diff options
151 files changed, 3723 insertions, 3643 deletions
diff --git a/doc/examples/basicauthentication.c b/doc/examples/basicauthentication.c index fd457c22..b3af2e97 100644 --- a/doc/examples/basicauthentication.c +++ b/doc/examples/basicauthentication.c | |||
@@ -11,60 +11,75 @@ | |||
11 | #define PASSWORD "and his password" | 11 | #define PASSWORD "and his password" |
12 | 12 | ||
13 | 13 | ||
14 | char* string_to_base64 (const char *message); | 14 | char *string_to_base64 (const char *message); |
15 | 15 | ||
16 | 16 | ||
17 | int ask_for_authentication (struct MHD_Connection *connection, const char *realm) | 17 | int |
18 | ask_for_authentication (struct MHD_Connection *connection, const char *realm) | ||
18 | { | 19 | { |
19 | int ret; | 20 | int ret; |
20 | struct MHD_Response *response; | 21 | struct MHD_Response *response; |
21 | char *headervalue; | 22 | char *headervalue; |
22 | const char *strbase = "Basic realm="; | 23 | const char *strbase = "Basic realm="; |
23 | 24 | ||
24 | response = MHD_create_response_from_data (0, NULL, MHD_NO, MHD_NO); | 25 | response = MHD_create_response_from_data (0, NULL, MHD_NO, MHD_NO); |
25 | if (!response) return MHD_NO; | 26 | if (!response) |
26 | 27 | return MHD_NO; | |
28 | |||
27 | headervalue = malloc (strlen (strbase) + strlen (realm) + 1); | 29 | headervalue = malloc (strlen (strbase) + strlen (realm) + 1); |
28 | if (!headervalue) return MHD_NO; | 30 | if (!headervalue) |
31 | return MHD_NO; | ||
29 | 32 | ||
30 | strcpy (headervalue, strbase); | 33 | strcpy (headervalue, strbase); |
31 | strcat (headervalue, realm); | 34 | strcat (headervalue, realm); |
32 | 35 | ||
33 | ret = MHD_add_response_header (response, "WWW-Authenticate", headervalue); | 36 | ret = MHD_add_response_header (response, "WWW-Authenticate", headervalue); |
34 | free (headervalue); | 37 | free (headervalue); |
35 | if (!ret) {MHD_destroy_response (response); return MHD_NO;} | 38 | if (!ret) |
39 | { | ||
40 | MHD_destroy_response (response); | ||
41 | return MHD_NO; | ||
42 | } | ||
36 | 43 | ||
37 | ret = MHD_queue_response (connection, MHD_HTTP_UNAUTHORIZED, response); | 44 | ret = MHD_queue_response (connection, MHD_HTTP_UNAUTHORIZED, response); |
38 | 45 | ||
39 | MHD_destroy_response (response); | 46 | MHD_destroy_response (response); |
40 | 47 | ||
41 | return ret; | 48 | return ret; |
42 | } | 49 | } |
43 | 50 | ||
44 | int is_authenticated (struct MHD_Connection *connection, | 51 | int |
45 | const char *username, const char *password) | 52 | is_authenticated (struct MHD_Connection *connection, |
53 | const char *username, const char *password) | ||
46 | { | 54 | { |
47 | const char *headervalue; | 55 | const char *headervalue; |
48 | char *expected_b64, *expected; | 56 | char *expected_b64, *expected; |
49 | const char *strbase = "Basic "; | 57 | const char *strbase = "Basic "; |
50 | int authenticated; | 58 | int authenticated; |
51 | 59 | ||
52 | headervalue = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, "Authorization"); | 60 | headervalue = |
53 | if (NULL == headervalue) return 0; | 61 | MHD_lookup_connection_value (connection, MHD_HEADER_KIND, |
54 | if (0 != strncmp (headervalue, strbase, strlen (strbase))) return 0; | 62 | "Authorization"); |
63 | if (NULL == headervalue) | ||
64 | return 0; | ||
65 | if (0 != strncmp (headervalue, strbase, strlen (strbase))) | ||
66 | return 0; | ||
55 | 67 | ||
56 | expected = malloc (strlen (username) + 1 + strlen (password) + 1); | 68 | expected = malloc (strlen (username) + 1 + strlen (password) + 1); |
57 | if (NULL == expected) return 0; | 69 | if (NULL == expected) |
70 | return 0; | ||
58 | 71 | ||
59 | strcpy (expected, username); | 72 | strcpy (expected, username); |
60 | strcat (expected, ":"); | 73 | strcat (expected, ":"); |
61 | strcat (expected, password); | 74 | strcat (expected, password); |
62 | 75 | ||
63 | expected_b64 = string_to_base64 (expected); | 76 | expected_b64 = string_to_base64 (expected); |
64 | if (NULL == expected_b64) return 0; | 77 | if (NULL == expected_b64) |
65 | 78 | return 0; | |
79 | |||
66 | strcpy (expected, strbase); | 80 | strcpy (expected, strbase); |
67 | authenticated = (strcmp (headervalue + strlen (strbase), expected_b64) == 0); | 81 | authenticated = |
82 | (strcmp (headervalue + strlen (strbase), expected_b64) == 0); | ||
68 | 83 | ||
69 | free (expected_b64); | 84 | free (expected_b64); |
70 | 85 | ||
@@ -72,15 +87,19 @@ int is_authenticated (struct MHD_Connection *connection, | |||
72 | } | 87 | } |
73 | 88 | ||
74 | 89 | ||
75 | int secret_page (struct MHD_Connection *connection) | 90 | int |
91 | secret_page (struct MHD_Connection *connection) | ||
76 | { | 92 | { |
77 | int ret; | 93 | int ret; |
78 | struct MHD_Response *response; | 94 | struct MHD_Response *response; |
79 | const char *page = "<html><body>A secret.</body></html>"; | 95 | const char *page = "<html><body>A secret.</body></html>"; |
80 | 96 | ||
81 | response = MHD_create_response_from_data (strlen (page), (void*) page, MHD_NO, MHD_NO); | 97 | response = |
82 | if (!response) return MHD_NO; | 98 | MHD_create_response_from_data (strlen (page), (void *) page, MHD_NO, |
83 | 99 | MHD_NO); | |
100 | if (!response) | ||
101 | return MHD_NO; | ||
102 | |||
84 | ret = MHD_queue_response (connection, MHD_HTTP_OK, response); | 103 | ret = MHD_queue_response (connection, MHD_HTTP_OK, response); |
85 | MHD_destroy_response (response); | 104 | MHD_destroy_response (response); |
86 | 105 | ||
@@ -88,64 +107,78 @@ int secret_page (struct MHD_Connection *connection) | |||
88 | } | 107 | } |
89 | 108 | ||
90 | 109 | ||
91 | int answer_to_connection (void *cls, struct MHD_Connection *connection, | 110 | int |
92 | const char *url, const char *method, const char *version, | 111 | answer_to_connection (void *cls, struct MHD_Connection *connection, |
93 | const char *upload_data, unsigned int *upload_data_size, | 112 | const char *url, const char *method, |
94 | void **con_cls) | 113 | const char *version, const char *upload_data, |
114 | unsigned int *upload_data_size, void **con_cls) | ||
95 | { | 115 | { |
96 | if (0 != strcmp(method, "GET")) return MHD_NO; | 116 | if (0 != strcmp (method, "GET")) |
97 | if (NULL == *con_cls) {*con_cls = connection; return MHD_YES;} | 117 | return MHD_NO; |
118 | if (NULL == *con_cls) | ||
119 | { | ||
120 | *con_cls = connection; | ||
121 | return MHD_YES; | ||
122 | } | ||
123 | |||
124 | if (!is_authenticated (connection, USER, PASSWORD)) | ||
125 | return ask_for_authentication (connection, REALM); | ||
98 | 126 | ||
99 | if (!is_authenticated (connection, USER, PASSWORD)) | ||
100 | return ask_for_authentication (connection, REALM); | ||
101 | |||
102 | return secret_page (connection); | 127 | return secret_page (connection); |
103 | } | 128 | } |
104 | 129 | ||
105 | 130 | ||
106 | int main () | 131 | int |
132 | main () | ||
107 | { | 133 | { |
108 | struct MHD_Daemon *daemon; | 134 | struct MHD_Daemon *daemon; |
109 | 135 | ||
110 | daemon = MHD_start_daemon(MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, | 136 | daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, |
111 | &answer_to_connection, NULL, MHD_OPTION_END); | 137 | &answer_to_connection, NULL, MHD_OPTION_END); |
112 | if (NULL == daemon) return 1; | 138 | if (NULL == daemon) |
139 | return 1; | ||
113 | 140 | ||
114 | getchar (); | 141 | getchar (); |
115 | 142 | ||
116 | MHD_stop_daemon (daemon); | 143 | MHD_stop_daemon (daemon); |
117 | return 0; | 144 | return 0; |
118 | } | 145 | } |
119 | 146 | ||
120 | 147 | ||
121 | char* string_to_base64 (const char *message) | 148 | char * |
149 | string_to_base64 (const char *message) | ||
122 | { | 150 | { |
123 | const char *lookup = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; | 151 | const char *lookup = |
152 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; | ||
124 | unsigned long l; | 153 | unsigned long l; |
125 | int i; | 154 | int i; |
126 | char *tmp; | 155 | char *tmp; |
127 | size_t length = strlen (message); | 156 | size_t length = strlen (message); |
128 | 157 | ||
129 | tmp = malloc (length * 2); | 158 | tmp = malloc (length * 2); |
130 | if (NULL == tmp) return tmp; | 159 | if (NULL == tmp) |
160 | return tmp; | ||
131 | 161 | ||
132 | tmp[0] = 0; | 162 | tmp[0] = 0; |
133 | 163 | ||
134 | for (i = 0; i < length; i += 3) | 164 | for (i = 0; i < length; i += 3) |
135 | { | 165 | { |
136 | l = ( ((unsigned long) message[i])<<16 ) | 166 | l = (((unsigned long) message[i]) << 16) |
137 | | (((i+1) < length) ? (((unsigned long) message[i+1])<<8 ) : 0 ) | 167 | | (((i + 1) < length) ? (((unsigned long) message[i + 1]) << 8) : 0) |
138 | | (((i+2) < length) ? ( (unsigned long) message[i+2] ) : 0 ); | 168 | | (((i + 2) < length) ? ((unsigned long) message[i + 2]) : 0); |
169 | |||
139 | 170 | ||
171 | strncat (tmp, &lookup[(l >> 18) & 0x3F], 1); | ||
172 | strncat (tmp, &lookup[(l >> 12) & 0x3F], 1); | ||
140 | 173 | ||
141 | strncat (tmp, &lookup[(l>>18) & 0x3F], 1); | 174 | if (i + 1 < length) |
142 | strncat (tmp, &lookup[(l>>12) & 0x3F], 1); | 175 | strncat (tmp, &lookup[(l >> 6) & 0x3F], 1); |
143 | 176 | if (i + 2 < length) | |
144 | if (i+1 < length) strncat (tmp, &lookup[(l>> 6) & 0x3F], 1); | 177 | strncat (tmp, &lookup[l & 0x3F], 1); |
145 | if (i+2 < length) strncat (tmp, &lookup[l & 0x3F], 1); | ||
146 | } | 178 | } |
147 | 179 | ||
148 | if (length % 3) strncat (tmp, "===", 3-length%3); | 180 | if (length % 3) |
149 | 181 | strncat (tmp, "===", 3 - length % 3); | |
182 | |||
150 | return tmp; | 183 | return tmp; |
151 | } | 184 | } |
diff --git a/doc/examples/hellobrowser.c b/doc/examples/hellobrowser.c index 15cb5788..02ac8ef1 100644 --- a/doc/examples/hellobrowser.c +++ b/doc/examples/hellobrowser.c | |||
@@ -5,30 +5,36 @@ | |||
5 | 5 | ||
6 | #define PORT 8888 | 6 | #define PORT 8888 |
7 | 7 | ||
8 | int answer_to_connection (void *cls, struct MHD_Connection *connection, const char *url, | 8 | int |
9 | const char *method, const char *version, const char *upload_data, | 9 | answer_to_connection (void *cls, struct MHD_Connection *connection, |
10 | unsigned int *upload_data_size, void **con_cls) | 10 | const char *url, const char *method, |
11 | const char *version, const char *upload_data, | ||
12 | unsigned int *upload_data_size, void **con_cls) | ||
11 | { | 13 | { |
12 | const char *page = "<html><body>Hello, browser!</body></html>"; | 14 | const char *page = "<html><body>Hello, browser!</body></html>"; |
13 | struct MHD_Response *response; | 15 | struct MHD_Response *response; |
14 | int ret; | 16 | int ret; |
15 | 17 | ||
16 | response = MHD_create_response_from_data (strlen (page), (void*) page, MHD_NO, MHD_NO); | 18 | response = |
19 | MHD_create_response_from_data (strlen (page), (void *) page, MHD_NO, | ||
20 | MHD_NO); | ||
17 | ret = MHD_queue_response (connection, MHD_HTTP_OK, response); | 21 | ret = MHD_queue_response (connection, MHD_HTTP_OK, response); |
18 | MHD_destroy_response (response); | 22 | MHD_destroy_response (response); |
19 | 23 | ||
20 | return ret; | 24 | return ret; |
21 | } | 25 | } |
22 | 26 | ||
23 | int main () | 27 | int |
28 | main () | ||
24 | { | 29 | { |
25 | struct MHD_Daemon *daemon; | 30 | struct MHD_Daemon *daemon; |
26 | 31 | ||
27 | daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, | 32 | daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, |
28 | &answer_to_connection, NULL, MHD_OPTION_END); | 33 | &answer_to_connection, NULL, MHD_OPTION_END); |
29 | if (NULL == daemon) return 1; | 34 | if (NULL == daemon) |
35 | return 1; | ||
30 | 36 | ||
31 | getchar (); | 37 | getchar (); |
32 | 38 | ||
33 | MHD_stop_daemon (daemon); | 39 | MHD_stop_daemon (daemon); |
34 | return 0; | 40 | return 0; |
diff --git a/doc/examples/logging.c b/doc/examples/logging.c index 213c12bf..d1dd4f1f 100644 --- a/doc/examples/logging.c +++ b/doc/examples/logging.c | |||
@@ -6,32 +6,39 @@ | |||
6 | #define PORT 8888 | 6 | #define PORT 8888 |
7 | 7 | ||
8 | 8 | ||
9 | int print_out_key (void *cls, enum MHD_ValueKind kind, const char *key, const char *value) | 9 | int |
10 | print_out_key (void *cls, enum MHD_ValueKind kind, const char *key, | ||
11 | const char *value) | ||
10 | { | 12 | { |
11 | printf ("%s = %s\n", key, value); | 13 | printf ("%s = %s\n", key, value); |
12 | return MHD_YES; | 14 | return MHD_YES; |
13 | } | 15 | } |
14 | 16 | ||
15 | int answer_to_connection (void *cls, struct MHD_Connection *connection, const char *url, | 17 | int |
16 | const char *method, const char *version, const char *upload_data, | 18 | answer_to_connection (void *cls, struct MHD_Connection *connection, |
17 | unsigned int *upload_data_size, void **con_cls) | 19 | const char *url, const char *method, |
20 | const char *version, const char *upload_data, | ||
21 | unsigned int *upload_data_size, void **con_cls) | ||
18 | { | 22 | { |
19 | printf ("New request %s for %s using version %s\n", method, url, version); | 23 | printf ("New request %s for %s using version %s\n", method, url, version); |
20 | 24 | ||
21 | MHD_get_connection_values (connection, MHD_HEADER_KIND, print_out_key, NULL); | 25 | MHD_get_connection_values (connection, MHD_HEADER_KIND, print_out_key, |
26 | NULL); | ||
22 | 27 | ||
23 | return MHD_NO; | 28 | return MHD_NO; |
24 | } | 29 | } |
25 | 30 | ||
26 | int main () | 31 | int |
32 | main () | ||
27 | { | 33 | { |
28 | struct MHD_Daemon *daemon; | 34 | struct MHD_Daemon *daemon; |
29 | 35 | ||
30 | daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, | 36 | daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, |
31 | &answer_to_connection, NULL, MHD_OPTION_END); | 37 | &answer_to_connection, NULL, MHD_OPTION_END); |
32 | if (NULL == daemon) return 1; | 38 | if (NULL == daemon) |
39 | return 1; | ||
33 | 40 | ||
34 | getchar (); | 41 | getchar (); |
35 | 42 | ||
36 | MHD_stop_daemon (daemon); | 43 | MHD_stop_daemon (daemon); |
37 | return 0; | 44 | return 0; |
diff --git a/doc/examples/responseheaders.c b/doc/examples/responseheaders.c index 1555beed..31c3900d 100644 --- a/doc/examples/responseheaders.c +++ b/doc/examples/responseheaders.c | |||
@@ -9,31 +9,33 @@ | |||
9 | #define MIMETYPE "image/png" | 9 | #define MIMETYPE "image/png" |
10 | 10 | ||
11 | 11 | ||
12 | long get_file_size (const char *filename) | 12 | long |
13 | get_file_size (const char *filename) | ||
13 | { | 14 | { |
14 | FILE *fp; | 15 | FILE *fp; |
15 | 16 | ||
16 | fp = fopen (filename, "rb"); | 17 | fp = fopen (filename, "rb"); |
17 | if (fp) | 18 | if (fp) |
18 | { | 19 | { |
19 | long size; | 20 | long size; |
20 | 21 | ||
21 | if ( (0 != fseek (fp, 0, SEEK_END)) | 22 | if ((0 != fseek (fp, 0, SEEK_END)) || (-1 == (size = ftell (fp)))) |
22 | || (-1 == (size = ftell (fp))) ) | ||
23 | size = 0; | 23 | size = 0; |
24 | 24 | ||
25 | fclose (fp); | 25 | fclose (fp); |
26 | 26 | ||
27 | return size; | 27 | return size; |
28 | } | 28 | } |
29 | else | 29 | else |
30 | return 0; | 30 | return 0; |
31 | } | 31 | } |
32 | 32 | ||
33 | 33 | ||
34 | int answer_to_connection (void *cls, struct MHD_Connection *connection, const char *url, | 34 | int |
35 | const char *method, const char *version, const char *upload_data, | 35 | answer_to_connection (void *cls, struct MHD_Connection *connection, |
36 | unsigned int *upload_data_size, void **con_cls) | 36 | const char *url, const char *method, |
37 | const char *version, const char *upload_data, | ||
38 | unsigned int *upload_data_size, void **con_cls) | ||
37 | { | 39 | { |
38 | unsigned char *buffer = NULL; | 40 | unsigned char *buffer = NULL; |
39 | struct MHD_Response *response; | 41 | struct MHD_Response *response; |
@@ -41,44 +43,53 @@ int answer_to_connection (void *cls, struct MHD_Connection *connection, const ch | |||
41 | FILE *fp; | 43 | FILE *fp; |
42 | int ret = 0; | 44 | int ret = 0; |
43 | 45 | ||
44 | if (0 != strcmp(method, "GET")) return MHD_NO; | 46 | if (0 != strcmp (method, "GET")) |
47 | return MHD_NO; | ||
45 | 48 | ||
46 | size = get_file_size (FILENAME); | 49 | size = get_file_size (FILENAME); |
47 | if (size != 0) | 50 | if (size != 0) |
48 | { | 51 | { |
49 | fp = fopen (FILENAME, "rb"); | 52 | fp = fopen (FILENAME, "rb"); |
50 | if (fp) | 53 | if (fp) |
51 | { | 54 | { |
52 | buffer = malloc (size); | 55 | buffer = malloc (size); |
53 | 56 | ||
54 | if (buffer) | 57 | if (buffer) |
55 | if (size == fread (buffer, 1, size, fp)) ret = 1; | 58 | if (size == fread (buffer, 1, size, fp)) |
56 | 59 | ret = 1; | |
57 | fclose(fp); | 60 | |
58 | } | 61 | fclose (fp); |
62 | } | ||
59 | } | 63 | } |
60 | 64 | ||
61 | if (!ret) | 65 | if (!ret) |
62 | { | 66 | { |
63 | const char *errorstr = "<html><body>An internal server error has occured!\ | 67 | const char *errorstr = |
68 | "<html><body>An internal server error has occured!\ | ||
64 | </body></html>"; | 69 | </body></html>"; |
65 | 70 | ||
66 | if (buffer) free(buffer); | 71 | if (buffer) |
67 | 72 | free (buffer); | |
68 | response = MHD_create_response_from_data(strlen(errorstr), (void*)errorstr, | 73 | |
69 | MHD_NO, MHD_NO); | 74 | response = |
75 | MHD_create_response_from_data (strlen (errorstr), (void *) errorstr, | ||
76 | MHD_NO, MHD_NO); | ||
70 | 77 | ||
71 | if (response) | 78 | if (response) |
72 | { | 79 | { |
73 | ret = MHD_queue_response (connection, MHD_HTTP_INTERNAL_SERVER_ERROR, response); | 80 | ret = |
81 | MHD_queue_response (connection, MHD_HTTP_INTERNAL_SERVER_ERROR, | ||
82 | response); | ||
74 | MHD_destroy_response (response); | 83 | MHD_destroy_response (response); |
75 | 84 | ||
76 | return MHD_YES; | 85 | return MHD_YES; |
77 | } | 86 | } |
78 | else return MHD_NO; | 87 | else |
88 | return MHD_NO; | ||
79 | } | 89 | } |
80 | 90 | ||
81 | response = MHD_create_response_from_data (size, (void*)buffer, MHD_YES, MHD_NO); | 91 | response = |
92 | MHD_create_response_from_data (size, (void *) buffer, MHD_YES, MHD_NO); | ||
82 | 93 | ||
83 | MHD_add_response_header (response, "Content-Type", MIMETYPE); | 94 | MHD_add_response_header (response, "Content-Type", MIMETYPE); |
84 | 95 | ||
@@ -89,18 +100,19 @@ int answer_to_connection (void *cls, struct MHD_Connection *connection, const ch | |||
89 | } | 100 | } |
90 | 101 | ||
91 | 102 | ||
92 | int main () | 103 | int |
104 | main () | ||
93 | { | 105 | { |
94 | struct MHD_Daemon *daemon; | 106 | struct MHD_Daemon *daemon; |
95 | 107 | ||
96 | daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, | 108 | daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, |
97 | &answer_to_connection, NULL, MHD_OPTION_END); | 109 | &answer_to_connection, NULL, MHD_OPTION_END); |
98 | if (NULL == daemon) return 1; | 110 | if (NULL == daemon) |
111 | return 1; | ||
99 | 112 | ||
100 | getchar (); | 113 | getchar (); |
101 | 114 | ||
102 | MHD_stop_daemon (daemon); | 115 | MHD_stop_daemon (daemon); |
103 | 116 | ||
104 | return 0; | 117 | return 0; |
105 | } | 118 | } |
106 | |||
diff --git a/doc/examples/simplepost.c b/doc/examples/simplepost.c index 8df0a94d..6a1322db 100644 --- a/doc/examples/simplepost.c +++ b/doc/examples/simplepost.c | |||
@@ -15,30 +15,36 @@ struct connection_info_struct | |||
15 | { | 15 | { |
16 | int connectiontype; | 16 | int connectiontype; |
17 | char *answerstring; | 17 | char *answerstring; |
18 | struct MHD_PostProcessor *postprocessor; | 18 | struct MHD_PostProcessor *postprocessor; |
19 | }; | 19 | }; |
20 | 20 | ||
21 | const char* askpage = "<html><body>\ | 21 | const char *askpage = "<html><body>\ |
22 | What's your name, Sir?<br>\ | 22 | What's your name, Sir?<br>\ |
23 | <form action=\"/namepost\" method=\"post\">\ | 23 | <form action=\"/namepost\" method=\"post\">\ |
24 | <input name=\"name\" type=\"text\"\ | 24 | <input name=\"name\" type=\"text\"\ |
25 | <input type=\"submit\" value=\" Send \"></form>\ | 25 | <input type=\"submit\" value=\" Send \"></form>\ |
26 | </body></html>"; | 26 | </body></html>"; |
27 | 27 | ||
28 | const char* greatingpage = "<html><body><h1>Welcome, %s!</center></h1></body></html>"; | 28 | const char *greatingpage = |
29 | "<html><body><h1>Welcome, %s!</center></h1></body></html>"; | ||
29 | 30 | ||
30 | const char* errorpage = "<html><body>This doesn't seem to be right.</body></html>"; | 31 | const char *errorpage = |
32 | "<html><body>This doesn't seem to be right.</body></html>"; | ||
31 | 33 | ||
32 | 34 | ||
33 | int send_page (struct MHD_Connection *connection, const char* page) | 35 | int |
36 | send_page (struct MHD_Connection *connection, const char *page) | ||
34 | { | 37 | { |
35 | int ret; | 38 | int ret; |
36 | struct MHD_Response *response; | 39 | struct MHD_Response *response; |
37 | |||
38 | 40 | ||
39 | response = MHD_create_response_from_data (strlen (page), (void*) page, MHD_NO, MHD_NO); | 41 | |
40 | if (!response) return MHD_NO; | 42 | response = |
41 | 43 | MHD_create_response_from_data (strlen (page), (void *) page, MHD_NO, | |
44 | MHD_NO); | ||
45 | if (!response) | ||
46 | return MHD_NO; | ||
47 | |||
42 | ret = MHD_queue_response (connection, MHD_HTTP_OK, response); | 48 | ret = MHD_queue_response (connection, MHD_HTTP_OK, response); |
43 | MHD_destroy_response (response); | 49 | MHD_destroy_response (response); |
44 | 50 | ||
@@ -46,12 +52,15 @@ int send_page (struct MHD_Connection *connection, const char* page) | |||
46 | } | 52 | } |
47 | 53 | ||
48 | 54 | ||
49 | int iterate_post (void *coninfo_cls, enum MHD_ValueKind kind, const char *key, | 55 | int |
50 | const char *filename, const char *content_type, | 56 | iterate_post (void *coninfo_cls, enum MHD_ValueKind kind, const char *key, |
51 | const char *transfer_encoding, const char *data, size_t off, size_t size) | 57 | const char *filename, const char *content_type, |
58 | const char *transfer_encoding, const char *data, size_t off, | ||
59 | size_t size) | ||
52 | { | 60 | { |
53 | struct connection_info_struct *con_info = (struct connection_info_struct*) coninfo_cls; | 61 | struct connection_info_struct *con_info = |
54 | 62 | (struct connection_info_struct *) coninfo_cls; | |
63 | |||
55 | 64 | ||
56 | if (0 == strcmp (key, "name")) | 65 | if (0 == strcmp (key, "name")) |
57 | { | 66 | { |
@@ -59,12 +68,14 @@ int iterate_post (void *coninfo_cls, enum MHD_ValueKind kind, const char *key, | |||
59 | { | 68 | { |
60 | char *answerstring; | 69 | char *answerstring; |
61 | answerstring = malloc (MAXANSWERSIZE); | 70 | answerstring = malloc (MAXANSWERSIZE); |
62 | if (!answerstring) return MHD_NO; | 71 | if (!answerstring) |
63 | 72 | return MHD_NO; | |
73 | |||
64 | snprintf (answerstring, MAXANSWERSIZE, greatingpage, data); | 74 | snprintf (answerstring, MAXANSWERSIZE, greatingpage, data); |
65 | con_info->answerstring = answerstring; | 75 | con_info->answerstring = answerstring; |
66 | } | 76 | } |
67 | else con_info->answerstring = NULL; | 77 | else |
78 | con_info->answerstring = NULL; | ||
68 | 79 | ||
69 | return MHD_NO; | 80 | return MHD_NO; |
