client_kx (mhd_gtls_session_t session,
40 opaque * data, size_t _data_size, 40 opaque * data, size_t _data_size,
41 mpi_t p, mpi_t g); 41 mpi_t p, mpi_t g);
42int mhd_gtls_dh_common_print_server_kx (mhd_gtls_session_t, mpi_t g, mpi_t p, 42int mhd_gtls_dh_common_print_server_kx (mhd_gtls_session_t, mpi_t g, mpi_t p,
43 opaque ** data, int psk); 43 opaque ** data, int psk);
44int mhd_gtls_proc_dh_common_server_kx (mhd_gtls_session_t session, 44int mhd_gtls_proc_dh_common_server_kx (mhd_gtls_session_t session,
45 opaque * data, size_t _data_size, 45 opaque * data, size_t _data_size,
46 int psk); 46 int psk);
47 47
48#endif 48#endif
diff --git a/src/daemon/https/tls/auth_dhe.c b/src/daemon/https/tls/auth_dhe.c
index 9cfdbb99..43aedf0b 100644
--- a/src/daemon/https/tls/auth_dhe.c
+++ b/src/daemon/https/tls/auth_dhe.c
@@ -49,15 +49,15 @@ const mhd_gtls_mod_auth_st mhd_gtls_dhe_rsa_auth_struct = {
49 mhd_gtls_gen_cert_client_certificate, 49 mhd_gtls_gen_cert_client_certificate,
50 gen_dhe_server_kx, 50 gen_dhe_server_kx,
51 mhd_gtls_gen_dh_common_client_kx, 51 mhd_gtls_gen_dh_common_client_kx,
52 mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ 52 mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
53 mhd_gtls_gen_cert_server_cert_req, /* server cert request */ 53 mhd_gtls_gen_cert_server_cert_req, /* server cert request */
54 54
55 mhd_gtls_proc_cert_server_certificate, 55 mhd_gtls_proc_cert_server_certificate,
56 _gnutls_proc_cert_client_certificate, 56 _gnutls_proc_cert_client_certificate,
57 proc_dhe_server_kx, 57 proc_dhe_server_kx,
58 proc_dhe_client_kx, 58 proc_dhe_client_kx,
59 mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ 59 mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
60 mhd_gtls_proc_cert_cert_req /* proc server cert request */ 60 mhd_gtls_proc_cert_cert_req /* proc server cert request */
61}; 61};
62 62
63const mhd_gtls_mod_auth_st mhd_gtls_dhe_dss_auth_struct = { 63const mhd_gtls_mod_auth_st mhd_gtls_dhe_dss_auth_struct = {
@@ -66,15 +66,15 @@ const mhd_gtls_mod_auth_st mhd_gtls_dhe_dss_auth_struct = {
66 mhd_gtls_gen_cert_client_certificate, 66 mhd_gtls_gen_cert_client_certificate,
67 gen_dhe_server_kx, 67 gen_dhe_server_kx,
68 mhd_gtls_gen_dh_common_client_kx, 68 mhd_gtls_gen_dh_common_client_kx,
69 mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ 69 mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
70 mhd_gtls_gen_cert_server_cert_req, /* server cert request */ 70 mhd_gtls_gen_cert_server_cert_req, /* server cert request */
71 71
72 mhd_gtls_proc_cert_server_certificate, 72 mhd_gtls_proc_cert_server_certificate,
73 _gnutls_proc_cert_client_certificate, 73 _gnutls_proc_cert_client_certificate,
74 proc_dhe_server_kx, 74 proc_dhe_server_kx,
75 proc_dhe_client_kx, 75 proc_dhe_client_kx,
76 mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ 76 mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
77 mhd_gtls_proc_cert_cert_req /* proc server cert request */ 77 mhd_gtls_proc_cert_cert_req /* proc server cert request */
78}; 78};
79 79
80 80
@@ -105,7 +105,7 @@ gen_dhe_server_kx (mhd_gtls_session_t session, opaque ** data)
105 /* find the appropriate certificate */ 105 /* find the appropriate certificate */
106 if ((ret = 106 if ((ret =
107 mhd_gtls_get_selected_cert (session, &apr_cert_list, 107 mhd_gtls_get_selected_cert (session, &apr_cert_list,
108 &apr_cert_list_length, &apr_pkey)) < 0) 108 &apr_cert_list_length, &apr_pkey)) < 0)
109 { 109 {
110 gnutls_assert (); 110 gnutls_assert ();
111 return ret; 111 return ret;
@@ -124,7 +124,7 @@ gen_dhe_server_kx (mhd_gtls_session_t session, opaque ** data)
124 g = mpis[1]; 124 g = mpis[1];
125 125
126 if ((ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, 126 if ((ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
127 sizeof (cert_auth_info_st), 0)) < 0) 127 sizeof (cert_auth_info_st), 0)) < 0)
128 { 128 {
129 gnutls_assert (); 129 gnutls_assert ();
130 return ret; 130 return ret;
@@ -149,7 +149,7 @@ gen_dhe_server_kx (mhd_gtls_session_t session, opaque ** data)
149 { 149 {
150 if ((ret = 150 if ((ret =
151 mhd_gtls_tls_sign_params (session, &apr_cert_list[0], 151 mhd_gtls_tls_sign_params (session, &apr_cert_list[0],
152 apr_pkey, &ddata, &signature)) < 0) 152 apr_pkey, &ddata, &signature)) < 0)
153 { 153 {
154 gnutls_assert (); 154 gnutls_assert ();
155 gnutls_free (*data); 155 gnutls_free (*data);
@@ -217,15 +217,16 @@ proc_dhe_server_kx (mhd_gtls_session_t session, opaque * data,
217 217
218 if ((ret = 218 if ((ret =
219 mhd_gtls_raw_cert_to_gcert (&peer_cert, 219 mhd_gtls_raw_cert_to_gcert (&peer_cert,
220 session->security_parameters.cert_type, 220 session->security_parameters.cert_type,
221 &info->raw_certificate_list[0], 221 &info->raw_certificate_list[0],
222 CERT_NO_COPY)) < 0) 222 CERT_NO_COPY)) < 0)
223 { 223 {
224 gnutls_assert (); 224 gnutls_assert ();
225 return ret; 225 return ret;
226 } 226 }
227 227
228 ret = mhd_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature); 228 ret =
229 mhd_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature);
229 230
230 mhd_gtls_gcert_deinit (&peer_cert); 231 mhd_gtls_gcert_deinit (&peer_cert);
231 if (ret < 0) 232 if (ret < 0)
diff --git a/src/daemon/https/tls/auth_rsa.c b/src/daemon/https/tls/auth_rsa.c
index f9a19cba..4c909bcc 100644
--- a/src/daemon/https/tls/auth_rsa.c
+++ b/src/daemon/https/tls/auth_rsa.c
@@ -51,15 +51,15 @@ const mhd_gtls_mod_auth_st mhd_gtls_rsa_auth_struct = {
51 mhd_gtls_gen_cert_client_certificate, 51 mhd_gtls_gen_cert_client_certificate,
52 NULL, /* gen server kx */ 52 NULL, /* gen server kx */
53 _gnutls_gen_rsa_client_kx, 53 _gnutls_gen_rsa_client_kx,
54 mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ 54 mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
55 mhd_gtls_gen_cert_server_cert_req, /* server cert request */ 55 mhd_gtls_gen_cert_server_cert_req, /* server cert request */
56 56
57 mhd_gtls_proc_cert_server_certificate, 57 mhd_gtls_proc_cert_server_certificate,
58 _gnutls_proc_cert_client_certificate, 58 _gnutls_proc_cert_client_certificate,
59 NULL, /* proc server kx */ 59 NULL, /* proc server kx */
60 _gnutls_proc_rsa_client_kx, /* proc client kx */ 60 _gnutls_proc_rsa_client_kx, /* proc client kx */
61 mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ 61 mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
62 mhd_gtls_proc_cert_cert_req /* proc server cert request */ 62 mhd_gtls_proc_cert_cert_req /* proc server cert request */
63}; 63};
64 64
65/* This function reads the RSA parameters from peer's certificate; 65/* This function reads the RSA parameters from peer's certificate;
@@ -86,9 +86,9 @@ _gnutls_get_public_rsa_params (mhd_gtls_session_t session,
86 86
87 ret = 87 ret =
88 mhd_gtls_raw_cert_to_gcert (&peer_cert, 88 mhd_gtls_raw_cert_to_gcert (&peer_cert,
89 session->security_parameters.cert_type, 89 session->security_parameters.cert_type,
90 &info->raw_certificate_list[0], 90 &info->raw_certificate_list[0],
91 CERT_ONLY_PUBKEY | CERT_NO_COPY); 91 CERT_ONLY_PUBKEY | CERT_NO_COPY);
92 92
93 if (ret < 0) 93 if (ret < 0)
94 { 94 {
@@ -179,7 +179,7 @@ _gnutls_get_private_rsa_params (mhd_gtls_session_t session,
179 179
180 rsa_params = 180 rsa_params =
181 mhd_gtls_certificate_get_rsa_params (cred->rsa_params, 181 mhd_gtls_certificate_get_rsa_params (cred->rsa_params,
182 cred->params_func, session); 182 cred->params_func, session);
183 /* EXPORT case: */ 183 /* EXPORT case: */
184 if (rsa_params == NULL) 184 if (rsa_params == NULL)
185 { 185 {
@@ -219,7 +219,7 @@ _gnutls_proc_rsa_client_kx (mhd_gtls_session_t session, opaque * data,
219 219
220 if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) 220 if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3)
221 { 221 {
222 /* SSL 3.0 222 /* SSL 3.0
223 */ 223 */
224 ciphertext.data = data; 224 ciphertext.data = data;
225 ciphertext.size = data_size; 225 ciphertext.size = data_size;
@@ -247,7 +247,7 @@ _gnutls_proc_rsa_client_kx (mhd_gtls_session_t session, opaque * data,
247 return ret; 247 return ret;
248 } 248 }
249 249
250 ret = mhd_gtls_pkcs1_rsa_decrypt (&plaintext, &ciphertext, params, params_len, 2); /* btype==2 */ 250 ret = mhd_gtls_pkcs1_rsa_decrypt (&plaintext, &ciphertext, params, params_len, 2); /* btype==2 */
251 251
252 if (ret < 0 || plaintext.size != TLS_MASTER_SIZE) 252 if (ret < 0 || plaintext.size != TLS_MASTER_SIZE)
253 { 253 {
@@ -315,7 +315,7 @@ _gnutls_proc_rsa_client_kx (mhd_gtls_session_t session, opaque * data,
315 315
316 316
317 317
318/* return RSA(random) using the peers public key 318/* return RSA(random) using the peers public key
319 */ 319 */
320int 320int
321_gnutls_gen_rsa_client_kx (mhd_gtls_session_t session, opaque ** data) 321_gnutls_gen_rsa_client_kx (mhd_gtls_session_t session, opaque ** data)
@@ -376,7 +376,7 @@ _gnutls_gen_rsa_client_kx (mhd_gtls_session_t session, opaque ** data)
376 376
377 if ((ret = 377 if ((ret =
378 mhd_gtls_pkcs1_rsa_encrypt (&sdata, &session->key->key, 378 mhd_gtls_pkcs1_rsa_encrypt (&sdata, &session->key->key,
379 params, params_len, 2)) < 0) 379 params, params_len, 2)) < 0)
380 { 380 {
381 gnutls_assert (); 381 gnutls_assert ();
382 return ret; 382 return ret;
diff --git a/src/daemon/https/tls/auth_rsa_export.c b/src/daemon/https/tls/auth_rsa_export.c
index cb01570f..bc8fecea 100644
--- a/src/daemon/https/tls/auth_rsa_export.c
+++ b/src/daemon/https/tls/auth_rsa_export.c
@@ -54,15 +54,15 @@ const mhd_gtls_mod_auth_st rsa_export_auth_struct = {
54 mhd_gtls_gen_cert_client_certificate, 54 mhd_gtls_gen_cert_client_certificate,
55 gen_rsa_export_server_kx, 55 gen_rsa_export_server_kx,
56 _gnutls_gen_rsa_client_kx, 56 _gnutls_gen_rsa_client_kx,
57 mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ 57 mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
58 mhd_gtls_gen_cert_server_cert_req, /* server cert request */ 58 mhd_gtls_gen_cert_server_cert_req, /* server cert request */
59 59
60 mhd_gtls_proc_cert_server_certificate, 60 mhd_gtls_proc_cert_server_certificate,
61 _gnutls_proc_cert_client_certificate, 61 _gnutls_proc_cert_client_certificate,
62 proc_rsa_export_server_kx, 62 proc_rsa_export_server_kx,
63 _gnutls_proc_rsa_client_kx, /* proc client kx */ 63 _gnutls_proc_rsa_client_kx, /* proc client kx */
64 mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ 64 mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
65 mhd_gtls_proc_cert_cert_req /* proc server cert request */ 65 mhd_gtls_proc_cert_cert_req /* proc server cert request */
66}; 66};
67 67
68static int 68static int
@@ -91,7 +91,7 @@ gen_rsa_export_server_kx (mhd_gtls_session_t session, opaque ** data)
91 /* find the appropriate certificate */ 91 /* find the appropriate certificate */
92 if ((ret = 92 if ((ret =
93 mhd_gtls_get_selected_cert (session, &apr_cert_list, 93 mhd_gtls_get_selected_cert (session, &apr_cert_list,
94 &apr_cert_list_length, &apr_pkey)) < 0) 94 &apr_cert_list_length, &apr_pkey)) < 0)
95 { 95 {
96 gnutls_assert (); 96 gnutls_assert ();
97 return ret; 97 return ret;
@@ -108,7 +108,7 @@ gen_rsa_export_server_kx (mhd_gtls_session_t session, opaque ** data)
108 108
109 rsa_params = 109 rsa_params =
110 mhd_gtls_certificate_get_rsa_params (cred->rsa_params, cred->params_func, 110 mhd_gtls_certificate_get_rsa_params (cred->rsa_params, cred->params_func,
111 session); 111 session);
112 rsa_mpis = _gnutls_rsa_params_to_mpi (rsa_params); 112 rsa_mpis = _gnutls_rsa_params_to_mpi (rsa_params);
113 if (rsa_mpis == NULL) 113 if (rsa_mpis == NULL)
114 { 114 {
@@ -117,7 +117,7 @@ gen_rsa_export_server_kx (mhd_gtls_session_t session, opaque ** data)
117 } 117 }
118 118
119 if ((ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, 119 if ((ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
120 sizeof (cert_auth_info_st), 0)) < 0) 120 sizeof (cert_auth_info_st), 0)) < 0)
121 { 121 {
122 gnutls_assert (); 122 gnutls_assert ();
123 return ret; 123 return ret;
@@ -157,7 +157,7 @@ gen_rsa_export_server_kx (mhd_gtls_session_t session, opaque ** data)
157 { 157 {
158 if ((ret = 158 if ((ret =
159 mhd_gtls_tls_sign_params (session, &apr_cert_list[0], 159 mhd_gtls_tls_sign_params (session, &apr_cert_list[0],
160 apr_pkey, &ddata, &signature)) < 0) 160 apr_pkey, &ddata, &signature)) < 0)
161 { 161 {
162 gnutls_assert (); 162 gnutls_assert ();
163 gnutls_free (*data); 163 gnutls_free (*data);
@@ -205,9 +205,9 @@ _gnutls_peers_cert_less_512 (mhd_gtls_session_t session)
205 205
206 if ((ret = 206 if ((ret =
207 mhd_gtls_raw_cert_to_gcert (&peer_cert, 207 mhd_gtls_raw_cert_to_gcert (&peer_cert,
208 session->security_parameters.cert_type, 208 session->security_parameters.cert_type,
209 &info->raw_certificate_list[0], 209 &info->raw_certificate_list[0],
210 CERT_NO_COPY)) < 0) 210 CERT_NO_COPY)) < 0)
211 { 211 {
212 gnutls_assert (); 212 gnutls_assert ();
213 return 0; 213 return 0;
@@ -289,7 +289,7 @@ proc_rsa_export_server_kx (mhd_gtls_session_t session,
289 } 289 }
290 290
291 mhd_gtls_rsa_export_set_pubkey (session, session->key->rsa[1], 291 mhd_gtls_rsa_export_set_pubkey (session, session->key->rsa[1],
292 session->key->rsa[0]); 292 session->key->rsa[0]);
293 293
294 /* VERIFY SIGNATURE */ 294 /* VERIFY SIGNATURE */
295 295
@@ -305,15 +305,16 @@ proc_rsa_export_server_kx (mhd_gtls_session_t session,
305 305
306 if ((ret = 306 if ((ret =
307 mhd_gtls_raw_cert_to_gcert (&peer_cert, 307 mhd_gtls_raw_cert_to_gcert (&peer_cert,
308 session->security_parameters.cert_type, 308 session->security_parameters.cert_type,
309 &info->raw_certificate_list[0], 309 &info->raw_certificate_list[0],
310 CERT_NO_COPY)) < 0) 310 CERT_NO_COPY)) < 0)
311 { 311 {
312 gnutls_assert (); 312 gnutls_assert ();
313 return ret; 313 return ret;
314 } 314 }
315 315
316 ret = mhd_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature); 316 ret =
317 mhd_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature);
317 318
318 mhd_gtls_gcert_deinit (&peer_cert); 319 mhd_gtls_gcert_deinit (&peer_cert);
319 if (ret < 0) 320 if (ret < 0)
diff --git a/src/daemon/https/tls/ext_cert_type.c b/src/daemon/https/tls/ext_cert_type.c
index 3b47fdbb..2a855abf 100644
--- a/src/daemon/https/tls/ext_cert_type.c
+++ b/src/daemon/https/tls/ext_cert_type.c
@@ -47,7 +47,7 @@ inline static int _gnutls_cert_type2num (int record_size);
47 47
48int 48int
49mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session, 49mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session,
50 const opaque * data, size_t _data_size) 50 const opaque * data, size_t _data_size)
51{ 51{
52 int new_type = -1, ret, i; 52 int new_type = -1, ret, i;
53 ssize_t data_size = _data_size; 53 ssize_t data_size = _data_size;
@@ -103,7 +103,7 @@ mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session,
103 /* Check if we support this cert_type */ 103 /* Check if we support this cert_type */
104 if ((ret = 104 if ((ret =
105 mhd_gtls_session_cert_type_supported (session, 105 mhd_gtls_session_cert_type_supported (session,
106 new_type)) < 0) 106 new_type)) < 0)
107 { 107 {
108 gnutls_assert (); 108 gnutls_assert ();
109 continue; 109 continue;
@@ -144,7 +144,7 @@ mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session,
144 */ 144 */
145int 145int
146mhd_gtls_cert_type_send_params (mhd_gtls_session_t session, opaque * data, 146mhd_gtls_cert_type_send_params (mhd_gtls_session_t session, opaque * data,
147 size_t data_size) 147 size_t data_size)
148{ 148{
149 unsigned len, i; 149 unsigned len, i;
150 150
@@ -180,9 +180,9 @@ mhd_gtls_cert_type_send_params (mhd_gtls_session_t session, opaque * data,
180 180
181 for (i = 0; i < len; i++) 181 for (i = 0; i < len; i++)
182 { 182 {
183 data[i + 1] = _gnutls_cert_type2num (session->internals. 183 data[i + 1] =
184 priorities.cert_type. 184 _gnutls_cert_type2num (session->internals.
185 priority[i]); 185 priorities.cert_type.priority[i]);
186 } 186 }
187 return len + 1; 187 return len + 1;
188 } 188 }
diff --git a/src/daemon/https/tls/ext_cert_type.h b/src/daemon/https/tls/ext_cert_type.h
index 616e1e7f..cd9b0acc 100644
--- a/src/daemon/https/tls/ext_cert_type.h
+++ b/src/daemon/https/tls/ext_cert_type.h
@@ -26,6 +26,6 @@
26 * extensions draft. 26 * extensions draft.
27 */ 27 */
28int mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session, 28int mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session,
29 const opaque * data, size_t data_size); 29 const opaque * data, size_t data_size);
30int mhd_gtls_cert_type_send_params (mhd_gtls_session_t session, opaque * data, 30int mhd_gtls_cert_type_send_params (mhd_gtls_session_t session, opaque * data,
31 size_t); 31 size_t);
diff --git a/src/daemon/https/tls/ext_inner_application.c b/src/daemon/https/tls/ext_inner_application.c
index 24dd265f..6c6c83cc 100644
--- a/src/daemon/https/tls/ext_inner_application.c
+++ b/src/daemon/https/tls/ext_inner_application.c
@@ -33,7 +33,7 @@
33 33
34int 34int
35mhd_gtls_inner_app_rcv_params (mhd_gtls_session_t session, 35mhd_gtls_inner_app_rcv_params (mhd_gtls_session_t session,
36 const opaque * data, size_t data_size) 36 const opaque * data, size_t data_size)
37{ 37{
38 mhd_gtls_ext_st *ext = &session->security_parameters.extensions; 38 mhd_gtls_ext_st *ext = &session->security_parameters.extensions;
39 39
@@ -68,7 +68,7 @@ mhd_gtls_inner_app_rcv_params (mhd_gtls_session_t session,
68 */ 68 */
69int 69int
70mhd_gtls_inner_app_send_params (mhd_gtls_session_t session, 70mhd_gtls_inner_app_send_params (mhd_gtls_session_t session,
71 opaque * data, size_t data_size) 71 opaque * data, size_t data_size)
72{ 72{
73 mhd_gtls_ext_st *ext = &session->security_parameters.extensions; 73 mhd_gtls_ext_st *ext = &session->security_parameters.extensions;
74 74
@@ -86,7 +86,8 @@ mhd_gtls_inner_app_send_params (mhd_gtls_session_t session,
86 else 86 else
87#endif 87#endif
88 { 88 {
89 struct gnutls_ia_server_credentials_st * cred = (struct gnutls_ia_server_credentials_st*) 89 struct gnutls_ia_server_credentials_st *cred =
90 (struct gnutls_ia_server_credentials_st *)
90 mhd_gtls_get_cred (session->key, MHD_GNUTLS_CRD_IA, NULL); 91 mhd_gtls_get_cred (session->key, MHD_GNUTLS_CRD_IA, NULL);
91 92
92 if (cred) 93 if (cred)
diff --git a/src/daemon/https/tls/ext_inner_application.h b/src/daemon/https/tls/ext_inner_application.h
index c863fcaa..8ea0ae22 100644
--- a/src/daemon/https/tls/ext_inner_application.h
+++ b/src/daemon/https/tls/ext_inner_application.h
@@ -23,7 +23,6 @@
23 */ 23 */
24 24
25int mhd_gtls_inner_app_rcv_params (mhd_gtls_session_t session, 25int mhd_gtls_inner_app_rcv_params (mhd_gtls_session_t session,
26 const opaque * data, 26 const opaque * data, size_t data_size);
27 size_t data_size);
28int mhd_gtls_inner_app_send_params (mhd_gtls_session_t session, 27int mhd_gtls_inner_app_send_params (mhd_gtls_session_t session,
29 opaque * data, size_t); 28 opaque * data, size_t);
diff --git a/src/daemon/https/tls/ext_max_record.c b/src/daemon/https/tls/ext_max_record.c
index 8c3de8f8..1b5f2be2 100644
--- a/src/daemon/https/tls/ext_max_record.c
+++ b/src/daemon/https/tls/ext_max_record.c
@@ -42,7 +42,7 @@
42 42
43int 43int
44mhd_gtls_max_record_recv_params (mhd_gtls_session_t session, 44mhd_gtls_max_record_recv_params (mhd_gtls_session_t session,
45 const opaque * data, size_t _data_size) 45 const opaque * data, size_t _data_size)
46{ 46{
47 ssize_t new_size; 47 ssize_t new_size;
48 ssize_t data_size = _data_size; 48 ssize_t data_size = _data_size;
@@ -103,7 +103,7 @@ mhd_gtls_max_record_recv_params (mhd_gtls_session_t session,
103 */ 103 */
104int 104int
105mhd_gtls_max_record_send_params (mhd_gtls_session_t session, opaque * data, 105mhd_gtls_max_record_send_params (mhd_gtls_session_t session, opaque * data,
106 size_t data_size) 106 size_t data_size)
107{ 107{
108 uint16_t len; 108 uint16_t len;
109 /* this function sends the client extension data (dnsname) */ 109 /* this function sends the client extension data (dnsname) */
@@ -122,7 +122,7 @@ mhd_gtls_max_record_send_params (mhd_gtls_session_t session, opaque * data,
122 122
123 data[0] = 123 data[0] =
124 (uint8_t) mhd_gtls_mre_record2num (session->internals. 124 (uint8_t) mhd_gtls_mre_record2num (session->internals.
125 proposed_record_size); 125 proposed_record_size);
126 return len; 126 return len;
127 } 127 }
128 128
@@ -142,9 +142,9 @@ mhd_gtls_max_record_send_params (mhd_gtls_session_t session, opaque * data,
142 } 142 }
143 143
144 data[0] = 144 data[0] =
145 (uint8_t) mhd_gtls_mre_record2num (session-> 145 (uint8_t)
146 security_parameters. 146 mhd_gtls_mre_record2num
147 max_record_recv_size); 147 (session->security_parameters.max_record_recv_size);
148 return len; 148 return len;
149 } 149 }
150 150
diff --git a/src/daemon/https/tls/ext_max_record.h b/src/daemon/https/tls/ext_max_record.h
index 487fe40d..361470a9 100644
--- a/src/daemon/https/tls/ext_max_record.h
+++ b/src/daemon/https/tls/ext_max_record.h
@@ -28,6 +28,6 @@
28int mhd_gtls_mre_num2record (int num); 28int mhd_gtls_mre_num2record (int num);
29int mhd_gtls_mre_record2num (uint16_t record_size); 29int mhd_gtls_mre_record2num (uint16_t record_size);
30int mhd_gtls_max_record_recv_params (mhd_gtls_session_t session, 30int mhd_gtls_max_record_recv_params (mhd_gtls_session_t session,
31 const opaque * data, size_t data_size); 31 const opaque * data, size_t data_size);
32int mhd_gtls_max_record_send_params (mhd_gtls_session_t session, opaque * data, 32int mhd_gtls_max_record_send_params (mhd_gtls_session_t session,
33 size_t); 33 opaque * data, size_t);
diff --git a/src/daemon/https/tls/ext_oprfi.c b/src/daemon/https/tls/ext_oprfi.c
index 67a5bcb2..1922fa1c 100644
--- a/src/daemon/https/tls/ext_oprfi.c
+++ b/src/daemon/https/tls/ext_oprfi.c
@@ -112,7 +112,7 @@ oprfi_recv_client (mhd_gtls_session_t session,
112 112
113int 113int
114mhd_gtls_oprfi_recv_params (mhd_gtls_session_t session, 114mhd_gtls_oprfi_recv_params (mhd_gtls_session_t session,
115 const opaque * data, size_t data_size) 115 const opaque * data, size_t data_size)
116{ 116{
117#if MHD_DEBUG_TLS 117#if MHD_DEBUG_TLS
118 if (session->security_parameters.entity == GNUTLS_CLIENT) 118 if (session->security_parameters.entity == GNUTLS_CLIENT)
@@ -123,7 +123,8 @@ mhd_gtls_oprfi_recv_params (mhd_gtls_session_t session,
123} 123}
124 124
125int 125int
126oprfi_send_client (mhd_gtls_session_t session, opaque * data, size_t _data_size) 126oprfi_send_client (mhd_gtls_session_t session, opaque * data,
127 size_t _data_size)
127{ 128{
128 opaque *p = data; 129 opaque *p = data;
129 ssize_t data_size = _data_size; 130 ssize_t data_size = _data_size;
@@ -144,7 +145,8 @@ oprfi_send_client (mhd_gtls_session_t session, opaque * data, size_t _data_size)
144} 145}
145 146
146int 147int
147oprfi_send_server (mhd_gtls_session_t session, opaque * data, size_t _data_size) 148oprfi_send_server (mhd_gtls_session_t session, opaque * data,
149 size_t _data_size)
148{ 150{
149 opaque *p = data; 151 opaque *p = data;
150 int ret; 152 int ret;
@@ -180,11 +182,12 @@ oprfi_send_server (mhd_gtls_session_t session, opaque * data, size_t _data_size)
180 182
181 DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER); 183 DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER);
182 mhd_gtls_write_uint16 (session->security_parameters. 184 mhd_gtls_write_uint16 (session->security_parameters.
183 extensions.oprfi_server_len, p); 185 extensions.oprfi_server_len, p);
184 p += 2; 186 p += 2;
185 187
186 DECR_LENGTH_RET (data_size, session->security_parameters. 188 DECR_LENGTH_RET (data_size,
187 extensions.oprfi_server_len, GNUTLS_E_SHORT_MEMORY_BUFFER); 189 session->security_parameters.extensions.oprfi_server_len,
190 GNUTLS_E_SHORT_MEMORY_BUFFER);
188 191
189 memcpy (p, session->security_parameters.extensions.oprfi_server, 192 memcpy (p, session->security_parameters.extensions.oprfi_server,
190 session->security_parameters.extensions.oprfi_server_len); 193 session->security_parameters.extensions.oprfi_server_len);
@@ -194,9 +197,9 @@ oprfi_send_server (mhd_gtls_session_t session, opaque * data, size_t _data_size)
194 197
195int 198int
196mhd_gtls_oprfi_send_params (mhd_gtls_session_t session, 199mhd_gtls_oprfi_send_params (mhd_gtls_session_t session,
197 opaque * data, size_t data_size) 200 opaque * data, size_t data_size)
198{ 201{
199 return oprfi_send_server (session, data, data_size); 202 return oprfi_send_server (session, data, data_size);
200} 203}
201 204
202/** 205/**
@@ -214,7 +217,7 @@ mhd_gtls_oprfi_send_params (mhd_gtls_session_t session,
214 **/ 217 **/
215void 218void
216MHD_gtls_oprfi_enable_client (mhd_gtls_session_t session, 219MHD_gtls_oprfi_enable_client (mhd_gtls_session_t session,
217 size_t len, unsigned char *data) 220 size_t len, unsigned char *data)
218{ 221{
219 session->security_parameters.extensions.oprfi_client_len = len; 222 session->security_parameters.extensions.oprfi_client_len = len;
220 session->security_parameters.extensions.oprfi_client = data; 223 session->security_parameters.extensions.oprfi_client = data;
@@ -242,7 +245,7 @@ MHD_gtls_oprfi_enable_client (mhd_gtls_session_t session,
242 **/ 245 **/
243void 246void
244MHD_gtls_oprfi_enable_server (mhd_gtls_session_t session, 247MHD_gtls_oprfi_enable_server (mhd_gtls_session_t session,
245 gnutls_oprfi_callback_func cb, void *userdata) 248 gnutls_oprfi_callback_func cb, void *userdata)
246{ 249{
247 session->security_parameters.extensions.oprfi_cb = cb; 250 session->security_parameters.extensions.oprfi_cb = cb;
248 session->security_parameters.extensions.oprfi_userdata = userdata; 251 session->security_parameters.extensions.oprfi_userdata = userdata;
diff --git a/src/daemon/https/tls/ext_oprfi.h b/src/daemon/https/tls/ext_oprfi.h
index 27a9c96a..defb672b 100644
--- a/src/daemon/https/tls/ext_oprfi.h
+++ b/src/daemon/https/tls/ext_oprfi.h
@@ -25,9 +25,7 @@
25#include <gnutls_int.h> 25#include <gnutls_int.h>
26 26
27int mhd_gtls_oprfi_recv_params (mhd_gtls_session_t state, 27int mhd_gtls_oprfi_recv_params (mhd_gtls_session_t state,
28 const opaque * data, 28 const opaque * data, size_t data_size);
29 size_t data_size);
30 29
31int mhd_gtls_oprfi_send_params (mhd_gtls_session_t state, 30int mhd_gtls_oprfi_send_params (mhd_gtls_session_t state,
32 opaque * data, 31 opaque * data, size_t data_size);
33 size_t data_size);
diff --git a/src/daemon/https/tls/ext_server_name.c b/src/daemon/https/tls/ext_server_name.c
index 8c045ae3..64ef0b06 100644
--- a/src/daemon/https/tls/ext_server_name.c
+++ b/src/daemon/https/tls/ext_server_name.c
@@ -40,7 +40,7 @@
40 40
41int 41int
42mhd_gtls_server_name_recv_params (mhd_gtls_session_t session, 42mhd_gtls_server_name_recv_params (mhd_gtls_session_t session,
43 const opaque * data, size_t _data_size) 43 const opaque * data, size_t _data_size)
44{ 44{
45 int i; 45 int i;
46 const unsigned char *p; 46 const unsigned char *p;
@@ -125,7 +125,7 @@ mhd_gtls_server_name_recv_params (mhd_gtls_session_t session,
125 */ 125 */
126int 126int
127mhd_gtls_server_name_send_params (mhd_gtls_session_t session, 127mhd_gtls_server_name_send_params (mhd_gtls_session_t session,
128 opaque * data, size_t _data_size) 128 opaque * data, size_t _data_size)
129{ 129{
130 int total_size = 0; 130 int total_size = 0;
131#if MHD_DEBUG_TLS 131#if MHD_DEBUG_TLS
@@ -234,8 +234,8 @@ mhd_gtls_server_name_send_params (mhd_gtls_session_t session,
234 **/ 234 **/
235int 235int
236MHD_gnutls_server_name_get (mhd_gtls_session_t session, void *data, 236MHD_gnutls_server_name_get (mhd_gtls_session_t session, void *data,
237 size_t * data_length, 237 size_t * data_length,
238 unsigned int *type, unsigned int indx) 238 unsigned int *type, unsigned int indx)
239{ 239{
240 char *_data = data; 240 char *_data = data;
241#if MHD_DEBUG_TLS 241#if MHD_DEBUG_TLS
@@ -259,8 +259,8 @@ MHD_gnutls_server_name_get (mhd_gtls_session_t session, void *data,
259 session->security_parameters.extensions.server_names[indx]. 259 session->security_parameters.extensions.server_names[indx].
260 name_length; 260 name_length;
261 memcpy (data, 261 memcpy (data,
262 session->security_parameters.extensions.server_names[indx]. 262 session->security_parameters.extensions.server_names[indx].name,
263 name, *data_length); 263 *data_length);
264 264
265 if (*type == GNUTLS_NAME_DNS) /* null terminate */ 265 if (*type == GNUTLS_NAME_DNS) /* null terminate */
266 _data[(*data_length)] = 0; 266 _data[(*data_length)] = 0;
@@ -296,8 +296,8 @@ MHD_gnutls_server_name_get (mhd_gtls_session_t session, void *data,
296 **/ 296 **/
297int 297int
298MHD_gnutls_server_name_set (mhd_gtls_session_t session, 298MHD_gnutls_server_name_set (mhd_gtls_session_t session,
299 gnutls_server_name_type_t type, 299 gnutls_server_name_type_t type,
300 const void *name, size_t name_length) 300 const void *name, size_t name_length)
301{ 301{
302 int server_names; 302 int server_names;
303 303
diff --git a/src/daemon/https/tls/ext_server_name.h b/src/daemon/https/tls/ext_server_name.h
index 7a471ad4..5de9304f 100644
--- a/src/daemon/https/tls/ext_server_name.h
+++ b/src/daemon/https/tls/ext_server_name.h
@@ -23,6 +23,6 @@
23 */ 23 */
24 24
25int mhd_gtls_server_name_recv_params (mhd_gtls_session_t session, 25int mhd_gtls_server_name_recv_params (mhd_gtls_session_t session,
26 const opaque * data, size_t data_size); 26 const opaque * data, size_t data_size);
27int mhd_gtls_server_name_send_params (mhd_gtls_session_t session, 27int mhd_gtls_server_name_send_params (mhd_gtls_session_t session,
28 opaque * data, size_t); 28 opaque * data, size_t);
diff --git a/src/daemon/https/tls/gnutls_alert.c b/src/daemon/https/tls/gnutls_alert.c
index 36c65362..ba5ee803 100644
--- a/src/daemon/https/tls/gnutls_alert.c
+++ b/src/daemon/https/tls/gnutls_alert.c
@@ -116,7 +116,7 @@ MHD_gnutls_alert_get_name (gnutls_alert_description_t alert)
116 **/ 116 **/
117int 117int
118MHD_gnutls_alert_send (mhd_gtls_session_t session, gnutls_alert_level_t level, 118MHD_gnutls_alert_send (mhd_gtls_session_t session, gnutls_alert_level_t level,
119 gnutls_alert_description_t desc) 119 gnutls_alert_description_t desc)
120{ 120{
121 uint8_t data[2]; 121 uint8_t data[2];
122 int ret; 122 int ret;
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c
index 16e67fbd..6d25ff55 100644
--- a/src/daemon/https/tls/gnutls_algorithms.c
+++ b/src/daemon/https/tls/gnutls_algorithms.c
@@ -37,7 +37,7 @@ typedef struct
37{ 37{
38 enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm; 38 enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm;
39 enum MHD_GNUTLS_CredentialsType client_type; 39 enum MHD_GNUTLS_CredentialsType client_type;
40 enum MHD_GNUTLS_CredentialsType server_type; /* The type of credentials a server 40 enum MHD_GNUTLS_CredentialsType server_type; /* The type of credentials a server
41 * needs to set */ 41 * needs to set */
42} gnutls_cred_map; 42} gnutls_cred_map;
43 43
@@ -130,7 +130,7 @@ static const gnutls_pk_map mhd_gtls_pk_mappings[] = {
130typedef struct 130typedef struct
131{ 131{
132 const char *name; 132 const char *name;
133 enum MHD_GNUTLS_Protocol id; /* gnutls internal version number */ 133 enum MHD_GNUTLS_Protocol id; /* gnutls internal version number */
134 int major; /* defined by the protocol */ 134 int major; /* defined by the protocol */
135 int minor; /* defined by the protocol */ 135 int minor; /* defined by the protocol */
136 int supported; /* 0 not supported, > 0 is supported */ 136 int supported; /* 0 not supported, > 0 is supported */
@@ -165,7 +165,8 @@ static const gnutls_version_entry mhd_gtls_sup_versions[] = {
165}; 165};
166 166
167/* Keep the contents of this struct the same as the previous one. */ 167/* Keep the contents of this struct the same as the previous one. */
168static const enum MHD_GNUTLS_Protocol mhd_gtls_supported_protocols[] = { MHD_GNUTLS_SSL3, 168static const enum MHD_GNUTLS_Protocol mhd_gtls_supported_protocols[] =
169{ MHD_GNUTLS_SSL3,
169 MHD_GNUTLS_TLS1_0, 170 MHD_GNUTLS_TLS1_0,
170 MHD_GNUTLS_TLS1_1, 171 MHD_GNUTLS_TLS1_1,
171 MHD_GNUTLS_TLS1_2, 172 MHD_GNUTLS_TLS1_2,
@@ -272,7 +273,7 @@ static const gnutls_cipher_entry mhd_gtls_algorithms[] = {
272 273
273/* Keep the contents of this struct the same as the previous one. */ 274/* Keep the contents of this struct the same as the previous one. */
274static const enum MHD_GNUTLS_CipherAlgorithm mhd_gtls_supported_ciphers[] = 275static const enum MHD_GNUTLS_CipherAlgorithm mhd_gtls_supported_ciphers[] =
275 { MHD_GNUTLS_CIPHER_AES_256_CBC, 276{ MHD_GNUTLS_CIPHER_AES_256_CBC,
276 MHD_GNUTLS_CIPHER_AES_128_CBC, 277 MHD_GNUTLS_CIPHER_AES_128_CBC,
277 MHD_GNUTLS_CIPHER_3DES_CBC, 278 MHD_GNUTLS_CIPHER_3DES_CBC,
278 MHD_GNUTLS_CIPHER_DES_CBC, 279 MHD_GNUTLS_CIPHER_DES_CBC,
@@ -327,7 +328,8 @@ static const gnutls_hash_entry mhd_gtls_hash_algorithms[] = {
327}; 328};
328 329
329/* Keep the contents of this struct the same as the previous one. */ 330/* Keep the contents of this struct the same as the previous one. */
330static const enum MHD_GNUTLS_HashAlgorithm mhd_gtls_supported_macs[] = { MHD_GNUTLS_MAC_SHA1, 331static const enum MHD_GNUTLS_HashAlgorithm mhd_gtls_supported_macs[] =
332{ MHD_GNUTLS_MAC_SHA1,
331 MHD_GNUTLS_MAC_MD5, 333 MHD_GNUTLS_MAC_MD5,
332 MHD_GNUTLS_MAC_SHA256, 334 MHD_GNUTLS_MAC_SHA256,
333 MHD_GNUTLS_MAC_NULL, 335 MHD_GNUTLS_MAC_NULL,
@@ -364,7 +366,9 @@ gnutls_compression_entry _gnutls_compression_algorithms[MAX_COMP_METHODS] =
364 0} 366 0}
365}; 367};
366 368
367static const enum MHD_GNUTLS_CompressionMethod mhd_gtls_supported_compressions[] = { 369static const enum MHD_GNUTLS_CompressionMethod
370 mhd_gtls_supported_compressions[] =
371{
368#ifdef HAVE_LIBZ 372#ifdef HAVE_LIBZ
369 MHD_GNUTLS_COMP_DEFLATE, 373 MHD_GNUTLS_COMP_DEFLATE,
370#endif 374#endif
@@ -444,7 +448,8 @@ static const mhd_gtls_kx_algo_entry_t mhd_gtls_kx_algorithms[] = {
444}; 448};
445 449
446/* Keep the contents of this struct the same as the previous one. */ 450/* Keep the contents of this struct the same as the previous one. */
447static const enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_supported_kxs[] = { 451static const enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_supported_kxs[] =
452{
448#ifdef ENABLE_ANON 453#ifdef ENABLE_ANON
449 MHD_GNUTLS_KX_ANON_DH, 454 MHD_GNUTLS_KX_ANON_DH,
450#endif 455#endif
@@ -482,9 +487,9 @@ typedef struct
482 enum MHD_GNUTLS_CipherAlgorithm block_algorithm; 487 enum MHD_GNUTLS_CipherAlgorithm block_algorithm;
483 enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm; 488 enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm;
484 enum MHD_GNUTLS_HashAlgorithm mac_algorithm; 489 enum MHD_GNUTLS_HashAlgorithm mac_algorithm;
485 enum MHD_GNUTLS_Protocol version; /* this cipher suite is supported 490 enum MHD_GNUTLS_Protocol version; /* this cipher suite is supported
486 * from 'version' and above; 491 * from 'version' and above;
487 */ 492 */
488} mhd_gtls_cipher_suite_entry; 493} mhd_gtls_cipher_suite_entry;
489 494
490/* RSA with NULL cipher and MD5 MAC 495/* RSA with NULL cipher and MD5 MAC
@@ -763,7 +768,7 @@ static const mhd_gtls_cipher_suite_entry mhd_gtls_cs_algorithms[] = {
763 768
764int 769int
765mhd_gtls_mac_priority (mhd_gtls_session_t session, 770mhd_gtls_mac_priority (mhd_gtls_session_t session,
766 enum MHD_GNUTLS_HashAlgorithm algorithm) 771 enum MHD_GNUTLS_HashAlgorithm algorithm)
767{ /* actually returns the priority */ 772{ /* actually returns the priority */
768 unsigned int i; 773 unsigned int i;
769 for (i = 0; i < session->internals.priorities.mac.num_algorithms; i++) 774 for (i = 0; i < session->internals.priorities.mac.num_algorithms; i++)
@@ -889,10 +894,11 @@ mhd_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm)
889/* Compression Functions */ 894/* Compression Functions */
890int 895int
891mhd_gtls_compression_priority (mhd_gtls_session_t session, 896mhd_gtls_compression_priority (mhd_gtls_session_t session,
892 enum MHD_GNUTLS_CompressionMethod algorithm) 897 enum MHD_GNUTLS_CompressionMethod algorithm)
893{ /* actually returns the priority */ 898{ /* actually returns the priority */
894 unsigned int i; 899 unsigned int i;
895 for (i = 0; i < session->internals.priorities.compression.num_algorithms; i++) 900 for (i = 0; i < session->internals.priorities.compression.num_algorithms;
901 i++)
896 { 902 {
897 if (session->internals.priorities.compression.priority[i] == algorithm) 903 if (session->internals.priorities.compression.priority[i] == algorithm)
898 return i; 904 return i;
@@ -980,7 +986,8 @@ mhd_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod algorithm)
980} 986}
981 987
982int 988int
983mhd_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod algorithm) 989mhd_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod
990 algorithm)
984{ 991{
985 int ret = -1; 992 int ret = -1;
986 /* avoid prefix */ 993 /* avoid prefix */
@@ -989,7 +996,8 @@ mhd_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod algorithm)
989} 996}
990 997
991int 998int
992mhd_gtls_compression_get_comp_level (enum MHD_GNUTLS_CompressionMethod algorithm) 999mhd_gtls_compression_get_comp_level (enum MHD_GNUTLS_CompressionMethod
1000 algorithm)
993{ 1001{
994 int ret = -1; 1002 int ret = -1;
995 /* avoid prefix */ 1003 /* avoid prefix */
@@ -1036,7 +1044,7 @@ mhd_gtls_cipher_get_block_size (enum MHD_GNUTLS_CipherAlgorithm algorithm)
1036/* returns the priority */ 1044/* returns the priority */
1037int 1045int
1038mhd_gtls_cipher_priority (mhd_gtls_session_t session, 1046mhd_gtls_cipher_priority (mhd_gtls_session_t session,
1039 enum MHD_GNUTLS_CipherAlgorithm algorithm) 1047 enum MHD_GNUTLS_CipherAlgorithm algorithm)
1040{ 1048{
1041 unsigned int i; 1049 unsigned int i;
1042 for (i = 0; i < session->internals.priorities.cipher.num_algorithms; i++) 1050 for (i = 0; i < session->internals.priorities.cipher.num_algorithms; i++)
@@ -1172,7 +1180,7 @@ mhd_gtls_kx_auth_struct (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm)
1172 1180
1173int 1181int
1174mhd_gtls_kx_priority (mhd_gtls_session_t session, 1182mhd_gtls_kx_priority (mhd_gtls_session_t session,
1175 enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) 1183 enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm)
1176{ 1184{
1177 unsigned int i; 1185 unsigned int i;
1178 for (i = 0; i < session->internals.priorities.kx.num_algorithms; i++) 1186 for (i = 0; i < session->internals.priorities.kx.num_algorithms; i++)
@@ -1265,7 +1273,8 @@ mhd_gtls_kx_needs_dh_params (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm)
1265 1273
1266/* Version */ 1274/* Version */
1267int 1275int
1268mhd_gtls_version_priority (mhd_gtls_session_t session, enum MHD_GNUTLS_Protocol version) 1276mhd_gtls_version_priority (mhd_gtls_session_t session,
1277 enum MHD_GNUTLS_Protocol version)
1269{ /* actually returns the priority */ 1278{ /* actually returns the priority */
1270 unsigned int i; 1279 unsigned int i;
1271 1280
@@ -1293,7 +1302,8 @@ mhd_gtls_version_lowest (mhd_gtls_session_t session)
1293 return MHD_GNUTLS_VERSION_UNKNOWN; 1302 return MHD_GNUTLS_VERSION_UNKNOWN;
1294 } 1303 }
1295 else 1304 else
1296 for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++) 1305 for (i = 0; i < session->internals.priorities.protocol.num_algorithms;
1306 i++)
1297 { 1307 {
1298 if (session->internals.priorities.protocol.priority[i] < min) 1308 if (session->internals.priorities.protocol.priority[i] < min)
1299 min = session->internals.priorities.protocol.priority[i]; 1309 min = session->internals.priorities.protocol.priority[i];
@@ -1315,7 +1325,8 @@ mhd_gtls_version_max (mhd_gtls_session_t session)
1315 return MHD_GNUTLS_VERSION_UNKNOWN; 1325 return MHD_GNUTLS_VERSION_UNKNOWN;
1316 } 1326 }
1317 else 1327 else
1318 for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++) 1328 for (i = 0; i < session->internals.priorities.protocol.num_algorithms;
1329 i++)
1319 { 1330 {
1320 if (session->internals.priorities.protocol.priority[i] > max) 1331 if (session->internals.priorities.protocol.priority[i] > max)
1321 max = session->internals.priorities.protocol.priority[i]; 1332 max = session->internals.priorities.protocol.priority[i];
@@ -1412,7 +1423,7 @@ mhd_gtls_version_get_major (enum MHD_GNUTLS_Protocol version)
1412 1423
1413int 1424int
1414mhd_gtls_version_is_supported (mhd_gtls_session_t session, 1425mhd_gtls_version_is_supported (mhd_gtls_session_t session,
1415 const enum MHD_GNUTLS_Protocol version) 1426 const enum MHD_GNUTLS_Protocol version)
1416{ 1427{
1417 int ret = 0; 1428 int ret = 0;
1418 1429
@@ -1444,7 +1455,8 @@ mhd_gtls_map_kx_get_kx (enum MHD_GNUTLS_CredentialsType type, int server)
1444} 1455}
1445 1456
1446enum MHD_GNUTLS_CredentialsType 1457enum MHD_GNUTLS_CredentialsType
1447mhd_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm, int server) 1458mhd_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm,
1459 int server)
1448{ 1460{
1449 enum MHD_GNUTLS_CredentialsType ret = -1; 1461 enum MHD_GNUTLS_CredentialsType ret = -1;
1450 if (server) 1462 if (server)
@@ -1674,7 +1686,7 @@ _gnutls_bsort (mhd_gtls_session_t session, void *_base, size_t nmemb,
1674 1686
1675int 1687int
1676mhd_gtls_supported_ciphersuites_sorted (mhd_gtls_session_t session, 1688mhd_gtls_supported_ciphersuites_sorted (mhd_gtls_session_t session,
1677 cipher_suite_st ** ciphers) 1689 cipher_suite_st ** ciphers)
1678{ 1690{
1679 1691
1680#ifdef SORT_DEBUG 1692#ifdef SORT_DEBUG
@@ -1710,7 +1722,7 @@ mhd_gtls_supported_ciphersuites_sorted (mhd_gtls_session_t session,
1710 1722
1711int 1723int
1712mhd_gtls_supported_ciphersuites (mhd_gtls_session_t session, 1724mhd_gtls_supported_ciphersuites (mhd_gtls_session_t session,
1713 cipher_suite_st ** _ciphers) 1725 cipher_suite_st ** _ciphers)
1714{ 1726{
1715 1727
1716 unsigned int i, ret_count, j; 1728 unsigned int i, ret_count, j;
@@ -1758,16 +1770,16 @@ mhd_gtls_supported_ciphersuites (mhd_gtls_session_t session,
1758 continue; 1770 continue;
1759 1771
1760 if (mhd_gtls_kx_priority (session, 1772 if (mhd_gtls_kx_priority (session,
1761 mhd_gtls_cipher_suite_get_kx_algo (&tmp_ciphers 1773 mhd_gtls_cipher_suite_get_kx_algo
1762 [i])) < 0) 1774 (&tmp_ciphers[i])) < 0)
1763 continue; 1775 continue;
1764 if (mhd_gtls_mac_priority (session, 1776 if (mhd_gtls_mac_priority (session,
1765 mhd_gtls_cipher_suite_get_mac_algo 1777 mhd_gtls_cipher_suite_get_mac_algo
1766 (&tmp_ciphers[i])) < 0) 1778 (&tmp_ciphers[i])) < 0)
1767 continue; 1779 continue;
1768 if (mhd_gtls_cipher_priority (session, 1780 if (mhd_gtls_cipher_priority (session,
1769 mhd_gtls_cipher_suite_get_cipher_algo 1781 mhd_gtls_cipher_suite_get_cipher_algo
1770 (&tmp_ciphers[i])) < 0) 1782 (&tmp_ciphers[i])) < 0)
1771 continue; 1783 continue;
1772 1784
1773 memcpy (&ciphers[j], &tmp_ciphers[i], sizeof (cipher_suite_st)); 1785 memcpy (&ciphers[j], &tmp_ciphers[i], sizeof (cipher_suite_st));
@@ -1816,7 +1828,7 @@ mhd_gtls_supported_ciphersuites (mhd_gtls_session_t session,
1816#define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.num_algorithms 1828#define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.num_algorithms
1817int 1829int
1818mhd_gtls_supported_compression_methods (mhd_gtls_session_t session, 1830mhd_gtls_supported_compression_methods (mhd_gtls_session_t session,
1819 uint8_t ** comp) 1831 uint8_t ** comp)
1820{ 1832{
1821 unsigned int i, j; 1833 unsigned int i, j;
1822 1834
@@ -1826,8 +1838,9 @@ mhd_gtls_supported_compression_methods (mhd_gtls_session_t session,
1826 1838
1827 for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) 1839 for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++)
1828 { 1840 {
1829 int tmp = mhd_gtls_compression_get_num (session->internals.priorities. 1841 int tmp =
1830 compression.priority[i]); 1842 mhd_gtls_compression_get_num (session->internals.priorities.
1843 compression.priority[i]);
1831 1844
1832 /* remove private compression algorithms, if requested. 1845 /* remove private compression algorithms, if requested.
1833 */ 1846 */
@@ -1888,8 +1901,9 @@ MHD_gtls_certificate_type_get_id (const char *name)
1888 return ret; 1901 return ret;
1889} 1902}
1890 1903
1891static const enum MHD_GNUTLS_CertificateType mhd_gtls_supported_certificate_types[] = 1904static const enum MHD_GNUTLS_CertificateType
1892 { MHD_GNUTLS_CRT_X509, 1905 mhd_gtls_supported_certificate_types[] =
1906{ MHD_GNUTLS_CRT_X509,
1893 0 1907 0
1894}; 1908};
1895 1909
@@ -2005,7 +2019,8 @@ mhd_gtls_x509_oid2sign_algorithm (const char *oid)
2005} 2019}
2006 2020
2007gnutls_sign_algorithm_t 2021gnutls_sign_algorithm_t
2008mhd_gtls_x509_pk_to_sign (enum MHD_GNUTLS_PublicKeyAlgorithm pk, enum MHD_GNUTLS_HashAlgorithm mac) 2022mhd_gtls_x509_pk_to_sign (enum MHD_GNUTLS_PublicKeyAlgorithm pk,
2023 enum MHD_GNUTLS_HashAlgorithm mac)
2009{ 2024{
2010 gnutls_sign_algorithm_t ret = 0; 2025 gnutls_sign_algorithm_t ret = 0;
2011 2026
@@ -2021,7 +2036,7 @@ mhd_gtls_x509_pk_to_sign (enum MHD_GNUTLS_PublicKeyAlgorithm pk, enum MHD_GNUTLS
2021 2036
2022const char * 2037const char *
2023mhd_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk, 2038mhd_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk,
2024 enum MHD_GNUTLS_HashAlgorithm mac) 2039 enum MHD_GNUTLS_HashAlgorithm mac)
2025{ 2040{
2026 gnutls_sign_algorithm_t sign; 2041 gnutls_sign_algorithm_t sign;
2027 const char *ret = NULL; 2042 const char *ret = NULL;
diff --git a/src/daemon/https/tls/gnutls_algorithms.h b/src/daemon/https/tls/gnutls_algorithms.h
index 5f1a7846..c98e3c41 100644
--- a/src/daemon/https/tls/gnutls_algorithms.h
+++ b/src/daemon/https/tls/gnutls_algorithms.h
@@ -31,83 +31,106 @@
31enum MHD_GNUTLS_Protocol mhd_gtls_version_lowest (mhd_gtls_session_t session); 31enum MHD_GNUTLS_Protocol mhd_gtls_version_lowest (mhd_gtls_session_t session);
32enum MHD_GNUTLS_Protocol mhd_gtls_version_max (mhd_gtls_session_t session); 32enum MHD_GNUTLS_Protocol mhd_gtls_version_max (mhd_gtls_session_t session);
33int mhd_gtls_version_priority (mhd_gtls_session_t session, 33int mhd_gtls_version_priority (mhd_gtls_session_t session,
34 enum MHD_GNUTLS_Protocol version); 34 enum MHD_GNUTLS_Protocol version);
35int mhd_gtls_version_is_supported (mhd_gtls_session_t session, 35int mhd_gtls_version_is_supported (mhd_gtls_session_t session,
36 const enum MHD_GNUTLS_Protocol version); 36 const enum MHD_GNUTLS_Protocol version);
37int mhd_gtls_version_get_major (enum MHD_GNUTLS_Protocol ver); 37int mhd_gtls_version_get_major (enum MHD_GNUTLS_Protocol ver);
38int mhd_gtls_version_get_minor (enum MHD_GNUTLS_Protocol ver); 38int mhd_gtls_version_get_minor (enum MHD_GNUTLS_Protocol ver);
39enum MHD_GNUTLS_Protocol mhd_gtls_version_get (int major, int minor); 39enum MHD_GNUTLS_Protocol mhd_gtls_version_get (int major, int minor);
40 40
41/* Functions for MACs. */ 41/* Functions for MACs. */
42int mhd_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm); 42int mhd_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm);
43enum MHD_GNUTLS_HashAlgorithm mhd_gtls_x509_oid2mac_algorithm (const char *oid); 43enum MHD_GNUTLS_HashAlgorithm mhd_gtls_x509_oid2mac_algorithm (const char
44const char * mhd_gtls_x509_mac_to_oid (enum MHD_GNUTLS_HashAlgorithm mac); 44 *oid);
45const char *mhd_gtls_x509_mac_to_oid (enum MHD_GNUTLS_HashAlgorithm mac);
45 46
46/* Functions for cipher suites. */ 47/* Functions for cipher suites. */
47int mhd_gtls_supported_ciphersuites (mhd_gtls_session_t session, 48int mhd_gtls_supported_ciphersuites (mhd_gtls_session_t session,
48 cipher_suite_st ** ciphers); 49 cipher_suite_st ** ciphers);
49int mhd_gtls_supported_ciphersuites_sorted (mhd_gtls_session_t session, 50int mhd_gtls_supported_ciphersuites_sorted (mhd_gtls_session_t session,
50 cipher_suite_st ** ciphers); 51 cipher_suite_st ** ciphers);
51int mhd_gtls_supported_compression_methods (mhd_gtls_session_t session, 52int mhd_gtls_supported_compression_methods (mhd_gtls_session_t session,
52 uint8_t ** comp); 53 uint8_t ** comp);
53const char * mhd_gtls_cipher_suite_get_name (cipher_suite_st * algorithm); 54const char *mhd_gtls_cipher_suite_get_name (cipher_suite_st * algorithm);
54enum MHD_GNUTLS_CipherAlgorithm mhd_gtls_cipher_suite_get_cipher_algo (const 55enum MHD_GNUTLS_CipherAlgorithm mhd_gtls_cipher_suite_get_cipher_algo (const
55 cipher_suite_st 56 cipher_suite_st
56 * algorithm); 57 *
57enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_cipher_suite_get_kx_algo (const cipher_suite_st 58 algorithm);
58 * algorithm); 59enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_cipher_suite_get_kx_algo (const
60 cipher_suite_st
61 *
62 algorithm);
59enum MHD_GNUTLS_HashAlgorithm mhd_gtls_cipher_suite_get_mac_algo (const 63enum MHD_GNUTLS_HashAlgorithm mhd_gtls_cipher_suite_get_mac_algo (const
60 cipher_suite_st * 64 cipher_suite_st
61 algorithm); 65 *
62enum MHD_GNUTLS_Protocol mhd_gtls_cipher_suite_get_version (const cipher_suite_st * 66 algorithm);
63 algorithm); 67enum MHD_GNUTLS_Protocol mhd_gtls_cipher_suite_get_version (const
68 cipher_suite_st *
69 algorithm);
64cipher_suite_st mhd_gtls_cipher_suite_get_suite_name (cipher_suite_st * 70cipher_suite_st mhd_gtls_cipher_suite_get_suite_name (cipher_suite_st *
65 algorithm); 71 algorithm);
66 72
67/* Functions for ciphers. */ 73/* Functions for ciphers. */
68int mhd_gtls_cipher_get_block_size (enum MHD_GNUTLS_CipherAlgorithm algorithm); 74int mhd_gtls_cipher_get_block_size (enum MHD_GNUTLS_CipherAlgorithm
75 algorithm);
69int mhd_gtls_cipher_is_block (enum MHD_GNUTLS_CipherAlgorithm algorithm); 76int mhd_gtls_cipher_is_block (enum MHD_GNUTLS_CipherAlgorithm algorithm);
70int mhd_gtls_cipher_is_ok (enum MHD_GNUTLS_CipherAlgorithm algorithm); 77int mhd_gtls_cipher_is_ok (enum MHD_GNUTLS_CipherAlgorithm algorithm);
71int mhd_gtls_cipher_get_iv_size (enum MHD_GNUTLS_CipherAlgorithm algorithm); 78int mhd_gtls_cipher_get_iv_size (enum MHD_GNUTLS_CipherAlgorithm algorithm);
72int mhd_gtls_cipher_get_export_flag (enum MHD_GNUTLS_CipherAlgorithm algorithm); 79int mhd_gtls_cipher_get_export_flag (enum MHD_GNUTLS_CipherAlgorithm
80 algorithm);
73 81
74/* Functions for key exchange. */ 82/* Functions for key exchange. */
75int mhd_gtls_kx_needs_dh_params (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); 83int mhd_gtls_kx_needs_dh_params (enum MHD_GNUTLS_KeyExchangeAlgorithm
76int mhd_gtls_kx_needs_rsa_params (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); 84 algorithm);
77mhd_gtls_mod_auth_st * mhd_gtls_kx_auth_struct (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); 85int mhd_gtls_kx_needs_rsa_params (enum MHD_GNUTLS_KeyExchangeAlgorithm
86 algorithm);
87mhd_gtls_mod_auth_st *mhd_gtls_kx_auth_struct (enum
88 MHD_GNUTLS_KeyExchangeAlgorithm
89 algorithm);
78int mhd_gtls_kx_is_ok (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); 90int mhd_gtls_kx_is_ok (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm);
79 91
80/* Functions for compression. */ 92/* Functions for compression. */
81int mhd_gtls_compression_is_ok (enum MHD_GNUTLS_CompressionMethod algorithm); 93int mhd_gtls_compression_is_ok (enum MHD_GNUTLS_CompressionMethod algorithm);
82int mhd_gtls_compression_get_num (enum MHD_GNUTLS_CompressionMethod algorithm); 94int mhd_gtls_compression_get_num (enum MHD_GNUTLS_CompressionMethod
95 algorithm);
83enum MHD_GNUTLS_CompressionMethod mhd_gtls_compression_get_id (int num); 96enum MHD_GNUTLS_CompressionMethod mhd_gtls_compression_get_id (int num);
84int mhd_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod algorithm); 97int mhd_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod
98 algorithm);
85int mhd_gtls_compression_get_comp_level (enum MHD_GNUTLS_CompressionMethod 99int mhd_gtls_compression_get_comp_level (enum MHD_GNUTLS_CompressionMethod
86 algorithm); 100 algorithm);
87int mhd_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod algorithm); 101int mhd_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod
102 algorithm);
88 103
89/* Type to KX mappings. */ 104/* Type to KX mappings. */
90enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_map_kx_get_kx (enum MHD_GNUTLS_CredentialsType type, 105enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_map_kx_get_kx (enum
91 int server); 106 MHD_GNUTLS_CredentialsType
92enum MHD_GNUTLS_CredentialsType mhd_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm 107 type,
93 algorithm, int server); 108 int server);
109enum MHD_GNUTLS_CredentialsType mhd_gtls_map_kx_get_cred (enum
110 MHD_GNUTLS_KeyExchangeAlgorithm
111 algorithm,
112 int server);
94 113
95/* KX to PK mapping. */ 114/* KX to PK mapping. */
96enum MHD_GNUTLS_PublicKeyAlgorithm mhd_gtls_map_pk_get_pk (enum MHD_GNUTLS_KeyExchangeAlgorithm 115enum MHD_GNUTLS_PublicKeyAlgorithm mhd_gtls_map_pk_get_pk (enum
97 kx_algorithm); 116 MHD_GNUTLS_KeyExchangeAlgorithm
98enum MHD_GNUTLS_PublicKeyAlgorithm mhd_gtls_x509_oid2pk_algorithm (const char *oid); 117 kx_algorithm);
99const char * mhd_gtls_x509_pk_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk); 118enum MHD_GNUTLS_PublicKeyAlgorithm mhd_gtls_x509_oid2pk_algorithm (const char
119 *oid);
120const char *mhd_gtls_x509_pk_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk);
100 121
101enum encipher_type 122enum encipher_type
102{ CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN }; 123{ CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN };
103 124
104enum encipher_type mhd_gtls_kx_encipher_type (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); 125enum encipher_type mhd_gtls_kx_encipher_type (enum
126 MHD_GNUTLS_KeyExchangeAlgorithm
127 algorithm);
105 128
106struct mhd_gtls_compression_entry 129struct mhd_gtls_compression_entry
107{ 130{
108 const char *name; 131 const char *name;
109 enum MHD_GNUTLS_CompressionMethod id; 132 enum MHD_GNUTLS_CompressionMethod id;
110 int num; /* the number reserved in TLS for the specific compression method */ 133 int num; /* the number reserved in TLS for the specific compression method */
111 134
112 /* used in zlib compressor */ 135 /* used in zlib compressor */
113 int window_bits; 136 int window_bits;
@@ -118,24 +141,30 @@ typedef struct mhd_gtls_compression_entry gnutls_compression_entry;
118 141
119/* Functions for sign algorithms. */ 142/* Functions for sign algorithms. */
120gnutls_sign_algorithm_t mhd_gtls_x509_oid2sign_algorithm (const char *oid); 143gnutls_sign_algorithm_t mhd_gtls_x509_oid2sign_algorithm (const char *oid);
121gnutls_sign_algorithm_t mhd_gtls_x509_pk_to_sign (enum MHD_GNUTLS_PublicKeyAlgorithm pk, 144gnutls_sign_algorithm_t mhd_gtls_x509_pk_to_sign (enum
122 enum MHD_GNUTLS_HashAlgorithm mac); 145 MHD_GNUTLS_PublicKeyAlgorithm
123const char * mhd_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm, 146 pk,
124 enum MHD_GNUTLS_HashAlgorithm mac); 147 enum
148 MHD_GNUTLS_HashAlgorithm
149 mac);
150const char *mhd_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm,
151 enum MHD_GNUTLS_HashAlgorithm mac);
125 152
126int mhd_gtls_mac_priority (mhd_gtls_session_t session, 153int mhd_gtls_mac_priority (mhd_gtls_session_t session,
127 enum MHD_GNUTLS_HashAlgorithm algorithm); 154 enum MHD_GNUTLS_HashAlgorithm algorithm);
128int mhd_gtls_cipher_priority (mhd_gtls_session_t session, 155int mhd_gtls_cipher_priority (mhd_gtls_session_t session,
129 enum MHD_GNUTLS_CipherAlgorithm algorithm); 156 enum MHD_GNUTLS_CipherAlgorithm algorithm);
130int mhd_gtls_kx_priority (mhd_gtls_session_t session, 157int mhd_gtls_kx_priority (mhd_gtls_session_t session,
131 enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); 158 enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm);
132int mhd_gtls_compression_priority (mhd_gtls_session_t session, 159int mhd_gtls_compression_priority (mhd_gtls_session_t session,
133 enum MHD_GNUTLS_CompressionMethod algorithm); 160 enum MHD_GNUTLS_CompressionMethod
134 161 algorithm);
135enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char* name); 162
136enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char* name); 163enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name);
137enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char* name); 164enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name);
138enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char* name); 165enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char *name);
139enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char* name); 166enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char *name);
167enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char
168 *name);
140 169
141#endif 170#endif
diff --git a/src/daemon/https/tls/gnutls_anon_cred.c b/src/daemon/https/tls/gnutls_anon_cred.c
index 9fd344db..3ea9768d 100644
--- a/src/daemon/https/tls/gnutls_anon_cred.c
+++ b/src/daemon/https/tls/gnutls_anon_cred.c
@@ -43,7 +43,8 @@ static const int anon_dummy;
43 * helper function is provided in order to free (deallocate) it. 43 * helper function is provided in order to free (deallocate) it.
44 **/ 44 **/
45void 45void
46MHD_gnutls_anon_free_server_credentials (mhd_gtls_anon_server_credentials_t sc) 46MHD_gnutls_anon_free_server_credentials (mhd_gtls_anon_server_credentials_t
47 sc)
47{ 48{
48 49
49 gnutls_free (sc); 50 gnutls_free (sc);
@@ -59,12 +60,12 @@ MHD_gnutls_anon_free_server_credentials (mhd_gtls_anon_server_credentials_t sc)
59 * Returns: %GNUTLS_E_SUCCESS on success, or an error code. 60 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
60 **/ 61 **/
61int 62int
62MHD_gnutls_anon_allocate_server_credentials (mhd_gtls_anon_server_credentials_t * 63 MHD_gnutls_anon_allocate_server_credentials
63 sc) 64 (mhd_gtls_anon_server_credentials_t * sc)
64{ 65{
65 *sc = gnutls_calloc (1, sizeof (mhd_anon_server_credentials_st)); 66 *sc = gnutls_calloc (1, sizeof (mhd_anon_server_credentials_st));
66 if (*sc == NULL) 67 if (*sc == NULL)
67 return GNUTLS_E_MEMORY_ERROR; 68 return GNUTLS_E_MEMORY_ERROR;
68 69
69 return 0; 70 return 0;
70} 71}
@@ -78,7 +79,8 @@ MHD_gnutls_anon_allocate_server_credentials (mhd_gtls_anon_server_credentials_t
78 * helper function is provided in order to free (deallocate) it. 79 * helper function is provided in order to free (deallocate) it.
79 **/ 80 **/
80void 81void
81MHD_gnutls_anon_free_client_credentials (mhd_gtls_anon_client_credentials_t sc) 82MHD_gnutls_anon_free_client_credentials (mhd_gtls_anon_client_credentials_t
83 sc)
82{ 84{
83} 85}
84 86
@@ -92,8 +94,8 @@ MHD_gnutls_anon_free_client_credentials (mhd_gtls_anon_client_credentials_t sc)
92 * Returns: %GNUTLS_E_SUCCESS on success, or an error code. 94 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
93 **/ 95 **/
94int 96int
95MHD_gnutls_anon_allocate_client_credentials (mhd_gtls_anon_client_credentials_t * 97 MHD_gnutls_anon_allocate_client_credentials
96 sc) 98 (mhd_gtls_anon_client_credentials_t * sc)
97{ 99{
98 /* anon_dummy is only there for *sc not to be null. 100 /* anon_dummy is only there for *sc not to be null.
99 * it is not used at all; 101 * it is not used at all;
@@ -114,7 +116,7 @@ MHD_gnutls_anon_allocate_client_credentials (mhd_gtls_anon_client_credentials_t
114 **/ 116 **/
115void 117void
116MHD_gnutls_anon_set_server_dh_params (mhd_gtls_anon_server_credentials_t res, 118MHD_gnutls_anon_set_server_dh_params (mhd_gtls_anon_server_credentials_t res,
117 mhd_gtls_dh_params_t dh_params) 119 mhd_gtls_dh_params_t dh_params)
118{ 120{
119 res->dh_params = dh_params; 121 res->dh_params = dh_params;
120} 122}
@@ -129,8 +131,9 @@ MHD_gnutls_anon_set_server_dh_params (mhd_gtls_anon_server_credentials_t res,
129 * callback should return zero on success. 131 * callback should return zero on success.
130 **/ 132 **/
131void 133void
132MHD_gnutls_anon_set_server_params_function (mhd_gtls_anon_server_credentials_t res, 134MHD_gnutls_anon_set_server_params_function (mhd_gtls_anon_server_credentials_t
133 gnutls_params_function * func) 135 res,
136 gnutls_params_function * func)
134{ 137{
135 res->params_func = func; 138 res->params_func = func;
136} 139}
diff --git a/src/daemon/https/tls/gnutls_auth.c b/src/daemon/https/tls/gnutls_auth.c
index a7ad89cc..1b805c10 100644
--- a/src/daemon/https/tls/gnutls_auth.c
+++ b/src/daemon/https/tls/gnutls_auth.c
@@ -60,7 +60,7 @@ MHD_gnutls_credentials_clear (mhd_gtls_session_t session)
60 } 60 }
61} 61}
62 62
63/* 63/*
64 * This creates a linked list of the form: 64 * This creates a linked list of the form:
65 * { algorithm, credentials, pointer to next } 65 * { algorithm, credentials, pointer to next }
66 */ 66 */
@@ -71,17 +71,17 @@ MHD_gnutls_credentials_clear (mhd_gtls_session_t session)
71 * @cred: is a pointer to a structure. 71 * @cred: is a pointer to a structure.