70 | } | 81 | } |
@@ -72,91 +83,104 @@ int iterate_post (void *coninfo_cls, enum MHD_ValueKind kind, const char *key, | |||
72 | return MHD_YES; | 83 | return MHD_YES; |
73 | } | 84 | } |
74 | 85 | ||
75 | void request_completed (void *cls, struct MHD_Connection *connection, void **con_cls, | 86 | void |
76 | enum MHD_RequestTerminationCode toe) | 87 | request_completed (void *cls, struct MHD_Connection *connection, |
88 | void **con_cls, enum MHD_RequestTerminationCode toe) | ||
77 | { | 89 | { |
78 | struct connection_info_struct *con_info = (struct connection_info_struct*) *con_cls; | 90 | struct connection_info_struct *con_info = |
91 | (struct connection_info_struct *) *con_cls; | ||
79 | 92 | ||
80 | 93 | ||
81 | if (NULL == con_info) return; | 94 | if (NULL == con_info) |
95 | return; | ||
82 | 96 | ||
83 | if (con_info->connectiontype == POST) | 97 | if (con_info->connectiontype == POST) |
84 | { | 98 | { |
85 | MHD_destroy_post_processor (con_info->postprocessor); | 99 | MHD_destroy_post_processor (con_info->postprocessor); |
86 | if (con_info->answerstring) free (con_info->answerstring); | 100 | if (con_info->answerstring) |
101 | free (con_info->answerstring); | ||
87 | } | 102 | } |
88 | 103 | ||
89 | free (con_info); | 104 | free (con_info); |
90 | *con_cls = NULL; | 105 | *con_cls = NULL; |
91 | } | 106 | } |
92 | 107 | ||
93 | 108 | ||
94 | int answer_to_connection (void *cls, struct MHD_Connection *connection, const char *url, | 109 | int |
95 | const char *method, const char *version, const char *upload_data, | 110 | answer_to_connection (void *cls, struct MHD_Connection *connection, |
96 | unsigned int *upload_data_size, void **con_cls) | 111 | const char *url, const char *method, |
112 | const char *version, const char *upload_data, | ||
113 | unsigned int *upload_data_size, void **con_cls) | ||
97 | { | 114 | { |
98 | if(NULL == *con_cls) | 115 | if (NULL == *con_cls) |
99 | { | 116 | { |
100 | struct connection_info_struct *con_info; | 117 | struct connection_info_struct *con_info; |
101 | 118 | ||
102 | con_info = malloc (sizeof (struct connection_info_struct)); | 119 | con_info = malloc (sizeof (struct connection_info_struct)); |
103 | if (NULL == con_info) return MHD_NO; | 120 | if (NULL == con_info) |
121 | return MHD_NO; | ||
104 | con_info->answerstring = NULL; | 122 | con_info->answerstring = NULL; |
105 | 123 | ||
106 | if (0 == strcmp (method, "POST")) | 124 | if (0 == strcmp (method, "POST")) |
107 | { | 125 | { |
108 | con_info->postprocessor = MHD_create_post_processor (connection, POSTBUFFERSIZE, | 126 | con_info->postprocessor = |
109 | iterate_post, (void*) con_info); | 127 | MHD_create_post_processor (connection, POSTBUFFERSIZE, |
128 | iterate_post, (void *) con_info); | ||
110 | 129 | ||
111 | if (NULL == con_info->postprocessor) | 130 | if (NULL == con_info->postprocessor) |
112 | { | 131 | { |
113 | free (con_info); | 132 | free (con_info); |
114 | return MHD_NO; | 133 | return MHD_NO; |
115 | } | 134 | } |
116 | 135 | ||
117 | con_info->connectiontype = POST; | 136 | con_info->connectiontype = POST; |
118 | } | 137 | } |
119 | else con_info->connectiontype = GET; | 138 | else |
139 | con_info->connectiontype = GET; | ||
140 | |||
141 | *con_cls = (void *) con_info; | ||
120 | 142 | ||
121 | *con_cls = (void*) con_info; | ||
122 | |||
123 | return MHD_YES; | 143 | return MHD_YES; |
124 | } | 144 | } |
125 | 145 | ||
126 | if (0 == strcmp (method, "GET")) | 146 | if (0 == strcmp (method, "GET")) |
127 | { | 147 | { |
128 | return send_page (connection, askpage); | 148 | return send_page (connection, askpage); |
129 | } | 149 | } |
130 | 150 | ||
131 | if (0 == strcmp (method, "POST")) | 151 | if (0 == strcmp (method, "POST")) |
132 | { | 152 | { |
133 | struct connection_info_struct *con_info = *con_cls; | 153 | struct connection_info_struct *con_info = *con_cls; |
134 | 154 | ||
135 | if (*upload_data_size != 0) | 155 | if (*upload_data_size != 0) |
136 | { | 156 | { |
137 | MHD_post_process(con_info->postprocessor, upload_data, *upload_data_size); | 157 | MHD_post_process (con_info->postprocessor, upload_data, |
158 | *upload_data_size); | ||
138 | *upload_data_size = 0; | 159 | *upload_data_size = 0; |
139 | 160 | ||
140 | return MHD_YES; | 161 | return MHD_YES; |
141 | } | 162 | } |
142 | else | 163 | else if (NULL != con_info->answerstring) |
143 | if (NULL != con_info->answerstring) return send_page (connection, con_info->answerstring); | 164 | return send_page (connection, con_info->answerstring); |
144 | } | 165 | } |
145 | 166 | ||
146 | return send_page(connection, errorpage); | 167 | return send_page (connection, errorpage); |
147 | } | 168 | } |
148 | 169 | ||
149 | int main () | 170 | int |
171 | main () | ||
150 | { | 172 | { |
151 | struct MHD_Daemon *daemon; | 173 | struct MHD_Daemon *daemon; |
152 | 174 | ||
153 | 175 | ||
154 | daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, | 176 | daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY, PORT, NULL, NULL, |
155 | &answer_to_connection, NULL, MHD_OPTION_NOTIFY_COMPLETED, | 177 | &answer_to_connection, NULL, |
156 | request_completed, NULL, MHD_OPTION_END); | 178 | MHD_OPTION_NOTIFY_COMPLETED, request_completed, |
157 | if (NULL == daemon) return 1; | 179 | NULL, MHD_OPTION_END); |
180 | if (NULL == daemon) | ||
181 | return 1; | ||
158 | 182 | ||
159 | getchar (); | 183 | getchar (); |
160 | 184 | ||
161 | MHD_stop_daemon (daemon); | 185 | MHD_stop_daemon (daemon); |
162 | 186 | ||
diff --git a/src/daemon/connection.c b/src/daemon/connection.c index 6aa8fe3e..e94b1d46 100644 --- a/src/daemon/connection.c +++ b/src/daemon/connection.c | |||
@@ -178,19 +178,17 @@ MHD_get_connection_values (struct MHD_Connection *connection, | |||
178 | */ | 178 | */ |
179 | int | 179 | int |
180 | MHD_set_connection_value (struct MHD_Connection *connection, | 180 | MHD_set_connection_value (struct MHD_Connection *connection, |
181 | enum MHD_ValueKind kind, | 181 | enum MHD_ValueKind kind, |
182 | const char *key, | 182 | const char *key, const char *value) |
183 | const char *value) | ||
184 | { | 183 | { |
185 | struct MHD_HTTP_Header * pos; | 184 | struct MHD_HTTP_Header *pos; |
186 | 185 | ||
187 | pos = MHD_pool_allocate(connection->pool, | 186 | pos = MHD_pool_allocate (connection->pool, |
188 | sizeof(struct MHD_HTTP_Header), | 187 | sizeof (struct MHD_HTTP_Header), MHD_NO); |
189 | MHD_NO); | ||
190 | if (pos == NULL) | 188 | if (pos == NULL) |
191 | return MHD_NO; | 189 | return MHD_NO; |
192 | pos->header = (char*) key; | 190 | pos->header = (char *) key; |
193 | pos->value = (char*) value; | 191 | pos->value = (char *) value; |
194 | pos->kind = kind; | 192 | pos->kind = kind; |
195 | pos->next = connection->headers_received; | 193 | pos->next = connection->headers_received; |
196 | connection->headers_received = pos; | 194 | connection->headers_received = pos; |
@@ -590,7 +588,7 @@ build_header_response (struct MHD_Connection *connection) | |||
590 | while (pos != NULL) | 588 | while (pos != NULL) |
591 | { | 589 | { |
592 | if (pos->kind == kind) | 590 | if (pos->kind == kind) |
593 | off += SPRINTF (&data[off], "%s: %s\r\n", pos->header, pos->value); | 591 | off += SPRINTF (&data[off], "%s: %s\r\n", pos->header, pos->value); |
594 | pos = pos->next; | 592 | pos = pos->next; |
595 | } | 593 | } |
596 | if (connection->state == MHD_CONNECTION_FOOTERS_RECEIVED) | 594 | if (connection->state == MHD_CONNECTION_FOOTERS_RECEIVED) |
@@ -1592,8 +1590,8 @@ MHD_connection_handle_write (struct MHD_Connection *connection) | |||
1592 | break; | 1590 | break; |
1593 | case MHD_CONNECTION_CONTINUE_SENDING: | 1591 | case MHD_CONNECTION_CONTINUE_SENDING: |
1594 | ret = SEND (connection->socket_fd, | 1592 | ret = SEND (connection->socket_fd, |
1595 | &HTTP_100_CONTINUE[connection-> | 1593 | &HTTP_100_CONTINUE |
1596 | continue_message_write_offset], | 1594 | [connection->continue_message_write_offset], |
1597 | strlen (HTTP_100_CONTINUE) - | 1595 | strlen (HTTP_100_CONTINUE) - |
1598 | connection->continue_message_write_offset, | 1596 | connection->continue_message_write_offset, |
1599 | MSG_NOSIGNAL); | 1597 | MSG_NOSIGNAL); |
@@ -1612,8 +1610,8 @@ MHD_connection_handle_write (struct MHD_Connection *connection) | |||
1612 | fprintf (stderr, | 1610 | fprintf (stderr, |
1613 | "Sent 100 continue response: `%.*s'\n", | 1611 | "Sent 100 continue response: `%.*s'\n", |
1614 | ret, | 1612 | ret, |
1615 | &HTTP_100_CONTINUE[connection-> | 1613 | &HTTP_100_CONTINUE |
1616 | continue_message_write_offset]); | 1614 | [connection->continue_message_write_offset]); |
1617 | #endif | 1615 | #endif |
1618 | connection->continue_message_write_offset += ret; | 1616 | connection->continue_message_write_offset += ret; |
1619 | break; | 1617 | break; |
@@ -1646,13 +1644,13 @@ MHD_connection_handle_write (struct MHD_Connection *connection) | |||
1646 | if (connection->daemon->options & MHD_USE_SSL) | 1644 | if (connection->daemon->options & MHD_USE_SSL) |
1647 | { | 1645 | { |
1648 | ret = MHD_gnutls_record_send (connection->tls_session, | 1646 | ret = MHD_gnutls_record_send (connection->tls_session, |
1649 | &connection->response-> | 1647 | &connection->response->data |
1650 | data[connection-> | 1648 | [connection-> |
1651 | response_write_position - | 1649 | response_write_position - |
1652 | response->data_start], | 1650 | response->data_start], |
1653 | response->data_size - | 1651 | response->data_size - |
1654 | (connection->response_write_position - | 1652 | (connection->response_write_position |
1655 | response->data_start)); | 1653 | - response->data_start)); |
1656 | } | 1654 | } |
1657 | else | 1655 | else |
1658 | #endif | 1656 | #endif |
@@ -1698,8 +1696,7 @@ MHD_connection_handle_write (struct MHD_Connection *connection) | |||
1698 | do_write (connection); | 1696 | do_write (connection); |
1699 | check_write_done (connection, | 1697 | check_write_done (connection, |
1700 | (connection->response->total_size == | 1698 | (connection->response->total_size == |
1701 | connection-> | 1699 | connection->response_write_position) ? |
1702 | response_write_position) ? | ||
1703 | MHD_CONNECTION_BODY_SENT : | 1700 | MHD_CONNECTION_BODY_SENT : |
1704 | MHD_CONNECTION_CHUNKED_BODY_UNREADY); | 1701 | MHD_CONNECTION_CHUNKED_BODY_UNREADY); |
1705 | break; | 1702 | break; |
@@ -1829,13 +1826,13 @@ MHD_connection_handle_idle (struct MHD_Connection *connection) | |||
1829 | connection->state = MHD_CONNECTION_CONTINUE_SENDING; | 1826 | connection->state = MHD_CONNECTION_CONTINUE_SENDING; |
1830 | break; | 1827 | break; |
1831 | } | 1828 | } |
1832 | if (connection->response != NULL) | 1829 | if (connection->response != NULL) |
1833 | { | 1830 | { |
1834 | /* we refused (no upload allowed!) */ | 1831 | /* we refused (no upload allowed!) */ |
1835 | connection->remaining_upload_size = 0; | 1832 | connection->remaining_upload_size = 0; |
1836 | /* force close, in case client still tries to upload... */ | 1833 | /* force close, in case client still tries to upload... */ |
1837 | connection->read_closed = MHD_YES; | 1834 | connection->read_closed = MHD_YES; |
1838 | } | 1835 | } |
1839 | connection->state = (connection->remaining_upload_size == 0) | 1836 | connection->state = (connection->remaining_upload_size == 0) |
1840 | ? MHD_CONNECTION_FOOTERS_RECEIVED : MHD_CONNECTION_CONTINUE_SENT; | 1837 | ? MHD_CONNECTION_FOOTERS_RECEIVED : MHD_CONNECTION_CONTINUE_SENT; |
1841 | continue; | 1838 | continue; |
@@ -1995,9 +1992,9 @@ MHD_connection_handle_idle (struct MHD_Connection *connection) | |||
1995 | connection, | 1992 | connection, |
1996 | &connection->client_context, | 1993 | &connection->client_context, |
1997 | MHD_REQUEST_TERMINATED_COMPLETED_OK); | 1994 | MHD_REQUEST_TERMINATED_COMPLETED_OK); |
1998 | end = MHD_lookup_connection_value (connection, | 1995 | end = |
1999 | MHD_HEADER_KIND, | 1996 | MHD_lookup_connection_value (connection, MHD_HEADER_KIND, |
2000 | MHD_HTTP_HEADER_CONNECTION); | 1997 | MHD_HTTP_HEADER_CONNECTION); |
2001 | connection->client_context = NULL; | 1998 | connection->client_context = NULL; |
2002 | connection->continue_message_write_offset = 0; | 1999 | connection->continue_message_write_offset = 0; |
2003 | connection->responseCode = 0; | 2000 | connection->responseCode = 0; |
diff --git a/src/daemon/connection_https.c b/src/daemon/connection_https.c index e4692119..d02ed737 100644 --- a/src/daemon/connection_https.c +++ b/src/daemon/connection_https.c | |||
@@ -49,9 +49,8 @@ | |||
49 | * (or if the infoType is unknown) | 49 | * (or if the infoType is unknown) |
50 | */ | 50 | */ |
51 | const union MHD_ConnectionInfo * | 51 | const union MHD_ConnectionInfo * |
52 | MHD_get_connection_info (struct MHD_Connection * connection, | 52 | MHD_get_connection_info (struct MHD_Connection *connection, |
53 | enum MHD_ConnectionInfoType infoType, | 53 | enum MHD_ConnectionInfoType infoType, ...) |
54 | ...) | ||
55 | { | 54 | { |
56 | if (connection->tls_session == NULL) | 55 | if (connection->tls_session == NULL) |
57 | return NULL; | 56 | return NULL; |
@@ -59,19 +58,26 @@ MHD_get_connection_info (struct MHD_Connection * connection, | |||
59 | { | 58 | { |
60 | #if HTTPS_SUPPORT | 59 | #if HTTPS_SUPPORT |
61 | case MHD_SESSION_INFO_CIPHER_ALGO: | 60 | case MHD_SESSION_INFO_CIPHER_ALGO: |
62 | return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.read_bulk_cipher_algorithm; | 61 | return (const union MHD_ConnectionInfo *) &connection-> |
62 | tls_session->security_parameters.read_bulk_cipher_algorithm; | ||
63 | case MHD_SESSION_INFO_KX_ALGO: | 63 | case MHD_SESSION_INFO_KX_ALGO: |
64 | return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.kx_algorithm; | 64 | return (const union MHD_ConnectionInfo *) &connection-> |
65 | tls_session->security_parameters.kx_algorithm; | ||
65 | case MHD_SESSION_INFO_CREDENTIALS_TYPE: | 66 | case MHD_SESSION_INFO_CREDENTIALS_TYPE: |
66 | return (const union MHD_ConnectionInfo*) &connection->tls_session->key->cred->algorithm; | 67 | return (const union MHD_ConnectionInfo *) &connection-> |
68 | tls_session->key->cred->algorithm; | ||
67 | case MHD_SESSION_INFO_MAC_ALGO: | 69 | case MHD_SESSION_INFO_MAC_ALGO: |
68 | return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.read_mac_algorithm; | 70 | return (const union MHD_ConnectionInfo *) &connection-> |
71 | tls_session->security_parameters.read_mac_algorithm; | ||
69 | case MHD_SESSION_INFO_COMPRESSION_METHOD: | 72 | case MHD_SESSION_INFO_COMPRESSION_METHOD: |
70 | return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.read_compression_algorithm; | 73 | return (const union MHD_ConnectionInfo *) &connection-> |
74 | tls_session->security_parameters.read_compression_algorithm; | ||
71 | case MHD_SESSION_INFO_PROTOCOL: | 75 | case MHD_SESSION_INFO_PROTOCOL: |
72 | return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.version; | 76 | return (const union MHD_ConnectionInfo *) &connection-> |
77 | tls_session->security_parameters.version; | ||
73 | case MHD_SESSION_INFO_CERT_TYPE: | 78 | case MHD_SESSION_INFO_CERT_TYPE: |
74 | return (const union MHD_ConnectionInfo*) &connection->tls_session->security_parameters.cert_type; | 79 | return (const union MHD_ConnectionInfo *) &connection-> |
80 | tls_session->security_parameters.cert_type; | ||
75 | #endif | 81 | #endif |
76 | default: | 82 | default: |
77 | return NULL; | 83 | return NULL; |
@@ -85,7 +91,7 @@ MHD_get_connection_info (struct MHD_Connection * connection, | |||
85 | * @param connection: the connection to close | 91 | * @param connection: the connection to close |
86 | */ | 92 | */ |
87 | static void | 93 | static void |
88 | MHD_tls_connection_close (struct MHD_Connection * connection) | 94 | MHD_tls_connection_close (struct MHD_Connection *connection) |
89 | { | 95 | { |
90 | MHD_gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR); | 96 | MHD_gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR); |
91 | connection->tls_session->internals.read_eof = 1; | 97 | connection->tls_session->internals.read_eof = 1; |
@@ -139,13 +145,13 @@ MHD_tls_connection_close_err (struct MHD_Connection *connection, | |||
139 | * error code is returned in case of an error. | 145 | * error code is returned in case of an error. |
140 | **/ | 146 | **/ |
141 | static ssize_t | 147 | static ssize_t |
142 | MHDS_con_read (struct MHD_Connection * connection) | 148 | MHDS_con_read (struct MHD_Connection *connection) |
143 | { | 149 | { |
144 | /* no special handling when GNUTLS_E_AGAIN is returned since this function is called from within a select loop */ | 150 | /* no special handling when GNUTLS_E_AGAIN is returned since this function is called from within a select loop */ |
145 | ssize_t size = MHD_gnutls_record_recv (connection->tls_session, | 151 | ssize_t size = MHD_gnutls_record_recv (connection->tls_session, |
146 | &connection->read_buffer[connection-> | 152 | &connection->read_buffer |
147 | read_buffer_offset], | 153 | [connection->read_buffer_offset], |
148 | connection->read_buffer_size); | 154 | connection->read_buffer_size); |
149 | return size; | 155 | return size; |
150 | } | 156 | } |
151 | 157 | ||
@@ -153,10 +159,12 @@ static ssize_t | |||
153 | MHDS_con_write (struct MHD_Connection *connection) | 159 | MHDS_con_write (struct MHD_Connection *connection) |
154 | { | 160 | { |
155 | ssize_t sent = MHD_gnutls_record_send (connection->tls_session, | 161 | ssize_t sent = MHD_gnutls_record_send (connection->tls_session, |
156 | &connection->write_buffer[connection-> | 162 | &connection->write_buffer |
157 | write_buffer_send_offset], | 163 | [connection-> |
158 | connection->write_buffer_append_offset | 164 | write_buffer_send_offset], |
159 | - connection->write_buffer_send_offset); | 165 | connection->write_buffer_append_offset |
166 | - | ||
167 | connection->write_buffer_send_offset); | ||
160 | return sent; | 168 | return sent; |
161 | } | 169 | } |
162 | 170 | ||
@@ -191,7 +199,7 @@ MHD_tls_connection_handle_idle (struct MHD_Connection *connection) | |||
191 | 199 | ||
192 | switch (connection->state) | 200 | switch (connection->state) |
193 | { | 201 | { |
194 | /* on newly created connections we might reach here before any reply has been received */ | 202 | /* on newly created connections we might reach here before any reply has been received */ |
195 | case MHD_TLS_CONNECTION_INIT: | 203 | case MHD_TLS_CONNECTION_INIT: |
196 | return MHD_YES; | 204 | return MHD_YES; |
197 | /* close connection if necessary */ | 205 | /* close connection if necessary */ |
@@ -301,7 +309,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection) | |||
301 | * done to decrypt alert message | 309 | * done to decrypt alert message |
302 | */ | 310 | */ |
303 | mhd_gtls_recv_int (connection->tls_session, GNUTLS_ALERT, | 311 | mhd_gtls_recv_int (connection->tls_session, GNUTLS_ALERT, |
304 | GNUTLS_HANDSHAKE_FINISHED, 0, 0); | 312 | GNUTLS_HANDSHAKE_FINISHED, 0, 0); |
305 | 313 | ||
306 | /* CLOSE_NOTIFY */ | 314 | /* CLOSE_NOTIFY */ |
307 | if (connection->tls_session->internals.last_alert == | 315 | if (connection->tls_session->internals.last_alert == |
@@ -318,7 +326,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection) | |||
318 | MHD_DLOG (connection->daemon, | 326 | MHD_DLOG (connection->daemon, |
319 | "Received TLS alert: %s\n", | 327 | "Received TLS alert: %s\n", |
320 | MHD_gnutls_alert_get_name ((int) connection->tls_session-> | 328 | MHD_gnutls_alert_get_name ((int) connection->tls_session-> |
321 | internals.last_alert)); | 329 | internals.last_alert)); |
322 | #endif | 330 | #endif |
323 | return MHD_YES; | 331 | return MHD_YES; |
324 | } | 332 | } |
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c index 47ea014a..3e467484 100644 --- a/src/daemon/daemon.c +++ b/src/daemon/daemon.c | |||
@@ -86,9 +86,9 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon) | |||
86 | return -1; | 86 | return -1; |
87 | } | 87 | } |
88 | return MHD_gnutls_certificate_set_x509_key_file (daemon->x509_cred, | 88 | return MHD_gnutls_certificate_set_x509_key_file (daemon->x509_cred, |
89 | daemon->https_cert_path, | 89 | daemon->https_cert_path, |
90 | daemon->https_key_path, | 90 | daemon->https_key_path, |
91 | GNUTLS_X509_FMT_PEM); | 91 | GNUTLS_X509_FMT_PEM); |
92 | } | 92 | } |
93 | /* certificate & key loaded from memory */ | 93 | /* certificate & key loaded from memory */ |
94 | else if (daemon->https_mem_cert && daemon->https_mem_key) | 94 | else if (daemon->https_mem_cert && daemon->https_mem_key) |
@@ -98,8 +98,9 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon) | |||
98 | cert.data = (unsigned char *) daemon->https_mem_cert; | 98 | cert.data = (unsigned char *) daemon->https_mem_cert; |
99 | cert.size = strlen (daemon->https_mem_cert); | 99 | cert.size = strlen (daemon->https_mem_cert); |
100 | 100 | ||
101 | return MHD_gnutls_certificate_set_x509_key_mem (daemon->x509_cred, &cert, | 101 | return MHD_gnutls_certificate_set_x509_key_mem (daemon->x509_cred, |
102 | &key, GNUTLS_X509_FMT_PEM); | 102 | &cert, &key, |
103 | GNUTLS_X509_FMT_PEM); | ||
103 | } | 104 | } |
104 | else | 105 | else |
105 | { | 106 | { |
@@ -121,16 +122,18 @@ MHD_TLS_init (struct MHD_Daemon *daemon) | |||
121 | case MHD_GNUTLS_CRD_ANON: | 122 | case MHD_GNUTLS_CRD_ANON: |
122 | ret = MHD_gnutls_anon_allocate_server_credentials (&daemon->anon_cred); | 123 | ret = MHD_gnutls_anon_allocate_server_credentials (&daemon->anon_cred); |
123 | ret += MHD_gnutls_dh_params_init (&daemon->dh_params); | 124 | ret += MHD_gnutls_dh_params_init (&daemon->dh_params); |
124 | if (ret != 0) { | 125 | if (ret != 0) |
125 | return GNUTLS_E_MEMORY_ERROR; | 126 | { |
126 | } | 127 | return GNUTLS_E_MEMORY_ERROR; |
128 | } | ||
127 | MHD_gnutls_dh_params_generate2 (daemon->dh_params, 1024); | 129 | MHD_gnutls_dh_params_generate2 (daemon->dh_params, 1024); |
128 | MHD_gnutls_anon_set_server_dh_params (daemon->anon_cred, daemon->dh_params); | 130 | MHD_gnutls_anon_set_server_dh_params (daemon->anon_cred, |
131 | daemon->dh_params); | ||
129 | return 0; | 132 | return 0; |
130 | case MHD_GNUTLS_CRD_CERTIFICATE: | 133 | case MHD_GNUTLS_CRD_CERTIFICATE: |
131 | ret = MHD_gnutls_certificate_allocate_credentials (&daemon->x509_cred) ; | 134 | ret = MHD_gnutls_certificate_allocate_credentials (&daemon->x509_cred); |
132 | if (ret != 0) | 135 | if (ret != 0) |
133 | return GNUTLS_E_MEMORY_ERROR; | 136 | return GNUTLS_E_MEMORY_ERROR; |
134 | return MHD_init_daemon_certificate (daemon); | 137 | return MHD_init_daemon_certificate (daemon); |
135 | default: | 138 | default: |
136 | #if HAVE_MESSAGES | 139 | #if HAVE_MESSAGES |
@@ -178,9 +181,8 @@ MHD_get_fdset (struct MHD_Daemon *daemon, | |||
178 | int fd; | 181 | int fd; |
179 | 182 | ||
180 | if ((daemon == NULL) || (read_fd_set == NULL) || (write_fd_set == NULL) | 183 | if ((daemon == NULL) || (read_fd_set == NULL) || (write_fd_set == NULL) |
181 | || (except_fd_set == NULL) || (max_fd == NULL) || (-1 == (fd = daemon-> | 184 | || (except_fd_set == NULL) || (max_fd == NULL) |
182 | socket_fd)) | 185 | || (-1 == (fd = daemon->socket_fd)) || (daemon->shutdown == MHD_YES) |
183 | || (daemon->shutdown == MHD_YES) | ||
184 | || ((daemon->options & MHD_USE_THREAD_PER_CONNECTION) != 0)) | 186 | || ((daemon->options & MHD_USE_THREAD_PER_CONNECTION) != 0)) |
185 | return MHD_NO; | 187 | return MHD_NO; |
186 | 188 | ||
@@ -324,13 +326,14 @@ MHD_TLS_init_connection (void *data) | |||
324 | { | 326 | { |
325 | /* set needed credentials for certificate authentication. */ | 327 | /* set needed credentials for certificate authentication. */ |
326 | case MHD_GNUTLS_CRD_CERTIFICATE: | 328 | case MHD_GNUTLS_CRD_CERTIFICATE: |
327 | MHD_gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_CERTIFICATE, | 329 | MHD_gnutls_credentials_set (con->tls_session, |
328 | con->daemon->x509_cred); | 330 | MHD_GNUTLS_CRD_CERTIFICATE, |
331 | con->daemon->x509_cred); | ||
329 | break; | 332 | break; |
330 | case MHD_GNUTLS_CRD_ANON: | 333 | case MHD_GNUTLS_CRD_ANON: |
331 | /* set needed credentials for anonymous authentication. */ | 334 | /* set needed credentials for anonymous authentication. */ |
332 | MHD_gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_ANON, | 335 | MHD_gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_ANON, |
333 | con->daemon->anon_cred); | 336 | con->daemon->anon_cred); |
334 | MHD_gnutls_dh_set_prime_bits (con->tls_session, 1024); | 337 | MHD_gnutls_dh_set_prime_bits (con->tls_session, 1024); |
335 | break; | 338 | break; |
336 | default: | 339 | default: |
@@ -349,8 +352,8 @@ MHD_TLS_init_connection (void *data) | |||
349 | */ | 352 | */ |
350 | 353 | ||
351 | MHD_gnutls_transport_set_ptr (con->tls_session, | 354 | MHD_gnutls_transport_set_ptr (con->tls_session, |
352 | (gnutls_transport_ptr_t) ((void *) con-> | 355 | (gnutls_transport_ptr_t) ((void *) |
353 | socket_fd)); | 356 | con->socket_fd)); |
354 | 357 | ||
355 | return MHD_handle_connection (data); | 358 | return MHD_handle_connection (data); |
356 | } | 359 | } |
@@ -432,9 +435,9 @@ MHD_accept_connection (struct MHD_Daemon *daemon) | |||
432 | } | 435 | } |
433 | 436 | ||
434 | if ((daemon->max_connections == 0) || ((daemon->per_ip_connection_limit | 437 | if ((daemon->max_connections == 0) || ((daemon->per_ip_connection_limit |
435 | != 0) && (daemon-> | 438 | != 0) |
436 | per_ip_connection_limit <= | 439 | && (daemon->per_ip_connection_limit |
437 | have))) | 440 | <= have))) |
438 | { | 441 | { |
439 | /* above connection limit - reject */ | 442 | /* above connection limit - reject */ |
440 | #if HAVE_MESSAGES | 443 | #if HAVE_MESSAGES |
@@ -834,7 +837,7 @@ MHD_start_daemon_va (unsigned int options, | |||
834 | return NULL; | 837 | return NULL; |
835 | retVal = malloc (sizeof (struct MHD_Daemon)); | 838 | retVal = malloc (sizeof (struct MHD_Daemon)); |
836 | if (retVal == NULL) | 839 | if (retVal == NULL) |
837 | return NULL; | 840 | return NULL; |
838 | memset (retVal, 0, sizeof (struct MHD_Daemon)); | 841 | memset (retVal, 0, sizeof (struct MHD_Daemon)); |
839 | retVal->options = options; | 842 | retVal->options = options; |
840 | retVal->port = port; | 843 | retVal->port = port; |
@@ -883,8 +886,8 @@ MHD_start_daemon_va (unsigned int options, | |||
883 | case MHD_OPTION_PER_IP_CONNECTION_LIMIT: | 886 | case MHD_OPTION_PER_IP_CONNECTION_LIMIT: |
884 | retVal->per_ip_connection_limit = va_arg (ap, unsigned int); | 887 | retVal->per_ip_connection_limit = va_arg (ap, unsigned int); |
885 | break; | 888 | break; |
886 | case MHD_OPTION_SOCK_ADDR: | 889 | case MHD_OPTION_SOCK_ADDR: |
887 | servaddr = va_arg (ap, struct sockaddr *); | 890 | servaddr = va_arg (ap, struct sockaddr *); |
888 | break; | 891 | break; |
889 | #if HTTPS_SUPPORT | 892 | #if HTTPS_SUPPORT |
890 | case MHD_OPTION_PROTOCOL_VERSION: | 893 | case MHD_OPTION_PROTOCOL_VERSION: |
@@ -921,8 +924,8 @@ MHD_start_daemon_va (unsigned int options, | |||
921 | #endif | 924 | #endif |
922 | default: | 925 | default: |
923 | #if HAVE_MESSAGES | 926 | #if HAVE_MESSAGES |
924 | if ( (opt >= MHD_OPTION_HTTPS_KEY_PATH) && | 927 | if ((opt >= MHD_OPTION_HTTPS_KEY_PATH) && |
925 | (opt <= MHD_OPTION_TLS_COMP_ALGO) ) | 928 | (opt <= MHD_OPTION_TLS_COMP_ALGO)) |
926 | { | 929 | { |
927 | fprintf (stderr, | 930 | fprintf (stderr, |
928 | "MHD HTTPS option %d passed to MHD compiled without HTTPS support\n", | 931 | "MHD HTTPS option %d passed to MHD compiled without HTTPS support\n", |
@@ -932,7 +935,7 @@ MHD_start_daemon_va (unsigned int options, | |||
932 | { | 935 | { |
933 | fprintf (stderr, | 936 | fprintf (stderr, |
934 | "Invalid option %d! (Did you terminate the list with MHD_OPTION_END?)\n", | 937 | "Invalid option %d! (Did you terminate the list with MHD_OPTION_END?)\n", |
935 | opt); | 938 | opt); |
936 | } | 939 | } |
937 | #endif | 940 | #endif |
938 | abort (); | 941 | abort (); |
@@ -949,7 +952,7 @@ MHD_start_daemon_va (unsigned int options, | |||
949 | if ((options & MHD_USE_DEBUG) != 0) | 952 | if ((options & MHD_USE_DEBUG) != 0) |
950 | fprintf (stderr, "Call to socket failed: %s\n", STRERROR (errno)); | 953 | fprintf (stderr, "Call to socket failed: %s\n", STRERROR (errno)); |
951 | #endif | 954 | #endif |
952 | free(retVal); | 955 | free (retVal); |
953 | return NULL; | 956 | return NULL; |
954 | } | 957 | } |
955 | if ((SETSOCKOPT (socket_fd, | 958 | if ((SETSOCKOPT (socket_fd, |
@@ -974,19 +977,19 @@ MHD_start_daemon_va (unsigned int options, | |||
974 | if (NULL == servaddr) | 977 | if (NULL == servaddr) |
975 | { | 978 | { |
976 | if ((options & MHD_USE_IPv6) != 0) | 979 | if ((options & MHD_USE_IPv6) != 0) |
977 | { | 980 | { |
978 | memset (&servaddr6, 0, sizeof (struct sockaddr_in6)); | 981 | memset (&servaddr6, 0, sizeof (struct sockaddr_in6)); |
979 | servaddr6.sin6_family = AF_INET6; | 982 | servaddr6.sin6_family = AF_INET6; |
980 | servaddr6.sin6_port = htons (port); | 983 | servaddr6.sin6_port = htons (port); |
981 | servaddr = (struct sockaddr *) &servaddr6; | 984 | servaddr = (struct sockaddr *) &servaddr6; |
982 | } | 985 | } |
983 | else | 986 | else |
984 | { | 987 | { |
985 | memset (&servaddr4, 0, sizeof (struct sockaddr_in)); | 988 | memset (&servaddr4, 0, sizeof (struct sockaddr_in)); |
986 | servaddr4.sin_family = AF_INET; | 989 | servaddr4.sin_family = AF_INET; |
987 | servaddr4.sin_port = htons (port); | 990 | servaddr4.sin_port = htons (port); |
988 | servaddr = (struct sockaddr *) &servaddr4; | 991 | servaddr = (struct sockaddr *) &servaddr4; |
989 | } | 992 | } |
990 | } | 993 | } |
991 | retVal->socket_fd = socket_fd; | 994 | retVal->socket_fd = socket_fd; |
992 | if (BIND (socket_fd, servaddr, addrlen) < 0) | 995 | if (BIND (socket_fd, servaddr, addrlen) < 0) |
@@ -997,7 +1000,7 @@ MHD_start_daemon_va (unsigned int options, | |||
997 | "Failed to bind to port %u: %s\n", port, STRERROR (errno)); | 1000 | "Failed to bind to port %u: %s\n", port, STRERROR (errno)); |
998 | #endif | 1001 | #endif |
999 | CLOSE (socket_fd); | 1002 | CLOSE (socket_fd); |
1000 | free(retVal); | 1003 | free (retVal); |
1001 | return NULL; | 1004 | return NULL; |
1002 | } | 1005 | } |
1003 | 1006 | ||
@@ -1010,7 +1013,7 @@ MHD_start_daemon_va (unsigned int options, | |||
1010 | "Failed to listen for connections: %s\n", STRERROR (errno)); | 1013 | "Failed to listen for connections: %s\n", STRERROR (errno)); |
1011 | #endif | 1014 | #endif |
1012 | CLOSE (socket_fd); | 1015 | CLOSE (socket_fd); |
1013 | free(retVal); | 1016 | free (retVal); |
1014 | return NULL; | 1017 | return NULL; |
1015 | } | 1018 | } |
1016 | 1019 | ||
@@ -1026,20 +1029,19 @@ MHD_start_daemon_va (unsigned int options, | |||
1026 | return NULL; | 1029 | return NULL; |
1027 | } | 1030 | } |
1028 | #endif | 1031 | #endif |
1029 | if (((0 != (options & MHD_USE_THREAD_PER_CONNECTION)) || | 1032 | if (((0 != (options & MHD_USE_THREAD_PER_CONNECTION)) || |
1030 | (0 != (options & MHD_USE_SELECT_INTERNALLY))) | 1033 | (0 != (options & MHD_USE_SELECT_INTERNALLY))) |
1031 | && (0 != | 1034 | && (0 != |
1032 | pthread_create (&retVal->pid, NULL, &MHD_select_thread, retVal))) | 1035 | pthread_create (&retVal->pid, NULL, &MHD_select_thread, retVal))) |
1033 | { | 1036 | { |
1034 | #if HAVE_MESSAGES | 1037 | #if HAVE_MESSAGES |
1035 | MHD_DLOG (retVal, | 1038 | MHD_DLOG (retVal, |
1036 | "Failed to create listen thread: %s\n", | 1039 | "Failed to create listen thread: %s\n", STRERROR (errno)); |
1037 | STRERROR (errno)); | ||
1038 | #endif | 1040 | #endif |
1039 | free (retVal); | 1041 | free (retVal); |
1040 | CLOSE (socket_fd); | 1042 | CLOSE (socket_fd); |
1041 | return NULL; | 1043 | return NULL; |
1042 | } | 1044 | } |
1043 | return retVal; | 1045 | return retVal; |
1044 | } | 1046 | } |
1045 | 1047 | ||
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h index 9220905f..4ed17b0b 100644 --- a/src/daemon/https/gnutls.h +++ b/src/daemon/https/gnutls.h | |||
@@ -183,13 +183,13 @@ extern "C" | |||
183 | typedef void *gnutls_transport_ptr_t; | 183 | typedef void *gnutls_transport_ptr_t; |
184 | 184 | ||
185 | struct MHD_gtls_session_int; | 185 | struct MHD_gtls_session_int; |
186 | typedef struct MHD_gtls_session_int * mhd_gtls_session_t; | 186 | typedef struct MHD_gtls_session_int *mhd_gtls_session_t; |
187 | 187 | ||
188 | struct MHD_gtls_dh_params_int; | 188 | struct MHD_gtls_dh_params_int; |
189 | typedef struct MHD_gtls_dh_params_int * mhd_gtls_dh_params_t; | 189 | typedef struct MHD_gtls_dh_params_int *mhd_gtls_dh_params_t; |
190 | 190 | ||
191 | struct MHD_gtls_x509_privkey_int; /* XXX ugly. */ | 191 | struct MHD_gtls_x509_privkey_int; /* XXX ugly. */ |
192 | typedef struct MHD_gtls_x509_privkey_int * mhd_gtls_rsa_params_t; /* XXX ugly. */ | 192 | typedef struct MHD_gtls_x509_privkey_int *mhd_gtls_rsa_params_t; /* XXX ugly. */ |
193 | 193 | ||
194 | struct MHD_gtls_priority_st; | 194 | struct MHD_gtls_priority_st; |
195 | typedef struct MHD_gtls_priority_st *gnutls_priority_t; | 195 | typedef struct MHD_gtls_priority_st *gnutls_priority_t; |
@@ -212,7 +212,8 @@ extern "C" | |||
212 | int deinit; | 212 | int deinit; |
213 | } gnutls_params_st; | 213 | } gnutls_params_st; |
214 | 214 | ||
215 | typedef int gnutls_params_function (mhd_gtls_session_t, gnutls_params_type_t, | 215 | typedef int gnutls_params_function (mhd_gtls_session_t, |
216 | gnutls_params_type_t, | ||
216 | gnutls_params_st *); | 217 | gnutls_params_st *); |
217 | 218 | ||
218 | /* internal functions */ | 219 | /* internal functions */ |
@@ -220,7 +221,7 @@ extern "C" | |||
220 | void MHD_gnutls_global_deinit (void); | 221 | void MHD_gnutls_global_deinit (void); |
221 | 222 | ||
222 | int MHD_gnutls_init (mhd_gtls_session_t * session, | 223 | int MHD_gnutls_init (mhd_gtls_session_t * session, |
223 | gnutls_connection_end_t con_end); | 224 | gnutls_connection_end_t con_end); |
224 | void MHD_gnutls_deinit (mhd_gtls_session_t session); | 225 | void MHD_gnutls_deinit (mhd_gtls_session_t session); |
225 | 226 | ||
226 | int MHD_gnutls_bye (mhd_gtls_session_t session, gnutls_close_request_t how); | 227 | int MHD_gnutls_bye (mhd_gtls_session_t session, gnutls_close_request_t how); |
@@ -228,10 +229,10 @@ extern "C" | |||
228 | int MHD_gnutls_rehandshake (mhd_gtls_session_t session); | 229 | int MHD_gnutls_rehandshake (mhd_gtls_session_t session); |
229 | gnutls_alert_description_t gnutls_alert_get (mhd_gtls_session_t session); | 230 | gnutls_alert_description_t gnutls_alert_get (mhd_gtls_session_t session); |
230 | int MHD_gnutls_alert_send (mhd_gtls_session_t session, | 231 | int MHD_gnutls_alert_send (mhd_gtls_session_t session, |
231 | gnutls_alert_level_t level, | 232 | gnutls_alert_level_t level, |
232 | gnutls_alert_description_t desc); | 233 | gnutls_alert_description_t desc); |
233 | int MHD_gnutls_alert_send_appropriate (mhd_gtls_session_t session, int err); | 234 | int MHD_gnutls_alert_send_appropriate (mhd_gtls_session_t session, int err); |
234 | const char * MHD_gnutls_alert_get_name (gnutls_alert_description_t alert); | 235 | const char *MHD_gnutls_alert_get_name (gnutls_alert_description_t alert); |
235 | 236 | ||
236 | // enum MHD_GNUTLS_CipherAlgorithm gnutls_cipher_get (mhd_gtls_session_t session); | 237 | // enum MHD_GNUTLS_CipherAlgorithm gnutls_cipher_get (mhd_gtls_session_t session); |
237 | // enum MHD_GNUTLS_KeyExchangeAlgorithm gnutls_kx_get (mhd_gtls_session_t session); | 238 | // enum MHD_GNUTLS_KeyExchangeAlgorithm gnutls_kx_get (mhd_gtls_session_t session); |
@@ -241,41 +242,51 @@ extern "C" | |||
241 | // enum MHD_GNUTLS_CertificateType gnutls_certificate_type_get (mhd_gtls_session_t | 242 | // enum MHD_GNUTLS_CertificateType gnutls_certificate_type_get (mhd_gtls_session_t |
242 | // session); | 243 | // session); |
243 | 244 | ||
244 | size_t MHD_gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm algorithm); | 245 | size_t MHD_gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm |
245 | size_t MHD_gnutls_mac_get_key_size (enum MHD_GNUTLS_HashAlgorithm algorithm); | 246 | algorithm); |
247 | size_t MHD_gnutls_mac_get_key_size (enum MHD_GNUTLS_HashAlgorithm | ||
248 | algorithm); | ||
246 | 249 | ||
247 | /* the name of the specified algorithms */ | 250 | /* the name of the specified algorithms */ |
248 | const char * MHD_gnutls_cipher_get_name (enum MHD_GNUTLS_CipherAlgorithm algorithm); | 251 | const char *MHD_gnutls_cipher_get_name (enum MHD_GNUTLS_CipherAlgorithm |
249 | const char * MHD_gnutls_mac_get_name (enum MHD_GNUTLS_HashAlgorithm algorithm); | 252 | algorithm); |
250 | const char * MHD_gnutls_compression_get_name (enum MHD_GNUTLS_CompressionMethod | 253 | const char *MHD_gnutls_mac_get_name (enum MHD_GNUTLS_HashAlgorithm |
251 | algorithm); | 254 | algorithm); |
252 | const char * MHD_gnutls_kx_get_name (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); | 255 | const char *MHD_gnutls_compression_get_name (enum |
253 | const char * MHD_gnutls_certificate_type_get_name (enum MHD_GNUTLS_CertificateType | 256 | MHD_GNUTLS_CompressionMethod |
254 | type); | 257 | algorithm); |
258 | const char *MHD_gnutls_kx_get_name (enum MHD_GNUTLS_KeyExchangeAlgorithm | ||
259 | algorithm); | ||
260 | const char *MHD_gnutls_certificate_type_get_name (enum | ||
261 | MHD_GNUTLS_CertificateType | ||
262 | type); | ||
255 | 263 | ||
256 | enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name); | 264 | enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name); |
257 | enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get_id (const char *name); | 265 | enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get_id (const char |
266 | *name); | ||
258 | enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name); | 267 | enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name); |
259 | enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char *name); | 268 | enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char *name); |
260 | enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char *name); | 269 | enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char *name); |
261 | enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char *name); | 270 | enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char |
271 | *name); | ||
262 | 272 | ||
263 | /* list supported algorithms */ | 273 | /* list supported algorithms */ |
264 | const enum MHD_GNUTLS_CipherAlgorithm * MHD_gtls_cipher_list (void); | 274 | const enum MHD_GNUTLS_CipherAlgorithm *MHD_gtls_cipher_list (void); |
265 | const enum MHD_GNUTLS_HashAlgorithm * MHD_gtls_mac_list (void); | 275 | const enum MHD_GNUTLS_HashAlgorithm *MHD_gtls_mac_list (void); |
266 | const enum MHD_GNUTLS_CompressionMethod * MHD_gtls_compression_list (void); | 276 | const enum MHD_GNUTLS_CompressionMethod *MHD_gtls_compression_list (void); |
267 | const enum MHD_GNUTLS_Protocol * MHD_gtls_protocol_list (void); | 277 | const enum MHD_GNUTLS_Protocol *MHD_gtls_protocol_list (void); |
268 | const enum MHD_GNUTLS_CertificateType * MHD_gtls_certificate_type_list (void); | 278 | const enum MHD_GNUTLS_CertificateType |
269 | const enum MHD_GNUTLS_KeyExchangeAlgorithm * MHD_gtls_kx_list (void); | 279 | *MHD_gtls_certificate_type_list (void); |
280 | const enum MHD_GNUTLS_KeyExchangeAlgorithm *MHD_gtls_kx_list (void); | ||
270 | 281 | ||
271 | /* error functions */ | 282 | /* error functions */ |
272 | int MHD_gtls_error_is_fatal (int error); | 283 | int MHD_gtls_error_is_fatal (int error); |
273 | int MHD_gtls_error_to_alert (int err, int *level); | 284 | int MHD_gtls_error_to_alert (int err, int *level); |
274 | void MHD_gtls_perror (int error); | 285 | void MHD_gtls_perror (int error); |
275 | const char * MHD_gtls_strerror (int error); | 286 | const char *MHD_gtls_strerror (int error); |
276 | 287 | ||
277 | void MHD_gtls_handshake_set_private_extensions (mhd_gtls_session_t session, | 288 | void MHD_gtls_handshake_set_private_extensions (mhd_gtls_session_t session, |
278 | int allow); | 289 | int allow); |
279 | gnutls_handshake_description_t | 290 | gnutls_handshake_description_t |
280 | MHD_gtls_handshake_get_last_out (mhd_gtls_session_t session); | 291 | MHD_gtls_handshake_get_last_out (mhd_gtls_session_t session); |
281 | gnutls_handshake_description_t | 292 | gnutls_handshake_description_t |
@@ -284,10 +295,10 @@ extern "C" | |||
284 | /* | 295 | /* |
285 | * Record layer functions. | 296 | * Record layer functions. |
286 | */ | 297 | */ |
287 | ssize_t MHD_gnutls_record_send (mhd_gtls_session_t session, const void *data, | 298 | ssize_t MHD_gnutls_record_send (mhd_gtls_session_t session, |
288 | size_t sizeofdata); | 299 | const void *data, size_t sizeofdata); |
289 | ssize_t MHD_gnutls_record_recv (mhd_gtls_session_t session, void *data, | 300 | ssize_t MHD_gnutls_record_recv (mhd_gtls_session_t session, void *data, |
290 | size_t sizeofdata); | 301 | size_t sizeofdata); |
291 | 302 | ||
292 | /* provides extra compatibility */ | 303 | /* provides extra compatibility */ |
293 | void MHD_gtls_record_disable_padding (mhd_gtls_session_t session); | 304 | void MHD_gtls_record_disable_padding (mhd_gtls_session_t session); |
@@ -295,20 +306,21 @@ extern "C" | |||
295 | 306 | ||
296 | int MHD_gnutls_record_get_direction (mhd_gtls_session_t session); | 307 | int MHD_gnutls_record_get_direction (mhd_gtls_session_t session); |
297 | size_t MHD_gnutls_record_get_max_size (mhd_gtls_session_t session); | 308 | size_t MHD_gnutls_record_get_max_size (mhd_gtls_session_t session); |
298 | ssize_t MHD_gnutls_record_set_max_size (mhd_gtls_session_t session, size_t size); | 309 | ssize_t MHD_gnutls_record_set_max_size (mhd_gtls_session_t session, |
310 | size_t size); | ||
299 | 311 | ||
300 | 312 | ||
301 | int MHD_gnutls_prf (mhd_gtls_session_t session, | 313 | int MHD_gnutls_prf (mhd_gtls_session_t session, |
302 | size_t label_size, const char *label, | ||
303 | int server_random_first, | ||
304 | size_t extra_size, const char *extra, | ||
305 | size_t outsize, char *out); | ||
306 | |||
307 | int MHD_gnutls_prf_raw (mhd_gtls_session_t session, | ||
308 | size_t label_size, const char *label, | 314 | size_t label_size, const char *label, |
309 | size_t seed_size, const char *seed, | 315 | int server_random_first, |
316 | size_t extra_size, const char *extra, | ||
310 | size_t outsize, char *out); | 317 | size_t outsize, char *out); |
311 | 318 | ||
319 | int MHD_gnutls_prf_raw (mhd_gtls_session_t session, | ||
320 | size_t label_size, const char *label, | ||
321 | size_t seed_size, const char *seed, | ||
322 | size_t outsize, char *out); | ||
323 | |||
312 | /* | 324 | /* |
313 | * TLS Extensions | 325 | * TLS Extensions |
314 | */ | 326 | */ |
@@ -318,12 +330,12 @@ extern "C" | |||
318 | } gnutls_server_name_type_t; | 330 | } gnutls_server_name_type_t; |
319 | 331 | ||
320 | int MHD_gnutls_server_name_set (mhd_gtls_session_t session, | 332 | int MHD_gnutls_server_name_set (mhd_gtls_session_t session, |
321 | gnutls_server_name_type_t type, | 333 | gnutls_server_name_type_t type, |
322 | const void *name, size_t name_length); | 334 | const void *name, size_t name_length); |
323 | 335 | ||
324 | int MHD_gnutls_server_name_get (mhd_gtls_session_t session, | 336 | int MHD_gnutls_server_name_get (mhd_gtls_session_t session, |
325 | void *data, size_t * data_length, | 337 | void *data, size_t * data_length, |
326 | unsigned int *type, unsigned int indx); | 338 | unsigned int *type, unsigned int indx); |
327 | 339 | ||
328 | /* Opaque PRF Input | 340 | /* Opaque PRF Input |
329 | * http://tools.ietf.org/id/draft-rescorla-tls-opaque-prf-input-00.txt | 341 | * http://tools.ietf.org/id/draft-rescorla-tls-opaque-prf-input-00.txt |
@@ -331,7 +343,7 @@ extern "C" | |||
331 | 343 | ||
332 | void | 344 | void |
333 | MHD_gtls_oprfi_enable_client (mhd_gtls_session_t session, | 345 | MHD_gtls_oprfi_enable_client (mhd_gtls_session_t session, |
334 | size_t len, unsigned char *data); | 346 | size_t len, unsigned char *data); |
335 | 347 | ||
336 | typedef int (*gnutls_oprfi_callback_func) (mhd_gtls_session_t session, | 348 | typedef int (*gnutls_oprfi_callback_func) (mhd_gtls_session_t session, |
337 | void *userdata, | 349 | void *userdata, |
@@ -341,8 +353,8 @@ extern "C" | |||
341 | 353 | ||
342 | void | 354 | void |
343 | MHD_gtls_oprfi_enable_server (mhd_gtls_session_t session, | 355 | MHD_gtls_oprfi_enable_server (mhd_gtls_session_t session, |
344 | gnutls_oprfi_callback_func cb, | 356 | gnutls_oprfi_callback_func cb, |
345 | void *userdata); | 357 | void *userdata); |
346 | 358 | ||
347 | /* Supplemental data, RFC 4680. */ | 359 | /* Supplemental data, RFC 4680. */ |
348 | typedef enum | 360 | typedef enum |
@@ -350,31 +362,36 @@ extern "C" | |||
350 | GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0 | 362 | GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0 |
351 | } gnutls_supplemental_data_format_type_t; | 363 | } gnutls_supplemental_data_format_type_t; |
352 | 364 | ||
353 | const char * MHD_gtls_supplemental_get_name | 365 | const char *MHD_gtls_supplemental_get_name |
354 | (gnutls_supplemental_data_format_type_t type); | 366 | (gnutls_supplemental_data_format_type_t type); |
355 | 367 | ||
356 | int MHD_gnutls_cipher_set_priority (mhd_gtls_session_t session, const int *list); | 368 | int MHD_gnutls_cipher_set_priority (mhd_gtls_session_t session, |
357 | int MHD_gnutls_mac_set_priority (mhd_gtls_session_t session, const int *list); | 369 | const int *list); |
370 | int MHD_gnutls_mac_set_priority (mhd_gtls_session_t session, | ||
371 | const int *list); | ||
358 | int MHD_gnutls_compression_set_priority (mhd_gtls_session_t session, | 372 | int MHD_gnutls_compression_set_priority (mhd_gtls_session_t session, |
359 | const int *list); | 373 | const int *list); |