72 * 72 *
73 * Sets the needed credentials for the specified type. 73 * Sets the needed credentials for the specified type.
74 * Eg username, password - or public and private keys etc. 74 * Eg username, password - or public and private keys etc.
75 * The (void* cred) parameter is a structure that depends on the 75 * The (void* cred) parameter is a structure that depends on the
76 * specified type and on the current session (client or server). 76 * specified type and on the current session (client or server).
77 * [ In order to minimize memory usage, and share credentials between 77 * [ In order to minimize memory usage, and share credentials between
78 * several threads gnutls keeps a pointer to cred, and not the whole cred 78 * several threads gnutls keeps a pointer to cred, and not the whole cred
79 * structure. Thus you will have to keep the structure allocated until 79 * structure. Thus you will have to keep the structure allocated until
80 * you call MHD_gnutls_deinit(). ] 80 * you call MHD_gnutls_deinit(). ]
81 * 81 *
82 * For GNUTLS_CRD_ANON cred should be mhd_gtls_anon_client_credentials_t in case of a client. 82 * For GNUTLS_CRD_ANON cred should be mhd_gtls_anon_client_credentials_t in case of a client.
83 * In case of a server it should be mhd_gtls_anon_server_credentials_t. 83 * In case of a server it should be mhd_gtls_anon_server_credentials_t.
84 * 84 *
85 * For GNUTLS_CRD_SRP cred should be gnutls_srp_client_credentials_t 85 * For GNUTLS_CRD_SRP cred should be gnutls_srp_client_credentials_t
86 * in case of a client, and gnutls_srp_server_credentials_t, in case 86 * in case of a client, and gnutls_srp_server_credentials_t, in case
87 * of a server. 87 * of a server.
@@ -91,7 +91,7 @@ MHD_gnutls_credentials_clear (mhd_gtls_session_t session)
91 **/ 91 **/
92int 92int
93MHD_gnutls_credentials_set (mhd_gtls_session_t session, 93MHD_gnutls_credentials_set (mhd_gtls_session_t session,
94 enum MHD_GNUTLS_CredentialsType type, void *cred) 94 enum MHD_GNUTLS_CredentialsType type, void *cred)
95{ 95{
96 auth_cred_st *ccred = NULL, *pcred = NULL; 96 auth_cred_st *ccred = NULL, *pcred = NULL;
97 int exists = 0; 97 int exists = 0;
@@ -156,7 +156,7 @@ MHD_gnutls_credentials_set (mhd_gtls_session_t session,
156 * Returns type of credentials for the current authentication schema. 156 * Returns type of credentials for the current authentication schema.
157 * The returned information is to be used to distinguish the function used 157 * The returned information is to be used to distinguish the function used
158 * to access authentication data. 158 * to access authentication data.
159 * 159 *
160 * Eg. for CERTIFICATE ciphersuites (key exchange algorithms: KX_RSA, KX_DHE_RSA), 160 * Eg. for CERTIFICATE ciphersuites (key exchange algorithms: KX_RSA, KX_DHE_RSA),
161 * the same function are to be used to access the authentication data. 161 * the same function are to be used to access the authentication data.
162 **/ 162 **/
@@ -170,8 +170,8 @@ MHD_gtls_auth_get_type (mhd_gtls_session_t session)
170 170
171 return 171 return
172 mhd_gtls_map_kx_get_cred (mhd_gtls_cipher_suite_get_kx_algo 172 mhd_gtls_map_kx_get_cred (mhd_gtls_cipher_suite_get_kx_algo
173 (&session->security_parameters. 173 (&session->security_parameters.
174 current_cipher_suite), server); 174 current_cipher_suite), server);
175} 175}
176 176
177/** 177/**
@@ -181,15 +181,15 @@ MHD_gtls_auth_get_type (mhd_gtls_session_t session)
181 * Returns the type of credentials that were used for server authentication. 181 * Returns the type of credentials that were used for server authentication.
182 * The returned information is to be used to distinguish the function used 182 * The returned information is to be used to distinguish the function used
183 * to access authentication data. 183 * to access authentication data.
184 * 184 *
185 **/ 185 **/
186enum MHD_GNUTLS_CredentialsType 186enum MHD_GNUTLS_CredentialsType
187MHD_gtls_auth_server_get_type (mhd_gtls_session_t session) 187MHD_gtls_auth_server_get_type (mhd_gtls_session_t session)
188{ 188{
189 return 189 return
190 mhd_gtls_map_kx_get_cred (mhd_gtls_cipher_suite_get_kx_algo 190 mhd_gtls_map_kx_get_cred (mhd_gtls_cipher_suite_get_kx_algo
191 (&session->security_parameters. 191 (&session->security_parameters.
192 current_cipher_suite), 1); 192 current_cipher_suite), 1);
193} 193}
194 194
195/** 195/**
@@ -199,34 +199,35 @@ MHD_gtls_auth_server_get_type (mhd_gtls_session_t session)
199 * Returns the type of credentials that were used for client authentication. 199 * Returns the type of credentials that were used for client authentication.
200 * The returned information is to be used to distinguish the function used 200 * The returned information is to be used to distinguish the function used
201 * to access authentication data. 201 * to access authentication data.
202 * 202 *
203 **/ 203 **/
204enum MHD_GNUTLS_CredentialsType 204enum MHD_GNUTLS_CredentialsType
205MHD_gtls_auth_client_get_type (mhd_gtls_session_t session) 205MHD_gtls_auth_client_get_type (mhd_gtls_session_t session)
206{ 206{
207 return 207 return
208 mhd_gtls_map_kx_get_cred (mhd_gtls_cipher_suite_get_kx_algo 208 mhd_gtls_map_kx_get_cred (mhd_gtls_cipher_suite_get_kx_algo
209 (&session->security_parameters. 209 (&session->security_parameters.
210 current_cipher_suite), 0); 210 current_cipher_suite), 0);
211} 211}
212 212
213 213
214/* 214/*
215 * This returns a pointer to the linked list. Don't 215 * This returns a pointer to the linked list. Don't
216 * free that!!! 216 * free that!!!
217 */ 217 */
218const void * 218const void *
219mhd_gtls_get_kx_cred (mhd_gtls_session_t session, 219mhd_gtls_get_kx_cred (mhd_gtls_session_t session,
220 enum MHD_GNUTLS_KeyExchangeAlgorithm algo, int *err) 220 enum MHD_GNUTLS_KeyExchangeAlgorithm algo, int *err)
221{ 221{
222 int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0; 222 int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
223 223
224 return mhd_gtls_get_cred (session->key, 224 return mhd_gtls_get_cred (session->key,
225 mhd_gtls_map_kx_get_cred (algo, server), err); 225 mhd_gtls_map_kx_get_cred (algo, server), err);
226} 226}
227 227
228const void * 228const void *
229mhd_gtls_get_cred (mhd_gtls_key_st key, enum MHD_GNUTLS_CredentialsType type, int *err) 229mhd_gtls_get_cred (mhd_gtls_key_st key, enum MHD_GNUTLS_CredentialsType type,
230 int *err)
230{ 231{
231 const void *retval = NULL; 232 const void *retval = NULL;
232 int _err = -1; 233 int _err = -1;
@@ -354,8 +355,8 @@ mhd_gtls_free_auth_info (mhd_gtls_session_t session)
354 */ 355 */
355int 356int
356mhd_gtls_auth_info_set (mhd_gtls_session_t session, 357mhd_gtls_auth_info_set (mhd_gtls_session_t session,
357 enum MHD_GNUTLS_CredentialsType type, int size, 358 enum MHD_GNUTLS_CredentialsType type, int size,
358 int allow_change) 359 int allow_change)
359{ 360{
360 if (session->key->auth_info == NULL) 361 if (session->key->auth_info == NULL)
361 { 362 {
@@ -378,7 +379,8 @@ mhd_gtls_auth_info_set (mhd_gtls_session_t session,
378 * ciphersuite which is negotiated has different authentication 379 * ciphersuite which is negotiated has different authentication
379 * schema. 380 * schema.
380 */ 381 */
381 if (MHD_gtls_auth_get_type (session) != session->key->auth_info_type) 382 if (MHD_gtls_auth_get_type (session) !=
383 session->key->auth_info_type)
382 { 384 {
383 gnutls_assert (); 385 gnutls_assert ();
384 return GNUTLS_E_INVALID_REQUEST; 386 return GNUTLS_E_INVALID_REQUEST;
@@ -392,7 +394,8 @@ mhd_gtls_auth_info_set (mhd_gtls_session_t session,
392 * certificate (in order to prevent revealing the certificate's contents, 394 * certificate (in order to prevent revealing the certificate's contents,
393 * to passive eavesdropers. 395 * to passive eavesdropers.
394 */ 396 */
395 if (MHD_gtls_auth_get_type (session) != session->key->auth_info_type) 397 if (MHD_gtls_auth_get_type (session) !=
398 session->key->auth_info_type)
396 { 399 {
397 400
398 mhd_gtls_free_auth_info (session); 401 mhd_gtls_free_auth_info (session);
diff --git a/src/daemon/https/tls/gnutls_auth.h b/src/daemon/https/tls/gnutls_auth.h
index 89d07d88..a29a1faa 100644
--- a/src/daemon/https/tls/gnutls_auth.h
+++ b/src/daemon/https/tls/gnutls_auth.h
@@ -27,24 +27,25 @@
27 27
28typedef struct mhd_gtls_mod_auth_st_int 28typedef struct mhd_gtls_mod_auth_st_int
29{ 29{
30 const char *name; /* null terminated */ 30 const char *name; /* null terminated */
31 int (* mhd_gtls_gen_server_certificate) (mhd_gtls_session_t, opaque **); 31 int (*mhd_gtls_gen_server_certificate) (mhd_gtls_session_t, opaque **);
32 int (* mhd_gtls_gen_client_certificate) (mhd_gtls_session_t, opaque **); 32 int (*mhd_gtls_gen_client_certificate) (mhd_gtls_session_t, opaque **);
33 int (* mhd_gtls_gen_server_kx) (mhd_gtls_session_t, opaque **); 33 int (*mhd_gtls_gen_server_kx) (mhd_gtls_session_t, opaque **);
34 int (* mhd_gtls_gen_client_kx) (mhd_gtls_session_t, opaque **); /* used in SRP */ 34 int (*mhd_gtls_gen_client_kx) (mhd_gtls_session_t, opaque **); /* used in SRP */
35 int (* mhd_gtls_gen_client_cert_vrfy) (mhd_gtls_session_t, opaque **); 35 int (*mhd_gtls_gen_client_cert_vrfy) (mhd_gtls_session_t, opaque **);
36 int (* mhd_gtls_gen_server_certificate_request) (mhd_gtls_session_t, 36 int (*mhd_gtls_gen_server_certificate_request) (mhd_gtls_session_t,
37 opaque **); 37 opaque **);
38 38
39 int (* mhd_gtls_process_server_certificate) (mhd_gtls_session_t, opaque *, 39 int (*mhd_gtls_process_server_certificate) (mhd_gtls_session_t, opaque *,
40 size_t); 40 size_t);
41 int (* mhd_gtls_process_client_certificate) (mhd_gtls_session_t, opaque *, 41 int (*mhd_gtls_process_client_certificate) (mhd_gtls_session_t, opaque *,
42 size_t); 42 size_t);
43 int (* mhd_gtls_process_server_kx) (mhd_gtls_session_t, opaque *, size_t); 43 int (*mhd_gtls_process_server_kx) (mhd_gtls_session_t, opaque *, size_t);
44 int (* mhd_gtls_process_client_kx) (mhd_gtls_session_t, opaque *, size_t); 44 int (*mhd_gtls_process_client_kx) (mhd_gtls_session_t, opaque *, size_t);
45 int (* mhd_gtls_process_client_cert_vrfy) (mhd_gtls_session_t, opaque *, size_t); 45 int (*mhd_gtls_process_client_cert_vrfy) (mhd_gtls_session_t, opaque *,
46 int (* mhd_gtls_process_server_certificate_request) (mhd_gtls_session_t, 46 size_t);
47 opaque *, size_t); 47 int (*mhd_gtls_process_server_certificate_request) (mhd_gtls_session_t,
48 opaque *, size_t);
48} mhd_gtls_mod_auth_st; 49} mhd_gtls_mod_auth_st;
49 50
50#endif 51#endif
diff --git a/src/daemon/https/tls/gnutls_auth_int.h b/src/daemon/https/tls/gnutls_auth_int.h
index 5ec71e8e..ac821277 100644
--- a/src/daemon/https/tls/gnutls_auth_int.h
+++ b/src/daemon/https/tls/gnutls_auth_int.h
@@ -22,11 +22,12 @@
22 * 22 *
23 */ 23 */
24 24
25const void * mhd_gtls_get_cred (mhd_gtls_key_st key, 25const void *mhd_gtls_get_cred (mhd_gtls_key_st key,
26 enum MHD_GNUTLS_CredentialsType kx, int *err); 26 enum MHD_GNUTLS_CredentialsType kx, int *err);
27const void * mhd_gtls_get_kx_cred (mhd_gtls_session_t session, 27const void *mhd_gtls_get_kx_cred (mhd_gtls_session_t session,
28 enum MHD_GNUTLS_KeyExchangeAlgorithm algo, int *err); 28 enum MHD_GNUTLS_KeyExchangeAlgorithm algo,
29void * mhd_gtls_get_auth_info (mhd_gtls_session_t session); 29 int *err);
30void *mhd_gtls_get_auth_info (mhd_gtls_session_t session);
30int mhd_gtls_auth_info_set (mhd_gtls_session_t session, 31int mhd_gtls_auth_info_set (mhd_gtls_session_t session,
31 enum MHD_GNUTLS_CredentialsType type, int size, 32 enum MHD_GNUTLS_CredentialsType type, int size,
32 int allow_change); 33 int allow_change);
diff --git a/src/daemon/https/tls/gnutls_buffers.c b/src/daemon/https/tls/gnutls_buffers.c
index 92979c26..cb2b9e08 100644
--- a/src/daemon/https/tls/gnutls_buffers.c
+++ b/src/daemon/https/tls/gnutls_buffers.c
@@ -800,9 +800,9 @@ mhd_gtls_io_write_buffered (mhd_gtls_session_t session,
800 { 800 {
801 session->internals.record_send_buffer_prev_size += n - left; 801 session->internals.record_send_buffer_prev_size += n - left;
802 802
803 retval = _gnutls_buffer_insert (&session->internals. 803 retval =
804 record_send_buffer, 804 _gnutls_buffer_insert (&session->internals.record_send_buffer,
805 &ptr[n - left], left); 805 &ptr[n - left], left);
806 if (retval < 0) 806 if (retval < 0)
807 { 807 {
808 gnutls_assert (); 808 gnutls_assert ();
diff --git a/src/daemon/https/tls/gnutls_buffers.h b/src/daemon/https/tls/gnutls_buffers.h
index c3a09097..609c2095 100644
--- a/src/daemon/https/tls/gnutls_buffers.h
+++ b/src/daemon/https/tls/gnutls_buffers.h
@@ -23,32 +23,32 @@
23 */ 23 */
24 24
25int mhd_gnutls_record_buffer_put (content_type_t type, 25int mhd_gnutls_record_buffer_put (content_type_t type,
26 mhd_gtls_session_t session, opaque * data, 26 mhd_gtls_session_t session, opaque * data,
27 size_t length); 27 size_t length);
28int mhd_gnutls_record_buffer_get_size (content_type_t type, 28int mhd_gnutls_record_buffer_get_size (content_type_t type,
29 mhd_gtls_session_t session); 29 mhd_gtls_session_t session);
30int mhd_gtls_record_buffer_get (content_type_t type, 30int mhd_gtls_record_buffer_get (content_type_t type,
31 mhd_gtls_session_t session, opaque * data, 31 mhd_gtls_session_t session, opaque * data,
32 size_t length); 32 size_t length);
33ssize_t mhd_gtls_io_read_buffered (mhd_gtls_session_t, opaque ** iptr, 33ssize_t mhd_gtls_io_read_buffered (mhd_gtls_session_t, opaque ** iptr,
34 size_t n, content_type_t); 34 size_t n, content_type_t);
35void mhd_gtls_io_clear_read_buffer (mhd_gtls_session_t); 35void mhd_gtls_io_clear_read_buffer (mhd_gtls_session_t);
36int mhd_gtls_io_clear_peeked_data (mhd_gtls_session_t session); 36int mhd_gtls_io_clear_peeked_data (mhd_gtls_session_t session);
37 37
38ssize_t mhd_gtls_io_write_buffered (mhd_gtls_session_t, const void *iptr, 38ssize_t mhd_gtls_io_write_buffered (mhd_gtls_session_t, const void *iptr,
39 size_t n); 39 size_t n);
40ssize_t mhd_gtls_io_write_buffered2 (mhd_gtls_session_t, const void *iptr, 40ssize_t mhd_gtls_io_write_buffered2 (mhd_gtls_session_t, const void *iptr,
41 size_t n, const void *iptr2, size_t n2); 41 size_t n, const void *iptr2, size_t n2);
42 42
43int mhd_gtls_handshake_buffer_get_size (mhd_gtls_session_t session); 43int mhd_gtls_handshake_buffer_get_size (mhd_gtls_session_t session);
44int mhd_gtls_handshake_buffer_peek (mhd_gtls_session_t session, opaque * data, 44int mhd_gtls_handshake_buffer_peek (mhd_gtls_session_t session, opaque * data,
45 size_t length); 45 size_t length);
46int mhd_gtls_handshake_buffer_put (mhd_gtls_session_t session, opaque * data, 46int mhd_gtls_handshake_buffer_put (mhd_gtls_session_t session, opaque * data,
47 size_t length); 47 size_t length);
48int mhd_gtls_handshake_buffer_clear (mhd_gtls_session_t session); 48int mhd_gtls_handshake_buffer_clear (mhd_gtls_session_t session);
49int mhd_gtls_handshake_buffer_empty (mhd_gtls_session_t session); 49int mhd_gtls_handshake_buffer_empty (mhd_gtls_session_t session);
50int mhd_gtls_handshake_buffer_get_ptr (mhd_gtls_session_t session, 50int mhd_gtls_handshake_buffer_get_ptr (mhd_gtls_session_t session,
51 opaque ** data_ptr, size_t * length); 51 opaque ** data_ptr, size_t * length);
52 52
53#define _gnutls_handshake_io_buffer_clear( session) \ 53#define _gnutls_handshake_io_buffer_clear( session) \
54 mhd_gtls_buffer_clear( &session->internals.handshake_send_buffer); \ 54 mhd_gtls_buffer_clear( &session->internals.handshake_send_buffer); \
@@ -56,11 +56,11 @@ int mhd_gtls_handshake_buffer_get_ptr (mhd_gtls_session_t session,
56 session->internals.handshake_send_buffer_prev_size = 0 56 session->internals.handshake_send_buffer_prev_size = 0
57 57
58ssize_t mhd_gtls_handshake_io_recv_int (mhd_gtls_session_t, content_type_t, 58ssize_t mhd_gtls_handshake_io_recv_int (mhd_gtls_session_t, content_type_t,
59 gnutls_handshake_description_t, void *, 59 gnutls_handshake_description_t,
60 size_t); 60 void *, size_t);
61ssize_t mhd_gtls_handshake_io_send_int (mhd_gtls_session_t, content_type_t, 61ssize_t mhd_gtls_handshake_io_send_int (mhd_gtls_session_t, content_type_t,
62 gnutls_handshake_description_t, 62 gnutls_handshake_description_t,
63 const void *, size_t); 63 const void *, size_t);
64ssize_t mhd_gtls_io_write_flush (mhd_gtls_session_t session); 64ssize_t mhd_gtls_io_write_flush (mhd_gtls_session_t session);
65ssize_t mhd_gtls_handshake_io_write_flush (mhd_gtls_session_t session); 65ssize_t mhd_gtls_handshake_io_write_flush (mhd_gtls_session_t session);
66 66
diff --git a/src/daemon/https/tls/gnutls_cert.c b/src/daemon/https/tls/gnutls_cert.c
index c73467bf..17e95e48 100644
--- a/src/daemon/https/tls/gnutls_cert.c
+++ b/src/daemon/https/tls/gnutls_cert.c
@@ -141,8 +141,8 @@ MHD_gnutls_certificate_free_ca_names (mhd_gtls_cert_credentials_t sc)
141 -*/ 141 -*/
142mhd_gtls_rsa_params_t 142mhd_gtls_rsa_params_t
143mhd_gtls_certificate_get_rsa_params (mhd_gtls_rsa_params_t rsa_params, 143mhd_gtls_certificate_get_rsa_params (mhd_gtls_rsa_params_t rsa_params,
144 gnutls_params_function * func, 144 gnutls_params_function * func,
145 mhd_gtls_session_t session) 145 mhd_gtls_session_t session)
146{ 146{
147 gnutls_params_st params; 147 gnutls_params_st params;
148 int ret; 148 int ret;
@@ -210,7 +210,7 @@ MHD_gnutls_certificate_free_credentials (mhd_gtls_cert_credentials_t sc)
210 **/ 210 **/
211int 211int
212MHD_gnutls_certificate_allocate_credentials (mhd_gtls_cert_credentials_t * 212MHD_gnutls_certificate_allocate_credentials (mhd_gtls_cert_credentials_t *
213 res) 213 res)
214{ 214{
215 *res = gnutls_calloc (1, sizeof (mhd_gtls_cert_credentials_st)); 215 *res = gnutls_calloc (1, sizeof (mhd_gtls_cert_credentials_st));
216 216
@@ -232,8 +232,8 @@ MHD_gnutls_certificate_allocate_credentials (mhd_gtls_cert_credentials_t *
232 */ 232 */
233int 233int
234mhd_gtls_selected_cert_supported_kx (mhd_gtls_session_t session, 234mhd_gtls_selected_cert_supported_kx (mhd_gtls_session_t session,
235 enum MHD_GNUTLS_KeyExchangeAlgorithm ** alg, 235 enum MHD_GNUTLS_KeyExchangeAlgorithm
236 int *alg_size) 236 **alg, int *alg_size)
237{ 237{
238 enum MHD_GNUTLS_KeyExchangeAlgorithm kx; 238 enum MHD_GNUTLS_KeyExchangeAlgorithm kx;
239 enum MHD_GNUTLS_PublicKeyAlgorithm pk; 239 enum MHD_GNUTLS_PublicKeyAlgorithm pk;
@@ -297,7 +297,7 @@ mhd_gtls_selected_cert_supported_kx (mhd_gtls_session_t session,
297 **/ 297 **/
298void 298void
299MHD_gtls_certificate_server_set_request (mhd_gtls_session_t session, 299MHD_gtls_certificate_server_set_request (mhd_gtls_session_t session,
300 gnutls_certificate_request_t req) 300 gnutls_certificate_request_t req)
301{ 301{
302 session->internals.send_cert_req = req; 302 session->internals.send_cert_req = req;
303} 303}
@@ -461,7 +461,7 @@ _gnutls_x509_get_raw_crt_expiration_time (const gnutls_datum_t * cert)
461 **/ 461 **/
462int 462int
463MHD_gtls_certificate_verify_peers2 (mhd_gtls_session_t session, 463MHD_gtls_certificate_verify_peers2 (mhd_gtls_session_t session,
464 unsigned int *status) 464 unsigned int *status)
465{ 465{
466 cert_auth_info_t info; 466 cert_auth_info_t info;
467 467
@@ -549,9 +549,9 @@ MHD_gtls_certificate_expiration_time_peers (mhd_gtls_session_t session)
549 switch (gnutls_certificate_type_get (session)) 549 switch (gnutls_certificate_type_get (session))
550 { 550 {
551 case MHD_GNUTLS_CRT_X509: 551 case MHD_GNUTLS_CRT_X509:
552 return _gnutls_x509_get_raw_crt_expiration_time (&info-> 552 return
553 raw_certificate_list 553 _gnutls_x509_get_raw_crt_expiration_time (&info->raw_certificate_list
554 [0]); 554 [0]);
555 default: 555 default:
556 return (time_t) - 1; 556 return (time_t) - 1;
557 } 557 }
@@ -588,9 +588,9 @@ MHD_gtls_certificate_activation_time_peers (mhd_gtls_session_t session)
588 switch (gnutls_certificate_type_get (session)) 588 switch (gnutls_certificate_type_get (session))
589 { 589 {
590 case MHD_GNUTLS_CRT_X509: 590 case MHD_GNUTLS_CRT_X509:
591 return _gnutls_x509_get_raw_crt_activation_time (&info-> 591 return
592 raw_certificate_list 592 _gnutls_x509_get_raw_crt_activation_time (&info->raw_certificate_list
593 [0]); 593 [0]);
594 default: 594 default:
595 return (time_t) - 1; 595 return (time_t) - 1;
596 } 596 }
@@ -598,9 +598,9 @@ MHD_gtls_certificate_activation_time_peers (mhd_gtls_session_t session)
598 598
599int 599int
600mhd_gtls_raw_cert_to_gcert (gnutls_cert * gcert, 600mhd_gtls_raw_cert_to_gcert (gnutls_cert * gcert,
601 enum MHD_GNUTLS_CertificateType type, 601 enum MHD_GNUTLS_CertificateType type,
602 const gnutls_datum_t * raw_cert, 602 const gnutls_datum_t * raw_cert,
603 int flags /* OR of ConvFlags */ ) 603 int flags /* OR of ConvFlags */ )
604{ 604{
605 switch (type) 605 switch (type)
606 { 606 {
@@ -614,9 +614,9 @@ mhd_gtls_raw_cert_to_gcert (gnutls_cert * gcert,
614 614
615int 615int
616mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key, 616mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key,
617 enum MHD_GNUTLS_CertificateType type, 617 enum MHD_GNUTLS_CertificateType type,
618 const gnutls_datum_t * raw_key, 618 const gnutls_datum_t * raw_key,
619 int key_enc /* DER or PEM */ ) 619 int key_enc /* DER or PEM */ )
620{ 620{
621 switch (type) 621 switch (type)
622 { 622 {
@@ -640,8 +640,8 @@ mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key,
640 */ 640 */
641int 641int
642mhd_gtls_x509_raw_cert_to_gcert (gnutls_cert * gcert, 642mhd_gtls_x509_raw_cert_to_gcert (gnutls_cert * gcert,
643 const gnutls_datum_t * derCert, 643 const gnutls_datum_t * derCert,
644 int flags /* OR of ConvFlags */ ) 644 int flags /* OR of ConvFlags */ )
645{ 645{
646 int ret; 646 int ret;
647 gnutls_x509_crt_t cert; 647 gnutls_x509_crt_t cert;
@@ -671,7 +671,7 @@ mhd_gtls_x509_raw_cert_to_gcert (gnutls_cert * gcert,
671 */ 671 */
672int 672int
673mhd_gtls_x509_crt_to_gcert (gnutls_cert * gcert, 673mhd_gtls_x509_crt_to_gcert (gnutls_cert * gcert,
674 gnutls_x509_crt_t cert, unsigned int flags) 674 gnutls_x509_crt_t cert, unsigned int flags)
675{ 675{
676 int ret = 0; 676 int ret = 0;
677 677
@@ -791,7 +791,7 @@ mhd_gtls_gcert_deinit (gnutls_cert * cert)
791 **/ 791 **/
792void 792void
793MHD_gtls_sign_callback_set (mhd_gtls_session_t session, 793MHD_gtls_sign_callback_set (mhd_gtls_session_t session,
794 gnutls_sign_func sign_func, void *userdata) 794 gnutls_sign_func sign_func, void *userdata)
795{ 795{
796 session->internals.sign_func = sign_func; 796 session->internals.sign_func = sign_func;
797 session->internals.sign_func_userdata = userdata; 797 session->internals.sign_func_userdata = userdata;
diff --git a/src/daemon/https/tls/gnutls_cert.h b/src/daemon/https/tls/gnutls_cert.h
index 877c90d2..129e7e16 100644
--- a/src/daemon/https/tls/gnutls_cert.h
+++ b/src/daemon/https/tls/gnutls_cert.h
@@ -29,7 +29,7 @@
29#include <libtasn1.h> 29#include <libtasn1.h>
30#include "x509.h" 30#include "x509.h"
31 31
32#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */ 32#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */
33 33
34/* parameters should not be larger than this limit */ 34/* parameters should not be larger than this limit */
35#define DSA_PUBLIC_PARAMS 4 35#define DSA_PUBLIC_PARAMS 4
@@ -50,21 +50,21 @@
50 50
51typedef struct gnutls_cert 51typedef struct gnutls_cert
52{ 52{
53 mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; /* the size of params depends on the public 53 mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; /* the size of params depends on the public
54 * key algorithm 54 * key algorithm
55 * RSA: [0] is modulus 55 * RSA: [0] is modulus
56 * [1] is public exponent 56 * [1] is public exponent
57 * DSA: [0] is p 57 * DSA: [0] is p
58 * [1] is q 58 * [1] is q
59 * [2] is g 59 * [2] is g
60 * [3] is public key 60 * [3] is public key
61 */ 61 */
62 int params_size; /* holds the size of MPI params */ 62 int params_size; /* holds the size of MPI params */
63 63
64 enum MHD_GNUTLS_PublicKeyAlgorithm subject_pk_algorithm; 64 enum MHD_GNUTLS_PublicKeyAlgorithm subject_pk_algorithm;
65 65
66 unsigned int key_usage; /* bits from KEY_* 66 unsigned int key_usage; /* bits from KEY_*
67 */ 67 */
68 68
69 unsigned int version; 69 unsigned int version;
70 /* holds the type (PGP, X509) 70 /* holds the type (PGP, X509)
@@ -77,9 +77,9 @@ typedef struct gnutls_cert
77 77
78typedef struct gnutls_privkey_int 78typedef struct gnutls_privkey_int
79{ 79{
80 mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public 80 mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public
81 * key algorithm 81 * key algorithm
82 */ 82 */
83 /* 83 /*
84 * RSA: [0] is modulus 84 * RSA: [0] is modulus
85 * [1] is public exponent 85 * [1] is public exponent
@@ -93,12 +93,12 @@ typedef struct gnutls_privkey_int
93 * [3] is y (public key) 93 * [3] is y (public key)
94 * [4] is x (private key) 94 * [4] is x (private key)
95 */ 95 */
96 int params_size; /* holds the number of params */ 96 int params_size; /* holds the number of params */
97 97
98 enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; 98 enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm;
99} gnutls_privkey; 99} gnutls_privkey;
100 100
101struct MHD_gtls_session_int; /* because mhd_gtls_session_t is not defined when this file is included */ 101struct MHD_gtls_session_int; /* because mhd_gtls_session_t is not defined when this file is included */
102 102
103typedef enum ConvFlags 103typedef enum ConvFlags
104{ 104{
@@ -108,25 +108,25 @@ typedef enum ConvFlags
108} ConvFlags; 108} ConvFlags;
109 109
110int mhd_gtls_x509_raw_cert_to_gcert (gnutls_cert * gcert, 110int mhd_gtls_x509_raw_cert_to_gcert (gnutls_cert * gcert,
111 const gnutls_datum_t * derCert, 111 const gnutls_datum_t * derCert,
112 int flags); 112 int flags);
113int mhd_gtls_x509_crt_to_gcert (gnutls_cert * gcert, gnutls_x509_crt_t cert, 113int mhd_gtls_x509_crt_to_gcert (gnutls_cert * gcert, gnutls_x509_crt_t cert,
114 unsigned int flags); 114 unsigned int flags);
115 115
116void mhd_gtls_gkey_deinit (gnutls_privkey * key); 116void mhd_gtls_gkey_deinit (gnutls_privkey * key);
117void mhd_gtls_gcert_deinit (gnutls_cert * cert); 117void mhd_gtls_gcert_deinit (gnutls_cert * cert);
118 118
119int mhd_gtls_selected_cert_supported_kx (struct MHD_gtls_session_int *session, 119int mhd_gtls_selected_cert_supported_kx (struct MHD_gtls_session_int *session,
120 enum MHD_GNUTLS_KeyExchangeAlgorithm ** alg, 120 enum MHD_GNUTLS_KeyExchangeAlgorithm
121 int *alg_size); 121 **alg, int *alg_size);
122 122
123int mhd_gtls_raw_cert_to_gcert (gnutls_cert * gcert, 123int mhd_gtls_raw_cert_to_gcert (gnutls_cert * gcert,
124 enum MHD_GNUTLS_CertificateType type, 124 enum MHD_GNUTLS_CertificateType type,
125 const gnutls_datum_t * raw_cert, 125 const gnutls_datum_t * raw_cert,
126 int flags /* OR of ConvFlags */ ); 126 int flags /* OR of ConvFlags */ );
127int mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key, 127int mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key,
128 enum MHD_GNUTLS_CertificateType type, 128 enum MHD_GNUTLS_CertificateType type,
129 const gnutls_datum_t * raw_key, 129 const gnutls_datum_t * raw_key,
130 int key_enc /* DER or PEM */ ); 130 int key_enc /* DER or PEM */ );
131 131
132#endif 132#endif
diff --git a/src/daemon/https/tls/gnutls_cipher.c b/src/daemon/https/tls/gnutls_cipher.c
index 8d7d0763..872abdf0 100644
--- a/src/daemon/https/tls/gnutls_cipher.c
+++ b/src/daemon/https/tls/gnutls_cipher.c
@@ -69,9 +69,9 @@ is_read_comp_null (mhd_gtls_session_t session)
69 */ 69 */
70int 70int
71mhd_gtls_encrypt (mhd_gtls_session_t session, const opaque * headers, 71mhd_gtls_encrypt (mhd_gtls_session_t session, const opaque * headers,
72 size_t headers_size, const opaque * data, 72 size_t headers_size, const opaque * data,
73 size_t data_size, opaque * ciphertext, 73 size_t data_size, opaque * ciphertext,
74 size_t ciphertext_size, content_type_t type, int random_pad) 74 size_t ciphertext_size, content_type_t type, int random_pad)
75{ 75{
76 gnutls_datum_t plain; 76 gnutls_datum_t plain;
77 gnutls_datum_t comp; 77 gnutls_datum_t comp;
@@ -100,8 +100,8 @@ mhd_gtls_encrypt (mhd_gtls_session_t session, const opaque * headers,
100 } 100 }
101 101
102 ret = mhd_gtls_compressed2ciphertext (session, &ciphertext[headers_size], 102 ret = mhd_gtls_compressed2ciphertext (session, &ciphertext[headers_size],
103 ciphertext_size - headers_size, 103 ciphertext_size - headers_size,
104 comp, type, random_pad); 104 comp, type, random_pad);
105 105
106 if (free_comp) 106 if (free_comp)
107 _gnutls_free_datum (&comp); 107 _gnutls_free_datum (&comp);
@@ -125,8 +125,8 @@ mhd_gtls_encrypt (mhd_gtls_session_t session, const opaque * headers,
125 */ 125 */
126int 126int
127mhd_gtls_decrypt (mhd_gtls_session_t session, opaque * ciphertext, 127mhd_gtls_decrypt (mhd_gtls_session_t session, opaque * ciphertext,
128 size_t ciphertext_size, uint8_t * data, 128 size_t ciphertext_size, uint8_t * data,
129 size_t max_data_size, content_type_t type) 129 size_t max_data_size, content_type_t type)
130{ 130{
131 gnutls_datum_t gtxt; 131 gnutls_datum_t gtxt;
132 gnutls_datum_t gcipher; 132 gnutls_datum_t gcipher;
@@ -140,7 +140,7 @@ mhd_gtls_decrypt (mhd_gtls_session_t session, opaque * ciphertext,
140 140
141 ret = 141 ret =
142 mhd_gtls_ciphertext2compressed (session, data, max_data_size, 142 mhd_gtls_ciphertext2compressed (session, data, max_data_size,
143 gcipher, type); 143 gcipher, type);
144 if (ret < 0) 144 if (ret < 0)
145 { 145 {
146 return ret; 146 return ret;
@@ -290,9 +290,9 @@ calc_enc_length (mhd_gtls_session_t session, int data_size,
290 */ 290 */
291int 291int
292mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, 292mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session,
293 opaque * cipher_data, int cipher_size, 293 opaque * cipher_data, int cipher_size,
294 gnutls_datum_t compressed, 294 gnutls_datum_t compressed,
295 content_type_t _type, int random_pad) 295 content_type_t _type, int random_pad)
296{ 296{
297 uint8_t MAC[MAX_HASH_SIZE]; 297 uint8_t MAC[MAX_HASH_SIZE];
298 uint16_t c_length; 298 uint16_t c_length;
@@ -303,14 +303,14 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session,
303 uint8_t major, minor; 303 uint8_t major, minor;
304 int hash_size = 304 int hash_size =
305 mhd_gnutls_hash_get_algo_len (session->security_parameters. 305 mhd_gnutls_hash_get_algo_len (session->security_parameters.
306 write_mac_algorithm); 306 write_mac_algorithm);
307 enum MHD_GNUTLS_Protocol ver; 307 enum MHD_GNUTLS_Protocol ver;
308 int blocksize = 308 int blocksize =
309 mhd_gtls_cipher_get_block_size (session->security_parameters. 309 mhd_gtls_cipher_get_block_size (session->security_parameters.
310 write_bulk_cipher_algorithm); 310 write_bulk_cipher_algorithm);
311 cipher_type_t block_algo = 311 cipher_type_t block_algo =
312 mhd_gtls_cipher_is_block (session->security_parameters. 312 mhd_gtls_cipher_is_block (session->security_parameters.
313 write_bulk_cipher_algorithm); 313 write_bulk_cipher_algorithm);
314 opaque *data_ptr; 314 opaque *data_ptr;
315 315
316 316
@@ -336,15 +336,15 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session,
336 336
337 if (td != GNUTLS_MAC_FAILED) 337 if (td != GNUTLS_MAC_FAILED)
338 { /* actually when the algorithm in not the NULL one */ 338 { /* actually when the algorithm in not the NULL one */
339 mhd_gnutls_hash (td, 339 mhd_gnutls_hash (td,
340 UINT64DATA (session->connection_state. 340 UINT64DATA (session->connection_state.
341 write_sequence_number), 8); 341 write_sequence_number), 8);
342 342
343 mhd_gnutls_hash (td, &type, 1); 343 mhd_gnutls_hash (td, &type, 1);
344 if (ver >= MHD_GNUTLS_TLS1_0) 344 if (ver >= MHD_GNUTLS_TLS1_0)
345 { /* TLS 1.0 or higher */ 345 { /* TLS 1.0 or higher */
346 mhd_gnutls_hash (td, &major, 1); 346 mhd_gnutls_hash (td, &major, 1);
347 mhd_gnutls_hash (td, &minor, 1); 347 mhd_gnutls_hash (td, &minor, 1);
348 } 348 }
349 mhd_gnutls_hash (td, &c_length, 2); 349 mhd_gnutls_hash (td, &c_length, 2);
350 mhd_gnutls_hash (td, compressed.data, compressed.size); 350 mhd_gnutls_hash (td, compressed.data, compressed.size);
@@ -401,8 +401,9 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session,
401 401
402 /* Actual encryption (inplace). 402 /* Actual encryption (inplace).
403 */ 403 */
404 ret = mhd_gtls_cipher_encrypt (session->connection_state. 404 ret =
405 write_cipher_state, cipher_data, length); 405 mhd_gtls_cipher_encrypt (session->connection_state.write_cipher_state,
406 cipher_data, length);
406 if (ret < 0) 407 if (ret < 0)
407 { 408 {
408 gnutls_assert (); 409 gnutls_assert ();
@@ -417,9 +418,9 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session,
417 */ 418 */
418int 419int
419mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, 420mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session,
420 opaque * compress_data, 421 opaque * compress_data,
421 int compress_size, 422 int compress_size,
422 gnutls_datum_t ciphertext, uint8_t type) 423 gnutls_datum_t ciphertext, uint8_t type)
423{ 424{
424 uint8_t MAC[MAX_HASH_SIZE]; 425 uint8_t MAC[MAX_HASH_SIZE];
425 uint16_t c_length; 426 uint16_t c_length;
@@ -432,14 +433,15 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session,
432 enum MHD_GNUTLS_Protocol ver; 433 enum MHD_GNUTLS_Protocol ver;
433 int hash_size = 434 int hash_size =
434 mhd_gnutls_hash_get_algo_len (session->security_parameters. 435 mhd_gnutls_hash_get_algo_len (session->security_parameters.
435 read_mac_algorithm); 436 read_mac_algorithm);
436 437
437 ver = MHD_gnutls_protocol_get_version (session); 438 ver = MHD_gnutls_protocol_get_version (session);
438 minor = mhd_gtls_version_get_minor (ver); 439 minor = mhd_gtls_version_get_minor (ver);
439 major = mhd_gtls_version_get_major (ver); 440 major = mhd_gtls_version_get_major (ver);
440 441
441 blocksize = mhd_gtls_cipher_get_block_size (session->security_parameters. 442 blocksize =
442 read_bulk_cipher_algorithm); 443 mhd_gtls_cipher_get_block_size (session->security_parameters.
444 read_bulk_cipher_algorithm);
443 445
444 /* initialize MAC 446 /* initialize MAC
445 */ 447 */
@@ -462,10 +464,10 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session,
462 (session->security_parameters.read_bulk_cipher_algorithm)) 464 (session->security_parameters.read_bulk_cipher_algorithm))
463 { 465 {
464 case CIPHER_STREAM: 466 case CIPHER_STREAM:
465 if ((ret = mhd_gtls_cipher_decrypt (session->connection_state. 467 if ((ret =
466 read_cipher_state, 468 mhd_gtls_cipher_decrypt (session->connection_state.
467 ciphertext.data, 469 read_cipher_state, ciphertext.data,
468 ciphertext.size)) < 0) 470 ciphertext.size)) < 0)
469 { 471 {
470 gnutls_assert (); 472 gnutls_assert ();
471 return ret; 473 return ret;
@@ -481,10 +483,10 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session,
481 return GNUTLS_E_DECRYPTION_FAILED; 483 return GNUTLS_E_DECRYPTION_FAILED;
482 } 484 }
483 485
484 if ((ret = mhd_gtls_cipher_decrypt (session->connection_state. 486 if ((ret =
485 read_cipher_state, 487 mhd_gtls_cipher_decrypt (session->connection_state.
486 ciphertext.data, 488 read_cipher_state, ciphertext.data,
487 ciphertext.size)) < 0) 489 ciphertext.size)) < 0)
488 { 490 {
489 gnutls_assert (); 491 gnutls_assert ();
490 return ret; 492 return ret;
@@ -541,20 +543,20 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session,
541 */ 543 */
542 if (td != GNUTLS_MAC_FAILED) 544 if (td != GNUTLS_MAC_FAILED)
543 { 545 {
544 mhd_gnutls_hash (td, 546 mhd_gnutls_hash (td,
545 UINT64DATA (session->connection_state. 547 UINT64DATA (session->connection_state.
546 read_sequence_number), 8); 548 read_sequence_number), 8);
547 549
548 mhd_gnutls_hash (td, &type, 1); 550 mhd_gnutls_hash (td, &type, 1);
549 if (ver >= MHD_GNUTLS_TLS1_0) 551 if (ver >= MHD_GNUTLS_TLS1_0)
550 { /* TLS 1.x */ 552 { /* TLS 1.x */
551 mhd_gnutls_hash (td, &major, 1); 553 mhd_gnutls_hash (td, &major, 1);
552 mhd_gnutls_hash (td, &minor, 1); 554 mhd_gnutls_hash (td, &minor, 1);
553 } 555 }
554 mhd_gnutls_hash (td, &c_length, 2); 556 mhd_gnutls_hash (td, &c_length, 2);
555 557
556 if (length > 0) 558 if (length > 0)
557 mhd_gnutls_hash (td, ciphertext.data, length); 559 mhd_gnutls_hash (td, ciphertext.data, length);
558 560
559 mac_deinit (td, MAC, ver); 561 mac_deinit (td, MAC, ver);
560 } 562 }
diff --git a/src/daemon/https/tls/gnutls_cipher.h b/src/daemon/https/tls/gnutls_cipher.h
index 2bdf5a18..511ee989 100644
--- a/src/daemon/https/tls/gnutls_cipher.h
+++ b/src/daemon/https/tls/gnutls_cipher.h
@@ -23,19 +23,18 @@
23 */ 23 */
24 24
25int mhd_gtls_encrypt (mhd_gtls_session_t session, const opaque * headers, 25int mhd_gtls_encrypt (mhd_gtls_session_t session, const opaque * headers,
26 size_t headers_size, const opaque * data, 26 size_t headers_size, const opaque * data,
27 size_t data_size, opaque * ciphertext, 27 size_t data_size, opaque * ciphertext,
28 size_t ciphertext_size, content_type_t type, 28 size_t ciphertext_size, content_type_t type,
29 int random_pad); 29 int random_pad);
30 30
31int mhd_gtls_decrypt (mhd_gtls_session_t session, opaque * ciphertext, 31int mhd_gtls_decrypt (mhd_gtls_session_t session, opaque * ciphertext,
32 size_t ciphertext_size, uint8_t * data, size_t data_size, 32 size_t ciphertext_size, uint8_t * data,
33 content_type_t type); 33 size_t data_size, content_type_t type);
34int mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, 34int mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session,
35 opaque * cipher_data, int cipher_size, 35 opaque * cipher_data, int cipher_size,
36 gnutls_datum_t compressed, 36 gnutls_datum_t compressed,
37 content_type_t _type, int random_pad); 37 content_type_t _type, int random_pad);
38int mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, 38int mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session,
39 opaque * compress_data, 39 opaque * compress_data, int compress_size,
40 int compress_size, 40 gnutls_datum_t ciphertext, uint8_t type);
41 gnutls_datum_t ciphertext, uint8_t type);
diff --git a/src/daemon/https/tls/gnutls_cipher_int.c b/src/daemon/https/tls/gnutls_cipher_int.c
index 2e250534..836188aa 100644
--- a/src/daemon/https/tls/gnutls_cipher_int.c
+++ b/src/daemon/https/tls/gnutls_cipher_int.c
@@ -29,7 +29,7 @@
29 29
30cipher_hd_t 30cipher_hd_t
31mhd_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher, 31mhd_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher,
32 const gnutls_datum_t * key, const gnutls_datum_t * iv) 32 const gnutls_datum_t * key, const gnutls_datum_t * iv)
33{ 33{
34 cipher_hd_t ret = NULL; 34 cipher_hd_t ret = NULL;
35 int err = GC_INVALID_CIPHER; /* doesn't matter */ 35 int err = GC_INVALID_CIPHER; /* doesn't matter */
@@ -110,7 +110,7 @@ mhd_gtls_cipher_encrypt (cipher_hd_t handle, void *text, int textlen)
110 110
111int 111int
112mhd_gtls_cipher_decrypt (cipher_hd_t handle, void *ciphertext, 112mhd_gtls_cipher_decrypt (cipher_hd_t handle, void *ciphertext,
113 int ciphertextlen) 113 int ciphertextlen)
114{ 114{
115 if (handle != GNUTLS_CIPHER_FAILED) 115 if (handle != GNUTLS_CIPHER_FAILED)
116 { 116 {
diff --git a/src/daemon/https/tls/gnutls_cipher_int.h b/src/daemon/https/tls/gnutls_cipher_int.h
index 2a3e3193..6e2c8269 100644
--- a/src/daemon/https/tls/gnutls_cipher_int.h
+++ b/src/daemon/https/tls/gnutls_cipher_int.h
@@ -29,18 +29,15 @@
29#define GNUTLS_CIPHER_FAILED NULL 29#define GNUTLS_CIPHER_FAILED NULL
30 30
31// TODO gc_cipher_handle -> void * x3 31// TODO gc_cipher_handle -> void * x3
32void * mhd_gtls_cipher_init(enum MHD_GNUTLS_CipherAlgorithm cipher, 32void *mhd_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher,
33 const gnutls_datum_t * key, 33 const gnutls_datum_t * key,
34 const gnutls_datum_t * iv); 34 const gnutls_datum_t * iv);
35 35
36int mhd_gtls_cipher_encrypt(void * handle, 36int mhd_gtls_cipher_encrypt (void *handle, void *text, int textlen);
37 void *text,
38 int textlen);
39 37
40int mhd_gtls_cipher_decrypt(void * handle, 38int mhd_gtls_cipher_decrypt (void *handle,
41 void *ciphertext, 39 void *ciphertext, int ciphertextlen);
42 int ciphertextlen);
43 40
44void mhd_gnutls_cipher_deinit(void * handle); 41void mhd_gnutls_cipher_deinit (void *handle);
45 42
46#endif /* GNUTLS_CIPHER_INT */ 43#endif /* GNUTLS_CIPHER_INT */
diff --git a/src/daemon/https/tls/gnutls_compress.c b/src/daemon/https/tls/gnutls_compress.c
index 7ee4c2fe..9585fcf2 100644
--- a/src/daemon/https/tls/gnutls_compress.c
+++ b/src/daemon/https/tls/gnutls_compress.c
@@ -43,8 +43,8 @@ _gnutls_m_plaintext2compressed (mhd_gtls_session_t session,
43 43
44 size = 44 size =
45 mhd_gtls_compress (session->connection_state.write_compression_state, 45 mhd_gtls_compress (session->connection_state.write_compression_state,
46 plaintext->data, plaintext->size, &data, 46 plaintext->data, plaintext->size, &data,
47 MAX_RECORD_SEND_SIZE + EXTRA_COMP_SIZE); 47 MAX_RECORD_SEND_SIZE + EXTRA_COMP_SIZE);
48 if (size < 0) 48 if (size < 0)
49 { 49 {
50 gnutls_assert (); 50 gnutls_assert ();
@@ -65,9 +65,9 @@ _gnutls_m_compressed2plaintext (mhd_gtls_session_t session,
65 opaque *data; 65 opaque *data;
66 66
67 size = 67 size =
68 mhd_gtls_decompress (session->connection_state. 68 mhd_gtls_decompress (session->connection_state.read_compression_state,
69 read_compression_state, compressed->data, 69 compressed->data, compressed->size, &data,
70 compressed->size, &data, MAX_RECORD_RECV_SIZE); 70 MAX_RECORD_RECV_SIZE);
71 if (size < 0) 71 if (size < 0)
72 { 72 {
73 gnutls_assert (); 73 gnutls_assert ();
diff --git a/src/daemon/https/tls/gnutls_compress.h b/src/daemon/https/tls/gnutls_compress.h
index 2fa07aaa..7ccca5c3 100644
--- a/src/daemon/https/tls/gnutls_compress.h
+++ b/src/daemon/https/tls/gnutls_compress.h
@@ -23,8 +23,8 @@
23 */ 23 */
24 24
25int _gnutls_m_plaintext2compressed (mhd_gtls_session_t session, 25int _gnutls_m_plaintext2compressed (mhd_gtls_session_t session,
26 gnutls_datum_t * compressed, 26 gnutls_datum_t * compressed,
27 const gnutls_datum_t *plaintext); 27 const gnutls_datum_t * plaintext);
28int _gnutls_m_compressed2plaintext (mhd_gtls_session_t session, 28int _gnutls_m_compressed2plaintext (mhd_gtls_session_t session,
29 gnutls_datum_t * plain, 29 gnutls_datum_t * plain,
30 const gnutls_datum_t* compressed); 30 const gnutls_datum_t * compressed);
diff --git a/src/daemon/https/tls/gnutls_compress_int.c b/src/daemon/https/tls/gnutls_compress_int.c
index 1e1e0adc..1d272bed 100644
--- a/src/daemon/https/tls/gnutls_compress_int.c
+++ b/src/daemon/https/tls/gnutls_compress_int.c
@@ -130,8 +130,8 @@ mhd_gtls_comp_deinit (comp_hd_t handle, int d)
130 130
131int 131int
132mhd_gtls_compress (comp_hd_t handle, const opaque * plain, 132mhd_gtls_compress (comp_hd_t handle, const opaque * plain,
133 size_t plain_size, opaque ** compressed, 133 size_t plain_size, opaque ** compressed,
134 size_t max_comp_size) 134 size_t max_comp_size)
135{ 135{
136 int compressed_size = GNUTLS_E_COMPRESSION_FAILED; 136 int compressed_size = GNUTLS_E_COMPRESSION_FAILED;
137 137
@@ -205,8 +205,8 @@ mhd_gtls_compress (comp_hd_t handle, const opaque * plain,
205 205
206int 206int
207mhd_gtls_decompress (comp_hd_t handle, opaque * compressed, 207mhd_gtls_decompress (comp_hd_t handle, opaque * compressed,
208 size_t compressed_size, opaque ** plain, 208 size_t compressed_size, opaque ** plain,
209 size_t max_record_size) 209 size_t max_record_size)
210{ 210{
211 int plain_size = GNUTLS_E_DECOMPRESSION_FAILED; 211 int plain_size = GNUTLS_E_DECOMPRESSION_FAILED;
212 212
diff --git a/src/daemon/https/tls/gnutls_compress_int.h b/src/daemon/https/tls/gnutls_compress_int.h
index 76cf2245..32edae7a 100644
--- a/src/daemon/https/tls/gnutls_compress_int.h
+++ b/src/daemon/https/tls/gnutls_compress_int.h
@@ -41,9 +41,9 @@ comp_hd_t mhd_gtls_comp_init (enum MHD_GNUTLS_CompressionMethod, int d);
41void mhd_gtls_comp_deinit (comp_hd_t handle, int d); 41void mhd_gtls_comp_deinit (comp_hd_t handle, int d);
42 42
43int mhd_gtls_decompress (comp_hd_t handle, opaque * compressed, 43int mhd_gtls_decompress (comp_hd_t handle, opaque * compressed,
44 size_t compressed_size, opaque ** plain, 44 size_t compressed_size, opaque ** plain,
45 size_t max_record_size); 45 size_t max_record_size);
46int mhd_gtls_compress (comp_hd_t, const opaque * plain, size_t plain_size, 46int mhd_gtls_compress (comp_hd_t, const opaque * plain, size_t plain_size,
47 opaque ** compressed, size_t max_comp_size); 47 opaque ** compressed, size_t max_comp_size);
48 48
49#endif 49#endif
diff --git a/src/daemon/https/tls/gnutls_constate.c b/src/daemon/https/tls/gnutls_constate.c
index 58113a30..d4dff6a9 100644
--- a/src/daemon/https/tls/gnutls_constate.c
+++ b/src/daemon/https/tls/gnutls_constate.c
@@ -99,19 +99,16 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size,
99 if (session->security_parameters.version == MHD_GNUTLS_SSL3) 99 if (session->security_parameters.version == MHD_GNUTLS_SSL3)
100 { /* SSL 3 */ 100 { /* SSL 3 */
101 ret = 101 ret =
102 mhd_gnutls_ssl3_generate_random (session-> 102 mhd_gnutls_ssl3_generate_random
103 security_parameters. 103 (session->security_parameters.master_secret, TLS_MASTER_SIZE, rnd,
104 master_secret, 104 2 * TLS_RANDOM_SIZE, block_size, key_block);
105 TLS_MASTER_SIZE, rnd,
106 2 * TLS_RANDOM_SIZE,
107 block_size, key_block);
108 } 105 }
109 else 106 else
110 { /* TLS 1.0 */ 107 { /* TLS 1.0 */
111 ret = 108 ret =
112 mhd_gtls_PRF (session, session->security_parameters.master_secret, 109 mhd_gtls_PRF (session, session->security_parameters.master_secret,
113 TLS_MASTER_SIZE, keyexp, keyexp_length, 110 TLS_MASTER_SIZE, keyexp, keyexp_length,
114 rnd, 2 * TLS_RANDOM_SIZE, block_size, key_block); 111 rnd, 2 * TLS_RANDOM_SIZE, block_size, key_block);
115 } 112 }
116 113
117 if (ret < 0) 114 if (ret < 0)
@@ -123,7 +120,7 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size,
123 120
124 _gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size, 121 _gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size,
125 mhd_gtls_bin2hex (key_block, block_size, buf, 122 mhd_gtls_bin2hex (key_block, block_size, buf,
126 sizeof (buf))); 123 sizeof (buf)));
127 124
128 pos = 0; 125 pos = 0;
129 if (hash_size > 0) 126 if (hash_size > 0)
@@ -193,20 +190,20 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size,
193 { /* SSL 3 */ 190 { /* SSL 3 */
194 ret = 191 ret =
195 mhd_gnutls_ssl3_hash_md5 (&key_block[pos], 192 mhd_gnutls_ssl3_hash_md5 (&key_block[pos],
196 key_size, rrnd, 193 key_size, rrnd,
197 2 * TLS_RANDOM_SIZE, 194 2 * TLS_RANDOM_SIZE,
198 EXPORT_FINAL_KEY_SIZE, 195 EXPORT_FINAL_KEY_SIZE,
199 client_write_key); 196 client_write_key);
200 197
201 } 198 }
202 else 199 else
203 { /* TLS 1.0 */ 200 { /* TLS 1.0 */
204 ret = 201 ret =
205 mhd_gtls_PRF (session, &key_block[pos], key_size, 202 mhd_gtls_PRF (session, &key_block[pos], key_size,
206 cliwrite, cliwrite_length, 203 cliwrite, cliwrite_length,
207 rrnd, 204 rrnd,
208 2 * TLS_RANDOM_SIZE, 205 2 * TLS_RANDOM_SIZE,
209 EXPORT_FINAL_KEY_SIZE, client_write_key); 206 EXPORT_FINAL_KEY_SIZE, client_write_key);
210 } 207 }
211 208
212 if (ret < 0) 209 if (ret < 0)
@@ -225,17 +222,17 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size,
225 { /* SSL 3 */ 222 { /* SSL 3 */
226 ret = 223 ret =
227 mhd_gnutls_ssl3_hash_md5 (&key_block[pos], key_size, 224 mhd_gnutls_ssl3_hash_md5 (&key_block[pos], key_size,
228 rnd, 2 * TLS_RANDOM_SIZE, 225 rnd, 2 * TLS_RANDOM_SIZE,
229 EXPORT_FINAL_KEY_SIZE, 226 EXPORT_FINAL_KEY_SIZE,
230 server_write_key); 227 server_write_key);
231 } 228 }
232 else 229 else
233 { /* TLS 1.0 */ 230 { /* TLS 1.0 */
234 ret = 231 ret =
235 mhd_gtls_PRF (session, &key_block[pos], key_size, 232 mhd_gtls_PRF (session, &key_block[pos], key_size,
236 servwrite, servwrite_length, 233 servwrite, servwrite_length,
237 rrnd, 2 * TLS_RANDOM_SIZE, 234 rrnd, 2 * TLS_RANDOM_SIZE,
238 EXPORT_FINAL_KEY_SIZE, server_write_key); 235 EXPORT_FINAL_KEY_SIZE, server_write_key);
239 } 236 }
240 237
241 if (ret < 0) 238 if (ret < 0)
@@ -263,8 +260,8 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size,
263 _gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n", 260 _gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n",
264 client_write_key_size, 261 client_write_key_size,
265 mhd_gtls_bin2hex (client_write_key, 262 mhd_gtls_bin2hex (client_write_key,
266 client_write_key_size, buf, 263 client_write_key_size, buf,
267 sizeof (buf))); 264 sizeof (buf)));
268 265
269 if (_gnutls_sset_datum 266 if (_gnutls_sset_datum
270 (&session->cipher_specs.server_write_key, 267 (&session->cipher_specs.server_write_key,
@@ -279,8 +276,8 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size,
279 _gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n", 276 _gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n",
280 server_write_key_size, 277 server_write_key_size,
281 mhd_gtls_bin2hex (server_write_key, 278 mhd_gtls_bin2hex (server_write_key,
282 server_write_key_size, buf, 279 server_write_key_size, buf,
283 sizeof (buf))); 280 sizeof (buf)));
284 281
285 if (free_keys != 0) 282 if (free_keys != 0)
286 { 283 {
@@ -326,8 +323,8 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size,
326 if (session->security_parameters.version == MHD_GNUTLS_SSL3) 323 if (session->security_parameters.version == MHD_GNUTLS_SSL3)
327 { /* SSL 3 */ 324 { /* SSL 3 */
328 ret = mhd_gnutls_ssl3_hash_md5 ("", 0, 325 ret = mhd_gnutls_ssl3_hash_md5 ("", 0,
329 rrnd, TLS_RANDOM_SIZE * 2, 326 rrnd, TLS_RANDOM_SIZE * 2,
330 IV_size, iv_block); 327 IV_size, iv_block);
331 328
332 if (ret < 0) 329 if (ret < 0)
333 { 330 {
@@ -338,15 +335,15 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size,
338 } 335 }
339 336
340 ret = mhd_gnutls_ssl3_hash_md5 ("", 0, rnd, 337 ret = mhd_gnutls_ssl3_hash_md5 ("", 0, rnd,
341 TLS_RANDOM_SIZE * 2, 338 TLS_RANDOM_SIZE * 2,
342 IV_size, &iv_block[IV_size]); 339 IV_size, &iv_block[IV_size]);
343 340
344 } 341 }
345 else 342 else
346 { /* TLS 1.0 */ 343 { /* TLS 1.0 */
347 ret = mhd_gtls_PRF (session, "", 0, 344 ret = mhd_gtls_PRF (session, "", 0,
348 ivblock, ivblock_length, rrnd, 345 ivblock, ivblock_length, rrnd,
349 2 * TLS_RANDOM_SIZE, IV_size * 2, iv_block); 346 2 * TLS_RANDOM_SIZE, IV_size * 2, iv_block);
350 } 347 }
351 348
352 if (ret < 0) 349 if (ret < 0)
@@ -505,37 +502,35 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session)
505 if (session->internals.resumed == RESUME_FALSE) 502 if (session->internals.resumed == RESUME_FALSE)
506 { 503 {
507 rc = mhd_gtls_set_read_cipher (session, 504 rc = mhd_gtls_set_read_cipher (session,
508 mhd_gtls_cipher_suite_get_cipher_algo 505 mhd_gtls_cipher_suite_get_cipher_algo
509 (&session->security_parameters. 506 (&session->security_parameters.
510 current_cipher_suite)); 507 current_cipher_suite));
511 if (rc < 0) 508 if (rc < 0)
512 return rc; 509 return rc;
513 rc = mhd_gtls_set_read_mac (session, 510 rc = mhd_gtls_set_read_mac (session,
514 mhd_gtls_cipher_suite_get_mac_algo 511 mhd_gtls_cipher_suite_get_mac_algo
515 (&session->security_parameters. 512 (&session->security_parameters.
516 current_cipher_suite)); 513 current_cipher_suite));
517 if (rc < 0) 514 if (rc < 0)
518 return rc; 515 return rc;
519 516
520 rc = mhd_gtls_set_kx (session, 517 rc = mhd_gtls_set_kx (session,
521 mhd_gtls_cipher_suite_get_kx_algo 518 mhd_gtls_cipher_suite_get_kx_algo
522 (&session->security_parameters. 519 (&session->security_parameters.
523 current_cipher_suite)); 520 current_cipher_suite));
524 if (rc < 0) 521 if (rc < 0)
525 return rc; 522 return rc;
526 523
527 rc = mhd_gtls_set_read_compression (session, 524 rc = mhd_gtls_set_read_compression (session,
528 session->internals. 525 session->internals.
529 compression_method); 526 compression_method);
530 if (rc < 0) 527 if (rc < 0)
531 return rc; 528 return rc;
532 } 529 }
533 else 530 else
534 { /* RESUME_TRUE */ 531 { /* RESUME_TRUE */
535 _gnutls_cpy_read_security_parameters (&session-> 532 _gnutls_cpy_read_security_parameters (&session->security_parameters,
536 security_parameters, 533 &session->internals.
537 &session->
538 internals.
539 resumed_security_parameters); 534 resumed_security_parameters);
540 } 535 }
541 536
@@ -545,9 +540,10 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session)
545 return rc; 540 return rc;
546 541
547 _gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n", 542 _gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n",
548 session, mhd_gtls_cipher_suite_get_name (&session-> 543 session,
549 security_parameters. 544 mhd_gtls_cipher_suite_get_name
550 current_cipher_suite)); 545 (&session->security_parameters.
546 current_cipher_suite));
551 547
552 if (mhd_gtls_compression_is_ok 548 if (mhd_gtls_compression_is_ok
553 (session->security_parameters.read_compression_algorithm) != 0) 549 (session->security_parameters.read_compression_algorithm) != 0)
@@ -572,12 +568,13 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session)
572 mhd_gnutls_cipher_deinit (session->connection_state.read_cipher_state); 568 mhd_gnutls_cipher_deinit (session->connection_state.read_cipher_state);
573 569
574 if (session->connection_state.read_compression_state != NULL) 570 if (session->connection_state.read_compression_state != NULL)
575 mhd_gtls_comp_deinit (session->connection_state.read_compression_state, 1); 571 mhd_gtls_comp_deinit (session->connection_state.read_compression_state,
572 1);
576 573
577 574
578 mac_size = 575 mac_size =
579 mhd_gnutls_hash_get_algo_len (session->security_parameters. 576 mhd_gnutls_hash_get_algo_len (session->security_parameters.
580 read_mac_algorithm); 577 read_mac_algorithm);
581 578
582 _gnutls_handshake_log 579 _gnutls_handshake_log
583 ("HSK[%x]: Initializing internal [read] cipher sessions\n", session); 580 ("HSK[%x]: Initializing internal [read] cipher sessions\n", session);
@@ -589,14 +586,12 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session)
589 */ 586 */
590 session->connection_state.read_cipher_state = 587 session->connection_state.read_cipher_state =
591 mhd_gtls_cipher_init (session->security_parameters. 588 mhd_gtls_cipher_init (session->security_parameters.
592 read_bulk_cipher_algorithm, 589 read_bulk_cipher_algorithm,
593 &session->cipher_specs. 590 &session->cipher_specs.client_write_key,
594 client_write_key, 591 &session->cipher_specs.client_write_IV);
595 &session->cipher_specs.client_write_IV); 592 if (session->connection_state.read_cipher_state == GNUTLS_CIPHER_FAILED
596 if (session->connection_state.read_cipher_state == 593 && session->security_parameters.read_bulk_cipher_algorithm !=
597 GNUTLS_CIPHER_FAILED 594 MHD_GNUTLS_CIPHER_NULL)
598 && session->security_parameters.
599 read_bulk_cipher_algorithm != MHD_GNUTLS_CIPHER_NULL)
600 { 595 {
601 gnutls_assert (); 596 gnutls_assert ();
602 return GNUTLS_E_INTERNAL_ERROR; 597 return GNUTLS_E_INTERNAL_ERROR;
@@ -607,8 +602,7 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session)
607 */ 602 */
608 if (mac_size > 0) 603 if (mac_size > 0)
609 { 604 {
610 if (_gnutls_sset_datum (&session->connection_state. 605 if (_gnutls_sset_datum (&session->connection_state.read_mac_secret,
611 read_mac_secret,
612 session->cipher_specs. 606 session->cipher_specs.
613 client_write_mac_secret.data, 607 client_write_mac_secret.data,
614 session->cipher_specs. 608 session->cipher_specs.
@@ -625,15 +619,14 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session)
625 case GNUTLS_CLIENT: 619 case GNUTLS_CLIENT:
626 session->connection_state.read_cipher_state = 620 session->connection_state.read_cipher_state =
627 mhd_gtls_cipher_init (session->security_parameters. 621 mhd_gtls_cipher_init (session->security_parameters.
628 read_bulk_cipher_algorithm, 622 read_bulk_cipher_algorithm,
629 &session->cipher_specs. 623 &session->cipher_specs.server_write_key,
630 server_write_key, 624 &session->cipher_specs.server_write_IV);
631 &session->cipher_specs.server_write_IV);
632 625
633 if (session->connection_state.read_cipher_state == 626 if (session->connection_state.read_cipher_state ==
634 GNUTLS_CIPHER_FAILED 627 GNUTLS_CIPHER_FAILED
635 && session->security_parameters. 628 && session->security_parameters.read_bulk_cipher_algorithm !=
636 read_bulk_cipher_algorithm != MHD_GNUTLS_CIPHER_NULL) 629 MHD_GNUTLS_CIPHER_NULL)
637 { 630 {
638 gnutls_assert (); 631 gnutls_assert ();
639 return GNUTLS_E_INTERNAL_ERROR; 632 return GNUTLS_E_INTERNAL_ERROR;
@@ -644,8 +637,7 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session)
644 */ 637 */
645 if (mac_size > 0) 638 if (mac_size > 0)
646 { 639 {
647 if (_gnutls_sset_datum (&session->connection_state. 640 if (_gnutls_sset_datum (&session->connection_state.read_mac_secret,
648 read_mac_secret,
649 session->cipher_specs. 641 session->cipher_specs.
650 server_write_mac_secret.data, 642 server_write_mac_secret.data,
651 session->cipher_specs. 643 session->cipher_specs.
@@ -665,7 +657,7 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session)
665 657
666 session->connection_state.read_compression_state = 658 session->connection_state.read_compression_state =
667 mhd_gtls_comp_init (session->security_parameters. 659 mhd_gtls_comp_init (session->security_parameters.
668 read_compression_algorithm, 1); 660 read_compression_algorithm, 1);
669 661
670 if (session->connection_state.read_compression_state == GNUTLS_COMP_FAILED) 662 if (session->connection_state.read_compression_state == GNUTLS_COMP_FAILED)
671 { 663 {
@@ -695,37 +687,35 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session)
695 if (session->internals.resumed == RESUME_FALSE) 687 if (session->internals.resumed == RESUME_FALSE)
696 { 688 {
697 rc = mhd_gtls_set_write_cipher (session, 689 rc = mhd_gtls_set_write_cipher (session,
698 mhd_gtls_cipher_suite_get_cipher_algo 690 mhd_gtls_cipher_suite_get_cipher_algo
699 (&session->security_parameters. 691 (&session->security_parameters.
700 current_cipher_suite)); 692 current_cipher_suite));
701 if (rc < 0) 693 if (rc < 0)
702 return rc; 694 return rc;
703 rc = mhd_gtls_set_write_mac (session, 695 rc = mhd_gtls_set_write_mac (session,
704 mhd_gtls_cipher_suite_get_mac_algo 696 mhd_gtls_cipher_suite_get_mac_algo
705 (&session->security_parameters. 697 (&session->security_parameters.
706 current_cipher_suite)); 698 current_cipher_suite));
707 if (rc < 0) 699 if (rc < 0)
708 return rc; 700 return rc;
709 701
710 rc = mhd_gtls_set_kx (session, 702 rc = mhd_gtls_set_kx (session,
711 mhd_gtls_cipher_suite_get_kx_algo 703 mhd_gtls_cipher_suite_get_kx_algo
712 (&session->security_parameters. 704 (&session->security_parameters.
713 current_cipher_suite)); 705 current_cipher_suite));
714 if (rc < 0) 706 if (rc < 0)
715 return rc; 707 return rc;
716 708
717 rc = mhd_gtls_set_write_compression (session, 709 rc = mhd_gtls_set_write_compression (session,
718 session->internals. 710 session->internals.
719 compression_method); 711 compression_method);
720 if (rc < 0) 712 if (rc < 0)
721 return rc; 713 return rc;
722 } 714 }
723 else 715 else
724 { /* RESUME_TRUE */ 716 { /* RESUME_TRUE */
725 _gnutls_cpy_write_security_parameters (&session-> 717 _gnutls_cpy_write_security_parameters (&session->security_parameters,
726 security_parameters, 718 &session->internals.
727 &session->
728 internals.
729 resumed_security_parameters); 719 resumed_security_parameters);
730 } 720 }
731 721
@@ -734,9 +724,9 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session)
734 return rc; 724 return rc;
735 725
736 _gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n", session, 726 _gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n", session,
737 mhd_gtls_cipher_suite_get_name (&session-> 727 mhd_gtls_cipher_suite_get_name
738 security_parameters. 728 (&session->security_parameters.