360 | int MHD_gnutls_kx_set_priority (mhd_gtls_session_t session, const int *list); | 374 | int MHD_gnutls_kx_set_priority (mhd_gtls_session_t session, |
375 | const int *list); | ||
361 | int MHD_gnutls_protocol_set_priority (mhd_gtls_session_t session, | 376 | int MHD_gnutls_protocol_set_priority (mhd_gtls_session_t session, |
362 | const int *list); | 377 | const int *list); |
363 | int MHD_gnutls_certificate_type_set_priority (mhd_gtls_session_t session, | 378 | int MHD_gnutls_certificate_type_set_priority (mhd_gtls_session_t session, |
364 | const int *list); | 379 | const int *list); |
365 | 380 | ||
366 | int MHD_tls_set_default_priority (gnutls_priority_t *, const char *priority, | 381 | int MHD_tls_set_default_priority (gnutls_priority_t *, const char *priority, |
367 | const char **err_pos); | 382 | const char **err_pos); |
368 | void MHD_gnutls_priority_deinit (gnutls_priority_t); | 383 | void MHD_gnutls_priority_deinit (gnutls_priority_t); |
369 | 384 | ||
370 | int MHD_gnutls_priority_set (mhd_gtls_session_t session, gnutls_priority_t); | 385 | int MHD_gnutls_priority_set (mhd_gtls_session_t session, gnutls_priority_t); |
371 | int MHD_gnutls_priority_set_direct (mhd_gtls_session_t session, | 386 | int MHD_gnutls_priority_set_direct (mhd_gtls_session_t session, |
372 | const char *priority, const char **err_pos); | 387 | const char *priority, |
388 | const char **err_pos); | ||
373 | 389 | ||
374 | /* get the currently used protocol version */ | 390 | /* get the currently used protocol version */ |
375 | enum MHD_GNUTLS_Protocol MHD_gnutls_protocol_get_version (mhd_gtls_session_t session); | 391 | enum MHD_GNUTLS_Protocol MHD_gnutls_protocol_get_version (mhd_gtls_session_t |
392 | session); | ||
376 | 393 | ||
377 | const char * MHD_gnutls_protocol_get_name (enum MHD_GNUTLS_Protocol version); | 394 | const char *MHD_gnutls_protocol_get_name (enum MHD_GNUTLS_Protocol version); |
378 | 395 | ||
379 | /* | 396 | /* |
380 | * get/set session | 397 | * get/set session |
@@ -388,23 +405,24 @@ extern "C" | |||
388 | // gnutls_datum_t * data); | 405 | // gnutls_datum_t * data); |
389 | 406 | ||
390 | int MHD_gtls_session_get_id (mhd_gtls_session_t session, void *session_id, | 407 | int MHD_gtls_session_get_id (mhd_gtls_session_t session, void *session_id, |
391 | size_t * session_id_size); | 408 | size_t * session_id_size); |
392 | 409 | ||
393 | /* returns security values. | 410 | /* returns security values. |
394 | * Do not use them unless you know what you're doing. | 411 | * Do not use them unless you know what you're doing. |
395 | */ | 412 | */ |
396 | const void * MHD_gtls_session_get_server_random (mhd_gtls_session_t session); | 413 | const void *MHD_gtls_session_get_server_random (mhd_gtls_session_t session); |
397 | const void * MHD_gtls_session_get_client_random (mhd_gtls_session_t session); | 414 | const void *MHD_gtls_session_get_client_random (mhd_gtls_session_t session); |
398 | const void * MHD_gtls_session_get_master_secret (mhd_gtls_session_t session); | 415 | const void *MHD_gtls_session_get_master_secret (mhd_gtls_session_t session); |
399 | 416 | ||
400 | int MHD_gtls_session_is_resumed (mhd_gtls_session_t session); | 417 | int MHD_gtls_session_is_resumed (mhd_gtls_session_t session); |
401 | 418 | ||
402 | typedef int (*gnutls_handshake_post_client_hello_func) (mhd_gtls_session_t); | 419 | typedef int (*gnutls_handshake_post_client_hello_func) (mhd_gtls_session_t); |
403 | void MHD_gnutls_handshake_set_post_client_hello_function (mhd_gtls_session_t, | 420 | void |
404 | gnutls_handshake_post_client_hello_func); | 421 | MHD_gnutls_handshake_set_post_client_hello_function (mhd_gtls_session_t, |
422 | gnutls_handshake_post_client_hello_func); | ||
405 | 423 | ||
406 | void MHD_gnutls_handshake_set_max_packet_length (mhd_gtls_session_t session, | 424 | void MHD_gnutls_handshake_set_max_packet_length (mhd_gtls_session_t session, |
407 | size_t max); | 425 | size_t max); |
408 | 426 | ||
409 | /* | 427 | /* |
410 | * Functions for setting/clearing credentials | 428 | * Functions for setting/clearing credentials |
@@ -415,47 +433,49 @@ extern "C" | |||
415 | * cred is a structure defined by the kx algorithm | 433 | * cred is a structure defined by the kx algorithm |
416 | */ | 434 | */ |
417 | int MHD_gnutls_credentials_set (mhd_gtls_session_t session, | 435 | int MHD_gnutls_credentials_set (mhd_gtls_session_t session, |
418 | enum MHD_GNUTLS_CredentialsType type, void *cred); | 436 | enum MHD_GNUTLS_CredentialsType type, |
437 | void *cred); | ||
419 | 438 | ||
420 | /* Credential structures - used in MHD_gnutls_credentials_set(); */ | 439 | /* Credential structures - used in MHD_gnutls_credentials_set(); */ |
421 | struct mhd_gtls_certificate_credentials_st; | 440 | struct mhd_gtls_certificate_credentials_st; |
422 | typedef struct mhd_gtls_certificate_credentials_st | 441 | typedef struct mhd_gtls_certificate_credentials_st |
423 | * mhd_gtls_cert_credentials_t; | 442 | *mhd_gtls_cert_credentials_t; |
424 | typedef mhd_gtls_cert_credentials_t | 443 | typedef mhd_gtls_cert_credentials_t mhd_gtls_cert_server_credentials; |
425 | mhd_gtls_cert_server_credentials; | 444 | typedef mhd_gtls_cert_credentials_t mhd_gtls_cert_client_credentials; |
426 | typedef mhd_gtls_cert_credentials_t | ||
427 | mhd_gtls_cert_client_credentials; | ||
428 | 445 | ||
429 | typedef struct mhd_gtls_anon_server_credentials_st | 446 | typedef struct mhd_gtls_anon_server_credentials_st |
430 | * mhd_gtls_anon_server_credentials_t; | 447 | *mhd_gtls_anon_server_credentials_t; |
431 | typedef struct mhd_gtls_anon_client_credentials_st | 448 | typedef struct mhd_gtls_anon_client_credentials_st |
432 | * mhd_gtls_anon_client_credentials_t; | 449 | *mhd_gtls_anon_client_credentials_t; |
433 | 450 | ||
434 | void MHD_gnutls_anon_free_server_credentials (mhd_gtls_anon_server_credentials_t | 451 | void |
435 | sc); | 452 | MHD_gnutls_anon_free_server_credentials |
453 | (mhd_gtls_anon_server_credentials_t sc); | ||
436 | int | 454 | int |
437 | MHD_gnutls_anon_allocate_server_credentials (mhd_gtls_anon_server_credentials_t | 455 | MHD_gnutls_anon_allocate_server_credentials |
438 | * sc); | 456 | (mhd_gtls_anon_server_credentials_t * sc); |
439 | 457 | ||
440 | void MHD_gnutls_anon_set_server_dh_params (mhd_gtls_anon_server_credentials_t res, | 458 | void |
441 | mhd_gtls_dh_params_t dh_params); | 459 | MHD_gnutls_anon_set_server_dh_params (mhd_gtls_anon_server_credentials_t |
460 | res, | ||
461 | mhd_gtls_dh_params_t dh_params); | ||
442 | 462 | ||
443 | void | 463 | void |
444 | MHD_gnutls_anon_set_server_params_function (mhd_gtls_anon_server_credentials_t | 464 | MHD_gnutls_anon_set_server_params_function |
445 | res, | 465 | (mhd_gtls_anon_server_credentials_t res, gnutls_params_function * func); |
446 | gnutls_params_function * func); | ||
447 | 466 | ||
448 | void MHD_gnutls_anon_free_client_credentials (mhd_gtls_anon_client_credentials_t | 467 | void |
449 | sc); | 468 | MHD_gnutls_anon_free_client_credentials |
469 | (mhd_gtls_anon_client_credentials_t sc); | ||
450 | int | 470 | int |
451 | MHD_gnutls_anon_allocate_client_credentials (mhd_gtls_anon_client_credentials_t | 471 | MHD_gnutls_anon_allocate_client_credentials |
452 | * sc); | 472 | (mhd_gtls_anon_client_credentials_t * sc); |
453 | 473 | ||
454 | void MHD_gnutls_certificate_free_credentials (mhd_gtls_cert_credentials_t | 474 | void MHD_gnutls_certificate_free_credentials (mhd_gtls_cert_credentials_t |
455 | sc); | 475 | sc); |
456 | int | 476 | int |
457 | MHD_gnutls_certificate_allocate_credentials (mhd_gtls_cert_credentials_t | 477 | MHD_gnutls_certificate_allocate_credentials (mhd_gtls_cert_credentials_t |
458 | * res); | 478 | * res); |
459 | 479 | ||
460 | void MHD_gnutls_certificate_free_keys (mhd_gtls_cert_credentials_t sc); | 480 | void MHD_gnutls_certificate_free_keys (mhd_gtls_cert_credentials_t sc); |
461 | void MHD_gnutls_certificate_free_cas (mhd_gtls_cert_credentials_t sc); | 481 | void MHD_gnutls_certificate_free_cas (mhd_gtls_cert_credentials_t sc); |
@@ -463,46 +483,50 @@ extern "C" | |||
463 | void MHD_gnutls_certificate_free_crls (mhd_gtls_cert_credentials_t sc); | 483 | void MHD_gnutls_certificate_free_crls (mhd_gtls_cert_credentials_t sc); |
464 | 484 | ||
465 | void MHD_gnutls_certificate_set_dh_params (mhd_gtls_cert_credentials_t res, | 485 | void MHD_gnutls_certificate_set_dh_params (mhd_gtls_cert_credentials_t res, |
466 | mhd_gtls_dh_params_t dh_params); | 486 | mhd_gtls_dh_params_t dh_params); |
467 | void | 487 | void |
468 | MHD_gnutls_certificate_set_rsa_export_params (mhd_gtls_cert_credentials_t | 488 | MHD_gnutls_certificate_set_rsa_export_params (mhd_gtls_cert_credentials_t |
469 | res, | 489 | res, |
470 | mhd_gtls_rsa_params_t rsa_params); | 490 | mhd_gtls_rsa_params_t |
491 | rsa_params); | ||
471 | void MHD_gnutls_certificate_set_verify_flags (mhd_gtls_cert_credentials_t | 492 | void MHD_gnutls_certificate_set_verify_flags (mhd_gtls_cert_credentials_t |
472 | res, unsigned int flags); | 493 | res, unsigned int flags); |
473 | void MHD_gnutls_certificate_set_verify_limits (mhd_gtls_cert_credentials_t | 494 | void MHD_gnutls_certificate_set_verify_limits (mhd_gtls_cert_credentials_t |
474 | res, unsigned int max_bits, | 495 | res, unsigned int max_bits, |
475 | unsigned int max_depth); | 496 | unsigned int max_depth); |
476 | 497 | ||
477 | int MHD_gnutls_certificate_set_x509_trust_file (mhd_gtls_cert_credentials_t | 498 | int MHD_gnutls_certificate_set_x509_trust_file (mhd_gtls_cert_credentials_t |
478 | res, const char *CAFILE, | 499 | res, const char *CAFILE, |
479 | gnutls_x509_crt_fmt_t type); | 500 | gnutls_x509_crt_fmt_t type); |
480 | int MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t | 501 | int MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t |
481 | res, const gnutls_datum_t * CA, | 502 | res, |
482 | gnutls_x509_crt_fmt_t type); | 503 | const gnutls_datum_t * CA, |
504 | gnutls_x509_crt_fmt_t type); | ||
483 | 505 | ||
484 | int MHD_gnutls_certificate_set_x509_crl_file (mhd_gtls_cert_credentials_t | 506 | int MHD_gnutls_certificate_set_x509_crl_file (mhd_gtls_cert_credentials_t |
485 | res, const char *crlfile, | 507 | res, const char *crlfile, |
486 | gnutls_x509_crt_fmt_t type); | 508 | gnutls_x509_crt_fmt_t type); |
487 | int MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t | 509 | int MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t |
488 | res, const gnutls_datum_t * CRL, | 510 | res, |
489 | gnutls_x509_crt_fmt_t type); | 511 | const gnutls_datum_t * CRL, |
512 | gnutls_x509_crt_fmt_t type); | ||
490 | 513 | ||
491 | /* | 514 | /* |
492 | * CERTFILE is an x509 certificate in PEM form. | 515 | * CERTFILE is an x509 certificate in PEM form. |
493 | * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys). | 516 | * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys). |
494 | */ | 517 | */ |
495 | int MHD_gnutls_certificate_set_x509_key_file (mhd_gtls_cert_credentials_t | 518 | int MHD_gnutls_certificate_set_x509_key_file (mhd_gtls_cert_credentials_t |
496 | res, const char *CERTFILE, | 519 | res, const char *CERTFILE, |
497 | const char *KEYFILE, | 520 | const char *KEYFILE, |
498 | gnutls_x509_crt_fmt_t type); | 521 | gnutls_x509_crt_fmt_t type); |
499 | int MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t | 522 | int MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t |
500 | res, const gnutls_datum_t * CERT, | 523 | res, |
501 | const gnutls_datum_t * KEY, | 524 | const gnutls_datum_t * CERT, |
502 | gnutls_x509_crt_fmt_t type); | 525 | const gnutls_datum_t * KEY, |
526 | gnutls_x509_crt_fmt_t type); | ||
503 | 527 | ||
504 | void MHD_gnutls_certificate_send_x509_rdn_sequence (mhd_gtls_session_t session, | 528 | void MHD_gnutls_certificate_send_x509_rdn_sequence (mhd_gtls_session_t |
505 | int status); | 529 | session, int status); |
506 | 530 | ||
507 | /* | 531 | /* |
508 | * New functions to allow setting already parsed X.509 stuff. | 532 | * New functions to allow setting already parsed X.509 stuff. |
@@ -539,12 +563,13 @@ extern "C" | |||
539 | 563 | ||
540 | extern void | 564 | extern void |
541 | MHD_gtls_global_set_mem_functions (gnutls_alloc_function gt_alloc_func, | 565 | MHD_gtls_global_set_mem_functions (gnutls_alloc_function gt_alloc_func, |
542 | gnutls_alloc_function | 566 | gnutls_alloc_function |
543 | gt_secure_alloc_func, | 567 | gt_secure_alloc_func, |
544 | gnutls_is_secure_function | 568 | gnutls_is_secure_function |
545 | gt_is_secure_func, | 569 | gt_is_secure_func, |
546 | gnutls_realloc_function gt_realloc_func, | 570 | gnutls_realloc_function |
547 | gnutls_free_function gt_free_func); | 571 | gt_realloc_func, |
572 | gnutls_free_function gt_free_func); | ||
548 | 573 | ||
549 | /* For use in callbacks */ | 574 | /* For use in callbacks */ |
550 | extern gnutls_alloc_function gnutls_malloc; | 575 | extern gnutls_alloc_function gnutls_malloc; |
@@ -565,7 +590,7 @@ extern "C" | |||
565 | int MHD_gnutls_dh_params_init (mhd_gtls_dh_params_t * dh_params); | 590 | int MHD_gnutls_dh_params_init (mhd_gtls_dh_params_t * dh_params); |
566 | void MHD_gnutls_dh_params_deinit (mhd_gtls_dh_params_t dh_params); | 591 | void MHD_gnutls_dh_params_deinit (mhd_gtls_dh_params_t dh_params); |
567 | int MHD_gnutls_dh_params_generate2 (mhd_gtls_dh_params_t params, | 592 | int MHD_gnutls_dh_params_generate2 (mhd_gtls_dh_params_t params, |
568 | unsigned int bits); | 593 | unsigned int bits); |
569 | // int MHD_gnutls_dh_params_import_raw (mhd_gtls_dh_params_t dh_params, | 594 | // int MHD_gnutls_dh_params_import_raw (mhd_gtls_dh_params_t dh_params, |
570 | // const gnutls_datum_t * prime, | 595 | // const gnutls_datum_t * prime, |
571 | // const gnutls_datum_t * generator); | 596 | // const gnutls_datum_t * generator); |
@@ -586,7 +611,7 @@ extern "C" | |||
586 | int MHD_gnutls_rsa_params_init (mhd_gtls_rsa_params_t * rsa_params); | 611 | int MHD_gnutls_rsa_params_init (mhd_gtls_rsa_params_t * rsa_params); |
587 | void MHD_gnutls_rsa_params_deinit (mhd_gtls_rsa_params_t rsa_params); | 612 | void MHD_gnutls_rsa_params_deinit (mhd_gtls_rsa_params_t rsa_params); |
588 | int MHD_gnutls_rsa_params_generate2 (mhd_gtls_rsa_params_t params, | 613 | int MHD_gnutls_rsa_params_generate2 (mhd_gtls_rsa_params_t params, |
589 | unsigned int bits); | 614 | unsigned int bits); |
590 | 615 | ||
591 | // int gnutls_rsa_params_import_raw (mhd_gtls_rsa_params_t rsa_params, | 616 | // int gnutls_rsa_params_import_raw (mhd_gtls_rsa_params_t rsa_params, |
592 | // const gnutls_datum_t * m, | 617 | // const gnutls_datum_t * m, |
@@ -604,23 +629,23 @@ extern "C" | |||
604 | /* | 629 | /* |
605 | * Session stuff | 630 | * Session stuff |
606 | */ | 631 | */ |
607 | typedef ssize_t (* mhd_gtls_pull_func) (gnutls_transport_ptr_t, void *, | 632 | typedef ssize_t (*mhd_gtls_pull_func) (gnutls_transport_ptr_t, void *, |
608 | size_t); | 633 | size_t); |
609 | typedef ssize_t (* mhd_gtls_push_func) (gnutls_transport_ptr_t, const void *, | 634 | typedef ssize_t (*mhd_gtls_push_func) (gnutls_transport_ptr_t, const void *, |
610 | size_t); | 635 | size_t); |
611 | void MHD_gnutls_transport_set_ptr (mhd_gtls_session_t session, | 636 | void MHD_gnutls_transport_set_ptr (mhd_gtls_session_t session, |
612 | gnutls_transport_ptr_t ptr); | 637 | gnutls_transport_ptr_t ptr); |
613 | void MHD_gnutls_transport_set_ptr2 (mhd_gtls_session_t session, | 638 | void MHD_gnutls_transport_set_ptr2 (mhd_gtls_session_t session, |
614 | gnutls_transport_ptr_t recv_ptr, | 639 | gnutls_transport_ptr_t recv_ptr, |
615 | gnutls_transport_ptr_t send_ptr); | 640 | gnutls_transport_ptr_t send_ptr); |
616 | 641 | ||
617 | void MHD_gnutls_transport_set_lowat (mhd_gtls_session_t session, int num); | 642 | void MHD_gnutls_transport_set_lowat (mhd_gtls_session_t session, int num); |
618 | 643 | ||
619 | 644 | ||
620 | void MHD_gnutls_transport_set_push_function (mhd_gtls_session_t session, | 645 | void MHD_gnutls_transport_set_push_function (mhd_gtls_session_t session, |
621 | mhd_gtls_push_func push_func); | 646 | mhd_gtls_push_func push_func); |
622 | void MHD_gnutls_transport_set_pull_function (mhd_gtls_session_t session, | 647 | void MHD_gnutls_transport_set_pull_function (mhd_gtls_session_t session, |
623 | mhd_gtls_pull_func pull_func); | 648 | mhd_gtls_pull_func pull_func); |
624 | 649 | ||
625 | void MHD_gnutls_transport_set_errno (mhd_gtls_session_t session, int err); | 650 | void MHD_gnutls_transport_set_errno (mhd_gtls_session_t session, int err); |
626 | void MHD_gnutls_transport_set_global_errno (int err); | 651 | void MHD_gnutls_transport_set_global_errno (int err); |
@@ -629,14 +654,14 @@ extern "C" | |||
629 | * session specific | 654 | * session specific |
630 | */ | 655 | */ |
631 | void MHD_gnutls_session_set_ptr (mhd_gtls_session_t session, void *ptr); | 656 | void MHD_gnutls_session_set_ptr (mhd_gtls_session_t session, void *ptr); |
632 | void * MHD_gtls_session_get_ptr (mhd_gtls_session_t session); | 657 | void *MHD_gtls_session_get_ptr (mhd_gtls_session_t session); |
633 | 658 | ||
634 | /* | 659 | /* |
635 | * this function returns the hash of the given data. | 660 | * this function returns the hash of the given data. |
636 | */ | 661 | */ |
637 | int MHD_gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo, | 662 | int MHD_gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo, |
638 | const gnutls_datum_t * data, void *result, | 663 | const gnutls_datum_t * data, void *result, |
639 | size_t * result_size); | 664 | size_t * result_size); |
640 | 665 | ||
641 | /* | 666 | /* |
642 | * SRP | 667 | * SRP |
@@ -810,8 +835,9 @@ extern "C" | |||
810 | req_ca_rdn, | 835 | req_ca_rdn, |
811 | int nreqs, | 836 | int nreqs, |
812 | const | 837 | const |
813 | enum MHD_GNUTLS_PublicKeyAlgorithm | 838 | enum |
814 | * pk_algos, | 839 | MHD_GNUTLS_PublicKeyAlgorithm |
840 | *pk_algos, | ||
815 | int | 841 | int |
816 | pk_algos_length, | 842 | pk_algos_length, |
817 | gnutls_retr_st *); | 843 | gnutls_retr_st *); |
@@ -822,31 +848,34 @@ extern "C" | |||
822 | /* | 848 | /* |
823 | * Functions that allow auth_info_t structures handling | 849 | * Functions that allow auth_info_t structures handling |
824 | */ | 850 | */ |
825 | enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_get_type (mhd_gtls_session_t session); | 851 | enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_get_type (mhd_gtls_session_t |
826 | enum MHD_GNUTLS_CredentialsType | 852 | session); |
853 | enum MHD_GNUTLS_CredentialsType | ||
827 | MHD_gtls_auth_server_get_type (mhd_gtls_session_t session); | 854 | MHD_gtls_auth_server_get_type (mhd_gtls_session_t session); |
828 | enum MHD_GNUTLS_CredentialsType | 855 | enum MHD_GNUTLS_CredentialsType |
829 | MHD_gtls_auth_client_get_type (mhd_gtls_session_t session); | 856 | MHD_gtls_auth_client_get_type (mhd_gtls_session_t session); |
830 | 857 | ||
831 | /* | 858 | /* |
832 | * DH | 859 | * DH |
833 | */ | 860 | */ |
834 | void MHD_gnutls_dh_set_prime_bits (mhd_gtls_session_t session, unsigned int bits); | 861 | void MHD_gnutls_dh_set_prime_bits (mhd_gtls_session_t session, |
862 | unsigned int bits); | ||
835 | int MHD_gnutls_dh_get_secret_bits (mhd_gtls_session_t session); | 863 | int MHD_gnutls_dh_get_secret_bits (mhd_gtls_session_t session); |
836 | int MHD_gnutls_dh_get_peers_public_bits (mhd_gtls_session_t session); | 864 | int MHD_gnutls_dh_get_peers_public_bits (mhd_gtls_session_t session); |
837 | int MHD_gnutls_dh_get_prime_bits (mhd_gtls_session_t session); | 865 | int MHD_gnutls_dh_get_prime_bits (mhd_gtls_session_t session); |
838 | 866 | ||
839 | int MHD_gnutls_dh_get_group (mhd_gtls_session_t session, gnutls_datum_t * raw_gen, | 867 | int MHD_gnutls_dh_get_group (mhd_gtls_session_t session, |
840 | gnutls_datum_t * raw_prime); | 868 | gnutls_datum_t * raw_gen, |
869 | gnutls_datum_t * raw_prime); | ||
841 | int MHD_gnutls_dh_get_pubkey (mhd_gtls_session_t session, | 870 | int MHD_gnutls_dh_get_pubkey (mhd_gtls_session_t session, |
842 | gnutls_datum_t * raw_key); | 871 | gnutls_datum_t * raw_key); |
843 | 872 | ||
844 | /* | 873 | /* |
845 | * RSA | 874 | * RSA |
846 | */ | 875 | */ |
847 | int MHD_gtls_rsa_export_get_pubkey (mhd_gtls_session_t session, | 876 | int MHD_gtls_rsa_export_get_pubkey (mhd_gtls_session_t session, |
848 | gnutls_datum_t * exponent, | 877 | gnutls_datum_t * exponent, |
849 | gnutls_datum_t * modulus); | 878 | gnutls_datum_t * modulus); |
850 | int MHD_gtls_rsa_export_get_modulus_bits (mhd_gtls_session_t session); | 879 | int MHD_gtls_rsa_export_get_modulus_bits (mhd_gtls_session_t session); |
851 | 880 | ||
852 | /* External signing callback. Experimental. */ | 881 | /* External signing callback. Experimental. */ |
@@ -858,9 +887,10 @@ extern "C" | |||
858 | gnutls_datum_t * signature); | 887 | gnutls_datum_t * signature); |
859 | 888 | ||
860 | void MHD_gtls_sign_callback_set (mhd_gtls_session_t session, | 889 | void MHD_gtls_sign_callback_set (mhd_gtls_session_t session, |
861 | gnutls_sign_func sign_func, void *userdata); | 890 | gnutls_sign_func sign_func, |
862 | gnutls_sign_func | 891 | void *userdata); |
863 | MHD_gtls_sign_callback_get (mhd_gtls_session_t session, void **userdata); | 892 | gnutls_sign_func MHD_gtls_sign_callback_get (mhd_gtls_session_t session, |
893 | void **userdata); | ||
864 | 894 | ||
865 | /* These are set on the credentials structure. | 895 | /* These are set on the credentials structure. |
866 | */ | 896 | */ |
@@ -872,39 +902,44 @@ extern "C" | |||
872 | gnutls_certificate_server_retrieve_function * func); | 902 | gnutls_certificate_server_retrieve_function * func); |
873 | 903 | ||
874 | void MHD_gtls_certificate_server_set_request (mhd_gtls_session_t session, | 904 | void MHD_gtls_certificate_server_set_request (mhd_gtls_session_t session, |
875 | gnutls_certificate_request_t | 905 | gnutls_certificate_request_t |
876 | req); | 906 | req); |
877 | 907 | ||
878 | /* get data from the session */ | 908 | /* get data from the session */ |
879 | const gnutls_datum_t * MHD_gtls_certificate_get_peers (mhd_gtls_session_t | 909 | const gnutls_datum_t *MHD_gtls_certificate_get_peers (mhd_gtls_session_t |
880 | session, | 910 | session, |
881 | unsigned int | 911 | unsigned int |
882 | *list_size); | 912 | *list_size); |
883 | const gnutls_datum_t * MHD_gtls_certificate_get_ours (mhd_gtls_session_t | 913 | const gnutls_datum_t *MHD_gtls_certificate_get_ours (mhd_gtls_session_t |
914 | session); | ||
915 | |||
916 | time_t MHD_gtls_certificate_activation_time_peers (mhd_gtls_session_t | ||
917 | session); | ||
918 | time_t MHD_gtls_certificate_expiration_time_peers (mhd_gtls_session_t | ||
884 | session); | 919 | session); |
885 | 920 | ||
886 | time_t MHD_gtls_certificate_activation_time_peers (mhd_gtls_session_t session); | 921 | int MHD_gtls_certificate_client_get_request_status (mhd_gtls_session_t |
887 | time_t MHD_gtls_certificate_expiration_time_peers (mhd_gtls_session_t session); | 922 | session); |
888 | |||
889 | int MHD_gtls_certificate_client_get_request_status (mhd_gtls_session_t session); | ||
890 | int MHD_gtls_certificate_verify_peers2 (mhd_gtls_session_t session, | 923 | int MHD_gtls_certificate_verify_peers2 (mhd_gtls_session_t session, |
891 | unsigned int *status); | 924 | unsigned int *status); |
892 | 925 | ||
893 | /* this is obsolete (?). */ | 926 | /* this is obsolete (?). */ |
894 | int MHD_gtls_certificate_verify_peers (mhd_gtls_session_t session); | 927 | int MHD_gtls_certificate_verify_peers (mhd_gtls_session_t session); |
895 | 928 | ||
896 | int MHD_gtls_pem_base64_encode (const char *msg, const gnutls_datum_t * data, | 929 | int MHD_gtls_pem_base64_encode (const char *msg, |
897 | char *result, size_t * result_size); | 930 | const gnutls_datum_t * data, char *result, |
931 | size_t * result_size); | ||
898 | int MHD_gtls_pem_base64_decode (const char *header, | 932 | int MHD_gtls_pem_base64_decode (const char *header, |
899 | const gnutls_datum_t * b64_data, | 933 | const gnutls_datum_t * b64_data, |
900 | unsigned char *result, size_t * result_size); | 934 | unsigned char *result, |
935 | size_t * result_size); | ||
901 | 936 | ||
902 | int MHD_gtls_pem_base64_encode_alloc (const char *msg, | 937 | int MHD_gtls_pem_base64_encode_alloc (const char *msg, |
903 | const gnutls_datum_t * data, | 938 | const gnutls_datum_t * data, |
904 | gnutls_datum_t * result); | 939 | gnutls_datum_t * result); |
905 | int MHD_gtls_pem_base64_decode_alloc (const char *header, | 940 | int MHD_gtls_pem_base64_decode_alloc (const char *header, |
906 | const gnutls_datum_t * b64_data, | 941 | const gnutls_datum_t * b64_data, |
907 | gnutls_datum_t * result); | 942 | gnutls_datum_t * result); |
908 | 943 | ||
909 | // void | 944 | // void |
910 | // gnutls_certificate_set_params_function (mhd_gtls_cert_credentials_t | 945 | // gnutls_certificate_set_params_function (mhd_gtls_cert_credentials_t |
diff --git a/src/daemon/https/lgl/des.h b/src/daemon/https/lgl/des.h index fdc8686f..a80ede84 100644 --- a/src/daemon/https/lgl/des.h +++ b/src/daemon/https/lgl/des.h | |||
@@ -47,8 +47,7 @@ typedef struct | |||
47 | 47 | ||
48 | /* Check whether the 8 byte key is weak. Does not check the parity | 48 | /* Check whether the 8 byte key is weak. Does not check the parity |
49 | * bits of the key but simple ignore them. */ | 49 | * bits of the key but simple ignore them. */ |
50 | extern bool | 50 | extern bool gl_des_is_weak_key (const char *key); |
51 | gl_des_is_weak_key (const char * key); | ||
52 | 51 | ||
53 | /* | 52 | /* |
54 | * DES | 53 | * DES |
@@ -58,19 +57,17 @@ gl_des_is_weak_key (const char * key); | |||
58 | /* Fill a DES context CTX with subkeys calculated from 64bit KEY. | 57 | /* Fill a DES context CTX with subkeys calculated from 64bit KEY. |
59 | * Does not check parity bits, but simply ignore them. Does not check | 58 | * Does not check parity bits, but simply ignore them. Does not check |
60 | * for weak keys. */ | 59 | * for weak keys. */ |
61 | extern void | 60 | extern void gl_des_setkey (gl_des_ctx * ctx, const char *key); |
62 | gl_des_setkey (gl_des_ctx *ctx, const char * key); | ||
63 | 61 | ||
64 | /* Fill a DES context CTX with subkeys calculated from 64bit KEY, with | 62 | /* Fill a DES context CTX with subkeys calculated from 64bit KEY, with |
65 | * weak key checking. Does not check parity bits, but simply ignore | 63 | * weak key checking. Does not check parity bits, but simply ignore |
66 | * them. */ | 64 | * them. */ |
67 | extern bool | 65 | extern bool gl_des_makekey (gl_des_ctx * ctx, const char *key, size_t keylen); |
68 | gl_des_makekey (gl_des_ctx *ctx, const char * key, size_t keylen); | ||
69 | 66 | ||
70 | /* Electronic Codebook Mode DES encryption/decryption of data | 67 | /* Electronic Codebook Mode DES encryption/decryption of data |
71 | * according to 'mode'. */ | 68 | * according to 'mode'. */ |
72 | extern void | 69 | extern void |
73 | gl_des_ecb_crypt (gl_des_ctx *ctx, const char * from, char * to, int mode); | 70 | gl_des_ecb_crypt (gl_des_ctx * ctx, const char *from, char *to, int mode); |
74 | 71 | ||
75 | #define gl_des_ecb_encrypt(ctx, from, to) gl_des_ecb_crypt(ctx, from, to, 0) | 72 | #define gl_des_ecb_encrypt(ctx, from, to) gl_des_ecb_crypt(ctx, from, to, 0) |
76 | #define gl_des_ecb_decrypt(ctx, from, to) gl_des_ecb_crypt(ctx, from, to, 1) | 73 | #define gl_des_ecb_decrypt(ctx, from, to) gl_des_ecb_crypt(ctx, from, to, 1) |
@@ -83,9 +80,7 @@ gl_des_ecb_crypt (gl_des_ctx *ctx, const char * from, char * to, int mode); | |||
83 | * 64bit keys in KEY1 and KEY2. Does not check the parity bits of the | 80 | * 64bit keys in KEY1 and KEY2. Does not check the parity bits of the |
84 | * keys, but simply ignore them. Does not check for weak keys. */ | 81 | * keys, but simply ignore them. Does not check for weak keys. */ |
85 | extern void | 82 | extern void |
86 | gl_3des_set2keys (gl_3des_ctx *ctx, | 83 | gl_3des_set2keys (gl_3des_ctx * ctx, const char *key1, const char *key2); |
87 | const char * key1, | ||
88 | const char * key2); | ||
89 | 84 | ||
90 | /* | 85 | /* |
91 | * Fill a Triple-DES context CTX with subkeys calculated from three | 86 | * Fill a Triple-DES context CTX with subkeys calculated from three |
@@ -93,27 +88,20 @@ gl_3des_set2keys (gl_3des_ctx *ctx, | |||
93 | * of the keys, but simply ignore them. Does not check for weak | 88 | * of the keys, but simply ignore them. Does not check for weak |
94 | * keys. */ | 89 | * keys. */ |
95 | extern void | 90 | extern void |
96 | gl_3des_set3keys (gl_3des_ctx *ctx, | 91 | gl_3des_set3keys (gl_3des_ctx * ctx, |
97 | const char * key1, | 92 | const char *key1, const char *key2, const char *key3); |
98 | const char * key2, | ||
99 | const char * key3); | ||
100 | 93 | ||
101 | /* Fill a Triple-DES context CTX with subkeys calculated from three | 94 | /* Fill a Triple-DES context CTX with subkeys calculated from three |
102 | * concatenated 64bit keys in KEY, with weak key checking. Does not | 95 | * concatenated 64bit keys in KEY, with weak key checking. Does not |
103 | * check the parity bits of the keys, but simply ignore them. */ | 96 | * check the parity bits of the keys, but simply ignore them. */ |
104 | extern bool | 97 | extern bool |
105 | gl_3des_makekey (gl_3des_ctx *ctx, | 98 | gl_3des_makekey (gl_3des_ctx * ctx, const char *key, size_t keylen); |
106 | const char * key, | ||
107 | size_t keylen); | ||
108 | 99 | ||
109 | /* Electronic Codebook Mode Triple-DES encryption/decryption of data | 100 | /* Electronic Codebook Mode Triple-DES encryption/decryption of data |
110 | * according to 'mode'. Sometimes this mode is named 'EDE' mode | 101 | * according to 'mode'. Sometimes this mode is named 'EDE' mode |
111 | * (Encryption-Decryption-Encryption). */ | 102 | * (Encryption-Decryption-Encryption). */ |
112 | extern void | 103 | extern void |
113 | gl_3des_ecb_crypt (gl_3des_ctx *ctx, | 104 | gl_3des_ecb_crypt (gl_3des_ctx * ctx, const char *from, char *to, int mode); |
114 | const char * from, | ||
115 | char * to, | ||
116 | int mode); | ||
117 | 105 | ||
118 | #define gl_3des_ecb_encrypt(ctx, from, to) gl_3des_ecb_crypt(ctx,from,to,0) | 106 | #define gl_3des_ecb_encrypt(ctx, from, to) gl_3des_ecb_crypt(ctx,from,to,0) |
119 | #define gl_3des_ecb_decrypt(ctx, from, to) gl_3des_ecb_crypt(ctx,from,to,1) | 107 | #define gl_3des_ecb_decrypt(ctx, from, to) gl_3des_ecb_crypt(ctx,from,to,1) |
diff --git a/src/daemon/https/lgl/gc.h b/src/daemon/https/lgl/gc.h index 688e624a..1e1f808c 100644 --- a/src/daemon/https/lgl/gc.h +++ b/src/daemon/https/lgl/gc.h | |||
@@ -25,37 +25,37 @@ | |||
25 | # include <stddef.h> | 25 | # include <stddef.h> |
26 | 26 | ||
27 | enum Gc_rc | 27 | enum Gc_rc |
28 | { | 28 | { |
29 | GC_OK = 0, | 29 | GC_OK = 0, |
30 | GC_MALLOC_ERROR, | 30 | GC_MALLOC_ERROR, |
31 | GC_INIT_ERROR, | 31 | GC_INIT_ERROR, |
32 | GC_RANDOM_ERROR, | 32 | GC_RANDOM_ERROR, |
33 | GC_INVALID_CIPHER, | 33 | GC_INVALID_CIPHER, |
34 | GC_INVALID_HASH, | 34 | GC_INVALID_HASH, |
35 | GC_PKCS5_INVALID_ITERATION_COUNT, | 35 | GC_PKCS5_INVALID_ITERATION_COUNT, |
36 | GC_PKCS5_INVALID_DERIVED_KEY_LENGTH, | 36 | GC_PKCS5_INVALID_DERIVED_KEY_LENGTH, |
37 | GC_PKCS5_DERIVED_KEY_TOO_LONG | 37 | GC_PKCS5_DERIVED_KEY_TOO_LONG |
38 | }; | 38 | }; |
39 | typedef enum Gc_rc Gc_rc; | 39 | typedef enum Gc_rc Gc_rc; |
40 | 40 | ||
41 | /* Hash types. */ | 41 | /* Hash types. */ |
42 | enum Gc_hash | 42 | enum Gc_hash |
43 | { | 43 | { |
44 | GC_MD4, | 44 | GC_MD4, |
45 | GC_MD5, | 45 | GC_MD5, |
46 | GC_SHA1, | 46 | GC_SHA1, |
47 | GC_MD2, | 47 | GC_MD2, |
48 | GC_RMD160, | 48 | GC_RMD160, |
49 | GC_SHA256, | 49 | GC_SHA256, |
50 | GC_SHA384, | 50 | GC_SHA384, |
51 | GC_SHA512 | 51 | GC_SHA512 |
52 | }; | 52 | }; |
53 | typedef enum Gc_hash Gc_hash; | 53 | typedef enum Gc_hash Gc_hash; |
54 | 54 | ||
55 | enum Gc_hash_mode | 55 | enum Gc_hash_mode |
56 | { | 56 | { |
57 | GC_HMAC = 1 | 57 | GC_HMAC = 1 |
58 | }; | 58 | }; |
59 | typedef enum Gc_hash_mode Gc_hash_mode; | 59 | typedef enum Gc_hash_mode Gc_hash_mode; |
60 | 60 | ||
61 | typedef void *gc_hash_handle; | 61 | typedef void *gc_hash_handle; |
@@ -71,88 +71,71 @@ typedef void *gc_hash_handle; | |||
71 | 71 | ||
72 | /* Cipher types. */ | 72 | /* Cipher types. */ |
73 | enum Gc_cipher | 73 | enum Gc_cipher |
74 | { | 74 | { |
75 | GC_AES128, | 75 | GC_AES128, |
76 | GC_AES192, | 76 | GC_AES192, |
77 | GC_AES256, | 77 | GC_AES256, |
78 | GC_3DES, | 78 | GC_3DES, |
79 | GC_DES, | 79 | GC_DES, |
80 | GC_ARCFOUR128, | 80 | GC_ARCFOUR128, |
81 | GC_ARCFOUR40, | 81 | GC_ARCFOUR40, |
82 | GC_ARCTWO40, | 82 | GC_ARCTWO40, |
83 | GC_CAMELLIA128, | 83 | GC_CAMELLIA128, |
84 | GC_CAMELLIA256 | 84 | GC_CAMELLIA256 |
85 | }; | 85 | }; |
86 | typedef enum Gc_cipher Gc_cipher; | 86 | typedef enum Gc_cipher Gc_cipher; |
87 | 87 | ||
88 | enum Gc_cipher_mode | 88 | enum Gc_cipher_mode |
89 | { | 89 | { |
90 | GC_ECB, | 90 | GC_ECB, |
91 | GC_CBC, | 91 | GC_CBC, |
92 | GC_STREAM | 92 | GC_STREAM |
93 | }; | 93 | }; |
94 | typedef enum Gc_cipher_mode Gc_cipher_mode; | 94 | typedef enum Gc_cipher_mode Gc_cipher_mode; |
95 | 95 | ||
96 | typedef void * gc_cipher_handle; | 96 | typedef void *gc_cipher_handle; |
97 | 97 | ||
98 | /* Call before respectively after any other functions. */ | 98 | /* Call before respectively after any other functions. */ |
99 | Gc_rc gc_init(void); | 99 | Gc_rc gc_init (void); |
100 | void gc_done(void); | 100 | void gc_done (void); |
101 | 101 | ||
102 | /* Memory allocation (avoid). */ | 102 | /* Memory allocation (avoid). */ |
103 | typedef void *(*gc_malloc_t)(size_t n); | 103 | typedef void *(*gc_malloc_t) (size_t n); |
104 | typedef int (*gc_secure_check_t)(const void *); | 104 | typedef int (*gc_secure_check_t) (const void *); |
105 | typedef void *(*gc_realloc_t)(void *p, | 105 | typedef void *(*gc_realloc_t) (void *p, size_t n); |
106 | size_t n); | 106 | typedef void (*gc_free_t) (void *); |
107 | typedef void (*gc_free_t)(void *); | 107 | void gc_set_allocators (gc_malloc_t func_malloc, |
108 | void gc_set_allocators(gc_malloc_t func_malloc, | 108 | gc_malloc_t secure_malloc, |
109 | gc_malloc_t secure_malloc, | 109 | gc_secure_check_t secure_check, |
110 | gc_secure_check_t secure_check, | 110 | gc_realloc_t func_realloc, gc_free_t func_free); |
111 | gc_realloc_t func_realloc, | ||
112 | gc_free_t func_free); | ||
113 | 111 | ||
114 | /* Randomness. */ | 112 | /* Randomness. */ |
115 | Gc_rc gc_nonce(char *data, | 113 | Gc_rc gc_nonce (char *data, size_t datalen); |
116 | size_t datalen); | 114 | Gc_rc gc_pseudo_random (char *data, size_t datalen); |
117 | Gc_rc gc_pseudo_random(char *data, | 115 | Gc_rc gc_random (char *data, size_t datalen); |
118 | size_t datalen); | ||
119 | Gc_rc gc_random(char *data, | ||
120 | size_t datalen); | ||
121 | 116 | ||
122 | /* Ciphers. */ | 117 | /* Ciphers. */ |
123 | Gc_rc gc_cipher_open(Gc_cipher cipher, | 118 | Gc_rc gc_cipher_open (Gc_cipher cipher, |
124 | Gc_cipher_mode mode, | 119 | Gc_cipher_mode mode, gc_cipher_handle * outhandle); |
125 | gc_cipher_handle *outhandle); | 120 | Gc_rc gc_cipher_setkey (gc_cipher_handle handle, |
126 | Gc_rc gc_cipher_setkey(gc_cipher_handle handle, | 121 | size_t keylen, const char *key); |
127 | size_t keylen, | 122 | Gc_rc gc_cipher_setiv (gc_cipher_handle handle, size_t ivlen, const char *iv); |
128 | const char *key); | 123 | Gc_rc gc_cipher_encrypt_inline (gc_cipher_handle handle, |
129 | Gc_rc gc_cipher_setiv(gc_cipher_handle handle, | 124 | size_t len, char *data); |
130 | size_t ivlen, | 125 | Gc_rc gc_cipher_decrypt_inline (gc_cipher_handle handle, |
131 | const char *iv); | 126 | size_t len, char *data); |
132 | Gc_rc gc_cipher_encrypt_inline(gc_cipher_handle handle, | 127 | Gc_rc gc_cipher_close (gc_cipher_handle handle); |
133 | size_t len, | ||
134 | char *data); | ||
135 | Gc_rc gc_cipher_decrypt_inline(gc_cipher_handle handle, | ||
136 | size_t len, | ||
137 | char *data); | ||
138 | Gc_rc gc_cipher_close(gc_cipher_handle handle); | ||
139 | 128 | ||
140 | /* Hashes. */ | 129 | /* Hashes. */ |
141 | 130 | ||
142 | Gc_rc gc_hash_open(Gc_hash hash, | 131 | Gc_rc gc_hash_open (Gc_hash hash, |
143 | Gc_hash_mode mode, | 132 | Gc_hash_mode mode, gc_hash_handle * outhandle); |
144 | gc_hash_handle *outhandle); | 133 | Gc_rc gc_hash_clone (gc_hash_handle handle, gc_hash_handle * outhandle); |
145 | Gc_rc gc_hash_clone(gc_hash_handle handle, | 134 | size_t gc_hash_digest_length (Gc_hash hash); |
146 | gc_hash_handle *outhandle); | 135 | void gc_hash_hmac_setkey (gc_hash_handle handle, size_t len, const char *key); |
147 | size_t gc_hash_digest_length(Gc_hash hash); | 136 | void gc_hash_write (gc_hash_handle handle, size_t len, const char *data); |
148 | void gc_hash_hmac_setkey(gc_hash_handle handle, | 137 | const char *gc_hash_read (gc_hash_handle handle); |
149 | size_t len, | 138 | void gc_hash_close (gc_hash_handle handle); |
150 | const char *key); | ||
151 | void gc_hash_write(gc_hash_handle handle, | ||
152 | size_t len, | ||
153 | const char *data); | ||
154 | const char *gc_hash_read(gc_hash_handle handle); | ||
155 | void gc_hash_close(gc_hash_handle handle); | ||
156 | 139 | ||
157 | /* Compute a hash value over buffer IN of INLEN bytes size using the | 140 | /* Compute a hash value over buffer IN of INLEN bytes size using the |
158 | algorithm HASH, placing the result in the pre-allocated buffer OUT. | 141 | algorithm HASH, placing the result in the pre-allocated buffer OUT. |
@@ -160,34 +143,18 @@ void gc_hash_close(gc_hash_handle handle); | |||
160 | GC_<HASH>_DIGEST_SIZE. For example, for GC_MD5 the output buffer | 143 | GC_<HASH>_DIGEST_SIZE. For example, for GC_MD5 the output buffer |
161 | must be 16 bytes. The return value is 0 (GC_OK) on success, or | 144 | must be 16 bytes. The return value is 0 (GC_OK) on success, or |
162 | another Gc_rc error code. */ | 145 | another Gc_rc error code. */ |
163 | Gc_rc gc_hash_buffer(Gc_hash hash, | 146 | Gc_rc gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *out); |
164 | const void *in, | ||
165 | size_t inlen, | ||
166 | char *out); | ||
167 | 147 | ||
168 | /* One-call interface. */ | 148 | /* One-call interface. */ |
169 | Gc_rc gc_md2(const void *in, | 149 | Gc_rc gc_md2 (const void *in, size_t inlen, void *resbuf); |
170 | size_t inlen, | 150 | Gc_rc gc_md4 (const void *in, size_t inlen, void *resbuf); |
171 | void *resbuf); | 151 | Gc_rc gc_md5 (const void *in, size_t inlen, void *resbuf); |
172 | Gc_rc gc_md4(const void *in, | 152 | Gc_rc gc_sha1 (const void *in, size_t inlen, void *resbuf); |
173 | size_t inlen, | 153 | Gc_rc gc_hmac_md5 (const void *key, |
174 | void *resbuf); | 154 | size_t keylen, const void *in, size_t inlen, char *resbuf); |
175 | Gc_rc gc_md5(const void *in, | 155 | Gc_rc gc_hmac_sha1 (const void *key, |
176 | size_t inlen, | 156 | size_t keylen, |
177 | void *resbuf); | 157 | const void *in, size_t inlen, char *resbuf); |
178 | Gc_rc gc_sha1(const void *in, | ||
179 | size_t inlen, | ||
180 | void *resbuf); | ||
181 | Gc_rc gc_hmac_md5(const void *key, | ||
182 | size_t keylen, | ||
183 | const void *in, | ||
184 | size_t inlen, | ||
185 | char *resbuf); | ||
186 | Gc_rc gc_hmac_sha1(const void *key, | ||
187 | size_t keylen, | ||
188 | const void *in, | ||
189 | size_t inlen, | ||
190 | char *resbuf); | ||
191 | 158 | ||
192 | /* Derive cryptographic keys from a password P of length PLEN, with | 159 | /* Derive cryptographic keys from a password P of length PLEN, with |
193 | salt S of length SLEN, placing the result in pre-allocated buffer | 160 | salt S of length SLEN, placing the result in pre-allocated buffer |
@@ -196,13 +163,10 @@ Gc_rc gc_hmac_sha1(const void *key, | |||
196 | counts are 1000-20000). This function "stretches" the key to be | 163 | counts are 1000-20000). This function "stretches" the key to be |
197 | exactly dkLen bytes long. GC_OK is returned on success, otherwise | 164 | exactly dkLen bytes long. GC_OK is returned on success, otherwise |
198 | an Gc_rc error code is returned. */ | 165 | an Gc_rc error code is returned. */ |
199 | Gc_rc gc_pbkdf2_sha1(const char *P, | 166 | Gc_rc gc_pbkdf2_sha1 (const char *P, |
200 | size_t Plen, | 167 | size_t Plen, |
201 | const char *S, | 168 | const char *S, |
202 | size_t Slen, | 169 | size_t Slen, unsigned int c, char *DK, size_t dkLen); |
203 | unsigned int c, | ||
204 | char *DK, | ||
205 | size_t dkLen); | ||
206 | 170 | ||
207 | /* | 171 | /* |
208 | TODO: | 172 | TODO: |
diff --git a/src/daemon/https/lgl/gettext.h b/src/daemon/https/lgl/gettext.h index bd214d5c..75a3eb1d 100644 --- a/src/daemon/https/lgl/gettext.h +++ b/src/daemon/https/lgl/gettext.h | |||
@@ -131,8 +131,7 @@ inline | |||
131 | #endif | 131 | #endif |
132 | static const char * | 132 | static const char * |
133 | pgettext_aux (const char *domain, | 133 | pgettext_aux (const char *domain, |
134 | const char *msg_ctxt_id, const char *msgid, | 134 | const char *msg_ctxt_id, const char *msgid, int category) |
135 | int category) | ||
136 | { | 135 | { |
137 | const char *translation = dcgettext (domain, msg_ctxt_id, category); | 136 | const char *translation = dcgettext (domain, msg_ctxt_id, category); |
138 | if (translation == msg_ctxt_id) | 137 | if (translation == msg_ctxt_id) |
@@ -150,9 +149,8 @@ inline | |||
150 | #endif | 149 | #endif |
151 | static const char * | 150 | static const char * |
152 | npgettext_aux (const char *domain, | 151 | npgettext_aux (const char *domain, |
153 | const char *msg_ctxt_id, const char *msgid, | 152 | const char *msg_ctxt_id, const char *msgid, |
154 | const char *msgid_plural, unsigned long int n, | 153 | const char *msgid_plural, unsigned long int n, int category) |
155 | int category) | ||
156 | { | 154 | { |
157 | const char *translation = | 155 | const char *translation = |
158 | dcngettext (domain, msg_ctxt_id, msgid_plural, n, category); | 156 | dcngettext (domain, msg_ctxt_id, msgid_plural, n, category); |
@@ -190,8 +188,7 @@ inline | |||
190 | #endif | 188 | #endif |
191 | static const char * | 189 | static const char * |
192 | dcpgettext_expr (const char *domain, | 190 | dcpgettext_expr (const char *domain, |
193 | const char *msgctxt, const char *msgid, | 191 | const char *msgctxt, const char *msgid, int category) |
194 | int category) | ||
195 | { | 192 | { |
196 | size_t msgctxt_len = strlen (msgctxt) + 1; | 193 | size_t msgctxt_len = strlen (msgctxt) + 1; |
197 | size_t msgid_len = strlen (msgid) + 1; | 194 | size_t msgid_len = strlen (msgid) + 1; |
@@ -202,8 +199,7 @@ dcpgettext_expr (const char *domain, | |||
202 | char buf[1024]; | 199 | char buf[1024]; |
203 | char *msg_ctxt_id = | 200 | char *msg_ctxt_id = |
204 | (msgctxt_len + msgid_len <= sizeof (buf) | 201 | (msgctxt_len + msgid_len <= sizeof (buf) |
205 | ? buf | 202 | ? buf : (char *) malloc (msgctxt_len + msgid_len)); |
206 | : (char *) malloc (msgctxt_len + msgid_len)); | ||
207 | if (msg_ctxt_id != NULL) | 203 | if (msg_ctxt_id != NULL) |
208 | #endif | 204 | #endif |
209 | { | 205 | { |
@@ -213,10 +209,10 @@ dcpgettext_expr (const char *domain, | |||
213 | translation = dcgettext (domain, msg_ctxt_id, category); | 209 | translation = dcgettext (domain, msg_ctxt_id, category); |
214 | #if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS | 210 | #if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS |
215 | if (msg_ctxt_id != buf) | 211 | if (msg_ctxt_id != buf) |
216 | free (msg_ctxt_id); | 212 | free (msg_ctxt_id); |
217 | #endif | 213 | #endif |
218 | if (translation != msg_ctxt_id) | 214 | if (translation != msg_ctxt_id) |
219 | return translation; | 215 | return translation; |
220 | } | 216 | } |
221 | return msgid; | 217 | return msgid; |
222 | } | 218 | } |
@@ -235,9 +231,8 @@ inline | |||
235 | #endif | 231 | #endif |
236 | static const char * | 232 | static const char * |
237 | dcnpgettext_expr (const char *domain, | 233 | dcnpgettext_expr (const char *domain, |
238 | const char *msgctxt, const char *msgid, | 234 | const char *msgctxt, const char *msgid, |
239 | const char *msgid_plural, unsigned long int n, | 235 | const char *msgid_plural, unsigned long int n, int category) |
240 | int category) | ||
241 | { | 236 | { |
242 | size_t msgctxt_len = strlen (msgctxt) + 1; | 237 | size_t msgctxt_len = strlen (msgctxt) + 1; |
243 | size_t msgid_len = strlen (msgid) + 1; | 238 | size_t msgid_len = strlen (msgid) + 1; |
@@ -248,21 +243,21 @@ dcnpgettext_expr (const char *domain, | |||
248 | char buf[1024]; | 243 | char buf[1024]; |
249 | char *msg_ctxt_id = | 244 | char *msg_ctxt_id = |
250 | (msgctxt_len + msgid_len <= sizeof (buf) | 245 | (msgctxt_len + msgid_len <= sizeof (buf) |
251 | ? buf | 246 | ? buf : (char *) malloc (msgctxt_len + msgid_len)); |
252 | : (char *) malloc (msgctxt_len + msgid_len)); | ||
253 | if (msg_ctxt_id != NULL) | 247 | if (msg_ctxt_id != NULL) |
254 | #endif | 248 | #endif |
255 | { | 249 | { |
256 | memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1); | 250 | memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1); |
257 | msg_ctxt_id[msgctxt_len - 1] = '\004'; | 251 | msg_ctxt_id[msgctxt_len - 1] = '\004'; |
258 | memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len); | 252 | memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len); |
259 | translation = dcngettext (domain, msg_ctxt_id, msgid_plural, n, category); | 253 | translation = |
254 | dcngettext (domain, msg_ctxt_id, msgid_plural, n, category); | ||
260 | #if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS | 255 | #if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS |
261 | if (msg_ctxt_id != buf) | 256 | if (msg_ctxt_id != buf) |
262 | free (msg_ctxt_id); | 257 | free (msg_ctxt_id); |
263 | #endif | 258 | #endif |