739 current_cipher_suite)); 729 current_cipher_suite));
740 730
741 if (mhd_gtls_compression_is_ok 731 if (mhd_gtls_compression_is_ok
742 (session->security_parameters.write_compression_algorithm) != 0) 732 (session->security_parameters.write_compression_algorithm) != 0)
@@ -763,12 +753,12 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session)
763 mhd_gnutls_cipher_deinit (session->connection_state.write_cipher_state); 753 mhd_gnutls_cipher_deinit (session->connection_state.write_cipher_state);
764 754
765 if (session->connection_state.write_compression_state != NULL) 755 if (session->connection_state.write_compression_state != NULL)
766 mhd_gtls_comp_deinit (session->connection_state. 756 mhd_gtls_comp_deinit (session->connection_state.write_compression_state,
767 write_compression_state, 0); 757 0);
768 758
769 mac_size = 759 mac_size =
770 mhd_gnutls_hash_get_algo_len (session->security_parameters. 760 mhd_gnutls_hash_get_algo_len (session->security_parameters.
771 write_mac_algorithm); 761 write_mac_algorithm);
772 762
773 _gnutls_handshake_log 763 _gnutls_handshake_log
774 ("HSK[%x]: Initializing internal [write] cipher sessions\n", session); 764 ("HSK[%x]: Initializing internal [write] cipher sessions\n", session);
@@ -780,15 +770,14 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session)
780 */ 770 */
781 session->connection_state.write_cipher_state = 771 session->connection_state.write_cipher_state =
782 mhd_gtls_cipher_init (session->security_parameters. 772 mhd_gtls_cipher_init (session->security_parameters.
783 write_bulk_cipher_algorithm, 773 write_bulk_cipher_algorithm,
784 &session->cipher_specs. 774 &session->cipher_specs.server_write_key,
785 server_write_key, 775 &session->cipher_specs.server_write_IV);
786 &session->cipher_specs.server_write_IV);
787 776
788 if (session->connection_state.write_cipher_state == 777 if (session->connection_state.write_cipher_state ==
789 GNUTLS_CIPHER_FAILED 778 GNUTLS_CIPHER_FAILED
790 && session->security_parameters. 779 && session->security_parameters.write_bulk_cipher_algorithm !=
791 write_bulk_cipher_algorithm != MHD_GNUTLS_CIPHER_NULL) 780 MHD_GNUTLS_CIPHER_NULL)
792 { 781 {
793 gnutls_assert (); 782 gnutls_assert ();
794 return GNUTLS_E_INTERNAL_ERROR; 783 return GNUTLS_E_INTERNAL_ERROR;
@@ -800,8 +789,7 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session)
800 */ 789 */
801 if (mac_size > 0) 790 if (mac_size > 0)
802 { 791 {
803 if (_gnutls_sset_datum (&session->connection_state. 792 if (_gnutls_sset_datum (&session->connection_state.write_mac_secret,
804 write_mac_secret,
805 session->cipher_specs. 793 session->cipher_specs.
806 server_write_mac_secret.data, 794 server_write_mac_secret.data,
807 session->cipher_specs. 795 session->cipher_specs.
@@ -819,15 +807,14 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session)
819 case GNUTLS_CLIENT: 807 case GNUTLS_CLIENT:
820 session->connection_state.write_cipher_state = 808 session->connection_state.write_cipher_state =
821 mhd_gtls_cipher_init (session->security_parameters. 809 mhd_gtls_cipher_init (session->security_parameters.
822 write_bulk_cipher_algorithm, 810 write_bulk_cipher_algorithm,
823 &session->cipher_specs. 811 &session->cipher_specs.client_write_key,
824 client_write_key, 812 &session->cipher_specs.client_write_IV);
825 &session->cipher_specs.client_write_IV);
826 813
827 if (session->connection_state.write_cipher_state == 814 if (session->connection_state.write_cipher_state ==
828 GNUTLS_CIPHER_FAILED 815 GNUTLS_CIPHER_FAILED
829 && session->security_parameters. 816 && session->security_parameters.write_bulk_cipher_algorithm !=
830 write_bulk_cipher_algorithm != MHD_GNUTLS_CIPHER_NULL) 817 MHD_GNUTLS_CIPHER_NULL)
831 { 818 {
832 gnutls_assert (); 819 gnutls_assert ();
833 return GNUTLS_E_INTERNAL_ERROR; 820 return GNUTLS_E_INTERNAL_ERROR;
@@ -837,8 +824,7 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session)
837 */ 824 */
838 if (mac_size > 0) 825 if (mac_size > 0)
839 { 826 {
840 if (_gnutls_sset_datum (&session->connection_state. 827 if (_gnutls_sset_datum (&session->connection_state.write_mac_secret,
841 write_mac_secret,
842 session->cipher_specs. 828 session->cipher_specs.
843 client_write_mac_secret.data, 829 client_write_mac_secret.data,
844 session->cipher_specs. 830 session->cipher_specs.
@@ -859,7 +845,7 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session)
859 845
860 session->connection_state.write_compression_state = 846 session->connection_state.write_compression_state =
861 mhd_gtls_comp_init (session->security_parameters. 847 mhd_gtls_comp_init (session->security_parameters.
862 write_compression_algorithm, 0); 848 write_compression_algorithm, 0);
863 849
864 if (session->connection_state.write_compression_state == GNUTLS_COMP_FAILED) 850 if (session->connection_state.write_compression_state == GNUTLS_COMP_FAILED)
865 { 851 {
@@ -874,7 +860,7 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session)
874 */ 860 */
875int 861int
876mhd_gtls_set_read_cipher (mhd_gtls_session_t session, 862mhd_gtls_set_read_cipher (mhd_gtls_session_t session,
877 enum MHD_GNUTLS_CipherAlgorithm algo) 863 enum MHD_GNUTLS_CipherAlgorithm algo)
878{ 864{
879 865
880 if (mhd_gtls_cipher_is_ok (algo) == 0) 866 if (mhd_gtls_cipher_is_ok (algo) == 0)
@@ -900,7 +886,7 @@ mhd_gtls_set_read_cipher (mhd_gtls_session_t session,
900 886
901int 887int
902mhd_gtls_set_write_cipher (mhd_gtls_session_t session, 888mhd_gtls_set_write_cipher (mhd_gtls_session_t session,
903 enum MHD_GNUTLS_CipherAlgorithm algo) 889 enum MHD_GNUTLS_CipherAlgorithm algo)
904{ 890{
905 891
906 if (mhd_gtls_cipher_is_ok (algo) == 0) 892 if (mhd_gtls_cipher_is_ok (algo) == 0)
@@ -929,7 +915,7 @@ mhd_gtls_set_write_cipher (mhd_gtls_session_t session,
929 */ 915 */
930int 916int
931mhd_gtls_set_read_compression (mhd_gtls_session_t session, 917mhd_gtls_set_read_compression (mhd_gtls_session_t session,
932 enum MHD_GNUTLS_CompressionMethod algo) 918 enum MHD_GNUTLS_CompressionMethod algo)
933{ 919{
934 920
935 if (mhd_gtls_compression_is_ok (algo) == 0) 921 if (mhd_gtls_compression_is_ok (algo) == 0)
@@ -947,7 +933,7 @@ mhd_gtls_set_read_compression (mhd_gtls_session_t session,
947 933
948int 934int
949mhd_gtls_set_write_compression (mhd_gtls_session_t session, 935mhd_gtls_set_write_compression (mhd_gtls_session_t session,
950 enum MHD_GNUTLS_CompressionMethod algo) 936 enum MHD_GNUTLS_CompressionMethod algo)
951{ 937{
952 938
953 if (mhd_gtls_compression_is_ok (algo) == 0) 939 if (mhd_gtls_compression_is_ok (algo) == 0)
@@ -966,7 +952,8 @@ mhd_gtls_set_write_compression (mhd_gtls_session_t session,
966/* Sets the specified kx algorithm into pending session 952/* Sets the specified kx algorithm into pending session
967 */ 953 */
968int 954int
969mhd_gtls_set_kx (mhd_gtls_session_t session, enum MHD_GNUTLS_KeyExchangeAlgorithm algo) 955mhd_gtls_set_kx (mhd_gtls_session_t session,
956 enum MHD_GNUTLS_KeyExchangeAlgorithm algo)
970{ 957{
971 958
972 if (mhd_gtls_kx_is_ok (algo) == 0) 959 if (mhd_gtls_kx_is_ok (algo) == 0)
@@ -991,7 +978,8 @@ mhd_gtls_set_kx (mhd_gtls_session_t session, enum MHD_GNUTLS_KeyExchangeAlgorith
991 978
992/* Sets the specified mac algorithm into pending session */ 979/* Sets the specified mac algorithm into pending session */
993int 980int
994mhd_gtls_set_read_mac (mhd_gtls_session_t session, enum MHD_GNUTLS_HashAlgorithm algo) 981mhd_gtls_set_read_mac (mhd_gtls_session_t session,
982 enum MHD_GNUTLS_HashAlgorithm algo)
995{ 983{
996 984
997 if (mhd_gnutls_mac_is_ok (algo) == 0) 985 if (mhd_gnutls_mac_is_ok (algo) == 0)
@@ -1015,7 +1003,8 @@ mhd_gtls_set_read_mac (mhd_gtls_session_t session, enum MHD_GNUTLS_HashAlgorithm
1015} 1003}
1016 1004
1017int 1005int
1018mhd_gtls_set_write_mac (mhd_gtls_session_t session, enum MHD_GNUTLS_HashAlgorithm algo) 1006mhd_gtls_set_write_mac (mhd_gtls_session_t session,
1007 enum MHD_GNUTLS_HashAlgorithm algo)
1019{ 1008{
1020 1009
1021 if (mhd_gnutls_mac_is_ok (algo) == 0) 1010 if (mhd_gnutls_mac_is_ok (algo) == 0)
diff --git a/src/daemon/https/tls/gnutls_constate.h b/src/daemon/https/tls/gnutls_constate.h
index e69a0355..184e7873 100644
--- a/src/daemon/https/tls/gnutls_constate.h
+++ b/src/daemon/https/tls/gnutls_constate.h
@@ -26,15 +26,16 @@ int mhd_gtls_connection_state_init (mhd_gtls_session_t session);
26int mhd_gtls_read_connection_state_init (mhd_gtls_session_t session); 26int mhd_gtls_read_connection_state_init (mhd_gtls_session_t session);
27int mhd_gtls_write_connection_state_init (mhd_gtls_session_t session); 27int mhd_gtls_write_connection_state_init (mhd_gtls_session_t session);
28int mhd_gtls_set_write_cipher (mhd_gtls_session_t session, 28int mhd_gtls_set_write_cipher (mhd_gtls_session_t session,
29 enum MHD_GNUTLS_CipherAlgorithm algo); 29 enum MHD_GNUTLS_CipherAlgorithm algo);
30int mhd_gtls_set_write_mac (mhd_gtls_session_t session, 30int mhd_gtls_set_write_mac (mhd_gtls_session_t session,
31 enum MHD_GNUTLS_HashAlgorithm algo); 31 enum MHD_GNUTLS_HashAlgorithm algo);
32int mhd_gtls_set_read_cipher (mhd_gtls_session_t session, 32int mhd_gtls_set_read_cipher (mhd_gtls_session_t session,
33 enum MHD_GNUTLS_CipherAlgorithm algo); 33 enum MHD_GNUTLS_CipherAlgorithm algo);
34int mhd_gtls_set_read_mac (mhd_gtls_session_t session, 34int mhd_gtls_set_read_mac (mhd_gtls_session_t session,
35 enum MHD_GNUTLS_HashAlgorithm algo); 35 enum MHD_GNUTLS_HashAlgorithm algo);
36int mhd_gtls_set_read_compression (mhd_gtls_session_t session, 36int mhd_gtls_set_read_compression (mhd_gtls_session_t session,
37 enum MHD_GNUTLS_CompressionMethod algo); 37 enum MHD_GNUTLS_CompressionMethod algo);
38int mhd_gtls_set_write_compression (mhd_gtls_session_t session, 38int mhd_gtls_set_write_compression (mhd_gtls_session_t session,
39 enum MHD_GNUTLS_CompressionMethod algo); 39 enum MHD_GNUTLS_CompressionMethod algo);
40int mhd_gtls_set_kx (mhd_gtls_session_t session, enum MHD_GNUTLS_KeyExchangeAlgorithm algo); 40int mhd_gtls_set_kx (mhd_gtls_session_t session,
41 enum MHD_GNUTLS_KeyExchangeAlgorithm algo);
diff --git a/src/daemon/https/tls/gnutls_datum.c b/src/daemon/https/tls/gnutls_datum.c
index ea18d801..d437ee2c 100644
--- a/src/daemon/https/tls/gnutls_datum.c
+++ b/src/daemon/https/tls/gnutls_datum.c
@@ -68,7 +68,7 @@ mhd_gtls_write_datum8 (opaque * dest, gnutls_datum_t dat)
68 68
69int 69int
70mhd_gtls_set_datum_m (gnutls_datum_t * dat, const void *data, 70mhd_gtls_set_datum_m (gnutls_datum_t * dat, const void *data,
71 size_t data_size, gnutls_alloc_function galloc_func) 71 size_t data_size, gnutls_alloc_function galloc_func)
72{ 72{
73 if (data_size == 0 || data == NULL) 73 if (data_size == 0 || data == NULL)
74 { 74 {
@@ -89,8 +89,8 @@ mhd_gtls_set_datum_m (gnutls_datum_t * dat, const void *data,
89 89
90int 90int
91mhd_gtls_datum_append_m (gnutls_datum_t * dst, const void *data, 91mhd_gtls_datum_append_m (gnutls_datum_t * dst, const void *data,
92 size_t data_size, 92 size_t data_size,
93 gnutls_realloc_function grealloc_func) 93 gnutls_realloc_function grealloc_func)
94{ 94{
95 95
96 dst->data = grealloc_func (dst->data, data_size + dst->size); 96 dst->data = grealloc_func (dst->data, data_size + dst->size);
diff --git a/src/daemon/https/tls/gnutls_datum.h b/src/daemon/https/tls/gnutls_datum.h
index cce91595..f54e300b 100644
--- a/src/daemon/https/tls/gnutls_datum.h
+++ b/src/daemon/https/tls/gnutls_datum.h
@@ -28,12 +28,12 @@ void mhd_gtls_write_datum32 (opaque * dest, gnutls_datum_t dat);
28void mhd_gtls_write_datum8 (opaque * dest, gnutls_datum_t dat); 28void mhd_gtls_write_datum8 (opaque * dest, gnutls_datum_t dat);
29 29
30int mhd_gtls_set_datum_m (gnutls_datum_t * dat, const void *data, 30int mhd_gtls_set_datum_m (gnutls_datum_t * dat, const void *data,
31 size_t data_size, gnutls_alloc_function); 31 size_t data_size, gnutls_alloc_function);
32#define _gnutls_set_datum( x, y, z) mhd_gtls_set_datum_m(x,y,z, gnutls_malloc) 32#define _gnutls_set_datum( x, y, z) mhd_gtls_set_datum_m(x,y,z, gnutls_malloc)
33#define _gnutls_sset_datum( x, y, z) mhd_gtls_set_datum_m(x,y,z, gnutls_secure_malloc) 33#define _gnutls_sset_datum( x, y, z) mhd_gtls_set_datum_m(x,y,z, gnutls_secure_malloc)
34 34
35int mhd_gtls_datum_append_m (gnutls_datum_t * dat, const void *data, 35int mhd_gtls_datum_append_m (gnutls_datum_t * dat, const void *data,
36 size_t data_size, gnutls_realloc_function); 36 size_t data_size, gnutls_realloc_function);
37#define _gnutls_datum_append(x,y,z) mhd_gtls_datum_append_m(x,y,z, gnutls_realloc) 37#define _gnutls_datum_append(x,y,z) mhd_gtls_datum_append_m(x,y,z, gnutls_realloc)
38 38
39void mhd_gtls_free_datum_m (gnutls_datum_t * dat, gnutls_free_function); 39void mhd_gtls_free_datum_m (gnutls_datum_t * dat, gnutls_free_function);
diff --git a/src/daemon/https/tls/gnutls_dh.c b/src/daemon/https/tls/gnutls_dh.c
index 388f6e0c..8cd5175d 100644
--- a/src/daemon/https/tls/gnutls_dh.c
+++ b/src/daemon/https/tls/gnutls_dh.c
@@ -26,8 +26,8 @@
26#include <gnutls_errors.h> 26#include <gnutls_errors.h>
27 27
28 28
29/* 29/*
30 --Example-- 30 --Example--
31 you: X = g ^ x mod p; 31 you: X = g ^ x mod p;
32 peer:Y = g ^ y mod p; 32 peer:Y = g ^ y mod p;
33 33
@@ -77,7 +77,7 @@ mhd_gtls_calc_dh_secret (mpi_t * ret_x, mpi_t g, mpi_t prime)
77 do 77 do
78 { 78 {
79 _gnutls_mpi_randomize (x, (x_size / 8) * 8, GCRY_STRONG_RANDOM); 79 _gnutls_mpi_randomize (x, (x_size / 8) * 8, GCRY_STRONG_RANDOM);
80 /* Check whether x is zero. 80 /* Check whether x is zero.
81 */ 81 */
82 } 82 }
83 while (_gnutls_mpi_cmp_ui (x, 0) == 0); 83 while (_gnutls_mpi_cmp_ui (x, 0) == 0);
@@ -134,8 +134,8 @@ mhd_gtls_calc_dh_key (mpi_t f, mpi_t x, mpi_t prime)
134 -*/ 134 -*/
135mhd_gtls_dh_params_t 135mhd_gtls_dh_params_t
136mhd_gtls_get_dh_params (mhd_gtls_dh_params_t dh_params, 136mhd_gtls_get_dh_params (mhd_gtls_dh_params_t dh_params,
137 gnutls_params_function * func, 137 gnutls_params_function * func,
138 mhd_gtls_session_t session) 138 mhd_gtls_session_t session)
139{ 139{
140 gnutls_params_st params; 140 gnutls_params_st params;
141 int ret; 141 int ret;
diff --git a/src/daemon/https/tls/gnutls_dh.h b/src/daemon/https/tls/gnutls_dh.h
index 06ac6135..6dec6e64 100644
--- a/src/daemon/https/tls/gnutls_dh.h
+++ b/src/daemon/https/tls/gnutls_dh.h
@@ -25,14 +25,14 @@
25#ifndef GNUTLS_DH_H 25#ifndef GNUTLS_DH_H
26# define GNUTLS_DH_H 26# define GNUTLS_DH_H
27 27
28const mpi_t * mhd_gtls_dh_params_to_mpi (mhd_gtls_dh_params_t); 28const mpi_t *mhd_gtls_dh_params_to_mpi (mhd_gtls_dh_params_t);
29mpi_t mhd_gtls_calc_dh_secret (mpi_t * ret_x, mpi_t g, mpi_t prime); 29mpi_t mhd_gtls_calc_dh_secret (mpi_t * ret_x, mpi_t g, mpi_t prime);
30mpi_t mhd_gtls_calc_dh_key (mpi_t f, mpi_t x, mpi_t prime); 30mpi_t mhd_gtls_calc_dh_key (mpi_t f, mpi_t x, mpi_t prime);
31int mhd_gtls_dh_generate_prime (mpi_t * ret_g, mpi_t * ret_n, unsigned bits); 31int mhd_gtls_dh_generate_prime (mpi_t * ret_g, mpi_t * ret_n, unsigned bits);
32 32
33mhd_gtls_dh_params_t 33mhd_gtls_dh_params_t
34mhd_gtls_get_dh_params (mhd_gtls_dh_params_t dh_params, 34mhd_gtls_get_dh_params (mhd_gtls_dh_params_t dh_params,
35 gnutls_params_function * func, 35 gnutls_params_function * func,
36 mhd_gtls_session_t session); 36 mhd_gtls_session_t session);
37 37
38#endif 38#endif
diff --git a/src/daemon/https/tls/gnutls_dh_primes.c b/src/daemon/https/tls/gnutls_dh_primes.c
index 0d404bd8..acd08a75 100644
--- a/src/daemon/https/tls/gnutls_dh_primes.c
+++ b/src/daemon/https/tls/gnutls_dh_primes.c
@@ -197,7 +197,8 @@ MHD_gnutls_dh_params_deinit (mhd_gtls_dh_params_t dh_params)
197 * 197 *
198 **/ 198 **/
199int 199int
200MHD_gnutls_dh_params_generate2 (mhd_gtls_dh_params_t params, unsigned int bits) 200MHD_gnutls_dh_params_generate2 (mhd_gtls_dh_params_t params,
201 unsigned int bits)
201{ 202{
202 int ret; 203 int ret;
203 204
diff --git a/src/daemon/https/tls/gnutls_errors.c b/src/daemon/https/tls/gnutls_errors.c
index d9b05a5a..107412c5 100644
--- a/src/daemon/https/tls/gnutls_errors.c
+++ b/src/daemon/https/tls/gnutls_errors.c
@@ -260,7 +260,7 @@ static const gnutls_error_entry mhd_gtls_error_algorithms[] = {
260 * @error: is an error returned by a gnutls function. Error should be a negative value. 260 * @error: is an error returned by a gnutls function. Error should be a negative value.
261 * 261 *
262 * If a function returns a negative value you may feed that value 262 * If a function returns a negative value you may feed that value
263 * to this function to see if it is fatal. Returns 1 for a fatal 263 * to this function to see if it is fatal. Returns 1 for a fatal
264 * error 0 otherwise. However you may want to check the 264 * error 0 otherwise. However you may want to check the
265 * error code manually, since some non-fatal errors to the protocol 265 * error code manually, since some non-fatal errors to the protocol
266 * may be fatal for you (your program). 266 * may be fatal for you (your program).
@@ -290,7 +290,7 @@ MHD_gtls_error_is_fatal (int error)
290 * MHD_gtls_perror - prints a string to stderr with a description of an error 290 * MHD_gtls_perror - prints a string to stderr with a description of an error
291 * @error: is an error returned by a gnutls function. Error is always a negative value. 291 * @error: is an error returned by a gnutls function. Error is always a negative value.
292 * 292 *
293 * This function is like perror(). The only difference is that it accepts an 293 * This function is like perror(). The only difference is that it accepts an
294 * error number returned by a gnutls function. 294 * error number returned by a gnutls function.
295 **/ 295 **/
296void 296void
diff --git a/src/daemon/https/tls/gnutls_extensions.c b/src/daemon/https/tls/gnutls_extensions.c
index 6b2f00c8..4cd81f16 100644
--- a/src/daemon/https/tls/gnutls_extensions.c
+++ b/src/daemon/https/tls/gnutls_extensions.c
@@ -142,8 +142,8 @@ _gnutls_extension_list_check (mhd_gtls_session_t session, uint16_t type)
142 142
143int 143int
144mhd_gtls_parse_extensions (mhd_gtls_session_t session, 144mhd_gtls_parse_extensions (mhd_gtls_session_t session,
145 mhd_gtls_ext_parse_type_t parse_type, 145 mhd_gtls_ext_parse_type_t parse_type,
146 const opaque * data, int data_size) 146 const opaque * data, int data_size)
147{ 147{
148 int next, ret; 148 int next, ret;
149 int pos = 0; 149 int pos = 0;
@@ -159,9 +159,8 @@ mhd_gtls_parse_extensions (mhd_gtls_session_t session,
159 { 159 {
160 _gnutls_debug_log ("EXT[%d]: expecting extension '%s'\n", 160 _gnutls_debug_log ("EXT[%d]: expecting extension '%s'\n",
161 session, 161 session,
162 mhd_gtls_extension_get_name (session-> 162 mhd_gtls_extension_get_name
163 internals. 163 (session->internals.extensions_sent[i]));
164 extensions_sent[i]));
165 } 164 }
166#endif 165#endif
167 166
@@ -236,7 +235,7 @@ _gnutls_extension_list_add (mhd_gtls_session_t session, uint16_t type)
236 235
237int 236int
238mhd_gtls_gen_extensions (mhd_gtls_session_t session, opaque * data, 237mhd_gtls_gen_extensions (mhd_gtls_session_t session, opaque * data,
239 size_t data_size) 238 size_t data_size)
240{ 239{
241 int size; 240 int size;
242 uint16_t pos = 0; 241 uint16_t pos = 0;
diff --git a/src/daemon/https/tls/gnutls_extensions.h b/src/daemon/https/tls/gnutls_extensions.h
index d5e209f8..52604067 100644
--- a/src/daemon/https/tls/gnutls_extensions.h
+++ b/src/daemon/https/tls/gnutls_extensions.h
@@ -24,16 +24,18 @@
24 24
25#include <gnutls_int.h> 25#include <gnutls_int.h>
26 26
27const char * mhd_gtls_extension_get_name (uint16_t type); 27const char *mhd_gtls_extension_get_name (uint16_t type);
28int mhd_gtls_parse_extensions (mhd_gtls_session_t, mhd_gtls_ext_parse_type_t, const opaque *, int); 28int mhd_gtls_parse_extensions (mhd_gtls_session_t, mhd_gtls_ext_parse_type_t,
29 const opaque *, int);
29int mhd_gtls_gen_extensions (mhd_gtls_session_t session, opaque * data, 30int mhd_gtls_gen_extensions (mhd_gtls_session_t session, opaque * data,
30 size_t data_size); 31 size_t data_size);
31 32
32typedef int (* mhd_gtls_ext_recv_func) (mhd_gtls_session_t, const opaque *, size_t); /* recv data */ 33typedef int (*mhd_gtls_ext_recv_func) (mhd_gtls_session_t, const opaque *, size_t); /* recv data */
33typedef int (* mhd_gtls_ext_send_func) (mhd_gtls_session_t, opaque *, size_t); /* send data */ 34typedef int (*mhd_gtls_ext_send_func) (mhd_gtls_session_t, opaque *, size_t); /* send data */
34 35
35mhd_gtls_ext_send_func mhd_gtls_ext_func_send (uint16_t type); 36mhd_gtls_ext_send_func mhd_gtls_ext_func_send (uint16_t type);
36mhd_gtls_ext_recv_func mhd_gtls_ext_func_recv (uint16_t type, mhd_gtls_ext_parse_type_t); 37mhd_gtls_ext_recv_func mhd_gtls_ext_func_recv (uint16_t type,
38 mhd_gtls_ext_parse_type_t);
37 39
38typedef struct 40typedef struct
39{ 41{
diff --git a/src/daemon/https/tls/gnutls_global.c b/src/daemon/https/tls/gnutls_global.c
index 87f92239..a086b1f4 100644
--- a/src/daemon/https/tls/gnutls_global.c
+++ b/src/daemon/https/tls/gnutls_global.c
@@ -121,13 +121,14 @@ int _gnutls_is_secure_mem_null (const void *);
121 * This function must be called before MHD_gnutls_global_init() is called. 121 * This function must be called before MHD_gnutls_global_init() is called.
122 * 122 *
123 **/ 123 **/
124void MHD_gtls_global_set_mem_functions(gnutls_alloc_function alloc_func, 124void
125 gnutls_alloc_function 125MHD_gtls_global_set_mem_functions (gnutls_alloc_function alloc_func,
126 secure_alloc_func, 126 gnutls_alloc_function
127 gnutls_is_secure_function 127 secure_alloc_func,
128 is_secure_func, 128 gnutls_is_secure_function
129 gnutls_realloc_function realloc_func, 129 is_secure_func,
130 gnutls_free_function free_func) 130 gnutls_realloc_function realloc_func,
131 gnutls_free_function free_func)
131{ 132{
132 gnutls_secure_malloc = secure_alloc_func; 133 gnutls_secure_malloc = secure_alloc_func;
133 gnutls_malloc = alloc_func; 134 gnutls_malloc = alloc_func;
@@ -147,7 +148,7 @@ void MHD_gtls_global_set_mem_functions(gnutls_alloc_function alloc_func,
147 gnutls_calloc = calloc; 148 gnutls_calloc = calloc;
148 } 149 }
149 else 150 else
150 { /* use the included ones */ 151 { /* use the included ones */
151 gnutls_calloc = mhd_gtls_calloc; 152 gnutls_calloc = mhd_gtls_calloc;
152 } 153 }
153 gnutls_strdup = mhd_gtls_strdup; 154 gnutls_strdup = mhd_gtls_strdup;
@@ -350,7 +351,7 @@ MHD_gnutls_global_deinit (void)
350 **/ 351 **/
351void 352void
352MHD_gnutls_transport_set_pull_function (mhd_gtls_session_t session, 353MHD_gnutls_transport_set_pull_function (mhd_gtls_session_t session,
353 mhd_gtls_pull_func pull_func) 354 mhd_gtls_pull_func pull_func)
354{ 355{
355 session->internals._gnutls_pull_func = pull_func; 356 session->internals._gnutls_pull_func = pull_func;
356} 357}
@@ -371,7 +372,7 @@ MHD_gnutls_transport_set_pull_function (mhd_gtls_session_t session,
371 **/ 372 **/
372void 373void
373MHD_gnutls_transport_set_push_function (mhd_gtls_session_t session, 374MHD_gnutls_transport_set_push_function (mhd_gtls_session_t session,
374 mhd_gtls_push_func push_func) 375 mhd_gtls_push_func push_func)
375{ 376{
376 session->internals._gnutls_push_func = push_func; 377 session->internals._gnutls_push_func = push_func;
377} 378}
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
index 084e0477..52473c27 100644
--- a/src/daemon/https/tls/gnutls_handshake.c
+++ b/src/daemon/https/tls/gnutls_handshake.c
@@ -59,7 +59,7 @@
59#define FALSE 0 59#define FALSE 0
60 60
61static int _gnutls_server_select_comp_method (mhd_gtls_session_t session, 61static int _gnutls_server_select_comp_method (mhd_gtls_session_t session,
62 opaque * data, int datalen); 62 opaque * data, int datalen);
63 63
64 64
65/* Clears the handshake hash buffers and handles. 65/* Clears the handshake hash buffers and handles.
@@ -82,19 +82,16 @@ static void
82resume_copy_required_values (mhd_gtls_session_t session) 82resume_copy_required_values (mhd_gtls_session_t session)
83{ 83{
84 /* get the new random values */ 84 /* get the new random values */
85 memcpy (session->internals.resumed_security_parameters. 85 memcpy (session->internals.resumed_security_parameters.server_random,
86 server_random,
87 session->security_parameters.server_random, TLS_RANDOM_SIZE); 86 session->security_parameters.server_random, TLS_RANDOM_SIZE);
88 memcpy (session->internals.resumed_security_parameters. 87 memcpy (session->internals.resumed_security_parameters.client_random,
89 client_random,
90 session->security_parameters.client_random, TLS_RANDOM_SIZE); 88 session->security_parameters.client_random, TLS_RANDOM_SIZE);
91 89
92 /* keep the ciphersuite and compression 90 /* keep the ciphersuite and compression
93 * That is because the client must see these in our 91 * That is because the client must see these in our
94 * hello message. 92 * hello message.
95 */ 93 */
96 memcpy (session->security_parameters.current_cipher_suite. 94 memcpy (session->security_parameters.current_cipher_suite.suite,
97 suite,
98 session->internals.resumed_security_parameters. 95 session->internals.resumed_security_parameters.
99 current_cipher_suite.suite, 2); 96 current_cipher_suite.suite, 2);
100 97
@@ -108,15 +105,15 @@ resume_copy_required_values (mhd_gtls_session_t session)
108 session->internals.resumed_security_parameters.entity; 105 session->internals.resumed_security_parameters.entity;
109 106
110 mhd_gtls_set_current_version (session, 107 mhd_gtls_set_current_version (session,
111 session->internals. 108 session->internals.
112 resumed_security_parameters.version); 109 resumed_security_parameters.version);
113 110
114 session->security_parameters.cert_type = 111 session->security_parameters.cert_type =
115 session->internals.resumed_security_parameters.cert_type; 112 session->internals.resumed_security_parameters.cert_type;
116 113
117 memcpy (session->security_parameters.session_id, 114 memcpy (session->security_parameters.session_id,
118 session->internals.resumed_security_parameters. 115 session->internals.resumed_security_parameters.session_id,
119 session_id, sizeof (session->security_parameters.session_id)); 116 sizeof (session->security_parameters.session_id));
120 session->security_parameters.session_id_size = 117 session->security_parameters.session_id_size =
121 session->internals.resumed_security_parameters.session_id_size; 118 session->internals.resumed_security_parameters.session_id_size;
122} 119}
@@ -173,11 +170,11 @@ _gnutls_ssl3_finished (mhd_gtls_session_t session, int type, opaque * ret)
173 mhd_gnutls_hash (td_sha, mesg, siz); 170 mhd_gnutls_hash (td_sha, mesg, siz);
174 171
175 mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, ret, 172 mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, ret,
176 session->security_parameters. 173 session->security_parameters.
177 master_secret, TLS_MASTER_SIZE); 174 master_secret, TLS_MASTER_SIZE);
178 mhd_gnutls_mac_deinit_ssl3_handshake (td_sha, &ret[16], 175 mhd_gnutls_mac_deinit_ssl3_handshake (td_sha, &ret[16],
179 session->security_parameters. 176 session->security_parameters.
180 master_secret, TLS_MASTER_SIZE); 177 master_secret, TLS_MASTER_SIZE);
181 178
182 return 0; 179 return 0;
183} 180}
@@ -238,7 +235,7 @@ _gnutls_finished (mhd_gtls_session_t session, int type, void *ret)
238 } 235 }
239 236
240 return mhd_gtls_PRF (session, session->security_parameters.master_secret, 237 return mhd_gtls_PRF (session, session->security_parameters.master_secret,
241 TLS_MASTER_SIZE, mesg, siz, concat, len, 12, ret); 238 TLS_MASTER_SIZE, mesg, siz, concat, len, 12, ret);
242} 239}
243 240
244/* this function will produce TLS_RANDOM_SIZE==32 bytes of random data 241/* this function will produce TLS_RANDOM_SIZE==32 bytes of random data
@@ -271,7 +268,7 @@ mhd_gtls_tls_create_random (opaque * dst)
271 */ 268 */
272int 269int
273mhd_gtls_negotiate_version (mhd_gtls_session_t session, 270mhd_gtls_negotiate_version (mhd_gtls_session_t session,
274 enum MHD_GNUTLS_Protocol adv_version) 271 enum MHD_GNUTLS_Protocol adv_version)
275{ 272{
276 int ret; 273 int ret;
277 274
@@ -302,7 +299,7 @@ mhd_gtls_negotiate_version (mhd_gtls_session_t session,
302 299
303int 300int
304mhd_gtls_user_hello_func (mhd_gtls_session_t session, 301mhd_gtls_user_hello_func (mhd_gtls_session_t session,
305 enum MHD_GNUTLS_Protocol adv_version) 302 enum MHD_GNUTLS_Protocol adv_version)
306{ 303{
307 int ret; 304 int ret;
308 305
@@ -393,10 +390,9 @@ _gnutls_read_client_hello (mhd_gtls_session_t session, opaque * data,
393 } 390 }
394 else 391 else
395 { 392 {
396 mhd_gtls_generate_session_id (session->security_parameters. 393 mhd_gtls_generate_session_id (session->security_parameters.session_id,
397 session_id, 394 &session->security_parameters.
398 &session->security_parameters. 395 session_id_size);
399 session_id_size);
400 396
401 session->internals.resumed = RESUME_FALSE; 397 session->internals.resumed = RESUME_FALSE;
402 } 398 }
@@ -424,7 +420,7 @@ _gnutls_read_client_hello (mhd_gtls_session_t session, opaque * data,
424 */ 420 */
425 if (neg_version >= MHD_GNUTLS_TLS1_0) 421 if (neg_version >= MHD_GNUTLS_TLS1_0)
426 { 422 {
427 ret = mhd_gtls_parse_extensions (session, EXTENSION_APPLICATION, &data[pos], len); /* len is the rest of the parsed length */ 423 ret = mhd_gtls_parse_extensions (session, EXTENSION_APPLICATION, &data[pos], len); /* len is the rest of the parsed length */
428 if (ret < 0) 424 if (ret < 0)
429 { 425 {
430 gnutls_assert (); 426 gnutls_assert ();
@@ -441,7 +437,7 @@ _gnutls_read_client_hello (mhd_gtls_session_t session, opaque * data,
441 437
442 if (neg_version >= MHD_GNUTLS_TLS1_0) 438 if (neg_version >= MHD_GNUTLS_TLS1_0)
443 { 439 {
444 ret = mhd_gtls_parse_extensions (session, EXTENSION_TLS, &data[pos], len); /* len is the rest of the parsed length */ 440 ret = mhd_gtls_parse_extensions (session, EXTENSION_TLS, &data[pos], len); /* len is the rest of the parsed length */
445 if (ret < 0) 441 if (ret < 0)
446 { 442 {
447 gnutls_assert (); 443 gnutls_assert ();
@@ -495,8 +491,10 @@ _gnutls_handshake_hash_pending (mhd_gtls_session_t session)
495 491
496 if (siz > 0) 492 if (siz > 0)
497 { 493 {
498 mhd_gnutls_hash (session->internals.handshake_mac_handle_sha, data, siz); 494 mhd_gnutls_hash (session->internals.handshake_mac_handle_sha, data,
499 mhd_gnutls_hash (session->internals.handshake_mac_handle_md5, data, siz); 495 siz);
496 mhd_gnutls_hash (session->internals.handshake_mac_handle_md5, data,
497 siz);
500 } 498 }
501 499
502 mhd_gtls_handshake_buffer_empty (session); 500 mhd_gtls_handshake_buffer_empty (session);
@@ -554,7 +552,7 @@ _gnutls_send_finished (mhd_gtls_session_t session, int again)
554 552
555 ret = 553 ret =
556 mhd_gtls_send_handshake (session, data, data_size, 554 mhd_gtls_send_handshake (session, data, data_size,
557 GNUTLS_HANDSHAKE_FINISHED); 555 GNUTLS_HANDSHAKE_FINISHED);
558 556
559 return ret; 557 return ret;
560} 558}
@@ -572,7 +570,7 @@ _gnutls_recv_finished (mhd_gtls_session_t session)
572 570
573 ret = 571 ret =
574 mhd_gtls_recv_handshake (session, &vrfy, &vrfysize, 572 mhd_gtls_recv_handshake (session, &vrfy, &vrfysize,
575 GNUTLS_HANDSHAKE_FINISHED, MANDATORY_PACKET); 573 GNUTLS_HANDSHAKE_FINISHED, MANDATORY_PACKET);
576 if (ret < 0) 574 if (ret < 0)
577 { 575 {
578 ERR ("recv finished int", ret); 576 ERR ("recv finished int", ret);
@@ -601,8 +599,8 @@ _gnutls_recv_finished (mhd_gtls_session_t session)
601 { 599 {
602 ret = 600 ret =
603 _gnutls_ssl3_finished (session, 601 _gnutls_ssl3_finished (session,
604 (session->security_parameters. 602 (session->security_parameters.entity + 1) % 2,
605 entity + 1) % 2, data); 603 data);
606 } 604 }
607 else 605 else
608 { /* TLS 1.0 */ 606 { /* TLS 1.0 */
@@ -671,14 +669,14 @@ _gnutls_server_find_pk_algos_in_ciphersuites (const opaque *
671 */ 669 */
672int 670int
673mhd_gtls_server_select_suite (mhd_gtls_session_t session, opaque * data, 671mhd_gtls_server_select_suite (mhd_gtls_session_t session, opaque * data,
674 int datalen) 672 int datalen)
675{ 673{
676 int x, i, j; 674 int x, i, j;
677 cipher_suite_st *ciphers, cs; 675 cipher_suite_st *ciphers, cs;
678 int retval, err; 676 int retval, err;
679 enum MHD_GNUTLS_PublicKeyAlgorithm pk_algo; /* will hold the pk algorithms 677 enum MHD_GNUTLS_PublicKeyAlgorithm pk_algo; /* will hold the pk algorithms
680 * supported by the peer. 678 * supported by the peer.
681 */ 679 */
682 680
683 pk_algo = _gnutls_server_find_pk_algos_in_ciphersuites (data, datalen); 681 pk_algo = _gnutls_server_find_pk_algos_in_ciphersuites (data, datalen);
684 682
@@ -741,8 +739,8 @@ mhd_gtls_server_select_suite (mhd_gtls_session_t session, opaque * data,
741 _gnutls_handshake_log 739 _gnutls_handshake_log
742 ("HSK[%x]: Selected cipher suite: %s\n", session, 740 ("HSK[%x]: Selected cipher suite: %s\n", session,
743 mhd_gtls_cipher_suite_get_name (&cs)); 741 mhd_gtls_cipher_suite_get_name (&cs));
744 memcpy (session->security_parameters.current_cipher_suite. 742 memcpy (session->security_parameters.current_cipher_suite.suite,
745 suite, ciphers[i].suite, 2); 743 ciphers[i].suite, 2);
746 retval = 0; 744 retval = 0;
747 goto finish; 745 goto finish;
748 } 746 }
@@ -763,8 +761,8 @@ finish:
763 if (mhd_gtls_get_kx_cred 761 if (mhd_gtls_get_kx_cred
764 (session, 762 (session,
765 mhd_gtls_cipher_suite_get_kx_algo (&session->security_parameters. 763 mhd_gtls_cipher_suite_get_kx_algo (&session->security_parameters.
766 current_cipher_suite), 764 current_cipher_suite), &err) == NULL
767 &err) == NULL && err != 0) 765 && err != 0)
768 { 766 {
769 gnutls_assert (); 767 gnutls_assert ();
770 return GNUTLS_E_INSUFFICIENT_CREDENTIALS; 768 return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
@@ -777,8 +775,8 @@ finish:
777 */ 775 */
778 session->internals.auth_struct = 776 session->internals.auth_struct =
779 mhd_gtls_kx_auth_struct (mhd_gtls_cipher_suite_get_kx_algo 777 mhd_gtls_kx_auth_struct (mhd_gtls_cipher_suite_get_kx_algo
780 (&session->security_parameters. 778 (&session->security_parameters.
781 current_cipher_suite)); 779 current_cipher_suite));
782 if (session->internals.auth_struct == NULL) 780 if (session->internals.auth_struct == NULL)
783 { 781 {
784 782
@@ -828,7 +826,7 @@ _gnutls_server_select_comp_method (mhd_gtls_session_t session,
828 _gnutls_handshake_log 826 _gnutls_handshake_log
829 ("HSK[%x]: Selected Compression Method: %s\n", session, 827 ("HSK[%x]: Selected Compression Method: %s\n", session,
830 MHD_gnutls_compression_get_name (session->internals. 828 MHD_gnutls_compression_get_name (session->internals.
831 compression_method)); 829 compression_method));
832 830
833 831
834 return 0; 832 return 0;
@@ -883,9 +881,9 @@ _gnutls_handshake_hash_add_sent (mhd_gtls_session_t session,
883 if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) 881 if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
884 { 882 {
885 mhd_gnutls_hash (session->internals.handshake_mac_handle_sha, dataptr, 883 mhd_gnutls_hash (session->internals.handshake_mac_handle_sha, dataptr,
886 datalen); 884 datalen);
887 mhd_gnutls_hash (session->internals.handshake_mac_handle_md5, dataptr, 885 mhd_gnutls_hash (session->internals.handshake_mac_handle_md5, dataptr,
888 datalen); 886 datalen);
889 } 887 }
890 888
891 return 0; 889 return 0;
@@ -899,8 +897,8 @@ _gnutls_handshake_hash_add_sent (mhd_gtls_session_t session,
899 */ 897 */
900int 898int
901mhd_gtls_send_handshake (mhd_gtls_session_t session, void *i_data, 899mhd_gtls_send_handshake (mhd_gtls_session_t session, void *i_data,
902 uint32_t i_datasize, 900 uint32_t i_datasize,
903 gnutls_handshake_description_t type) 901 gnutls_handshake_description_t type)
904{ 902{
905 int ret; 903 int ret;
906 uint8_t *data; 904 uint8_t *data;
@@ -954,7 +952,7 @@ mhd_gtls_send_handshake (mhd_gtls_session_t session, void *i_data,
954 952
955 ret = 953 ret =
956 mhd_gtls_handshake_io_send_int (session, GNUTLS_HANDSHAKE, type, 954 mhd_gtls_handshake_io_send_int (session, GNUTLS_HANDSHAKE, type,
957 data, datasize); 955 data, datasize);
958 956
959 _gnutls_handshake_log ("HSK[%x]: %s was sent [%ld bytes]\n", 957 _gnutls_handshake_log ("HSK[%x]: %s was sent [%ld bytes]\n",
960 session, _gnutls_handshake2str (type), datasize); 958 session, _gnutls_handshake2str (type), datasize);
@@ -1007,7 +1005,7 @@ _gnutls_recv_handshake_header (mhd_gtls_session_t session,
1007 { 1005 {
1008 ret = 1006 ret =
1009 mhd_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, 1007 mhd_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
1010 type, dataptr, SSL2_HEADERS); 1008 type, dataptr, SSL2_HEADERS);
1011 1009
1012 if (ret < 0) 1010 if (ret < 0)
1013 { 1011 {
@@ -1030,14 +1028,13 @@ _gnutls_recv_handshake_header (mhd_gtls_session_t session,
1030 { 1028 {
1031 ret = 1029 ret =
1032 mhd_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, 1030 mhd_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
1033 type, 1031 type,
1034 &dataptr[session-> 1032 &dataptr
1035 internals. 1033 [session->internals.
1036 handshake_header_buffer. 1034 handshake_header_buffer.header_size],
1037 header_size], 1035 HANDSHAKE_HEADER_SIZE -
1038 HANDSHAKE_HEADER_SIZE - 1036 session->internals.
1039 session->internals. 1037 handshake_header_buffer.header_size);
1040 handshake_header_buffer.header_size);
1041 if (ret <= 0) 1038 if (ret <= 0)
1042 { 1039 {
1043 gnutls_assert (); 1040 gnutls_assert ();
@@ -1155,8 +1152,8 @@ _gnutls_handshake_hash_add_recvd (mhd_gtls_session_t session,
1155 */ 1152 */
1156int 1153int
1157mhd_gtls_recv_handshake (mhd_gtls_session_t session, uint8_t ** data, 1154mhd_gtls_recv_handshake (mhd_gtls_session_t session, uint8_t ** data,
1158 int *datalen, gnutls_handshake_description_t type, 1155 int *datalen, gnutls_handshake_description_t type,
1159 Optional optional) 1156 Optional optional)
1160{ 1157{
1161 int ret; 1158 int ret;
1162 uint32_t length32 = 0; 1159 uint32_t length32 = 0;
@@ -1205,7 +1202,7 @@ mhd_gtls_recv_handshake (mhd_gtls_session_t session, uint8_t ** data,
1205 { 1202 {
1206 ret = 1203 ret =
1207 mhd_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, 1204 mhd_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
1208 type, dataptr, length32); 1205 type, dataptr, length32);
1209 if (ret <= 0) 1206 if (ret <= 0)
1210 { 1207 {
1211 gnutls_assert (); 1208 gnutls_assert ();
@@ -1222,8 +1219,8 @@ mhd_gtls_recv_handshake (mhd_gtls_session_t session, uint8_t ** data,
1222 session->internals. 1219 session->internals.
1223 handshake_header_buffer.header, 1220 handshake_header_buffer.header,
1224 session->internals. 1221 session->internals.
1225 handshake_header_buffer. 1222 handshake_header_buffer.header_size,
1226 header_size, dataptr, length32); 1223 dataptr, length32);
1227 if (ret < 0) 1224 if (ret < 0)
1228 { 1225 {
1229 gnutls_assert (); 1226 gnutls_assert ();
@@ -1286,7 +1283,8 @@ _gnutls_client_set_ciphersuite (mhd_gtls_session_t session, opaque suite[2])
1286 int i, err; 1283 int i, err;
1287 1284
1288 z = 1; 1285 z = 1;
1289 cipher_suite_num = mhd_gtls_supported_ciphersuites (session, &cipher_suites); 1286 cipher_suite_num =
1287 mhd_gtls_supported_ciphersuites (session, &cipher_suites);
1290 if (cipher_suite_num < 0) 1288 if (cipher_suite_num < 0)
1291 { 1289 {
1292 gnutls_assert (); 1290 gnutls_assert ();
@@ -1313,19 +1311,19 @@ _gnutls_client_set_ciphersuite (mhd_gtls_session_t session, opaque suite[2])
1313 memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2); 1311 memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2);
1314 1312
1315 _gnutls_handshake_log ("HSK[%x]: Selected cipher suite: %s\n", session, 1313 _gnutls_handshake_log ("HSK[%x]: Selected cipher suite: %s\n", session,
1316 mhd_gtls_cipher_suite_get_name (&session-> 1314 mhd_gtls_cipher_suite_get_name
1317 security_parameters. 1315 (&session->security_parameters.
1318 current_cipher_suite)); 1316 current_cipher_suite));
1319 1317
1320 1318
1321 /* check if the credentials (username, public key etc.) are ok. 1319 /* check if the credentials (username, public key etc.) are ok.
1322 * Actually checks if they exist. 1320 * Actually checks if they exist.
1323 */ 1321 */
1324 if (mhd_gtls_get_kx_cred 1322 if (mhd_gtls_get_kx_cred
1325 (session, mhd_gtls_cipher_suite_get_kx_algo (&session-> 1323 (session,
1326 security_parameters. 1324 mhd_gtls_cipher_suite_get_kx_algo
1327 current_cipher_suite), 1325 (&session->security_parameters.current_cipher_suite), &err) == NULL
1328 &err) == NULL && err != 0) 1326 && err != 0)
1329 { 1327 {
1330 gnutls_assert (); 1328 gnutls_assert ();
1331 return GNUTLS_E_INSUFFICIENT_CREDENTIALS; 1329 return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
@@ -1338,8 +1336,8 @@ _gnutls_client_set_ciphersuite (mhd_gtls_session_t session, opaque suite[2])
1338 */ 1336 */
1339 session->internals.auth_struct = 1337 session->internals.auth_struct =
1340 mhd_gtls_kx_auth_struct (mhd_gtls_cipher_suite_get_kx_algo 1338 mhd_gtls_kx_auth_struct (mhd_gtls_cipher_suite_get_kx_algo
1341 (&session->security_parameters. 1339 (&session->security_parameters.
1342 current_cipher_suite)); 1340 current_cipher_suite));
1343 1341
1344 if (session->internals.auth_struct == NULL) 1342 if (session->internals.auth_struct == NULL)
1345 { 1343 {
@@ -1358,14 +1356,15 @@ _gnutls_client_set_ciphersuite (mhd_gtls_session_t session, opaque suite[2])
1358/* This function sets the given comp method to the session. 1356/* This function sets the given comp method to the session.
1359 */ 1357 */
1360static int 1358static int
1361_gnutls_client_set_comp_method (mhd_gtls_session_t session, opaque comp_method) 1359_gnutls_client_set_comp_method (mhd_gtls_session_t session,
1360 opaque comp_method)
1362{ 1361{
1363 int comp_methods_num; 1362 int comp_methods_num;
1364 uint8_t *compression_methods; 1363 uint8_t *compression_methods;
1365 int i; 1364 int i;
1366 1365
1367 comp_methods_num = mhd_gtls_supported_compression_methods (session, 1366 comp_methods_num = mhd_gtls_supported_compression_methods (session,
1368 &compression_methods); 1367 &compression_methods);
1369 if (comp_methods_num < 0) 1368 if (comp_methods_num < 0)
1370 { 1369 {
1371 gnutls_assert (); 1370 gnutls_assert ();
@@ -1410,21 +1409,19 @@ _gnutls_client_check_if_resuming (mhd_gtls_session_t session,
1410 session_id_len); 1409 session_id_len);
1411 _gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, 1410 _gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session,
1412 mhd_gtls_bin2hex (session_id, session_id_len, buf, 1411 mhd_gtls_bin2hex (session_id, session_id_len, buf,
1413 sizeof (buf))); 1412 sizeof (buf)));
1414 1413
1415 if (session_id_len > 0 && 1414 if (session_id_len > 0 &&
1416 session->internals.resumed_security_parameters.session_id_size == 1415 session->internals.resumed_security_parameters.session_id_size ==
1417 session_id_len 1416 session_id_len
1418 && memcmp (session_id, 1417 && memcmp (session_id,
1419 session->internals.resumed_security_parameters. 1418 session->internals.resumed_security_parameters.session_id,
1420 session_id, session_id_len) == 0) 1419 session_id_len) == 0)
1421 { 1420 {
1422 /* resume session */ 1421 /* resume session */
1423 memcpy (session->internals. 1422 memcpy (session->internals.resumed_security_parameters.server_random,
1424 resumed_security_parameters.server_random,
1425 session->security_parameters.server_random, TLS_RANDOM_SIZE); 1423 session->security_parameters.server_random, TLS_RANDOM_SIZE);
1426 memcpy (session->internals. 1424 memcpy (session->internals.resumed_security_parameters.client_random,
1427 resumed_security_parameters.client_random,
1428 session->security_parameters.client_random, TLS_RANDOM_SIZE); 1425 session->security_parameters.client_random, TLS_RANDOM_SIZE);
1429 session->internals.resumed = RESUME_TRUE; /* we are resuming */ 1426 session->internals.resumed = RESUME_TRUE; /* we are resuming */
1430 1427
@@ -1536,7 +1533,7 @@ _gnutls_read_server_hello (mhd_gtls_session_t session,
1536 */ 1533 */
1537 if (version >= MHD_GNUTLS_TLS1_0) 1534 if (version >= MHD_GNUTLS_TLS1_0)
1538 { 1535 {
1539 ret = mhd_gtls_parse_extensions (session, EXTENSION_ANY, &data[pos], len); /* len is the rest of the parsed length */ 1536 ret = mhd_gtls_parse_extensions (session, EXTENSION_ANY, &data[pos], len); /* len is the rest of the parsed length */
1540 if (ret < 0) 1537 if (ret < 0)
1541 { 1538 {
1542 gnutls_assert (); 1539 gnutls_assert ();
@@ -1627,7 +1624,8 @@ _gnutls_copy_comp_methods (mhd_gtls_session_t session,
1627 uint8_t *compression_methods, comp_num; 1624 uint8_t *compression_methods, comp_num;
1628 int datalen, pos; 1625 int datalen, pos;
1629 1626
1630 ret = mhd_gtls_supported_compression_methods (session, &compression_methods); 1627 ret =
1628 mhd_gtls_supported_compression_methods (session, &compression_methods);
1631 if (ret < 0) 1629 if (ret < 0)
1632 { 1630 {
1633 gnutls_assert (); 1631 gnutls_assert ();
@@ -1841,7 +1839,7 @@ _gnutls_send_client_hello (mhd_gtls_session_t session, int again)
1841 1839
1842 ret = 1840 ret =
1843 mhd_gtls_send_handshake (session, data, datalen, 1841 mhd_gtls_send_handshake (session, data, datalen,
1844 GNUTLS_HANDSHAKE_CLIENT_HELLO); 1842 GNUTLS_HANDSHAKE_CLIENT_HELLO);
1845 gnutls_free (data); 1843 gnutls_free (data);
1846 1844
1847 return ret; 1845 return ret;
@@ -1883,7 +1881,7 @@ _gnutls_send_server_hello (mhd_gtls_session_t session, int again)
1883 */ 1881 */
1884 gnutls_assert (); 1882 gnutls_assert ();
1885 ret = MHD_gnutls_alert_send (session, GNUTLS_AL_FATAL, 1883 ret = MHD_gnutls_alert_send (session, GNUTLS_AL_FATAL,
1886 GNUTLS_A_UNKNOWN_PSK_IDENTITY); 1884 GNUTLS_A_UNKNOWN_PSK_IDENTITY);
1887 if (ret < 0) 1885 if (ret < 0)
1888 { 1886 {
1889 gnutls_assert (); 1887 gnutls_assert ();
@@ -1932,7 +1930,7 @@ _gnutls_send_server_hello (mhd_gtls_session_t session, int again)
1932 1930
1933 _gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, 1931 _gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session,
1934 mhd_gtls_bin2hex (SessionID, session_id_len, 1932 mhd_gtls_bin2hex (SessionID, session_id_len,
1935 buf, sizeof (buf))); 1933 buf, sizeof (buf)));
1936 1934
1937 memcpy (&data[pos], 1935 memcpy (&data[pos],
1938 session->security_parameters.current_cipher_suite.suite, 2); 1936 session->security_parameters.current_cipher_suite.suite, 2);
@@ -1940,7 +1938,7 @@ _gnutls_send_server_hello (mhd_gtls_session_t session, int again)
1940 1938
1941 comp = 1939 comp =
1942 (uint8_t) mhd_gtls_compression_get_num (session-> 1940 (uint8_t) mhd_gtls_compression_get_num (session->
1943 internals.compression_method); 1941 internals.compression_method);
1944 data[pos++] = comp; 1942 data[pos++] = comp;
1945 1943
1946 1944
@@ -1954,7 +1952,7 @@ _gnutls_send_server_hello (mhd_gtls_session_t session, int again)
1954 1952
1955 ret = 1953 ret =
1956 mhd_gtls_send_handshake (session, data, datalen, 1954 mhd_gtls_send_handshake (session, data, datalen,
1957 GNUTLS_HANDSHAKE_SERVER_HELLO); 1955 GNUTLS_HANDSHAKE_SERVER_HELLO);
1958 gnutls_afree (data); 1956 gnutls_afree (data);
1959 1957
1960 return ret; 1958 return ret;
@@ -2137,7 +2135,7 @@ _gnutls_send_supplemental (mhd_gtls_session_t session, int again)
2137 2135
2138 if (again) 2136 if (again)
2139 ret = mhd_gtls_send_handshake (session, NULL, 0, 2137 ret = mhd_gtls_send_handshake (session, NULL, 0,
2140 GNUTLS_HANDSHAKE_SUPPLEMENTAL); 2138 GNUTLS_HANDSHAKE_SUPPLEMENTAL);
2141 else 2139 else
2142 { 2140 {
2143 mhd_gtls_buffer buf; 2141 mhd_gtls_buffer buf;
@@ -2151,7 +2149,7 @@ _gnutls_send_supplemental (mhd_gtls_session_t session, int again)
2151 } 2149 }
2152 2150
2153 ret = mhd_gtls_send_handshake (session, buf.data, buf.length, 2151 ret = mhd_gtls_send_handshake (session, buf.data, buf.length,
2154 GNUTLS_HANDSHAKE_SUPPLEMENTAL); 2152 GNUTLS_HANDSHAKE_SUPPLEMENTAL);
2155 mhd_gtls_buffer_clear (&buf); 2153 mhd_gtls_buffer_clear (&buf);
2156 } 2154 }
2157 2155
@@ -2168,8 +2166,8 @@ _gnutls_recv_supplemental (mhd_gtls_session_t session)
2168 _gnutls_debug_log ("EXT[%x]: Expecting supplemental data\n", session); 2166 _gnutls_debug_log ("EXT[%x]: Expecting supplemental data\n", session);
2169 2167
2170 ret = mhd_gtls_recv_handshake (session, &data, &datalen, 2168 ret = mhd_gtls_recv_handshake (session, &data, &datalen,
2171 GNUTLS_HANDSHAKE_SUPPLEMENTAL, 2169 GNUTLS_HANDSHAKE_SUPPLEMENTAL,
2172 OPTIONAL_PACKET); 2170 OPTIONAL_PACKET);
2173 if (ret < 0) 2171 if (ret < 0)
2174 { 2172 {
2175 gnutls_assert (); 2173 gnutls_assert ();
@@ -2290,12 +2288,12 @@ mhd_gtls_handshake_client (mhd_gtls_session_t session)
2290 if (session->internals.resumed_security_parameters.session_id_size > 0) 2288 if (session->internals.resumed_security_parameters.session_id_size > 0)
2291 _gnutls_handshake_log ("HSK[%x]: Ask to resume: %s\n", session, 2289 _gnutls_handshake_log ("HSK[%x]: Ask to resume: %s\n", session,
2292 mhd_gtls_bin2hex (session->internals. 2290 mhd_gtls_bin2hex (session->internals.
2293 resumed_security_parameters. 2291 resumed_security_parameters.
2294 session_id, 2292 session_id,
2295 session->internals. 2293 session->internals.
2296 resumed_security_parameters. 2294 resumed_security_parameters.