264 | if (!(translation == msg_ctxt_id || translation == msgid_plural)) | 259 | if (!(translation == msg_ctxt_id || translation == msgid_plural)) |
265 | return translation; | 260 | return translation; |
266 | } | 261 | } |
267 | return (n == 1 ? msgid : msgid_plural); | 262 | return (n == 1 ? msgid : msgid_plural); |
268 | } | 263 | } |
diff --git a/src/daemon/https/lgl/hmac.h b/src/daemon/https/lgl/hmac.h index 5965b603..78bcbb16 100644 --- a/src/daemon/https/lgl/hmac.h +++ b/src/daemon/https/lgl/hmac.h | |||
@@ -28,7 +28,7 @@ | |||
28 | RESBUF buffer. Return 0 on success. */ | 28 | RESBUF buffer. Return 0 on success. */ |
29 | int | 29 | int |
30 | hmac_md5 (const void *key, size_t keylen, | 30 | hmac_md5 (const void *key, size_t keylen, |
31 | const void *buffer, size_t buflen, void *resbuf); | 31 | const void *buffer, size_t buflen, void *resbuf); |
32 | 32 | ||
33 | /* Compute Hashed Message Authentication Code with SHA-1, over BUFFER | 33 | /* Compute Hashed Message Authentication Code with SHA-1, over BUFFER |
34 | data of BUFLEN bytes using the KEY of KEYLEN bytes, writing the | 34 | data of BUFLEN bytes using the KEY of KEYLEN bytes, writing the |
@@ -36,6 +36,6 @@ hmac_md5 (const void *key, size_t keylen, | |||
36 | success. */ | 36 | success. */ |
37 | int | 37 | int |
38 | hmac_sha1 (const void *key, size_t keylen, | 38 | hmac_sha1 (const void *key, size_t keylen, |
39 | const void *in, size_t inlen, void *resbuf); | 39 | const void *in, size_t inlen, void *resbuf); |
40 | 40 | ||
41 | #endif /* HMAC_H */ | 41 | #endif /* HMAC_H */ |
diff --git a/src/daemon/https/lgl/md5.h b/src/daemon/https/lgl/md5.h index 6018a6f6..a03f1e8a 100644 --- a/src/daemon/https/lgl/md5.h +++ b/src/daemon/https/lgl/md5.h | |||
@@ -74,21 +74,23 @@ struct md5_ctx | |||
74 | 74 | ||
75 | /* Initialize structure containing state of computation. | 75 | /* Initialize structure containing state of computation. |
76 | (RFC 1321, 3.3: Step 3) */ | 76 | (RFC 1321, 3.3: Step 3) */ |
77 | extern void __md5_init_ctx (struct md5_ctx *ctx) __THROW; | 77 | extern void |
78 | __md5_init_ctx (struct md5_ctx *ctx) | ||
79 | __THROW; | ||
78 | 80 | ||
79 | /* Starting with the result of former calls of this function (or the | 81 | /* Starting with the result of former calls of this function (or the |
80 | initialization function update the context for the next LEN bytes | 82 | initialization function update the context for the next LEN bytes |
81 | starting at BUFFER. | 83 | starting at BUFFER. |
82 | It is necessary that LEN is a multiple of 64!!! */ | 84 | It is necessary that LEN is a multiple of 64!!! */ |
83 | extern void __md5_process_block (const void *buffer, size_t len, | 85 | extern void __md5_process_block (const void *buffer, size_t len, |
84 | struct md5_ctx *ctx) __THROW; | 86 | struct md5_ctx *ctx) __THROW; |
85 | 87 | ||
86 | /* Starting with the result of former calls of this function (or the | 88 | /* Starting with the result of former calls of this function (or the |
87 | initialization function update the context for the next LEN bytes | 89 | initialization function update the context for the next LEN bytes |
88 | starting at BUFFER. | 90 | starting at BUFFER. |
89 | It is NOT required that LEN is a multiple of 64. */ | 91 | It is NOT required that LEN is a multiple of 64. */ |
90 | extern void __md5_process_bytes (const void *buffer, size_t len, | 92 | extern void __md5_process_bytes (const void *buffer, size_t len, |
91 | struct md5_ctx *ctx) __THROW; | 93 | struct md5_ctx *ctx) __THROW; |
92 | 94 | ||
93 | /* Process the remaining bytes in the buffer and put result from CTX | 95 | /* Process the remaining bytes in the buffer and put result from CTX |
94 | in first 16 bytes following RESBUF. The result is always in little | 96 | in first 16 bytes following RESBUF. The result is always in little |
@@ -97,7 +99,8 @@ extern void __md5_process_bytes (const void *buffer, size_t len, | |||
97 | 99 | ||
98 | IMPORTANT: On some systems, RESBUF must be aligned to a 32-bit | 100 | IMPORTANT: On some systems, RESBUF must be aligned to a 32-bit |
99 | boundary. */ | 101 | boundary. */ |
100 | extern void *__md5_finish_ctx (struct md5_ctx *ctx, void *resbuf) __THROW; | 102 | extern void *__md5_finish_ctx (struct md5_ctx *ctx, |
103 | void *resbuf) __THROW; | ||
101 | 104 | ||
102 | 105 | ||
103 | /* Put result from CTX in first 16 bytes following RESBUF. The result is | 106 | /* Put result from CTX in first 16 bytes following RESBUF. The result is |
@@ -106,19 +109,20 @@ extern void *__md5_finish_ctx (struct md5_ctx *ctx, void *resbuf) __THROW; | |||
106 | 109 | ||
107 | IMPORTANT: On some systems, RESBUF must be aligned to a 32-bit | 110 | IMPORTANT: On some systems, RESBUF must be aligned to a 32-bit |
108 | boundary. */ | 111 | boundary. */ |
109 | extern void *__md5_read_ctx (const struct md5_ctx *ctx, void *resbuf) __THROW; | 112 | extern void *__md5_read_ctx (const struct md5_ctx *ctx, |
113 | void *resbuf) __THROW; | ||
110 | 114 | ||
111 | 115 | ||
112 | /* Compute MD5 message digest for bytes read from STREAM. The | 116 | /* Compute MD5 message digest for bytes read from STREAM. The |
113 | resulting message digest number will be written into the 16 bytes | 117 | resulting message digest number will be written into the 16 bytes |
114 | beginning at RESBLOCK. */ | 118 | beginning at RESBLOCK. */ |
115 | extern int __md5_stream (FILE *stream, void *resblock) __THROW; | 119 | extern int __md5_stream (FILE * stream, void *resblock) __THROW; |
116 | 120 | ||
117 | /* Compute MD5 message digest for LEN bytes beginning at BUFFER. The | 121 | /* Compute MD5 message digest for LEN bytes beginning at BUFFER. The |
118 | result is always in little endian byte order, so that a byte-wise | 122 | result is always in little endian byte order, so that a byte-wise |
119 | output yields to the wanted ASCII representation of the message | 123 | output yields to the wanted ASCII representation of the message |
120 | digest. */ | 124 | digest. */ |
121 | extern void *__md5_buffer (const char *buffer, size_t len, | 125 | extern void *__md5_buffer (const char *buffer, size_t len, |
122 | void *resblock) __THROW; | 126 | void *resblock) __THROW; |
123 | 127 | ||
124 | #endif /* md5.h */ | 128 | #endif /* md5.h */ |
diff --git a/src/daemon/https/lgl/printf-args.h b/src/daemon/https/lgl/printf-args.h index b663a63b..5edbdf40 100644 --- a/src/daemon/https/lgl/printf-args.h +++ b/src/daemon/https/lgl/printf-args.h | |||
@@ -77,13 +77,11 @@ typedef enum | |||
77 | TYPE_COUNT_INT_POINTER, | 77 | TYPE_COUNT_INT_POINTER, |
78 | TYPE_COUNT_LONGINT_POINTER | 78 | TYPE_COUNT_LONGINT_POINTER |
79 | #if HAVE_LONG_LONG_INT | 79 | #if HAVE_LONG_LONG_INT |
80 | , TYPE_COUNT_LONGLONGINT_POINTER | 80 | , TYPE_COUNT_LONGLONGINT_POINTER |
81 | #endif | 81 | #endif |
82 | #if ENABLE_UNISTDIO | 82 | #if ENABLE_UNISTDIO |
83 | /* The unistdio extensions. */ | 83 | /* The unistdio extensions. */ |
84 | , TYPE_U8_STRING | 84 | , TYPE_U8_STRING, TYPE_U16_STRING, TYPE_U32_STRING |
85 | , TYPE_U16_STRING | ||
86 | , TYPE_U32_STRING | ||
87 | #endif | 85 | #endif |
88 | } arg_type; | 86 | } arg_type; |
89 | 87 | ||
@@ -93,42 +91,42 @@ typedef struct | |||
93 | arg_type type; | 91 | arg_type type; |
94 | union | 92 | union |
95 | { | 93 | { |
96 | signed char a_schar; | 94 | signed char a_schar; |
97 | unsigned char a_uchar; | 95 | unsigned char a_uchar; |
98 | short a_short; | 96 | short a_short; |
99 | unsigned short a_ushort; | 97 | unsigned short a_ushort; |
100 | int a_int; | 98 | int a_int; |
101 | unsigned int a_uint; | 99 | unsigned int a_uint; |
102 | long int a_longint; | 100 | long int a_longint; |
103 | unsigned long int a_ulongint; | 101 | unsigned long int a_ulongint; |
104 | #if HAVE_LONG_LONG_INT | 102 | #if HAVE_LONG_LONG_INT |
105 | long long int a_longlongint; | 103 | long long int a_longlongint; |
106 | unsigned long long int a_ulonglongint; | 104 | unsigned long long int a_ulonglongint; |
107 | #endif | 105 | #endif |
108 | float a_float; | 106 | float a_float; |
109 | double a_double; | 107 | double a_double; |
110 | long double a_longdouble; | 108 | long double a_longdouble; |
111 | int a_char; | 109 | int a_char; |
112 | #if HAVE_WINT_T | 110 | #if HAVE_WINT_T |
113 | wint_t a_wide_char; | 111 | wint_t a_wide_char; |
114 | #endif | 112 | #endif |
115 | const char* a_string; | 113 | const char *a_string; |
116 | #if HAVE_WCHAR_T | 114 | #if HAVE_WCHAR_T |
117 | const wchar_t* a_wide_string; | 115 | const wchar_t *a_wide_string; |
118 | #endif | 116 | #endif |
119 | void* a_pointer; | 117 | void *a_pointer; |
120 | signed char * a_count_schar_pointer; | 118 | signed char *a_count_schar_pointer; |
121 | short * a_count_short_pointer; | 119 | short *a_count_short_pointer; |
122 | int * a_count_int_pointer; | 120 | int *a_count_int_pointer; |
123 | long int * a_count_longint_pointer; | 121 | long int *a_count_longint_pointer; |
124 | #if HAVE_LONG_LONG_INT | 122 | #if HAVE_LONG_LONG_INT |
125 | long long int * a_count_longlongint_pointer; | 123 | long long int *a_count_longlongint_pointer; |
126 | #endif | 124 | #endif |
127 | #if ENABLE_UNISTDIO | 125 | #if ENABLE_UNISTDIO |
128 | /* The unistdio extensions. */ | 126 | /* The unistdio extensions. */ |
129 | const uint8_t * a_u8_string; | 127 | const uint8_t *a_u8_string; |
130 | const uint16_t * a_u16_string; | 128 | const uint16_t *a_u16_string; |
131 | const uint32_t * a_u32_string; | 129 | const uint32_t *a_u32_string; |
132 | #endif | 130 | #endif |
133 | } | 131 | } |
134 | a; | 132 | a; |
@@ -149,6 +147,6 @@ STATIC | |||
149 | #else | 147 | #else |
150 | extern | 148 | extern |
151 | #endif | 149 | #endif |
152 | int PRINTF_FETCHARGS (va_list args, arguments *a); | 150 | int PRINTF_FETCHARGS (va_list args, arguments * a); |
153 | 151 | ||
154 | #endif /* _PRINTF_ARGS_H */ | 152 | #endif /* _PRINTF_ARGS_H */ |
diff --git a/src/daemon/https/lgl/printf-parse.h b/src/daemon/https/lgl/printf-parse.h index f9013278..2493d481 100644 --- a/src/daemon/https/lgl/printf-parse.h +++ b/src/daemon/https/lgl/printf-parse.h | |||
@@ -25,11 +25,11 @@ | |||
25 | #include "printf-args.h" | 25 | #include "printf-args.h" |
26 | 26 | ||
27 | /* Flags */ | 27 | /* Flags */ |
28 | #define FLAG_GROUP 1 /* ' flag */ | 28 | #define FLAG_GROUP 1 /* ' flag */ |
29 | #define FLAG_LEFT 2 /* - flag */ | 29 | #define FLAG_LEFT 2 /* - flag */ |
30 | #define FLAG_SHOWSIGN 4 /* + flag */ | 30 | #define FLAG_SHOWSIGN 4 /* + flag */ |
31 | #define FLAG_SPACE 8 /* space flag */ | 31 | #define FLAG_SPACE 8 /* space flag */ |
32 | #define FLAG_ALT 16 /* # flag */ | 32 | #define FLAG_ALT 16 /* # flag */ |
33 | #define FLAG_ZERO 32 | 33 | #define FLAG_ZERO 32 |
34 | 34 | ||
35 | /* arg_index value indicating that no argument is consumed. */ | 35 | /* arg_index value indicating that no argument is consumed. */ |
@@ -41,16 +41,16 @@ | |||
41 | /* A parsed directive. */ | 41 | /* A parsed directive. */ |
42 | typedef struct | 42 | typedef struct |
43 | { | 43 | { |
44 | const char* dir_start; | 44 | const char *dir_start; |
45 | const char* dir_end; | 45 | const char *dir_end; |
46 | int flags; | 46 | int flags; |
47 | const char* width_start; | 47 | const char *width_start; |
48 | const char* width_end; | 48 | const char *width_end; |
49 | size_t width_arg_index; | 49 | size_t width_arg_index; |
50 | const char* precision_start; | 50 | const char *precision_start; |
51 | const char* precision_end; | 51 | const char *precision_end; |
52 | size_t precision_arg_index; | 52 | size_t precision_arg_index; |
53 | char conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ | 53 | char conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ |
54 | size_t arg_index; | 54 | size_t arg_index; |
55 | } | 55 | } |
56 | char_directive; | 56 | char_directive; |
@@ -70,16 +70,16 @@ char_directives; | |||
70 | /* A parsed directive. */ | 70 | /* A parsed directive. */ |
71 | typedef struct | 71 | typedef struct |
72 | { | 72 | { |
73 | const uint8_t* dir_start; | 73 | const uint8_t *dir_start; |
74 | const uint8_t* dir_end; | 74 | const uint8_t *dir_end; |
75 | int flags; | 75 | int flags; |
76 | const uint8_t* width_start; | 76 | const uint8_t *width_start; |
77 | const uint8_t* width_end; | 77 | const uint8_t *width_end; |
78 | size_t width_arg_index; | 78 | size_t width_arg_index; |
79 | const uint8_t* precision_start; | 79 | const uint8_t *precision_start; |
80 | const uint8_t* precision_end; | 80 | const uint8_t *precision_end; |
81 | size_t precision_arg_index; | 81 | size_t precision_arg_index; |
82 | uint8_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ | 82 | uint8_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ |
83 | size_t arg_index; | 83 | size_t arg_index; |
84 | } | 84 | } |
85 | u8_directive; | 85 | u8_directive; |
@@ -97,16 +97,16 @@ u8_directives; | |||
97 | /* A parsed directive. */ | 97 | /* A parsed directive. */ |
98 | typedef struct | 98 | typedef struct |
99 | { | 99 | { |
100 | const uint16_t* dir_start; | 100 | const uint16_t *dir_start; |
101 | const uint16_t* dir_end; | 101 | const uint16_t *dir_end; |
102 | int flags; | 102 | int flags; |
103 | const uint16_t* width_start; | 103 | const uint16_t *width_start; |
104 | const uint16_t* width_end; | 104 | const uint16_t *width_end; |
105 | size_t width_arg_index; | 105 | size_t width_arg_index; |
106 | const uint16_t* precision_start; | 106 | const uint16_t *precision_start; |
107 | const uint16_t* precision_end; | 107 | const uint16_t *precision_end; |
108 | size_t precision_arg_index; | 108 | size_t precision_arg_index; |
109 | uint16_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ | 109 | uint16_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ |
110 | size_t arg_index; | 110 | size_t arg_index; |
111 | } | 111 | } |
112 | u16_directive; | 112 | u16_directive; |
@@ -124,16 +124,16 @@ u16_directives; | |||
124 | /* A parsed directive. */ | 124 | /* A parsed directive. */ |
125 | typedef struct | 125 | typedef struct |
126 | { | 126 | { |
127 | const uint32_t* dir_start; | 127 | const uint32_t *dir_start; |
128 | const uint32_t* dir_end; | 128 | const uint32_t *dir_end; |
129 | int flags; | 129 | int flags; |
130 | const uint32_t* width_start; | 130 | const uint32_t *width_start; |
131 | const uint32_t* width_end; | 131 | const uint32_t *width_end; |
132 | size_t width_arg_index; | 132 | size_t width_arg_index; |
133 | const uint32_t* precision_start; | 133 | const uint32_t *precision_start; |
134 | const uint32_t* precision_end; | 134 | const uint32_t *precision_end; |
135 | size_t precision_arg_index; | 135 | size_t precision_arg_index; |
136 | uint32_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ | 136 | uint32_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */ |
137 | size_t arg_index; | 137 | size_t arg_index; |
138 | } | 138 | } |
139 | u32_directive; | 139 | u32_directive; |
@@ -157,22 +157,20 @@ u32_directives; | |||
157 | arguments and the needed count of arguments. */ | 157 | arguments and the needed count of arguments. */ |
158 | #if ENABLE_UNISTDIO | 158 | #if ENABLE_UNISTDIO |
159 | extern int | 159 | extern int |
160 | ulc_printf_parse (const char *format, char_directives *d, arguments *a); | 160 | ulc_printf_parse (const char *format, char_directives * d, arguments * a); |
161 | extern int | 161 | extern int |
162 | u8_printf_parse (const uint8_t *format, u8_directives *d, arguments *a); | 162 | u8_printf_parse (const uint8_t * format, u8_directives * d, arguments * a); |
163 | extern int | 163 | extern int |
164 | u16_printf_parse (const uint16_t *format, u16_directives *d, | 164 | u16_printf_parse (const uint16_t * format, u16_directives * d, arguments * a); |
165 | arguments *a); | ||
166 | extern int | 165 | extern int |
167 | u32_printf_parse (const uint32_t *format, u32_directives *d, | 166 | u32_printf_parse (const uint32_t * format, u32_directives * d, arguments * a); |
168 | arguments *a); | ||
169 | #else | 167 | #else |
170 | # ifdef STATIC | 168 | # ifdef STATIC |
171 | STATIC | 169 | STATIC |
172 | # else | 170 | # else |
173 | extern | 171 | extern |
174 | # endif | 172 | # endif |
175 | int printf_parse (const char *format, char_directives *d, arguments *a); | 173 | int printf_parse (const char *format, char_directives * d, arguments * a); |
176 | #endif | 174 | #endif |
177 | 175 | ||
178 | #endif /* _PRINTF_PARSE_H */ | 176 | #endif /* _PRINTF_PARSE_H */ |
diff --git a/src/daemon/https/lgl/rijndael-alg-fst.c b/src/daemon/https/lgl/rijndael-alg-fst.c index 5baa0e95..a39ec382 100644 --- a/src/daemon/https/lgl/rijndael-alg-fst.c +++ b/src/daemon/https/lgl/rijndael-alg-fst.c | |||
@@ -135,6 +135,7 @@ static const uint32_t Te0[256] = { | |||
135 | 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, | 135 | 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, |
136 | 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a, | 136 | 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a, |
137 | }; | 137 | }; |
138 | |||
138 | static const uint32_t Te1[256] = { | 139 | static const uint32_t Te1[256] = { |
139 | 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, | 140 | 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, |
140 | 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5, | 141 | 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5, |
@@ -201,6 +202,7 @@ static const uint32_t Te1[256] = { | |||
201 | 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f, | 202 | 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f, |
202 | 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616, | 203 | 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616, |
203 | }; | 204 | }; |
205 | |||
204 | static const uint32_t Te2[256] = { | 206 | static const uint32_t Te2[256] = { |
205 | 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b, | 207 | 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b, |
206 | 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5, | 208 | 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5, |
@@ -267,6 +269,7 @@ static const uint32_t Te2[256] = { | |||
267 | 0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f, | 269 | 0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f, |
268 | 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16, | 270 | 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16, |
269 | }; | 271 | }; |
272 | |||
270 | static const uint32_t Te3[256] = { | 273 | static const uint32_t Te3[256] = { |
271 | 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6, | 274 | 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6, |
272 | 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491, | 275 | 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491, |
@@ -333,6 +336,7 @@ static const uint32_t Te3[256] = { | |||
333 | 0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e, | 336 | 0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e, |
334 | 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c, | 337 | 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c, |
335 | }; | 338 | }; |
339 | |||
336 | static const uint32_t Te4[256] = { | 340 | static const uint32_t Te4[256] = { |
337 | 0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b, | 341 | 0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b, |
338 | 0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5, | 342 | 0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5, |
@@ -399,6 +403,7 @@ static const uint32_t Te4[256] = { | |||
399 | 0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f, | 403 | 0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f, |
400 | 0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616, | 404 | 0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616, |
401 | }; | 405 | }; |
406 | |||
402 | static const uint32_t Td0[256] = { | 407 | static const uint32_t Td0[256] = { |
403 | 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, | 408 | 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, |
404 | 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, | 409 | 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, |
@@ -465,6 +470,7 @@ static const uint32_t Td0[256] = { | |||
465 | 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190, | 470 | 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190, |
466 | 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742, | 471 | 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742, |
467 | }; | 472 | }; |
473 | |||
468 | static const uint32_t Td1[256] = { | 474 | static const uint32_t Td1[256] = { |
469 | 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, | 475 | 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, |
470 | 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303, | 476 | 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303, |
@@ -531,6 +537,7 @@ static const uint32_t Td1[256] = { | |||
531 | 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1, | 537 | 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1, |
532 | 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857, | 538 | 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857, |
533 | }; | 539 | }; |
540 | |||
534 | static const uint32_t Td2[256] = { | 541 | static const uint32_t Td2[256] = { |
535 | 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27, | 542 | 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27, |
536 | 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x03934be3, | 543 | 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x03934be3, |
@@ -597,6 +604,7 @@ static const uint32_t Td2[256] = { | |||
597 | 0x017139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456, | 604 | 0x017139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456, |
598 | 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8, | 605 | 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8, |
599 | }; | 606 | }; |
607 | |||
600 | static const uint32_t Td3[256] = { | 608 | static const uint32_t Td3[256] = { |
601 | 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a, | 609 | 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a, |
602 | 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b, | 610 | 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b, |
@@ -663,6 +671,7 @@ static const uint32_t Td3[256] = { | |||
663 | 0xa8017139, 0x0cb3de08, 0xb4e49cd8, 0x56c19064, | 671 | 0xa8017139, 0x0cb3de08, 0xb4e49cd8, 0x56c19064, |
664 | 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0, | 672 | 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0, |
665 | }; | 673 | }; |
674 | |||
666 | static const uint32_t Td4[256] = { | 675 | static const uint32_t Td4[256] = { |
667 | 0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5, | 676 | 0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5, |
668 | 0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838, | 677 | 0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838, |