2297 session_id_size, buf, 2295 session_id_size, buf,
2298 sizeof (buf))); 2296 sizeof (buf)));
2299#endif 2297#endif
2300 2298
2301 switch (STATE) 2299 switch (STATE)
@@ -2310,8 +2308,8 @@ mhd_gtls_handshake_client (mhd_gtls_session_t session)
2310 /* receive the server hello */ 2308 /* receive the server hello */
2311 ret = 2309 ret =
2312 mhd_gtls_recv_handshake (session, NULL, NULL, 2310 mhd_gtls_recv_handshake (session, NULL, NULL,
2313 GNUTLS_HANDSHAKE_SERVER_HELLO, 2311 GNUTLS_HANDSHAKE_SERVER_HELLO,
2314 MANDATORY_PACKET); 2312 MANDATORY_PACKET);
2315 STATE = STATE2; 2313 STATE = STATE2;
2316 IMED_RET ("recv hello", ret); 2314 IMED_RET ("recv hello", ret);
2317 2315
@@ -2351,8 +2349,8 @@ mhd_gtls_handshake_client (mhd_gtls_session_t session)
2351 if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ 2349 if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
2352 ret = 2350 ret =
2353 mhd_gtls_recv_handshake (session, NULL, NULL, 2351 mhd_gtls_recv_handshake (session, NULL, NULL,
2354 GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, 2352 GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
2355 MANDATORY_PACKET); 2353 MANDATORY_PACKET);
2356 STATE = STATE6; 2354 STATE = STATE6;
2357 IMED_RET ("recv server hello done", ret); 2355 IMED_RET ("recv server hello done", ret);
2358 2356
@@ -2469,7 +2467,8 @@ _gnutls_recv_handshake_final (mhd_gtls_session_t session, int init)
2469 { 2467 {
2470 case STATE0: 2468 case STATE0:
2471 case STATE30: 2469 case STATE30:
2472 ret = mhd_gtls_recv_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, 1); 2470 ret =
2471 mhd_gtls_recv_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, 1);
2473 STATE = STATE30; 2472 STATE = STATE30;
2474 if (ret <= 0) 2473 if (ret <= 0)
2475 { 2474 {
@@ -2530,8 +2529,8 @@ mhd_gtls_handshake_server (mhd_gtls_session_t session)
2530 case STATE1: 2529 case STATE1:
2531 ret = 2530 ret =
2532 mhd_gtls_recv_handshake (session, NULL, NULL, 2531 mhd_gtls_recv_handshake (session, NULL, NULL,
2533 GNUTLS_HANDSHAKE_CLIENT_HELLO, 2532 GNUTLS_HANDSHAKE_CLIENT_HELLO,
2534 MANDATORY_PACKET); 2533 MANDATORY_PACKET);
2535 STATE = STATE1; 2534 STATE = STATE1;
2536 IMED_RET ("recv hello", ret); 2535 IMED_RET ("recv hello", ret);
2537 2536
@@ -2671,7 +2670,7 @@ mhd_gtls_generate_session_id (opaque * session_id, uint8_t * len)
2671 2670
2672int 2671int
2673mhd_gtls_recv_hello_request (mhd_gtls_session_t session, void *data, 2672mhd_gtls_recv_hello_request (mhd_gtls_session_t session, void *data,
2674 uint32_t data_size) 2673 uint32_t data_size)
2675{ 2674{
2676 uint8_t type; 2675 uint8_t type;
2677 2676
@@ -2701,7 +2700,7 @@ mhd_gtls_recv_hello_request (mhd_gtls_session_t session, void *data,
2701inline static int 2700inline static int
2702check_server_params (mhd_gtls_session_t session, 2701check_server_params (mhd_gtls_session_t session,
2703 enum MHD_GNUTLS_KeyExchangeAlgorithm kx, 2702 enum MHD_GNUTLS_KeyExchangeAlgorithm kx,
2704 enum MHD_GNUTLS_KeyExchangeAlgorithm * alg, int alg_size) 2703 enum MHD_GNUTLS_KeyExchangeAlgorithm *alg, int alg_size)
2705{ 2704{
2706 int cred_type; 2705 int cred_type;
2707 mhd_gtls_dh_params_t dh_params = NULL; 2706 mhd_gtls_dh_params_t dh_params = NULL;
@@ -2717,17 +2716,17 @@ check_server_params (mhd_gtls_session_t session,
2717 int delete; 2716 int delete;
2718 mhd_gtls_cert_credentials_t x509_cred = 2717 mhd_gtls_cert_credentials_t x509_cred =
2719 (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key, 2718 (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key,
2720 cred_type, NULL); 2719 cred_type, NULL);
2721 2720
2722 if (x509_cred != NULL) 2721 if (x509_cred != NULL)
2723 { 2722 {
2724 dh_params = 2723 dh_params =
2725 mhd_gtls_get_dh_params (x509_cred->dh_params, 2724 mhd_gtls_get_dh_params (x509_cred->dh_params,
2726 x509_cred->params_func, session); 2725 x509_cred->params_func, session);
2727 rsa_params = 2726 rsa_params =
2728 mhd_gtls_certificate_get_rsa_params (x509_cred->rsa_params, 2727 mhd_gtls_certificate_get_rsa_params (x509_cred->rsa_params,
2729 x509_cred->params_func, 2728 x509_cred->params_func,
2730 session); 2729 session);
2731 } 2730 }
2732 2731
2733 /* Check also if the certificate supports the 2732 /* Check also if the certificate supports the
@@ -2752,13 +2751,14 @@ check_server_params (mhd_gtls_session_t session,
2752 { 2751 {
2753 mhd_gtls_anon_server_credentials_t anon_cred = 2752 mhd_gtls_anon_server_credentials_t anon_cred =
2754 (mhd_gtls_anon_server_credentials_t) mhd_gtls_get_cred (session->key, 2753 (mhd_gtls_anon_server_credentials_t) mhd_gtls_get_cred (session->key,
2755 cred_type, NULL); 2754 cred_type,
2755 NULL);
2756 2756
2757 if (anon_cred != NULL) 2757 if (anon_cred != NULL)
2758 { 2758 {
2759 dh_params = 2759 dh_params =
2760 mhd_gtls_get_dh_params (anon_cred->dh_params, 2760 mhd_gtls_get_dh_params (anon_cred->dh_params,
2761 anon_cred->params_func, session); 2761 anon_cred->params_func, session);
2762 } 2762 }
2763#endif 2763#endif
2764#ifdef ENABLE_PSK 2764#ifdef ENABLE_PSK
@@ -2767,13 +2767,13 @@ check_server_params (mhd_gtls_session_t session,
2767 { 2767 {
2768 gnutls_psk_server_credentials_t psk_cred = 2768 gnutls_psk_server_credentials_t psk_cred =
2769 (gnutls_psk_server_credentials_t) mhd_gtls_get_cred (session->key, 2769 (gnutls_psk_server_credentials_t) mhd_gtls_get_cred (session->key,
2770 cred_type, NULL); 2770 cred_type, NULL);
2771 2771
2772 if (psk_cred != NULL) 2772 if (psk_cred != NULL)
2773 { 2773 {
2774 dh_params = 2774 dh_params =
2775 mhd_gtls_get_dh_params (psk_cred->dh_params, psk_cred->params_func, 2775 mhd_gtls_get_dh_params (psk_cred->dh_params,
2776 session); 2776 psk_cred->params_func, session);
2777 } 2777 }
2778#endif 2778#endif
2779 } 2779 }
@@ -2816,9 +2816,10 @@ check_server_params (mhd_gtls_session_t session,
2816 */ 2816 */
2817int 2817int
2818mhd_gtls_remove_unwanted_ciphersuites (mhd_gtls_session_t session, 2818mhd_gtls_remove_unwanted_ciphersuites (mhd_gtls_session_t session,
2819 cipher_suite_st ** cipherSuites, 2819 cipher_suite_st ** cipherSuites,
2820 int numCipherSuites, 2820 int numCipherSuites,
2821 enum MHD_GNUTLS_PublicKeyAlgorithm requested_pk_algo) 2821 enum MHD_GNUTLS_PublicKeyAlgorithm
2822 requested_pk_algo)
2822{ 2823{
2823 2824
2824 int ret = 0; 2825 int ret = 0;
@@ -2838,8 +2839,8 @@ mhd_gtls_remove_unwanted_ciphersuites (mhd_gtls_session_t session,
2838 2839
2839 cert_cred = 2840 cert_cred =
2840 (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key, 2841 (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key,
2841 MHD_GNUTLS_CRD_CERTIFICATE, 2842 MHD_GNUTLS_CRD_CERTIFICATE,
2842 NULL); 2843 NULL);
2843 2844
2844 /* If there are certificate credentials, find an appropriate certificate 2845 /* If there are certificate credentials, find an appropriate certificate
2845 * or disable them; 2846 * or disable them;
@@ -2953,13 +2954,15 @@ mhd_gtls_remove_unwanted_ciphersuites (mhd_gtls_session_t session,
2953 * 2954 *
2954 **/ 2955 **/
2955void 2956void
2956MHD_gnutls_handshake_set_max_packet_length (mhd_gtls_session_t session, size_t max) 2957MHD_gnutls_handshake_set_max_packet_length (mhd_gtls_session_t session,
2958 size_t max)
2957{ 2959{
2958 session->internals.max_handshake_data_buffer_size = max; 2960 session->internals.max_handshake_data_buffer_size = max;
2959} 2961}
2960 2962
2961void 2963void
2962mhd_gtls_set_adv_version (mhd_gtls_session_t session, enum MHD_GNUTLS_Protocol ver) 2964mhd_gtls_set_adv_version (mhd_gtls_session_t session,
2965 enum MHD_GNUTLS_Protocol ver)
2963{ 2966{
2964 set_adv_version (session, mhd_gtls_version_get_major (ver), 2967 set_adv_version (session, mhd_gtls_version_get_major (ver),
2965 mhd_gtls_version_get_minor (ver)); 2968 mhd_gtls_version_get_minor (ver));
@@ -2969,7 +2972,7 @@ enum MHD_GNUTLS_Protocol
2969mhd_gtls_get_adv_version (mhd_gtls_session_t session) 2972mhd_gtls_get_adv_version (mhd_gtls_session_t session)
2970{ 2973{
2971 return mhd_gtls_version_get (_gnutls_get_adv_version_major (session), 2974 return mhd_gtls_version_get (_gnutls_get_adv_version_major (session),
2972 _gnutls_get_adv_version_minor (session)); 2975 _gnutls_get_adv_version_minor (session));
2973} 2976}
2974 2977
2975/** 2978/**
diff --git a/src/daemon/https/tls/gnutls_handshake.h b/src/daemon/https/tls/gnutls_handshake.h
index f3128a95..7679653f 100644
--- a/src/daemon/https/tls/gnutls_handshake.h
+++ b/src/daemon/https/tls/gnutls_handshake.h
@@ -26,15 +26,16 @@ typedef enum Optional
26{ OPTIONAL_PACKET, MANDATORY_PACKET } Optional; 26{ OPTIONAL_PACKET, MANDATORY_PACKET } Optional;
27 27
28int mhd_gtls_send_handshake (mhd_gtls_session_t session, void *i_data, 28int mhd_gtls_send_handshake (mhd_gtls_session_t session, void *i_data,
29 uint32_t i_datasize, 29 uint32_t i_datasize,
30 gnutls_handshake_description_t type); 30 gnutls_handshake_description_t type);
31int mhd_gtls_recv_hello_request (mhd_gtls_session_t session, void *data, 31int mhd_gtls_recv_hello_request (mhd_gtls_session_t session, void *data,
32 uint32_t data_size); 32 uint32_t data_size);
33int mhd_gtls_send_hello (mhd_gtls_session_t session, int again); 33int mhd_gtls_send_hello (mhd_gtls_session_t session, int again);
34int mhd_gtls_recv_hello (mhd_gtls_session_t session, opaque * data, int datalen); 34int mhd_gtls_recv_hello (mhd_gtls_session_t session, opaque * data,
35 int datalen);
35int mhd_gtls_recv_handshake (mhd_gtls_session_t session, uint8_t **, int *, 36int mhd_gtls_recv_handshake (mhd_gtls_session_t session, uint8_t **, int *,
36 gnutls_handshake_description_t, 37 gnutls_handshake_description_t,
37 Optional optional); 38 Optional optional);
38int mhd_gtls_generate_session_id (opaque * session_id, uint8_t * len); 39int mhd_gtls_generate_session_id (opaque * session_id, uint8_t * len);
39int mhd_gtls_handshake_common (mhd_gtls_session_t session); 40int mhd_gtls_handshake_common (mhd_gtls_session_t session);
40int mhd_gtls_handshake_server (mhd_gtls_session_t session); 41int mhd_gtls_handshake_server (mhd_gtls_session_t session);
@@ -42,15 +43,18 @@ void mhd_gtls_set_server_random (mhd_gtls_session_t session, uint8_t * rnd);
42void mhd_gtls_set_client_random (mhd_gtls_session_t session, uint8_t * rnd); 43void mhd_gtls_set_client_random (mhd_gtls_session_t session, uint8_t * rnd);
43int mhd_gtls_tls_create_random (opaque * dst); 44int mhd_gtls_tls_create_random (opaque * dst);
44int mhd_gtls_remove_unwanted_ciphersuites (mhd_gtls_session_t session, 45int mhd_gtls_remove_unwanted_ciphersuites (mhd_gtls_session_t session,
45 cipher_suite_st ** cipherSuites, 46 cipher_suite_st ** cipherSuites,
46 int numCipherSuites, 47 int numCipherSuites,
47 enum MHD_GNUTLS_PublicKeyAlgorithm); 48 enum
49 MHD_GNUTLS_PublicKeyAlgorithm);
48int mhd_gtls_find_pk_algos_in_ciphersuites (opaque * data, int datalen); 50int mhd_gtls_find_pk_algos_in_ciphersuites (opaque * data, int datalen);
49int mhd_gtls_server_select_suite (mhd_gtls_session_t session, opaque * data, 51int mhd_gtls_server_select_suite (mhd_gtls_session_t session, opaque * data,
50 int datalen); 52 int datalen);
51 53
52int mhd_gtls_negotiate_version( mhd_gtls_session_t session, enum MHD_GNUTLS_Protocol adv_version); 54int mhd_gtls_negotiate_version (mhd_gtls_session_t session,
53int mhd_gtls_user_hello_func( mhd_gtls_session_t, enum MHD_GNUTLS_Protocol adv_version); 55 enum MHD_GNUTLS_Protocol adv_version);
56int mhd_gtls_user_hello_func (mhd_gtls_session_t,
57 enum MHD_GNUTLS_Protocol adv_version);
54 58
55#if MHD_DEBUG_TLS 59#if MHD_DEBUG_TLS
56int mhd_gtls_handshake_client (mhd_gtls_session_t session); 60int mhd_gtls_handshake_client (mhd_gtls_session_t session);
diff --git a/src/daemon/https/tls/gnutls_hash_int.c b/src/daemon/https/tls/gnutls_hash_int.c
index c4d2b20d..da1880f2 100644
--- a/src/daemon/https/tls/gnutls_hash_int.c
+++ b/src/daemon/https/tls/gnutls_hash_int.c
@@ -145,7 +145,7 @@ mhd_gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest)
145 145
146mac_hd_t 146mac_hd_t
147mhd_gtls_hmac_init (enum MHD_GNUTLS_HashAlgorithm algorithm, 147mhd_gtls_hmac_init (enum MHD_GNUTLS_HashAlgorithm algorithm,
148 const void *key, int keylen) 148 const void *key, int keylen)
149{ 149{
150 mac_hd_t ret; 150 mac_hd_t ret;
151 int result; 151 int result;
@@ -204,7 +204,7 @@ get_padsize (enum MHD_GNUTLS_HashAlgorithm algorithm)
204 204
205mac_hd_t 205mac_hd_t
206mhd_gnutls_mac_init_ssl3 (enum MHD_GNUTLS_HashAlgorithm algorithm, void *key, 206mhd_gnutls_mac_init_ssl3 (enum MHD_GNUTLS_HashAlgorithm algorithm, void *key,
207 int keylen) 207 int keylen)
208{ 208{
209 mac_hd_t ret; 209 mac_hd_t ret;
210 opaque ipad[48]; 210 opaque ipad[48];
@@ -259,7 +259,7 @@ mhd_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest)
259 259
260 mhd_gnutls_hash (td, opad, padsize); 260 mhd_gnutls_hash (td, opad, padsize);
261 block = mhd_gnutls_hash_get_algo_len (handle->algorithm); 261 block = mhd_gnutls_hash_get_algo_len (handle->algorithm);
262 mhd_gnutls_hash_deinit (handle, ret); /* get the previous hash */ 262 mhd_gnutls_hash_deinit (handle, ret); /* get the previous hash */
263 mhd_gnutls_hash (td, ret, block); 263 mhd_gnutls_hash (td, ret, block);
264 264
265 mhd_gnutls_hash_deinit (td, digest); 265 mhd_gnutls_hash_deinit (td, digest);
@@ -268,8 +268,8 @@ mhd_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest)
268 268
269void 269void
270mhd_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle, 270mhd_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle,
271 void *digest, opaque * key, 271 void *digest, opaque * key,
272 uint32_t key_size) 272 uint32_t key_size)
273{ 273{
274 opaque ret[MAX_HASH_SIZE]; 274 opaque ret[MAX_HASH_SIZE];
275 mac_hd_t td; 275 mac_hd_t td;
@@ -300,7 +300,7 @@ mhd_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle,
300 if (key_size > 0) 300 if (key_size > 0)
301 mhd_gnutls_hash (handle, key, key_size); 301 mhd_gnutls_hash (handle, key, key_size);
302 mhd_gnutls_hash (handle, ipad, padsize); 302 mhd_gnutls_hash (handle, ipad, padsize);
303 mhd_gnutls_hash_deinit (handle, ret); /* get the previous hash */ 303 mhd_gnutls_hash_deinit (handle, ret); /* get the previous hash */
304 304
305 mhd_gnutls_hash (td, ret, block); 305 mhd_gnutls_hash (td, ret, block);
306 306
@@ -362,7 +362,8 @@ ssl3_md5 (int i, opaque * secret, int secret_len,
362 return ret; 362 return ret;
363 } 363 }
364 364
365 mhd_gnutls_hash (td, tmp, mhd_gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_SHA1)); 365 mhd_gnutls_hash (td, tmp,
366 mhd_gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_SHA1));
366 367
367 mhd_gnutls_hash_deinit (td, digest); 368 mhd_gnutls_hash_deinit (td, digest);
368 return 0; 369 return 0;
@@ -370,8 +371,8 @@ ssl3_md5 (int i, opaque * secret, int secret_len,
370 371
371int 372int
372mhd_gnutls_ssl3_hash_md5 (void *first, int first_len, 373mhd_gnutls_ssl3_hash_md5 (void *first, int first_len,
373 void *second, int second_len, int ret_len, 374 void *second, int second_len, int ret_len,
374 opaque * ret) 375 opaque * ret)
375{ 376{
376 opaque digest[MAX_HASH_SIZE]; 377 opaque digest[MAX_HASH_SIZE];
377 mac_hd_t td; 378 mac_hd_t td;
@@ -403,8 +404,8 @@ mhd_gnutls_ssl3_hash_md5 (void *first, int first_len,
403 404
404int 405int
405mhd_gnutls_ssl3_generate_random (void *secret, int secret_len, 406mhd_gnutls_ssl3_generate_random (void *secret, int secret_len,
406 void *rnd, int rnd_len, 407 void *rnd, int rnd_len,
407 int ret_bytes, opaque * ret) 408 int ret_bytes, opaque * ret)
408{ 409{
409 int i = 0, copy, output_bytes; 410 int i = 0, copy, output_bytes;
410 opaque digest[MAX_HASH_SIZE]; 411 opaque digest[MAX_HASH_SIZE];
diff --git a/src/daemon/https/tls/gnutls_hash_int.h b/src/daemon/https/tls/gnutls_hash_int.h
index a85933d3..7cd33a03 100644
--- a/src/daemon/https/tls/gnutls_hash_int.h
+++ b/src/daemon/https/tls/gnutls_hash_int.h
@@ -43,28 +43,29 @@ typedef mac_hd_t GNUTLS_HASH_HANDLE;
43#define GNUTLS_MAC_FAILED NULL 43#define GNUTLS_MAC_FAILED NULL
44 44
45mac_hd_t mhd_gtls_hmac_init (enum MHD_GNUTLS_HashAlgorithm algorithm, 45mac_hd_t mhd_gtls_hmac_init (enum MHD_GNUTLS_HashAlgorithm algorithm,
46 const void *key, int keylen); 46 const void *key, int keylen);
47 47
48void mhd_gnutls_hmac_deinit (mac_hd_t handle, void *digest); 48void mhd_gnutls_hmac_deinit (mac_hd_t handle, void *digest);
49 49
50mac_hd_t mhd_gnutls_mac_init_ssl3 (enum MHD_GNUTLS_HashAlgorithm algorithm, void *key, 50mac_hd_t mhd_gnutls_mac_init_ssl3 (enum MHD_GNUTLS_HashAlgorithm algorithm,
51 int keylen); 51 void *key, int keylen);
52void mhd_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest); 52void mhd_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest);
53 53
54GNUTLS_HASH_HANDLE mhd_gtls_hash_init (enum MHD_GNUTLS_HashAlgorithm algorithm); 54GNUTLS_HASH_HANDLE mhd_gtls_hash_init (enum MHD_GNUTLS_HashAlgorithm
55 algorithm);
55int mhd_gnutls_hash_get_algo_len (enum MHD_GNUTLS_HashAlgorithm algorithm); 56int mhd_gnutls_hash_get_algo_len (enum MHD_GNUTLS_HashAlgorithm algorithm);
56int mhd_gnutls_hash (GNUTLS_HASH_HANDLE handle, const void *text, 57int mhd_gnutls_hash (GNUTLS_HASH_HANDLE handle, const void *text,
57 size_t textlen); 58 size_t textlen);
58void mhd_gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest); 59void mhd_gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest);
59 60
60int mhd_gnutls_ssl3_generate_random (void *secret, int secret_len, 61int mhd_gnutls_ssl3_generate_random (void *secret, int secret_len,
61 void *rnd, int random_len, int bytes, 62 void *rnd, int random_len, int bytes,
62 opaque * ret); 63 opaque * ret);
63int mhd_gnutls_ssl3_hash_md5 (void *first, int first_len, void *second, 64int mhd_gnutls_ssl3_hash_md5 (void *first, int first_len, void *second,
64 int second_len, int ret_len, opaque * ret); 65 int second_len, int ret_len, opaque * ret);
65 66
66void mhd_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle, void *digest, 67void mhd_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle, void *digest,
67 opaque * key, uint32_t key_size); 68 opaque * key, uint32_t key_size);
68 69
69GNUTLS_HASH_HANDLE mhd_gnutls_hash_copy (GNUTLS_HASH_HANDLE handle); 70GNUTLS_HASH_HANDLE mhd_gnutls_hash_copy (GNUTLS_HASH_HANDLE handle);
70 71
diff --git a/src/daemon/https/tls/gnutls_int.h b/src/daemon/https/tls/gnutls_int.h
index ba36f52e..e8f15924 100644
--- a/src/daemon/https/tls/gnutls_int.h
+++ b/src/daemon/https/tls/gnutls_int.h
@@ -55,7 +55,7 @@
55 */ 55 */
56#define MAX_HASH_SIZE 64 56#define MAX_HASH_SIZE 64
57 57
58#define MAX_LOG_SIZE 1024 /* maximum size of log message */ 58#define MAX_LOG_SIZE 1024 /* maximum size of log message */
59#define MAX_SRP_USERNAME 128 59#define MAX_SRP_USERNAME 128
60#define MAX_SERVER_NAME_SIZE 128 60#define MAX_SERVER_NAME_SIZE 128
61 61
@@ -107,25 +107,25 @@
107 107
108typedef unsigned char opaque; 108typedef unsigned char opaque;
109typedef struct 109typedef struct
110 { 110{
111 opaque pint[3]; 111 opaque pint[3];
112 } uint24; 112} uint24;
113 113
114#include <gnutls_mpi.h> 114#include <gnutls_mpi.h>
115 115
116typedef enum change_cipher_spec_t 116typedef enum change_cipher_spec_t
117 { 117{
118 GNUTLS_TYPE_CHANGE_CIPHER_SPEC = 1 118 GNUTLS_TYPE_CHANGE_CIPHER_SPEC = 1
119 } change_cipher_spec_t; 119} change_cipher_spec_t;
120 120
121typedef enum handshake_state_t 121typedef enum handshake_state_t
122 { 122{
123 STATE0 = 0, STATE1, STATE2, 123 STATE0 = 0, STATE1, STATE2,
124 STATE3, STATE4, STATE5, 124 STATE3, STATE4, STATE5,
125 STATE6, STATE7, STATE8, STATE9, STATE20 = 20, STATE21, 125 STATE6, STATE7, STATE8, STATE9, STATE20 = 20, STATE21,
126 STATE30 = 30, STATE31, STATE50 = 50, STATE60 = 60, STATE61, STATE62, 126 STATE30 = 30, STATE31, STATE50 = 50, STATE60 = 60, STATE61, STATE62,
127 STATE70, STATE71 127 STATE70, STATE71
128 } handshake_state_t; 128} handshake_state_t;
129 129
130#include <gnutls_str.h> 130#include <gnutls_str.h>
131 131
@@ -143,88 +143,87 @@ typedef mhd_gtls_string mhd_gtls_buffer;
143#define MAX_CIPHERSUITES 256 143#define MAX_CIPHERSUITES 256
144 144
145typedef enum extensions_t 145typedef enum extensions_t
146 { GNUTLS_EXTENSION_SERVER_NAME = 0, 146{ GNUTLS_EXTENSION_SERVER_NAME = 0,
147 GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1, 147 GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1,
148 GNUTLS_EXTENSION_CERT_TYPE = 9, 148 GNUTLS_EXTENSION_CERT_TYPE = 9,
149#ifdef ENABLE_OPRFI 149#ifdef ENABLE_OPRFI
150 GNUTLS_EXTENSION_OPAQUE_PRF_INPUT = ENABLE_OPRFI, 150 GNUTLS_EXTENSION_OPAQUE_PRF_INPUT = ENABLE_OPRFI,
151#endif 151#endif
152 GNUTLS_EXTENSION_SRP = 12, 152 GNUTLS_EXTENSION_SRP = 12,
153 GNUTLS_EXTENSION_INNER_APPLICATION = 37703 153 GNUTLS_EXTENSION_INNER_APPLICATION = 37703
154 } extensions_t; 154} extensions_t;
155 155
156typedef enum 156typedef enum
157 { CIPHER_STREAM, CIPHER_BLOCK} cipher_type_t; 157{ CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t;
158 158
159typedef enum valid_session_t 159typedef enum valid_session_t
160 { VALID_TRUE, VALID_FALSE} valid_session_t; 160{ VALID_TRUE, VALID_FALSE } valid_session_t;
161typedef enum resumable_session_t 161typedef enum resumable_session_t
162 { RESUME_TRUE, 162{ RESUME_TRUE,
163 RESUME_FALSE 163 RESUME_FALSE
164 } resumable_session_t; 164} resumable_session_t;
165 165
166/* Record Protocol */ 166/* Record Protocol */
167typedef enum content_type_t 167typedef enum content_type_t
168 { 168{
169 GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT, 169 GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT,
170 GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA, 170 GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA,
171 GNUTLS_INNER_APPLICATION = 24 171 GNUTLS_INNER_APPLICATION = 24
172 } content_type_t; 172} content_type_t;
173 173
174#define GNUTLS_PK_ANY (enum MHD_GNUTLS_PublicKeyAlgorithm)-1 174#define GNUTLS_PK_ANY (enum MHD_GNUTLS_PublicKeyAlgorithm)-1
175#define GNUTLS_PK_NONE (enum MHD_GNUTLS_PublicKeyAlgorithm)-2 175#define GNUTLS_PK_NONE (enum MHD_GNUTLS_PublicKeyAlgorithm)-2
176 176
177/* STATE (stop) */ 177/* STATE (stop) */
178 178
179typedef void (*LOG_FUNC)(int, 179typedef void (*LOG_FUNC) (int, const char *);
180 const char *);
181 180
182/* Store & Retrieve functions defines: */ 181/* Store & Retrieve functions defines: */
183typedef struct mhd_gtls_auth_cred_st 182typedef struct mhd_gtls_auth_cred_st
184 { 183{
185 enum MHD_GNUTLS_CredentialsType algorithm; 184 enum MHD_GNUTLS_CredentialsType algorithm;
186 185
187 /* the type of credentials depends on algorithm 186 /* the type of credentials depends on algorithm
188 */ 187 */
189 void *credentials; 188 void *credentials;
190 struct mhd_gtls_auth_cred_st *next; 189 struct mhd_gtls_auth_cred_st *next;
191 } auth_cred_st; 190} auth_cred_st;
192 191
193struct mhd_gtls_key 192struct mhd_gtls_key
194 { 193{
195 /* For DH KX */ 194 /* For DH KX */
196 gnutls_datum_t key; 195 gnutls_datum_t key;
197 mpi_t KEY; 196 mpi_t KEY;
198 mpi_t client_Y; 197 mpi_t client_Y;
199 mpi_t client_g; 198 mpi_t client_g;
200 mpi_t client_p; 199 mpi_t client_p;
201 mpi_t dh_secret; 200 mpi_t dh_secret;
202 /* for SRP */ 201 /* for SRP */
203 mpi_t A; 202 mpi_t A;
204 mpi_t B; 203 mpi_t B;
205 mpi_t u; 204 mpi_t u;
206 mpi_t b; 205 mpi_t b;
207 mpi_t a; 206 mpi_t a;
208 mpi_t x; 207 mpi_t x;
209 /* RSA: e, m 208 /* RSA: e, m
210 */ 209 */
211 mpi_t rsa[2]; 210 mpi_t rsa[2];
212 211
213 /* this is used to hold the peers authentication data 212 /* this is used to hold the peers authentication data
214 */ 213 */
215 /* auth_info_t structures SHOULD NOT contain malloced 214 /* auth_info_t structures SHOULD NOT contain malloced
216 * elements. Check gnutls_session_pack.c, and gnutls_auth.c. 215 * elements. Check gnutls_session_pack.c, and gnutls_auth.c.
217 * Rememember that this should be calloced! 216 * Rememember that this should be calloced!
218 */ 217 */
219 void *auth_info; 218 void *auth_info;
220 enum MHD_GNUTLS_CredentialsType auth_info_type; 219 enum MHD_GNUTLS_CredentialsType auth_info_type;
221 int auth_info_size; /* needed in order to store to db for restoring 220 int auth_info_size; /* needed in order to store to db for restoring
222 */ 221 */
223 uint8_t crypt_algo; 222 uint8_t crypt_algo;
224 223
225 auth_cred_st *cred; /* used to specify keys/certificates etc */ 224 auth_cred_st *cred; /* used to specify keys/certificates etc */
226 225
227 int certificate_requested; 226 int certificate_requested;
228 /* some ciphersuites use this 227 /* some ciphersuites use this
229 * to provide client authentication. 228 * to provide client authentication.
230 * 1 if client auth was requested 229 * 1 if client auth was requested
@@ -233,8 +232,8 @@ struct mhd_gtls_key
233 * holds 1 if we should wait 232 * holds 1 if we should wait
234 * for a client certificate verify 233 * for a client certificate verify
235 */ 234 */
236 }; 235};
237typedef struct mhd_gtls_key * mhd_gtls_key_st; 236typedef struct mhd_gtls_key *mhd_gtls_key_st;
238 237
239/* STATE (cont) */ 238/* STATE (cont) */
240#include <gnutls_hash_int.h> 239#include <gnutls_hash_int.h>
@@ -243,45 +242,45 @@ typedef struct mhd_gtls_key * mhd_gtls_key_st;
243#include <gnutls_cert.h> 242#include <gnutls_cert.h>
244 243
245typedef struct 244typedef struct
246 { 245{
247 uint8_t suite[2]; 246 uint8_t suite[2];
248 } cipher_suite_st; 247} cipher_suite_st;
249 248
250/* This structure holds parameters got from TLS extension 249/* This structure holds parameters got from TLS extension
251 * mechanism. (some extensions may hold parameters in auth_info_t 250 * mechanism. (some extensions may hold parameters in auth_info_t
252 * structures also - see SRP). 251 * structures also - see SRP).
253 */ 252 */
254typedef struct 253typedef struct
255 { 254{
256 opaque name[MAX_SERVER_NAME_SIZE]; 255 opaque name[MAX_SERVER_NAME_SIZE];
257 unsigned name_length; 256 unsigned name_length;
258 gnutls_server_name_type_t type; 257 gnutls_server_name_type_t type;
259 } server_name_st; 258} server_name_st;
260 259
261#define MAX_SERVER_NAME_EXTENSIONS 3 260#define MAX_SERVER_NAME_EXTENSIONS 3
262typedef struct 261typedef struct
263 { 262{
264 server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS]; 263 server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS];
265 /* limit server_name extensions */ 264 /* limit server_name extensions */
266 unsigned server_names_size; 265 unsigned server_names_size;
267 266
268 opaque srp_username[MAX_SRP_USERNAME + 1]; 267 opaque srp_username[MAX_SRP_USERNAME + 1];
269 268
270 /* TLS/IA data. */ 269 /* TLS/IA data. */
271 int gnutls_ia_enable, gnutls_ia_peer_enable; 270 int gnutls_ia_enable, gnutls_ia_peer_enable;
272 int gnutls_ia_allowskip, gnutls_ia_peer_allowskip; 271 int gnutls_ia_allowskip, gnutls_ia_peer_allowskip;
273 272
274 /* Used by extensions that enable supplemental data. */ 273 /* Used by extensions that enable supplemental data. */
275 int do_recv_supplemental, do_send_supplemental; 274 int do_recv_supplemental, do_send_supplemental;
276 275
277 /* Opaque PRF input. */ 276 /* Opaque PRF input. */
278 gnutls_oprfi_callback_func oprfi_cb; 277 gnutls_oprfi_callback_func oprfi_cb;
279 void *oprfi_userdata; 278 void *oprfi_userdata;
280 opaque *oprfi_client; 279 opaque *oprfi_client;
281 uint16_t oprfi_client_len; 280 uint16_t oprfi_client_len;
282 opaque *oprfi_server; 281 opaque *oprfi_server;
283 uint16_t oprfi_server_len; 282 uint16_t oprfi_server_len;
284 } mhd_gtls_ext_st; 283} mhd_gtls_ext_st;
285 284
286/* This flag indicates for an extension whether 285/* This flag indicates for an extension whether
287 * it is useful to application level or TLS level only. 286 * it is useful to application level or TLS level only.
@@ -289,11 +288,11 @@ typedef struct
289 * before the user_hello callback is called. 288 * before the user_hello callback is called.
290 */ 289 */
291typedef enum tls_ext_parse_type_t 290typedef enum tls_ext_parse_type_t
292 { 291{
293 EXTENSION_ANY, 292 EXTENSION_ANY,
294 EXTENSION_APPLICATION, 293 EXTENSION_APPLICATION,
295 EXTENSION_TLS 294 EXTENSION_TLS
296 } mhd_gtls_ext_parse_type_t; 295} mhd_gtls_ext_parse_type_t;
297 296
298/* auth_info_t structures now MAY contain malloced 297/* auth_info_t structures now MAY contain malloced
299 * elements. 298 * elements.
@@ -314,349 +313,349 @@ typedef enum tls_ext_parse_type_t
314 * the handshake is in progress is the cipher suite value. 313 * the handshake is in progress is the cipher suite value.
315 */ 314 */
316typedef struct 315typedef struct
317 { 316{
318 gnutls_connection_end_t entity; 317 gnutls_connection_end_t entity;
319 enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm; 318 enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm;
320 /* we've got separate write/read bulk/macs because 319 /* we've got separate write/read bulk/macs because
321 * there is a time in handshake where the peer has 320 * there is a time in handshake where the peer has
322 * null cipher and we don't 321 * null cipher and we don't
323 */ 322 */
324 enum MHD_GNUTLS_CipherAlgorithm read_bulk_cipher_algorithm; 323 enum MHD_GNUTLS_CipherAlgorithm read_bulk_cipher_algorithm;
325 enum MHD_GNUTLS_HashAlgorithm read_mac_algorithm; 324 enum MHD_GNUTLS_HashAlgorithm read_mac_algorithm;
326 enum MHD_GNUTLS_CompressionMethod read_compression_algorithm; 325 enum MHD_GNUTLS_CompressionMethod read_compression_algorithm;
327 326
328 enum MHD_GNUTLS_CipherAlgorithm write_bulk_cipher_algorithm; 327 enum MHD_GNUTLS_CipherAlgorithm write_bulk_cipher_algorithm;
329 enum MHD_GNUTLS_HashAlgorithm write_mac_algorithm; 328 enum MHD_GNUTLS_HashAlgorithm write_mac_algorithm;
330 enum MHD_GNUTLS_CompressionMethod write_compression_algorithm; 329 enum MHD_GNUTLS_CompressionMethod write_compression_algorithm;
331 330
332 /* this is the ciphersuite we are going to use 331 /* this is the ciphersuite we are going to use
333 * moved here from internals in order to be restored 332 * moved here from internals in order to be restored
334 * on resume; 333 * on resume;
335 */ 334 */
336 cipher_suite_st current_cipher_suite; 335 cipher_suite_st current_cipher_suite;
337 opaque master_secret[TLS_MASTER_SIZE]; 336 opaque master_secret[TLS_MASTER_SIZE];
338 opaque client_random[TLS_RANDOM_SIZE]; 337 opaque client_random[TLS_RANDOM_SIZE];
339 opaque server_random[TLS_RANDOM_SIZE]; 338 opaque server_random[TLS_RANDOM_SIZE];
340 opaque session_id[TLS_MAX_SESSION_ID_SIZE]; 339 opaque session_id[TLS_MAX_SESSION_ID_SIZE];
341 uint8_t session_id_size; 340 uint8_t session_id_size;
342 time_t timestamp; 341 time_t timestamp;
343 mhd_gtls_ext_st extensions; 342 mhd_gtls_ext_st extensions;
344 343
345 /* The send size is the one requested by the programmer. 344 /* The send size is the one requested by the programmer.
346 * The recv size is the one negotiated with the peer. 345 * The recv size is the one negotiated with the peer.
347 */ 346 */
348 uint16_t max_record_send_size; 347 uint16_t max_record_send_size;
349 uint16_t max_record_recv_size; 348 uint16_t max_record_recv_size;
350 /* holds the negotiated certificate type */ 349 /* holds the negotiated certificate type */
351 enum MHD_GNUTLS_CertificateType cert_type; 350 enum MHD_GNUTLS_CertificateType cert_type;
352 enum MHD_GNUTLS_Protocol version; /* moved here */ 351 enum MHD_GNUTLS_Protocol version; /* moved here */
353 /* For TLS/IA. XXX: Move to IA credential? */ 352 /* For TLS/IA. XXX: Move to IA credential? */
354 opaque inner_secret[TLS_MASTER_SIZE]; 353 opaque inner_secret[TLS_MASTER_SIZE];
355 } mhd_gtls_security_param_st; 354} mhd_gtls_security_param_st;
356 355
357/* This structure holds the generated keys 356/* This structure holds the generated keys
358 */ 357 */
359typedef struct 358typedef struct
360 { 359{
361 gnutls_datum_t server_write_mac_secret; 360 gnutls_datum_t server_write_mac_secret;
362 gnutls_datum_t client_write_mac_secret; 361 gnutls_datum_t client_write_mac_secret;
363 gnutls_datum_t server_write_IV; 362 gnutls_datum_t server_write_IV;
364 gnutls_datum_t client_write_IV; 363 gnutls_datum_t client_write_IV;
365 gnutls_datum_t server_write_key; 364 gnutls_datum_t server_write_key;
366 gnutls_datum_t client_write_key; 365 gnutls_datum_t client_write_key;
367 int generated_keys; /* zero if keys have not 366 int generated_keys; /* zero if keys have not
368 * been generated. Non zero 367 * been generated. Non zero
369 * otherwise. 368 * otherwise.
370 */ 369 */
371 } mhd_gtls_cipher_specs_st; 370} mhd_gtls_cipher_specs_st;
372 371
373typedef struct 372typedef struct
374 { 373{
375 cipher_hd_t write_cipher_state; 374 cipher_hd_t write_cipher_state;
376 cipher_hd_t read_cipher_state; 375 cipher_hd_t read_cipher_state;
377 comp_hd_t read_compression_state; 376 comp_hd_t read_compression_state;
378 comp_hd_t write_compression_state; 377 comp_hd_t write_compression_state;
379 gnutls_datum_t read_mac_secret; 378 gnutls_datum_t read_mac_secret;
380 gnutls_datum_t write_mac_secret; 379 gnutls_datum_t write_mac_secret;
381 uint64 read_sequence_number; 380 uint64 read_sequence_number;
382 uint64 write_sequence_number; 381 uint64 write_sequence_number;
383 } mhd_gtls_conn_stat_st; 382} mhd_gtls_conn_stat_st;
384 383
385typedef struct 384typedef struct
386 { 385{
387 unsigned int priority[MAX_ALGOS]; 386 unsigned int priority[MAX_ALGOS];
388 unsigned int num_algorithms; 387 unsigned int num_algorithms;
389 } mhd_gtls_priority_st; 388} mhd_gtls_priority_st;
390 389
391/* For the external api */ 390/* For the external api */
392struct MHD_gtls_priority_st 391struct MHD_gtls_priority_st
393 { 392{
394 mhd_gtls_priority_st cipher; 393 mhd_gtls_priority_st cipher;
395 mhd_gtls_priority_st mac; 394 mhd_gtls_priority_st mac;
396 mhd_gtls_priority_st kx; 395 mhd_gtls_priority_st kx;
397 mhd_gtls_priority_st compression; 396 mhd_gtls_priority_st compression;
398 mhd_gtls_priority_st protocol; 397 mhd_gtls_priority_st protocol;
399 398
400 /* certificate type : x509, OpenPGP, etc. */ 399 /* certificate type : x509, OpenPGP, etc. */
401 mhd_gtls_priority_st cert_type; 400 mhd_gtls_priority_st cert_type;
402 401
403 /* to disable record padding */ 402 /* to disable record padding */
404 int no_padding; 403 int no_padding;
405 }; 404};
406 405
407/* DH and RSA parameters types. 406/* DH and RSA parameters types.
408 */ 407 */
409typedef struct MHD_gtls_dh_params_int 408typedef struct MHD_gtls_dh_params_int
410 { 409{
411 /* [0] is the prime, [1] is the generator. 410 /* [0] is the prime, [1] is the generator.
412 */ 411 */
413 mpi_t params[2]; 412 mpi_t params[2];
414 } mhd_gtls_dh_params_st; 413} mhd_gtls_dh_params_st;
415 414
416typedef struct 415typedef struct
417 { 416{
418 mhd_gtls_dh_params_t dh_params; 417 mhd_gtls_dh_params_t dh_params;
419 int free_dh_params; 418 int free_dh_params;
420 mhd_gtls_rsa_params_t rsa_params; 419 mhd_gtls_rsa_params_t rsa_params;
421 int free_rsa_params; 420 int free_rsa_params;
422 } mhd_gtls_internal_params_st; 421} mhd_gtls_internal_params_st;
423 422
424typedef struct 423typedef struct
425 { 424{
426 opaque header[HANDSHAKE_HEADER_SIZE]; 425 opaque header[HANDSHAKE_HEADER_SIZE];
427 /* this holds the number of bytes in the handshake_header[] */ 426 /* this holds the number of bytes in the handshake_header[] */
428 size_t header_size; 427 size_t header_size;
429 /* this holds the length of the handshake packet */ 428 /* this holds the length of the handshake packet */
430 size_t packet_length; 429 size_t packet_length;
431 gnutls_handshake_description_t recv_type; 430 gnutls_handshake_description_t recv_type;
432 } mhd_gtls_handshake_header_buffer_st; 431} mhd_gtls_handshake_header_buffer_st;
433 432
434typedef struct 433typedef struct
435 { 434{
436 mhd_gtls_buffer application_data_buffer; /* holds data to be delivered to application layer */ 435 mhd_gtls_buffer application_data_buffer; /* holds data to be delivered to application layer */
437 mhd_gtls_buffer handshake_hash_buffer; /* used to keep the last received handshake 436 mhd_gtls_buffer handshake_hash_buffer; /* used to keep the last received handshake
438 * message */ 437 * message */
439 mac_hd_t handshake_mac_handle_sha; /* hash of the handshake messages */ 438 mac_hd_t handshake_mac_handle_sha; /* hash of the handshake messages */
440 mac_hd_t handshake_mac_handle_md5; /* hash of the handshake messages */ 439 mac_hd_t handshake_mac_handle_md5; /* hash of the handshake messages */
441 440
442 mhd_gtls_buffer handshake_data_buffer; /* this is a buffer that holds the current handshake message */ 441 mhd_gtls_buffer handshake_data_buffer; /* this is a buffer that holds the current handshake message */
443 mhd_gtls_buffer ia_data_buffer; /* holds inner application data (TLS/IA) */ 442 mhd_gtls_buffer ia_data_buffer; /* holds inner application data (TLS/IA) */
444 resumable_session_t resumable; /* TRUE or FALSE - if we can resume that session */ 443 resumable_session_t resumable; /* TRUE or FALSE - if we can resume that session */
445 handshake_state_t handshake_state; /* holds 444 handshake_state_t handshake_state; /* holds
446 * a number which indicates where 445 * a number which indicates where
447 * the handshake procedure has been 446 * the handshake procedure has been
448 * interrupted. If it is 0 then 447 * interrupted. If it is 0 then
449 * no interruption has happened. 448 * no interruption has happened.
450 */ 449 */
451 450
452 valid_session_t valid_connection; /* true or FALSE - if this session is valid */ 451 valid_session_t valid_connection; /* true or FALSE - if this session is valid */
453 452
454 int may_not_read; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write 453 int may_not_read; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write
455 */ 454 */
456 int may_not_write; 455 int may_not_write;
457 int read_eof; /* non-zero if we have received a closure alert. */ 456 int read_eof; /* non-zero if we have received a closure alert. */
458 457
459 int last_alert; /* last alert received */ 458 int last_alert; /* last alert received */
460 int last_alert_level; /* last alert level */ 459 int last_alert_level; /* last alert level */
461 460
462 /* The last handshake messages sent or received. 461 /* The last handshake messages sent or received.
463 */ 462 */
464 int last_handshake_in; 463 int last_handshake_in;
465 int last_handshake_out; 464 int last_handshake_out;
466 465
467 /* this is the compression method we are going to use */ 466 /* this is the compression method we are going to use */
468 enum MHD_GNUTLS_CompressionMethod compression_method; 467 enum MHD_GNUTLS_CompressionMethod compression_method;
469 468
470 /* priorities */ 469 /* priorities */
471 struct MHD_gtls_priority_st priorities; 470 struct MHD_gtls_priority_st priorities;
472 471
473 /* resumed session */ 472 /* resumed session */
474 resumable_session_t resumed; /* RESUME_TRUE or FALSE - if we are resuming a session */ 473 resumable_session_t resumed; /* RESUME_TRUE or FALSE - if we are resuming a session */
475 mhd_gtls_security_param_st resumed_security_parameters; 474 mhd_gtls_security_param_st resumed_security_parameters;
476 475
477 /* sockets internals */ 476 /* sockets internals */
478 int lowat; 477 int lowat;
479 478
480 /* These buffers are used in the handshake 479 /* These buffers are used in the handshake
481 * protocol only. freed using _gnutls_handshake_io_buffer_clear(); 480 * protocol only. freed using _gnutls_handshake_io_buffer_clear();
482 */ 481 */
483 mhd_gtls_buffer handshake_send_buffer; 482 mhd_gtls_buffer handshake_send_buffer;
484 size_t handshake_send_buffer_prev_size; 483 size_t handshake_send_buffer_prev_size;
485 content_type_t handshake_send_buffer_type; 484 content_type_t handshake_send_buffer_type;
486 gnutls_handshake_description_t handshake_send_buffer_htype; 485 gnutls_handshake_description_t handshake_send_buffer_htype;
487 content_type_t handshake_recv_buffer_type; 486 content_type_t handshake_recv_buffer_type;
488 gnutls_handshake_description_t handshake_recv_buffer_htype; 487 gnutls_handshake_description_t handshake_recv_buffer_htype;
489 mhd_gtls_buffer handshake_recv_buffer; 488 mhd_gtls_buffer handshake_recv_buffer;
490 489
491 /* this buffer holds a record packet -mostly used for 490 /* this buffer holds a record packet -mostly used for
492 * non blocking IO. 491 * non blocking IO.
493 */ 492 */
494 mhd_gtls_buffer record_recv_buffer; 493 mhd_gtls_buffer record_recv_buffer;
495 mhd_gtls_buffer record_send_buffer; /* holds cached data 494 mhd_gtls_buffer record_send_buffer; /* holds cached data
496 * for the gnutls_io_write_buffered() 495 * for the gnutls_io_write_buffered()
497 * function. 496 * function.
498 */ 497 */
499 size_t record_send_buffer_prev_size; /* holds the 498 size_t record_send_buffer_prev_size; /* holds the
500 * data written in the previous runs. 499 * data written in the previous runs.
501 */ 500 */
502 size_t record_send_buffer_user_size; /* holds the 501 size_t record_send_buffer_user_size; /* holds the
503 * size of the user specified data to 502 * size of the user specified data to
504 * send. 503 * send.
505 */ 504 */
506 505
507 /* 0 if no peeked data was kept, 1 otherwise. 506 /* 0 if no peeked data was kept, 1 otherwise.
508 */ 507 */
509 int have_peeked_data; 508 int have_peeked_data;
510 509
511 int expire_time; /* after expire_time seconds this session will expire */ 510 int expire_time; /* after expire_time seconds this session will expire */
512 struct mhd_gtls_mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */ 511 struct mhd_gtls_mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */
513 512
514 /* TODO rm */ 513 /* TODO rm */
515 int v2_hello; /* 0 if the client hello is v3+. 514 int v2_hello; /* 0 if the client hello is v3+.
516 * non-zero if we got a v2 hello. 515 * non-zero if we got a v2 hello.
517 */ 516 */
518 /* keeps the headers of the handshake packet 517 /* keeps the headers of the handshake packet
519 */ 518 */
520 mhd_gtls_handshake_header_buffer_st handshake_header_buffer; 519 mhd_gtls_handshake_header_buffer_st handshake_header_buffer;
521 520
522 /* this is the highest version available 521 /* this is the highest version available
523 * to the peer. (advertized version). 522 * to the peer. (advertized version).
524 * This is obtained by the Handshake Client Hello 523 * This is obtained by the Handshake Client Hello
525 * message. (some implementations read the Record version) 524 * message. (some implementations read the Record version)
526 */ 525 */
527 uint8_t adv_version_major; 526 uint8_t adv_version_major;
528 uint8_t adv_version_minor; 527 uint8_t adv_version_minor;
529 528
530 /* if this is non zero a certificate request message 529 /* if this is non zero a certificate request message
531 * will be sent to the client. - only if the ciphersuite 530 * will be sent to the client. - only if the ciphersuite
532 * supports it. 531 * supports it.
533 */ 532 */
534 int send_cert_req; 533 int send_cert_req;
535 534
536 /* bits to use for DHE and DHA 535 /* bits to use for DHE and DHA
537 * use _gnutls_dh_get_prime_bits() and MHD_gnutls_dh_set_prime_bits() 536 * use _gnutls_dh_get_prime_bits() and MHD_gnutls_dh_set_prime_bits()
538 * to access it. 537 * to access it.
539 */ 538 */
540 uint16_t dh_prime_bits; 539 uint16_t dh_prime_bits;
541 540
542 size_t max_handshake_data_buffer_size; 541 size_t max_handshake_data_buffer_size;
543 542
544 /* PUSH & PULL functions. 543 /* PUSH & PULL functions.
545 */ 544 */
546 mhd_gtls_pull_func _gnutls_pull_func; 545 mhd_gtls_pull_func _gnutls_pull_func;
547 mhd_gtls_push_func _gnutls_push_func; 546 mhd_gtls_push_func _gnutls_push_func;
548 /* Holds the first argument of PUSH and PULL 547 /* Holds the first argument of PUSH and PULL
549 * functions; 548 * functions;
550 */ 549 */
551 gnutls_transport_ptr_t transport_recv_ptr; 550 gnutls_transport_ptr_t transport_recv_ptr;
552 gnutls_transport_ptr_t transport_send_ptr; 551 gnutls_transport_ptr_t transport_send_ptr;
553 552
554 /* post client hello callback (server side only) 553 /* post client hello callback (server side only)
555 */ 554 */
556 gnutls_handshake_post_client_hello_func user_hello_func; 555 gnutls_handshake_post_client_hello_func user_hello_func;
557 556
558 /* Holds the record size requested by the 557 /* Holds the record size requested by the
559 * user. 558 * user.
560 */ 559 */
561 uint16_t proposed_record_size; 560 uint16_t proposed_record_size;
562 561
563 /* holds the selected certificate and key. 562 /* holds the selected certificate and key.
564 * use mhd_gtls_selected_certs_deinit() and mhd_gtls_selected_certs_set() 563 * use mhd_gtls_selected_certs_deinit() and mhd_gtls_selected_certs_set()
565 * to change them. 564 * to change them.
566 */ 565 */
567 gnutls_cert *selected_cert_list; 566 gnutls_cert *selected_cert_list;
568 int selected_cert_list_length; 567 int selected_cert_list_length;
569 gnutls_privkey *selected_key; 568 gnutls_privkey *selected_key;
570 int selected_need_free; 569 int selected_need_free;
571 570
572 /* holds the extensions we sent to the peer 571 /* holds the extensions we sent to the peer
573 * (in case of a client) 572 * (in case of a client)
574 */ 573 */
575 uint16_t extensions_sent[MAX_EXT_TYPES]; 574 uint16_t extensions_sent[MAX_EXT_TYPES];
576 uint16_t extensions_sent_size; 575 uint16_t extensions_sent_size;
577 576
578 /* is 0 if we are to send the whole PGP key, or non zero 577 /* is 0 if we are to send the whole PGP key, or non zero
579 * if the fingerprint is to be sent. 578 * if the fingerprint is to be sent.
580 */ 579 */
581 int pgp_fingerprint; 580 int pgp_fingerprint;
582 581
583 /* This holds the default version that our first 582 /* This holds the default version that our first
584 * record packet will have. */ 583 * record packet will have. */
585 opaque default_record_version[2]; 584 opaque default_record_version[2];
586 585
587 int cbc_protection_hack; 586 int cbc_protection_hack;
588 587
589 void *user_ptr; 588 void *user_ptr;
590 589
591 int enable_private; /* non zero to 590 int enable_private; /* non zero to
592 * enable cipher suites 591 * enable cipher suites
593 * which have 0xFF status. 592 * which have 0xFF status.
594 */ 593 */
595 594
596 /* Holds 0 if the last called function was interrupted while 595 /* Holds 0 if the last called function was interrupted while
597 * receiving, and non zero otherwise. 596 * receiving, and non zero otherwise.
598 */ 597 */
599 int direction; 598 int direction;
600 599
601 /* If non zero the server will not advertize the CA's he 600 /* If non zero the server will not advertize the CA's he
602 * trusts (do not send an RDN sequence). 601 * trusts (do not send an RDN sequence).
603 */ 602 */
604 int ignore_rdn_sequence; 603 int ignore_rdn_sequence;
605 604
606 /* This is used to set an arbitary version in the RSA 605 /* This is used to set an arbitary version in the RSA
607 * PMS secret. Can be used by clients to test whether the 606 * PMS secret. Can be used by clients to test whether the
608 * server checks that version. (** only used in gnutls-cli-debug) 607 * server checks that version. (** only used in gnutls-cli-debug)
609 */ 608 */
610 opaque rsa_pms_version[2]; 609 opaque rsa_pms_version[2];
611 610
612 char *srp_username; 611 char *srp_username;
613 char *srp_password; 612 char *srp_password;
614 613
615 /* Here we cache the DH or RSA parameters got from the 614 /* Here we cache the DH or RSA parameters got from the
616 * credentials structure, or from a callback. That is to 615 * credentials structure, or from a callback. That is to
617 * minimize external calls. 616 * minimize external calls.
618 */ 617 */
619 mhd_gtls_internal_params_st params; 618 mhd_gtls_internal_params_st params;
620 619
621 /* This buffer is used by the record recv functions, 620 /* This buffer is used by the record recv functions,
622 * as a temporary store buffer. 621 * as a temporary store buffer.
623 */ 622 */
624 gnutls_datum_t recv_buffer; 623 gnutls_datum_t recv_buffer;
625 624
626 /* To avoid using global variables, and especially on Windows where 625 /* To avoid using global variables, and especially on Windows where
627 * the application may use a different errno variable than GnuTLS, 626 * the application may use a different errno variable than GnuTLS,
628 * it is possible to use MHD_gnutls_transport_set_errno to set a 627 * it is possible to use MHD_gnutls_transport_set_errno to set a
629 * session-specific errno variable in the user-replaceable push/pull 628 * session-specific errno variable in the user-replaceable push/pull
630 * functions. This value is used by the send/recv functions. (The 629 * functions. This value is used by the send/recv functions. (The
631 * strange name of this variable is because 'errno' is typically 630 * strange name of this variable is because 'errno' is typically
632 * #define'd.) 631 * #define'd.)
633 */ 632 */
634 int errnum; 633 int errnum;
635 634
636 /* Function used to perform public-key signing operation during 635 /* Function used to perform public-key signing operation during
637 handshake. Used by gnutls_sig.c:_gnutls_tls_sign(), see also 636 handshake. Used by gnutls_sig.c:_gnutls_tls_sign(), see also
638 MHD_gtls_sign_callback_set(). */ 637 MHD_gtls_sign_callback_set(). */
639 gnutls_sign_func sign_func; 638 gnutls_sign_func sign_func;
640 void *sign_func_userdata; 639 void *sign_func_userdata;
641 640
642 /* If you add anything here, check mhd_gtls_handshake_internal_state_clear(). 641 /* If you add anything here, check mhd_gtls_handshake_internal_state_clear().
643 */ 642 */
644 } mhd_gtls_internals_st; 643} mhd_gtls_internals_st;
645 644
646struct MHD_gtls_session_int 645struct MHD_gtls_session_int
647 { 646{
648 mhd_gtls_security_param_st security_parameters; 647 mhd_gtls_security_param_st security_parameters;
649 mhd_gtls_cipher_specs_st cipher_specs; 648 mhd_gtls_cipher_specs_st cipher_specs;
650 mhd_gtls_conn_stat_st connection_state; 649 mhd_gtls_conn_stat_st connection_state;
651 mhd_gtls_internals_st internals; 650 mhd_gtls_internals_st internals;
652 mhd_gtls_key_st key; 651 mhd_gtls_key_st key;
653 }; 652};
654 653
655/* functions */ 654/* functions */
656void mhd_gtls_set_current_version(mhd_gtls_session_t session, 655void mhd_gtls_set_current_version (mhd_gtls_session_t session,
657 enum MHD_GNUTLS_Protocol version); 656 enum MHD_GNUTLS_Protocol version);
658 657
659void mhd_gtls_free_auth_info(mhd_gtls_session_t session); 658void mhd_gtls_free_auth_info (mhd_gtls_session_t session);
660 659
661/* These two macros return the advertized TLS version of 660/* These two macros return the advertized TLS version of
662 * the peer. 661 * the peer.
@@ -671,8 +670,7 @@ void mhd_gtls_free_auth_info(mhd_gtls_session_t session);
671 session->internals.adv_version_major = major; \ 670 session->internals.adv_version_major = major; \
672 session->internals.adv_version_minor = minor 671 session->internals.adv_version_minor = minor
673 672
674void mhd_gtls_set_adv_version(mhd_gtls_session_t, 673void mhd_gtls_set_adv_version (mhd_gtls_session_t, enum MHD_GNUTLS_Protocol);
675 enum MHD_GNUTLS_Protocol); 674enum MHD_GNUTLS_Protocol mhd_gtls_get_adv_version (mhd_gtls_session_t);
676enum MHD_GNUTLS_Protocol mhd_gtls_get_adv_version(mhd_gtls_session_t);
677 675
678#endif /* GNUTLS_INT_H */ 676#endif /* GNUTLS_INT_H */
diff --git a/src/daemon/https/tls/gnutls_kx.c b/src/daemon/https/tls/gnutls_kx.c
index ad42e5a1..024af674 100644
--- a/src/daemon/https/tls/gnutls_kx.c
+++ b/src/daemon/https/tls/gnutls_kx.c
@@ -63,13 +63,13 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster)
63 63
64 _gnutls_hard_log ("INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size, 64 _gnutls_hard_log ("INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size,
65 mhd_gtls_bin2hex (PREMASTER.data, PREMASTER.size, buf, 65 mhd_gtls_bin2hex (PREMASTER.data, PREMASTER.size, buf,
66 sizeof (buf))); 66 sizeof (buf)));
67 _gnutls_hard_log ("INT: CLIENT RANDOM[%d]: %s\n", 32, 67 _gnutls_hard_log ("INT: CLIENT RANDOM[%d]: %s\n", 32,
68 mhd_gtls_bin2hex (session->security_parameters. 68 mhd_gtls_bin2hex (session->security_parameters.
69 client_random, 32, buf, sizeof (buf))); 69 client_random, 32, buf, sizeof (buf)));
70 _gnutls_hard_log ("INT: SERVER RANDOM[%d]: %s\n", 32, 70 _gnutls_hard_log ("INT: SERVER RANDOM[%d]: %s\n", 32,
71 mhd_gtls_bin2hex (session->security_parameters. 71 mhd_gtls_bin2hex (session->security_parameters.
72 server_random, 32, buf, sizeof (buf))); 72 server_random, 32, buf, sizeof (buf)));
73 73
74 if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) 74 if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3)
75 { 75 {
@@ -82,10 +82,10 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster)
82 82
83 ret = 83 ret =
84 mhd_gnutls_ssl3_generate_random (PREMASTER.data, PREMASTER.size, 84 mhd_gnutls_ssl3_generate_random (PREMASTER.data, PREMASTER.size,
85 rnd, 2 * TLS_RANDOM_SIZE, 85 rnd, 2 * TLS_RANDOM_SIZE,
86 TLS_MASTER_SIZE, 86 TLS_MASTER_SIZE,
87 session->security_parameters. 87 session->security_parameters.
88 master_secret); 88 master_secret);
89 89
90 } 90 }
91 else if (session->security_parameters.extensions.oprfi_client_len > 0 && 91 else if (session->security_parameters.extensions.oprfi_client_len > 0 &&
@@ -108,18 +108,18 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster)
108 session->security_parameters. 108 session->security_parameters.
109 extensions.oprfi_server_len, 109 extensions.oprfi_server_len,
110 mhd_gtls_bin2hex (session->security_parameters. 110 mhd_gtls_bin2hex (session->security_parameters.
111 extensions.oprfi_client, 111 extensions.oprfi_client,
112 session->security_parameters. 112 session->security_parameters.
113 extensions.oprfi_client_len, 113 extensions.oprfi_client_len, buf,
114 buf, sizeof (buf))); 114 sizeof (buf)));
115 _gnutls_hard_log ("INT: SERVER OPRFI[%d]: %s\n", 115 _gnutls_hard_log ("INT: SERVER OPRFI[%d]: %s\n",
116 session->security_parameters. 116 session->security_parameters.
117 extensions.oprfi_server_len, 117 extensions.oprfi_server_len,
118 mhd_gtls_bin2hex (session->security_parameters. 118 mhd_gtls_bin2hex (session->security_parameters.
119 extensions.oprfi_server, 119 extensions.oprfi_server,
120 session->security_parameters. 120 session->security_parameters.
121 extensions.oprfi_server_len, 121 extensions.oprfi_server_len, buf,
122 buf, sizeof (buf))); 122 sizeof (buf)));
123 123
124 memcpy (rnd, session->security_parameters.client_random, 124 memcpy (rnd, session->security_parameters.client_random,
125 TLS_RANDOM_SIZE); 125 TLS_RANDOM_SIZE);
@@ -136,9 +136,9 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster)
136 session->security_parameters.extensions.oprfi_server_len); 136 session->security_parameters.extensions.oprfi_server_len);
137 137
138 ret = mhd_gtls_PRF (session, PREMASTER.data, PREMASTER.size, 138 ret = mhd_gtls_PRF (session, PREMASTER.data, PREMASTER.size,
139 MASTER_SECRET, strlen (MASTER_SECRET), 139 MASTER_SECRET, strlen (MASTER_SECRET),
140 rnd, rndlen, TLS_MASTER_SIZE, 140 rnd, rndlen, TLS_MASTER_SIZE,
141 session->security_parameters.master_secret); 141 session->security_parameters.master_secret);
142 142
143 gnutls_free (rnd); 143 gnutls_free (rnd);
144 } 144 }
@@ -153,9 +153,9 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster)
153 153
154 ret = 154 ret =
155 mhd_gtls_PRF (session, PREMASTER.data, PREMASTER.size, 155 mhd_gtls_PRF (session, PREMASTER.data, PREMASTER.size,
156 MASTER_SECRET, strlen (MASTER_SECRET), 156 MASTER_SECRET, strlen (MASTER_SECRET),
157 rnd, 2 * TLS_RANDOM_SIZE, TLS_MASTER_SIZE, 157 rnd, 2 * TLS_RANDOM_SIZE, TLS_MASTER_SIZE,
158 session->security_parameters.master_secret); 158 session->security_parameters.master_secret);
159 } 159 }
160 160
161 /* TLS/IA inner secret is derived from the master secret. */ 161 /* TLS/IA inner secret is derived from the master secret. */
@@ -170,8 +170,8 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster)
170 170
171 _gnutls_hard_log ("INT: MASTER SECRET: %s\n", 171 _gnutls_hard_log ("INT: MASTER SECRET: %s\n",
172 mhd_gtls_bin2hex (session->security_parameters. 172 mhd_gtls_bin2hex (session->security_parameters.
173 master_secret, TLS_MASTER_SIZE, buf, 173 master_secret, TLS_MASTER_SIZE, buf,
174 sizeof (buf))); 174 sizeof (buf)));
175 175
176 return ret; 176 return ret;
177} 177}
@@ -179,7 +179,7 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster)
179 179
180/* This is called when we want to receive the key exchange message of the 180/* This is called when we want to receive the key exchange message of the
181 * server. It does nothing if this type of message is not required 181 * server. It does nothing if this type of message is not required
182 * by the selected ciphersuite. 182 * by the selected ciphersuite.
183 */ 183 */
184int 184int
185mhd_gtls_send_server_kx_message (mhd_gtls_session_t session, int again) 185mhd_gtls_send_server_kx_message (mhd_gtls_session_t session, int again)
@@ -197,8 +197,8 @@ mhd_gtls_send_server_kx_message (mhd_gtls_session_t session, int again)
197 if (again == 0) 197 if (again == 0)
198 { 198 {
199 data_size = 199 data_size =
200 session->internals.auth_struct-> 200 session->internals.auth_struct->mhd_gtls_gen_server_kx (session,
201 mhd_gtls_gen_server_kx (session, &data); 201 &data);
202 202
203 if (data_size == GNUTLS_E_INT_RET_0) 203 if (data_size == GNUTLS_E_INT_RET_0)
204 { 204 {
@@ -215,7 +215,7 @@ mhd_gtls_send_server_kx_message (mhd_gtls_session_t session, int again)
215 215
216 ret = 216 ret =
217 mhd_gtls_send_handshake (session, data, data_size, 217 mhd_gtls_send_handshake (session, data, data_size,
218 GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE); 218 GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE);
219 gnutls_free (data); 219 gnutls_free (data);
220 220
221 if (ret < 0) 221 if (ret < 0)
@@ -230,7 +230,8 @@ mhd_gtls_send_server_kx_message (mhd_gtls_session_t session, int again)
230 * client. 230 * client.
231 */ 231 */
232int 232int
233mhd_gtls_send_server_certificate_request (mhd_gtls_session_t session, int again) 233mhd_gtls_send_server_certificate_request (mhd_gtls_session_t session,
234 int again)
234{ 235{
235 uint8_t *data = NULL; 236 uint8_t *data = NULL;
236 int data_size = 0; 237 int data_size = 0;
@@ -260,7 +261,7 @@ mhd_gtls_send_server_certificate_request (mhd_gtls_session_t session, int again)
260 } 261 }
261 ret = 262 ret =
262 mhd_gtls_send_handshake (session, data, data_size, 263 mhd_gtls_send_handshake (session, data, data_size,
263 GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST); 264 GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST);
264 gnutls_free (data); 265 gnutls_free (data);
265 266
266 if (ret < 0) 267 if (ret < 0)
@@ -273,7 +274,7 @@ mhd_gtls_send_server_certificate_request (mhd_gtls_session_t session, int again)
273 274
274 275
275/* This is the function for the client to send the key 276/* This is the function for the client to send the key
276 * exchange message 277 * exchange message
277 */ 278 */
278int 279int
279mhd_gtls_send_client_kx_message (mhd_gtls_session_t session, int again) 280mhd_gtls_send_client_kx_message (mhd_gtls_session_t session, int again)
@@ -292,8 +293,8 @@ mhd_gtls_send_client_kx_message (mhd_gtls_session_t session, int again)
292 if (again == 0) 293 if (again == 0)
293 { 294 {
294 data_size = 295 data_size =
295 session->internals.auth_struct-> 296 session->internals.auth_struct->mhd_gtls_gen_client_kx (session,
296 mhd_gtls_gen_client_kx (session, &data); 297 &data);
297 if (data_size < 0) 298 if (data_size < 0)
298 { 299 {
299 gnutls_assert (); 300 gnutls_assert ();
@@ -302,7 +303,7 @@ mhd_gtls_send_client_kx_message (mhd_gtls_session_t session, int again)
302 } 303 }
303 ret = 304 ret =
304 mhd_gtls_send_handshake (session, data, data_size, 305 mhd_gtls_send_handshake (session, data, data_size,
305 GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE); 306 GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE);
306 gnutls_free (data); 307 gnutls_free (data);
307 308
308 if (ret < 0) 309 if (ret < 0)
@@ -319,7 +320,8 @@ mhd_gtls_send_client_kx_message (mhd_gtls_session_t session, int again)
319 * verify message 320 * verify message
320 */ 321 */
321int 322int
322mhd_gtls_send_client_certificate_verify (mhd_gtls_session_t session, int again) 323mhd_gtls_send_client_certificate_verify (mhd_gtls_session_t session,
324 int again)
323{ 325{
324 uint8_t *data; 326 uint8_t *data;
325 int ret = 0; 327 int ret = 0;
@@ -330,16 +332,15 @@ mhd_gtls_send_client_certificate_verify (mhd_gtls_session_t session, int again)
330 if (session->security_parameters.entity == GNUTLS_SERVER) 332 if (session->security_parameters.entity == GNUTLS_SERVER)
331 return 0; 333 return 0;
332 334
333 /* if certificate verify is not needed just exit 335 /* if certificate verify is not needed just exit
334 */ 336 */
335 if (session->key->certificate_requested == 0) 337 if (session->key->certificate_requested == 0)
336 return 0; 338 return 0;
337 339
338 if (session->internals.auth_struct->mhd_gtls_gen_client_cert_vrfy == 340 if (session->internals.auth_struct->mhd_gtls_gen_client_cert_vrfy == NULL)
339 NULL)
340 { 341 {
341 gnutls_assert (); 342 gnutls_assert ();
342 return 0; /* this algorithm does not support cli_cert_vrfy 343 return 0; /* this algorithm does not support cli_cert_vrfy
343 */ 344 */
344 } 345 }
345 346
@@ -362,7 +363,7 @@ mhd_gtls_send_client_certificate_verify (mhd_gtls_session_t session, int again)
362 } 363 }
363 ret = 364 ret =
364 mhd_gtls_send_handshake (session, data, 365 mhd_gtls_send_handshake (session, data,
365 data_size, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY); 366 data_size, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY);
366 gnutls_free (data); 367 gnutls_free (data);
367 368
368 return ret; 369 return ret;
@@ -379,7 +380,7 @@ mhd_gtls_recv_server_kx_message (mhd_gtls_session_t session)
379 if (session->internals.auth_struct->mhd_gtls_process_server_kx != NULL) 380 if (session->internals.auth_struct->mhd_gtls_process_server_kx != NULL)
380 { 381 {
381 382
382 /* EXCEPTION FOR RSA_EXPORT cipher suite 383 /* EXCEPTION FOR RSA_EXPORT cipher suite
383 */ 384 */
384 if (mhd_gtls_session_is_export (session) != 0 && 385 if (mhd_gtls_session_is_export (session) != 0 &&
385 _gnutls_peers_cert_less_512 (session) != 0) 386 _gnutls_peers_cert_less_512 (session) != 0)
@@ -390,9 +391,9 @@ mhd_gtls_recv_server_kx_message (mhd_gtls_session_t session)
390 391
391 ret = 392 ret =
392 mhd_gtls_recv_handshake (session, &data, 393 mhd_gtls_recv_handshake (session, &data,
393 &datasize, 394 &datasize,
394 GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE, 395 GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
395 MANDATORY_PACKET); 396 MANDATORY_PACKET);
396 if (ret < 0) 397 if (ret < 0)
397 { 398 {
398 gnutls_assert (); 399 gnutls_assert ();
@@ -400,8 +401,9 @@ mhd_gtls_recv_server_kx_message (mhd_gtls_session_t session)
400 } 401 }
401 402
402 ret = 403 ret =
403 session->internals.auth_struct-> 404 session->internals.auth_struct->mhd_gtls_process_server_kx (session,
404 mhd_gtls_process_server_kx (session, data, datasize); 405 data,
406 datasize);
405 gnutls_free (data); 407 gnutls_free (data);
406 408
407 if (ret < 0) 409 if (ret < 0)
@@ -427,9 +429,9 @@ mhd_gtls_recv_server_certificate_request (mhd_gtls_session_t session)
427 429
428 ret = 430 ret =
429 mhd_gtls_recv_handshake (session, &data, 431 mhd_gtls_recv_handshake (session, &data,
430 &datasize, 432 &datasize,
431 GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, 433 GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
432 OPTIONAL_PACKET); 434 OPTIONAL_PACKET);
433 if (ret < 0) 435 if (ret < 0)
434 return ret; 436 return ret;
435 437
@@ -461,15 +463,16 @@ mhd_gtls_recv_client_kx_message (mhd_gtls_session_t session)
461 463
462 ret = 464 ret =
463 mhd_gtls_recv_handshake (session, &data, 465 mhd_gtls_recv_handshake (session, &data,
464 &datasize, 466 &datasize,
465 GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE, 467 GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
466 MANDATORY_PACKET); 468 MANDATORY_PACKET);
467 if (ret < 0) 469 if (ret < 0)
468 return ret; 470 return ret;
469 471
470 ret = 472 ret =
471 session->internals.auth_struct-> 473 session->internals.auth_struct->mhd_gtls_process_client_kx (session,
472 mhd_gtls_process_client_kx (session, data, datasize); 474 data,
475 datasize);
473 gnutls_free (data); 476 gnutls_free (data);
474 if (ret < 0) 477 if (ret < 0)
475 return ret; 478 return ret;
@@ -493,8 +496,7 @@ mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again)
493 if (session->key->certificate_requested == 0) 496 if (session->key->certificate_requested == 0)
494 return 0; 497 return 0;
495 498
496 if (session->internals.auth_struct-> 499 if (session->internals.auth_struct->mhd_gtls_gen_client_certificate == NULL)
497 mhd_gtls_gen_client_certificate == NULL)
498 return 0; 500 return 0;
499 501
500 data = NULL; 502 data = NULL;
@@ -505,7 +507,7 @@ mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again)
505 if (MHD_gnutls_protocol_get_version (session) != MHD_GNUTLS_SSL3 || 507 if (MHD_gnutls_protocol_get_version (session) != MHD_GNUTLS_SSL3 ||
506 session->internals.selected_cert_list_length > 0) 508 session->internals.selected_cert_list_length > 0)
507 { 509 {
508 /* TLS 1.0 or SSL 3.0 with a valid certificate 510 /* TLS 1.0 or SSL 3.0 with a valid certificate
509 */ 511 */
510 data_size = 512 data_size =
511 session->internals.auth_struct-> 513 session->internals.auth_struct->
@@ -528,15 +530,15 @@ mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again)
528 { 530 {
529 ret = 531 ret =
530 MHD_gnutls_alert_send (session, GNUTLS_AL_WARNING, 532 MHD_gnutls_alert_send (session, GNUTLS_AL_WARNING,
531 GNUTLS_A_SSL3_NO_CERTIFICATE); 533 GNUTLS_A_SSL3_NO_CERTIFICATE);
532 534
533 } 535 }
534 else 536 else
535 { /* TLS 1.0 or SSL 3.0 with a valid certificate 537 { /* TLS 1.0 or SSL 3.0 with a valid certificate
536 */ 538 */
537 ret = 539 ret =
538 mhd_gtls_send_handshake (session, data, data_size, 540 mhd_gtls_send_handshake (session, data, data_size,
539 GNUTLS_HANDSHAKE_CERTIFICATE_PKT); 541 GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
540 gnutls_free (data); 542 gnutls_free (data);
541 } 543 }
542 544
@@ -560,8 +562,7 @@ mhd_gtls_send_server_certificate (mhd_gtls_session_t session, int again)
560 int ret = 0; 562 int ret = 0;
561 563
562 564
563 if (session->internals.auth_struct-> 565 if (session->internals.auth_struct->mhd_gtls_gen_server_certificate == NULL)
564 mhd_gtls_gen_server_certificate == NULL)
565 return 0; 566 return 0;
566 567
567 data = NULL; 568 data = NULL;
@@ -581,7 +582,7 @@ mhd_gtls_send_server_certificate (mhd_gtls_session_t session, int again)
581 } 582 }
582 ret = 583 ret =
583 mhd_gtls_send_handshake (session, data, data_size, 584 mhd_gtls_send_handshake (session, data, data_size,
584 GNUTLS_HANDSHAKE_CERTIFICATE_PKT); 585 GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
585 gnutls_free (data); 586 gnutls_free (data);
586 587
587 if (ret < 0) 588 if (ret < 0)
@@ -602,8 +603,8 @@ mhd_gtls_recv_client_certificate (mhd_gtls_session_t session)
602 int ret = 0; 603 int ret = 0;
603 int optional; 604 int optional;
604 605
605 if (session->internals.auth_struct-> 606 if (session->internals.auth_struct->mhd_gtls_process_client_certificate !=
606 mhd_gtls_process_client_certificate != NULL) 607 NULL)
607 { 608 {
608 609
609 /* if we have not requested a certificate then just return 610 /* if we have not requested a certificate then just return
@@ -620,8 +621,8 @@ mhd_gtls_recv_client_certificate (mhd_gtls_session_t session)
620 621
621 ret = 622 ret =
622 mhd_gtls_recv_handshake (session, &data, 623 mhd_gtls_recv_handshake (session, &data,
623 &datasize, 624 &datasize,
624 GNUTLS_HANDSHAKE_CERTIFICATE_PKT, optional); 625 GNUTLS_HANDSHAKE_CERTIFICATE_PKT, optional);
625 626
626 if (ret < 0) 627 if (ret < 0)
627 { 628 {
@@ -642,7 +643,7 @@ mhd_gtls_recv_client_certificate (mhd_gtls_session_t session)
642 return 0; 643 return 0;
643 } 644 }
644 645
645 /* certificate was required 646 /* certificate was required
646 */ 647 */
647 if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED 648 if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED
648 || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) 649 || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
@@ -675,7 +676,7 @@ mhd_gtls_recv_client_certificate (mhd_gtls_session_t session)
675 return ret; 676 return ret;
676 } 677 }
677 678
678 /* ok we should expect a certificate verify message now 679 /* ok we should expect a certificate verify message now
679 */ 680 */
680 if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional == OPTIONAL_PACKET) 681 if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional == OPTIONAL_PACKET)
681 ret = 0; 682 ret = 0;
@@ -694,15 +695,15 @@ mhd_gtls_recv_server_certificate (mhd_gtls_session_t session)
694 opaque *data; 695 opaque *data;
695 int ret = 0; 696 int ret = 0;
696 697
697 if (session->internals.auth_struct-> 698 if (session->internals.auth_struct->mhd_gtls_process_server_certificate !=
698 mhd_gtls_process_server_certificate != NULL) 699 NULL)
699 { 700 {
700 701
701 ret = 702 ret =
702 mhd_gtls_recv_handshake (session, &data, 703 mhd_gtls_recv_handshake (session, &data,
703 &datasize, 704 &datasize,
704 GNUTLS_HANDSHAKE_CERTIFICATE_PKT, 705 GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
705 MANDATORY_PACKET); 706 MANDATORY_PACKET);
706 if (ret < 0) 707 if (ret < 0)
707 { 708 {
708 gnutls_assert (); 709 gnutls_assert ();
@@ -735,7 +736,8 @@ mhd_gtls_recv_client_certificate_verify_message (mhd_gtls_session_t session)
735 int ret = 0; 736 int ret = 0;
736 737
737 738
738 if (session->internals.auth_struct->mhd_gtls_process_client_cert_vrfy != NULL) 739 if (session->internals.auth_struct->mhd_gtls_process_client_cert_vrfy !=
740 NULL)
739 { 741 {
740 742
741 if (session->internals.send_cert_req == 0 || 743 if (session->internals.send_cert_req == 0 ||
@@ -746,9 +748,9 @@ mhd_gtls_recv_client_certificate_verify_message (mhd_gtls_session_t session)
746 748
747 ret = 749 ret =
748 mhd_gtls_recv_handshake (session, &data, 750 mhd_gtls_recv_handshake (session, &data,
749 &datasize, 751 &datasize,
750 GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY, 752 GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY,
751 OPTIONAL_PACKET); 753 OPTIONAL_PACKET);
752 if (ret < 0) 754 if (ret < 0)
753 return ret; 755 return ret;
754 756
diff --git a/src/daemon/https/tls/gnutls_kx.h b/src/daemon/https/tls/gnutls_kx.h
index bc99eb5c..e8bdf199 100644
--- a/src/daemon/https/tls/gnutls_kx.h
+++ b/src/daemon/https/tls/gnutls_kx.h
@@ -27,7 +27,7 @@ int mhd_gtls_send_client_kx_message (mhd_gtls_session_t session, int again);
27int mhd_gtls_recv_server_kx_message (mhd_gtls_session_t session); 27int mhd_gtls_recv_server_kx_message (mhd_gtls_session_t session);
28int mhd_gtls_recv_client_kx_message (mhd_gtls_session_t session); 28int mhd_gtls_recv_client_kx_message (mhd_gtls_session_t session);
29int mhd_gtls_send_client_certificate_verify (mhd_gtls_session_t session, 29int mhd_gtls_send_client_certificate_verify (mhd_gtls_session_t session,
30 int again); 30 int again);
31int mhd_gtls_send_server_certificate (mhd_gtls_session_t session, int again); 31int mhd_gtls_send_server_certificate (mhd_gtls_session_t session, int again);
32int mhd_gtls_generate_master (mhd_gtls_session_t session, int keep_premaster); 32int mhd_gtls_generate_master (mhd_gtls_session_t session, int keep_premaster);
33int mhd_gtls_recv_client_certificate (mhd_gtls_session_t session); 33int mhd_gtls_recv_client_certificate (mhd_gtls_session_t session);
@@ -35,5 +35,6 @@ int mhd_gtls_recv_server_certificate (mhd_gtls_session_t session);
35int mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again); 35int mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again);
36int mhd_gtls_recv_server_certificate_request (mhd_gtls_session_t session); 36int mhd_gtls_recv_server_certificate_request (mhd_gtls_session_t session);
37int mhd_gtls_send_server_certificate_request (mhd_gtls_session_t session, 37int mhd_gtls_send_server_certificate_request (mhd_gtls_session_t session,
38 int again); 38 int again);
39int mhd_gtls_recv_client_certificate_verify_message (mhd_gtls_session_t session); 39int mhd_gtls_recv_client_certificate_verify_message (mhd_gtls_session_t
40 session);
diff --git a/src/daemon/https/tls/gnutls_mem.h b/src/daemon/https/tls/gnutls_mem.h
index 2d32d6e1..51b37e32 100644
--- a/src/daemon/https/tls/gnutls_mem.h
+++ b/src/daemon/https/tls/gnutls_mem.h
@@ -29,7 +29,7 @@
29# include <dmalloc.h> 29# include <dmalloc.h>
30#endif 30#endif
31 31
32typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */ 32typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */
33 33
34/* Use gnutls_afree() when calling alloca, or 34/* Use gnutls_afree() when calling alloca, or
35 * memory leaks may occur in systems which do not 35 * memory leaks may occur in systems which do not
@@ -60,11 +60,11 @@ extern int (*_gnutls_is_secure_memory) (const void *);
60/* this realloc function will return ptr if size==0, and 60/* this realloc function will return ptr if size==0, and
61 * will free the ptr if the new allocation failed. 61 * will free the ptr if the new allocation failed.
62 */ 62 */
63void * mhd_gtls_realloc_fast (void *ptr, size_t size); 63void *mhd_gtls_realloc_fast (void *ptr, size_t size);
64 64
65svoid * mhd_gtls_secure_calloc (size_t nmemb, size_t size); 65svoid *mhd_gtls_secure_calloc (size_t nmemb, size_t size);
66 66
67void * mhd_gtls_calloc (size_t nmemb, size_t size); 67void *mhd_gtls_calloc (size_t nmemb, size_t size);
68char * mhd_gtls_strdup (const char *); 68char *mhd_gtls_strdup (const char *);
69 69
70#endif /* GNUTLS_MEM_H */ 70#endif /* GNUTLS_MEM_H */
diff --git a/src/daemon/https/tls/gnutls_mpi.c b/src/daemon/https/tls/gnutls_mpi.c
index 250c9c77..10831b71 100644
--- a/src/daemon/https/tls/gnutls_mpi.c
+++ b/src/daemon/https/tls/gnutls_mpi.c
@@ -80,7 +80,8 @@ mhd_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer, size_t * nbytes)
80} 80}
81 81
82int 82int
83mhd_gtls_mpi_scan_pgp (mpi_t * ret_mpi, const opaque * buffer, size_t * nbytes) 83mhd_gtls_mpi_scan_pgp (mpi_t * ret_mpi, const opaque * buffer,
84 size_t * nbytes)
84{ 85{
85 int ret; 86 int ret;
86 ret = gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_PGP, buffer, *nbytes, nbytes); 87 ret = gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_PGP, buffer, *nbytes, nbytes);
diff --git a/src/daemon/https/tls/gnutls_mpi.h b/src/daemon/https/tls/gnutls_mpi.h
index dc70e36f..24d60c8a 100644
--- a/src/daemon/https/tls/gnutls_mpi.h
+++ b/src/daemon/https/tls/gnutls_mpi.h
@@ -63,11 +63,11 @@ typedef gcry_mpi_t mpi_t;
63void mhd_gtls_mpi_release (mpi_t * x); 63void mhd_gtls_mpi_release (mpi_t * x);
64 64
65int mhd_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer, 65int mhd_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer,
66 size_t * nbytes); 66 size_t * nbytes);
67int mhd_gtls_mpi_scan (mpi_t * ret_mpi, const opaque * buffer, 67int mhd_gtls_mpi_scan (mpi_t * ret_mpi, const opaque * buffer,
68 size_t * nbytes); 68 size_t * nbytes);
69int mhd_gtls_mpi_scan_pgp (mpi_t * ret_mpi, const opaque * buffer, 69int mhd_gtls_mpi_scan_pgp (mpi_t * ret_mpi, const opaque * buffer,
70 size_t * nbytes); 70 size_t * nbytes);
71 71
72int mhd_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a); 72int mhd_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a);
73int mhd_gtls_mpi_print_lz (void *buffer, size_t * nbytes, const mpi_t a); 73int mhd_gtls_mpi_print_lz (void *buffer, size_t * nbytes, const mpi_t a);
diff --git a/src/daemon/https/tls/gnutls_pk.c b/src/daemon/https/tls/gnutls_pk.c
index b1361c0b..527ab8ab 100644
--- a/src/daemon/https/tls/gnutls_pk.c
+++ b/src/daemon/https/tls/gnutls_pk.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25/* This file contains the functions needed for RSA/DSA public key 25/* This file contains the functions needed for RSA/DSA public key
26 * encryption and signatures. 26 * encryption and signatures.
27 */ 27 */
28 28
29#include <gnutls_int.h> 29#include <gnutls_int.h>
@@ -50,14 +50,14 @@ static int _gnutls_pk_decrypt (int algo, mpi_t * resarr, mpi_t data,
50 mpi_t * pkey, int); 50 mpi_t * pkey, int);
51 51
52 52
53/* Do PKCS-1 RSA encryption. 53/* Do PKCS-1 RSA encryption.
54 * params is modulus, public exp. 54 * params is modulus, public exp.
55 */ 55 */
56int 56int
57mhd_gtls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, 57mhd_gtls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext,
58 const gnutls_datum_t * plaintext, 58 const gnutls_datum_t * plaintext,
59 mpi_t * params, unsigned params_len, 59 mpi_t * params, unsigned params_len,
60 unsigned btype) 60 unsigned btype)
61{ 61{
62 unsigned int i, pad; 62 unsigned int i, pad;
63 int ret; 63 int ret;
@@ -84,7 +84,7 @@ mhd_gtls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext,
84 return GNUTLS_E_MEMORY_ERROR; 84 return GNUTLS_E_MEMORY_ERROR;
85 } 85 }
86 86
87 /* EB = 00||BT||PS||00||D 87 /* EB = 00||BT||PS||00||D
88 * (use block type 'btype') 88 * (use block type 'btype')
89 */ 89 */
90 90
@@ -203,15 +203,15 @@ mhd_gtls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext,
203} 203}
204 204
205 205
206/* Do PKCS-1 RSA decryption. 206/* Do PKCS-1 RSA decryption.
207 * params is modulus, public exp., private key 207 * params is modulus, public exp., private key
208 * Can decrypt block type 1 and type 2 packets. 208 * Can decrypt block type 1 and type 2 packets.
209 */ 209 */
210int 210int
211mhd_gtls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, 211mhd_gtls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext,
212 const gnutls_datum_t * ciphertext, 212 const gnutls_datum_t * ciphertext,
213 mpi_t * params, unsigned params_len, 213 mpi_t * params, unsigned params_len,
214 unsigned btype) 214 unsigned btype)
215{ 215{
216 unsigned k, i; 216 unsigned k, i;
217 int ret; 217 int ret;
@@ -346,8 +346,8 @@ mhd_gtls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext,
346 346
347int 347int
348mhd_gtls_rsa_verify (const gnutls_datum_t * vdata, 348mhd_gtls_rsa_verify (const gnutls_datum_t * vdata,
349 const gnutls_datum_t * ciphertext, mpi_t * params, 349 const gnutls_datum_t * ciphertext, mpi_t * params,
350 int params_len, int btype) 350 int params_len, int btype)
351{ 351{
352 352
353 gnutls_datum_t plain; 353 gnutls_datum_t plain;
@@ -356,7 +356,7 @@ mhd_gtls_rsa_verify (const gnutls_datum_t * vdata,
356 /* decrypt signature */ 356 /* decrypt signature */
357 if ((ret = 357 if ((ret =
358 mhd_gtls_pkcs1_rsa_decrypt (&plain, ciphertext, params, params_len, 358 mhd_gtls_pkcs1_rsa_decrypt (&plain, ciphertext, params, params_len,
359 btype)) < 0) 359 btype)) < 0)
360 { 360 {
361 gnutls_assert (); 361 gnutls_assert ();
362 return ret; 362 return ret;
@@ -434,8 +434,8 @@ encode_ber_rs (gnutls_datum_t * sig_value, mpi_t r, mpi_t s)
434 */ 434 */
435int 435int
436mhd_gtls_dsa_sign (gnutls_datum_t * signature, 436mhd_gtls_dsa_sign (gnutls_datum_t * signature,
437 const gnutls_datum_t * hash, mpi_t * params, 437 const gnutls_datum_t * hash, mpi_t * params,
438 unsigned params_len) 438 unsigned params_len)
439{ 439{
440 mpi_t rs[2], mdata; 440 mpi_t rs[2], mdata;
441 int ret; 441 int ret;
@@ -530,8 +530,8 @@ decode_ber_rs (const gnutls_datum_t * sig_value, mpi_t * r, mpi_t * s)
530 */ 530 */
531int 531int
532mhd_gtls_dsa_verify (const gnutls_datum_t * vdata, 532mhd_gtls_dsa_verify (const gnutls_datum_t * vdata,
533 const gnutls_datum_t * sig_value, mpi_t * params, 533 const gnutls_datum_t * sig_value, mpi_t * params,
534 int params_len) 534 int params_len)
535{ 535{
536 536
537 mpi_t mdata; 537 mpi_t mdata;
@@ -576,7 +576,7 @@ mhd_gtls_dsa_verify (const gnutls_datum_t * vdata,
576} 576}
577 577
578 578
579/* this is taken from gnupg 579/* this is taken from gnupg
580 */ 580 */
581 581
582/**************** 582/****************
diff --git a/src/daemon/https/tls/gnutls_pk.h b/src/daemon/https/tls/gnutls_pk.h
index bde27a2a..ef4723d4 100644
--- a/src/daemon/https/tls/gnutls_pk.h
+++ b/src/daemon/https/tls/gnutls_pk.h
@@ -26,21 +26,21 @@
26#define GNUTLS_PK_H 26#define GNUTLS_PK_H
27 27
28int mhd_gtls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, 28int mhd_gtls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext,
29 const gnutls_datum_t * plaintext, 29 const gnutls_datum_t * plaintext,
30 mpi_t * params, unsigned params_len, 30 mpi_t * params, unsigned params_len,
31 unsigned btype); 31 unsigned btype);
32int mhd_gtls_dsa_sign (gnutls_datum_t * signature, 32int mhd_gtls_dsa_sign (gnutls_datum_t * signature,
33 const gnutls_datum_t * plaintext, mpi_t * params, 33 const gnutls_datum_t * plaintext, mpi_t * params,
34 unsigned params_len); 34 unsigned params_len);
35int mhd_gtls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, 35int mhd_gtls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext,
36 const gnutls_datum_t * ciphertext, 36 const gnutls_datum_t * ciphertext,
37 mpi_t * params, unsigned params_len, 37 mpi_t * params, unsigned params_len,
38 unsigned btype); 38 unsigned btype);
39int mhd_gtls_rsa_verify (const gnutls_datum_t * vdata, 39int mhd_gtls_rsa_verify (const gnutls_datum_t * vdata,
40 const gnutls_datum_t * ciphertext, mpi_t * params, 40 const gnutls_datum_t * ciphertext, mpi_t * params,
41 int params_len, int btype); 41 int params_len, int btype);
42int mhd_gtls_dsa_verify (const gnutls_datum_t * vdata, 42int mhd_gtls_dsa_verify (const gnutls_datum_t * vdata,
43 const gnutls_datum_t * sig_value, mpi_t * params, 43 const gnutls_datum_t * sig_value, mpi_t * params,
44 int params_len); 44 int params_len);
45 45
46#endif /* GNUTLS_PK_H */ 46#endif /* GNUTLS_PK_H */
diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c
index 82725899..f871a1cf 100644
--- a/src/daemon/https/tls/gnutls_priority.c
+++ b/src/daemon/https/tls/gnutls_priority.c
@@ -147,7 +147,8 @@ MHD_gnutls_mac_set_priority (mhd_gtls_session_t session, const int *list)
147 * 147 *
148 **/ 148 **/
149int 149int
150MHD_gnutls_compression_set_priority (mhd_gtls_session_t session, const int *list) 150MHD_gnutls_compression_set_priority (mhd_gtls_session_t session,
151 const int *list)
151{ 152{
152 return _set_priority (&session->internals.priorities.compression, list); 153 return _set_priority (&session->internals.priorities.compression, list);
153} 154}
@@ -197,7 +198,7 @@ MHD_gnutls_protocol_set_priority (mhd_gtls_session_t session, const int *list)
197 **/ 198 **/
198int 199int
199MHD_gnutls_certificate_type_set_priority (mhd_gtls_session_t session, 200MHD_gnutls_certificate_type_set_priority (mhd_gtls_session_t session,
200 const int *list) 201 const int *list)
201{ 202{
202#if ENABLE_OPENPGP 203#if ENABLE_OPENPGP
203 return _set_priority (&session->internals.priorities.cert_type, list); 204 return _set_priority (&session->internals.priorities.cert_type, list);
@@ -249,7 +250,8 @@ typedef void (rmadd_func) (mhd_gtls_priority_st * priority_list, int alg);
249 * 250 *
250 **/ 251 **/
251int 252int
252MHD_gnutls_priority_set (mhd_gtls_session_t session, gnutls_priority_t priority) 253MHD_gnutls_priority_set (mhd_gtls_session_t session,
254 gnutls_priority_t priority)
253{ 255{
254 if (priority == NULL) 256 if (priority == NULL)
255 { 257 {
@@ -330,7 +332,7 @@ MHD_gnutls_priority_set (mhd_gtls_session_t session, gnutls_priority_t priority)
330 **/ 332 **/
331int 333int
332MHD_tls_set_default_priority (gnutls_priority_t * priority_cache, 334MHD_tls_set_default_priority (gnutls_priority_t * priority_cache,
333 const char *priorities, const char **err_pos) 335 const char *priorities, const char **err_pos)
334{ 336{
335 *priority_cache = gnutls_calloc (1, sizeof (struct MHD_gtls_priority_st)); 337 *priority_cache = gnutls_calloc (1, sizeof (struct MHD_gtls_priority_st));
336 if (*priority_cache == NULL) 338 if (*priority_cache == NULL)
@@ -341,7 +343,8 @@ MHD_tls_set_default_priority (gnutls_priority_t * priority_cache,
341 343
342 /* set mode to "SECURE256" */ 344 /* set mode to "SECURE256" */
343 _set_priority (&(*priority_cache)->protocol, mhd_gtls_protocol_priority); 345 _set_priority (&(*priority_cache)->protocol, mhd_gtls_protocol_priority);
344 _set_priority (&(*priority_cache)->cipher, mhd_gtls_cipher_priority_secure256); 346 _set_priority (&(*priority_cache)->cipher,
347 mhd_gtls_cipher_priority_secure256);
345 _set_priority (&(*priority_cache)->kx, mhd_gtls_kx_priority_secure); 348 _set_priority (&(*priority_cache)->kx, mhd_gtls_kx_priority_secure);
346 _set_priority (&(*priority_cache)->mac, mhd_gtls_mac_priority_secure); 349 _set_priority (&(*priority_cache)->mac, mhd_gtls_mac_priority_secure);
347 _set_priority (&(*priority_cache)->cert_type, mhd_gtls_cert_type_priority); 350 _set_priority (&(*priority_cache)->cert_type, mhd_gtls_cert_type_priority);
@@ -380,7 +383,7 @@ MHD_gnutls_priority_deinit (gnutls_priority_t priority_cache)
380 **/ 383 **/
381int 384int
382MHD_gnutls_priority_set_direct (mhd_gtls_session_t session, 385MHD_gnutls_priority_set_direct (mhd_gtls_session_t session,
383 const char *priorities, const char **err_pos) 386 const char *priorities, const char **err_pos)
384{ 387{
385 gnutls_priority_t prio; 388 gnutls_priority_t prio;
386 int ret; 389 int ret;
diff --git a/src/daemon/https/tls/gnutls_record.c b/src/daemon/https/tls/gnutls_record.c
index c56dc483..3c6122d5 100644
--- a/src/daemon/https/tls/gnutls_record.c
+++ b/src/daemon/https/tls/gnutls_record.c
@@ -57,7 +57,7 @@ MHD_gnutls_protocol_get_version (mhd_gtls_session_t session)
57 57
58void 58void
59mhd_gtls_set_current_version (mhd_gtls_session_t session, 59mhd_gtls_set_current_version (mhd_gtls_session_t session,
60 enum MHD_GNUTLS_Protocol version) 60 enum MHD_GNUTLS_Protocol version)
61{ 61{
62 session->security_parameters.version = version; 62 session->security_parameters.version = version;
63} 63}
@@ -109,7 +109,7 @@ MHD_gtls_record_disable_padding (mhd_gtls_session_t session)
109 **/ 109 **/
110void 110void
111MHD_gnutls_transport_set_ptr (mhd_gtls_session_t session, 111MHD_gnutls_transport_set_ptr (mhd_gtls_session_t session,
112 gnutls_transport_ptr_t ptr) 112 gnutls_transport_ptr_t ptr)
113{ 113{
114 session->internals.transport_recv_ptr = ptr; 114 session->internals.transport_recv_ptr = ptr;
115 session->internals.transport_send_ptr = ptr; 115 session->internals.transport_send_ptr = ptr;
@@ -128,8 +128,8 @@ MHD_gnutls_transport_set_ptr (mhd_gtls_session_t session,
128 **/ 128 **/
129void 129void
130MHD_gnutls_transport_set_ptr2 (mhd_gtls_session_t session, 130MHD_gnutls_transport_set_ptr2 (mhd_gtls_session_t session,
131 gnutls_transport_ptr_t recv_ptr, 131 gnutls_transport_ptr_t recv_ptr,
132 gnutls_transport_ptr_t send_ptr) 132 gnutls_transport_ptr_t send_ptr)
133{ 133{
134 session->internals.transport_send_ptr = send_ptr; 134 session->internals.transport_send_ptr = send_ptr;
135 session->internals.transport_recv_ptr = recv_ptr; 135 session->internals.transport_recv_ptr = recv_ptr;
@@ -187,7 +187,8 @@ MHD_gnutls_bye (mhd_gtls_session_t session, gnutls_close_request_t how)
187 187
188 case STATE61: 188 case STATE61:
189 ret = 189 ret =
190 MHD_gnutls_alert_send (session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY); 190 MHD_gnutls_alert_send (session, GNUTLS_AL_WARNING,
191 GNUTLS_A_CLOSE_NOTIFY);
191 STATE = STATE61; 192 STATE = STATE61;
192 if (ret < 0) 193 if (ret < 0)
193 { 194 {
@@ -292,9 +293,9 @@ copy_record_version (mhd_gtls_session_t session,
292 */ 293 */
293ssize_t 294ssize_t
294mhd_gtls_send_int (mhd_gtls_session_t session, 295mhd_gtls_send_int (mhd_gtls_session_t session,
295 content_type_t type, 296 content_type_t type,
296 gnutls_handshake_description_t htype, 297 gnutls_handshake_description_t htype,
297 const void *_data, size_t sizeofdata) 298 const void *_data, size_t sizeofdata)
298{ 299{
299 uint8_t *cipher; 300 uint8_t *cipher;
300 int cipher_size; 301 int cipher_size;
@@ -331,7 +332,7 @@ mhd_gtls_send_int (mhd_gtls_session_t session,
331 _gnutls_record_log 332 _gnutls_record_log
332 ("REC[%x]: Sending Packet[%d] %s(%d) with length: %d\n", session, 333 ("REC[%x]: Sending Packet[%d] %s(%d) with length: %d\n", session,
333 (int) mhd_gtls_uint64touint32 (&session->connection_state. 334 (int) mhd_gtls_uint64touint32 (&session->connection_state.
334 write_sequence_number), 335 write_sequence_number),
335 _gnutls_packet2str (type), type, sizeofdata); 336 _gnutls_packet2str (type), type, sizeofdata);
336 337
337 if (sizeofdata > MAX_RECORD_SEND_SIZE) 338 if (sizeofdata > MAX_RECORD_SEND_SIZE)
@@ -368,9 +369,9 @@ mhd_gtls_send_int (mhd_gtls_session_t session,
368 369
369 cipher_size = 370 cipher_size =
370 mhd_gtls_encrypt (session, headers, RECORD_HEADER_SIZE, data, 371 mhd_gtls_encrypt (session, headers, RECORD_HEADER_SIZE, data,
371 data2send_size, cipher, cipher_size, type, 372 data2send_size, cipher, cipher_size, type,
372 (session->internals.priorities.no_padding == 373 (session->internals.priorities.no_padding ==
373 0) ? 1 : 0); 374 0) ? 1 : 0);
374 if (cipher_size <= 0) 375 if (cipher_size <= 0)
375 { 376 {
376 gnutls_assert (); 377 gnutls_assert ();
@@ -424,9 +425,9 @@ mhd_gtls_send_int (mhd_gtls_session_t session,
424 425
425 _gnutls_record_log ("REC[%x]: Sent Packet[%d] %s(%d) with length: %d\n", 426 _gnutls_record_log ("REC[%x]: Sent Packet[%d] %s(%d) with length: %d\n",
426 session, 427 session,
427 (int) mhd_gtls_uint64touint32 (&session-> 428 (int)
428 connection_state. 429 mhd_gtls_uint64touint32
429 write_sequence_number), 430 (&session->connection_state.write_sequence_number),
430 _gnutls_packet2str (type), type, cipher_size); 431 _gnutls_packet2str (type), type, cipher_size);
431 432
432 return retval; 433 return retval;
@@ -445,7 +446,8 @@ mhd_gtls_send_change_cipher_spec (mhd_gtls_session_t session, int again)
445 _gnutls_handshake_log ("REC[%x]: Sent ChangeCipherSpec\n", session); 446 _gnutls_handshake_log ("REC[%x]: Sent ChangeCipherSpec\n", session);
446 447
447 if (again == 0) 448 if (again == 0)
448 return mhd_gtls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, 1); 449 return mhd_gtls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, data,
450 1);
449 else 451 else
450 { 452 {
451 return mhd_gtls_io_write_flush (session); 453 return mhd_gtls_io_write_flush (session);
@@ -478,9 +480,8 @@ check_buffers (mhd_gtls_session_t session,
478 content_type_t type, opaque * data, int sizeofdata) 480 content_type_t type, opaque * data, int sizeofdata)
479{ 481{
480 if ((type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE || type 482 if ((type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE || type
481 == GNUTLS_INNER_APPLICATION) && mhd_gnutls_record_buffer_get_size (type, 483 == GNUTLS_INNER_APPLICATION)
482 session) 484 && mhd_gnutls_record_buffer_get_size (type, session) > 0)
483 > 0)
484 { 485 {
485 int ret, ret2; 486 int ret, ret2;
486 ret = mhd_gtls_record_buffer_get (type, session, data, sizeofdata); 487 ret = mhd_gtls_record_buffer_get (type, session, data, sizeofdata);
@@ -674,8 +675,8 @@ record_check_type (mhd_gtls_session_t session,
674 case GNUTLS_APPLICATION_DATA: 675 case GNUTLS_APPLICATION_DATA:
675 /* even if data is unexpected put it into the buffer */ 676 /* even if data is unexpected put it into the buffer */
676 if ((ret = 677 if ((ret =
677 mhd_gnutls_record_buffer_put (recv_type, session, (void *) data, 678 mhd_gnutls_record_buffer_put (recv_type, session,
678 data_size)) < 0) 679 (void *) data, data_size)) < 0)
679 { 680 {
680 gnutls_assert (); 681 gnutls_assert ();
681 return ret; 682 return ret;
@@ -717,8 +718,8 @@ record_check_type (mhd_gtls_session_t session,
717 case GNUTLS_INNER_APPLICATION: 718 case GNUTLS_INNER_APPLICATION:
718 /* even if data is unexpected put it into the buffer */ 719 /* even if data is unexpected put it into the buffer */
719 if ((ret = 720 if ((ret =
720 mhd_gnutls_record_buffer_put (recv_type, session, (void *) data, 721 mhd_gnutls_record_buffer_put (recv_type, session,
721 data_size)) < 0) 722 (void *) data, data_size)) < 0)
722 { 723 {
723 gnutls_assert (); 724 gnutls_assert ();
724 return ret; 725 return ret;
@@ -796,9 +797,9 @@ get_temp_recv_buffer (mhd_gtls_session_t session, gnutls_datum_t * tmp)
796 */ 797 */
797ssize_t 798ssize_t
798mhd_gtls_recv_int (mhd_gtls_session_t session, 799mhd_gtls_recv_int (mhd_gtls_session_t session,
799 content_type_t type, 800 content_type_t type,
800 gnutls_handshake_description_t htype, 801 gnutls_handshake_description_t htype,
801 opaque * data, size_t sizeofdata) 802 opaque * data, size_t sizeofdata)
802{ 803{
803 gnutls_datum_t tmp; 804 gnutls_datum_t tmp;
804 int decrypted_length; 805 int decrypted_length;
@@ -895,13 +896,14 @@ begin:
895 _gnutls_record_log 896 _gnutls_record_log
896 ("REC[%x]: Expected Packet[%d] %s(%d) with length: %d\n", session, 897 ("REC[%x]: Expected Packet[%d] %s(%d) with length: %d\n", session,
897 (int) mhd_gtls_uint64touint32 (&session->connection_state. 898 (int) mhd_gtls_uint64touint32 (&session->connection_state.
898 read_sequence_number), 899 read_sequence_number),
899 _gnutls_packet2str (type), type, sizeofdata); 900 _gnutls_packet2str (type), type, sizeofdata);
900 _gnutls_record_log 901 _gnutls_record_log ("REC[%x]: Received Packet[%d] %s(%d) with length: %d\n",
901 ("REC[%x]: Received Packet[%d] %s(%d) with length: %d\n", session, 902 session,
902 (int) mhd_gtls_uint64touint32 (&session->connection_state. 903 (int)
903 read_sequence_number), 904 mhd_gtls_uint64touint32 (&session->connection_state.
904 _gnutls_packet2str (recv_type), recv_type, length); 905 read_sequence_number),
906 _gnutls_packet2str (recv_type), recv_type, length);
905 907
906 if (length > MAX_RECV_SIZE) 908 if (length > MAX_RECV_SIZE)
907 { 909 {
@@ -918,7 +920,7 @@ begin:
918 /* check if we have that data into buffer. 920 /* check if we have that data into buffer.
919 */ 921 */
920 if ((ret = mhd_gtls_io_read_buffered (session, &recv_data, 922 if ((ret = mhd_gtls_io_read_buffered (session, &recv_data,
921 header_size + length, recv_type)) 923 header_size + length, recv_type))
922 != header_size + length) 924 != header_size + length)
923 { 925 {
924 if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0) 926 if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0)
@@ -945,7 +947,7 @@ begin:
945 947
946 /* decrypt the data we got. */ 948 /* decrypt the data we got. */
947 ret = mhd_gtls_decrypt (session, ciphertext, length, tmp.data, tmp.size, 949 ret = mhd_gtls_decrypt (session, ciphertext, length, tmp.data, tmp.size,
948 recv_type); 950 recv_type);
949 if (ret < 0) 951 if (ret < 0)
950 { 952 {
951 session_unresumable (session); 953 session_unresumable (session);
@@ -977,12 +979,13 @@ begin:
977 _gnutls_record_log 979 _gnutls_record_log
978 ("REC[%x]: Decrypted Packet[%d] %s(%d) with length: %d\n", session, 980 ("REC[%x]: Decrypted Packet[%d] %s(%d) with length: %d\n", session,
979 (int) mhd_gtls_uint64touint32 (&session->connection_state. 981 (int) mhd_gtls_uint64touint32 (&session->connection_state.
980 read_sequence_number), 982 read_sequence_number),
981 _gnutls_packet2str (recv_type), recv_type, decrypted_length); 983 _gnutls_packet2str (recv_type), recv_type, decrypted_length);
982 984
983 /* increase sequence number 985 /* increase sequence number
984 */ 986 */
985 if (mhd_gtls_uint64pp (&session->connection_state.read_sequence_number) != 0) 987 if (mhd_gtls_uint64pp (&session->connection_state.read_sequence_number) !=
988 0)
986 { 989 {
987 session_invalidate (session); 990 session_invalidate (session);
988 gnutls_assert (); 991 gnutls_assert ();
@@ -1079,10 +1082,10 @@ begin:
1079 **/ 1082 **/
1080ssize_t 1083ssize_t
1081MHD_gnutls_record_send (mhd_gtls_session_t session, 1084MHD_gnutls_record_send (mhd_gtls_session_t session,
1082 const void *data, size_t sizeofdata) 1085 const void *data, size_t sizeofdata)
1083{ 1086{
1084 return mhd_gtls_send_int (session, GNUTLS_APPLICATION_DATA, -1, data, 1087 return mhd_gtls_send_int (session, GNUTLS_APPLICATION_DATA, -1, data,
1085 sizeofdata); 1088 sizeofdata);
1086} 1089}
1087 1090
1088/** 1091/**
@@ -1116,10 +1119,11 @@ MHD_gnutls_record_send (mhd_gtls_session_t session,
1116 * received might be less than @sizeofdata. 1119 * received might be less than @sizeofdata.
1117 **/ 1120 **/
1118ssize_t 1121ssize_t
1119MHD_gnutls_record_recv (mhd_gtls_session_t session, void *data, size_t sizeofdata) 1122MHD_gnutls_record_recv (mhd_gtls_session_t session, void *data,
1123 size_t sizeofdata)
1120{ 1124{
1121 return mhd_gtls_recv_int (session, GNUTLS_APPLICATION_DATA, -1, data, 1125 return mhd_gtls_recv_int (session, GNUTLS_APPLICATION_DATA, -1, data,
1122 sizeofdata); 1126 sizeofdata);
1123} 1127}
1124 1128
1125/** 1129/**
diff --git a/src/daemon/https/tls/gnutls_record.h b/src/daemon/https/tls/gnutls_record.h
index 74069bfc..e1fea3f2 100644
--- a/src/daemon/https/tls/gnutls_record.h
+++ b/src/daemon/https/tls/gnutls_record.h
@@ -23,10 +23,11 @@
23 */ 23 */
24 24
25ssize_t mhd_gtls_send_int (mhd_gtls_session_t session, content_type_t type, 25ssize_t mhd_gtls_send_int (mhd_gtls_session_t session, content_type_t type,
26 gnutls_handshake_description_t htype, 26 gnutls_handshake_description_t htype,
27 const void *data, size_t sizeofdata); 27 const void *data, size_t sizeofdata);
28ssize_t mhd_gtls_recv_int (mhd_gtls_session_t session, content_type_t type, 28ssize_t mhd_gtls_recv_int (mhd_gtls_session_t session, content_type_t type,
29 gnutls_handshake_description_t, opaque * data, 29 gnutls_handshake_description_t, opaque * data,
30 size_t sizeofdata); 30 size_t sizeofdata);
31ssize_t mhd_gtls_send_change_cipher_spec (mhd_gtls_session_t session, int again); 31ssize_t mhd_gtls_send_change_cipher_spec (mhd_gtls_session_t session,
32 int again);
32void MHD_gnutls_transport_set_lowat (mhd_gtls_session_t session, int num); 33void MHD_gnutls_transport_set_lowat (mhd_gtls_session_t session, int num);
diff --git a/src/daemon/https/tls/gnutls_rsa_export.c b/src/daemon/https/tls/gnutls_rsa_export.c
index c939f06e..ce06e47e 100644
--- a/src/daemon/https/tls/gnutls_rsa_export.c
+++ b/src/daemon/https/tls/gnutls_rsa_export.c
@@ -220,7 +220,8 @@ MHD_gnutls_rsa_params_deinit (mhd_gtls_rsa_params_t rsa_params)
220 * 220 *
221 **/ 221 **/
222int 222int
223MHD_gnutls_rsa_params_generate2 (mhd_gtls_rsa_params_t params, unsigned int bits) 223MHD_gnutls_rsa_params_generate2 (mhd_gtls_rsa_params_t params,
224 unsigned int bits)
224{ 225{
225 return gnutls_x509_privkey_generate (params, MHD_GNUTLS_PK_RSA, bits, 0); 226 return gnutls_x509_privkey_generate (params, MHD_GNUTLS_PK_RSA, bits, 0);
226} 227}
diff --git a/src/daemon/https/tls/gnutls_rsa_export.h b/src/daemon/https/tls/gnutls_rsa_export.h
index 029e38c5..8e21ed59 100644
--- a/src/daemon/https/tls/gnutls_rsa_export.h
+++ b/src/daemon/https/tls/gnutls_rsa_export.h
@@ -22,6 +22,6 @@
22 * 22 *
23 */ 23 */
24 24
25const mpi_t * _gnutls_rsa_params_to_mpi (mhd_gtls_rsa_params_t); 25const mpi_t *_gnutls_rsa_params_to_mpi (mhd_gtls_rsa_params_t);
26int _gnutls_peers_cert_less_512 (mhd_gtls_session_t session); 26int _gnutls_peers_cert_less_512 (mhd_gtls_session_t session);
27int _gnutls_rsa_generate_params (mpi_t * resarr, int *resarr_len, int bits); 27int _gnutls_rsa_generate_params (mpi_t * resarr, int *resarr_len, int bits);
diff --git a/src/daemon/https/tls/gnutls_session.c b/src/daemon/https/tls/gnutls_session.c
index afc00966..fe14904c 100644
--- a/src/daemon/https/tls/gnutls_session.c
+++ b/src/daemon/https/tls/gnutls_session.c
@@ -135,7 +135,7 @@
135 **/ 135 **/
136int 136int
137MHD_gtls_session_get_id (mhd_gtls_session_t session, 137MHD_gtls_session_get_id (mhd_gtls_session_t session,
138 void *session_id, size_t * session_id_size) 138 void *session_id, size_t * session_id_size)
139{ 139{
140 size_t given_session_id_size = *session_id_size; 140 size_t given_session_id_size = *session_id_size;
141 141
diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c
index 545e4a0c..85bebc8c 100644
--- a/src/daemon/https/tls/gnutls_session_pack.c
+++ b/src/daemon/https/tls/gnutls_session_pack.c
@@ -69,7 +69,8 @@ static int pack_security_parameters (mhd_gtls_session_t session,
69 * x bytes the public key 69 * x bytes the public key
70 */ 70 */
71static int 71static int
72pack_anon_auth_info (mhd_gtls_session_t session, gnutls_datum_t * packed_session) 72pack_anon_auth_info (mhd_gtls_session_t session,
73 gnutls_datum_t * packed_session)
73{ 74{
74 mhd_anon_auth_info_t info = mhd_gtls_get_auth_info (session); 75 mhd_anon_auth_info_t info = mhd_gtls_get_auth_info (session);
75 int pos = 0; 76 int pos = 0;
@@ -100,14 +101,16 @@ pack_anon_auth_info (mhd_gtls_session_t session, gnutls_datum_t * packed_session
100 101
101 if (pack_size > 0) 102 if (pack_size > 0)
102 { 103 {
103 mhd_gtls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]); 104 mhd_gtls_write_uint16 (info->dh.secret_bits,
105 &packed_session->data[pos]);
104 pos += 2; 106 pos += 2;
105 107
106 mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime); 108 mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime);
107 pos += 4 + info->dh.prime.size; 109 pos += 4 + info->dh.prime.size;
108 mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator); 110 mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator);
109 pos += 4 + info->dh.generator.size; 111 pos += 4 + info->dh.generator.size;
110 mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.public_key); 112 mhd_gtls_write_datum32 (&packed_session->data[pos],
113 info->dh.public_key);
111 pos += 4 + info->dh.public_key.size; 114 pos += 4 + info->dh.public_key.size;
112 115
113 } 116 }
@@ -158,7 +161,7 @@ unpack_anon_auth_info (mhd_gtls_session_t session,
158 */ 161 */
159 ret = 162 ret =
160 mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, 163 mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
161 sizeof (anon_auth_info_st), 1); 164 sizeof (anon_auth_info_st), 1);
162 if (ret < 0) 165 if (ret < 0)
163 { 166 {
164 gnutls_assert (); 167 gnutls_assert ();
@@ -228,7 +231,7 @@ error:
228 */ 231 */
229int 232int
230mhd_gtls_session_pack (mhd_gtls_session_t session, 233mhd_gtls_session_pack (mhd_gtls_session_t session,
231 gnutls_datum_t * packed_session) 234 gnutls_datum_t * packed_session)
232{ 235{
233 int ret; 236 int ret;
234 237
@@ -303,7 +306,7 @@ mhd_gtls_session_pack (mhd_gtls_session_t session,
303 */ 306 */
304int 307int
305mhd_gtls_session_unpack (mhd_gtls_session_t session, 308mhd_gtls_session_unpack (mhd_gtls_session_t session,
306 const gnutls_datum_t * packed_session) 309 const gnutls_datum_t * packed_session)
307{ 310{
308 int ret; 311 int ret;
309 312
@@ -444,21 +447,23 @@ pack_certificate_auth_info (mhd_gtls_session_t session,
444 if (pack_size > 0) 447 if (pack_size > 0)
445 { 448 {
446 449
447 mhd_gtls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]); 450 mhd_gtls_write_uint16 (info->dh.secret_bits,
451 &packed_session->data[pos]);
448 pos += 2; 452 pos += 2;
449 453
450 mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime); 454 mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime);
451 pos += 4 + info->dh.prime.size; 455 pos += 4 + info->dh.prime.size;
452 mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator); 456 mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator);
453 pos += 4 + info->dh.generator.size; 457 pos += 4 + info->dh.generator.size;
454 mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.public_key); 458 mhd_gtls_write_datum32 (&packed_session->data[pos],
459 info->dh.public_key);
455 pos += 4 + info->dh.public_key.size; 460 pos += 4 + info->dh.public_key.size;
456 461
457 mhd_gtls_write_datum32 (&packed_session->data[pos], 462 mhd_gtls_write_datum32 (&packed_session->data[pos],
458 info->rsa_export.modulus); 463 info->rsa_export.modulus);
459 pos += 4 + info->rsa_export.modulus.size; 464 pos += 4 + info->rsa_export.modulus.size;
460 mhd_gtls_write_datum32 (&packed_session->data[pos], 465 mhd_gtls_write_datum32 (&packed_session->data[pos],
461 info->rsa_export.exponent); 466 info->rsa_export.exponent);
462 pos += 4 + info->rsa_export.exponent.size; 467 pos += 4 + info->rsa_export.exponent.size;
463 468
464 mhd_gtls_write_uint32 (info->ncerts, &packed_session->data[pos]); 469 mhd_gtls_write_uint32 (info->ncerts, &packed_session->data[pos]);
@@ -467,7 +472,7 @@ pack_certificate_auth_info (mhd_gtls_session_t session,
467 for (i = 0; i < info->ncerts; i++) 472 for (i = 0; i < info->ncerts; i++)
468 { 473 {
469 mhd_gtls_write_datum32 (&packed_session->data[pos], 474 mhd_gtls_write_datum32 (&packed_session->data[pos],
470 info->raw_certificate_list[i]); 475 info->raw_certificate_list[i]);
471 pos += sizeof (uint32_t) + info->raw_certificate_list[i].size; 476 pos += sizeof (uint32_t) + info->raw_certificate_list[i].size;
472 } 477 }
473 } 478 }
@@ -510,7 +515,7 @@ unpack_certificate_auth_info (mhd_gtls_session_t session,
510 */ 515 */
511 ret = 516 ret =
512 mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, 517 mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
513 sizeof (cert_auth_info_st), 1); 518 sizeof (cert_auth_info_st), 1);
514 if (ret < 0) 519 if (ret < 0)
515 { 520 {
516 gnutls_assert (); 521 gnutls_assert ();
@@ -646,7 +651,8 @@ error:
646 * x bytes the SRP username 651 * x bytes the SRP username
647 */ 652 */
648static int 653static int
649pack_srp_auth_info (mhd_gtls_session_t session, gnutls_datum_t * packed_session) 654pack_srp_auth_info (mhd_gtls_session_t session,
655 gnutls_datum_t * packed_session)
650{ 656{
651 srp_server_auth_info_t info = mhd_gtls_get_auth_info (session); 657 srp_server_auth_info_t info = mhd_gtls_get_auth_info (session);
652 int pack_size; 658 int pack_size;
@@ -709,7 +715,7 @@ unpack_srp_auth_info (mhd_gtls_session_t session,
709 715
710 ret = 716 ret =
711 mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_SRP, 717 mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_SRP,
712 sizeof (srp_server_auth_info_st), 1); 718 sizeof (srp_server_auth_info_st), 1);
713 if (ret < 0) 719 if (ret < 0)
714 { 720 {
715 gnutls_assert (); 721 gnutls_assert ();
@@ -751,7 +757,8 @@ unpack_srp_auth_info (mhd_gtls_session_t session,
751 * x bytes the public key 757 * x bytes the public key
752 */ 758 */
753static int 759static int
754pack_psk_auth_info (mhd_gtls_session_t session, gnutls_datum_t * packed_session) 760pack_psk_auth_info (mhd_gtls_session_t session,
761 gnutls_datum_t * packed_session)
755{ 762{
756 psk_auth_info_t info; 763 psk_auth_info_t info;
757 int pack_size, username_size = 0, pos; 764 int pack_size, username_size = 0, pos;
@@ -798,14 +805,16 @@ pack_psk_auth_info (mhd_gtls_session_t session, gnutls_datum_t * packed_session)
798 memcpy (&packed_session->data[pos], info->username, username_size); 805 memcpy (&packed_session->data[pos], info->username, username_size);
799 pos += username_size; 806 pos += username_size;
800 807
801 mhd_gtls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]); 808 mhd_gtls_write_uint16 (info->dh.secret_bits,
809 &packed_session->data[pos]);
802 pos += 2; 810 pos += 2;
803 811
804 mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime); 812 mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime);
805 pos += 4 + info->dh.prime.size; 813 pos += 4 + info->dh.prime.size;
806 mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator); 814 mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator);
807 pos += 4 + info->dh.generator.size; 815 pos += 4 + info->dh.generator.size;
808 mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.public_key); 816 mhd_gtls_write_datum32 (&packed_session->data[pos],
817 info->dh.public_key);
809 pos += 4 + info->dh.public_key.size; 818 pos += 4 + info->dh.public_key.size;
810 819
811 } 820 }
@@ -847,7 +856,7 @@ unpack_psk_auth_info (mhd_gtls_session_t session,
847 */ 856 */
848 ret = 857 ret =
849 mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_PSK, 858 mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_PSK,
850 sizeof (psk_auth_info_st), 1); 859 sizeof (psk_auth_info_st), 1);
851 if (ret < 0) 860 if (ret < 0)
852 { 861 {
853 gnutls_assert (); 862 gnutls_assert ();
@@ -1016,16 +1025,16 @@ pack_security_parameters (mhd_gtls_session_t session,
1016 pos += session->security_parameters.session_id_size; 1025 pos += session->security_parameters.session_id_size;
1017 1026
1018 mhd_gtls_write_uint32 (session->security_parameters.timestamp, 1027 mhd_gtls_write_uint32 (session->security_parameters.timestamp,
1019 &packed_session->data[pos]); 1028 &packed_session->data[pos]);
1020 pos += 4; 1029 pos += 4;
1021 1030
1022 /* Extensions */ 1031 /* Extensions */
1023 mhd_gtls_write_uint16 (session->security_parameters.max_record_send_size, 1032 mhd_gtls_write_uint16 (session->security_parameters.max_record_send_size,
1024 &packed_session->data[pos]); 1033 &packed_session->data[pos]);
1025 pos += 2; 1034 pos += 2;
1026 1035
1027 mhd_gtls_write_uint16 (session->security_parameters.max_record_recv_size, 1036 mhd_gtls_write_uint16 (session->security_parameters.max_record_recv_size,
1028 &packed_session->data[pos]); 1037 &packed_session->data[pos]);
1029 pos += 2; 1038 pos += 2;
1030 1039
1031 /* SRP */ 1040 /* SRP */
@@ -1037,7 +1046,7 @@ pack_security_parameters (mhd_gtls_session_t session,
1037 pos += len; 1046 pos += len;
1038 1047
1039 mhd_gtls_write_uint16 (session->security_parameters.extensions. 1048 mhd_gtls_write_uint16 (session->security_parameters.extensions.
1040 server_names_size, &packed_session->data[pos]); 1049 server_names_size, &packed_session->data[pos]);
1041 pos += 2; 1050 pos += 2;
1042 1051
1043 for (i = 0; i < session->security_parameters.extensions.server_names_size; 1052 for (i = 0; i < session->security_parameters.extensions.server_names_size;
@@ -1046,8 +1055,8 @@ pack_security_parameters (mhd_gtls_session_t session,
1046 packed_session->data[pos++] = 1055 packed_session->data[pos++] =
1047 session->security_parameters.extensions.server_names[i].type; 1056 session->security_parameters.extensions.server_names[i].type;
1048 mhd_gtls_write_uint16 (session->security_parameters.extensions. 1057 mhd_gtls_write_uint16 (session->security_parameters.extensions.
1049 server_names[i].name_length, 1058 server_names[i].name_length,
1050 &packed_session->data[pos]); 1059 &packed_session->data[pos]);
1051 pos += 2; 1060 pos += 2;
1052 1061
1053 memcpy (&packed_session->data[pos], 1062 memcpy (&packed_session->data[pos],
diff --git a/src/daemon/https/tls/gnutls_session_pack.h b/src/daemon/https/tls/gnutls_session_pack.h
index fa47f9e1..e93d9d28 100644
--- a/src/daemon/https/tls/gnutls_session_pack.h
+++ b/src/daemon/https/tls/gnutls_session_pack.h
@@ -23,6 +23,6 @@
23 */ 23 */
24 24
25int mhd_gtls_session_pack (mhd_gtls_session_t session, 25int mhd_gtls_session_pack (mhd_gtls_session_t session,
26 gnutls_datum_t * packed_session); 26 gnutls_datum_t * packed_session);
27int mhd_gtls_session_unpack (mhd_gtls_session_t session, 27int mhd_gtls_session_unpack (mhd_gtls_session_t session,
28 const gnutls_datum_t * packed_session); 28 const gnutls_datum_t * packed_session);
diff --git a/src/daemon/https/tls/gnutls_sig.c b/src/daemon/https/tls/gnutls_sig.c
index 235aa9d0..64d6c7d0 100644
--- a/src/daemon/https/tls/gnutls_sig.c
+++ b/src/daemon/https/tls/gnutls_sig.c
@@ -43,13 +43,13 @@ static int _gnutls_tls_sign (mhd_gtls_session_t session,
43 const gnutls_datum_t * hash_concat, 43 const gnutls_datum_t * hash_concat,
44 gnutls_datum_t * signature); 44 gnutls_datum_t * signature);
45 45
46/* Generates a signature of all the previous sent packets in the 46/* Generates a signature of all the previous sent packets in the
47 * handshake procedure. (20040227: now it works for SSL 3.0 as well) 47 * handshake procedure. (20040227: now it works for SSL 3.0 as well)
48 */ 48 */
49int 49int
50mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, 50mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session,
51 gnutls_cert * cert, 51 gnutls_cert * cert,
52 gnutls_privkey * pkey, gnutls_datum_t * signature) 52 gnutls_privkey * pkey, gnutls_datum_t * signature)
53{ 53{
54 gnutls_datum_t dconcat; 54 gnutls_datum_t dconcat;
55 int ret; 55 int ret;
@@ -75,8 +75,8 @@ mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session,
75 } 75 }
76 76
77 mhd_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], 77 mhd_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16],
78 session->security_parameters. 78 session->security_parameters.
79 master_secret, TLS_MASTER_SIZE); 79 master_secret, TLS_MASTER_SIZE);
80 } 80 }
81 else 81 else
82 mhd_gnutls_hash_deinit (td_sha, &concat[16]); 82 mhd_gnutls_hash_deinit (td_sha, &concat[16]);
@@ -94,8 +94,8 @@ mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session,
94 94
95 if (ver == MHD_GNUTLS_SSL3) 95 if (ver == MHD_GNUTLS_SSL3)
96 mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, 96 mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, concat,
97 session->security_parameters. 97 session->security_parameters.
98 master_secret, TLS_MASTER_SIZE); 98 master_secret, TLS_MASTER_SIZE);
99 else 99 else
100 mhd_gnutls_hash_deinit (td_md5, concat); 100 mhd_gnutls_hash_deinit (td_md5, concat);
101 101
@@ -120,9 +120,9 @@ mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session,
120 */ 120 */
121int 121int
122mhd_gtls_tls_sign_params (mhd_gtls_session_t session, 122mhd_gtls_tls_sign_params (mhd_gtls_session_t session,
123 gnutls_cert * cert, 123 gnutls_cert * cert,
124 gnutls_privkey * pkey, 124 gnutls_privkey * pkey,
125 gnutls_datum_t * params, gnutls_datum_t * signature) 125 gnutls_datum_t * params, gnutls_datum_t * signature)
126{ 126{
127 gnutls_datum_t dconcat; 127 gnutls_datum_t dconcat;
128 int ret; 128 int ret;
@@ -138,9 +138,9 @@ mhd_gtls_tls_sign_params (mhd_gtls_session_t session,
138 } 138 }
139 139
140 mhd_gnutls_hash (td_sha, session->security_parameters.client_random, 140 mhd_gnutls_hash (td_sha, session->security_parameters.client_random,
141 TLS_RANDOM_SIZE); 141 TLS_RANDOM_SIZE);
142 mhd_gnutls_hash (td_sha, session->security_parameters.server_random, 142 mhd_gnutls_hash (td_sha, session->security_parameters.server_random,
143 TLS_RANDOM_SIZE); 143 TLS_RANDOM_SIZE);
144 mhd_gnutls_hash (td_sha, params->data, params->size); 144 mhd_gnutls_hash (td_sha, params->data, params->size);
145 145
146 switch (cert->subject_pk_algorithm) 146 switch (cert->subject_pk_algorithm)
@@ -156,9 +156,9 @@ mhd_gtls_tls_sign_params (mhd_gtls_session_t session,
156 } 156 }
157 157
158 mhd_gnutls_hash (td_md5, session->security_parameters.client_random, 158 mhd_gnutls_hash (td_md5, session->security_parameters.client_random,
159 TLS_RANDOM_SIZE); 159 TLS_RANDOM_SIZE);
160 mhd_gnutls_hash (td_md5, session->security_parameters.server_random, 160 mhd_gnutls_hash (td_md5, session->security_parameters.server_random,
161 TLS_RANDOM_SIZE); 161 TLS_RANDOM_SIZE);
162 mhd_gnutls_hash (td_md5, params->data, params->size); 162 mhd_gnutls_hash (td_md5, params->data, params->size);
163 163
164 mhd_gnutls_hash_deinit (td_md5, concat); 164 mhd_gnutls_hash_deinit (td_md5, concat);
@@ -205,9 +205,9 @@ mhd_gtls_tls_sign_params (mhd_gtls_session_t session,
205 */ 205 */
206int 206int
207mhd_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, 207mhd_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo,
208 mpi_t * params, 208 mpi_t * params,
209 int params_size, 209 int params_size,
210 const gnutls_datum_t * data, gnutls_datum_t * signature) 210 const gnutls_datum_t * data, gnutls_datum_t * signature)
211{ 211{
212 int ret; 212 int ret;
213 213
@@ -217,7 +217,7 @@ mhd_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo,
217 /* encrypt */ 217 /* encrypt */
218 if ((ret = 218 if ((ret =
219 mhd_gtls_pkcs1_rsa_encrypt (signature, data, params, params_size, 219 mhd_gtls_pkcs1_rsa_encrypt (signature, data, params, params_size,
220 1)) < 0) 220 1)) < 0)
221 { 221 {
222 gnutls_assert (); 222 gnutls_assert ();
223 return ret; 223 return ret;
@@ -270,7 +270,7 @@ _gnutls_tls_sign (mhd_gtls_session_t session,
270 } 270 }
271 271
272 return mhd_gtls_sign (pkey->pk_algorithm, pkey->params, pkey->params_size, 272 return mhd_gtls_sign (pkey->pk_algorithm, pkey->params, pkey->params_size,
273 hash_concat, signature); 273 hash_concat, signature);
274} 274}
275 275
276static int 276static int
@@ -308,7 +308,7 @@ _gnutls_verify_sig (gnutls_cert * cert,
308 308
309 /* verify signature */ 309 /* verify signature */
310 if ((ret = mhd_gtls_rsa_verify (&vdata, signature, cert->params, 310 if ((ret = mhd_gtls_rsa_verify (&vdata, signature, cert->params,
311 cert->params_size, 1)) < 0) 311 cert->params_size, 1)) < 0)
312 { 312 {
313 gnutls_assert (); 313 gnutls_assert ();
314 return ret; 314 return ret;
@@ -324,11 +324,11 @@ _gnutls_verify_sig (gnutls_cert * cert,
324} 324}
325 325
326/* Verifies a TLS signature (like the one in the client certificate 326/* Verifies a TLS signature (like the one in the client certificate
327 * verify message). 327 * verify message).
328 */ 328 */
329int 329int
330mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session, 330mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session,
331 gnutls_cert * cert, gnutls_datum_t * signature) 331 gnutls_cert * cert, gnutls_datum_t * signature)
332{ 332{
333 int ret; 333 int ret;
334 opaque concat[36]; 334 opaque concat[36];
@@ -362,11 +362,11 @@ mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session,
362 } 362 }
363 363
364 mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, 364 mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, concat,
365 session->security_parameters. 365 session->security_parameters.
366 master_secret, TLS_MASTER_SIZE); 366 master_secret, TLS_MASTER_SIZE);
367 mhd_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], 367 mhd_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16],
368 session->security_parameters. 368 session->security_parameters.
369 master_secret, TLS_MASTER_SIZE); 369 master_secret, TLS_MASTER_SIZE);
370 } 370 }
371 else 371 else
372 { 372 {
@@ -393,9 +393,9 @@ mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session,
393 */ 393 */
394int 394int
395mhd_gtls_verify_sig_params (mhd_gtls_session_t session, 395mhd_gtls_verify_sig_params (mhd_gtls_session_t session,
396 gnutls_cert * cert, 396 gnutls_cert * cert,
397 const gnutls_datum_t * params, 397 const gnutls_datum_t * params,
398 gnutls_datum_t * signature) 398 gnutls_datum_t * signature)
399{ 399{
400 gnutls_datum_t dconcat; 400 gnutls_datum_t dconcat;
401 int ret; 401 int ret;
@@ -414,9 +414,9 @@ mhd_gtls_verify_sig_params (mhd_gtls_session_t session,
414 } 414 }
415 415
416 mhd_gnutls_hash (td_md5, session->security_parameters.client_random, 416 mhd_gnutls_hash (td_md5, session->security_parameters.client_random,
417 TLS_RANDOM_SIZE); 417 TLS_RANDOM_SIZE);
418 mhd_gnutls_hash (td_md5, session->security_parameters.server_random, 418 mhd_gnutls_hash (td_md5, session->security_parameters.server_random,
419 TLS_RANDOM_SIZE); 419 TLS_RANDOM_SIZE);
420 mhd_gnutls_hash (td_md5, params->data, params->size); 420 mhd_gnutls_hash (td_md5, params->data, params->size);
421 } 421 }
422 422
@@ -430,9 +430,9 @@ mhd_gtls_verify_sig_params (mhd_gtls_session_t session,
430 } 430 }
431 431
432 mhd_gnutls_hash (td_sha, session->security_parameters.client_random, 432 mhd_gnutls_hash (td_sha, session->security_parameters.client_random,
433 TLS_RANDOM_SIZE); 433 TLS_RANDOM_SIZE);
434 mhd_gnutls_hash (td_sha, session->security_parameters.server_random, 434 mhd_gnutls_hash (td_sha, session->security_parameters.server_random,
435 TLS_RANDOM_SIZE); 435 TLS_RANDOM_SIZE);
436 mhd_gnutls_hash (td_sha, params->data, params->size); 436 mhd_gnutls_hash (td_sha, params->data, params->size);
437 437
438 if (ver < MHD_GNUTLS_TLS1_2) 438 if (ver < MHD_GNUTLS_TLS1_2)
diff --git a/src/daemon/https/tls/gnutls_sig.h b/src/daemon/https/tls/gnutls_sig.h
index edeb30f4..eaef5226 100644
--- a/src/daemon/https/tls/gnutls_sig.h
+++ b/src/daemon/https/tls/gnutls_sig.h
@@ -26,26 +26,27 @@
26# define GNUTLS_SIG_H 26# define GNUTLS_SIG_H
27 27
28int mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, 28int mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session,
29 gnutls_cert * cert, 29 gnutls_cert * cert,
30 gnutls_privkey * pkey, 30 gnutls_privkey * pkey,
31 gnutls_datum_t * signature); 31 gnutls_datum_t * signature);
32 32
33int mhd_gtls_tls_sign_params (mhd_gtls_session_t session, 33int mhd_gtls_tls_sign_params (mhd_gtls_session_t session,
34 gnutls_cert * cert, 34 gnutls_cert * cert,
35 gnutls_privkey * pkey, 35 gnutls_privkey * pkey,
36 gnutls_datum_t * params, 36 gnutls_datum_t * params,
37 gnutls_datum_t * signature); 37 gnutls_datum_t * signature);
38 38
39int mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session, 39int mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session,
40 gnutls_cert * cert, gnutls_datum_t * signature); 40 gnutls_cert * cert,
41 gnutls_datum_t * signature);
41 42
42int mhd_gtls_verify_sig_params (mhd_gtls_session_t session, 43int mhd_gtls_verify_sig_params (mhd_gtls_session_t session,
43 gnutls_cert * cert, 44 gnutls_cert * cert,
44 const gnutls_datum_t * params, 45 const gnutls_datum_t * params,
45 gnutls_datum_t * signature); 46 gnutls_datum_t * signature);
46 47
47int mhd_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, 48int mhd_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo,
48 mpi_t * params, int params_size, 49 mpi_t * params, int params_size,
49 const gnutls_datum_t * data, gnutls_datum_t * signature); 50 const gnutls_datum_t * data, gnutls_datum_t * signature);
50 51
51#endif 52#endif
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c
index 799a3d65..d4a47d09 100644
--- a/src/daemon/https/tls/gnutls_state.c
+++ b/src/daemon/https/tls/gnutls_state.c
@@ -119,7 +119,8 @@ gnutls_compression_get (mhd_gtls_session_t session)
119 */ 119 */
120int 120int
121mhd_gtls_session_cert_type_supported (mhd_gtls_session_t session, 121mhd_gtls_session_cert_type_supported (mhd_gtls_session_t session,
122 enum MHD_GNUTLS_CertificateType cert_type) 122 enum MHD_GNUTLS_CertificateType
123 cert_type)
123{ 124{
124 unsigned i; 125 unsigned i;
125 unsigned cert_found = 0; 126 unsigned cert_found = 0;
@@ -129,8 +130,8 @@ mhd_gtls_session_cert_type_supported (mhd_gtls_session_t session,
129 { 130 {
130 cred 131 cred
131 = (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key, 132 = (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key,
132 MHD_GNUTLS_CRD_CERTIFICATE, 133 MHD_GNUTLS_CRD_CERTIFICATE,
133 NULL); 134 NULL);
134 135
135 if (cred == NULL) 136 if (cred == NULL)
136 return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; 137 return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
@@ -234,7 +235,8 @@ mhd_gtls_handshake_internal_state_clear (mhd_gtls_session_t session)
234 235
235/* TODO rm redundent pointer ref */ 236/* TODO rm redundent pointer ref */
236int 237int
237MHD_gnutls_init (mhd_gtls_session_t * session, gnutls_connection_end_t con_end) 238MHD_gnutls_init (mhd_gtls_session_t * session,
239 gnutls_connection_end_t con_end)
238{ 240{
239 *session = gnutls_calloc (1, sizeof (struct MHD_gtls_session_int)); 241 *session = gnutls_calloc (1, sizeof (struct MHD_gtls_session_int));
240 if (*session == NULL) 242 if (*session == NULL)
@@ -284,10 +286,10 @@ MHD_gnutls_init (mhd_gtls_session_t * session, gnutls_connection_end_t con_end)
284 286
285 MHD_gnutls_dh_set_prime_bits ((*session), MIN_DH_BITS); 287 MHD_gnutls_dh_set_prime_bits ((*session), MIN_DH_BITS);
286 288
287 MHD_gnutls_transport_set_lowat ((*session), DEFAULT_LOWAT); /* the default for tcp */ 289 MHD_gnutls_transport_set_lowat ((*session), DEFAULT_LOWAT); /* the default for tcp */
288 290
289 MHD_gnutls_handshake_set_max_packet_length ((*session), 291 MHD_gnutls_handshake_set_max_packet_length ((*session),
290 MAX_HANDSHAKE_PACKET_SIZE); 292 MAX_HANDSHAKE_PACKET_SIZE);
291 293
292 /* Allocate a minimum size for recv_data 294 /* Allocate a minimum size for recv_data
293 * This is allocated in order to avoid small messages, making 295 * This is allocated in order to avoid small messages, making
@@ -369,10 +371,11 @@ MHD_gnutls_deinit (mhd_gtls_session_t session)
369 mhd_gnutls_cipher_deinit (session->connection_state.write_cipher_state); 371 mhd_gnutls_cipher_deinit (session->connection_state.write_cipher_state);
370 372
371 if (session->connection_state.read_compression_state != NULL) 373 if (session->connection_state.read_compression_state != NULL)
372 mhd_gtls_comp_deinit (session->connection_state.read_compression_state, 1); 374 mhd_gtls_comp_deinit (session->connection_state.read_compression_state,
375 1);
373 if (session->connection_state.write_compression_state != NULL) 376 if (session->connection_state.write_compression_state != NULL)
374 mhd_gtls_comp_deinit (session->connection_state. 377 mhd_gtls_comp_deinit (session->connection_state.write_compression_state,
375 write_compression_state, 0); 378 0);
376 379
377 _gnutls_free_datum (&session->cipher_specs.server_write_mac_secret); 380 _gnutls_free_datum (&session->cipher_specs.server_write_mac_secret);
378 _gnutls_free_datum (&session->cipher_specs.client_write_mac_secret); 381 _gnutls_free_datum (&session->cipher_specs.client_write_mac_secret);
@@ -508,7 +511,7 @@ mhd_gtls_dh_set_secret_bits (mhd_gtls_session_t session, unsigned bits)
508 */ 511 */
509int 512int
510mhd_gtls_rsa_export_set_pubkey (mhd_gtls_session_t session, 513mhd_gtls_rsa_export_set_pubkey (mhd_gtls_session_t session,
511 mpi_t exponent, mpi_t modulus) 514 mpi_t exponent, mpi_t modulus)
512{ 515{
513 cert_auth_info_t info; 516 cert_auth_info_t info;
514 int ret; 517 int ret;
@@ -609,7 +612,7 @@ mhd_gtls_dh_set_group (mhd_gtls_session_t session, mpi_t gen, mpi_t prime)
609 **/ 612 **/
610void 613void
611MHD_gnutls_certificate_send_x509_rdn_sequence (mhd_gtls_session_t session, 614MHD_gnutls_certificate_send_x509_rdn_sequence (mhd_gtls_session_t session,
612 int status) 615 int status)
613{ 616{
614 session->internals.ignore_rdn_sequence = status; 617 session->internals.ignore_rdn_sequence = status;
615} 618}
@@ -650,7 +653,8 @@ _gnutls_record_set_default_version (mhd_gtls_session_t session,
650 * gnutls servers and clients may cause interoperability problems. 653 * gnutls servers and clients may cause interoperability problems.
651 **/ 654 **/
652void 655void
653MHD_gtls_handshake_set_private_extensions (mhd_gtls_session_t session, int allow) 656MHD_gtls_handshake_set_private_extensions (mhd_gtls_session_t session,
657 int allow)
654{ 658{
655 session->internals.enable_private = allow; 659 session->internals.enable_private = allow;
656} 660}
@@ -778,11 +782,11 @@ _gnutls_xor (opaque * o1, opaque * o2, int length)
778 */ 782 */
779int 783int
780mhd_gtls_PRF (mhd_gtls_session_t session, 784mhd_gtls_PRF (mhd_gtls_session_t session,
781 const opaque * secret, 785 const opaque * secret,
782 int secret_size, 786 int secret_size,
783 const char *label, 787 const char *label,
784 int label_size, 788 int label_size,
785 const opaque * seed, int seed_size, int total_bytes, void *ret) 789 const opaque * seed, int seed_size, int total_bytes, void *ret)
786{ 790{
787 int l_s, s_seed_size; 791 int l_s, s_seed_size;
788 const opaque *s1, *s2; 792 const opaque *s1, *s2;
@@ -889,15 +893,16 @@ mhd_gtls_PRF (mhd_gtls_session_t session,
889 **/ 893 **/
890int 894int
891MHD_gnutls_prf_raw (mhd_gtls_session_t session, 895MHD_gnutls_prf_raw (mhd_gtls_session_t session,
892 size_t label_size, 896 size_t label_size,
893 const char *label, 897 const char *label,
894 size_t seed_size, const char *seed, size_t outsize, char *out) 898 size_t seed_size, const char *seed, size_t outsize,
899 char *out)
895{ 900{
896 int ret; 901 int ret;
897 902
898 ret = mhd_gtls_PRF (session, session->security_parameters.master_secret, 903 ret = mhd_gtls_PRF (session, session->security_parameters.master_secret,
899 TLS_MASTER_SIZE, label, label_size, (opaque *) seed, 904 TLS_MASTER_SIZE, label, label_size, (opaque *) seed,
900 seed_size, outsize, out); 905 seed_size, outsize, out);
901 906
902 return ret; 907 return ret;
903} 908}
@@ -933,10 +938,11 @@ MHD_gnutls_prf_raw (mhd_gtls_session_t session,
933 **/ 938 **/
934int 939int
935MHD_gnutls_prf (mhd_gtls_session_t session, 940MHD_gnutls_prf (mhd_gtls_session_t session,
936 size_t label_size, 941 size_t label_size,
937 const char *label, 942 const char *label,
938 int server_random_first, 943 int server_random_first,
939 size_t extra_size, const char *extra, size_t outsize, char *out) 944 size_t extra_size, const char *extra, size_t outsize,
945 char *out)
940{ 946{
941 int ret; 947 int ret;
942 opaque *seed; 948 opaque *seed;
@@ -959,8 +965,8 @@ MHD_gnutls_prf (mhd_gtls_session_t session,
959 memcpy (seed + 2 * TLS_RANDOM_SIZE, extra, extra_size); 965 memcpy (seed + 2 * TLS_RANDOM_SIZE, extra, extra_size);
960 966
961 ret = mhd_gtls_PRF (session, session->security_parameters.master_secret, 967 ret = mhd_gtls_PRF (session, session->security_parameters.master_secret,
962 TLS_MASTER_SIZE, label, label_size, seed, seedsize, 968 TLS_MASTER_SIZE, label, label_size, seed, seedsize,
963 outsize, out); 969 outsize, out);
964 970
965 gnutls_free (seed); 971 gnutls_free (seed);
966 972
@@ -1045,8 +1051,8 @@ MHD_gtls_session_is_resumed (mhd_gtls_session_t session)
1045 == session->internals.resumed_security_parameters.session_id_size 1051 == session->internals.resumed_security_parameters.session_id_size
1046 && memcmp (session->security_parameters.session_id, 1052 && memcmp (session->security_parameters.session_id,
1047 session->internals.resumed_security_parameters. 1053 session->internals.resumed_security_parameters.
1048 session_id, session->security_parameters.session_id_size) 1054 session_id,
1049 == 0) 1055 session->security_parameters.session_id_size) == 0)
1050 return 1; 1056 return 1;
1051 } 1057 }
1052 else 1058 else
@@ -1073,7 +1079,7 @@ mhd_gtls_session_is_export (mhd_gtls_session_t session)
1073 1079
1074 cipher = 1080 cipher =
1075 mhd_gtls_cipher_suite_get_cipher_algo (&session->security_parameters. 1081 mhd_gtls_cipher_suite_get_cipher_algo (&session->security_parameters.
1076 current_cipher_suite); 1082 current_cipher_suite);
1077 1083
1078 if (mhd_gtls_cipher_get_export_flag (cipher) != 0) 1084 if (mhd_gtls_cipher_get_export_flag (cipher) != 0)
1079 return 1; 1085 return 1;
@@ -1174,9 +1180,10 @@ _gnutls_rsa_pms_set_version (mhd_gtls_session_t session,
1174 * 1180 *
1175 **/ 1181 **/
1176void 1182void
1177MHD_gnutls_handshake_set_post_client_hello_function (mhd_gtls_session_t session, 1183MHD_gnutls_handshake_set_post_client_hello_function (mhd_gtls_session_t
1178 gnutls_handshake_post_client_hello_func 1184 session,
1179 func) 1185 gnutls_handshake_post_client_hello_func
1186 func)
1180{ 1187{
1181 session->internals.user_hello_func = func; 1188 session->internals.user_hello_func = func;
1182} 1189}
diff --git a/src/daemon/https/tls/gnutls_state.h b/src/daemon/https/tls/gnutls_state.h
index e9e06226..e5d1877a 100644
--- a/src/daemon/https/tls/gnutls_state.h
+++ b/src/daemon/https/tls/gnutls_state.h
@@ -28,10 +28,13 @@
28#include <gnutls_int.h> 28#include <gnutls_int.h>
29 29
30void _gnutls_session_cert_type_set (mhd_gtls_session_t session, 30void _gnutls_session_cert_type_set (mhd_gtls_session_t session,
31 enum MHD_GNUTLS_CertificateType); 31 enum MHD_GNUTLS_CertificateType);
32enum MHD_GNUTLS_KeyExchangeAlgorithm gnutls_kx_get (mhd_gtls_session_t session); 32enum MHD_GNUTLS_KeyExchangeAlgorithm gnutls_kx_get (mhd_gtls_session_t
33enum MHD_GNUTLS_CipherAlgorithm gnutls_cipher_get (mhd_gtls_session_t session); 33 session);
34enum MHD_GNUTLS_CertificateType gnutls_certificate_type_get (mhd_gtls_session_t); 34enum MHD_GNUTLS_CipherAlgorithm gnutls_cipher_get (mhd_gtls_session_t
35 session);
36enum MHD_GNUTLS_CertificateType
37gnutls_certificate_type_get (mhd_gtls_session_t);
35 38
36#include <gnutls_auth_int.h> 39#include <gnutls_auth_int.h>
37 40
@@ -43,18 +46,19 @@ enum MHD_GNUTLS_CertificateType gnutls_certificate_type_get (mhd_gtls_session_t)
43#endif 46#endif
44 47
45int mhd_gtls_session_cert_type_supported (mhd_gtls_session_t, 48int mhd_gtls_session_cert_type_supported (mhd_gtls_session_t,
46 enum MHD_GNUTLS_CertificateType); 49 enum MHD_GNUTLS_CertificateType);
47 50
48int mhd_gtls_dh_set_secret_bits (mhd_gtls_session_t session, unsigned bits); 51int mhd_gtls_dh_set_secret_bits (mhd_gtls_session_t session, unsigned bits);
49 52
50int mhd_gtls_dh_set_peer_public (mhd_gtls_session_t session, mpi_t public); 53int mhd_gtls_dh_set_peer_public (mhd_gtls_session_t session, mpi_t public);
51int mhd_gtls_dh_set_group (mhd_gtls_session_t session, mpi_t gen, mpi_t prime); 54int mhd_gtls_dh_set_group (mhd_gtls_session_t session, mpi_t gen,
55 mpi_t prime);
52 56
53int mhd_gtls_dh_get_allowed_prime_bits (mhd_gtls_session_t session); 57int mhd_gtls_dh_get_allowed_prime_bits (mhd_gtls_session_t session);
54void mhd_gtls_handshake_internal_state_clear (mhd_gtls_session_t); 58void mhd_gtls_handshake_internal_state_clear (mhd_gtls_session_t);
55 59
56int mhd_gtls_rsa_export_set_pubkey (mhd_gtls_session_t session, 60int mhd_gtls_rsa_export_set_pubkey (mhd_gtls_session_t session,
57 mpi_t exponent, mpi_t modulus); 61 mpi_t exponent, mpi_t modulus);
58 62
59int mhd_gtls_session_is_resumable (mhd_gtls_session_t session); 63int mhd_gtls_session_is_resumable (mhd_gtls_session_t session);
60int mhd_gtls_session_is_export (mhd_gtls_session_t session); 64int mhd_gtls_session_is_export (mhd_gtls_session_t session);
@@ -62,11 +66,12 @@ int mhd_gtls_session_is_export (mhd_gtls_session_t session);
62int mhd_gtls_openpgp_send_fingerprint (mhd_gtls_session_t session); 66int mhd_gtls_openpgp_send_fingerprint (mhd_gtls_session_t session);
63 67
64int mhd_gtls_PRF (mhd_gtls_session_t session, 68int mhd_gtls_PRF (mhd_gtls_session_t session,
65 const opaque * secret, int secret_size, 69 const opaque * secret, int secret_size,
66 const char *label, int label_size, 70 const char *label, int label_size,
67 const opaque * seed, int seed_size, 71 const opaque * seed, int seed_size,
68 int total_bytes, void *ret); 72 int total_bytes, void *ret);
69 73
70int MHD_gnutls_init (mhd_gtls_session_t * session, gnutls_connection_end_t con_end); 74int MHD_gnutls_init (mhd_gtls_session_t * session,
75 gnutls_connection_end_t con_end);
71 76
72#define DEFAULT_CERT_TYPE MHD_GNUTLS_CRT_X509 77#define DEFAULT_CERT_TYPE MHD_GNUTLS_CRT_X509
diff --git a/src/daemon/https/tls/gnutls_str.c b/src/daemon/https/tls/gnutls_str.c
index 0a2a656a..22f949d6 100644
--- a/src/daemon/https/tls/gnutls_str.c
+++ b/src/daemon/https/tls/gnutls_str.c
@@ -74,7 +74,7 @@ mhd_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src)
74 74
75void 75void
76mhd_gtls_mem_cpy (char *dest, 76mhd_gtls_mem_cpy (char *dest,
77 size_t dest_tot_size, const char *src, size_t src_size) 77 size_t dest_tot_size, const char *src, size_t src_size)
78{ 78{
79 79
80 if (dest_tot_size >= src_size) 80 if (dest_tot_size >= src_size)
@@ -92,9 +92,9 @@ mhd_gtls_mem_cpy (char *dest,
92 92
93void 93void
94mhd_gtls_string_init (mhd_gtls_string * str, 94mhd_gtls_string_init (mhd_gtls_string * str,
95 gnutls_alloc_function alloc_func, 95 gnutls_alloc_function alloc_func,
96 gnutls_realloc_function realloc_func, 96 gnutls_realloc_function realloc_func,
97 gnutls_free_function free_func) 97 gnutls_free_function free_func)
98{ 98{
99 str->data = NULL; 99 str->data = NULL;
100 str->max_length = 0; 100 str->max_length = 0;
@@ -197,7 +197,7 @@ mhd_gtls_string_append_str (mhd_gtls_string * dest, const char *src)
197 197
198int 198int
199mhd_gtls_string_append_data (mhd_gtls_string * dest, 199mhd_gtls_string_append_data (mhd_gtls_string * dest,
200 const void *data, size_t data_size) 200 const void *data, size_t data_size)
201{ 201{
202 size_t tot_len = data_size + dest->length; 202 size_t tot_len = data_size + dest->length;
203 203
@@ -256,7 +256,7 @@ mhd_gtls_string_append_printf (mhd_gtls_string * dest, const char *fmt, ...)