@@ -729,6 +738,7 @@ static const uint32_t Td4[256] = { | |||
729 | 0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363, | 738 | 0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363, |
730 | 0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d, | 739 | 0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d, |
731 | }; | 740 | }; |
741 | |||
732 | static const uint32_t rcon[] = { | 742 | static const uint32_t rcon[] = { |
733 | 0x01000000, 0x02000000, 0x04000000, 0x08000000, | 743 | 0x01000000, 0x02000000, 0x04000000, 0x08000000, |
734 | 0x10000000, 0x20000000, 0x40000000, 0x80000000, | 744 | 0x10000000, 0x20000000, 0x40000000, 0x80000000, |
diff --git a/src/daemon/https/lgl/rijndael-alg-fst.h b/src/daemon/https/lgl/rijndael-alg-fst.h index 88391023..657d6697 100644 --- a/src/daemon/https/lgl/rijndael-alg-fst.h +++ b/src/daemon/https/lgl/rijndael-alg-fst.h | |||
@@ -56,12 +56,12 @@ | |||
56 | #define RIJNDAEL_MAXNR 14 | 56 | #define RIJNDAEL_MAXNR 14 |
57 | 57 | ||
58 | int rijndaelKeySetupEnc (uint32_t rk[ /*4*(Nr + 1) */ ], | 58 | int rijndaelKeySetupEnc (uint32_t rk[ /*4*(Nr + 1) */ ], |
59 | const char cipherKey[], size_t keyBits); | 59 | const char cipherKey[], size_t keyBits); |
60 | int rijndaelKeySetupDec (uint32_t rk[ /*4*(Nr + 1) */ ], | 60 | int rijndaelKeySetupDec (uint32_t rk[ /*4*(Nr + 1) */ ], |
61 | const char cipherKey[], size_t keyBits); | 61 | const char cipherKey[], size_t keyBits); |
62 | void rijndaelEncrypt (const uint32_t rk[ /*4*(Nr + 1) */ ], size_t Nr, | 62 | void rijndaelEncrypt (const uint32_t rk[ /*4*(Nr + 1) */ ], size_t Nr, |
63 | const char pt[16], char ct[16]); | 63 | const char pt[16], char ct[16]); |
64 | void rijndaelDecrypt (const uint32_t rk[ /*4*(Nr + 1) */ ], size_t Nr, | 64 | void rijndaelDecrypt (const uint32_t rk[ /*4*(Nr + 1) */ ], size_t Nr, |
65 | const char ct[16], char pt[16]); | 65 | const char ct[16], char pt[16]); |
66 | 66 | ||
67 | #endif /* __RIJNDAEL_ALG_FST_H */ | 67 | #endif /* __RIJNDAEL_ALG_FST_H */ |
diff --git a/src/daemon/https/lgl/rijndael-api-fst.h b/src/daemon/https/lgl/rijndael-api-fst.h index d0ff60ac..cbe6411f 100644 --- a/src/daemon/https/lgl/rijndael-api-fst.h +++ b/src/daemon/https/lgl/rijndael-api-fst.h | |||
@@ -95,15 +95,15 @@ typedef enum | |||
95 | 95 | ||
96 | typedef enum | 96 | typedef enum |
97 | { | 97 | { |
98 | RIJNDAEL_DIR_ENCRYPT = 0, /* Are we encrypting? */ | 98 | RIJNDAEL_DIR_ENCRYPT = 0, /* Are we encrypting? */ |
99 | RIJNDAEL_DIR_DECRYPT = 1 /* Are we decrypting? */ | 99 | RIJNDAEL_DIR_DECRYPT = 1 /* Are we decrypting? */ |
100 | } rijndael_direction; | 100 | } rijndael_direction; |
101 | 101 | ||
102 | typedef enum | 102 | typedef enum |
103 | { | 103 | { |
104 | RIJNDAEL_MODE_ECB = 1, /* Are we ciphering in ECB mode? */ | 104 | RIJNDAEL_MODE_ECB = 1, /* Are we ciphering in ECB mode? */ |
105 | RIJNDAEL_MODE_CBC = 2, /* Are we ciphering in CBC mode? */ | 105 | RIJNDAEL_MODE_CBC = 2, /* Are we ciphering in CBC mode? */ |
106 | RIJNDAEL_MODE_CFB1 = 3 /* Are we ciphering in 1-bit CFB mode? */ | 106 | RIJNDAEL_MODE_CFB1 = 3 /* Are we ciphering in 1-bit CFB mode? */ |
107 | } rijndael_mode; | 107 | } rijndael_mode; |
108 | 108 | ||
109 | /* The structure for key information */ | 109 | /* The structure for key information */ |
@@ -125,8 +125,8 @@ typedef struct | |||
125 | 125 | ||
126 | /* The structure for cipher information */ | 126 | /* The structure for cipher information */ |
127 | typedef struct | 127 | typedef struct |
128 | { /* changed order of the components */ | 128 | { /* changed order of the components */ |
129 | rijndael_mode mode; /* MODE_ECB, MODE_CBC, or MODE_CFB1 */ | 129 | rijndael_mode mode; /* MODE_ECB, MODE_CBC, or MODE_CFB1 */ |
130 | /* A possible Initialization Vector for ciphering */ | 130 | /* A possible Initialization Vector for ciphering */ |
131 | char IV[RIJNDAEL_MAX_IV_SIZE]; | 131 | char IV[RIJNDAEL_MAX_IV_SIZE]; |
132 | } rijndaelCipherInstance; | 132 | } rijndaelCipherInstance; |
@@ -137,16 +137,16 @@ typedef struct | |||
137 | from KEYMATERIAL, a hex string, of KEYLEN size. KEYLEN should be | 137 | from KEYMATERIAL, a hex string, of KEYLEN size. KEYLEN should be |
138 | 128, 192 or 256. Returns 0 on success, or an error code. */ | 138 | 128, 192 or 256. Returns 0 on success, or an error code. */ |
139 | extern rijndael_rc | 139 | extern rijndael_rc |
140 | rijndaelMakeKey (rijndaelKeyInstance *key, rijndael_direction direction, | 140 | rijndaelMakeKey (rijndaelKeyInstance * key, rijndael_direction direction, |
141 | size_t keyLen, const char *keyMaterial); | 141 | size_t keyLen, const char *keyMaterial); |
142 | 142 | ||
143 | /* Initialize cipher state CIPHER for encryption MODE (e.g., | 143 | /* Initialize cipher state CIPHER for encryption MODE (e.g., |
144 | RIJNDAEL_MODE_CBC) with initialization vector IV, a hex string of | 144 | RIJNDAEL_MODE_CBC) with initialization vector IV, a hex string of |
145 | 2*RIJNDAEL_MAX_IV_SIZE length. IV may be NULL for modes that do | 145 | 2*RIJNDAEL_MAX_IV_SIZE length. IV may be NULL for modes that do |
146 | not need an IV (i.e., RIJNDAEL_MODE_ECB). */ | 146 | not need an IV (i.e., RIJNDAEL_MODE_ECB). */ |
147 | extern rijndael_rc | 147 | extern rijndael_rc |
148 | rijndaelCipherInit (rijndaelCipherInstance *cipher, | 148 | rijndaelCipherInit (rijndaelCipherInstance * cipher, |
149 | rijndael_mode mode, const char *IV); | 149 | rijndael_mode mode, const char *IV); |
150 | 150 | ||
151 | /* Encrypt data in INPUT, of INPUTLEN/8 bytes length, placing the | 151 | /* Encrypt data in INPUT, of INPUTLEN/8 bytes length, placing the |
152 | output in the pre-allocated OUTBUFFER which must hold at least | 152 | output in the pre-allocated OUTBUFFER which must hold at least |
@@ -156,10 +156,9 @@ rijndaelCipherInit (rijndaelCipherInstance *cipher, | |||
156 | calling this function. Return the number of bits written, or a | 156 | calling this function. Return the number of bits written, or a |
157 | negative rijndael_rc error code. */ | 157 | negative rijndael_rc error code. */ |
158 | extern int | 158 | extern int |
159 | rijndaelBlockEncrypt (rijndaelCipherInstance *cipher, | 159 | rijndaelBlockEncrypt (rijndaelCipherInstance * cipher, |
160 | const rijndaelKeyInstance *key, | 160 | const rijndaelKeyInstance * key, |
161 | const char *input, size_t inputLen, | 161 | const char *input, size_t inputLen, char *outBuffer); |
162 | char *outBuffer); | ||
163 | 162 | ||
164 | /* Encrypt data in INPUT, of INPUTOCTETS bytes length, placing the | 163 | /* Encrypt data in INPUT, of INPUTOCTETS bytes length, placing the |
165 | output in the pre-allocated OUTBUFFER which must hold at least | 164 | output in the pre-allocated OUTBUFFER which must hold at least |
@@ -171,10 +170,9 @@ rijndaelBlockEncrypt (rijndaelCipherInstance *cipher, | |||
171 | calling this function. Return the number of bits written, or a | 170 | calling this function. Return the number of bits written, or a |
172 | negative rijndael_rc error code. */ | 171 | negative rijndael_rc error code. */ |
173 | extern int | 172 | extern int |
174 | rijndaelPadEncrypt (rijndaelCipherInstance *cipher, | 173 | rijndaelPadEncrypt (rijndaelCipherInstance * cipher, |
175 | const rijndaelKeyInstance *key, | 174 | const rijndaelKeyInstance * key, |
176 | const char *input, size_t inputOctets, | 175 | const char *input, size_t inputOctets, char *outBuffer); |
177 | char *outBuffer); | ||
178 | 176 | ||
179 | /* Decrypt data in INPUT, of INPUTLEN/8 bytes length, placing the | 177 | /* Decrypt data in INPUT, of INPUTLEN/8 bytes length, placing the |
180 | output in the pre-allocated OUTBUFFER which must hold at least | 178 | output in the pre-allocated OUTBUFFER which must hold at least |
@@ -184,10 +182,9 @@ rijndaelPadEncrypt (rijndaelCipherInstance *cipher, | |||
184 | calling this function. Return the number of bits written, or a | 182 | calling this function. Return the number of bits written, or a |
185 | negative rijndael_rc error code. */ | 183 | negative rijndael_rc error code. */ |
186 | extern int | 184 | extern int |
187 | rijndaelBlockDecrypt (rijndaelCipherInstance *cipher, | 185 | rijndaelBlockDecrypt (rijndaelCipherInstance * cipher, |
188 | const rijndaelKeyInstance *key, | 186 | const rijndaelKeyInstance * key, |
189 | const char *input, size_t inputLen, | 187 | const char *input, size_t inputLen, char *outBuffer); |
190 | char *outBuffer); | ||
191 | 188 | ||
192 | /* Decrypt data in INPUT, of INPUTOCTETS bytes length, placing the | 189 | /* Decrypt data in INPUT, of INPUTOCTETS bytes length, placing the |
193 | output in the pre-allocated OUTBUFFER which must hold at least | 190 | output in the pre-allocated OUTBUFFER which must hold at least |
@@ -199,9 +196,8 @@ rijndaelBlockDecrypt (rijndaelCipherInstance *cipher, | |||
199 | calling this function. Return the number of bits written, or a | 196 | calling this function. Return the number of bits written, or a |
200 | negative rijndael_rc error code. */ | 197 | negative rijndael_rc error code. */ |
201 | extern int | 198 | extern int |
202 | rijndaelPadDecrypt (rijndaelCipherInstance *cipher, | 199 | rijndaelPadDecrypt (rijndaelCipherInstance * cipher, |
203 | const rijndaelKeyInstance *key, | 200 | const rijndaelKeyInstance * key, |
204 | const char *input, size_t inputOctets, | 201 | const char *input, size_t inputOctets, char *outBuffer); |
205 | char *outBuffer); | ||
206 | 202 | ||
207 | #endif /* __RIJNDAEL_API_FST_H */ | 203 | #endif /* __RIJNDAEL_API_FST_H */ |
diff --git a/src/daemon/https/lgl/sha1.h b/src/daemon/https/lgl/sha1.h index ed0de2b4..7bfd376c 100644 --- a/src/daemon/https/lgl/sha1.h +++ b/src/daemon/https/lgl/sha1.h | |||
@@ -45,14 +45,14 @@ extern void sha1_init_ctx (struct sha1_ctx *ctx); | |||
45 | starting at BUFFER. | 45 | starting at BUFFER. |
46 | It is necessary that LEN is a multiple of 64!!! */ | 46 | It is necessary that LEN is a multiple of 64!!! */ |
47 | extern void sha1_process_block (const void *buffer, size_t len, | 47 | extern void sha1_process_block (const void *buffer, size_t len, |
48 | struct sha1_ctx *ctx); | 48 | struct sha1_ctx *ctx); |
49 | 49 | ||
50 | /* Starting with the result of former calls of this function (or the | 50 | /* Starting with the result of former calls of this function (or the |
51 | initialization function update the context for the next LEN bytes | 51 | initialization function update the context for the next LEN bytes |
52 | starting at BUFFER. | 52 | starting at BUFFER. |
53 | It is NOT required that LEN is a multiple of 64. */ | 53 | It is NOT required that LEN is a multiple of 64. */ |
54 | extern void sha1_process_bytes (const void *buffer, size_t len, | 54 | extern void sha1_process_bytes (const void *buffer, size_t len, |
55 | struct sha1_ctx *ctx); | 55 | struct sha1_ctx *ctx); |
56 | 56 | ||
57 | /* Process the remaining bytes in the buffer and put result from CTX | 57 | /* Process the remaining bytes in the buffer and put result from CTX |
58 | in first 20 bytes following RESBUF. The result is always in little | 58 | in first 20 bytes following RESBUF. The result is always in little |
@@ -76,7 +76,7 @@ extern void *sha1_read_ctx (const struct sha1_ctx *ctx, void *resbuf); | |||
76 | /* Compute SHA1 message digest for bytes read from STREAM. The | 76 | /* Compute SHA1 message digest for bytes read from STREAM. The |
77 | resulting message digest number will be written into the 20 bytes | 77 | resulting message digest number will be written into the 20 bytes |
78 | beginning at RESBLOCK. */ | 78 | beginning at RESBLOCK. */ |
79 | extern int sha1_stream (FILE *stream, void *resblock); | 79 | extern int sha1_stream (FILE * stream, void *resblock); |
80 | 80 | ||
81 | /* Compute SHA1 message digest for LEN bytes beginning at BUFFER. The | 81 | /* Compute SHA1 message digest for LEN bytes beginning at BUFFER. The |
82 | result is always in little endian byte order, so that a byte-wise | 82 | result is always in little endian byte order, so that a byte-wise |
diff --git a/src/daemon/https/lgl/vasnprintf.h b/src/daemon/https/lgl/vasnprintf.h index 4524ce77..e4c57f5b 100644 --- a/src/daemon/https/lgl/vasnprintf.h +++ b/src/daemon/https/lgl/vasnprintf.h | |||
@@ -27,7 +27,7 @@ | |||
27 | #ifndef __attribute__ | 27 | #ifndef __attribute__ |
28 | /* This feature is available in gcc versions 2.5 and later. */ | 28 | /* This feature is available in gcc versions 2.5 and later. */ |
29 | # if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) || __STRICT_ANSI__ | 29 | # if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) || __STRICT_ANSI__ |
30 | # define __attribute__(Spec) /* empty */ | 30 | # define __attribute__(Spec) /* empty */ |
31 | # endif | 31 | # endif |
32 | /* The __-protected variants of `format' and `printf' attributes | 32 | /* The __-protected variants of `format' and `printf' attributes |
33 | are accepted by gcc versions 2.6.4 (effectively 2.7) and later. */ | 33 | are accepted by gcc versions 2.6.4 (effectively 2.7) and later. */ |
@@ -38,7 +38,8 @@ | |||
38 | #endif | 38 | #endif |
39 | 39 | ||
40 | #ifdef __cplusplus | 40 | #ifdef __cplusplus |
41 | extern "C" { | 41 | extern "C" |
42 | { | ||
42 | #endif | 43 | #endif |
43 | 44 | ||
44 | /* Write formatted output to a string dynamically allocated with malloc(). | 45 | /* Write formatted output to a string dynamically allocated with malloc(). |
@@ -69,13 +70,15 @@ extern "C" { | |||
69 | # define asnprintf rpl_asnprintf | 70 | # define asnprintf rpl_asnprintf |
70 | # define vasnprintf rpl_vasnprintf | 71 | # define vasnprintf rpl_vasnprintf |
71 | #endif | 72 | #endif |
72 | extern char * asnprintf (char *resultbuf, size_t *lengthp, const char *format, ...) | 73 | extern char *asnprintf (char *resultbuf, size_t * lengthp, |
73 | __attribute__ ((__format__ (__printf__, 3, 4))); | 74 | const char *format, ...) |
74 | extern char * vasnprintf (char *resultbuf, size_t *lengthp, const char *format, va_list args) | 75 | __attribute__ ((__format__ (__printf__, 3, 4))); |
75 | __attribute__ ((__format__ (__printf__, 3, 0))); | 76 | extern char *vasnprintf (char *resultbuf, size_t * lengthp, |
77 | const char *format, va_list args) | ||
78 | __attribute__ ((__format__ (__printf__, 3, 0))); | ||
76 | 79 | ||
77 | #ifdef __cplusplus | 80 | #ifdef __cplusplus |
78 | } | 81 | } |
79 | #endif | 82 | #endif |
80 | 83 | ||
81 | #endif /* _VASNPRINTF_H */ | 84 | #endif /* _VASNPRINTF_H */ |
diff --git a/src/daemon/https/lgl/xsize.h b/src/daemon/https/lgl/xsize.h index d37de38a..d8e1b5fe 100644 --- a/src/daemon/https/lgl/xsize.h +++ b/src/daemon/https/lgl/xsize.h | |||
@@ -51,9 +51,9 @@ | |||
51 | /* Sum of two sizes, with overflow check. */ | 51 | /* Sum of two sizes, with overflow check. */ |
52 | static inline size_t | 52 | static inline size_t |
53 | #if __GNUC__ >= 3 | 53 | #if __GNUC__ >= 3 |
54 | __attribute__ ((__pure__)) | 54 | __attribute__ ((__pure__)) |
55 | #endif | 55 | #endif |
56 | xsum (size_t size1, size_t size2) | 56 | xsum (size_t size1, size_t size2) |
57 | { | 57 | { |
58 | size_t sum = size1 + size2; | 58 | size_t sum = size1 + size2; |
59 | return (sum >= size1 ? sum : SIZE_MAX); | 59 | return (sum >= size1 ? sum : SIZE_MAX); |
@@ -62,9 +62,9 @@ xsum (size_t size1, size_t size2) | |||
62 | /* Sum of three sizes, with overflow check. */ | 62 | /* Sum of three sizes, with overflow check. */ |
63 | static inline size_t | 63 | static inline size_t |
64 | #if __GNUC__ >= 3 | 64 | #if __GNUC__ >= 3 |
65 | __attribute__ ((__pure__)) | 65 | __attribute__ ((__pure__)) |
66 | #endif | 66 | #endif |
67 | xsum3 (size_t size1, size_t size2, size_t size3) | 67 | xsum3 (size_t size1, size_t size2, size_t size3) |
68 | { | 68 | { |
69 | return xsum (xsum (size1, size2), size3); | 69 | return xsum (xsum (size1, size2), size3); |
70 | } | 70 | } |
@@ -72,9 +72,9 @@ xsum3 (size_t size1, size_t size2, size_t size3) | |||
72 | /* Sum of four sizes, with overflow check. */ | 72 | /* Sum of four sizes, with overflow check. */ |
73 | static inline size_t | 73 | static inline size_t |
74 | #if __GNUC__ >= 3 | 74 | #if __GNUC__ >= 3 |
75 | __attribute__ ((__pure__)) | 75 | __attribute__ ((__pure__)) |
76 | #endif | 76 | #endif |
77 | xsum4 (size_t size1, size_t size2, size_t size3, size_t size4) | 77 | xsum4 (size_t size1, size_t size2, size_t size3, size_t size4) |
78 | { | 78 | { |
79 | return xsum (xsum (xsum (size1, size2), size3), size4); | 79 | return xsum (xsum (xsum (size1, size2), size3), size4); |
80 | } | 80 | } |
@@ -82,9 +82,9 @@ xsum4 (size_t size1, size_t size2, size_t size3, size_t size4) | |||
82 | /* Maximum of two sizes, with overflow check. */ | 82 | /* Maximum of two sizes, with overflow check. */ |
83 | static inline size_t | 83 | static inline size_t |
84 | #if __GNUC__ >= 3 | 84 | #if __GNUC__ >= 3 |
85 | __attribute__ ((__pure__)) | 85 | __attribute__ ((__pure__)) |
86 | #endif | 86 | #endif |
87 | xmax (size_t size1, size_t size2) | 87 | xmax (size_t size1, size_t size2) |
88 | { | 88 | { |
89 | /* No explicit check is needed here, because for any n: | 89 | /* No explicit check is needed here, because for any n: |
90 | max (SIZE_MAX, n) == SIZE_MAX and max (n, SIZE_MAX) == SIZE_MAX. */ | 90 | max (SIZE_MAX, n) == SIZE_MAX and max (n, SIZE_MAX) == SIZE_MAX. */ |
@@ -106,4 +106,3 @@ xmax (size_t size1, size_t size2) | |||
106 | ((SIZE) != SIZE_MAX) | 106 | ((SIZE) != SIZE_MAX) |
107 | 107 | ||
108 | #endif /* _XSIZE_H */ | 108 | #endif /* _XSIZE_H */ |
109 | |||
diff --git a/src/daemon/https/minitasn1/coding.c b/src/daemon/https/minitasn1/coding.c index 10870e01..385577a0 100644 --- a/src/daemon/https/minitasn1/coding.c +++ b/src/daemon/https/minitasn1/coding.c | |||
@@ -385,7 +385,7 @@ _asn1_complete_explicit_tag (node_asn * node, unsigned char *der, | |||
385 | p = node->down; | 385 | p = node->down; |
386 | /* When there are nested tags we must complete them reverse to | 386 | /* When there are nested tags we must complete them reverse to |
387 | the order they were created. This is because completing a tag | 387 | the order they were created. This is because completing a tag |
388 | modifies all data within it, including the incomplete tags | 388 | modifies all data within it, including the incomplete tags |
389 | which store buffer positions -- simon@josefsson.org 2002-09-06 | 389 | which store buffer positions -- simon@josefsson.org 2002-09-06 |
390 | */ | 390 | */ |
391 | while (p->right) | 391 | while (p->right) |
diff --git a/src/daemon/https/minitasn1/decoding.c b/src/daemon/https/minitasn1/decoding.c index 0e00cd92..5c763d85 100644 --- a/src/daemon/https/minitasn1/decoding.c +++ b/src/daemon/https/minitasn1/decoding.c | |||
@@ -2557,7 +2557,7 @@ asn1_expand_any_defined_by (ASN1_TYPE definitions, ASN1_TYPE * element) | |||
2557 | if ((result == ASN1_SUCCESS) | 2557 | if ((result == ASN1_SUCCESS) |
2558 | && (!strcmp (p3->value, value))) | 2558 | && (!strcmp (p3->value, value))) |
2559 | { | 2559 | { |
2560 | p2 = p2->right; /* pointer to the structure to | 2560 | p2 = p2->right; /* pointer to the structure to |
2561 | use for expansion */ | 2561 | use for expansion */ |
2562 | while ((p2) && (p2->type & CONST_ASSIGN)) | 2562 | while ((p2) && (p2->type & CONST_ASSIGN)) |
2563 | p2 = p2->right; | 2563 | p2 = p2->right; |
@@ -2747,7 +2747,7 @@ asn1_expand_octet_string (ASN1_TYPE definitions, ASN1_TYPE * element, | |||
2747 | && (!strcmp (objectNode->value, value))) | 2747 | && (!strcmp (objectNode->value, value))) |
2748 | { | 2748 | { |
2749 | 2749 | ||
2750 | p2 = p2->right; /* pointer to the structure to | 2750 | p2 = p2->right; /* pointer to the structure to |
2751 | use for expansion */ | 2751 | use for expansion */ |
2752 | while ((p2) && (p2->type & CONST_ASSIGN)) | 2752 | while ((p2) && (p2->type & CONST_ASSIGN)) |
2753 | p2 = p2->right; | 2753 | p2 = p2->right; |
diff --git a/src/daemon/https/minitasn1/element.h b/src/daemon/https/minitasn1/element.h index 3db95295..b6341e8a 100644 --- a/src/daemon/https/minitasn1/element.h +++ b/src/daemon/https/minitasn1/element.h | |||
@@ -3,11 +3,12 @@ | |||
3 | #define _ELEMENT_H | 3 | #define _ELEMENT_H |
4 | 4 | ||
5 | 5 | ||
6 | asn1_retCode _asn1_append_sequence_set(node_asn *node); | 6 | asn1_retCode _asn1_append_sequence_set (node_asn * node); |
7 | 7 | ||
8 | asn1_retCode _asn1_convert_integer(const char *value,unsigned char *value_out, | 8 | asn1_retCode _asn1_convert_integer (const char *value, |
9 | int value_out_size, int *len); | 9 | unsigned char *value_out, |
10 | int value_out_size, int *len); | ||
10 | 11 | ||
11 | void _asn1_hierarchical_name(node_asn *node,char *name,int name_size); | 12 | void _asn1_hierarchical_name (node_asn * node, char *name, int name_size); |
12 | 13 | ||
13 | #endif | 14 | #endif |
diff --git a/src/daemon/https/minitasn1/errors.h b/src/daemon/https/minitasn1/errors.h index f8bf2242..05faa321 100644 --- a/src/daemon/https/minitasn1/errors.h +++ b/src/daemon/https/minitasn1/errors.h | |||
@@ -25,6 +25,6 @@ | |||
25 | 25 | ||
26 | #include "int.h" | 26 | #include "int.h" |
27 | 27 | ||
28 | void _libtasn1_log( const char *fmt, ...); | 28 | void _libtasn1_log (const char *fmt, ...); |
29 | 29 | ||
30 | #endif /* ERRORS_H */ | 30 | #endif /* ERRORS_H */ |
diff --git a/src/daemon/https/minitasn1/gstr.h b/src/daemon/https/minitasn1/gstr.h index 5508d26e..360c6d88 100644 --- a/src/daemon/https/minitasn1/gstr.h +++ b/src/daemon/https/minitasn1/gstr.h | |||
@@ -1,5 +1,5 @@ | |||
1 | void _asn1_str_cpy( char* dest, size_t dest_tot_size, const char* src); | 1 | void _asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src); |
2 | void _asn1_str_cat( char* dest, size_t dest_tot_size, const char* src); | 2 | void _asn1_str_cat (char *dest, size_t dest_tot_size, const char *src); |
3 | 3 | ||
4 | #define Estrcpy(x,y) _asn1_str_cpy(x,MAX_ERROR_DESCRIPTION_SIZE,y) | 4 | #define Estrcpy(x,y) _asn1_str_cpy(x,MAX_ERROR_DESCRIPTION_SIZE,y) |
5 | #define Estrcat(x,y) _asn1_str_cat(x,MAX_ERROR_DESCRIPTION_SIZE,y) | 5 | #define Estrcat(x,y) _asn1_str_cat(x,MAX_ERROR_DESCRIPTION_SIZE,y) |
diff --git a/src/daemon/https/minitasn1/int.h b/src/daemon/https/minitasn1/int.h index d9d18c77..a99fb6db 100644 --- a/src/daemon/https/minitasn1/int.h +++ b/src/daemon/https/minitasn1/int.h | |||
@@ -34,7 +34,7 @@ | |||
34 | 34 | ||
35 | #include <mem.h> | 35 | #include <mem.h> |
36 | 36 | ||
37 | #define MAX_LOG_SIZE 1024 /* maximum number of characters of a log message */ | 37 | #define MAX_LOG_SIZE 1024 /* maximum number of characters of a log message */ |
38 | 38 | ||
39 | /* Define used for visiting trees. */ | 39 | /* Define used for visiting trees. */ |
40 | #define UP 1 | 40 | #define UP 1 |
@@ -82,13 +82,13 @@ | |||
82 | #define CONST_EXPLICIT (1<<11) | 82 | #define CONST_EXPLICIT (1<<11) |