256 */ 256 */
257char * 257char *
258mhd_gtls_bin2hex (const void *_old, 258mhd_gtls_bin2hex (const void *_old,
259 size_t oldlen, char *buffer, size_t buffer_size) 259 size_t oldlen, char *buffer, size_t buffer_size)
260{ 260{
261 unsigned int i, j; 261 unsigned int i, j;
262 const opaque *old = _old; 262 const opaque *old = _old;
@@ -275,7 +275,7 @@ mhd_gtls_bin2hex (const void *_old,
275 */ 275 */
276int 276int
277mhd_gtls_hex2bin (const opaque * hex_data, 277mhd_gtls_hex2bin (const opaque * hex_data,
278 int hex_size, opaque * bin_data, size_t * bin_size) 278 int hex_size, opaque * bin_data, size_t * bin_size)
279{ 279{
280 int i, j; 280 int i, j;
281 opaque hex2_data[3]; 281 opaque hex2_data[3];
diff --git a/src/daemon/https/tls/gnutls_str.h b/src/daemon/https/tls/gnutls_str.h
index 84ff8eb5..45ad33ae 100644
--- a/src/daemon/https/tls/gnutls_str.h
+++ b/src/daemon/https/tls/gnutls_str.h
@@ -29,12 +29,12 @@
29 29
30void mhd_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src); 30void mhd_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src);
31void mhd_gtls_mem_cpy (char *dest, size_t dest_tot_size, const char *src, 31void mhd_gtls_mem_cpy (char *dest, size_t dest_tot_size, const char *src,
32 size_t src_size); 32 size_t src_size);
33void mhd_gtls_str_cat (char *dest, size_t dest_tot_size, const char *src); 33void mhd_gtls_str_cat (char *dest, size_t dest_tot_size, const char *src);
34 34
35typedef struct 35typedef struct
36{ 36{
37 opaque * data; 37 opaque *data;
38 size_t max_length; 38 size_t max_length;
39 size_t length; 39 size_t length;
40 gnutls_realloc_function realloc_func; 40 gnutls_realloc_function realloc_func;
@@ -43,7 +43,7 @@ typedef struct
43} mhd_gtls_string; 43} mhd_gtls_string;
44 44
45void mhd_gtls_string_init (mhd_gtls_string *, gnutls_alloc_function, 45void mhd_gtls_string_init (mhd_gtls_string *, gnutls_alloc_function,
46 gnutls_realloc_function, gnutls_free_function); 46 gnutls_realloc_function, gnutls_free_function);
47void mhd_gtls_string_clear (mhd_gtls_string *); 47void mhd_gtls_string_clear (mhd_gtls_string *);
48 48
49/* Beware, do not clear the string, after calling this 49/* Beware, do not clear the string, after calling this
@@ -54,12 +54,13 @@ gnutls_datum_t mhd_gtls_string2datum (mhd_gtls_string * str);
54int mhd_gtls_string_copy_str (mhd_gtls_string * dest, const char *src); 54int mhd_gtls_string_copy_str (mhd_gtls_string * dest, const char *src);
55int mhd_gtls_string_append_str (mhd_gtls_string *, const char *str); 55int mhd_gtls_string_append_str (mhd_gtls_string *, const char *str);
56int mhd_gtls_string_append_data (mhd_gtls_string *, const void *data, 56int mhd_gtls_string_append_data (mhd_gtls_string *, const void *data,
57 size_t data_size); 57 size_t data_size);
58int mhd_gtls_string_append_printf (mhd_gtls_string * dest, const char *fmt, ...); 58int mhd_gtls_string_append_printf (mhd_gtls_string * dest, const char *fmt,
59 ...);
59 60
60char * mhd_gtls_bin2hex (const void *old, size_t oldlen, char *buffer, 61char *mhd_gtls_bin2hex (const void *old, size_t oldlen, char *buffer,
61 size_t buffer_size); 62 size_t buffer_size);
62int mhd_gtls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data, 63int mhd_gtls_hex2bin (const opaque * hex_data, int hex_size,
63 size_t * bin_size); 64 opaque * bin_data, size_t * bin_size);
64 65
65#endif 66#endif
diff --git a/src/daemon/https/tls/gnutls_supplemental.c b/src/daemon/https/tls/gnutls_supplemental.c
index 1a5fcd6f..997da8a1 100644
--- a/src/daemon/https/tls/gnutls_supplemental.c
+++ b/src/daemon/https/tls/gnutls_supplemental.c
@@ -52,7 +52,8 @@
52 52
53typedef int (*supp_recv_func) (mhd_gtls_session_t session, 53typedef int (*supp_recv_func) (mhd_gtls_session_t session,
54 const opaque * data, size_t data_size); 54 const opaque * data, size_t data_size);
55typedef int (*supp_send_func) (mhd_gtls_session_t session, mhd_gtls_buffer * buf); 55typedef int (*supp_send_func) (mhd_gtls_session_t session,
56 mhd_gtls_buffer * buf);
56 57
57typedef struct 58typedef struct
58{ 59{
diff --git a/src/daemon/https/tls/gnutls_supplemental.h b/src/daemon/https/tls/gnutls_supplemental.h
index 3f8d9217..eaccfe74 100644
--- a/src/daemon/https/tls/gnutls_supplemental.h
+++ b/src/daemon/https/tls/gnutls_supplemental.h
@@ -25,7 +25,6 @@
25#include <gnutls_int.h> 25#include <gnutls_int.h>
26 26
27int _gnutls_parse_supplemental (mhd_gtls_session_t session, 27int _gnutls_parse_supplemental (mhd_gtls_session_t session,
28 const uint8_t *data, 28 const uint8_t * data, int data_size);
29 int data_size);
30int _gnutls_gen_supplemental (mhd_gtls_session_t session, 29int _gnutls_gen_supplemental (mhd_gtls_session_t session,
31 mhd_gtls_buffer *buf); 30 mhd_gtls_buffer * buf);
diff --git a/src/daemon/https/tls/gnutls_ui.c b/src/daemon/https/tls/gnutls_ui.c
index c894f0ad..b211a175 100644
--- a/src/daemon/https/tls/gnutls_ui.c
+++ b/src/daemon/https/tls/gnutls_ui.c
@@ -41,13 +41,13 @@
41 * @session: is a #mhd_gtls_session_t structure. 41 * @session: is a #mhd_gtls_session_t structure.
42 * @bits: is the number of bits 42 * @bits: is the number of bits
43 * 43 *
44 * This function sets the number of bits, for use in an 44 * This function sets the number of bits, for use in an
45 * Diffie Hellman key exchange. This is used both in DH ephemeral and 45 * Diffie Hellman key exchange. This is used both in DH ephemeral and
46 * DH anonymous cipher suites. This will set the 46 * DH anonymous cipher suites. This will set the
47 * minimum size of the prime that will be used for the handshake. 47 * minimum size of the prime that will be used for the handshake.
48 * 48 *
49 * In the client side it sets the minimum accepted number of bits. 49 * In the client side it sets the minimum accepted number of bits.
50 * If a server sends a prime with less bits than that 50 * If a server sends a prime with less bits than that
51 * GNUTLS_E_DH_PRIME_UNACCEPTABLE will be returned by the 51 * GNUTLS_E_DH_PRIME_UNACCEPTABLE will be returned by the
52 * handshake. 52 * handshake.
53 * 53 *
@@ -64,7 +64,7 @@ MHD_gnutls_dh_set_prime_bits (mhd_gtls_session_t session, unsigned int bits)
64 * @raw_gen: will hold the generator. 64 * @raw_gen: will hold the generator.
65 * @raw_prime: will hold the prime. 65 * @raw_prime: will hold the prime.
66 * 66 *
67 * This function will return the group parameters used in the last Diffie Hellman 67 * This function will return the group parameters used in the last Diffie Hellman
68 * authentication with the peer. These are the prime and the generator used. 68 * authentication with the peer. These are the prime and the generator used.
69 * This function should be used for both anonymous and ephemeral diffie Hellman. 69 * This function should be used for both anonymous and ephemeral diffie Hellman.
70 * The output parameters must be freed with gnutls_free(). 70 * The output parameters must be freed with gnutls_free().
@@ -74,7 +74,7 @@ MHD_gnutls_dh_set_prime_bits (mhd_gtls_session_t session, unsigned int bits)
74 **/ 74 **/
75int 75int
76MHD_gnutls_dh_get_group (mhd_gtls_session_t session, 76MHD_gnutls_dh_get_group (mhd_gtls_session_t session,
77 gnutls_datum_t * raw_gen, gnutls_datum_t * raw_prime) 77 gnutls_datum_t * raw_gen, gnutls_datum_t * raw_prime)
78{ 78{
79 mhd_gtls_dh_info_st *dh; 79 mhd_gtls_dh_info_st *dh;
80 int ret; 80 int ret;
@@ -131,7 +131,8 @@ MHD_gnutls_dh_get_group (mhd_gtls_session_t session,
131 * 131 *
132 **/ 132 **/
133int 133int
134MHD_gnutls_dh_get_pubkey (mhd_gtls_session_t session, gnutls_datum_t * raw_key) 134MHD_gnutls_dh_get_pubkey (mhd_gtls_session_t session,
135 gnutls_datum_t * raw_key)
135{ 136{
136 mhd_gtls_dh_info_st *dh; 137 mhd_gtls_dh_info_st *dh;
137 mhd_anon_auth_info_t anon_info; 138 mhd_anon_auth_info_t anon_info;
@@ -189,8 +190,8 @@ MHD_gnutls_dh_get_pubkey (mhd_gtls_session_t session, gnutls_datum_t * raw_key)
189 **/ 190 **/
190int 191int
191MHD_gtls_rsa_export_get_pubkey (mhd_gtls_session_t session, 192MHD_gtls_rsa_export_get_pubkey (mhd_gtls_session_t session,
192 gnutls_datum_t * exponent, 193 gnutls_datum_t * exponent,
193 gnutls_datum_t * modulus) 194 gnutls_datum_t * modulus)
194{ 195{
195 cert_auth_info_t info; 196 cert_auth_info_t info;
196 int ret; 197 int ret;
@@ -314,7 +315,7 @@ MHD_gnutls_dh_get_prime_bits (mhd_gtls_session_t session)
314 * @session: is a gnutls session 315 * @session: is a gnutls session
315 * 316 *
316 * This function will return the bits used in the last RSA-EXPORT key exchange 317 * This function will return the bits used in the last RSA-EXPORT key exchange
317 * with the peer. 318 * with the peer.
318 * Returns a negative value in case of an error. 319 * Returns a negative value in case of an error.
319 * 320 *
320 **/ 321 **/
@@ -384,7 +385,7 @@ MHD_gnutls_dh_get_peers_public_bits (mhd_gtls_session_t session)
384 * @session: is a gnutls session 385 * @session: is a gnutls session
385 * 386 *
386 * This function will return the certificate as sent to the peer, 387 * This function will return the certificate as sent to the peer,
387 * in the last handshake. These certificates are in raw format. 388 * in the last handshake. These certificates are in raw format.
388 * In X.509 this is a certificate list. In OpenPGP this is a single 389 * In X.509 this is a certificate list. In OpenPGP this is a single
389 * certificate. 390 * certificate.
390 * Returns NULL in case of an error, or if no certificate was used. 391 * Returns NULL in case of an error, or if no certificate was used.
@@ -399,8 +400,8 @@ MHD_gtls_certificate_get_ours (mhd_gtls_session_t session)
399 400
400 cred 401 cred
401 = (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key, 402 = (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key,
402 MHD_GNUTLS_CRD_CERTIFICATE, 403 MHD_GNUTLS_CRD_CERTIFICATE,
403 NULL); 404 NULL);
404 if (cred == NULL || cred->cert_list == NULL) 405 if (cred == NULL || cred->cert_list == NULL)
405 { 406 {
406 gnutls_assert (); 407 gnutls_assert ();
@@ -418,9 +419,9 @@ MHD_gtls_certificate_get_ours (mhd_gtls_session_t session)
418 * @session: is a gnutls session 419 * @session: is a gnutls session
419 * @list_size: is the length of the certificate list 420 * @list_size: is the length of the certificate list
420 * 421 *
421 * This function will return the peer's raw certificate (chain) as 422 * This function will return the peer's raw certificate (chain) as
422 * sent by the peer. These certificates are in raw format (DER encoded 423 * sent by the peer. These certificates are in raw format (DER encoded
423 * for X.509). In case of a X.509 then a certificate list may be present. 424 * for X.509). In case of a X.509 then a certificate list may be present.
424 * The first certificate in the list is the peer's certificate, 425 * The first certificate in the list is the peer's certificate,
425 * following the issuer's certificate, then the issuer's issuer etc. 426 * following the issuer's certificate, then the issuer's issuer etc.
426 * 427 *
@@ -432,7 +433,7 @@ MHD_gtls_certificate_get_ours (mhd_gtls_session_t session)
432 **/ 433 **/
433const gnutls_datum_t * 434const gnutls_datum_t *
434MHD_gtls_certificate_get_peers (mhd_gtls_session_t 435MHD_gtls_certificate_get_peers (mhd_gtls_session_t
435 session, unsigned int *list_size) 436 session, unsigned int *list_size)
436{ 437{
437 cert_auth_info_t info; 438 cert_auth_info_t info;
438 439
@@ -472,7 +473,7 @@ MHD_gtls_certificate_client_get_request_status (mhd_gtls_session_t session)
472 * MHD_gnutls_fingerprint - This function calculates the fingerprint of the given data 473 * MHD_gnutls_fingerprint - This function calculates the fingerprint of the given data
473 * @algo: is a digest algorithm 474 * @algo: is a digest algorithm
474 * @data: is the data 475 * @data: is the data
475 * @result: is the place where the result will be copied (may be null). 476 * @result: is the place where the result will be copied (may be null).
476 * @result_size: should hold the size of the result. The actual size 477 * @result_size: should hold the size of the result. The actual size
477 * of the returned result will also be copied there. 478 * of the returned result will also be copied there.
478 * 479 *
@@ -480,8 +481,8 @@ MHD_gtls_certificate_client_get_request_status (mhd_gtls_session_t session)
480 * given data. The result is not printable data. You should convert it 481 * given data. The result is not printable data. You should convert it
481 * to hex, or to something else printable. 482 * to hex, or to something else printable.
482 * 483 *
483 * This is the usual way to calculate a fingerprint of an X.509 484 * This is the usual way to calculate a fingerprint of an X.509
484 * DER encoded certificate. Note however that the fingerprint 485 * DER encoded certificate. Note however that the fingerprint
485 * of an OpenPGP is not just a hash and cannot be calculated with 486 * of an OpenPGP is not just a hash and cannot be calculated with
486 * this function. 487 * this function.
487 * 488 *
@@ -490,8 +491,8 @@ MHD_gtls_certificate_client_get_request_status (mhd_gtls_session_t session)
490 **/ 491 **/
491int 492int
492MHD_gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo, 493MHD_gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo,
493 const gnutls_datum_t * data, 494 const gnutls_datum_t * data,
494 void *result, size_t * result_size) 495 void *result, size_t * result_size)
495{ 496{
496 GNUTLS_HASH_HANDLE td; 497 GNUTLS_HASH_HANDLE td;
497 int hash_len = mhd_gnutls_hash_get_algo_len (HASH2MAC (algo)); 498 int hash_len = mhd_gnutls_hash_get_algo_len (HASH2MAC (algo));
@@ -532,7 +533,7 @@ MHD_gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo,
532 **/ 533 **/
533void 534void
534MHD_gnutls_certificate_set_dh_params (mhd_gtls_cert_credentials_t res, 535MHD_gnutls_certificate_set_dh_params (mhd_gtls_cert_credentials_t res,
535 mhd_gtls_dh_params_t dh_params) 536 mhd_gtls_dh_params_t dh_params)
536{ 537{
537 res->dh_params = dh_params; 538 res->dh_params = dh_params;
538} 539}
@@ -542,7 +543,7 @@ MHD_gnutls_certificate_set_dh_params (mhd_gtls_cert_credentials_t res,
542 * @res: is a mhd_gtls_cert_credentials_t structure 543 * @res: is a mhd_gtls_cert_credentials_t structure
543 * @func: is the function to be called 544 * @func: is the function to be called
544 * 545 *
545 * This function will set a callback in order for the server to get the 546 * This function will set a callback in order for the server to get the
546 * diffie hellman or RSA parameters for certificate authentication. The callback 547 * diffie hellman or RSA parameters for certificate authentication. The callback
547 * should return zero on success. 548 * should return zero on success.
548 * 549 *
@@ -566,7 +567,7 @@ gnutls_certificate_set_params_function (mhd_gtls_cert_credentials_t res,
566 **/ 567 **/
567void 568void
568MHD_gnutls_certificate_set_verify_flags (mhd_gtls_cert_credentials_t 569MHD_gnutls_certificate_set_verify_flags (mhd_gtls_cert_credentials_t
569 res, unsigned int flags) 570 res, unsigned int flags)
570{ 571{
571 res->verify_flags = flags; 572 res->verify_flags = flags;
572} 573}
@@ -584,9 +585,9 @@ MHD_gnutls_certificate_set_verify_flags (mhd_gtls_cert_credentials_t
584 **/ 585 **/
585void 586void
586MHD_gnutls_certificate_set_verify_limits (mhd_gtls_cert_credentials_t 587MHD_gnutls_certificate_set_verify_limits (mhd_gtls_cert_credentials_t
587 res, 588 res,
588 unsigned int max_bits, 589 unsigned int max_bits,
589 unsigned int max_depth) 590 unsigned int max_depth)
590{ 591{
591 res->verify_depth = max_depth; 592 res->verify_depth = max_depth;
592 res->verify_bits = max_bits; 593 res->verify_bits = max_bits;
@@ -604,7 +605,9 @@ MHD_gnutls_certificate_set_verify_limits (mhd_gtls_cert_credentials_t
604 **/ 605 **/
605void 606void
606MHD_gnutls_certificate_set_rsa_export_params (mhd_gtls_cert_credentials_t 607MHD_gnutls_certificate_set_rsa_export_params (mhd_gtls_cert_credentials_t
607 res, mhd_gtls_rsa_params_t rsa_params) 608 res,
609 mhd_gtls_rsa_params_t
610 rsa_params)
608{ 611{
609 res->rsa_params = rsa_params; 612 res->rsa_params = rsa_params;
610} 613}
@@ -614,7 +617,7 @@ MHD_gnutls_certificate_set_rsa_export_params (mhd_gtls_cert_credentials_t
614 * @res: is a mhd_gtls_anon_server_credentials_t structure 617 * @res: is a mhd_gtls_anon_server_credentials_t structure
615 * @func: is the function to be called 618 * @func: is the function to be called
616 * 619 *
617 * This function will set a callback in order for the server to get the 620 * This function will set a callback in order for the server to get the
618 * diffie hellman or RSA parameters for anonymous authentication. The callback 621 * diffie hellman or RSA parameters for anonymous authentication. The callback
619 * should return zero on success. 622 * should return zero on success.
620 * 623 *
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c
index ad0764f4..3db59b06 100644
--- a/src/daemon/https/tls/gnutls_x509.c
+++ b/src/daemon/https/tls/gnutls_x509.c
@@ -223,8 +223,7 @@ _gnutls_check_key_cert_match (mhd_gtls_cert_credentials_t res)
223 1].params_size, &kid); 223 1].params_size, &kid);
224 224
225 225
226 _gnutls_x509_write_rsa_params (res->cert_list[res->ncerts - 1][0]. 226 _gnutls_x509_write_rsa_params (res->cert_list[res->ncerts - 1][0].params,
227 params,
228 res->cert_list[res->ncerts - 227 res->cert_list[res->ncerts -
229 1][0].params_size, &cid); 228 1][0].params_size, &cid);
230 229
@@ -264,7 +263,7 @@ parse_crt_mem (gnutls_cert ** cert_list, unsigned *ncerts,
264 263
265 *cert_list = 264 *cert_list =
266 (gnutls_cert *) mhd_gtls_realloc_fast (*cert_list, 265 (gnutls_cert *) mhd_gtls_realloc_fast (*cert_list,
267 i * sizeof (gnutls_cert)); 266 i * sizeof (gnutls_cert));
268 267
269 if (*cert_list == NULL) 268 if (*cert_list == NULL)
270 { 269 {
@@ -409,7 +408,7 @@ parse_pkcs7_cert_mem (gnutls_cert ** cert_list, unsigned *ncerts, const
409 { 408 {
410 *cert_list = 409 *cert_list =
411 (gnutls_cert *) mhd_gtls_realloc_fast (*cert_list, 410 (gnutls_cert *) mhd_gtls_realloc_fast (*cert_list,
412 i * sizeof (gnutls_cert)); 411 i * sizeof (gnutls_cert));
413 412
414 if (*cert_list == NULL) 413 if (*cert_list == NULL)
415 { 414 {
@@ -503,7 +502,7 @@ parse_pem_cert_mem (gnutls_cert ** cert_list, unsigned *ncerts,
503 502
504 *cert_list = 503 *cert_list =
505 (gnutls_cert *) mhd_gtls_realloc_fast (*cert_list, 504 (gnutls_cert *) mhd_gtls_realloc_fast (*cert_list,
506 i * sizeof (gnutls_cert)); 505 i * sizeof (gnutls_cert));
507 506
508 if (*cert_list == NULL) 507 if (*cert_list == NULL)
509 { 508 {
@@ -567,9 +566,9 @@ read_cert_mem (mhd_gtls_cert_credentials_t res, const void *cert,
567 /* allocate space for the certificate to add 566 /* allocate space for the certificate to add
568 */ 567 */
569 res->cert_list = mhd_gtls_realloc_fast (res->cert_list, 568 res->cert_list = mhd_gtls_realloc_fast (res->cert_list,
570 (1 + 569 (1 +
571 res->ncerts) * 570 res->ncerts) *
572 sizeof (gnutls_cert *)); 571 sizeof (gnutls_cert *));
573 if (res->cert_list == NULL) 572 if (res->cert_list == NULL)
574 { 573 {
575 gnutls_assert (); 574 gnutls_assert ();
@@ -577,8 +576,9 @@ read_cert_mem (mhd_gtls_cert_credentials_t res, const void *cert,
577 } 576 }
578 577
579 res->cert_list_length = mhd_gtls_realloc_fast (res->cert_list_length, 578 res->cert_list_length = mhd_gtls_realloc_fast (res->cert_list_length,
580 (1 + 579 (1 +
581 res->ncerts) * sizeof (int)); 580 res->ncerts) *
581 sizeof (int));
582 if (res->cert_list_length == NULL) 582 if (res->cert_list_length == NULL)
583 { 583 {
584 gnutls_assert (); 584 gnutls_assert ();
@@ -712,7 +712,7 @@ read_key_mem (mhd_gtls_cert_credentials_t res,
712 */ 712 */
713 res->pkey = 713 res->pkey =
714 mhd_gtls_realloc_fast (res->pkey, 714 mhd_gtls_realloc_fast (res->pkey,
715 (res->ncerts + 1) * sizeof (gnutls_privkey)); 715 (res->ncerts + 1) * sizeof (gnutls_privkey));
716 if (res->pkey == NULL) 716 if (res->pkey == NULL)
717 { 717 {
718 gnutls_assert (); 718 gnutls_assert ();
@@ -819,9 +819,9 @@ read_key_file (mhd_gtls_cert_credentials_t res,
819 **/ 819 **/
820int 820int
821MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t 821MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t
822 res, const gnutls_datum_t * cert, 822 res, const gnutls_datum_t * cert,
823 const gnutls_datum_t * key, 823 const gnutls_datum_t * key,
824 gnutls_x509_crt_fmt_t type) 824 gnutls_x509_crt_fmt_t type)
825{ 825{
826 int ret; 826 int ret;
827 827
@@ -865,9 +865,9 @@ MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t
865 **/ 865 **/
866int 866int
867MHD_gnutls_certificate_set_x509_key_file (mhd_gtls_cert_credentials_t 867MHD_gnutls_certificate_set_x509_key_file (mhd_gtls_cert_credentials_t
868 res, const char *CERTFILE, 868 res, const char *CERTFILE,
869 const char *KEYFILE, 869 const char *KEYFILE,
870 gnutls_x509_crt_fmt_t type) 870 gnutls_x509_crt_fmt_t type)
871{ 871{
872 int ret; 872 int ret;
873 873
@@ -955,7 +955,8 @@ generate_rdn_seq (mhd_gtls_cert_credentials_t res)
955 * certificate (uses the KeyUsage field). 955 * certificate (uses the KeyUsage field).
956 */ 956 */
957int 957int
958_gnutls_check_key_usage (const gnutls_cert * cert, enum MHD_GNUTLS_KeyExchangeAlgorithm alg) 958_gnutls_check_key_usage (const gnutls_cert * cert,
959 enum MHD_GNUTLS_KeyExchangeAlgorithm alg)
959{ 960{
960 unsigned int key_usage = 0; 961 unsigned int key_usage = 0;
961 int encipher_type; 962 int encipher_type;
@@ -1041,9 +1042,9 @@ parse_pem_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
1041 1042
1042 *cert_list = 1043 *cert_list =
1043 (gnutls_x509_crt_t *) mhd_gtls_realloc_fast (*cert_list, 1044 (gnutls_x509_crt_t *) mhd_gtls_realloc_fast (*cert_list,
1044 i * 1045 i *
1045 sizeof 1046 sizeof
1046 (gnutls_x509_crt_t)); 1047 (gnutls_x509_crt_t));
1047 1048
1048 if (*cert_list == NULL) 1049 if (*cert_list == NULL)
1049 { 1050 {
@@ -1119,8 +1120,8 @@ parse_der_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
1119 1120
1120 *cert_list = 1121 *cert_list =
1121 (gnutls_x509_crt_t *) mhd_gtls_realloc_fast (*cert_list, 1122 (gnutls_x509_crt_t *) mhd_gtls_realloc_fast (*cert_list,
1122 i * 1123 i *
1123 sizeof (gnutls_x509_crt_t)); 1124 sizeof (gnutls_x509_crt_t));
1124 1125
1125 if (*cert_list == NULL) 1126 if (*cert_list == NULL)
1126 { 1127 {
@@ -1172,8 +1173,8 @@ parse_der_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
1172 **/ 1173 **/
1173int 1174int
1174MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t 1175MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t
1175 res, const gnutls_datum_t * ca, 1176 res, const gnutls_datum_t * ca,
1176 gnutls_x509_crt_fmt_t type) 1177 gnutls_x509_crt_fmt_t type)
1177{ 1178{
1178 int ret, ret2; 1179 int ret, ret2;
1179 1180
@@ -1211,8 +1212,8 @@ MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t
1211 **/ 1212 **/
1212int 1213int
1213MHD_gnutls_certificate_set_x509_trust_file (mhd_gtls_cert_credentials_t 1214MHD_gnutls_certificate_set_x509_trust_file (mhd_gtls_cert_credentials_t
1214 res, const char *cafile, 1215 res, const char *cafile,
1215 gnutls_x509_crt_fmt_t type) 1216 gnutls_x509_crt_fmt_t type)
1216{ 1217{
1217 int ret, ret2; 1218 int ret, ret2;
1218 size_t size; 1219 size_t size;
@@ -1274,9 +1275,9 @@ parse_pem_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls,
1274 1275
1275 *crl_list = 1276 *crl_list =
1276 (gnutls_x509_crl_t *) mhd_gtls_realloc_fast (*crl_list, 1277 (gnutls_x509_crl_t *) mhd_gtls_realloc_fast (*crl_list,
1277 i * 1278 i *
1278 sizeof 1279 sizeof
1279 (gnutls_x509_crl_t)); 1280 (gnutls_x509_crl_t));
1280 1281
1281 if (*crl_list == NULL) 1282 if (*crl_list == NULL)
1282 { 1283 {
@@ -1342,8 +1343,8 @@ parse_der_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls,
1342 1343
1343 *crl_list = 1344 *crl_list =
1344 (gnutls_x509_crl_t *) mhd_gtls_realloc_fast (*crl_list, 1345 (gnutls_x509_crl_t *) mhd_gtls_realloc_fast (*crl_list,
1345 i * 1346 i *
1346 sizeof (gnutls_x509_crl_t)); 1347 sizeof (gnutls_x509_crl_t));
1347 1348
1348 if (*crl_list == NULL) 1349 if (*crl_list == NULL)
1349 { 1350 {
@@ -1386,9 +1387,9 @@ read_crl_mem (mhd_gtls_cert_credentials_t res, const void *crl,
1386 /* allocate space for the certificate to add 1387 /* allocate space for the certificate to add
1387 */ 1388 */
1388 res->x509_crl_list = mhd_gtls_realloc_fast (res->x509_crl_list, 1389 res->x509_crl_list = mhd_gtls_realloc_fast (res->x509_crl_list,
1389 (1 + 1390 (1 +
1390 res->x509_ncrls) * 1391 res->x509_ncrls) *
1391 sizeof (gnutls_x509_crl_t)); 1392 sizeof (gnutls_x509_crl_t));
1392 if (res->x509_crl_list == NULL) 1393 if (res->x509_crl_list == NULL)
1393 { 1394 {
1394 gnutls_assert (); 1395 gnutls_assert ();
@@ -1427,8 +1428,8 @@ read_crl_mem (mhd_gtls_cert_credentials_t res, const void *crl,
1427 **/ 1428 **/
1428int 1429int
1429MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t 1430MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t
1430 res, const gnutls_datum_t * CRL, 1431 res, const gnutls_datum_t * CRL,
1431 gnutls_x509_crt_fmt_t type) 1432 gnutls_x509_crt_fmt_t type)
1432{ 1433{
1433 int ret; 1434 int ret;
1434 1435
@@ -1454,8 +1455,8 @@ MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t
1454 **/ 1455 **/
1455int 1456int
1456MHD_gnutls_certificate_set_x509_crl_file (mhd_gtls_cert_credentials_t 1457MHD_gnutls_certificate_set_x509_crl_file (mhd_gtls_cert_credentials_t
1457 res, const char *crlfile, 1458 res, const char *crlfile,
1458 gnutls_x509_crt_fmt_t type) 1459 gnutls_x509_crt_fmt_t type)
1459{ 1460{
1460 int ret; 1461 int ret;
1461 size_t size; 1462 size_t size;
diff --git a/src/daemon/https/tls/gnutls_x509.h b/src/daemon/https/tls/gnutls_x509.h
index 58af5ea5..d252051a 100644
--- a/src/daemon/https/tls/gnutls_x509.h
+++ b/src/daemon/https/tls/gnutls_x509.h
@@ -25,7 +25,7 @@
25#include <libtasn1.h> 25#include <libtasn1.h>
26 26
27int _gnutls_x509_cert_verify_peers (mhd_gtls_session_t session, 27int _gnutls_x509_cert_verify_peers (mhd_gtls_session_t session,
28 unsigned int *status); 28 unsigned int *status);
29 29
30#define PEM_CERT_SEP2 "-----BEGIN X509 CERTIFICATE" 30#define PEM_CERT_SEP2 "-----BEGIN X509 CERTIFICATE"
31#define PEM_CERT_SEP "-----BEGIN CERTIFICATE" 31#define PEM_CERT_SEP "-----BEGIN CERTIFICATE"
@@ -37,13 +37,13 @@ int _gnutls_x509_cert_verify_peers (mhd_gtls_session_t session,
37#define PEM_KEY_DSA_SEP "-----BEGIN DSA" 37#define PEM_KEY_DSA_SEP "-----BEGIN DSA"
38 38
39int _gnutls_check_key_usage (const gnutls_cert * cert, 39int _gnutls_check_key_usage (const gnutls_cert * cert,
40 enum MHD_GNUTLS_KeyExchangeAlgorithm alg); 40 enum MHD_GNUTLS_KeyExchangeAlgorithm alg);
41 41
42int _gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params); 42int _gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params);
43int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, mpi_t * params); 43int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, mpi_t * params);
44 44
45int _gnutls_x509_raw_privkey_to_gkey (gnutls_privkey * privkey, 45int _gnutls_x509_raw_privkey_to_gkey (gnutls_privkey * privkey,
46 const gnutls_datum_t * raw_key, 46 const gnutls_datum_t * raw_key,
47 gnutls_x509_crt_fmt_t type); 47 gnutls_x509_crt_fmt_t type);
48int _gnutls_x509_privkey_to_gkey (gnutls_privkey * privkey, 48int _gnutls_x509_privkey_to_gkey (gnutls_privkey * privkey,
49 gnutls_x509_privkey_t); 49 gnutls_x509_privkey_t);
diff --git a/src/daemon/https/tls/io_debug.h b/src/daemon/https/tls/io_debug.h
index 53d9c371..cd39d60c 100644
--- a/src/daemon/https/tls/io_debug.h
+++ b/src/daemon/https/tls/io_debug.h
@@ -33,7 +33,7 @@
33 33
34#include <gnutls_int.h> 34#include <gnutls_int.h>
35 35
36#define EDUNNO EAGAIN /* EAGAIN */ 36#define EDUNNO EAGAIN /* EAGAIN */
37 37
38extern int errno; 38extern int errno;
39static int initialized_rand = 0; 39static int initialized_rand = 0;
diff --git a/src/daemon/https/tls/x509_b64.c b/src/daemon/https/tls/x509_b64.c
index 5bb2b4a5..d4100bc9 100644
--- a/src/daemon/https/tls/x509_b64.c
+++ b/src/daemon/https/tls/x509_b64.c
@@ -293,17 +293,17 @@ _gnutls_fbase64_encode (const char *msg, const uint8_t * data,
293 * @result: the place where base64 data will be copied 293 * @result: the place where base64 data will be copied
294 * @result_size: holds the size of the result 294 * @result_size: holds the size of the result
295 * 295 *
296 * This function will convert the given data to printable data, using the base64 296 * This function will convert the given data to printable data, using the base64
297 * encoding. This is the encoding used in PEM messages. If the provided 297 * encoding. This is the encoding used in PEM messages. If the provided
298 * buffer is not long enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned. 298 * buffer is not long enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned.
299 * 299 *
300 * The output string will be null terminated, although the size will not include 300 * The output string will be null terminated, although the size will not include
301 * the terminating null. 301 * the terminating null.
302 * 302 *
303 **/ 303 **/
304int 304int
305MHD_gtls_pem_base64_encode (const char *msg, const gnutls_datum_t * data, 305MHD_gtls_pem_base64_encode (const char *msg, const gnutls_datum_t * data,
306 char *result, size_t * result_size) 306 char *result, size_t * result_size)
307{ 307{
308 opaque *ret; 308 opaque *ret;
309 int size; 309 int size;
@@ -334,17 +334,17 @@ MHD_gtls_pem_base64_encode (const char *msg, const gnutls_datum_t * data,
334 * @data: contains the raw data 334 * @data: contains the raw data
335 * @result: will hold the newly allocated encoded data 335 * @result: will hold the newly allocated encoded data
336 * 336 *
337 * This function will convert the given data to printable data, using the base64 337 * This function will convert the given data to printable data, using the base64
338 * encoding. This is the encoding used in PEM messages. This function will 338 * encoding. This is the encoding used in PEM messages. This function will
339 * allocate the required memory to hold the encoded data. 339 * allocate the required memory to hold the encoded data.
340 * 340 *
341 * You should use gnutls_free() to free the returned data. 341 * You should use gnutls_free() to free the returned data.
342 * 342 *
343 **/ 343 **/
344int 344int
345MHD_gtls_pem_base64_encode_alloc (const char *msg, 345MHD_gtls_pem_base64_encode_alloc (const char *msg,
346 const gnutls_datum_t * data, 346 const gnutls_datum_t * data,
347 gnutls_datum_t * result) 347 gnutls_datum_t * result)
348{ 348{
349 opaque *ret; 349 opaque *ret;
350 int size; 350 int size;
@@ -483,7 +483,7 @@ _gnutls_fbase64_decode (const char *header, const opaque * data,
483 return GNUTLS_E_BASE64_DECODING_ERROR; 483 return GNUTLS_E_BASE64_DECODING_ERROR;
484 } 484 }
485 485
486 /* position of kdata is before the ----END--- footer 486 /* position of kdata is before the ----END--- footer
487 */ 487 */
488 rdata_size = (unsigned long int) kdata - (unsigned long int) rdata; 488 rdata_size = (unsigned long int) kdata - (unsigned long int) rdata;
489 489
@@ -535,8 +535,8 @@ _gnutls_fbase64_decode (const char *header, const opaque * data,
535 **/ 535 **/
536int 536int
537MHD_gtls_pem_base64_decode (const char *header, 537MHD_gtls_pem_base64_decode (const char *header,
538 const gnutls_datum_t * b64_data, 538 const gnutls_datum_t * b64_data,
539 unsigned char *result, size_t * result_size) 539 unsigned char *result, size_t * result_size)
540{ 540{
541 opaque *ret; 541 opaque *ret;
542 int size; 542 int size;
@@ -570,8 +570,8 @@ MHD_gtls_pem_base64_decode (const char *header,
570 * 570 *
571 * This function will decode the given encoded data. The decoded data 571 * This function will decode the given encoded data. The decoded data
572 * will be allocated, and stored into result. 572 * will be allocated, and stored into result.
573 * If the header given is non null this function will search for 573 * If the header given is non null this function will search for
574 * "-----BEGIN header" and decode only this part. Otherwise it will decode the 574 * "-----BEGIN header" and decode only this part. Otherwise it will decode the
575 * first PEM packet found. 575 * first PEM packet found.
576 * 576 *
577 * You should use gnutls_free() to free the returned data. 577 * You should use gnutls_free() to free the returned data.
@@ -579,8 +579,8 @@ MHD_gtls_pem_base64_decode (const char *header,
579 **/ 579 **/
580int 580int
581MHD_gtls_pem_base64_decode_alloc (const char *header, 581MHD_gtls_pem_base64_decode_alloc (const char *header,
582 const gnutls_datum_t * b64_data, 582 const gnutls_datum_t * b64_data,
583 gnutls_datum_t * result) 583 gnutls_datum_t * result)
584{ 584{
585 opaque *ret; 585 opaque *ret;
586 int size; 586 int size;
diff --git a/src/daemon/https/tls/x509_b64.h b/src/daemon/https/tls/x509_b64.h
index 539bec42..d079ebc6 100644
--- a/src/daemon/https/tls/x509_b64.h
+++ b/src/daemon/https/tls/x509_b64.h
@@ -23,13 +23,13 @@
23 */ 23 */
24 24
25int _gnutls_base64_encode (const uint8_t * data, size_t data_size, 25int _gnutls_base64_encode (const uint8_t * data, size_t data_size,
26 uint8_t ** result); 26 uint8_t ** result);
27int _gnutls_fbase64_encode (const char *msg, const uint8_t * data, 27int _gnutls_fbase64_encode (const char *msg, const uint8_t * data,
28 int data_size, uint8_t ** result); 28 int data_size, uint8_t ** result);
29int _gnutls_base64_decode (const uint8_t * data, size_t data_size, 29int _gnutls_base64_decode (const uint8_t * data, size_t data_size,
30 uint8_t ** result); 30 uint8_t ** result);
31int _gnutls_fbase64_decode (const char *header, const uint8_t * data, 31int _gnutls_fbase64_decode (const char *header, const uint8_t * data,
32 size_t data_size, uint8_t ** result); 32 size_t data_size, uint8_t ** result);
33 33
34#define B64SIZE( data_size) ((data_size%3==0)?((data_size*4)/3):(4+((data_size/3)*4))) 34#define B64SIZE( data_size) ((data_size%3==0)?((data_size*4)/3):(4+((data_size/3)*4)))
35 35
diff --git a/src/daemon/https/x509/common.c b/src/daemon/https/x509/common.c
index e8c21fe9..53ae4be8 100644
--- a/src/daemon/https/x509/common.c
+++ b/src/daemon/https/x509/common.c
@@ -440,7 +440,7 @@ _gnutls_x509_data2hex (const opaque * data,
440 return 0; 440 return 0;
441} 441}
442 442
443/* TIME functions 443/* TIME functions
444 * Convertions between generalized or UTC time to time_t 444 * Convertions between generalized or UTC time to time_t
445 * 445 *
446 */ 446 */
@@ -463,7 +463,7 @@ typedef struct fake_tm
463 * who placed it under public domain: 463 * who placed it under public domain:
464 */ 464 */
465 465
466/* The number of days in each month. 466/* The number of days in each month.
467 */ 467 */
468static const int MONTHDAYS[] = { 31, 468static const int MONTHDAYS[] = { 31,
469 28, 469 28,
@@ -498,12 +498,12 @@ mktime_utc (const struct fake_tm *tm)
498 /* We do allow some ill-formed dates, but we don't do anything special 498 /* We do allow some ill-formed dates, but we don't do anything special
499 * with them and our callers really shouldn't pass them to us. Do 499 * with them and our callers really shouldn't pass them to us. Do
500 * explicitly disallow the ones that would cause invalid array accesses 500 * explicitly disallow the ones that would cause invalid array accesses
501 * or other algorithm problems. 501 * or other algorithm problems.
502 */ 502 */
503 if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970) 503 if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970)
504 return (time_t) - 1; 504 return (time_t) - 1;
505 505
506 /* Convert to a time_t. 506 /* Convert to a time_t.
507 */ 507 */
508 for (i = 1970; i < tm->tm_year; i++) 508 for (i = 1970; i < tm->tm_year; i++)
509 result += 365 + ISLEAP (i); 509 result += 365 + ISLEAP (i);
@@ -1319,7 +1319,7 @@ _gnutls_x509_get_pk_algorithm (ASN1_TYPE src,
1319 return algo; 1319 return algo;
1320 } 1320 }
1321 1321
1322 /* Now read the parameters' bits 1322 /* Now read the parameters' bits
1323 */ 1323 */
1324 mhd_gtls_str_cpy (name, sizeof (name), src_name); 1324 mhd_gtls_str_cpy (name, sizeof (name), src_name);
1325 mhd_gtls_str_cat (name, sizeof (name), ".subjectPublicKey"); 1325 mhd_gtls_str_cat (name, sizeof (name), ".subjectPublicKey");
@@ -1442,7 +1442,7 @@ _gnutls_x509_get_signature (ASN1_TYPE src,
1442 signature->data = NULL; 1442 signature->data = NULL;
1443 signature->size = 0; 1443 signature->size = 0;
1444 1444
1445 /* Read the signature 1445 /* Read the signature
1446 */ 1446 */
1447 bits = 0; 1447 bits = 0;
1448 result = asn1_read_value (src, src_name, NULL, &bits); 1448 result = asn1_read_value (src, src_name, NULL, &bits);
diff --git a/src/daemon/https/x509/common.h b/src/daemon/https/x509/common.h
index 01b1bf30..0e91c96d 100644
--- a/src/daemon/https/x509/common.h
+++ b/src/daemon/https/x509/common.h
@@ -63,13 +63,13 @@ time_t _gnutls_x509_generalTime2gtime (const char *ttime);
63int _gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim); 63int _gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim);
64 64
65int _gnutls_x509_decode_octet_string (const char *string_type, 65int _gnutls_x509_decode_octet_string (const char *string_type,
66 const opaque * der, size_t der_size, 66 const opaque * der, size_t der_size,
67 opaque * output, size_t * output_size); 67 opaque * output, size_t * output_size);
68int _gnutls_x509_oid_data2string (const char *OID, void *value, 68int _gnutls_x509_oid_data2string (const char *OID, void *value,
69 int value_size, char *res, 69 int value_size, char *res,
70 size_t * res_size); 70 size_t * res_size);
71int _gnutls_x509_data2hex (const opaque * data, size_t data_size, 71int _gnutls_x509_data2hex (const opaque * data, size_t data_size,
72 opaque * out, size_t * sizeof_out); 72 opaque * out, size_t * sizeof_out);
73 73
74const char *_gnutls_x509_oid2ldap_string (const char *OID); 74const char *_gnutls_x509_oid2ldap_string (const char *OID);
75 75
@@ -81,46 +81,47 @@ time_t _gnutls_x509_get_time (ASN1_TYPE c2, const char *when);
81gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type (char *str_type); 81gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type (char *str_type);
82 82
83int _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name, 83int _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name,
84 ASN1_TYPE dest, const char *dest_name, 84 ASN1_TYPE dest, const char *dest_name,
85 int str); 85 int str);
86int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, 86int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name,
87 gnutls_datum_t * res, int str); 87 gnutls_datum_t * res, int str);
88 88
89int _gnutls_x509_export_int (ASN1_TYPE asn1_data, 89int _gnutls_x509_export_int (ASN1_TYPE asn1_data,
90 gnutls_x509_crt_fmt_t format, char *pem_header, 90 gnutls_x509_crt_fmt_t format, char *pem_header,
91 unsigned char *output_data, 91 unsigned char *output_data,
92 size_t * output_data_size); 92 size_t * output_data_size);
93 93
94int _gnutls_x509_read_value (ASN1_TYPE c, const char *root, 94int _gnutls_x509_read_value (ASN1_TYPE c, const char *root,
95 gnutls_datum_t * ret, int str); 95 gnutls_datum_t * ret, int str);
96int _gnutls_x509_write_value (ASN1_TYPE c, const char *root, 96int _gnutls_x509_write_value (ASN1_TYPE c, const char *root,
97 const gnutls_datum_t * data, int str); 97 const gnutls_datum_t * data, int str);
98 98
99int _gnutls_x509_encode_and_write_attribute (const char *given_oid, 99int _gnutls_x509_encode_and_write_attribute (const char *given_oid,
100 ASN1_TYPE asn1_struct, 100 ASN1_TYPE asn1_struct,
101 const char *where, 101 const char *where,
102 const void *data, 102 const void *data,
103 int sizeof_data, int multi); 103 int sizeof_data, int multi);
104int _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, 104int _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct,
105 const char *where, char *oid, 105 const char *where, char *oid,
106 int oid_size, 106 int oid_size,
107 gnutls_datum_t * value, int multi, 107 gnutls_datum_t * value, int multi,
108 int octet); 108 int octet);
109 109
110int _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, 110int _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name,
111 unsigned int *bits); 111 unsigned int *bits);
112 112
113int _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, 113int _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
114 const char *dst_name, 114 const char *dst_name,
115 enum MHD_GNUTLS_PublicKeyAlgorithm 115 enum
116 pk_algorithm, mpi_t * params, 116 MHD_GNUTLS_PublicKeyAlgorithm
117 int params_size); 117 pk_algorithm, mpi_t * params,
118 int params_size);
118int _gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name, 119int _gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name,
119 ASN1_TYPE src, const char *src_name); 120 ASN1_TYPE src, const char *src_name);
120 121
121int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name, 122int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name,
122 gnutls_datum_t * signed_data); 123 gnutls_datum_t * signed_data);
123int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name, 124int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name,
124 gnutls_datum_t * signature); 125 gnutls_datum_t * signature);
125 126
126#endif 127#endif
diff --git a/src/daemon/https/x509/crl.c b/src/daemon/https/x509/crl.c
index 98eb4806..9ad49c67 100644
--- a/src/daemon/https/x509/crl.c
+++ b/src/daemon/https/x509/crl.c
@@ -73,7 +73,7 @@ gnutls_x509_crl_init (gnutls_x509_crl_t * crl)
73 * gnutls_x509_crl_deinit - This function deinitializes memory used by a gnutls_x509_crl_t structure 73 * gnutls_x509_crl_deinit - This function deinitializes memory used by a gnutls_x509_crl_t structure
74 * @crl: The structure to be initialized 74 * @crl: The structure to be initialized
75 * 75 *
76 * This function will deinitialize a CRL structure. 76 * This function will deinitialize a CRL structure.
77 * 77 *
78 **/ 78 **/
79void 79void
@@ -168,7 +168,7 @@ cleanup:
168 * @buf: a pointer to a structure to hold the peer's name (may be null) 168 * @buf: a pointer to a structure to hold the peer's name (may be null)
169 * @sizeof_buf: initially holds the size of @buf 169 * @sizeof_buf: initially holds the size of @buf
170 * 170 *
171 * This function will copy the name of the CRL issuer in the provided buffer. The name 171 * This function will copy the name of the CRL issuer in the provided buffer. The name
172 * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output 172 * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output
173 * string will be ASCII or UTF-8 encoded, depending on the certificate data. 173 * string will be ASCII or UTF-8 encoded, depending on the certificate data.
174 * 174 *
@@ -208,7 +208,7 @@ gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, char *buf,
208 * string will be ASCII or UTF-8 encoded, depending on the certificate data. 208 * string will be ASCII or UTF-8 encoded, depending on the certificate data.
209 * 209 *
210 * Some helper macros with popular OIDs can be found in gnutls/x509.h 210 * Some helper macros with popular OIDs can be found in gnutls/x509.h
211 * If raw flag is zero, this function will only return known OIDs as text. Other OIDs 211 * If raw flag is zero, this function will only return known OIDs as text. Other OIDs
212 * will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix. 212 * will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix.
213 * You can check about known OIDs using gnutls_x509_dn_oid_known(). 213 * You can check about known OIDs using gnutls_x509_dn_oid_known().
214 * 214 *
@@ -244,7 +244,7 @@ gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,
244 * @sizeof_oid: initially holds the size of 'oid' 244 * @sizeof_oid: initially holds the size of 'oid'
245 * 245 *
246 * This function will extract the requested OID of the name of the CRL issuer, specified 246 * This function will extract the requested OID of the name of the CRL issuer, specified
247 * by the given index. 247 * by the given index.
248 * 248 *
249 * If oid is null then only the size will be filled. 249 * If oid is null then only the size will be filled.
250 * 250 *
@@ -273,8 +273,8 @@ gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl,
273 * gnutls_x509_crl_get_signature_algorithm - This function returns the CRL's signature algorithm 273 * gnutls_x509_crl_get_signature_algorithm - This function returns the CRL's signature algorithm
274 * @crl: should contain a gnutls_x509_crl_t structure 274 * @crl: should contain a gnutls_x509_crl_t structure
275 * 275 *
276 * This function will return a value of the gnutls_sign_algorithm_t enumeration that 276 * This function will return a value of the gnutls_sign_algorithm_t enumeration that
277 * is the signature algorithm. 277 * is the signature algorithm.
278 * 278 *
279 * Returns a negative value on error. 279 * Returns a negative value on error.
280 * 280 *
@@ -651,7 +651,7 @@ gnutls_x509_crl_export (gnutls_x509_crl_t crl,
651 * @dest: The structure where to copy 651 * @dest: The structure where to copy
652 * @src: The structure to be copied 652 * @src: The structure to be copied
653 * 653 *
654 * This function will copy an X.509 certificate structure. 654 * This function will copy an X.509 certificate structure.
655 * 655 *
656 * Returns 0 on success. 656 * Returns 0 on success.
657 * 657 *
diff --git a/src/daemon/https/x509/crl_write.c b/src/daemon/https/x509/crl_write.c
index 7b651695..5e323be2 100644
--- a/src/daemon/https/x509/crl_write.c
+++ b/src/daemon/https/x509/crl_write.c
@@ -197,7 +197,7 @@ gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time)
197 * @serial_size: Holds the size of the serial field. 197 * @serial_size: Holds the size of the serial field.
198 * @revocation_time: The time this certificate was revoked 198 * @revocation_time: The time this certificate was revoked
199 * 199 *
200 * This function will set a revoked certificate's serial number to the CRL. 200 * This function will set a revoked certificate's serial number to the CRL.
201 * 201 *
202 * Returns 0 on success, or a negative value in case of an error. 202 * Returns 0 on success, or a negative value in case of an error.
203 * 203 *
@@ -262,7 +262,7 @@ gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
262 * @crt: should contain a gnutls_x509_crt_t structure with the revoked certificate 262 * @crt: should contain a gnutls_x509_crt_t structure with the revoked certificate
263 * @revocation_time: The time this certificate was revoked 263 * @revocation_time: The time this certificate was revoked
264 * 264 *
265 * This function will set a revoked certificate's serial number to the CRL. 265 * This function will set a revoked certificate's serial number to the CRL.
266 * 266 *
267 * Returns 0 on success, or a negative value in case of an error. 267 * Returns 0 on success, or a negative value in case of an error.
268 * 268 *
diff --git a/src/daemon/https/x509/crq.c b/src/daemon/https/x509/crq.c
index 3868a455..68b0477a 100644
--- a/src/daemon/https/x509/crq.c
+++ b/src/daemon/https/x509/crq.c
@@ -46,7 +46,7 @@
46 * gnutls_x509_crq_init - This function initializes a gnutls_x509_crq_t structure 46 * gnutls_x509_crq_init - This function initializes a gnutls_x509_crq_t structure
47 * @crq: The structure to be initialized 47 * @crq: The structure to be initialized
48 * 48 *
49 * This function will initialize a PKCS10 certificate request structure. 49 * This function will initialize a PKCS10 certificate request structure.
50 * 50 *
51 * Returns 0 on success. 51 * Returns 0 on success.
52 * 52 *
@@ -76,7 +76,7 @@ gnutls_x509_crq_init (gnutls_x509_crq_t * crq)
76 * gnutls_x509_crq_deinit - This function deinitializes memory used by a gnutls_x509_crq_t structure 76 * gnutls_x509_crq_deinit - This function deinitializes memory used by a gnutls_x509_crq_t structure
77 * @crq: The structure to be initialized 77 * @crq: The structure to be initialized
78 * 78 *
79 * This function will deinitialize a CRL structure. 79 * This function will deinitialize a CRL structure.
80 * 80 *
81 **/ 81 **/
82void 82void
@@ -336,7 +336,7 @@ parse_attribute (ASN1_TYPE asn1_struct,
336 336
337 /* Move to the attibute type and values 337 /* Move to the attibute type and values
338 */ 338 */
339 /* Read the OID 339 /* Read the OID
340 */ 340 */
341 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer1); 341 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer1);
342 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); 342 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
@@ -356,7 +356,7 @@ parse_attribute (ASN1_TYPE asn1_struct,
356 if (strcmp (oid, given_oid) == 0) 356 if (strcmp (oid, given_oid) == 0)
357 { /* Found the OID */ 357 { /* Found the OID */
358 358
359 /* Read the Value 359 /* Read the Value
360 */ 360 */
361 snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u", 361 snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u",
362 tmpbuffer1, indx + 1); 362 tmpbuffer1, indx + 1);
@@ -421,7 +421,7 @@ cleanup:
421} 421}
422 422
423/** 423/**
424 * gnutls_x509_crq_get_challenge_password - This function will get the challenge password 424 * gnutls_x509_crq_get_challenge_password - This function will get the challenge password
425 * @crq: should contain a gnutls_x509_crq_t structure 425 * @crq: should contain a gnutls_x509_crq_t structure
426 * @pass: will hold a null terminated password 426 * @pass: will hold a null terminated password
427 * @sizeof_pass: Initially holds the size of @pass. 427 * @sizeof_pass: Initially holds the size of @pass.
@@ -499,7 +499,7 @@ gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,
499} 499}
500 500
501/** 501/**
502 * gnutls_x509_crq_get_attribute_by_oid - This function will get an attribute of the request 502 * gnutls_x509_crq_get_attribute_by_oid - This function will get an attribute of the request
503 * @crq: should contain a gnutls_x509_crq_t structure 503 * @crq: should contain a gnutls_x509_crq_t structure
504 * @oid: holds an Object Identified in null terminated string 504 * @oid: holds an Object Identified in null terminated string
505 * @indx: In case multiple same OIDs exist in the attribute list, this specifies 505 * @indx: In case multiple same OIDs exist in the attribute list, this specifies
@@ -674,7 +674,7 @@ gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
674} 674}
675 675
676/** 676/**
677 * gnutls_x509_crq_set_challenge_password - This function will set a challenge password 677 * gnutls_x509_crq_set_challenge_password - This function will set a challenge password
678 * @crq: should contain a gnutls_x509_crq_t structure 678 * @crq: should contain a gnutls_x509_crq_t structure
679 * @pass: holds a null terminated password 679 * @pass: holds a null terminated password
680 * 680 *
@@ -849,11 +849,11 @@ gnutls_x509_crq_export (gnutls_x509_crq_t crq,
849 * @crq: should contain a gnutls_x509_crq_t structure 849 * @crq: should contain a gnutls_x509_crq_t structure
850 * @bits: if bits is non null it will hold the size of the parameters' in bits 850 * @bits: if bits is non null it will hold the size of the parameters' in bits
851 * 851 *
852 * This function will return the public key algorithm of a PKCS \#10 852 * This function will return the public key algorithm of a PKCS \#10
853 * certificate request. 853 * certificate request.
854 * 854 *
855 * If bits is non null, it should have enough size to hold the parameters 855 * If bits is non null, it should have enough size to hold the parameters
856 * size in bits. For RSA the bits returned is the modulus. 856 * size in bits. For RSA the bits returned is the modulus.
857 * For DSA the bits returned are of the public 857 * For DSA the bits returned are of the public
858 * exponent. 858 * exponent.
859 * 859 *
diff --git a/src/daemon/https/x509/dn.c b/src/daemon/https/x509/dn.c
index 784ac4a7..27c53084 100644
--- a/src/daemon/https/x509/dn.c
+++ b/src/daemon/https/x509/dn.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39/* Converts the given OID to an ldap acceptable string or 39/* Converts the given OID to an ldap acceptable string or
40 * a dotted OID. 40 * a dotted OID.
41 */ 41 */
42static const char * 42static const char *
43oid2ldap_string (const char *oid) 43oid2ldap_string (const char *oid)
@@ -173,7 +173,7 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
173 goto cleanup; 173 goto cleanup;
174 } 174 }
175 175
176 /* Read the OID 176 /* Read the OID
177 */ 177 */
178 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); 178 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
179 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); 179 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
@@ -190,7 +190,7 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
190 goto cleanup; 190 goto cleanup;
191 } 191 }
192 192
193 /* Read the Value 193 /* Read the Value
194 */ 194 */
195 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); 195 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
196 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); 196 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
@@ -280,7 +280,8 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
280 gnutls_assert (); 280 gnutls_assert ();
281 _gnutls_x509_log 281 _gnutls_x509_log
282 ("Found OID: '%s' with value '%s'\n", 282 ("Found OID: '%s' with value '%s'\n",
283 oid, mhd_gtls_bin2hex (value2, len, escaped, sizeof_escaped)); 283 oid, mhd_gtls_bin2hex (value2, len, escaped,
284 sizeof_escaped));
284 goto cleanup; 285 goto cleanup;
285 } 286 }
286 STR_APPEND (str_escape (string, escaped, sizeof_escaped)); 287 STR_APPEND (str_escape (string, escaped, sizeof_escaped));
@@ -416,7 +417,7 @@ _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
416 goto cleanup; 417 goto cleanup;
417 } 418 }
418 419
419 /* Read the OID 420 /* Read the OID
420 */ 421 */
421 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); 422 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
422 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); 423 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
@@ -436,7 +437,7 @@ _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
436 if (strcmp (oid, given_oid) == 0 && indx == i++) 437 if (strcmp (oid, given_oid) == 0 && indx == i++)
437 { /* Found the OID */ 438 { /* Found the OID */
438 439
439 /* Read the Value 440 /* Read the Value
440 */ 441 */
441 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); 442 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
442 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); 443 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
@@ -585,7 +586,7 @@ _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
585 goto cleanup; 586 goto cleanup;
586 } 587 }
587 588
588 /* Read the OID 589 /* Read the OID
589 */ 590 */
590 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); 591 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
591 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); 592 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
@@ -722,7 +723,7 @@ _gnutls_x509_encode_and_write_attribute (const char *given_oid,
722 723
723 if (multi != 0) 724 if (multi != 0)
724 { /* if not writing an AttributeTypeAndValue, but an Attribute */ 725 { /* if not writing an AttributeTypeAndValue, but an Attribute */
725 mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */ 726 mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */
726 727
727 result = asn1_write_value (asn1_struct, tmp, "NEW", 1); 728 result = asn1_write_value (asn1_struct, tmp, "NEW", 1);
728 if (result != ASN1_SUCCESS) 729 if (result != ASN1_SUCCESS)
@@ -777,7 +778,7 @@ _gnutls_x509_write_attribute (const char *given_oid,
777 778
778 if (multi != 0) 779 if (multi != 0)
779 { /* if not writing an AttributeTypeAndValue, but an Attribute */ 780 { /* if not writing an AttributeTypeAndValue, but an Attribute */
780 mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */ 781 mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */
781 782
782 result = asn1_write_value (asn1_struct, tmp, "NEW", 1); 783 result = asn1_write_value (asn1_struct, tmp, "NEW", 1);
783 if (result != ASN1_SUCCESS) 784 if (result != ASN1_SUCCESS)
@@ -830,7 +831,7 @@ _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct,
830 char tmpbuffer[128]; 831 char tmpbuffer[128];
831 int len, result; 832 int len, result;
832 833
833 /* Read the OID 834 /* Read the OID
834 */ 835 */
835 mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where); 836 mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where);
836 mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".type"); 837 mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".type");
@@ -845,14 +846,14 @@ _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct,
845 return result; 846 return result;
846 } 847 }
847 848
848 /* Read the Value 849 /* Read the Value
849 */ 850 */
850 851
851 mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where); 852 mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where);
852 mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value"); 853 mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value");
853 854
854 if (multi) 855 if (multi)
855 mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */ 856 mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */
856 857
857 result = 858 result =
858 _gnutls_x509_read_value (asn1_struct, tmpbuffer, value, octet_string); 859 _gnutls_x509_read_value (asn1_struct, tmpbuffer, value, octet_string);
@@ -899,7 +900,7 @@ _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
899 mhd_gtls_str_cpy (asn1_rdn_name, sizeof (asn1_rdn_name), asn1_name); 900 mhd_gtls_str_cpy (asn1_rdn_name, sizeof (asn1_rdn_name), asn1_name);
900 mhd_gtls_str_cat (asn1_rdn_name, sizeof (asn1_rdn_name), ".rdnSequence"); 901 mhd_gtls_str_cat (asn1_rdn_name, sizeof (asn1_rdn_name), ".rdnSequence");
901 902
902 /* create a new element 903 /* create a new element
903 */ 904 */
904 result = asn1_write_value (asn1_struct, asn1_rdn_name, "NEW", 1); 905 result = asn1_write_value (asn1_struct, asn1_rdn_name, "NEW", 1);
905 if (result != ASN1_SUCCESS) 906 if (result != ASN1_SUCCESS)
diff --git a/src/daemon/https/x509/dn.h b/src/daemon/https/x509/dn.h
index 93a9262c..97f85e16 100644
--- a/src/daemon/https/x509/dn.h
+++ b/src/daemon/https/x509/dn.h
@@ -38,21 +38,21 @@
38#define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" 38#define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"
39 39
40int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, 40int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
41 const char *asn1_rdn_name, char *buf, 41 const char *asn1_rdn_name, char *buf,
42 size_t * sizeof_buf); 42 size_t * sizeof_buf);
43 43
44int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, 44int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
45 const char *asn1_rdn_name, const char *oid, 45 const char *asn1_rdn_name, const char *oid,
46 int indx, unsigned int raw_flag, void *buf, 46 int indx, unsigned int raw_flag, void *buf,
47 size_t * sizeof_buf); 47 size_t * sizeof_buf);
48 48
49int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct, 49int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
50 const char *asn1_rdn_name, const char *oid, 50 const char *asn1_rdn_name, const char *oid,
51 int raw_flag, const char *name, int sizeof_name); 51 int raw_flag, const char *name, int sizeof_name);
52 52
53int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct, 53int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
54 const char *asn1_rdn_name, 54 const char *asn1_rdn_name,
55 int indx, void *_oid, size_t * sizeof_oid); 55 int indx, void *_oid, size_t * sizeof_oid);
56 56
57 57
58#endif 58#endif
diff --git a/src/daemon/https/x509/dsa.c b/src/daemon/https/x509/dsa.c
index af403911..d65bcede 100644
--- a/src/daemon/https/x509/dsa.c
+++ b/src/daemon/https/x509/dsa.c
@@ -59,7 +59,7 @@ _gnutls_dsa_generate_params (mpi_t * resarr, int *resarr_len, int bits)
59 return GNUTLS_E_INTERNAL_ERROR; 59 return GNUTLS_E_INTERNAL_ERROR;
60 } 60 }
61 61
62 /* generate the DSA key 62 /* generate the DSA key
63 */ 63 */
64 ret = gcry_pk_genkey (&key, parms); 64 ret = gcry_pk_genkey (&key, parms);
65 gcry_sexp_release (parms); 65 gcry_sexp_release (parms);
diff --git a/src/daemon/https/x509/extensions.c b/src/daemon/https/x509/extensions.c
index ea3891b0..5cf170af 100644
--- a/src/daemon/https/x509/extensions.c
+++ b/src/daemon/https/x509/extensions.c
@@ -99,11 +99,11 @@ _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
99 return mhd_gtls_asn2err (result); 99 return mhd_gtls_asn2err (result);
100 } 100 }
101 101
102 /* Handle Extension 102 /* Handle Extension
103 */ 103 */
104 if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++) 104 if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++)
105 { 105 {
106 /* extension was found 106 /* extension was found
107 */ 107 */
108 108
109 /* read the critical status. 109 /* read the critical status.
@@ -170,7 +170,7 @@ _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
170} 170}
171 171
172/* This function will attempt to return the requested extension OID found in 172/* This function will attempt to return the requested extension OID found in
173 * the given X509v3 certificate. 173 * the given X509v3 certificate.
174 * 174 *
175 * If you have passed the last extension, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will 175 * If you have passed the last extension, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will
176 * be returned. 176 * be returned.
@@ -223,7 +223,7 @@ _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
223 return mhd_gtls_asn2err (result); 223 return mhd_gtls_asn2err (result);
224 } 224 }
225 225
226 /* Handle Extension 226 /* Handle Extension
227 */ 227 */
228 if (indx == indx_counter++) 228 if (indx == indx_counter++)
229 { 229 {
@@ -260,7 +260,7 @@ _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
260} 260}
261 261
262/* This function will attempt to set the requested extension in 262/* This function will attempt to set the requested extension in
263 * the given X509v3 certificate. 263 * the given X509v3 certificate.
264 * 264 *
265 * Critical will be either 0 or 1. 265 * Critical will be either 0 or 1.
266 */ 266 */
@@ -359,7 +359,7 @@ overwrite_extension (ASN1_TYPE asn, unsigned int indx,
359} 359}
360 360
361/* This function will attempt to overwrite the requested extension with 361/* This function will attempt to overwrite the requested extension with
362 * the given one. 362 * the given one.
363 * 363 *
364 * Critical will be either 0 or 1. 364 * Critical will be either 0 or 1.
365 */ 365 */
@@ -414,11 +414,11 @@ _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
414 return mhd_gtls_asn2err (result); 414 return mhd_gtls_asn2err (result);
415 } 415 }
416 416
417 /* Handle Extension 417 /* Handle Extension
418 */ 418 */
419 if (strcmp (extnID, ext_id) == 0) 419 if (strcmp (extnID, ext_id) == 0)
420 { 420 {
421 /* extension was found 421 /* extension was found
422 */ 422 */
423 return overwrite_extension (cert->cert, k, ext_data, critical); 423 return overwrite_extension (cert->cert, k, ext_data, critical);
424 } 424 }
@@ -839,7 +839,7 @@ _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
839 839
840 840
841/* Creates and encodes the CRL Distribution points. data_string should be a name 841/* Creates and encodes the CRL Distribution points. data_string should be a name
842 * and type holds the type of the name. 842 * and type holds the type of the name.
843 * reason_flags should be an or'ed sequence of GNUTLS_CRL_REASON_*. 843 * reason_flags should be an or'ed sequence of GNUTLS_CRL_REASON_*.
844 * 844 *
845 */ 845 */
diff --git a/src/daemon/https/x509/extensions.h b/src/daemon/https/x509/extensions.h
index fb758c90..143775a6 100644
--- a/src/daemon/https/x509/extensions.h
+++ b/src/daemon/https/x509/extensions.h
@@ -23,46 +23,46 @@
23 */ 23 */
24 24
25int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert, 25int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
26 const char *extension_id, int indx, 26 const char *extension_id, int indx,
27 gnutls_datum_t * ret, 27 gnutls_datum_t * ret,
28 unsigned int *critical); 28 unsigned int *critical);
29 29
30int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, 30int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
31 int indx, void *ret, 31 int indx, void *ret,
32 size_t * ret_size); 32 size_t * ret_size);
33int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage, 33int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
34 opaque * extnValue, int extnValueLen); 34 opaque * extnValue, int extnValueLen);
35int _gnutls_x509_ext_extract_basicConstraints (int *CA, 35int _gnutls_x509_ext_extract_basicConstraints (int *CA,
36 int *pathLenConstraint, 36 int *pathLenConstraint,
37 opaque * extnValue, 37 opaque * extnValue,
38 int extnValueLen); 38 int extnValueLen);
39int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert, 39int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
40 const char *extension_id, 40 const char *extension_id,
41 const gnutls_datum_t * ext_data, 41 const gnutls_datum_t * ext_data,
42 unsigned int critical); 42 unsigned int critical);
43int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint, 43int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint,
44 gnutls_datum_t * der_ext); 44 gnutls_datum_t * der_ext);
45int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext); 45int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext);
46int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t 46int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
47 type, const char *data_string, 47 type, const char *data_string,
48 gnutls_datum_t * der_ext); 48 gnutls_datum_t * der_ext);
49int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t 49int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t
50 type, const void *data_string, 50 type, const void *data_string,
51 unsigned int reason_flags, 51 unsigned int reason_flags,
52 gnutls_datum_t * der_ext); 52 gnutls_datum_t * der_ext);
53int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size, 53int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
54 gnutls_datum_t * der_data); 54 gnutls_datum_t * der_data);
55int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size, 55int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
56 gnutls_datum_t * der_data); 56 gnutls_datum_t * der_data);
57 57
58int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint, 58int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
59 char **policyLanguage, 59 char **policyLanguage,
60 char **policy, 60 char **policy,
61 size_t *sizeof_policy, 61 size_t * sizeof_policy,
62 opaque * extnValue, 62 opaque * extnValue,
63 int extnValueLen); 63 int extnValueLen);
64int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint, 64int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
65 const char *policyLanguage, 65 const char *policyLanguage,
66 const char *policy, 66 const char *policy,
67 size_t sizeof_policy, 67 size_t sizeof_policy,
68 gnutls_datum_t * der_ext); 68 gnutls_datum_t * der_ext);
diff --git a/src/daemon/https/x509/mpi.c b/src/daemon/https/x509/mpi.c
index 73f091c1..c43b3dce 100644
--- a/src/daemon/https/x509/mpi.c
+++ b/src/daemon/https/x509/mpi.c
@@ -335,7 +335,8 @@ cleanup:asn1_delete_structure (&spk);
335int 335int
336_gnutls_x509_write_sig_params (ASN1_TYPE dst, 336_gnutls_x509_write_sig_params (ASN1_TYPE dst,
337 const char *dst_name, 337 const char *dst_name,
338 enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm, 338 enum MHD_GNUTLS_PublicKeyAlgorithm
339 pk_algorithm,
339 enum MHD_GNUTLS_HashAlgorithm dig, 340 enum MHD_GNUTLS_HashAlgorithm dig,
340 mpi_t * params, int params_size) 341 mpi_t * params, int params_size)
341{ 342{
diff --git a/src/daemon/https/x509/mpi.h b/src/daemon/https/x509/mpi.h
index 30f8fd77..69e725bd 100644
--- a/src/daemon/https/x509/mpi.h
+++ b/src/daemon/https/x509/mpi.h
@@ -26,32 +26,32 @@
26#include "x509.h" 26#include "x509.h"
27 27
28int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert, 28int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
29 mpi_t * params, int *params_size); 29 mpi_t * params, int *params_size);
30int _gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params); 30int _gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params);
31int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, mpi_t * params); 31int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, mpi_t * params);
32int _gnutls_x509_read_dsa_params (opaque * der, int dersize, mpi_t * params); 32int _gnutls_x509_read_dsa_params (opaque * der, int dersize, mpi_t * params);
33 33
34int _gnutls_x509_write_rsa_params (mpi_t * params, int params_size, 34int _gnutls_x509_write_rsa_params (mpi_t * params, int params_size,
35 gnutls_datum_t * der); 35 gnutls_datum_t * der);
36int _gnutls_x509_write_dsa_params (mpi_t * params, int params_size, 36int _gnutls_x509_write_dsa_params (mpi_t * params, int params_size,
37 gnutls_datum_t * der); 37 gnutls_datum_t * der);
38int _gnutls_x509_write_dsa_public_key (mpi_t * params, int params_size, 38int _gnutls_x509_write_dsa_public_key (mpi_t * params, int params_size,
39 gnutls_datum_t * der); 39 gnutls_datum_t * der);
40 40
41int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value, 41int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value,
42 unsigned int *ret); 42 unsigned int *ret);
43 43
44int 44int _gnutls_x509_read_der_int (opaque * der, int dersize, mpi_t * out);
45_gnutls_x509_read_der_int (opaque * der, int dersize, mpi_t* out);
46 45
47int _gnutls_x509_read_int (ASN1_TYPE node, const char *value, 46int _gnutls_x509_read_int (ASN1_TYPE node, const char *value,
48 mpi_t * ret_mpi); 47 mpi_t * ret_mpi);
49int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi, 48int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi,
50 int lz); 49 int lz);
51int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value, 50int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value,
52 uint32_t num); 51 uint32_t num);
53 52
54int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name, 53int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
55 enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm, 54 enum MHD_GNUTLS_PublicKeyAlgorithm
56 enum MHD_GNUTLS_HashAlgorithm, mpi_t * params, 55 pk_algorithm,
57 int params_size); 56 enum MHD_GNUTLS_HashAlgorithm,
57 mpi_t * params, int params_size);
diff --git a/src/daemon/https/x509/pkcs12.h b/src/daemon/https/x509/pkcs12.h
index 3c75dff5..38131ece 100644
--- a/src/daemon/https/x509/pkcs12.h
+++ b/src/daemon/https/x509/pkcs12.h
@@ -28,7 +28,7 @@
28 28
29#ifdef __cplusplus 29#ifdef __cplusplus
30extern "C" 30extern "C"
31 { 31{
32#endif 32#endif
33 33
34#include <x509.h> 34#include <x509.h>
@@ -37,15 +37,15 @@ extern "C"
37 37
38/* PKCS12 structures handling 38/* PKCS12 structures handling
39 */ 39 */
40struct gnutls_pkcs12_int; 40 struct gnutls_pkcs12_int;
41 41
42struct gnutls_pkcs12_bag_int; 42 struct gnutls_pkcs12_bag_int;
43typedef struct gnutls_pkcs12_int 43 typedef struct gnutls_pkcs12_int
44 { 44 {
45 ASN1_TYPE pkcs12; 45 ASN1_TYPE pkcs12;
46 } gnutls_pkcs12_int; 46 } gnutls_pkcs12_int;
47 47
48typedef enum gnutls_pkcs12_bag_type_t 48 typedef enum gnutls_pkcs12_bag_type_t
49 { 49 {
50 GNUTLS_BAG_EMPTY = 0, 50 GNUTLS_BAG_EMPTY = 0,
51 51
@@ -57,7 +57,7 @@ typedef enum gnutls_pkcs12_bag_type_t
57 GNUTLS_BAG_UNKNOWN = 20 57 GNUTLS_BAG_UNKNOWN = 20
58 } gnutls_pkcs12_bag_type_t; 58 } gnutls_pkcs12_bag_type_t;
59 59
60struct bag_element 60 struct bag_element
61 { 61 {
62 gnutls_datum_t data; 62 gnutls_datum_t data;
63 gnutls_pkcs12_bag_type_t type; 63 gnutls_pkcs12_bag_type_t type;
@@ -65,7 +65,7 @@ struct bag_element
65 char *friendly_name; 65 char *friendly_name;
66 }; 66 };
67 67
68typedef struct gnutls_pkcs12_bag_int 68 typedef struct gnutls_pkcs12_bag_int
69 { 69 {
70 struct bag_element element[MAX_BAG_ELEMENTS]; 70 struct bag_element element[MAX_BAG_ELEMENTS];
71 int bag_elements; 71 int bag_elements;
@@ -75,68 +75,54 @@ typedef struct gnutls_pkcs12_bag_int
75#define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20" 75#define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20"
76#define KEY_ID_OID "1.2.840.113549.1.9.21" 76#define KEY_ID_OID "1.2.840.113549.1.9.21"
77 77
78typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t; 78 typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t;
79typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t; 79 typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t;
80 80
81int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12); 81 int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12);
82void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12); 82 void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12);
83int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, 83 int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12,
84 const gnutls_datum_t * data, 84 const gnutls_datum_t * data,
85 gnutls_x509_crt_fmt_t format, 85 gnutls_x509_crt_fmt_t format, unsigned int flags);
86 unsigned int flags); 86 int gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12,
87int gnutls_pkcs12_export(gnutls_pkcs12_t pkcs12, 87 gnutls_x509_crt_fmt_t format,
88 gnutls_x509_crt_fmt_t format, 88 void *output_data, size_t * output_data_size);
89 void *output_data, 89
90 size_t * output_data_size); 90 int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12,
91 91 int indx, gnutls_pkcs12_bag_t bag);
92int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, 92 int gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag);
93 int indx, 93
94 gnutls_pkcs12_bag_t bag); 94 int gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass);
95int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, 95 int gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass);
96 gnutls_pkcs12_bag_t bag); 96
97 97 int gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass);
98int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12, 98 int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag,
99 const char *pass); 99 const char *pass, unsigned int flags);
100int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, 100
101 const char *pass); 101 gnutls_pkcs12_bag_type_t gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t
102 102 bag, int indx);
103int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag, 103 int gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag,
104 const char *pass); 104 int indx, gnutls_datum_t * data);
105int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag, 105 int gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag,
106 const char *pass, 106 gnutls_pkcs12_bag_type_t type,
107 unsigned int flags); 107 const gnutls_datum_t * data);
108 108 int gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag,
109gnutls_pkcs12_bag_type_t gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag_t 109 gnutls_x509_crl_t crl);
110 bag, 110 int gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag,
111 int indx); 111 gnutls_x509_crt_t crt);
112int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, 112
113 int indx, 113 int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag);
114 gnutls_datum_t * data); 114 void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag);
115int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag, 115 int gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag);
116 gnutls_pkcs12_bag_type_t type, 116
117 const gnutls_datum_t * data); 117 int gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag,
118int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag, 118 int indx, gnutls_datum_t * id);
119 gnutls_x509_crl_t crl); 119 int gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag,
120int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag, 120 int indx, const gnutls_datum_t * id);
121 gnutls_x509_crt_t crt); 121
122 122 int gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag,
123int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag); 123 int indx, char **name);
124void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag); 124 int gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag,
125int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag); 125 int indx, const char *name);
126
127int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag,
128 int indx,
129 gnutls_datum_t * id);
130int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag,
131 int indx,
132 const gnutls_datum_t * id);
133
134int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag,
135 int indx,
136 char **name);
137int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag,
138 int indx,
139 const char *name);
140 126
141#ifdef __cplusplus 127#ifdef __cplusplus
142} 128}
@@ -152,56 +138,48 @@ int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag,
152#define DATA_OID "1.2.840.113549.1.7.1" 138#define DATA_OID "1.2.840.113549.1.7.1"
153#define ENC_DATA_OID "1.2.840.113549.1.7.6" 139#define ENC_DATA_OID "1.2.840.113549.1.7.6"
154 140
155int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12); 141int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12);
156void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12); 142void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12);
157int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, 143int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12,
158 const gnutls_datum_t * data, 144 const gnutls_datum_t * data,
159 gnutls_x509_crt_fmt_t format, 145 gnutls_x509_crt_fmt_t format, unsigned int flags);
160 unsigned int flags);
161 146
162int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, 147int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12,
163 int indx, 148 int indx, gnutls_pkcs12_bag_t bag);
164 gnutls_pkcs12_bag_t bag);
165 149
166int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag); 150int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag);
167void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag); 151void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag);
168 152
169int _pkcs12_string_to_key(unsigned int id, 153int _pkcs12_string_to_key (unsigned int id,
170 const opaque * salt, 154 const opaque * salt,
171 unsigned int salt_size, 155 unsigned int salt_size,
172 unsigned int iter, 156 unsigned int iter,
173 const char *pw, 157 const char *pw,
174 unsigned int req_keylen, 158 unsigned int req_keylen, opaque * keybuf);
175 opaque * keybuf);
176 159
177int _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, 160int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data,
178 const char *password, 161 const char *password, gnutls_datum_t * dec);
179 gnutls_datum_t * dec);
180 162
181typedef enum schema_id 163typedef enum schema_id
182 { 164{
183 PBES2, /* the stuff in PKCS #5 */ 165 PBES2, /* the stuff in PKCS #5 */
184 PKCS12_3DES_SHA1, /* the fucking stuff in PKCS #12 */ 166 PKCS12_3DES_SHA1, /* the fucking stuff in PKCS #12 */
185 PKCS12_ARCFOUR_SHA1, 167 PKCS12_ARCFOUR_SHA1,
186 PKCS12_RC2_40_SHA1 168 PKCS12_RC2_40_SHA1
187 } schema_id; 169} schema_id;
188 170
189int _gnutls_pkcs7_encrypt_data(schema_id schema, 171int _gnutls_pkcs7_encrypt_data (schema_id schema,
190 const gnutls_datum_t * data, 172 const gnutls_datum_t * data,
191 const char *password, 173 const char *password, gnutls_datum_t * enc);
192 gnutls_datum_t * enc); 174int _pkcs12_decode_safe_contents (const gnutls_datum_t * content,
193int _pkcs12_decode_safe_contents(const gnutls_datum_t * content, 175 gnutls_pkcs12_bag_t bag);
194 gnutls_pkcs12_bag_t bag); 176
195 177int _pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag,
196int _pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, 178 ASN1_TYPE * content, int *enc);
197 ASN1_TYPE * content, 179
198 int *enc); 180int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type,
199 181 const gnutls_datum_t * in, gnutls_datum_t * out);
200int _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, 182int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type,
201 const gnutls_datum_t * in, 183 const gnutls_datum_t * raw, gnutls_datum_t * out);
202 gnutls_datum_t * out); 184
203int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, 185#endif /* GNUTLS_PKCS12_H */
204 const gnutls_datum_t * raw,
205 gnutls_datum_t * out);
206
207#endif /* GNUTLS_PKCS12_H */
diff --git a/src/daemon/https/x509/pkcs12_bag.c b/src/daemon/https/x509/pkcs12_bag.c
index 780dfb52..63b290bc 100644
--- a/src/daemon/https/x509/pkcs12_bag.c
+++ b/src/daemon/https/x509/pkcs12_bag.c
@@ -80,7 +80,7 @@ _pkcs12_bag_free_data (gnutls_pkcs12_bag_t bag)
80 * gnutls_pkcs12_bag_deinit - This function deinitializes memory used by a gnutls_pkcs12_t structure 80 * gnutls_pkcs12_bag_deinit - This function deinitializes memory used by a gnutls_pkcs12_t structure
81 * @bag: The structure to be initialized 81 * @bag: The structure to be initialized
82 * 82 *
83 * This function will deinitialize a PKCS12 Bag structure. 83 * This function will deinitialize a PKCS12 Bag structure.
84 * 84 *
85 **/ 85 **/
86void 86void
@@ -121,7 +121,7 @@ gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx)
121 * gnutls_pkcs12_bag_get_count - This function returns the bag's elements count 121 * gnutls_pkcs12_bag_get_count - This function returns the bag's elements count
122 * @bag: The bag 122 * @bag: The bag
123 * 123 *
124 * This function will return the number of the elements withing the bag. 124 * This function will return the number of the elements withing the bag.
125 * 125 *
126 **/ 126 **/
127int 127int
@@ -332,7 +332,7 @@ cleanup:
332 * @data: the data to be copied. 332 * @data: the data to be copied.
333 * 333 *
334 * This function will insert the given data of the given type into the 334 * This function will insert the given data of the given type into the
335 * bag. 335 * bag.
336 * 336 *
337 * Returns the index of the added bag on success, or a negative 337 * Returns the index of the added bag on success, or a negative
338 * value on error. 338 * value on error.
@@ -475,7 +475,7 @@ gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl)
475 * This function will add the given key ID, to the specified, by the index, bag 475 * This function will add the given key ID, to the specified, by the index, bag
476 * element. The key ID will be encoded as a 'Local key identifier' bag attribute, 476 * element. The key ID will be encoded as a 'Local key identifier' bag attribute,
477 * which is usually used to distinguish the local private key and the certificate pair. 477 * which is usually used to distinguish the local private key and the certificate pair.
478 * 478 *
479 * Returns 0 on success, or a negative value on error. 479 * Returns 0 on success, or a negative value on error.
480 * 480 *
481 **/ 481 **/
@@ -518,7 +518,7 @@ gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx,
518 * 518 *
519 * This function will return the key ID, of the specified bag element. 519 * This function will return the key ID, of the specified bag element.
520 * The key ID is usually used to distinguish the local private key and the certificate pair. 520 * The key ID is usually used to distinguish the local private key and the certificate pair.
521 * 521 *
522 * Returns 0 on success, or a negative value on error. 522 * Returns 0 on success, or a negative value on error.
523 * 523 *
524 **/ 524 **/
@@ -552,7 +552,7 @@ gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx,
552 * 552 *
553 * This function will return the friendly name, of the specified bag element. 553 * This function will return the friendly name, of the specified bag element.
554 * The key ID is usually used to distinguish the local private key and the certificate pair. 554 * The key ID is usually used to distinguish the local private key and the certificate pair.
555 * 555 *
556 * Returns 0 on success, or a negative value on error. 556 * Returns 0 on success, or a negative value on error.
557 * 557 *
558 **/ 558 **/
@@ -587,7 +587,7 @@ gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
587 * This function will add the given key friendly name, to the specified, by the index, bag 587 * This function will add the given key friendly name, to the specified, by the index, bag
588 * element. The name will be encoded as a 'Friendly name' bag attribute, 588 * element. The name will be encoded as a 'Friendly name' bag attribute,
589 * which is usually used to set a user name to the local private key and the certificate pair. 589 * which is usually used to set a user name to the local private key and the certificate pair.
590 * 590 *
591 * Returns 0 on success, or a negative value on error. 591 * Returns 0 on success, or a negative value on error.
592 * 592 *
593 **/ 593 **/
@@ -752,7 +752,7 @@ gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass,
752 return ret; 752 return ret;
753 } 753 }
754 754
755 /* encryption succeeded. 755 /* encryption succeeded.
756 */ 756 */
757 757
758 _pkcs12_bag_free_data (bag); 758 _pkcs12_bag_free_data (bag);
diff --git a/src/daemon/https/x509/pkcs7.c b/src/daemon/https/x509/pkcs7.c
index 3cef67c2..6af89425 100644
--- a/src/daemon/https/x509/pkcs7.c
+++ b/src/daemon/https/x509/pkcs7.c
@@ -40,7 +40,7 @@
40 40
41#define SIGNED_DATA_OID "1.2.840.113549.1.7.2" 41#define SIGNED_DATA_OID "1.2.840.113549.1.7.2"
42 42
43/* Decodes the PKCS #7 signed data, and returns an ASN1_TYPE, 43/* Decodes the PKCS #7 signed data, and returns an ASN1_TYPE,
44 * which holds them. If raw is non null then the raw decoded 44 * which holds them. If raw is non null then the raw decoded
45 * data are copied (they are locally allocated) there. 45 * data are copied (they are locally allocated) there.
46 */ 46 */
@@ -175,7 +175,7 @@ gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7)
175 * gnutls_pkcs7_deinit - This function deinitializes memory used by a gnutls_pkcs7_t structure 175 * gnutls_pkcs7_deinit - This function deinitializes memory used by a gnutls_pkcs7_t structure
176 * @pkcs7: The structure to be initialized 176 * @pkcs7: The structure to be initialized
177 * 177 *
178 * This function will deinitialize a PKCS7 structure. 178 * This function will deinitialize a PKCS7 structure.
179 * 179 *
180 **/ 180 **/
181void 181void
@@ -298,7 +298,7 @@ gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7,
298 return result; 298 return result;
299 } 299 }
300 300
301 /* Step 2. Parse the CertificateSet 301 /* Step 2. Parse the CertificateSet
302 */ 302 */
303 303
304 snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1); 304 snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1);
@@ -320,7 +320,7 @@ gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7,
320 goto cleanup; 320 goto cleanup;
321 } 321 }
322 322
323 /* if 'Certificate' is the choice found: 323 /* if 'Certificate' is the choice found:
324 */ 324 */
325 if (strcmp (oid, "certificate") == 0) 325 if (strcmp (oid, "certificate") == 0)
326 { 326 {
@@ -369,7 +369,7 @@ cleanup:
369 * gnutls_pkcs7_get_crt_count - This function returns the number of certificates in a PKCS7 certificate set 369 * gnutls_pkcs7_get_crt_count - This function returns the number of certificates in a PKCS7 certificate set
370 * @pkcs7_struct: should contain a gnutls_pkcs7_t structure 370 * @pkcs7_struct: should contain a gnutls_pkcs7_t structure
371 * 371 *
372 * This function will return the number of certifcates in the PKCS7 or 372 * This function will return the number of certifcates in the PKCS7 or
373 * RFC2630 certificate set. 373 * RFC2630 certificate set.
374 * 374 *
375 * Returns a negative value on failure. 375 * Returns a negative value on failure.
@@ -755,12 +755,12 @@ gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7,
755 return result; 755 return result;
756 } 756 }
757 757
758 /* Step 2. Parse the CertificateSet 758 /* Step 2. Parse the CertificateSet
759 */ 759 */
760 760
761 snprintf (root2, sizeof (root2), "crls.?%u", indx + 1); 761 snprintf (root2, sizeof (root2), "crls.?%u", indx + 1);
762 762
763 /* Get the raw CRL 763 /* Get the raw CRL
764 */ 764 */
765 result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size, 765 result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size,
766 root2, &start, &end); 766 root2, &start, &end);
@@ -799,7 +799,7 @@ cleanup:
799 * gnutls_pkcs7_get_crl_count - This function returns the number of crls in a PKCS7 crl set 799 * gnutls_pkcs7_get_crl_count - This function returns the number of crls in a PKCS7 crl set
800 * @pkcs7_struct: should contain a gnutls_pkcs7_t structure 800 * @pkcs7_struct: should contain a gnutls_pkcs7_t structure
801 * 801 *
802 * This function will return the number of certifcates in the PKCS7 or 802 * This function will return the number of certifcates in the PKCS7 or
803 * RFC2630 crl set. 803 * RFC2630 crl set.
804 * 804 *
805 * Returns a negative value on failure. 805 * Returns a negative value on failure.
diff --git a/src/daemon/https/x509/privkey.h b/src/daemon/https/x509/privkey.h
index 6e645b9d..59dc936b 100644
--- a/src/daemon/https/x509/privkey.h
+++ b/src/daemon/https/x509/privkey.h
@@ -25,7 +25,7 @@
25#include "x509.h" 25#include "x509.h"
26 26
27ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * 27ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t *
28 raw_key, 28 raw_key,
29 gnutls_x509_privkey_t pkey); 29 gnutls_x509_privkey_t pkey);
30 30
31int _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params); 31int _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params);
diff --git a/src/daemon/https/x509/privkey_pkcs8.c b/src/daemon/https/x509/privkey_pkcs8.c
index fa5b5c43..8b92f266 100644
--- a/src/daemon/https/x509/privkey_pkcs8.c
+++ b/src/daemon/https/x509/privkey_pkcs8.c
@@ -1284,7 +1284,7 @@ error:
1284/* Converts an OID to a gnutls cipher type. 1284/* Converts an OID to a gnutls cipher type.
1285 */ 1285 */
1286inline static int 1286inline static int
1287oid2cipher (const char *oid, enum MHD_GNUTLS_CipherAlgorithm * algo) 1287oid2cipher (const char *oid, enum MHD_GNUTLS_CipherAlgorithm *algo)
1288{ 1288{
1289 1289
1290 *algo = 0; 1290 *algo = 0;
diff --git a/src/daemon/https/x509/sign.c b/src/daemon/https/x509/sign.c
index 9a548665..2d367732 100644
--- a/src/daemon/https/x509/sign.c
+++ b/src/daemon/https/x509/sign.c
@@ -132,8 +132,9 @@ encode_ber_digest_info (enum MHD_GNUTLS_HashAlgorithm hash,
132 * params[1] is public key 132 * params[1] is public key
133 */ 133 */
134static int 134static int
135pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, const gnutls_datum_t * text, 135pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash,
136 mpi_t * params, int params_len, gnutls_datum_t * signature) 136 const gnutls_datum_t * text, mpi_t * params, int params_len,
137 gnutls_datum_t * signature)
137{ 138{
138 int ret; 139 int ret;
139 opaque _digest[MAX_HASH_SIZE]; 140 opaque _digest[MAX_HASH_SIZE];
@@ -163,7 +164,7 @@ pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, const gnutls_datum_t * text,
163 164
164 if ((ret = 165 if ((ret =
165 mhd_gtls_sign (MHD_GNUTLS_PK_RSA, params, params_len, &info, 166 mhd_gtls_sign (MHD_GNUTLS_PK_RSA, params, params_len, &info,
166 signature)) < 0) 167 signature)) < 0)
167 { 168 {
168 gnutls_assert (); 169 gnutls_assert ();
169 _gnutls_free_datum (&info); 170 _gnutls_free_datum (&info);
@@ -179,7 +180,7 @@ pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, const gnutls_datum_t * text,
179 * private key. 180 * private key.
180 * 181 *
181 * returns 0 on success. 182 * returns 0 on success.
182 * 183 *
183 * 'tbs' is the data to be signed 184 * 'tbs' is the data to be signed
184 * 'signature' will hold the signature! 185 * 'signature' will hold the signature!
185 * 'hash' is only used in PKCS1 RSA signing. 186 * 'hash' is only used in PKCS1 RSA signing.
@@ -327,7 +328,7 @@ _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
327 } 328 }
328 329
329 /* Step 3. Move up and write the AlgorithmIdentifier, which is also 330 /* Step 3. Move up and write the AlgorithmIdentifier, which is also
330 * the same. 331 * the same.
331 */ 332 */
332 333
333 result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm", 334 result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm",
diff --git a/src/daemon/https/x509/sign.h b/src/daemon/https/x509/sign.h
index c7da9e2e..86d9859c 100644
--- a/src/daemon/https/x509/sign.h
+++ b/src/daemon/https/x509/sign.h
@@ -23,14 +23,14 @@
23 */ 23 */
24 24
25int _gnutls_x509_sign (const gnutls_datum_t * tbs, 25int _gnutls_x509_sign (const gnutls_datum_t * tbs,
26 enum MHD_GNUTLS_HashAlgorithm hash, 26 enum MHD_GNUTLS_HashAlgorithm hash,
27 gnutls_x509_privkey_t signer, 27 gnutls_x509_privkey_t signer,
28 gnutls_datum_t * signature); 28 gnutls_datum_t * signature);
29int _gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name, 29int _gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name,
30 enum MHD_GNUTLS_HashAlgorithm hash, 30 enum MHD_GNUTLS_HashAlgorithm hash,
31 gnutls_x509_privkey_t signer, 31 gnutls_x509_privkey_t signer,
32 gnutls_datum_t * signature); 32 gnutls_datum_t * signature);
33int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, 33int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
34 enum MHD_GNUTLS_HashAlgorithm, 34 enum MHD_GNUTLS_HashAlgorithm,
35 gnutls_x509_crt_t issuer, 35 gnutls_x509_crt_t issuer,
36 gnutls_x509_privkey_t issuer_key); 36 gnutls_x509_privkey_t issuer_key);
diff --git a/src/daemon/https/x509/verify.h b/src/daemon/https/x509/verify.h
index d7ca5151..c7e3c63d 100644
--- a/src/daemon/https/x509/verify.h
+++ b/src/daemon/https/x509/verify.h
@@ -25,10 +25,10 @@
25#include "x509.h" 25#include "x509.h"
26 26
27int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert, 27int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert,
28 gnutls_x509_crt_t issuer); 28 gnutls_x509_crt_t issuer);
29int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, 29int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
30 const gnutls_datum_t * signature, 30 const gnutls_datum_t * signature,
31 gnutls_x509_crt_t issuer); 31 gnutls_x509_crt_t issuer);
32int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, 32int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
33 const gnutls_datum_t * signature, 33 const gnutls_datum_t * signature,
34 gnutls_x509_privkey_t issuer); 34 gnutls_x509_privkey_t issuer);
diff --git a/src/daemon/https/x509/x509.c b/src/daemon/https/x509/x509.c
index e8dff3c7..76ad46ac 100644
--- a/src/daemon/https/x509/x509.c
+++ b/src/daemon/https/x509/x509.c
@@ -76,7 +76,7 @@ gnutls_x509_crt_init (gnutls_x509_crt_t * cert)
76 * @dest: The structure where to copy 76 * @dest: The structure where to copy
77 * @src: The structure to be copied 77 * @src: The structure to be copied
78 * 78 *
79 * This function will copy an X.509 certificate structure. 79 * This function will copy an X.509 certificate structure.
80 * 80 *
81 * Returns 0 on success. 81 * Returns 0 on success.
82 * 82 *
@@ -131,7 +131,7 @@ _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src)
131 * gnutls_x509_crt_deinit - This function deinitializes memory used by a gnutls_x509_crt_t structure 131 * gnutls_x509_crt_deinit - This function deinitializes memory used by a gnutls_x509_crt_t structure
132 * @cert: The structure to be initialized 132 * @cert: The structure to be initialized
133 * 133 *
134 * This function will deinitialize a CRL structure. 134 * This function will deinitialize a CRL structure.
135 * 135 *
136 **/ 136 **/
137void 137void
@@ -456,8 +456,8 @@ gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert,
456 * gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm 456 * gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm
457 * @cert: should contain a gnutls_x509_crt_t structure 457 * @cert: should contain a gnutls_x509_crt_t structure
458 * 458 *
459 * This function will return a value of the gnutls_sign_algorithm_t enumeration that 459 * This function will return a value of the gnutls_sign_algorithm_t enumeration that
460 * is the signature algorithm. 460 * is the signature algorithm.
461 * 461 *
462 * Returns a negative value on error. 462 * Returns a negative value on error.
463 * 463 *
@@ -635,11 +635,11 @@ gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert)
635 * @result: The place where the serial number will be copied 635 * @result: The place where the serial number will be copied
636 * @result_size: Holds the size of the result field. 636 * @result_size: Holds the size of the result field.
637 * 637 *
638 * This function will return the X.509 certificate's serial number. 638 * This function will return the X.509 certificate's serial number.
639 * This is obtained by the X509 Certificate serialNumber 639 * This is obtained by the X509 Certificate serialNumber
640 * field. Serial is not always a 32 or 64bit number. Some CAs use 640 * field. Serial is not always a 32 or 64bit number. Some CAs use
641 * large serial numbers, thus it may be wise to handle it as something 641 * large serial numbers, thus it may be wise to handle it as something
642 * opaque. 642 * opaque.
643 * 643 *
644 * Returns 0 on success and a negative value in case of an error. 644 * Returns 0 on success and a negative value in case of an error.
645 * 645 *
@@ -680,7 +680,7 @@ gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert,
680 * 680 *
681 * This function will return the X.509v3 certificate's subject key identifier. 681 * This function will return the X.509v3 certificate's subject key identifier.
682 * This is obtained by the X.509 Subject Key identifier extension 682 * This is obtained by the X.509 Subject Key identifier extension
683 * field (2.5.29.14). 683 * field (2.5.29.14).
684 * 684 *
685 * Returns 0 on success and a negative value in case of an error. 685 * Returns 0 on success and a negative value in case of an error.
686 * 686 *
@@ -850,11 +850,11 @@ gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert,
850 * @cert: should contain a gnutls_x509_crt_t structure 850 * @cert: should contain a gnutls_x509_crt_t structure
851 * @bits: if bits is non null it will hold the size of the parameters' in bits 851 * @bits: if bits is non null it will hold the size of the parameters' in bits
852 * 852 *
853 * This function will return the public key algorithm of an X.509 853 * This function will return the public key algorithm of an X.509
854 * certificate. 854 * certificate.
855 * 855 *
856 * If bits is non null, it should have enough size to hold the parameters 856 * If bits is non null, it should have enough size to hold the parameters
857 * size in bits. For RSA the bits returned is the modulus. 857 * size in bits. For RSA the bits returned is the modulus.
858 * For DSA the bits returned are of the public 858 * For DSA the bits returned are of the public
859 * exponent. 859 * exponent.
860 * 860 *
@@ -1353,7 +1353,7 @@ gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical)
1353 * @key_usage: where the key usage bits will be stored 1353 * @key_usage: where the key usage bits will be stored
1354 * @critical: will be non zero if the extension is marked as critical 1354 * @critical: will be non zero if the extension is marked as critical
1355 * 1355 *
1356 * This function will return certificate's key usage, by reading the 1356 * This function will return certificate's key usage, by reading the
1357 * keyUsage X.509 extension (2.5.29.15). The key usage value will ORed values of the: 1357 * keyUsage X.509 extension (2.5.29.15). The key usage value will ORed values of the:
1358 * GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_NON_REPUDIATION, 1358 * GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_NON_REPUDIATION,
1359 * GNUTLS_KEY_KEY_ENCIPHERMENT, GNUTLS_KEY_DATA_ENCIPHERMENT, 1359 * GNUTLS_KEY_KEY_ENCIPHERMENT, GNUTLS_KEY_DATA_ENCIPHERMENT,
@@ -1547,7 +1547,7 @@ gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,
1547 * The extension OID will be stored as a string in the provided buffer. 1547 * The extension OID will be stored as a string in the provided buffer.
1548 * 1548 *
1549 * A negative value may be returned in case of parsing error. 1549 * A negative value may be returned in case of parsing error.
1550 * If your have reached the last extension available 1550 * If your have reached the last extension available
1551 * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. 1551 * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
1552 * 1552 *
1553 **/ 1553 **/
@@ -2166,7 +2166,7 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,
2166 } 2166 }
2167 2167
2168 result = MHD_gnutls_fingerprint (MHD_GNUTLS_MAC_SHA1, &pubkey, output_data, 2168 result = MHD_gnutls_fingerprint (MHD_GNUTLS_MAC_SHA1, &pubkey, output_data,
2169 output_data_size); 2169 output_data_size);
2170 2170
2171 gnutls_afree (pubkey.data); 2171 gnutls_afree (pubkey.data);
2172 2172
@@ -2813,7 +2813,7 @@ gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
2813 } 2813 }
2814 } 2814 }
2815 2815
2816 /* now we move ptr after the pem header 2816 /* now we move ptr after the pem header
2817 */ 2817 */
2818 ptr++; 2818 ptr++;
2819 /* find the next certificate (if any) 2819 /* find the next certificate (if any)
diff --git a/src/daemon/https/x509/x509.h b/src/daemon/https/x509/x509.h
index f779759f..d718767a 100644
--- a/src/daemon/https/x509/x509.h
+++ b/src/daemon/https/x509/x509.h
@@ -29,7 +29,7 @@
29 29
30#ifdef __cplusplus 30#ifdef __cplusplus
31extern "C" 31extern "C"
32 { 32{
33#endif 33#endif
34 34
35#include <gnutls.h> 35#include <gnutls.h>
@@ -78,7 +78,7 @@ extern "C"
78 78
79/* Certificate handling functions. 79/* Certificate handling functions.
80 */ 80 */
81typedef enum gnutls_certificate_import_flags 81 typedef enum gnutls_certificate_import_flags
82 { 82 {
83 /* Fail if the certificates in the buffer are more than the space 83 /* Fail if the certificates in the buffer are more than the space
84 * allocated for certificates. The error code will be 84 * allocated for certificates. The error code will be
@@ -87,71 +87,61 @@ typedef enum gnutls_certificate_import_flags
87 GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1 87 GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1
88 } gnutls_certificate_import_flags; 88 } gnutls_certificate_import_flags;
89 89
90int gnutls_x509_crt_init(gnutls_x509_crt_t * cert); 90 int gnutls_x509_crt_init (gnutls_x509_crt_t * cert);
91void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert); 91 void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert);
92int gnutls_x509_crt_import(gnutls_x509_crt_t cert, 92 int gnutls_x509_crt_import (gnutls_x509_crt_t cert,
93 const gnutls_datum_t * data, 93 const gnutls_datum_t * data,
94 gnutls_x509_crt_fmt_t format); 94 gnutls_x509_crt_fmt_t format);
95int gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs, 95 int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
96 unsigned int *cert_max, 96 unsigned int *cert_max,
97 const gnutls_datum_t * data, 97 const gnutls_datum_t * data,
98 gnutls_x509_crt_fmt_t format, 98 gnutls_x509_crt_fmt_t format,
99 unsigned int flags); 99 unsigned int flags);
100int gnutls_x509_crt_export(gnutls_x509_crt_t cert, 100 int gnutls_x509_crt_export (gnutls_x509_crt_t cert,
101 gnutls_x509_crt_fmt_t format, 101 gnutls_x509_crt_fmt_t format,
102 void *output_data, 102 void *output_data, size_t * output_data_size);
103 size_t * output_data_size); 103 int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert,
104int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, 104 char *buf, size_t * sizeof_buf);
105 char *buf, 105 int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert,
106 size_t * sizeof_buf);
107int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert,
108 int indx,
109 void *oid,
110 size_t * sizeof_oid);
111int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert,
112 const char *oid,
113 int indx, 106 int indx,
114 unsigned int raw_flag, 107 void *oid, size_t * sizeof_oid);
115 void *buf, 108 int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
116 size_t * sizeof_buf); 109 const char *oid,
117int gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, 110 int indx,
118 char *buf, 111 unsigned int raw_flag,
119 size_t * sizeof_buf); 112 void *buf, size_t * sizeof_buf);
120int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, 113 int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert,
121 int indx, 114 char *buf, size_t * sizeof_buf);
122 void *oid, 115 int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert,
123 size_t * sizeof_oid); 116 int indx, void *oid, size_t * sizeof_oid);
124int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, 117 int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert,
125 const char *oid, 118 const char *oid,
126 int indx, 119 int indx,
127 unsigned int raw_flag, 120 unsigned int raw_flag,
128 void *buf, 121 void *buf, size_t * sizeof_buf);
129 size_t * sizeof_buf); 122 int gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert,
130int gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert, 123 const char *hostname);
131 const char *hostname); 124
132 125 int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert);
133int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert); 126 int gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert,
134int gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert, 127 char *sig, size_t * sizeof_sig);
135 char *sig, 128 int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert);
136 size_t *sizeof_sig); 129 int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,
137int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert); 130 unsigned int flags,
138int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, 131 unsigned char *output_data,
139 unsigned int flags, 132 size_t * output_data_size);
140 unsigned char *output_data, 133
141 size_t * output_data_size); 134 int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert,
142 135 const void *id, size_t id_size);
143int gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert, 136 int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert,
144 const void *id, 137 void *ret,
145 size_t id_size); 138 size_t * ret_size,
146int gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, 139 unsigned int *critical);
147 void *ret, 140
148 size_t * ret_size, 141 int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert,
149 unsigned int *critical); 142 void *ret,
150 143 size_t * ret_size,
151int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, 144 unsigned int *critical);
152 void *ret,
153 size_t * ret_size,
154 unsigned int *critical);
155 145
156#define GNUTLS_CRL_REASON_UNUSED 128 146#define GNUTLS_CRL_REASON_UNUSED 128
157#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 147#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64
@@ -163,336 +153,303 @@ int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert,
163#define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 153#define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1
164#define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 154#define GNUTLS_CRL_REASON_AA_COMPROMISE 32768
165 155
166int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert, 156 int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,
167 unsigned int seq, 157 unsigned int seq,
168 void *ret, 158 void *ret,
169 size_t * ret_size, 159 size_t * ret_size,
170 unsigned int *reason_flags, 160 unsigned int *reason_flags,
171 unsigned int *critical); 161 unsigned int *critical);
172int gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt, 162 int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt,
173 gnutls_x509_subject_alt_name_t 163 gnutls_x509_subject_alt_name_t
174 type, 164 type,
175 const void *data_string, 165 const void *data_string,
176 unsigned int reason_flags); 166 unsigned int reason_flags);
177int gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst, 167 int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst,
178 gnutls_x509_crt_t src); 168 gnutls_x509_crt_t src);
179 169
180time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert); 170 time_t gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert);
181time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert); 171 time_t gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert);
182int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, 172 int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert,
183 void *result, 173 void *result, size_t * result_size);
184 size_t * result_size); 174
185 175 int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert,
186int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, 176 unsigned int *bits);
187 unsigned int *bits); 177 int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt,
188int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, 178 gnutls_datum_t * m, gnutls_datum_t * e);
189 gnutls_datum_t * m, 179 int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt,
190 gnutls_datum_t * e); 180 gnutls_datum_t * p,
191int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt, 181 gnutls_datum_t * q,
192 gnutls_datum_t * p, 182 gnutls_datum_t * g, gnutls_datum_t * y);
193 gnutls_datum_t * q, 183
194 gnutls_datum_t * g, 184 int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
195 gnutls_datum_t * y); 185 unsigned int seq,
196 186 void *ret,
197int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, 187 size_t * ret_size,
198 unsigned int seq, 188 unsigned int *critical);
199 void *ret, 189 int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert,
200 size_t * ret_size, 190 unsigned int seq,
201 unsigned int *critical); 191 void *ret,
202int gnutls_x509_crt_get_subject_alt_name2(gnutls_x509_crt_t cert, 192 size_t * ret_size,
203 unsigned int seq, 193 unsigned int *ret_type,
204 void *ret, 194 unsigned int *critical);
205 size_t * ret_size, 195
206 unsigned int* ret_type, 196 int gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert,
207 unsigned int *critical); 197 unsigned int seq,
208 198 void *ret,
209int gnutls_x509_crt_get_subject_alt_othername_oid(gnutls_x509_crt_t cert, 199 size_t * ret_size);
210 unsigned int seq, 200
211 void *ret, 201 int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert,
212 size_t * ret_size); 202 unsigned int *critical);
213 203 int gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert,
214int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, 204 unsigned int *critical,
215 unsigned int *critical); 205 int *ca, int *pathlen);
216int gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert,
217 unsigned int *critical,
218 int *ca,
219 int *pathlen);
220 206
221/* The key_usage flags are defined in gnutls.h. They are the 207/* The key_usage flags are defined in gnutls.h. They are the
222 * GNUTLS_KEY_* definitions. 208 * GNUTLS_KEY_* definitions.
223 */ 209 */
224int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, 210 int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,
225 unsigned int *key_usage, 211 unsigned int *key_usage,
226 unsigned int *critical); 212 unsigned int *critical);
227int gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t crt, 213 int gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt,
228 unsigned int usage); 214 unsigned int usage);
229 215
230int gnutls_x509_crt_get_proxy(gnutls_x509_crt_t cert, 216 int gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert,
231 unsigned int *critical, 217 unsigned int *critical,
232 int *pathlen, 218 int *pathlen,
233 char **policyLanguage, 219 char **policyLanguage,
234 char **policy, 220 char **policy, size_t * sizeof_policy);
235 size_t *sizeof_policy);
236 221
237int gnutls_x509_dn_oid_known(const char *oid); 222 int gnutls_x509_dn_oid_known (const char *oid);
238 223
239/* Read extensions by OID. */ 224/* Read extensions by OID. */
240int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, 225 int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
241 int indx,
242 void *oid,
243 size_t * sizeof_oid);
244int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert,
245 const char *oid,
246 int indx, 226 int indx,
247 void *buf, 227 void *oid, size_t * sizeof_oid);
248 size_t * sizeof_buf, 228 int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,
249 unsigned int *critical); 229 const char *oid,
230 int indx,
231 void *buf,
232 size_t * sizeof_buf,
233 unsigned int *critical);
250 234
251/* Read extensions by sequence number. */ 235/* Read extensions by sequence number. */
252int gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, 236 int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert,
253 int indx, 237 int indx,
254 void *oid, 238 void *oid,
255 size_t * sizeof_oid, 239 size_t * sizeof_oid, int *critical);
256 int *critical); 240 int gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert,
257int gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert, 241 int indx,
258 int indx, 242 void *data, size_t * sizeof_data);
259 void *data, 243
260 size_t * sizeof_data); 244 int gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt,
261 245 const char *oid,
262int gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt, 246 const void *buf,
263 const char *oid, 247 size_t sizeof_buf,
264 const void *buf, 248 unsigned int critical);
265 size_t sizeof_buf,
266 unsigned int critical);
267 249
268/* X.509 Certificate writing. 250/* X.509 Certificate writing.
269 */ 251 */
270int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt, 252 int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt,
271 const char *oid, 253 const char *oid,
272 unsigned int raw_flag, 254 unsigned int raw_flag,
273 const void *name, 255 const void *name,
274 unsigned int sizeof_name); 256 unsigned int sizeof_name);
275int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt, 257 int gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt,
276 const char *oid, 258 const char *oid,
277 unsigned int raw_flag, 259 unsigned int raw_flag,
278 const void *name, 260 const void *name,
279 unsigned int sizeof_name); 261 unsigned int sizeof_name);
280int gnutls_x509_crt_set_version(gnutls_x509_crt_t crt, 262 int gnutls_x509_crt_set_version (gnutls_x509_crt_t crt,
281 unsigned int version); 263 unsigned int version);
282int gnutls_x509_crt_set_key(gnutls_x509_crt_t crt, 264 int gnutls_x509_crt_set_key (gnutls_x509_crt_t crt,
283 gnutls_x509_privkey_t key); 265 gnutls_x509_privkey_t key);
284int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t crt, 266 int gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca);
285 unsigned int ca); 267 int gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt,
286int gnutls_x509_crt_set_basic_constraints(gnutls_x509_crt_t crt, 268 unsigned int ca,
287 unsigned int ca, 269 int pathLenConstraint);
288 int pathLenConstraint); 270 int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt,
289int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t crt, 271 gnutls_x509_subject_alt_name_t
290 gnutls_x509_subject_alt_name_t 272 type,
291 type, 273 const char *data_string);
292 const char *data_string); 274 int gnutls_x509_crt_sign (gnutls_x509_crt_t crt,
293int gnutls_x509_crt_sign(gnutls_x509_crt_t crt, 275 gnutls_x509_crt_t issuer,
294 gnutls_x509_crt_t issuer, 276 gnutls_x509_privkey_t issuer_key);
295 gnutls_x509_privkey_t issuer_key); 277 int gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt,
296int gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, 278 gnutls_x509_crt_t issuer,
297 gnutls_x509_crt_t issuer, 279 gnutls_x509_privkey_t issuer_key,
298 gnutls_x509_privkey_t issuer_key, 280 enum MHD_GNUTLS_HashAlgorithm,
299 enum MHD_GNUTLS_HashAlgorithm, 281 unsigned int flags);
300 unsigned int flags); 282 int gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert,
301int gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert, 283 time_t act_time);
302 time_t act_time); 284 int gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert,
303int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert, 285 time_t exp_time);
304 time_t exp_time); 286 int gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert,
305int gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert, 287 const void *serial, size_t serial_size);
306 const void *serial, 288
307 size_t serial_size); 289 int gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert,
308 290 const void *id, size_t id_size);
309int gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert, 291
310 const void *id, 292 int gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt,
311 size_t id_size); 293 gnutls_x509_crt_t eecrt,
312 294 unsigned int raw_flag,
313int gnutls_x509_crt_set_proxy_dn(gnutls_x509_crt_t crt, 295 const void *name,
314 gnutls_x509_crt_t eecrt, 296 unsigned int sizeof_name);
315 unsigned int raw_flag, 297 int gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt,
316 const void *name, 298 int pathLenConstraint,
317 unsigned int sizeof_name); 299 const char *policyLanguage,
318int gnutls_x509_crt_set_proxy(gnutls_x509_crt_t crt, 300 const char *policy, size_t sizeof_policy);
319 int pathLenConstraint, 301
320 const char *policyLanguage, 302 typedef enum gnutls_certificate_print_formats
321 const char *policy,
322 size_t sizeof_policy);
323
324typedef enum gnutls_certificate_print_formats
325 { 303 {
326 GNUTLS_X509_CRT_FULL, 304 GNUTLS_X509_CRT_FULL,
327 GNUTLS_X509_CRT_ONELINE, 305 GNUTLS_X509_CRT_ONELINE,
328 GNUTLS_X509_CRT_UNSIGNED_FULL 306 GNUTLS_X509_CRT_UNSIGNED_FULL
329 } gnutls_certificate_print_formats_t; 307 } gnutls_certificate_print_formats_t;
330 308
331int gnutls_x509_crt_print(gnutls_x509_crt_t cert, 309 int gnutls_x509_crt_print (gnutls_x509_crt_t cert,
332 gnutls_certificate_print_formats_t format, 310 gnutls_certificate_print_formats_t format,
333 gnutls_datum_t *out); 311 gnutls_datum_t * out);
334int gnutls_x509_crl_print(gnutls_x509_crl_t crl, 312 int gnutls_x509_crl_print (gnutls_x509_crl_t crl,
335 gnutls_certificate_print_formats_t format, 313 gnutls_certificate_print_formats_t format,
336 gnutls_datum_t *out); 314 gnutls_datum_t * out);
337 315
338/* Access to internal Certificate fields. 316/* Access to internal Certificate fields.
339 */ 317 */
340int gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert, 318 int gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert,
341 gnutls_datum_t * start); 319 gnutls_datum_t * start);
342int gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, 320 int gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert,
343 gnutls_datum_t * start); 321 gnutls_datum_t * start);
344 322
345/* RDN handling. 323/* RDN handling.
346 */ 324 */
347int gnutls_x509_rdn_get(const gnutls_datum_t * idn, 325 int gnutls_x509_rdn_get (const gnutls_datum_t * idn,
348 char *buf, 326 char *buf, size_t * sizeof_buf);
349 size_t * sizeof_buf); 327 int gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn,
350int gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn, 328 int indx, void *buf, size_t * sizeof_buf);
351 int indx, 329
352 void *buf, 330 int gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn,
353 size_t * sizeof_buf); 331 const char *oid,
354 332 int indx,
355int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, 333 unsigned int raw_flag,
356 const char *oid, 334 void *buf, size_t * sizeof_buf);
357 int indx, 335
358 unsigned int raw_flag, 336 typedef void *gnutls_x509_dn_t;
359 void *buf, 337
360 size_t * sizeof_buf); 338 typedef struct gnutls_x509_ava_st
361
362typedef void *gnutls_x509_dn_t;
363
364typedef struct gnutls_x509_ava_st
365 { 339 {
366 gnutls_datum_t oid; 340 gnutls_datum_t oid;
367 gnutls_datum_t value; 341 gnutls_datum_t value;
368 unsigned long value_tag; 342 unsigned long value_tag;
369 } gnutls_x509_ava_st; 343 } gnutls_x509_ava_st;
370 344
371int gnutls_x509_crt_get_subject(gnutls_x509_crt_t cert, 345 int gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert,
372 gnutls_x509_dn_t *dn); 346 gnutls_x509_dn_t * dn);
373int gnutls_x509_crt_get_issuer(gnutls_x509_crt_t cert, 347 int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert,
374 gnutls_x509_dn_t *dn); 348 gnutls_x509_dn_t * dn);
375int gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn, 349 int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn,
376 int irdn, 350 int irdn,
377 int iava, 351 int iava, gnutls_x509_ava_st * avast);
378 gnutls_x509_ava_st *avast);
379 352
380/* CRL handling functions. 353/* CRL handling functions.
381 */ 354 */
382int gnutls_x509_crl_init(gnutls_x509_crl_t * crl); 355 int gnutls_x509_crl_init (gnutls_x509_crl_t * crl);
383void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl); 356 void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl);
384 357
385int gnutls_x509_crl_import(gnutls_x509_crl_t crl, 358 int gnutls_x509_crl_import (gnutls_x509_crl_t crl,
386 const gnutls_datum_t * data, 359 const gnutls_datum_t * data,
387 gnutls_x509_crt_fmt_t format); 360 gnutls_x509_crt_fmt_t format);
388int gnutls_x509_crl_export(gnutls_x509_crl_t crl, 361 int gnutls_x509_crl_export (gnutls_x509_crl_t crl,
389 gnutls_x509_crt_fmt_t format, 362 gnutls_x509_crt_fmt_t format,
390 void *output_data, 363 void *output_data, size_t * output_data_size);
391 size_t * output_data_size); 364
392 365 int gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl,
393int gnutls_x509_crl_get_issuer_dn(const gnutls_x509_crl_t crl, 366 char *buf, size_t * sizeof_buf);
394 char *buf, 367 int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,
395 size_t * sizeof_buf); 368 const char *oid,
396int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl, 369 int indx,
397 const char *oid, 370 unsigned int raw_flag,
398 int indx, 371 void *buf, size_t * sizeof_buf);
399 unsigned int raw_flag, 372 int gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl,
400 void *buf, 373 int indx, void *oid, size_t * sizeof_oid);
401 size_t * sizeof_buf); 374
402int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl, 375 int gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl);
403 int indx, 376 int gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl,
404 void *oid, 377 char *sig, size_t * sizeof_sig);
405 size_t * sizeof_oid); 378 int gnutls_x509_crl_get_version (gnutls_x509_crl_t crl);
406 379
407int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl_t crl); 380 time_t gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl);
408int gnutls_x509_crl_get_signature(gnutls_x509_crl_t crl, 381 time_t gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl);
409 char *sig, 382
410 size_t *sizeof_sig); 383 int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl);
411int gnutls_x509_crl_get_version(gnutls_x509_crl_t crl); 384 int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl,
412 385 int indx,
413time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl_t crl); 386 unsigned char *serial,
414time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl); 387 size_t * serial_size, time_t * t);
415
416int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl);
417int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl,
418 int indx,
419 unsigned char *serial,
420 size_t * serial_size,
421 time_t * t);
422#define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count 388#define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count
423#define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial 389#define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial
424 390
425int gnutls_x509_crl_check_issuer(gnutls_x509_crl_t crl, 391 int gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl,
426 gnutls_x509_crt_t issuer); 392 gnutls_x509_crt_t issuer);
427 393
428/* CRL writing. 394/* CRL writing.
429 */ 395 */
430int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, 396 int gnutls_x509_crl_set_version (gnutls_x509_crl_t crl,
431 unsigned int version); 397 unsigned int version);
432int gnutls_x509_crl_sign(gnutls_x509_crl_t crl, 398 int gnutls_x509_crl_sign (gnutls_x509_crl_t crl,
433 gnutls_x509_crt_t issuer, 399 gnutls_x509_crt_t issuer,
434 gnutls_x509_privkey_t issuer_key); 400 gnutls_x509_privkey_t issuer_key);
435int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, 401 int gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl,
436 gnutls_x509_crt_t issuer, 402 gnutls_x509_crt_t issuer,
437 gnutls_x509_privkey_t issuer_key, 403 gnutls_x509_privkey_t issuer_key,
438 enum MHD_GNUTLS_HashAlgorithm, 404 enum MHD_GNUTLS_HashAlgorithm,
439 unsigned int flags); 405 unsigned int flags);
440int gnutls_x509_crl_set_this_update(gnutls_x509_crl_t crl, 406 int gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl,
441 time_t act_time); 407 time_t act_time);
442int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t crl, 408 int gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl,
443 time_t exp_time); 409 time_t exp_time);
444int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl, 410 int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
445 const void *serial, 411 const void *serial,
446 size_t serial_size, 412 size_t serial_size,
447 time_t revocation_time); 413 time_t revocation_time);
448int gnutls_x509_crl_set_crt(gnutls_x509_crl_t crl, 414 int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl,
449 gnutls_x509_crt_t crt, 415 gnutls_x509_crt_t crt, time_t revocation_time);
450 time_t revocation_time);
451 416
452/* PKCS7 structures handling 417/* PKCS7 structures handling
453 */ 418 */
454struct gnutls_pkcs7_int; 419 struct gnutls_pkcs7_int;
455typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t; 420 typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t;
456 421
457int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7); 422 int gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7);
458void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7); 423 void gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7);
459int gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, 424 int gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7,
460 const gnutls_datum_t * data, 425 const gnutls_datum_t * data,
461 gnutls_x509_crt_fmt_t format); 426 gnutls_x509_crt_fmt_t format);
462int gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7, 427 int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7,
463 gnutls_x509_crt_fmt_t format, 428 gnutls_x509_crt_fmt_t format,
464 void *output_data, 429 void *output_data, size_t * output_data_size);
465 size_t * output_data_size); 430
466 431 int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7);
467int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7); 432 int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7,
468int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, 433 int indx,
469 int indx, 434 void *certificate, size_t * certificate_size);
470 void *certificate, 435
471 size_t * certificate_size); 436 int gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7,
472 437 const gnutls_datum_t * crt);
473int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, 438 int gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt);
474 const gnutls_datum_t * crt); 439 int gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx);
475int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, 440
476 gnutls_x509_crt_t crt); 441 int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7,
477int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, 442 int indx, void *crl, size_t * crl_size);
478 int indx); 443 int gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7);
479 444
480int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7, 445 int gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7,
481 int indx, 446 const gnutls_datum_t * crt);
482 void *crl, 447 int gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl);
483 size_t * crl_size); 448 int gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx);
484int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7);
485
486int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7,
487 const gnutls_datum_t * crt);
488int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7,
489 gnutls_x509_crl_t crl);
490int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7,
491 int indx);
492 449
493/* X.509 Certificate verification functions. 450/* X.509 Certificate verification functions.
494 */ 451 */
495typedef enum gnutls_certificate_verify_flags 452 typedef enum gnutls_certificate_verify_flags
496 { 453 {
497 /* If set a signer does not have to be a certificate authority. This 454 /* If set a signer does not have to be a certificate authority. This
498 * flag should normaly be disabled, unless you know what this means. 455 * flag should normaly be disabled, unless you know what this means.
@@ -527,58 +484,53 @@ typedef enum gnutls_certificate_verify_flags
527 GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32 484 GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32
528 } gnutls_certificate_verify_flags; 485 } gnutls_certificate_verify_flags;
529 486
530int gnutls_x509_crt_check_issuer(gnutls_x509_crt_t cert, 487 int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
531 gnutls_x509_crt_t issuer); 488 gnutls_x509_crt_t issuer);
532 489
533int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * cert_list, 490 int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
534 int cert_list_length, 491 int cert_list_length,
535 const gnutls_x509_crt_t * CA_list, 492 const gnutls_x509_crt_t * CA_list,
536 int CA_list_length, 493 int CA_list_length,
537 const gnutls_x509_crl_t * CRL_list, 494 const gnutls_x509_crl_t * CRL_list,
538 int CRL_list_length, 495 int CRL_list_length,
539 unsigned int flags, 496 unsigned int flags, unsigned int *verify);
540 unsigned int *verify); 497
541 498 int gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
542int gnutls_x509_crt_verify(gnutls_x509_crt_t cert, 499 const gnutls_x509_crt_t * CA_list,
543 const gnutls_x509_crt_t * CA_list, 500 int CA_list_length,
544 int CA_list_length, 501 unsigned int flags, unsigned int *verify);
545 unsigned int flags, 502 int gnutls_x509_crl_verify (gnutls_x509_crl_t crl,
546 unsigned int *verify); 503 const gnutls_x509_crt_t * CA_list,
547int gnutls_x509_crl_verify(gnutls_x509_crl_t crl, 504 int CA_list_length,
548 const gnutls_x509_crt_t * CA_list, 505 unsigned int flags, unsigned int *verify);
549 int CA_list_length, 506
550 unsigned int flags, 507 int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
551 unsigned int *verify); 508 const gnutls_x509_crl_t *
552 509 crl_list, int crl_list_length);
553int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, 510
554 const gnutls_x509_crl_t * 511 int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
555 crl_list, 512 enum MHD_GNUTLS_HashAlgorithm algo,
556 int crl_list_length); 513 void *buf, size_t * sizeof_buf);
557 514
558int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert, 515 int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
559 enum MHD_GNUTLS_HashAlgorithm algo, 516 int indx,
560 void *buf, 517 void *oid,
561 size_t * sizeof_buf); 518 size_t * sizeof_oid,
562 519 unsigned int *critical);
563int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, 520 int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert,
564 int indx, 521 const void *oid,
565 void *oid, 522 unsigned int critical);
566 size_t * sizeof_oid,
567 unsigned int *critical);
568int gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert,
569 const void *oid,
570 unsigned int critical);
571 523
572/* Private key handling. 524/* Private key handling.
573 */ 525 */
574 526
575/* Flags for the gnutls_x509_privkey_export_pkcs8() function. 527/* Flags for the gnutls_x509_privkey_export_pkcs8() function.
576 */ 528 */
577typedef enum gnutls_pkcs_encrypt_flags_t 529 typedef enum gnutls_pkcs_encrypt_flags_t
578 { 530 {
579 GNUTLS_PKCS_PLAIN = 1, /* if set the private key will not 531 GNUTLS_PKCS_PLAIN = 1, /* if set the private key will not
580 * be encrypted. 532 * be encrypted.
581 */ 533 */
582 GNUTLS_PKCS_USE_PKCS12_3DES = 2, 534 GNUTLS_PKCS_USE_PKCS12_3DES = 2,
583 GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4, 535 GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4,
584 GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8, 536 GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8,
@@ -590,154 +542,143 @@ typedef enum gnutls_pkcs_encrypt_flags_t
590#define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR 542#define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR
591#define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40 543#define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40
592 544
593int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key); 545 int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key);
594void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key); 546 void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key);
595int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst, 547 int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst,
596 gnutls_x509_privkey_t src); 548 gnutls_x509_privkey_t src);
597int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, 549 int gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
598 const gnutls_datum_t * data, 550 const gnutls_datum_t * data,
599 gnutls_x509_crt_fmt_t format); 551 gnutls_x509_crt_fmt_t format);
600int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, 552 int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,
601 const gnutls_datum_t * data, 553 const gnutls_datum_t * data,
602 gnutls_x509_crt_fmt_t format, 554 gnutls_x509_crt_fmt_t format,
603 const char *pass, 555 const char *pass, unsigned int flags);
604 unsigned int flags); 556 int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
605int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, 557 const gnutls_datum_t * m,
606 const gnutls_datum_t * m, 558 const gnutls_datum_t * e,
607 const gnutls_datum_t * e, 559 const gnutls_datum_t * d,
608 const gnutls_datum_t * d, 560 const gnutls_datum_t * p,
609 const gnutls_datum_t * p, 561 const gnutls_datum_t * q,
610 const gnutls_datum_t * q, 562 const gnutls_datum_t * u);
611 const gnutls_datum_t * u); 563 int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key);
612int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key); 564
613 565 int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
614int gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key, 566 gnutls_datum_t * p,
615 gnutls_datum_t * p, 567 gnutls_datum_t * q,
616 gnutls_datum_t * q, 568 gnutls_datum_t * g,
617 gnutls_datum_t * g, 569 gnutls_datum_t * y,
618 gnutls_datum_t * y, 570 gnutls_datum_t * x);
619 gnutls_datum_t * x); 571 int gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key,
620int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, 572 const gnutls_datum_t * p,
621 const gnutls_datum_t * p, 573 const gnutls_datum_t * q,
622 const gnutls_datum_t * q, 574 const gnutls_datum_t * g,
623 const gnutls_datum_t * g, 575 const gnutls_datum_t * y,
624 const gnutls_datum_t * y, 576 const gnutls_datum_t * x);
625 const gnutls_datum_t * x); 577
626 578 int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key);
627int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key); 579 int gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
628int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, 580 unsigned int flags,
629 unsigned int flags, 581 unsigned char *output_data,
630 unsigned char *output_data, 582 size_t * output_data_size);
631 size_t * output_data_size); 583
632 584 int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
633int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, 585 enum MHD_GNUTLS_PublicKeyAlgorithm algo,
634 enum MHD_GNUTLS_PublicKeyAlgorithm algo, 586 unsigned int bits, unsigned int flags);
635 unsigned int bits, 587
636 unsigned int flags); 588 int gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
637 589 gnutls_x509_crt_fmt_t format,
638int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, 590 void *output_data,
639 gnutls_x509_crt_fmt_t format, 591 size_t * output_data_size);
640 void *output_data, 592 int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
641 size_t * output_data_size); 593 gnutls_x509_crt_fmt_t format,
642int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key, 594 const char *password,
643 gnutls_x509_crt_fmt_t format, 595 unsigned int flags,
644 const char *password, 596 void *output_data,
645 unsigned int flags, 597 size_t * output_data_size);
646 void *output_data, 598 int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
647 size_t * output_data_size); 599 gnutls_datum_t * m,
648int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, 600 gnutls_datum_t * e,
649 gnutls_datum_t * m, 601 gnutls_datum_t * d,
650 gnutls_datum_t * e, 602 gnutls_datum_t * p,
651 gnutls_datum_t * d, 603 gnutls_datum_t * q,
652 gnutls_datum_t * p, 604 gnutls_datum_t * u);
653 gnutls_datum_t * q,
654 gnutls_datum_t * u);
655 605
656/* Signing stuff. 606/* Signing stuff.
657 */ 607 */
658int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, 608 int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
659 enum MHD_GNUTLS_HashAlgorithm digest, 609 enum MHD_GNUTLS_HashAlgorithm digest,
660 unsigned int flags, 610 unsigned int flags,
661 const gnutls_datum_t * data, 611 const gnutls_datum_t * data,
662 void *signature, 612 void *signature,
663 size_t * signature_size); 613 size_t * signature_size);
664int gnutls_x509_privkey_verify_data(gnutls_x509_privkey_t key, 614 int gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key,
665 unsigned int flags, 615 unsigned int flags,
666 const gnutls_datum_t * data, 616 const gnutls_datum_t * data,
667 const gnutls_datum_t * signature); 617 const gnutls_datum_t * signature);
668int gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt, 618 int gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt,
669 unsigned int flags, 619 unsigned int flags,
670 const gnutls_datum_t * data, 620 const gnutls_datum_t * data,
671 const gnutls_datum_t * signature); 621 const gnutls_datum_t * signature);
672 622
673int gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key, 623 int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
674 const gnutls_datum_t * hash, 624 const gnutls_datum_t * hash,
675 gnutls_datum_t * signature); 625 gnutls_datum_t * signature);
676 626
677/* Certificate request stuff. 627/* Certificate request stuff.
678 */ 628 */
679struct gnutls_x509_crq_int; 629 struct gnutls_x509_crq_int;
680typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t; 630 typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t;
681 631
682int gnutls_x509_crq_init(gnutls_x509_crq_t * crq); 632 int gnutls_x509_crq_init (gnutls_x509_crq_t * crq);
683void gnutls_x509_crq_deinit(gnutls_x509_crq_t crq); 633 void gnutls_x509_crq_deinit (gnutls_x509_crq_t crq);
684int gnutls_x509_crq_import(gnutls_x509_crq_t crq, 634 int gnutls_x509_crq_import (gnutls_x509_crq_t crq,
685 const gnutls_datum_t * data, 635 const gnutls_datum_t * data,
686 gnutls_x509_crt_fmt_t format); 636 gnutls_x509_crt_fmt_t format);
687int gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t crq, 637 int gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq,
688 unsigned int *bits); 638 unsigned int *bits);
689int gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, 639 int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq,
690 char *buf, 640 char *buf, size_t * sizeof_buf);
691 size_t * sizeof_buf); 641 int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq,
692int gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq, 642 int indx, void *oid, size_t * sizeof_oid);
693 int indx, 643 int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq,
694 void *oid, 644 const char *oid,
695 size_t * sizeof_oid); 645 int indx,
696int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq, 646 unsigned int raw_flag,
697 const char *oid, 647 void *buf, size_t * sizeof_buf);
698 int indx, 648 int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq,
699 unsigned int raw_flag, 649 const char *oid,
700 void *buf, 650 unsigned int raw_flag,
701 size_t * sizeof_buf); 651 const void *name,
702int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t crq, 652 unsigned int sizeof_name);
703 const char *oid, 653 int gnutls_x509_crq_set_version (gnutls_x509_crq_t crq,
704 unsigned int raw_flag, 654 unsigned int version);
705 const void *name, 655 int gnutls_x509_crq_set_key (gnutls_x509_crq_t crq,
706 unsigned int sizeof_name); 656 gnutls_x509_privkey_t key);
707int gnutls_x509_crq_set_version(gnutls_x509_crq_t crq, 657 int gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq,
708 unsigned int version); 658 gnutls_x509_privkey_t key,
709int gnutls_x509_crq_set_key(gnutls_x509_crq_t crq, 659 enum MHD_GNUTLS_HashAlgorithm,
710 gnutls_x509_privkey_t key); 660 unsigned int flags);
711int gnutls_x509_crq_sign2(gnutls_x509_crq_t crq, 661 int gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key);
712 gnutls_x509_privkey_t key, 662
713 enum MHD_GNUTLS_HashAlgorithm, 663 int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq,
714 unsigned int flags); 664 const char *pass);
715int gnutls_x509_crq_sign(gnutls_x509_crq_t crq, 665 int gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq,
716 gnutls_x509_privkey_t key); 666 char *pass,
717 667 size_t * sizeof_pass);
718int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, 668
719 const char *pass); 669 int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,
720int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq, 670 const char *oid,
721 char *pass, 671 void *buf, size_t sizeof_buf);
722 size_t * sizeof_pass); 672 int gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq,
723 673 const char *oid,
724int gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq, 674 int indx,
725 const char *oid, 675 void *buf, size_t * sizeof_buf);
726 void *buf, 676
727 size_t sizeof_buf); 677 int gnutls_x509_crq_export (gnutls_x509_crq_t crq,
728int gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq, 678 gnutls_x509_crt_fmt_t format,
729 const char *oid, 679 void *output_data, size_t * output_data_size);
730 int indx, 680
731 void *buf, 681 int gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq);
732 size_t * sizeof_buf);
733
734int gnutls_x509_crq_export(gnutls_x509_crq_t crq,
735 gnutls_x509_crt_fmt_t format,
736 void *output_data,
737 size_t * output_data_size);
738
739int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt,
740 gnutls_x509_crq_t crq);
741 682
742#ifdef __cplusplus 683#ifdef __cplusplus
743} 684}
@@ -752,17 +693,17 @@ int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt,
752#define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3" 693#define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3"
753 694
754typedef struct gnutls_x509_crl_int 695typedef struct gnutls_x509_crl_int
755 { 696{
756 ASN1_TYPE crl; 697 ASN1_TYPE crl;
757 } gnutls_x509_crl_int; 698} gnutls_x509_crl_int;
758 699
759typedef struct gnutls_x509_crt_int 700typedef struct gnutls_x509_crt_int
760 { 701{
761 ASN1_TYPE cert; 702 ASN1_TYPE cert;
762 int use_extensions; 703 int use_extensions;
763 } gnutls_x509_crt_int; 704} gnutls_x509_crt_int;
764 705
765#define MAX_PRIV_PARAMS_SIZE 6 /* ok for RSA and DSA */ 706#define MAX_PRIV_PARAMS_SIZE 6 /* ok for RSA and DSA */
766 707
767/* parameters should not be larger than this limit */ 708/* parameters should not be larger than this limit */
768#define DSA_PRIVATE_PARAMS 5 709#define DSA_PRIVATE_PARAMS 5
@@ -779,140 +720,130 @@ typedef struct gnutls_x509_crt_int
779#endif 720#endif
780 721
781typedef struct MHD_gtls_x509_privkey_int 722typedef struct MHD_gtls_x509_privkey_int
782 { 723{
783 mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public 724 mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public
784 * key algorithm 725 * key algorithm
785 */ 726 */
786 /* 727 /*
787 * RSA: [0] is modulus 728 * RSA: [0] is modulus
788 * [1] is public exponent 729 * [1] is public exponent
789 * [2] is private exponent 730 * [2] is private exponent
790 * [3] is prime1 (p) 731 * [3] is prime1 (p)
791 * [4] is prime2 (q) 732 * [4] is prime2 (q)
792 * [5] is coefficient (u == inverse of p mod q) 733 * [5] is coefficient (u == inverse of p mod q)
793 * note that other packages used inverse of q mod p, 734 * note that other packages used inverse of q mod p,
794 * so we need to perform conversions. 735 * so we need to perform conversions.
795 * DSA: [0] is p 736 * DSA: [0] is p
796 * [1] is q 737 * [1] is q
797 * [2] is g 738 * [2] is g
798 * [3] is y (public key) 739 * [3] is y (public key)
799 * [4] is x (private key) 740 * [4] is x (private key)
800 */ 741 */
801 int params_size; /* holds the number of params */ 742 int params_size; /* holds the number of params */
802 743
803 enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; 744 enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm;
804 745
805 int crippled; /* The crippled keys will not use the ASN1_TYPE key. 746 int crippled; /* The crippled keys will not use the ASN1_TYPE key.
806 * The encoding will only be performed at the export 747 * The encoding will only be performed at the export
807 * phase, to optimize copying etc. Cannot be used with 748 * phase, to optimize copying etc. Cannot be used with
808 * the exported API (used internally only). 749 * the exported API (used internally only).
809 */ 750 */
810 ASN1_TYPE key; 751 ASN1_TYPE key;
811 } gnutls_x509_privkey_int; 752} gnutls_x509_privkey_int;
812 753
813int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, 754int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
814 const char *oid, 755 const char *oid,
815 int indx, 756 int indx,
816 unsigned int raw_flag, 757 unsigned int raw_flag,
817 void *buf, 758 void *buf, size_t * sizeof_buf);
818 size_t * sizeof_buf); 759int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
819int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, 760 unsigned int seq,
820 unsigned int seq, 761 void *ret,
821 void *ret, 762 size_t * ret_size,
822 size_t * ret_size, 763 unsigned int *critical);
823 unsigned int *critical); 764int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert,
824int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, 765 const char *oid,
825 const char *oid,
826 int indx,
827 unsigned int raw_flag,
828 void *buf,
829 size_t * sizeof_buf);
830int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert,
831 unsigned int *critical);
832int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert,
833 unsigned int *bits);
834
835int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest,
836 gnutls_x509_crt_t src);
837
838int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert,
839 void *result,
840 size_t * result_size);
841
842int _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1,
843 const gnutls_datum_t * dn2);
844
845int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
846 const gnutls_x509_crl_t * crl_list,
847 int crl_list_length);
848
849int _gnutls_x509_crl_cpy(gnutls_x509_crl_t dest,
850 gnutls_x509_crl_t src);
851int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl,
852 gnutls_datum_t * dn);
853int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl);
854int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl,
855 int indx, 766 int indx,
856 unsigned char *serial, 767 unsigned int raw_flag,
857 size_t * serial_size, 768 void *buf, size_t * sizeof_buf);
858 time_t * t); 769int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert,
859 770 unsigned int *critical);
860void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl); 771int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert,
861int gnutls_x509_crl_init(gnutls_x509_crl_t * crl); 772 unsigned int *bits);
862int gnutls_x509_crl_import(gnutls_x509_crl_t crl, 773
863 const gnutls_datum_t * data, 774int _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src);
864 gnutls_x509_crt_fmt_t format); 775
865int gnutls_x509_crl_export(gnutls_x509_crl_t crl, 776int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert,
866 gnutls_x509_crt_fmt_t format, 777 void *result, size_t * result_size);
867 void *output_data, 778
868 size_t * output_data_size); 779int _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
869 780 const gnutls_datum_t * dn2);
870int gnutls_x509_crt_init(gnutls_x509_crt_t * cert); 781
871void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert); 782int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
872int gnutls_x509_crt_import(gnutls_x509_crt_t cert, 783 const gnutls_x509_crl_t * crl_list,
873 const gnutls_datum_t * data, 784 int crl_list_length);
874 gnutls_x509_crt_fmt_t format); 785
875int gnutls_x509_crt_export(gnutls_x509_crt_t cert, 786int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src);
876 gnutls_x509_crt_fmt_t format, 787int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
877 void *output_data, 788 gnutls_datum_t * dn);
878 size_t * output_data_size); 789int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl);
879 790int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl,
880int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, 791 int indx,
881 unsigned int *key_usage, 792 unsigned char *serial,
882 unsigned int *critical); 793 size_t * serial_size, time_t * t);
883int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert); 794
884int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert); 795void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl);
885 796int gnutls_x509_crl_init (gnutls_x509_crl_t * crl);
886int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key); 797int gnutls_x509_crl_import (gnutls_x509_crl_t crl,
887void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key); 798 const gnutls_datum_t * data,
888 799 gnutls_x509_crt_fmt_t format);
889int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, 800int gnutls_x509_crl_export (gnutls_x509_crl_t crl,
890 enum MHD_GNUTLS_PublicKeyAlgorithm algo, 801 gnutls_x509_crt_fmt_t format,
891 unsigned int bits, 802 void *output_data, size_t * output_data_size);
892 unsigned int flags); 803
893 804int gnutls_x509_crt_init (gnutls_x509_crt_t * cert);
894int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, 805void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert);
895 const gnutls_datum_t * data, 806int gnutls_x509_crt_import (gnutls_x509_crt_t cert,
896 gnutls_x509_crt_fmt_t format); 807 const gnutls_datum_t * data,
897int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key); 808 gnutls_x509_crt_fmt_t format);
898int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, 809int gnutls_x509_crt_export (gnutls_x509_crt_t cert,
899 const gnutls_datum_t * m, 810 gnutls_x509_crt_fmt_t format,
900 const gnutls_datum_t * e, 811 void *output_data, size_t * output_data_size);
901 const gnutls_datum_t * d, 812
902 const gnutls_datum_t * p, 813int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,
903 const gnutls_datum_t * q, 814 unsigned int *key_usage,
904 const gnutls_datum_t * u); 815 unsigned int *critical);
905int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, 816int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert);
906 gnutls_datum_t * m, 817int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert);
907 gnutls_datum_t * e, 818
908 gnutls_datum_t * d, 819int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key);
909 gnutls_datum_t * p, 820void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key);
910 gnutls_datum_t * q, 821
911 gnutls_datum_t * u); 822int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
912int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, 823 enum MHD_GNUTLS_PublicKeyAlgorithm algo,
913 gnutls_x509_crt_fmt_t format, 824 unsigned int bits, unsigned int flags);
914 void *output_data, 825
915 size_t * output_data_size); 826int gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
827 const gnutls_datum_t * data,
828 gnutls_x509_crt_fmt_t format);
829int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key);
830int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
831 const gnutls_datum_t * m,
832 const gnutls_datum_t * e,
833 const gnutls_datum_t * d,
834 const gnutls_datum_t * p,
835 const gnutls_datum_t * q,
836 const gnutls_datum_t * u);
837int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
838 gnutls_datum_t * m,
839 gnutls_datum_t * e,
840 gnutls_datum_t * d,
841 gnutls_datum_t * p,
842 gnutls_datum_t * q,
843 gnutls_datum_t * u);
844int gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
845 gnutls_x509_crt_fmt_t format,
846 void *output_data, size_t * output_data_size);
916 847
917#define GNUTLS_CRL_REASON_UNUSED 128 848#define GNUTLS_CRL_REASON_UNUSED 128
918#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 849#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64
diff --git a/src/daemon/https/x509/x509_privkey.c b/src/daemon/https/x509/x509_privkey.c
index 5e58cffb..e890843d 100644
--- a/src/daemon/https/x509/x509_privkey.c
+++ b/src/daemon/https/x509/x509_privkey.c
@@ -446,7 +446,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
446 * 446 *
447 * This function will convert the given RSA raw parameters 447 * This function will convert the given RSA raw parameters
448 * to the native gnutls_x509_privkey_t format. The output will be stored in @key. 448 * to the native gnutls_x509_privkey_t format. The output will be stored in @key.
449 * 449 *
450 **/ 450 **/
451int 451int
452gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, 452gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
@@ -646,7 +646,7 @@ gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
646 * This function will export the RSA private key's parameters found in the given 646 * This function will export the RSA private key's parameters found in the given
647 * structure. The new parameters will be allocated using 647 * structure. The new parameters will be allocated using
648 * gnutls_malloc() and will be stored in the appropriate datum. 648 * gnutls_malloc() and will be stored in the appropriate datum.
649 * 649 *
650 **/ 650 **/
651int 651int
652gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, 652gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
@@ -760,7 +760,7 @@ error:_gnutls_free_datum (m);
760 * This function will export the DSA private key's parameters found in the given 760 * This function will export the DSA private key's parameters found in the given
761 * structure. The new parameters will be allocated using 761 * structure. The new parameters will be allocated using
762 * gnutls_malloc() and will be stored in the appropriate datum. 762 * gnutls_malloc() and will be stored in the appropriate datum.
763 * 763 *
764 **/ 764 **/
765int 765int
766gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, 766gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
@@ -960,7 +960,7 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params)
960 goto cleanup; 960 goto cleanup;
961 } 961 }
962 962
963 /* Write PRIME 963 /* Write PRIME
964 */ 964 */
965 if ((result = asn1_write_value (*c2, "modulus", m_data, size[0])) 965 if ((result = asn1_write_value (*c2, "modulus", m_data, size[0]))
966 != ASN1_SUCCESS) 966 != ASN1_SUCCESS)
@@ -1120,7 +1120,7 @@ _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params)
1120 goto cleanup; 1120 goto cleanup;
1121 } 1121 }
1122 1122
1123 /* Write PRIME 1123 /* Write PRIME
1124 */ 1124 */
1125 if ((result = asn1_write_value (*c2, "p", p_data, size[0])) != ASN1_SUCCESS) 1125 if ((result = asn1_write_value (*c2, "p", p_data, size[0])) != ASN1_SUCCESS)
1126 { 1126 {
@@ -1183,7 +1183,7 @@ cleanup:asn1_delete_structure (c2);
1183 * @flags: unused for now. Must be 0. 1183 * @flags: unused for now. Must be 0.
1184 * 1184 *
1185 * This function will generate a random private key. Note that 1185 * This function will generate a random private key. Note that
1186 * this function must be called on an empty private key. 1186 * this function must be called on an empty private key.
1187 * 1187 *
1188 * Returns 0 on success or a negative value on error. 1188 * Returns 0 on success or a negative value on error.
1189 * 1189 *
@@ -1409,7 +1409,7 @@ gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
1409 } 1409 }
1410 1410
1411 result = mhd_gtls_sign (key->pk_algorithm, key->params, 1411 result = mhd_gtls_sign (key->pk_algorithm, key->params,
1412 key->params_size, hash, signature); 1412 key->params_size, hash, signature);
1413 if (result < 0) 1413 if (result < 0)
1414 { 1414 {
1415 gnutls_assert (); 1415 gnutls_assert ();
diff --git a/src/daemon/https/x509/x509_verify.c b/src/daemon/https/x509/x509_verify.c
index 646bdf10..e9d784ce 100644
--- a/src/daemon/https/x509/x509_verify.c
+++ b/src/daemon/https/x509/x509_verify.c
@@ -201,7 +201,7 @@ find_issuer (gnutls_x509_crt_t cert,
201{ 201{
202 int i; 202 int i;
203 203
204 /* this is serial search. 204 /* this is serial search.
205 */ 205 */
206 206
207 for (i = 0; i < tcas_size; i++) 207 for (i = 0; i < tcas_size; i++)
@@ -214,11 +214,11 @@ find_issuer (gnutls_x509_crt_t cert,
214 return NULL; 214 return NULL;
215} 215}
216 216
217/* 217/*
218 * Verifies the given certificate again a certificate list of 218 * Verifies the given certificate again a certificate list of
219 * trusted CAs. 219 * trusted CAs.
220 * 220 *
221 * Returns only 0 or 1. If 1 it means that the certificate 221 * Returns only 0 or 1. If 1 it means that the certificate
222 * was successfuly verified. 222 * was successfuly verified.
223 * 223 *
224 * 'flags': an OR of the gnutls_certificate_verify_flags enumeration. 224 * 'flags': an OR of the gnutls_certificate_verify_flags enumeration.
@@ -435,7 +435,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
435 clist_size--; 435 clist_size--;
436 } 436 }
437 437
438 /* Verify the certificate path (chain) 438 /* Verify the certificate path (chain)
439 */ 439 */
440 for (i = clist_size - 1; i > 0; i--) 440 for (i = clist_size - 1; i > 0; i--)
441 { 441 {
@@ -465,7 +465,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
465 */ 465 */
466static int 466static int
467decode_ber_digest_info (const gnutls_datum_t * info, 467decode_ber_digest_info (const gnutls_datum_t * info,
468 enum MHD_GNUTLS_HashAlgorithm * hash, 468 enum MHD_GNUTLS_HashAlgorithm *hash,
469 opaque * digest, int *digest_size) 469 opaque * digest, int *digest_size)
470{ 470{
471 ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; 471 ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
@@ -664,7 +664,7 @@ verify_sig (const gnutls_datum_t * tbs,
664 664
665/* verifies if the certificate is properly signed. 665/* verifies if the certificate is properly signed.
666 * returns 0 on failure and 1 on success. 666 * returns 0 on failure and 1 on success.
667 * 667 *
668 * 'tbs' is the signed data 668 * 'tbs' is the signed data
669 * 'signature' is the signature! 669 * 'signature' is the signature!
670 */ 670 */
@@ -707,7 +707,7 @@ _gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
707 707
708/* verifies if the certificate is properly signed. 708/* verifies if the certificate is properly signed.
709 * returns 0 on failure and 1 on success. 709 * returns 0 on failure and 1 on success.
710 * 710 *
711 * 'tbs' is the signed data 711 * 'tbs' is the signed data
712 * 'signature' is the signature! 712 * 'signature' is the signature!
713 */ 713 */
@@ -743,12 +743,12 @@ _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
743 * Note that expiration and activation dates are not checked 743 * Note that expiration and activation dates are not checked
744 * by this function, you should check them using the appropriate functions. 744 * by this function, you should check them using the appropriate functions.
745 * 745 *
746 * If no flags are specified (0), this function will use the 746 * If no flags are specified (0), this function will use the
747 * basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate 747 * basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate
748 * authority is allowed to sign a certificate. 748 * authority is allowed to sign a certificate.
749 * 749 *
750 * You must also check the peer's name in order to check if the verified 750 * You must also check the peer's name in order to check if the verified
751 * certificate belongs to the actual peer. 751 * certificate belongs to the actual peer.
752 * 752 *
753 * The certificate verification output will be put in @verify and will be 753 * The certificate verification output will be put in @verify and will be
754 * one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd. 754 * one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd.
@@ -774,7 +774,7 @@ gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
774 if (cert_list == NULL || cert_list_length == 0) 774 if (cert_list == NULL || cert_list_length == 0)
775 return GNUTLS_E_NO_CERTIFICATE_FOUND; 775 return GNUTLS_E_NO_CERTIFICATE_FOUND;
776 776
777 /* Verify certificate 777 /* Verify certificate
778 */ 778 */
779 *verify = _gnutls_x509_verify_certificate (cert_list, cert_list_length, 779 *verify = _gnutls_x509_verify_certificate (cert_list, cert_list_length,
780 CA_list, CA_list_length, 780 CA_list, CA_list_length,
@@ -792,7 +792,7 @@ gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
792 * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. 792 * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
793 * @verify: will hold the certificate verification output. 793 * @verify: will hold the certificate verification output.
794 * 794 *
795 * This function will try to verify the given certificate and return its status. 795 * This function will try to verify the given certificate and return its status.
796 * The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID. 796 * The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID.
797 * 797 *
798 * Returns 0 on success and a negative value in case of an error. 798 * Returns 0 on success and a negative value in case of an error.
@@ -805,7 +805,7 @@ gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
805 unsigned int flags, unsigned int *verify) 805 unsigned int flags, unsigned int *verify)
806{ 806{
807 int ret; 807 int ret;
808 /* Verify certificate 808 /* Verify certificate
809 */ 809 */
810 ret = _gnutls_verify_certificate2 (cert, CA_list, CA_list_length, flags, 810 ret = _gnutls_verify_certificate2 (cert, CA_list, CA_list_length, flags,
811 verify); 811 verify);
@@ -861,7 +861,7 @@ gnutls_x509_crl_verify (gnutls_x509_crl_t crl,
861 unsigned int *verify) 861 unsigned int *verify)
862{ 862{
863 int ret; 863 int ret;
864 /* Verify crl 864 /* Verify crl
865 */ 865 */
866 ret = _gnutls_verify_crl2 (crl, CA_list, CA_list_length, flags, verify); 866 ret = _gnutls_verify_crl2 (crl, CA_list, CA_list_length, flags, verify);
867 if (ret < 0) 867 if (ret < 0)
@@ -912,7 +912,7 @@ find_crl_issuer (gnutls_x509_crl_t crl,
912{ 912{
913 int i; 913 int i;
914 914
915 /* this is serial search. 915 /* this is serial search.
916 */ 916 */
917 917
918 for (i = 0; i < tcas_size; i++) 918 for (i = 0; i < tcas_size; i++)
@@ -925,14 +925,14 @@ find_crl_issuer (gnutls_x509_crl_t crl,
925 return NULL; 925 return NULL;
926} 926}
927 927
928/* 928/*
929 * Returns only 0 or 1. If 1 it means that the CRL 929 * Returns only 0 or 1. If 1 it means that the CRL
930 * was successfuly verified. 930 * was successfuly verified.
931 * 931 *
932 * 'flags': an OR of the gnutls_certificate_verify_flags enumeration. 932 * 'flags': an OR of the gnutls_certificate_verify_flags enumeration.
933 * 933 *
934 * Output will hold information about the verification 934 * Output will hold information about the verification
935 * procedure. 935 * procedure.
936 */ 936 */
937static int 937static int
938_gnutls_verify_crl2 (gnutls_x509_crl_t crl, 938_gnutls_verify_crl2 (gnutls_x509_crl_t crl,
diff --git a/src/daemon/https/x509/x509_write.c b/src/daemon/https/x509/x509_write.c
index 944b863c..342e117d 100644
--- a/src/daemon/https/x509/x509_write.c
+++ b/src/daemon/https/x509/x509_write.c
@@ -118,7 +118,7 @@ gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt,
118} 118}
119 119
120/** 120/**
121 * gnutls_x509_crt_set_proxy_dn - Set Proxy Certificate subject's distinguished name 121 * gnutls_x509_crt_set_proxy_dn - Set Proxy Certificate subject's distinguished name
122 * @crt: a gnutls_x509_crt_t structure with the new proxy cert 122 * @crt: a gnutls_x509_crt_t structure with the new proxy cert
123 * @eecrt: the end entity certificate that will be issuing the proxy 123 * @eecrt: the end entity certificate that will be issuing the proxy
124 * @raw_flag: must be 0, or 1 if the CN is DER encoded 124 * @raw_flag: must be 0, or 1 if the CN is DER encoded
@@ -407,7 +407,7 @@ gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca)
407 * @crt: should contain a gnutls_x509_crt_t structure 407 * @crt: should contain a gnutls_x509_crt_t structure
408 * @usage: an ORed sequence of the GNUTLS_KEY_* elements. 408 * @usage: an ORed sequence of the GNUTLS_KEY_* elements.
409 * 409 *
410 * This function will set the keyUsage certificate extension. 410 * This function will set the keyUsage certificate extension.
411 * 411 *
412 * Returns 0 on success. 412 * Returns 0 on success.
413 * 413 *
@@ -454,7 +454,7 @@ gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, unsigned int usage)
454 * @type: is one of the gnutls_x509_subject_alt_name_t enumerations 454 * @type: is one of the gnutls_x509_subject_alt_name_t enumerations
455 * @data_string: The data to be set 455 * @data_string: The data to be set
456 * 456 *
457 * This function will set the subject alternative name certificate extension. 457 * This function will set the subject alternative name certificate extension.
458 * 458 *
459 * Returns 0 on success. 459 * Returns 0 on success.
460 * 460 *
@@ -520,7 +520,7 @@ gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt,
520 * and negative values indicate that the pathLenConstraints field should 520 * and negative values indicate that the pathLenConstraints field should
521 * not be present. 521 * not be present.
522 * @policyLanguage: OID describing the language of @policy. 522 * @policyLanguage: OID describing the language of @policy.
523 * @policy: opaque byte array with policy language, can be %NULL 523 * @policy: opaque byte array with policy language, can be %NULL
524 * @sizeof_policy: size of @policy. 524 * @sizeof_policy: size of @policy.
525 * 525 *
526 * This function will set the proxyCertInfo extension. 526 * This function will set the proxyCertInfo extension.
@@ -688,10 +688,10 @@ gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, time_t exp_time)
688 * @serial: The serial number 688 * @serial: The serial number
689 * @serial_size: Holds the size of the serial field. 689 * @serial_size: Holds the size of the serial field.
690 * 690 *
691 * This function will set the X.509 certificate's serial number. 691 * This function will set the X.509 certificate's serial number.
692 * Serial is not always a 32 or 64bit number. Some CAs use 692 * Serial is not always a 32 or 64bit number. Some CAs use
693 * large serial numbers, thus it may be wise to handle it as something 693 * large serial numbers, thus it may be wise to handle it as something
694 * opaque. 694 * opaque.
695 * 695 *
696 * Returns 0 on success, or a negative value in case of an error. 696 * Returns 0 on success, or a negative value in case of an error.
697 * 697 *
@@ -748,7 +748,7 @@ disable_optional_stuff (gnutls_x509_crt_t cert)
748 * @data_string: The data to be set 748 * @data_string: The data to be set
749 * @reason_flags: revocation reasons 749 * @reason_flags: revocation reasons
750 * 750 *
751 * This function will set the CRL distribution points certificate extension. 751 * This function will set the CRL distribution points certificate extension.
752 * 752 *
753 * Returns 0 on success. 753 * Returns 0 on success.
754 * 754 *
@@ -814,7 +814,7 @@ gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt,
814 * @dst: should contain a gnutls_x509_crt_t structure 814 * @dst: should contain a gnutls_x509_crt_t structure
815 * @src: the certificate where the dist points will be copied from 815 * @src: the certificate where the dist points will be copied from
816 * 816 *
817 * This function will copy the CRL distribution points certificate 817 * This function will copy the CRL distribution points certificate
818 * extension, from the source to the destination certificate. 818 * extension, from the source to the destination certificate.
819 * This may be useful to copy from a CA certificate to issued ones. 819 * This may be useful to copy from a CA certificate to issued ones.
820 * 820 *
diff --git a/src/daemon/internal.h b/src/daemon/internal.h
index 0fca73d2..940d631f 100644
--- a/src/daemon/internal.h
+++ b/src/daemon/internal.h
@@ -279,7 +279,7 @@ enum MHD_CONNECTION_STATE
279 * Handshake messages will be processed in this state & while 279 * Handshake messages will be processed in this state & while
280 * in the 'MHD_TLS_HELLO_REQUEST' state 280 * in the 'MHD_TLS_HELLO_REQUEST' state
281 */ 281 */
282 MHD_TLS_CONNECTION_INIT = MHD_CONNECTION_CLOSED +1, 282 MHD_TLS_CONNECTION_INIT = MHD_CONNECTION_CLOSED + 1,
283 283
284 /* 284 /*
285 * This state indicates the server has send a 'Hello Request' to 285 * This state indicates the server has send a 'Hello Request' to
@@ -303,7 +303,7 @@ enum MHD_CONNECTION_STATE
303#define DEBUG_STATES MHD_NO 303#define DEBUG_STATES MHD_NO
304 304
305#if DEBUG_STATES 305#if DEBUG_STATES
306char * MHD_state_to_string(enum MHD_CONNECTION_STATE state); 306char *MHD_state_to_string (enum MHD_CONNECTION_STATE state);
307#endif 307#endif
308 308
309struct MHD_Connection 309struct MHD_Connection
@@ -543,9 +543,9 @@ struct MHD_Connection
543 * function pointers to the appropriate send & receive funtions 543 * function pointers to the appropriate send & receive funtions
544 * according to whether this is a HTTPS / HTTP daemon 544 * according to whether this is a HTTPS / HTTP daemon
545 */ 545 */
546 ssize_t (*recv_cls) (struct MHD_Connection * connection); 546 ssize_t (*recv_cls) (struct MHD_Connection * connection);
547 547
548 ssize_t (*send_cls) (struct MHD_Connection * connection); 548 ssize_t (*send_cls) (struct MHD_Connection * connection);
549 549
550#if HTTPS_SUPPORT 550#if HTTPS_SUPPORT
551 /* TODO rename as this might be an SSL connection */ 551 /* TODO rename as this might be an SSL connection */
@@ -641,13 +641,13 @@ struct MHD_Daemon
641 /* Diffie-Hellman parameters */ 641 /* Diffie-Hellman parameters */
642 mhd_gtls_dh_params_t dh_params; 642 mhd_gtls_dh_params_t dh_params;
643 643
644 const char * https_key_path; 644 const char *https_key_path;
645 645
646 const char * https_cert_path; 646 const char *https_cert_path;
647 647
648 const char * https_mem_key; 648 const char *https_mem_key;
649 649
650 const char * https_mem_cert; 650 const char *https_mem_cert;
651#endif 651#endif
652}; 652};
653 653
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 1238d789..c3f55942 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -280,7 +280,6 @@ enum MHD_FLAG
280 * MHD, and OFF in production. 280 * MHD, and OFF in production.
281 */ 281 */
282 MHD_USE_PEDANTIC_CHECKS = 32 282 MHD_USE_PEDANTIC_CHECKS = 32
283
284}; 283};
285 284
286/** 285/**
@@ -373,7 +372,7 @@ enum MHD_OPTION
373 * This should be used in conjunction with 'MHD_OPTION_HTTPS_MEM_CERT'. 372 * This should be used in conjunction with 'MHD_OPTION_HTTPS_MEM_CERT'.
374 */ 373 */
375 MHD_OPTION_HTTPS_MEM_KEY = 9, 374 MHD_OPTION_HTTPS_MEM_KEY = 9,
376 375
377 /** 376 /**
378 * Memory pointer for the certificate (cert.pem) to be used by the 377 * Memory pointer for the certificate (cert.pem) to be used by the
379 * HTTPS daemon. This option should be followed by an 378 * HTTPS daemon. This option should be followed by an
@@ -392,16 +391,16 @@ enum MHD_OPTION
392 /** 391 /**
393 * SSL/TLS protocol version. 392 * SSL/TLS protocol version.
394 * 393 *
395 * Memory pointer to a zero (MHD_GNUTLS_PROTOCOL_END) terminated 394 * Memory pointer to a zero (MHD_GNUTLS_PROTOCOL_END) terminated
396 * (const) array of 'enum MHD_GNUTLS_Protocol' values representing the 395 * (const) array of 'enum MHD_GNUTLS_Protocol' values representing the
397 * protocol versions to this server should support. Unsupported 396 * protocol versions to this server should support. Unsupported
398 * requests will be droped by the server. 397 * requests will be droped by the server.
399 */ 398 */
400 MHD_OPTION_PROTOCOL_VERSION = 12, 399 MHD_OPTION_PROTOCOL_VERSION = 12,
401 400
402 /** 401 /**
403 * Memory pointer to a zero (MHD_GNUTLS_CIPHER_UNKNOWN) 402 * Memory pointer to a zero (MHD_GNUTLS_CIPHER_UNKNOWN)
404 * terminated (const) array of 'enum MHD_GNUTLS_CipherAlgorithm' 403 * terminated (const) array of 'enum MHD_GNUTLS_CipherAlgorithm'
405 * representing the cipher priority order to which the HTTPS 404 * representing the cipher priority order to which the HTTPS
406 * daemon should adhere. 405 * daemon should adhere.
407 */ 406 */
@@ -421,7 +420,7 @@ enum MHD_OPTION
421 MHD_OPTION_CERT_TYPE = 15, 420 MHD_OPTION_CERT_TYPE = 15,
422 421
423 /** 422 /**
424 * Specify the mac algorithm used by server. 423 * Specify the mac algorithm used by server.
425 * The argument should be of type "enum MHD_GNUTLS_MacAlgorithm" 424 * The argument should be of type "enum MHD_GNUTLS_MacAlgorithm"
426 */ 425 */
427 MHD_OPTION_MAC_ALGO = 16, 426 MHD_OPTION_MAC_ALGO = 16,
@@ -481,7 +480,6 @@ enum MHD_ValueKind
481 * HTTP footer (only for http 1.1 chunked encodings). 480 * HTTP footer (only for http 1.1 chunked encodings).
482 */ 481 */
483 MHD_FOOTER_KIND = 16 482 MHD_FOOTER_KIND = 16
484
485}; 483};
486 484
487/** 485/**
@@ -519,13 +517,12 @@ enum MHD_RequestTerminationCode
519 /* FIXME: add TLS-specific error codes, 517 /* FIXME: add TLS-specific error codes,
520 but only those that are useful! */ 518 but only those that are useful! */
521 /** 519 /**
522 * Processing of this secure connection encountered 520 * Processing of this secure connection encountered
523 * an error. 521 * an error.
524 */ 522 */
525 MHD_TLS_REQUEST_TERMINATED_WITH_ERROR, 523 MHD_TLS_REQUEST_TERMINATED_WITH_ERROR,
526
527 MHD_TLS_REQUEST_TERMINATED_WITH_FATAL_ALERT
528 524
525 MHD_TLS_REQUEST_TERMINATED_WITH_FATAL_ALERT
529}; 526};
530 527
531/** 528/**
@@ -546,7 +543,7 @@ enum MHD_GNUTLS_CipherAlgorithm
546 MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, 543 MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC,
547 MHD_GNUTLS_CIPHER_RC2_40_CBC = 90, 544 MHD_GNUTLS_CIPHER_RC2_40_CBC = 90,
548 MHD_GNUTLS_CIPHER_DES_CBC 545 MHD_GNUTLS_CIPHER_DES_CBC
549}; // enum MHD_GNUTLS_CipherAlgorithm; 546}; // enum MHD_GNUTLS_CipherAlgorithm;
550 547
551/** 548/**
552 * Which public key algorithm should be used 549 * Which public key algorithm should be used
@@ -568,7 +565,7 @@ enum MHD_GNUTLS_KeyExchangeAlgorithm
568}; 565};
569 566
570/** 567/**
571 * Server credentials type 568 * Server credentials type
572 */ 569 */
573enum MHD_GNUTLS_CredentialsType 570enum MHD_GNUTLS_CredentialsType
574{ 571{
@@ -590,8 +587,8 @@ enum MHD_GNUTLS_HashAlgorithm
590 MHD_GNUTLS_MAC_MD5, 587 MHD_GNUTLS_MAC_MD5,
591 MHD_GNUTLS_MAC_SHA1, 588 MHD_GNUTLS_MAC_SHA1,
592 MHD_GNUTLS_MAC_SHA256 589 MHD_GNUTLS_MAC_SHA256
593 //GNUTLS_MAC_SHA384, 590 //GNUTLS_MAC_SHA384,
594 //GNUTLS_MAC_SHA512 591 //GNUTLS_MAC_SHA512
595}; 592};
596 593
597/** 594/**
@@ -630,7 +627,7 @@ enum MHD_GNUTLS_PublicKeyAlgorithm
630{ 627{
631 MHD_GNUTLS_PK_UNKNOWN = 0, 628 MHD_GNUTLS_PK_UNKNOWN = 0,
632 MHD_GNUTLS_PK_RSA = 1 629 MHD_GNUTLS_PK_RSA = 1
633 //GNUTLS_PK_DSA 630 //GNUTLS_PK_DSA
634}; 631};
635 632
636/** 633/**
@@ -906,18 +903,18 @@ typedef int
906 * terminated with MHD_OPTION_END). 903 * terminated with MHD_OPTION_END).
907 * @return NULL on error, handle to daemon on success 904 * @return NULL on error, handle to daemon on success
908 */ 905 */
909struct MHD_Daemon * 906struct MHD_Daemon *MHD_start_daemon_va (unsigned int options,
910MHD_start_daemon_va (unsigned int options, 907 unsigned short port,
911 unsigned short port, 908 MHD_AcceptPolicyCallback apc,
912 MHD_AcceptPolicyCallback apc, 909 void *apc_cls,
913 void *apc_cls, 910 MHD_AccessHandlerCallback dh,
914 MHD_AccessHandlerCallback dh, void *dh_cls, va_list ap); 911 void *dh_cls, va_list ap);
915 912
916/* 913/*
917 * Variadic version of MHD_start_daemon_va. This function will delegate calls 914 * Variadic version of MHD_start_daemon_va. This function will delegate calls
918 * to MHD_start_daemon_va() once argument list is analyzed. 915 * to MHD_start_daemon_va() once argument list is analyzed.
919 */ 916 */
920struct MHD_Daemon * MHD_start_daemon (unsigned int flags, 917struct MHD_Daemon *MHD_start_daemon (unsigned int flags,
921 unsigned short port, 918 unsigned short port,
922 MHD_AcceptPolicyCallback apc, 919 MHD_AcceptPolicyCallback apc,
923 void *apc_cls, 920 void *apc_cls,
@@ -1014,9 +1011,8 @@ MHD_get_connection_values (struct MHD_Connection *connection,
1014 */ 1011 */
1015int 1012int
1016MHD_set_connection_value (struct MHD_Connection *connection, 1013MHD_set_connection_value (struct MHD_Connection *connection,
1017 enum MHD_ValueKind kind, 1014 enum MHD_ValueKind kind,
1018 const char *key, 1015 const char *key, const char *value);
1019 const char *value);
1020 1016
1021/** 1017/**
1022 * Get a particular header value. If multiple 1018 * Get a particular header value. If multiple
@@ -1129,7 +1125,7 @@ MHD_get_response_headers (struct MHD_Response *response,
1129 * @param key which header to get 1125 * @param key which header to get
1130 * @return NULL if header does not exist 1126 * @return NULL if header does not exist
1131 */ 1127 */
1132const char * MHD_get_response_header (struct MHD_Response *response, 1128const char *MHD_get_response_header (struct MHD_Response *response,
1133 const char *key); 1129 const char *key);
1134 1130
1135 1131
@@ -1211,10 +1207,11 @@ union MHD_ConnectionInfo
1211 * @return NULL if this information is not available 1207 * @return NULL if this information is not available
1212 * (or if the infoType is unknown) 1208 * (or if the infoType is unknown)
1213 */ 1209 */
1214const union MHD_ConnectionInfo * 1210const union MHD_ConnectionInfo *MHD_get_connection_info (struct MHD_Connection
1215MHD_get_connection_info (struct MHD_Connection * connection, 1211 *connection,
1216 enum MHD_ConnectionInfoType infoType, 1212 enum
1217 ...); 1213 MHD_ConnectionInfoType
1214 infoType, ...);
1218 1215
1219 1216
1220/** 1217/**
@@ -1242,10 +1239,9 @@ union MHD_DaemonInfo
1242 * @return NULL if this information is not available 1239 * @return NULL if this information is not available
1243 * (or if the infoType is unknown) 1240 * (or if the infoType is unknown)
1244 */ 1241 */
1245const union MHD_DaemonInfo * 1242const union MHD_DaemonInfo *MHD_get_daemon_info (struct MHD_Daemon *daemon,
1246MHD_get_daemon_info (struct MHD_Daemon * daemon, 1243 enum MHD_DaemonInfoType
1247 enum MHD_DaemonInfoType infoType, 1244 infoType, ...);
1248 ...);
1249 1245
1250#if 0 /* keep Emacsens' auto-indent happy */ 1246#if 0 /* keep Emacsens' auto-indent happy */
1251{ 1247{
diff --git a/src/include/platform.h b/src/include/platform.h
index 3e81a4f6..a4a16f21 100644
--- a/src/include/platform.h
+++ b/src/include/platform.h
@@ -26,7 +26,7 @@
26 * before "microhttpd.h"; it provides the required 26 * before "microhttpd.h"; it provides the required
27 * standard headers (which are platform-specific).<p> 27 * standard headers (which are platform-specific).<p>
28 * 28 *
29 * Note that this file depends on our configure.ac 29 * Note that this file depends on our configure.ac
30 * build process and the generated config.h file. 30 * build process and the generated config.h file.
31 * Hence you cannot include it directly in applications 31 * Hence you cannot include it directly in applications
32 * that use libmicrohttpd. 32 * that use libmicrohttpd.
diff --git a/src/testcurl/https/mhds_session_info_test.c b/src/testcurl/https/mhds_session_info_test.c
index 2c8f37c2..1fe8cde3 100644
--- a/src/testcurl/https/mhds_session_info_test.c
+++ b/src/testcurl/https/mhds_session_info_test.c
@@ -69,8 +69,8 @@ query_session_ahc (void *cls, struct MHD_Connection *connection,
69 int ret; 69 int ret;
70 70
71 /* assert actual connection cipher is the one negotiated */ 71 /* assert actual connection cipher is the one negotiated */
72 if (MHD_get_session_info (connection, MHS_INFO_CIPHER_ALGO). 72 if (MHD_get_session_info (connection, MHS_INFO_CIPHER_ALGO).cipher_algorithm
73 cipher_algorithm != MHD_GNUTLS_CIPHER_AES_256_CBC) 73 != MHD_GNUTLS_CIPHER_AES_256_CBC)
74 { 74 {
75 fprintf (stderr, "Error: requested cipher mismatch. %s\n", 75 fprintf (stderr, "Error: requested cipher mismatch. %s\n",
76 strerror (errno)); 76 strerror (errno));
@@ -85,16 +85,18 @@ query_session_ahc (void *cls, struct MHD_Connection *connection,
85 return -1; 85 return -1;
86 } 86 }
87 87
88 if (MHD_get_session_info (connection, MHD_INFO_MAC_ALGO). 88 if (MHD_get_session_info (connection, MHD_INFO_MAC_ALGO).mac_algorithm !=
89 mac_algorithm != MHD_GNUTLS_MAC_SHA1) 89 MHD_GNUTLS_MAC_SHA1)
90 { 90 {
91 fprintf (stderr, "Error: requested mac algorithm mismatch. %s\n", 91 fprintf (stderr, "Error: requested mac algorithm mismatch. %s\n",
92 strerror (errno)); 92 strerror (errno));
93 return -1; 93 return -1;
94 } 94 }
95 95
96 if (MHD_get_session_info (connection, MHD_INFO_COMPRESSION_METHOD). 96 if (MHD_get_session_info
97 compression_method != MHD_GNUTLS_COMP_NULL) 97 (connection,
98 MHD_INFO_COMPRESSION_METHOD).compression_method !=
99 MHD_GNUTLS_COMP_NULL)
98 { 100 {
99 fprintf (stderr, "Error: requested compression mismatch. %s\n", 101 fprintf (stderr, "Error: requested compression mismatch. %s\n",
100 strerror (errno)); 102 strerror (errno));
@@ -109,16 +111,18 @@ query_session_ahc (void *cls, struct MHD_Connection *connection,
109 return -1; 111 return -1;
110 } 112 }
111 113
112 if (MHD_get_session_info (connection, MHD_INFO_CERT_TYPE). 114 if (MHD_get_session_info (connection, MHD_INFO_CERT_TYPE).certificate_type
113 certificate_type != MHD_GNUTLS_CRT_X509) 115 != MHD_GNUTLS_CRT_X509)
114 { 116 {
115 fprintf (stderr, "Error: requested certificate mismatch. %s\n", 117 fprintf (stderr, "Error: requested certificate mismatch. %s\n",
116 strerror (errno)); 118 strerror (errno));
117 return -1; 119 return -1;
118 } 120 }
119 121
120 if (MHD_get_session_info (connection, MHD_INFO_CREDENTIALS_TYPE). 122 if (MHD_get_session_info
121 credentials_type != MHD_GNUTLS_CRD_CERTIFICATE) 123 (connection,
124 MHD_INFO_CREDENTIALS_TYPE).credentials_type !=
125 MHD_GNUTLS_CRD_CERTIFICATE)
122 { 126 {
123 fprintf (stderr, "Error: requested certificate mismatch. %s\n", 127 fprintf (stderr, "Error: requested certificate mismatch. %s\n",
124 strerror (errno)); 128 strerror (errno));
diff --git a/src/testcurl/https/tls_alert_test.c b/src/testcurl/https/tls_alert_test.c
index 50fcc677..34ab883f 100644
--- a/src/testcurl/https/tls_alert_test.c
+++ b/src/testcurl/https/tls_alert_test.c
@@ -62,16 +62,16 @@ setup (mhd_gtls_session_t * session,
62 gnutls_datum_t * cert, mhd_gtls_cert_credentials_t * xcred) 62 gnutls_datum_t * cert, mhd_gtls_cert_credentials_t * xcred)
63{ 63{
64 int ret; 64 int ret;
65 const char ** err_pos; 65 const char **err_pos;
66 66
67 MHD_gnutls_certificate_allocate_credentials (xcred); 67 MHD_gnutls_certificate_allocate_credentials (xcred);
68 68
69 mhd_gtls_set_datum_m (key, srv_key_pem, strlen (srv_key_pem), &malloc); 69 mhd_gtls_set_datum_m (key, srv_key_pem, strlen (srv_key_pem), &malloc);
70 mhd_gtls_set_datum_m (cert, srv_self_signed_cert_pem, 70 mhd_gtls_set_datum_m (cert, srv_self_signed_cert_pem,
71 strlen (srv_self_signed_cert_pem), &malloc); 71 strlen (srv_self_signed_cert_pem), &malloc);
72 72
73 MHD_gnutls_certificate_set_x509_key_mem (*xcred, cert, key, 73 MHD_gnutls_certificate_set_x509_key_mem (*xcred, cert, key,
74 GNUTLS_X509_FMT_PEM); 74 GNUTLS_X509_FMT_PEM);
75 75
76 MHD_gnutls_init (session, GNUTLS_CLIENT); 76 MHD_gnutls_init (session, GNUTLS_CLIENT);
77 ret = MHD_gnutls_priority_set_direct (*session, "NORMAL", err_pos); 77 ret = MHD_gnutls_priority_set_direct (*session, "NORMAL", err_pos);
@@ -166,7 +166,8 @@ test_alert_unexpected_message (mhd_gtls_session_t session)
166 sa.sin_port = htons (42433); 166 sa.sin_port = htons (42433);
167 inet_pton (AF_INET, "127.0.0.1", &sa.sin_addr); 167 inet_pton (AF_INET, "127.0.0.1", &sa.sin_addr);
168 168
169 MHD_gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) ((void *) sd)); 169 MHD_gnutls_transport_set_ptr (session,
170 (gnutls_transport_ptr_t) ((void *) sd));
170 171
171 ret = connect (sd, &sa, sizeof (struct sockaddr_in)); 172 ret = connect (sd, &sa, sizeof (struct sockaddr_in));
172 173
@@ -182,7 +183,8 @@ test_alert_unexpected_message (mhd_gtls_session_t session)
182 return -1; 183 return -1;
183 } 184 }
184 185
185 MHD_gnutls_alert_send (session, GNUTLS_AL_FATAL, GNUTLS_A_UNEXPECTED_MESSAGE); 186 MHD_gnutls_alert_send (session, GNUTLS_AL_FATAL,
187 GNUTLS_A_UNEXPECTED_MESSAGE);
186 usleep (100); 188 usleep (100);
187 189
188 /* TODO better RST trigger */ 190 /* TODO better RST trigger */
diff --git a/src/testcurl/https/tls_authentication_test.c b/src/testcurl/https/tls_authentication_test.c
index 77990c0e..82c3a0a3 100644
--- a/src/testcurl/https/tls_authentication_test.c
+++ b/src/testcurl/https/tls_authentication_test.c
@@ -227,7 +227,7 @@ test_secure_get (FILE * test_fd, char *cipher_suite, int proto_version)
227 int ret; 227 int ret;
228 struct MHD_Daemon *d; 228 struct MHD_Daemon *d;
229 229
230 d = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | 230 d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
231 MHD_USE_DEBUG, 42433, 231 MHD_USE_DEBUG, 42433,
232 NULL, NULL, &http_ahc, NULL, 232 NULL, NULL, &http_ahc, NULL,
233 MHD_OPTION_HTTPS_MEM_KEY, srv_signed_key_pem, 233 MHD_OPTION_HTTPS_MEM_KEY, srv_signed_key_pem,
diff --git a/src/testcurl/https/tls_cipher_change_test.c b/src/testcurl/https/tls_cipher_change_test.c
index 2446d716..cbd832e4 100644
--- a/src/testcurl/https/tls_cipher_change_test.c
+++ b/src/testcurl/https/tls_cipher_change_test.c
@@ -70,10 +70,10 @@ setup (mhd_gtls_session_t * session,
70 70
71 mhd_gtls_set_datum_m (key, srv_key_pem, strlen (srv_key_pem), &malloc); 71 mhd_gtls_set_datum_m (key, srv_key_pem, strlen (srv_key_pem), &malloc);
72 mhd_gtls_set_datum_m (cert, srv_self_signed_cert_pem, 72 mhd_gtls_set_datum_m (cert, srv_self_signed_cert_pem,
73 strlen (srv_self_signed_cert_pem), &malloc); 73 strlen (srv_self_signed_cert_pem), &malloc);
74 74
75 MHD_gnutls_certificate_set_x509_key_mem (*xcred, cert, key, 75 MHD_gnutls_certificate_set_x509_key_mem (*xcred, cert, key,
76 GNUTLS_X509_FMT_PEM); 76 GNUTLS_X509_FMT_PEM);
77 77
78 MHD_gnutls_init (session, GNUTLS_CLIENT); 78 MHD_gnutls_init (session, GNUTLS_CLIENT);
79 ret = MHD_gnutls_priority_set_direct (*session, "NORMAL", err_pos); 79 ret = MHD_gnutls_priority_set_direct (*session, "NORMAL", err_pos);
diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c
index 1418dac0..556d6684 100644
--- a/src/testcurl/https/tls_daemon_options_test.c
+++ b/src/testcurl/https/tls_daemon_options_test.c
@@ -463,11 +463,10 @@ main (int argc, char *const *argv)
463 MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_KX_PRIORITY, 463 MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_KX_PRIORITY,
464 kx, MHD_OPTION_END); 464 kx, MHD_OPTION_END);
465 errorCount += 465 errorCount +=
466 test_wrap ("ADH-AES256-SHA", &test_https_transfer, test_fd, 466 test_wrap ("ADH-AES256-SHA", &test_https_transfer, test_fd,
467 "ADH-AES256-SHA", CURL_SSLVERSION_TLSv1, 467 "ADH-AES256-SHA", CURL_SSLVERSION_TLSv1,
468 MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON, 468 MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON,
469 MHD_OPTION_KX_PRIORITY, 469 MHD_OPTION_KX_PRIORITY, kx, MHD_OPTION_END);
470 kx, MHD_OPTION_END);
471 470
472 if (errorCount != 0) 471 if (errorCount != 0)
473 fprintf (stderr, "Failed test: %s.\n", argv[0]); 472 fprintf (stderr, "Failed test: %s.\n", argv[0]);
diff --git a/src/testcurl/https/tls_session_time_out_test.c b/src/testcurl/https/tls_session_time_out_test.c
index e9679b81..37d28656 100644
--- a/src/testcurl/https/tls_session_time_out_test.c
+++ b/src/testcurl/https/tls_session_time_out_test.c
@@ -66,10 +66,10 @@ setup (mhd_gtls_session_t * session,
66 66
67 mhd_gtls_set_datum_m (key, srv_key_pem, strlen (srv_key_pem), &malloc); 67 mhd_gtls_set_datum_m (key, srv_key_pem, strlen (srv_key_pem), &malloc);
68 mhd_gtls_set_datum_m (cert, srv_self_signed_cert_pem, 68 mhd_gtls_set_datum_m (cert, srv_self_signed_cert_pem,
69 strlen (srv_self_signed_cert_pem), &malloc); 69 strlen (srv_self_signed_cert_pem), &malloc);
70 70
71 MHD_gnutls_certificate_set_x509_key_mem (*xcred, cert, key, 71 MHD_gnutls_certificate_set_x509_key_mem (*xcred, cert, key,
72 GNUTLS_X509_FMT_PEM); 72 GNUTLS_X509_FMT_PEM);
73 73
74 MHD_gnutls_init (session, GNUTLS_CLIENT); 74 MHD_gnutls_init (session, GNUTLS_CLIENT);
75 ret = MHD_gnutls_priority_set_direct (*session, "NORMAL", err_pos); 75 ret = MHD_gnutls_priority_set_direct (*session, "NORMAL", err_pos);
@@ -152,7 +152,7 @@ main (int argc, char *const *argv)
152 MHD_gnutls_global_init (); 152 MHD_gnutls_global_init ();
153 MHD_gtls_global_set_log_level (11); 153 MHD_gtls_global_set_log_level (11);
154 154
155 d = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | 155 d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
156 MHD_USE_DEBUG, 42433, 156 MHD_USE_DEBUG, 42433,
157 NULL, NULL, &http_ahc, NULL, 157 NULL, NULL, &http_ahc, NULL,
158 MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT, 158 MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT,
diff --git a/src/testcurl/https/tls_test_keys.h b/src/testcurl/https/tls_test_keys.h
index 871f99b1..7d7dac67 100644
--- a/src/testcurl/https/tls_test_keys.h
+++ b/src/testcurl/https/tls_test_keys.h
@@ -24,106 +24,104 @@
24 24
25/* Certificate Authority key */ 25/* Certificate Authority key */
26const char ca_key_pem[] = 26const char ca_key_pem[] =
27 "-----BEGIN RSA PRIVATE KEY-----\n" 27 "-----BEGIN RSA PRIVATE KEY-----\n"
28 "MIIEowIBAAKCAQEAthkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3\n" 28 "MIIEowIBAAKCAQEAthkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3\n"
29 "JeszCWwDgzw5Ac4o2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdu\n" 29 "JeszCWwDgzw5Ac4o2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdu\n"
30 "jxdJPGfakZTktRAA3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqV\n" 30 "jxdJPGfakZTktRAA3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqV\n"
31 "FXRaDmoLWkmxplKz6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlY\n" 31 "FXRaDmoLWkmxplKz6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlY\n"
32 "JhjkTk1u75HP41yQC6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb\n" 32 "JhjkTk1u75HP41yQC6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb\n"
33 "625+lHQpH4nfzGcna/RFok6xRpjZu7mB3t7XGwIDAQABAoIBABhD2x5/RHn5uFsI\n" 33 "625+lHQpH4nfzGcna/RFok6xRpjZu7mB3t7XGwIDAQABAoIBABhD2x5/RHn5uFsI\n"
34 "bwv07SwXhsnyAmoru89rjphYe1FOVBDcsa2W2tUtlIY/VyVbcGw0j+APnvy9EUJ6\n" 34 "bwv07SwXhsnyAmoru89rjphYe1FOVBDcsa2W2tUtlIY/VyVbcGw0j+APnvy9EUJ6\n"
35 "cMrwsKEBgk1oT4CIwkmGmjpXUCCkF8Wl99CPfM3U1PZDTfqmqEbCRx+KktP8Sq+m\n" 35 "cMrwsKEBgk1oT4CIwkmGmjpXUCCkF8Wl99CPfM3U1PZDTfqmqEbCRx+KktP8Sq+m\n"
36 "/YryyNjbracnNilmIMq9V6+YWbm7kJHRLVQWHqh/ljji+kCx5y9VII7HYz4217Er\n" 36 "/YryyNjbracnNilmIMq9V6+YWbm7kJHRLVQWHqh/ljji+kCx5y9VII7HYz4217Er\n"
37 "I5HrnPJodmYrH5Tj8Hj9NY7Ok/IeqD186fPuYH/qf9zWcyg7aa0rTPt/E4XjeOjU\n" 37 "I5HrnPJodmYrH5Tj8Hj9NY7Ok/IeqD186fPuYH/qf9zWcyg7aa0rTPt/E4XjeOjU\n"
38 "kxb68+Ybozm0EY1ypa1Yxf3B4hkyrlQ5lfzDSBKqvQkGA92yNDPYiZX71nDHDj9H\n" 38 "kxb68+Ybozm0EY1ypa1Yxf3B4hkyrlQ5lfzDSBKqvQkGA92yNDPYiZX71nDHDj9H\n"
39 "wf8tWlECgYEAxN8bnMXzmGLbNJUQFuEFBCDFE/tAMhBWcN6eyupIwyXXNA8/xGnJ\n" 39 "wf8tWlECgYEAxN8bnMXzmGLbNJUQFuEFBCDFE/tAMhBWcN6eyupIwyXXNA8/xGnJ\n"
40 "rYO4U08YrgvQ6d71xLXAJnsypeJ3FsyIXDar21o5DwVj1ON0nW6xuXsfQWYGEsXm\n" 40 "rYO4U08YrgvQ6d71xLXAJnsypeJ3FsyIXDar21o5DwVj1ON0nW6xuXsfQWYGEsXm\n"
41 "fDVf4LVO+P58uAnM3+lKXWMwsw7/ja9VECrOvfTlf7CwwIPfmRzxZEMCgYEA7Mn+\n" 41 "fDVf4LVO+P58uAnM3+lKXWMwsw7/ja9VECrOvfTlf7CwwIPfmRzxZEMCgYEA7Mn+\n"
42 "PBO352EXzXbGTuLY9iFXo3GL4EXB2nbkXBdTxEbPl+ICjg/1MPtRN9l03y8l06/G\n" 42 "PBO352EXzXbGTuLY9iFXo3GL4EXB2nbkXBdTxEbPl+ICjg/1MPtRN9l03y8l06/G\n"
43 "MpbxkpPnSXdjXQ1fgXfG9FuKS89BNUfoEfG/3015w49ZAcBYRmvCSGTspu/hshdQ\n" 43 "MpbxkpPnSXdjXQ1fgXfG9FuKS89BNUfoEfG/3015w49ZAcBYRmvCSGTspu/hshdQ\n"
44 "iom2AFy2aRXfvsoUlePRccs1/7RKclK7ahfdwEkCgYBXQOLGCt25rialGWO2ICjO\n" 44 "iom2AFy2aRXfvsoUlePRccs1/7RKclK7ahfdwEkCgYBXQOLGCt25rialGWO2ICjO\n"
45 "+Y8fGf4Lsj39bE1IdammBAFrK08ByDkAVB6/nZC8orQG0zBt7HerFnMOHl7VlfTh\n" 45 "+Y8fGf4Lsj39bE1IdammBAFrK08ByDkAVB6/nZC8orQG0zBt7HerFnMOHl7VlfTh\n"
46 "mcF1SHl9dNAYLG8kz0ipgi4KGCOc8mUCq81AlFrZ9EBmeMF6g7TXyvxsf7s3mnvC\n" 46 "mcF1SHl9dNAYLG8kz0ipgi4KGCOc8mUCq81AlFrZ9EBmeMF6g7TXyvxsf7s3mnvC\n"
47 "3JYgjoegnjjYOhpBjBhYbQKBgQCpwJmBakVyG/obcyXx0dDmirqwUquLaZbyzj8i\n" 47 "3JYgjoegnjjYOhpBjBhYbQKBgQCpwJmBakVyG/obcyXx0dDmirqwUquLaZbyzj8i\n"
48 "AhssX/NdGErqm2gU6GauWjfd9IfyvVWiWPHwOhYaZfuW7wpj34GDFskLVhaSYu1t\n" 48 "AhssX/NdGErqm2gU6GauWjfd9IfyvVWiWPHwOhYaZfuW7wpj34GDFskLVhaSYu1t\n"
49 "R9lc9cbwOqj9h24Bdik/CxNZDinIKcy0tMsEcXLX3TWdKnQdjMhPAvbATPj+Am+X\n" 49 "R9lc9cbwOqj9h24Bdik/CxNZDinIKcy0tMsEcXLX3TWdKnQdjMhPAvbATPj+Am+X\n"
50 "PGrd+QKBgF5U2i0d2Mgw/JmlVCY79uD9eERivF5HLOYv3XUr9N1/bgIqKSQnrKJC\n" 50 "PGrd+QKBgF5U2i0d2Mgw/JmlVCY79uD9eERivF5HLOYv3XUr9N1/bgIqKSQnrKJC\n"
51 "pXC+ZHP9yTmcznwFkbMbJ9cTwMVU1n+hguvyjIJHmmeGrpBuaiT4HwPgV6IZY3N2\n" 51 "pXC+ZHP9yTmcznwFkbMbJ9cTwMVU1n+hguvyjIJHmmeGrpBuaiT4HwPgV6IZY3N2\n"
52 "a05cOyYYE3I7h9fQs1MfZRK44rRiXycwb+HA4lwuFWTI7h5qdc/U\n" 52 "a05cOyYYE3I7h9fQs1MfZRK44rRiXycwb+HA4lwuFWTI7h5qdc/U\n"
53 "-----END RSA PRIVATE KEY-----\n"; 53 "-----END RSA PRIVATE KEY-----\n";
54 54
55/* Certificate Authority cert */ 55/* Certificate Authority cert */
56const char ca_cert_pem[] = 56const char ca_cert_pem[] =
57 "-----BEGIN CERTIFICATE-----\n" 57 "-----BEGIN CERTIFICATE-----\n"
58 "MIIC6DCCAdKgAwIBAgIESJ2sXDALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" 58 "MIIC6DCCAdKgAwIBAgIESJ2sXDALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n"
59 "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAyOFoXDTA5MDgwOTE0NDAyOFowFzEVMBMG\n" 59 "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAyOFoXDTA5MDgwOTE0NDAyOFowFzEVMBMG\n"
60 "A1UEAxMMdGVzdF9jYV9jZXJ0MIIBHzALBgkqhkiG9w0BAQEDggEOADCCAQkCggEA\n" 60 "A1UEAxMMdGVzdF9jYV9jZXJ0MIIBHzALBgkqhkiG9w0BAQEDggEOADCCAQkCggEA\n"
61 "thkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3JeszCWwDgzw5Ac4o\n" 61 "thkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3JeszCWwDgzw5Ac4o\n"
62 "2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdujxdJPGfakZTktRAA\n" 62 "2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdujxdJPGfakZTktRAA\n"
63 "3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqVFXRaDmoLWkmxplKz\n" 63 "3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqVFXRaDmoLWkmxplKz\n"
64 "6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlYJhjkTk1u75HP41yQ\n" 64 "6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlYJhjkTk1u75HP41yQ\n"
65 "C6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb625+lHQpH4nfzGcn\n" 65 "C6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb625+lHQpH4nfzGcn\n"
66 "a/RFok6xRpjZu7mB3t7XGwIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n" 66 "a/RFok6xRpjZu7mB3t7XGwIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n"
67 "DwEB/wQFAwMHBAAwHQYDVR0OBBYEFGTWojUUrKbS/Uid9S3hPxmgKeaxMAsGCSqG\n" 67 "DwEB/wQFAwMHBAAwHQYDVR0OBBYEFGTWojUUrKbS/Uid9S3hPxmgKeaxMAsGCSqG\n"
68 "SIb3DQEBBQOCAQEAWP1f/sfNsvA/oz7OJSBCsQxAnjrKMIXgbVnop+4bEWPxk4e9\n" 68 "SIb3DQEBBQOCAQEAWP1f/sfNsvA/oz7OJSBCsQxAnjrKMIXgbVnop+4bEWPxk4e9\n"
69 "TETSk5MMXt2BfaCtaLZw19Zbqlh4ZFuVw+QC1GTa0xlagHiRgXU2DOvPT5+y+XUR\n" 69 "TETSk5MMXt2BfaCtaLZw19Zbqlh4ZFuVw+QC1GTa0xlagHiRgXU2DOvPT5+y+XUR\n"
70 "TSy0Pqou7spgEkLcFxlXYlx3tpDu+Awmx9DBGHMCysVynnEzeBYW4woCfBG2UiVA\n" 70 "TSy0Pqou7spgEkLcFxlXYlx3tpDu+Awmx9DBGHMCysVynnEzeBYW4woCfBG2UiVA\n"
71 "iHVz6jBc4bBkylKVkA42GiroExuPc+W9qtHGuVX045R7gz78KK0CMIObdySbogBe\n" 71 "iHVz6jBc4bBkylKVkA42GiroExuPc+W9qtHGuVX045R7gz78KK0CMIObdySbogBe\n"
72 "gYZUbyVvPVHINEc929PoV12dHP7wrKnqPbiwb+h1SHui8bVinE+1JY3mRB1VGVTa\n" 72 "gYZUbyVvPVHINEc929PoV12dHP7wrKnqPbiwb+h1SHui8bVinE+1JY3mRB1VGVTa\n"
73 "rgvlVGs2S+Zq48XMs4aeLgHkGWFAIXbpX34HSw==\n" 73 "rgvlVGs2S+Zq48XMs4aeLgHkGWFAIXbpX34HSw==\n" "-----END CERTIFICATE-----\n";
74 "-----END CERTIFICATE-----\n";
75 74
76/* test server CA signed certificates */ 75/* test server CA signed certificates */
77const char srv_signed_cert_pem[] = 76const char srv_signed_cert_pem[] =
78 "-----BEGIN CERTIFICATE-----\n" 77 "-----BEGIN CERTIFICATE-----\n"
79 "MIIDBDCCAe6gAwIBAgIESJ2sXzALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" 78 "MIIDBDCCAe6gAwIBAgIESJ2sXzALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n"
80 "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAzMloXDTA5MDgwOTE0NDAzNVowADCCAR8w\n" 79 "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAzMloXDTA5MDgwOTE0NDAzNVowADCCAR8w\n"
81 "CwYJKoZIhvcNAQEBA4IBDgAwggEJAoIBAOb6G6WJrrNC48NSh5i4eT7J1BCqlMB4\n" 80 "CwYJKoZIhvcNAQEBA4IBDgAwggEJAoIBAOb6G6WJrrNC48NSh5i4eT7J1BCqlMB4\n"
82 "e0No+td/PQf+sPywbQToYGiPfOFfMyge1G6SyRpXavKbPwuw1BN183WoYzID5mtz\n" 81 "e0No+td/PQf+sPywbQToYGiPfOFfMyge1G6SyRpXavKbPwuw1BN183WoYzID5mtz\n"
83 "shAOl/JRhdusScFijS3pITiNK4G5NLToCP4KZhqguqHUzEdanifSb/D4x54Rq/Tc\n" 82 "shAOl/JRhdusScFijS3pITiNK4G5NLToCP4KZhqguqHUzEdanifSb/D4x54Rq/Tc\n"
84 "A7oHGp0wjdWC/AMtGWv6v55xMe00ALZ1zDxCOi8nri9W7mLy+hyduETCq+1Y7uHl\n" 83 "A7oHGp0wjdWC/AMtGWv6v55xMe00ALZ1zDxCOi8nri9W7mLy+hyduETCq+1Y7uHl\n"
85 "mqbAk8D7ruu0JtNU2N8WuJJcAtxgZhCCfIHTgAUWqepeRBM8cy8uu0tywgxcJiyt\n" 84 "mqbAk8D7ruu0JtNU2N8WuJJcAtxgZhCCfIHTgAUWqepeRBM8cy8uu0tywgxcJiyt\n"
86 "Uu1wXQHnnpWrr/9r6IfhjFpc9pr5giHBeM4KdlU49UsYgaS1tAZsDJcCAwEAAaN2\n" 85 "Uu1wXQHnnpWrr/9r6IfhjFpc9pr5giHBeM4KdlU49UsYgaS1tAZsDJcCAwEAAaN2\n"
87 "MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8E\n" 86 "MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8E\n"
88 "BQMDB6AAMB0GA1UdDgQWBBSxP229okDqlKyMCyg0cnzbf+eb4DAfBgNVHSMEGDAW\n" 87 "BQMDB6AAMB0GA1UdDgQWBBSxP229okDqlKyMCyg0cnzbf+eb4DAfBgNVHSMEGDAW\n"
89 "gBRk1qI1FKym0v1InfUt4T8ZoCnmsTALBgkqhkiG9w0BAQUDggEBAEabY4FLsFQr\n" 88 "gBRk1qI1FKym0v1InfUt4T8ZoCnmsTALBgkqhkiG9w0BAQUDggEBAEabY4FLsFQr\n"
90 "PACNe3p5tU3hWvvQ9S1pRlfnc/z1o+k9NDWTHlNjXfVTl6/6cIKHA+r8SvRks27+\n" 89 "PACNe3p5tU3hWvvQ9S1pRlfnc/z1o+k9NDWTHlNjXfVTl6/6cIKHA+r8SvRks27+\n"
91 "lScfxFkiCi22YC7uPbn8fW1nWcsqEkK4e0TDekSUi1o6SDx6cU07kMpx3iKvpLs3\n" 90 "lScfxFkiCi22YC7uPbn8fW1nWcsqEkK4e0TDekSUi1o6SDx6cU07kMpx3iKvpLs3\n"
92 "5QiCFjivMjrY8pEFJIke/ucI8QuLVZLLUSdTHb9Ck128PtPKA4y2uZA/MmYS/OtR\n" 91 "5QiCFjivMjrY8pEFJIke/ucI8QuLVZLLUSdTHb9Ck128PtPKA4y2uZA/MmYS/OtR\n"
93 "/UZN67pJ+BqcQBE5vNolWQTM+NxfMzb48IV9q32HRT4HErvUjLIWV0nwwedUSdDG\n" 92 "/UZN67pJ+BqcQBE5vNolWQTM+NxfMzb48IV9q32HRT4HErvUjLIWV0nwwedUSdDG\n"
94 "63tr9jp0GF6b5Eum0MTVV/zbBxfyRFg+Q8xRn70zJlB/W7byaFq/95Rpfqjdnta2\n" 93 "63tr9jp0GF6b5Eum0MTVV/zbBxfyRFg+Q8xRn70zJlB/W7byaFq/95Rpfqjdnta2\n"
95 "aO/omlvGHrI=\n" 94 "aO/omlvGHrI=\n" "-----END CERTIFICATE-----\n";
96 "-----END CERTIFICATE-----\n";
97 95
98/* test server key */ 96/* test server key */
99const char srv_signed_key_pem[] = 97const char srv_signed_key_pem[] =
100 "-----BEGIN RSA PRIVATE KEY-----\n" 98 "-----BEGIN RSA PRIVATE KEY-----\n"
101 "MIIEowIBAAKCAQEA5vobpYmus0Ljw1KHmLh5PsnUEKqUwHh7Q2j61389B/6w/LBt\n" 99 "MIIEowIBAAKCAQEA5vobpYmus0Ljw1KHmLh5PsnUEKqUwHh7Q2j61389B/6w/LBt\n"
102 "BOhgaI984V8zKB7UbpLJGldq8ps/C7DUE3XzdahjMgPma3OyEA6X8lGF26xJwWKN\n" 100 "BOhgaI984V8zKB7UbpLJGldq8ps/C7DUE3XzdahjMgPma3OyEA6X8lGF26xJwWKN\n"
103 "LekhOI0rgbk0tOgI/gpmGqC6odTMR1qeJ9Jv8PjHnhGr9NwDugcanTCN1YL8Ay0Z\n" 101 "LekhOI0rgbk0tOgI/gpmGqC6odTMR1qeJ9Jv8PjHnhGr9NwDugcanTCN1YL8Ay0Z\n"
104 "a/q/nnEx7TQAtnXMPEI6LyeuL1buYvL6HJ24RMKr7Vju4eWapsCTwPuu67Qm01TY\n" 102 "a/q/nnEx7TQAtnXMPEI6LyeuL1buYvL6HJ24RMKr7Vju4eWapsCTwPuu67Qm01TY\n"
105 "3xa4klwC3GBmEIJ8gdOABRap6l5EEzxzLy67S3LCDFwmLK1S7XBdAeeelauv/2vo\n" 103 "3xa4klwC3GBmEIJ8gdOABRap6l5EEzxzLy67S3LCDFwmLK1S7XBdAeeelauv/2vo\n"
106 "h+GMWlz2mvmCIcF4zgp2VTj1SxiBpLW0BmwMlwIDAQABAoIBACJGvGKQ74V3qDAc\n" 104 "h+GMWlz2mvmCIcF4zgp2VTj1SxiBpLW0BmwMlwIDAQABAoIBACJGvGKQ74V3qDAc\n"
107 "p7WwroF0Vw2QGtoDJxumUQ84uRheIeqlzc/cIi5yGLCjPYa3KIQuMTzA+0R8aFs2\n" 105 "p7WwroF0Vw2QGtoDJxumUQ84uRheIeqlzc/cIi5yGLCjPYa3KIQuMTzA+0R8aFs2\n"
108 "RwqKRvJPZkUOUhvhA+whFkhl86zZQOq7UsMc5Qqs3Gd4UguEoYz9gxBxiLCqURRH\n" 106 "RwqKRvJPZkUOUhvhA+whFkhl86zZQOq7UsMc5Qqs3Gd4UguEoYz9gxBxiLCqURRH\n"
109 "rM+xCV6jtI/PBIsmOUFae4cXJP0pljUXyYmwwb/WrsvnJXf9Gz8/VLZGBMchMH7R\n" 107 "rM+xCV6jtI/PBIsmOUFae4cXJP0pljUXyYmwwb/WrsvnJXf9Gz8/VLZGBMchMH7R\n"
110 "MwD7xdwc/ht2XfZ0TuDntpJDtj0JrW9i/Cxt8PnNhQjgLsAe+oUUZt7Bo+vXBxhu\n" 108 "MwD7xdwc/ht2XfZ0TuDntpJDtj0JrW9i/Cxt8PnNhQjgLsAe+oUUZt7Bo+vXBxhu\n"
111 "JPKj6BHcj768l+gDn5zzaXKq0eF7mMXc7fgAp0u8lJkC0LxLq/WmIfqw4Z4mEjkX\n" 109 "JPKj6BHcj768l+gDn5zzaXKq0eF7mMXc7fgAp0u8lJkC0LxLq/WmIfqw4Z4mEjkX\n"
112 "DremIoUCgYEA53vX9Hd8V85hCfeaTDf3B5q6g9kIliR+Y2tX2aSqN06df9J/KOdL\n" 110 "DremIoUCgYEA53vX9Hd8V85hCfeaTDf3B5q6g9kIliR+Y2tX2aSqN06df9J/KOdL\n"
113 "G/lEQn4rsOOtOwyTU2luPmcr0XgbXA1T1kj56+UZrxtRducsdsVbVixzD2KswtJO\n" 111 "G/lEQn4rsOOtOwyTU2luPmcr0XgbXA1T1kj56+UZrxtRducsdsVbVixzD2KswtJO\n"
114 "wUH6XAJNdpI++64TuZadnKAaKiqim7CPzQYrBXYKKRFGSDd50urkTRMCgYEA/3CG\n" 112 "wUH6XAJNdpI++64TuZadnKAaKiqim7CPzQYrBXYKKRFGSDd50urkTRMCgYEA/3CG\n"
115 "NMaG3qtzQceQUw7BBAhey387MR+1FUQHQ7xoq2jc3yAx4H2NEyGa6wL5CtFKn5In\n" 113 "NMaG3qtzQceQUw7BBAhey387MR+1FUQHQ7xoq2jc3yAx4H2NEyGa6wL5CtFKn5In\n"
116 "BP6f30sk2ilXRv5pbIIiS8Xzngxy3m17GH33YrSc3ff/u+LWgR/EOVpa9F+sMAjp\n" 114 "BP6f30sk2ilXRv5pbIIiS8Xzngxy3m17GH33YrSc3ff/u+LWgR/EOVpa9F+sMAjp\n"
117 "ohDgI8iH8GtahrRA0BxQKfNIo2zUTqNwFP88xu0CgYADOY1zoWqBCqX9bo6euzTc\n" 115 "ohDgI8iH8GtahrRA0BxQKfNIo2zUTqNwFP88xu0CgYADOY1zoWqBCqX9bo6euzTc\n"
118 "zUIF7jMZbF66Yddyd8HLTXQSQMt2tWotdJaH2pwfNbzHEtDGm7RmeCd7HpI7ARCG\n" 116 "zUIF7jMZbF66Yddyd8HLTXQSQMt2tWotdJaH2pwfNbzHEtDGm7RmeCd7HpI7ARCG\n"
119 "7rNUnvdxog7LekL7UJqKI8pij3xapnVkadfkCkAsA7OO7AjoT/nYIb7bkYZ8ZsRK\n" 117 "7rNUnvdxog7LekL7UJqKI8pij3xapnVkadfkCkAsA7OO7AjoT/nYIb7bkYZ8ZsRK\n"
120 "FejphZB0rAHvpZ4z2wPdMwKBgQCfkr70RzVH81lcNXwutt/TUhtOCxyCMqmgMFBN\n" 118 "FejphZB0rAHvpZ4z2wPdMwKBgQCfkr70RzVH81lcNXwutt/TUhtOCxyCMqmgMFBN\n"
121 "e2zz791TMjyWXjh8RBkQSVok7NwuVVI055AeIUZTV1IjkplvZNhh97aZ/HLiCwjE\n" 119 "e2zz791TMjyWXjh8RBkQSVok7NwuVVI055AeIUZTV1IjkplvZNhh97aZ/HLiCwjE\n"
122 "IyUhL21zqRLEYA/auGqP3adGVGIv29GAIgSztfleMuJplj+LArT9j/LHzRvQSH+j\n" 120 "IyUhL21zqRLEYA/auGqP3adGVGIv29GAIgSztfleMuJplj+LArT9j/LHzRvQSH+j\n"
123 "TlO8fQKBgE5og4pTfPrD0A7W/Li1HDGf8Ylb+DZlxoyMriW82Z/zCBvYvn1UvQRi\n" 121 "TlO8fQKBgE5og4pTfPrD0A7W/Li1HDGf8Ylb+DZlxoyMriW82Z/zCBvYvn1UvQRi\n"
124 "b8f3IQFXuXdf3Bx4C91kQJPovxDp14FOHJxO7F32fGMnJaU2kyp4sf4WAJZZOLnd\n" 122 "b8f3IQFXuXdf3Bx4C91kQJPovxDp14FOHJxO7F32fGMnJaU2kyp4sf4WAJZZOLnd\n"
125 "l64hMUsgYPI8qfsanAudD4gTAsLEP+ueWqkcb3SJNLSoQAtcGzYs\n" 123 "l64hMUsgYPI8qfsanAudD4gTAsLEP+ueWqkcb3SJNLSoQAtcGzYs\n"
126 "-----END RSA PRIVATE KEY-----\n"; 124 "-----END RSA PRIVATE KEY-----\n";
127 125
128/* test server self signed certificates */ 126/* test server self signed certificates */
129const char srv_self_signed_cert_pem[] = 127const char srv_self_signed_cert_pem[] =
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 11:45:40 +0000