83 | #define CONST_IMPLICIT (1<<12) | 83 | #define CONST_IMPLICIT (1<<12) |
84 | 84 | ||
85 | #define CONST_TAG (1<<13) /* Used in ASN.1 assignement */ | 85 | #define CONST_TAG (1<<13) /* Used in ASN.1 assignement */ |
86 | #define CONST_OPTION (1<<14) | 86 | #define CONST_OPTION (1<<14) |
87 | #define CONST_DEFAULT (1<<15) | 87 | #define CONST_DEFAULT (1<<15) |
88 | #define CONST_TRUE (1<<16) | 88 | #define CONST_TRUE (1<<16) |
89 | #define CONST_FALSE (1<<17) | 89 | #define CONST_FALSE (1<<17) |
90 | 90 | ||
91 | #define CONST_LIST (1<<18) /* Used with TYPE_INTEGER and TYPE_BIT_STRING */ | 91 | #define CONST_LIST (1<<18) /* Used with TYPE_INTEGER and TYPE_BIT_STRING */ |
92 | #define CONST_MIN_MAX (1<<19) | 92 | #define CONST_MIN_MAX (1<<19) |
93 | 93 | ||
94 | #define CONST_1_PARAM (1<<20) | 94 | #define CONST_1_PARAM (1<<20) |
diff --git a/src/daemon/https/minitasn1/libtasn1.h b/src/daemon/https/minitasn1/libtasn1.h index 0b48c305..58862e63 100644 --- a/src/daemon/https/minitasn1/libtasn1.h +++ b/src/daemon/https/minitasn1/libtasn1.h | |||
@@ -24,7 +24,7 @@ | |||
24 | #ifndef LIBTASN1_H | 24 | #ifndef LIBTASN1_H |
25 | # define LIBTASN1_H | 25 | # define LIBTASN1_H |
26 | 26 | ||
27 | #include <stdio.h> /* for FILE* */ | 27 | #include <stdio.h> /* for FILE* */ |
28 | 28 | ||
29 | #ifdef __cplusplus | 29 | #ifdef __cplusplus |
30 | extern "C" | 30 | extern "C" |
@@ -36,14 +36,14 @@ extern "C" | |||
36 | #include <sys/types.h> | 36 | #include <sys/types.h> |
37 | #include <time.h> | 37 | #include <time.h> |
38 | 38 | ||
39 | #define MAX_NAME_SIZE 128 /* maximum number of characters of a name */ | 39 | #define MAX_NAME_SIZE 128 /* maximum number of characters of a name */ |
40 | /* inside a file with ASN1 definitons */ | 40 | /* inside a file with ASN1 definitons */ |
41 | #define MAX_ERROR_DESCRIPTION_SIZE 128 /* maximum number of characters */ | 41 | #define MAX_ERROR_DESCRIPTION_SIZE 128 /* maximum number of characters */ |
42 | /* of a description message */ | 42 | /* of a description message */ |
43 | /* (null character included) */ | 43 | /* (null character included) */ |
44 | 44 | ||
45 | 45 | ||
46 | typedef int asn1_retCode; /* type returned by libtasn1 functions */ | 46 | typedef int asn1_retCode; /* type returned by libtasn1 functions */ |
47 | 47 | ||
48 | /*****************************************/ | 48 | /*****************************************/ |
49 | /* Errors returned by libtasn1 functions */ | 49 | /* Errors returned by libtasn1 functions */ |
@@ -78,10 +78,10 @@ extern "C" | |||
78 | /*****************************************/ | 78 | /*****************************************/ |
79 | /* Constants returned by asn1_read_tag */ | 79 | /* Constants returned by asn1_read_tag */ |
80 | /*****************************************/ | 80 | /*****************************************/ |
81 | #define ASN1_CLASS_UNIVERSAL 0x00 /* old: 1 */ | 81 | #define ASN1_CLASS_UNIVERSAL 0x00 /* old: 1 */ |
82 | #define ASN1_CLASS_APPLICATION 0x40 /* old: 2 */ | 82 | #define ASN1_CLASS_APPLICATION 0x40 /* old: 2 */ |
83 | #define ASN1_CLASS_CONTEXT_SPECIFIC 0x80 /* old: 3 */ | 83 | #define ASN1_CLASS_CONTEXT_SPECIFIC 0x80 /* old: 3 */ |
84 | #define ASN1_CLASS_PRIVATE 0xC0 /* old: 4 */ | 84 | #define ASN1_CLASS_PRIVATE 0xC0 /* old: 4 */ |
85 | #define ASN1_CLASS_STRUCTURED 0x20 | 85 | #define ASN1_CLASS_STRUCTURED 0x20 |
86 | 86 | ||
87 | /*****************************************/ | 87 | /*****************************************/ |
@@ -107,13 +107,13 @@ extern "C" | |||
107 | 107 | ||
108 | struct node_asn_struct | 108 | struct node_asn_struct |
109 | { | 109 | { |
110 | char *name; /* Node name */ | 110 | char *name; /* Node name */ |
111 | unsigned int type; /* Node type */ | 111 | unsigned int type; /* Node type */ |
112 | unsigned char *value; /* Node value */ | 112 | unsigned char *value; /* Node value */ |
113 | int value_len; | 113 | int value_len; |
114 | struct node_asn_struct *down; /* Pointer to the son node */ | 114 | struct node_asn_struct *down; /* Pointer to the son node */ |
115 | struct node_asn_struct *right; /* Pointer to the brother node */ | 115 | struct node_asn_struct *right; /* Pointer to the brother node */ |
116 | struct node_asn_struct *left; /* Pointer to the next list element */ | 116 | struct node_asn_struct *left; /* Pointer to the next list element */ |
117 | }; | 117 | }; |
118 | 118 | ||
119 | typedef struct node_asn_struct node_asn; | 119 | typedef struct node_asn_struct node_asn; |
@@ -124,9 +124,9 @@ extern "C" | |||
124 | 124 | ||
125 | struct static_struct_asn | 125 | struct static_struct_asn |
126 | { | 126 | { |
127 | const char *name; /* Node name */ | 127 | const char *name; /* Node name */ |
128 | unsigned int type; /* Node type */ | 128 | unsigned int type; /* Node type */ |
129 | const void *value; /* Node value */ | 129 | const void *value; /* Node value */ |
130 | }; | 130 | }; |
131 | 131 | ||
132 | typedef struct static_struct_asn ASN1_ARRAY_TYPE; | 132 | typedef struct static_struct_asn ASN1_ARRAY_TYPE; |
@@ -138,68 +138,68 @@ extern "C" | |||
138 | /***********************************/ | 138 | /***********************************/ |
139 | 139 | ||
140 | asn1_retCode asn1_parser2tree (const char *file_name, | 140 | asn1_retCode asn1_parser2tree (const char *file_name, |
141 | ASN1_TYPE * definitions, | 141 | ASN1_TYPE * definitions, |
142 | char *errorDescription); | 142 | char *errorDescription); |
143 | 143 | ||
144 | asn1_retCode asn1_parser2array (const char *inputFileName, | 144 | asn1_retCode asn1_parser2array (const char *inputFileName, |
145 | const char *outputFileName, | 145 | const char *outputFileName, |
146 | const char *vectorName, | 146 | const char *vectorName, |
147 | char *errorDescription); | 147 | char *errorDescription); |
148 | 148 | ||
149 | asn1_retCode asn1_array2tree (const ASN1_ARRAY_TYPE * array, | 149 | asn1_retCode asn1_array2tree (const ASN1_ARRAY_TYPE * array, |
150 | ASN1_TYPE * definitions, | 150 | ASN1_TYPE * definitions, |
151 | char *errorDescription); | 151 | char *errorDescription); |
152 | 152 | ||
153 | void asn1_print_structure (FILE *out, ASN1_TYPE structure, const char *name, | 153 | void asn1_print_structure (FILE * out, ASN1_TYPE structure, |
154 | int mode); | 154 | const char *name, int mode); |
155 | 155 | ||
156 | asn1_retCode asn1_create_element (ASN1_TYPE definitions, | 156 | asn1_retCode asn1_create_element (ASN1_TYPE definitions, |
157 | const char *source_name, | 157 | const char *source_name, |
158 | ASN1_TYPE * element); | 158 | ASN1_TYPE * element); |
159 | 159 | ||
160 | asn1_retCode asn1_delete_structure (ASN1_TYPE * structure); | 160 | asn1_retCode asn1_delete_structure (ASN1_TYPE * structure); |
161 | 161 | ||
162 | asn1_retCode asn1_delete_element (ASN1_TYPE structure, | 162 | asn1_retCode asn1_delete_element (ASN1_TYPE structure, |
163 | const char *element_name); | 163 | const char *element_name); |
164 | 164 | ||
165 | asn1_retCode asn1_write_value (ASN1_TYPE node_root, const char *name, | 165 | asn1_retCode asn1_write_value (ASN1_TYPE node_root, const char *name, |
166 | const void *ivalue, int len); | 166 | const void *ivalue, int len); |
167 | 167 | ||
168 | asn1_retCode asn1_read_value (ASN1_TYPE root, const char *name, | 168 | asn1_retCode asn1_read_value (ASN1_TYPE root, const char *name, |
169 | void *ivalue, int *len); | 169 | void *ivalue, int *len); |
170 | 170 | ||
171 | asn1_retCode asn1_number_of_elements (ASN1_TYPE element, const char *name, | 171 | asn1_retCode asn1_number_of_elements (ASN1_TYPE element, const char *name, |
172 | int *num); | 172 | int *num); |
173 | 173 | ||
174 | asn1_retCode asn1_der_coding (ASN1_TYPE element, const char *name, | 174 | asn1_retCode asn1_der_coding (ASN1_TYPE element, const char *name, |
175 | void *ider, int *len, char *ErrorDescription); | 175 | void *ider, int *len, char *ErrorDescription); |
176 | 176 | ||
177 | asn1_retCode asn1_der_decoding (ASN1_TYPE * element, const void *ider, | 177 | asn1_retCode asn1_der_decoding (ASN1_TYPE * element, const void *ider, |
178 | int len, char *errorDescription); | 178 | int len, char *errorDescription); |
179 | 179 | ||
180 | asn1_retCode asn1_der_decoding_element (ASN1_TYPE * structure, | 180 | asn1_retCode asn1_der_decoding_element (ASN1_TYPE * structure, |
181 | const char *elementName, | 181 | const char *elementName, |
182 | const void *ider, int len, | 182 | const void *ider, int len, |
183 | char *errorDescription); | 183 | char *errorDescription); |
184 | 184 | ||
185 | asn1_retCode asn1_der_decoding_startEnd (ASN1_TYPE element, | 185 | asn1_retCode asn1_der_decoding_startEnd (ASN1_TYPE element, |
186 | const void *ider, int len, | 186 | const void *ider, int len, |
187 | const char *name_element, | 187 | const char *name_element, |
188 | int *start, int *end); | 188 | int *start, int *end); |
189 | 189 | ||
190 | asn1_retCode asn1_expand_any_defined_by (ASN1_TYPE definitions, | 190 | asn1_retCode asn1_expand_any_defined_by (ASN1_TYPE definitions, |
191 | ASN1_TYPE * element); | 191 | ASN1_TYPE * element); |
192 | 192 | ||
193 | asn1_retCode asn1_expand_octet_string (ASN1_TYPE definitions, | 193 | asn1_retCode asn1_expand_octet_string (ASN1_TYPE definitions, |
194 | ASN1_TYPE * element, | 194 | ASN1_TYPE * element, |
195 | const char *octetName, | 195 | const char *octetName, |
196 | const char *objectName); | 196 | const char *objectName); |
197 | 197 | ||
198 | asn1_retCode asn1_read_tag (node_asn * root, const char *name, | 198 | asn1_retCode asn1_read_tag (node_asn * root, const char *name, |
199 | int *tagValue, int *classValue); | 199 | int *tagValue, int *classValue); |
200 | 200 | ||
201 | const char *asn1_find_structure_from_oid (ASN1_TYPE definitions, | 201 | const char *asn1_find_structure_from_oid (ASN1_TYPE definitions, |
202 | const char *oidValue); | 202 | const char *oidValue); |
203 | 203 | ||
204 | const char *asn1_check_version (const char *req_version); | 204 | const char *asn1_check_version (const char *req_version); |
205 | 205 | ||
@@ -210,37 +210,37 @@ extern "C" | |||
210 | /* DER utility functions. */ | 210 | /* DER utility functions. */ |
211 | 211 | ||
212 | int asn1_get_tag_der (const unsigned char *der, int der_len, | 212 | int asn1_get_tag_der (const unsigned char *der, int der_len, |
213 | unsigned char *cls, int *len, unsigned long *tag); | 213 | unsigned char *cls, int *len, unsigned long *tag); |
214 | 214 | ||
215 | void asn1_octet_der (const unsigned char *str, int str_len, | 215 | void asn1_octet_der (const unsigned char *str, int str_len, |
216 | unsigned char *der, int *der_len); | 216 | unsigned char *der, int *der_len); |
217 | 217 | ||
218 | asn1_retCode asn1_get_octet_der (const unsigned char *der, int der_len, | 218 | asn1_retCode asn1_get_octet_der (const unsigned char *der, int der_len, |
219 | int *ret_len, unsigned char *str, | 219 | int *ret_len, unsigned char *str, |
220 | int str_size, int *str_len); | 220 | int str_size, int *str_len); |
221 | 221 | ||
222 | void asn1_bit_der (const unsigned char *str, int bit_len, | 222 | void asn1_bit_der (const unsigned char *str, int bit_len, |
223 | unsigned char *der, int *der_len); | 223 | unsigned char *der, int *der_len); |
224 | 224 | ||
225 | asn1_retCode asn1_get_bit_der (const unsigned char *der, int der_len, | 225 | asn1_retCode asn1_get_bit_der (const unsigned char *der, int der_len, |
226 | int *ret_len, unsigned char *str, | 226 | int *ret_len, unsigned char *str, |
227 | int str_size, int *bit_len); | 227 | int str_size, int *bit_len); |
228 | 228 | ||
229 | signed long asn1_get_length_der (const unsigned char *der, int der_len, | 229 | signed long asn1_get_length_der (const unsigned char *der, int der_len, |
230 | int *len); | 230 | int *len); |
231 | 231 | ||
232 | void asn1_length_der (unsigned long int len, unsigned char *ans, | 232 | void asn1_length_der (unsigned long int len, unsigned char *ans, |
233 | int *ans_len); | 233 | int *ans_len); |
234 | 234 | ||
235 | /* Other utility functions. */ | 235 | /* Other utility functions. */ |
236 | 236 | ||
237 | ASN1_TYPE asn1_find_node (ASN1_TYPE pointer, const char *name); | 237 | ASN1_TYPE asn1_find_node (ASN1_TYPE pointer, const char *name); |
238 | 238 | ||
239 | asn1_retCode asn1_copy_node (ASN1_TYPE dst, const char *dst_name, | 239 | asn1_retCode asn1_copy_node (ASN1_TYPE dst, const char *dst_name, |
240 | ASN1_TYPE src, const char *src_name); | 240 | ASN1_TYPE src, const char *src_name); |
241 | 241 | ||
242 | #ifdef __cplusplus | 242 | #ifdef __cplusplus |
243 | } | 243 | } |
244 | #endif | 244 | #endif |
245 | 245 | ||
246 | #endif /* LIBTASN1_H */ | 246 | #endif /* LIBTASN1_H */ |
diff --git a/src/daemon/https/minitasn1/mem.h b/src/daemon/https/minitasn1/mem.h index 267f62f3..3a5c7aa9 100644 --- a/src/daemon/https/minitasn1/mem.h +++ b/src/daemon/https/minitasn1/mem.h | |||
@@ -23,5 +23,3 @@ | |||
23 | #define _asn1_strdup strdup | 23 | #define _asn1_strdup strdup |
24 | 24 | ||
25 | #endif /* MEM_H */ | 25 | #endif /* MEM_H */ |
26 | |||
27 | |||
diff --git a/src/daemon/https/minitasn1/parser_aux.c b/src/daemon/https/minitasn1/parser_aux.c index 7d975b3d..dcaee0a9 100644 --- a/src/daemon/https/minitasn1/parser_aux.c +++ b/src/daemon/https/minitasn1/parser_aux.c | |||
@@ -161,7 +161,7 @@ asn1_find_node (ASN1_TYPE pointer, const char *name) | |||
161 | 161 | ||
162 | p = p->down; | 162 | p = p->down; |
163 | 163 | ||
164 | /* The identifier "?LAST" indicates the last element | 164 | /* The identifier "?LAST" indicates the last element |
165 | in the right chain. */ | 165 | in the right chain. */ |
166 | if (!strcmp (n, "?LAST")) | 166 | if (!strcmp (n, "?LAST")) |
167 | { | 167 | { |
diff --git a/src/daemon/https/minitasn1/parser_aux.h b/src/daemon/https/minitasn1/parser_aux.h index 3055510c..4f7d3f1b 100644 --- a/src/daemon/https/minitasn1/parser_aux.h +++ b/src/daemon/https/minitasn1/parser_aux.h | |||
@@ -6,58 +6,45 @@ | |||
6 | /***************************************/ | 6 | /***************************************/ |
7 | /* Functions used by ASN.1 parser */ | 7 | /* Functions used by ASN.1 parser */ |
8 | /***************************************/ | 8 | /***************************************/ |
9 | node_asn * | 9 | node_asn *_asn1_add_node (unsigned int type); |
10 | _asn1_add_node(unsigned int type); | ||
11 | 10 | ||
12 | node_asn * | 11 | node_asn *_asn1_set_value (node_asn * node, const void *value, |
13 | _asn1_set_value(node_asn *node,const void *value,unsigned int len); | 12 | unsigned int len); |
14 | 13 | ||
15 | node_asn * | 14 | node_asn *_asn1_set_name (node_asn * node, const char *name); |
16 | _asn1_set_name(node_asn *node,const char *name); | ||
17 | 15 | ||
18 | node_asn * | 16 | node_asn *_asn1_set_right (node_asn * node, node_asn * right); |
19 | _asn1_set_right(node_asn *node,node_asn *right); | ||
20 | 17 | ||
21 | node_asn * | 18 | node_asn *_asn1_get_right (node_asn * node); |
22 | _asn1_get_right(node_asn *node); | ||
23 | 19 | ||
24 | node_asn * | 20 | node_asn *_asn1_get_last_right (node_asn * node); |
25 | _asn1_get_last_right(node_asn *node); | ||
26 | 21 | ||
27 | node_asn * | 22 | node_asn *_asn1_set_down (node_asn * node, node_asn * down); |
28 | _asn1_set_down(node_asn *node,node_asn *down); | ||
29 | 23 | ||
30 | char * | 24 | char *_asn1_get_name (node_asn * node); |
31 | _asn1_get_name(node_asn *node); | ||
32 | 25 | ||
33 | node_asn * | 26 | node_asn *_asn1_get_down (node_asn * node); |
34 | _asn1_get_down(node_asn *node); | ||
35 | 27 | ||
36 | node_asn * | 28 | node_asn *_asn1_mod_type (node_asn * node, unsigned int value); |
37 | _asn1_mod_type(node_asn *node,unsigned int value); | ||
38 | 29 | ||
39 | void | 30 | void _asn1_remove_node (node_asn * node); |
40 | _asn1_remove_node(node_asn *node); | ||
41 | 31 | ||
42 | void _asn1_delete_list(void); | 32 | void _asn1_delete_list (void); |
43 | 33 | ||
44 | void _asn1_delete_list_and_nodes(void); | 34 | void _asn1_delete_list_and_nodes (void); |
45 | 35 | ||
46 | char * _asn1_ltostr(long v,char *str); | 36 | char *_asn1_ltostr (long v, char *str); |
47 | 37 | ||
48 | node_asn * _asn1_find_up(node_asn *node); | 38 | node_asn *_asn1_find_up (node_asn * node); |
49 | 39 | ||
50 | asn1_retCode _asn1_change_integer_value(ASN1_TYPE node); | 40 | asn1_retCode _asn1_change_integer_value (ASN1_TYPE node); |
51 | 41 | ||
52 | asn1_retCode _asn1_expand_object_id(ASN1_TYPE node); | 42 | asn1_retCode _asn1_expand_object_id (ASN1_TYPE node); |
53 | 43 | ||
54 | asn1_retCode _asn1_type_set_config(ASN1_TYPE node); | 44 | asn1_retCode _asn1_type_set_config (ASN1_TYPE node); |
55 | 45 | ||
56 | asn1_retCode _asn1_check_identifier(ASN1_TYPE node); | 46 | asn1_retCode _asn1_check_identifier (ASN1_TYPE node); |
57 | 47 | ||
58 | asn1_retCode _asn1_set_default_tag(ASN1_TYPE node); | 48 | asn1_retCode _asn1_set_default_tag (ASN1_TYPE node); |
59 | 49 | ||
60 | #endif | 50 | #endif |
61 | |||
62 | |||
63 | |||
diff --git a/src/daemon/https/minitasn1/structure.h b/src/daemon/https/minitasn1/structure.h index 4c78391e..9fdb3343 100644 --- a/src/daemon/https/minitasn1/structure.h +++ b/src/daemon/https/minitasn1/structure.h | |||
@@ -8,16 +8,16 @@ | |||
8 | #ifndef _STRUCTURE_H | 8 | #ifndef _STRUCTURE_H |
9 | #define _STRUCTURE_H | 9 | #define _STRUCTURE_H |
10 | 10 | ||
11 | asn1_retCode _asn1_create_static_structure(node_asn *pointer, | 11 | asn1_retCode _asn1_create_static_structure (node_asn * pointer, |
12 | char* output_file_name,char *vector_name); | 12 | char *output_file_name, |
13 | char *vector_name); | ||
13 | 14 | ||
14 | node_asn* _asn1_copy_structure3(node_asn *source_node); | 15 | node_asn *_asn1_copy_structure3 (node_asn * source_node); |
15 | 16 | ||
16 | node_asn* _asn1_copy_structure2(node_asn *root,const char *source_name); | 17 | node_asn *_asn1_copy_structure2 (node_asn * root, const char *source_name); |
17 | 18 | ||
18 | node_asn * _asn1_add_node_only(unsigned int type); | 19 | node_asn *_asn1_add_node_only (unsigned int type); |
19 | 20 | ||
20 | node_asn * _asn1_find_left(node_asn *node); | 21 | node_asn *_asn1_find_left (node_asn * node); |
21 | 22 | ||
22 | #endif | 23 | #endif |
23 | |||
diff --git a/src/daemon/https/tls/auth_anon.c b/src/daemon/https/tls/auth_anon.c index 9f1373dc..d20e55cf 100644 --- a/src/daemon/https/tls/auth_anon.c +++ b/src/daemon/https/tls/auth_anon.c | |||
@@ -41,15 +41,17 @@ | |||
41 | #include <auth_dh_common.h> | 41 | #include <auth_dh_common.h> |
42 | 42 | ||
43 | static int mhd_gtls_gen_anon_server_kx (mhd_gtls_session_t, opaque **); | 43 | static int mhd_gtls_gen_anon_server_kx (mhd_gtls_session_t, opaque **); |
44 | static int mhd_gtls_proc_anon_client_kx (mhd_gtls_session_t, opaque *, size_t); | 44 | static int mhd_gtls_proc_anon_client_kx (mhd_gtls_session_t, opaque *, |
45 | static int mhd_gtls_proc_anon_server_kx (mhd_gtls_session_t, opaque *, size_t); | 45 | size_t); |
46 | static int mhd_gtls_proc_anon_server_kx (mhd_gtls_session_t, opaque *, | ||
47 | size_t); | ||
46 | 48 | ||
47 | const mhd_gtls_mod_auth_st mhd_gtls_anon_auth_struct = { | 49 | const mhd_gtls_mod_auth_st mhd_gtls_anon_auth_struct = { |
48 | "ANON", | 50 | "ANON", |
49 | NULL, | 51 | NULL, |
50 | NULL, | 52 | NULL, |
51 | mhd_gtls_gen_anon_server_kx, | 53 | mhd_gtls_gen_anon_server_kx, |
52 | mhd_gtls_gen_dh_common_client_kx, /* this can be shared */ | 54 | mhd_gtls_gen_dh_common_client_kx, /* this can be shared */ |
53 | NULL, | 55 | NULL, |
54 | NULL, | 56 | NULL, |
55 | 57 | ||
@@ -92,7 +94,7 @@ mhd_gtls_gen_anon_server_kx (mhd_gtls_session_t session, opaque ** data) | |||
92 | 94 | ||
93 | if ((ret = | 95 | if ((ret = |
94 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, | 96 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, |
95 | sizeof (anon_auth_info_st), 1)) < 0) | 97 | sizeof (anon_auth_info_st), 1)) < 0) |
96 | { | 98 | { |
97 | gnutls_assert (); | 99 | gnutls_assert (); |
98 | return ret; | 100 | return ret; |
@@ -112,7 +114,7 @@ mhd_gtls_gen_anon_server_kx (mhd_gtls_session_t session, opaque ** data) | |||
112 | 114 | ||
113 | static int | 115 | static int |
114 | mhd_gtls_proc_anon_client_kx (mhd_gtls_session_t session, opaque * data, | 116 | mhd_gtls_proc_anon_client_kx (mhd_gtls_session_t session, opaque * data, |
115 | size_t _data_size) | 117 | size_t _data_size) |
116 | { | 118 | { |
117 | mhd_gtls_anon_server_credentials_t cred; | 119 | mhd_gtls_anon_server_credentials_t cred; |
118 | int bits; | 120 | int bits; |
@@ -151,7 +153,7 @@ mhd_gtls_proc_anon_client_kx (mhd_gtls_session_t session, opaque * data, | |||
151 | 153 | ||
152 | int | 154 | int |
153 | mhd_gtls_proc_anon_server_kx (mhd_gtls_session_t session, opaque * data, | 155 | mhd_gtls_proc_anon_server_kx (mhd_gtls_session_t session, opaque * data, |
154 | size_t _data_size) | 156 | size_t _data_size) |
155 | { | 157 | { |
156 | 158 | ||
157 | int ret; | 159 | int ret; |
@@ -159,7 +161,7 @@ mhd_gtls_proc_anon_server_kx (mhd_gtls_session_t session, opaque * data, | |||
159 | /* set auth_info */ | 161 | /* set auth_info */ |
160 | if ((ret = | 162 | if ((ret = |
161 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, | 163 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, |
162 | sizeof (anon_auth_info_st), 1)) < 0) | 164 | sizeof (anon_auth_info_st), 1)) < 0) |
163 | { | 165 | { |
164 | gnutls_assert (); | 166 | gnutls_assert (); |
165 | return ret; | 167 | return ret; |
diff --git a/src/daemon/https/tls/auth_anon.h b/src/daemon/https/tls/auth_anon.h index bdb0c1e4..ca5f3bfb 100644 --- a/src/daemon/https/tls/auth_anon.h +++ b/src/daemon/https/tls/auth_anon.h | |||
@@ -43,6 +43,6 @@ typedef struct mhd_gtls_anon_client_credentials_st | |||
43 | typedef struct mhd_gtls_anon_auth_info_st | 43 | typedef struct mhd_gtls_anon_auth_info_st |
44 | { | 44 | { |
45 | mhd_gtls_dh_info_st dh; | 45 | mhd_gtls_dh_info_st dh; |
46 | } * mhd_anon_auth_info_t; | 46 | } *mhd_anon_auth_info_t; |
47 | 47 | ||
48 | typedef struct mhd_gtls_anon_auth_info_st anon_auth_info_st; | 48 | typedef struct mhd_gtls_anon_auth_info_st anon_auth_info_st; |
diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c index 69a581ab..e007517c 100644 --- a/src/daemon/https/tls/auth_cert.c +++ b/src/daemon/https/tls/auth_cert.c | |||
@@ -50,7 +50,7 @@ static gnutls_cert *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs, | |||
50 | static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key); | 50 | static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key); |
51 | 51 | ||
52 | 52 | ||
53 | /* Copies data from a internal certificate struct (gnutls_cert) to | 53 | /* Copies data from a internal certificate struct (gnutls_cert) to |
54 | * exported certificate struct (cert_auth_info_t) | 54 | * exported certificate struct (cert_auth_info_t) |
55 | */ | 55 | */ |
56 | static int | 56 | static int |
@@ -81,8 +81,7 @@ _gnutls_copy_certificate_auth_info (cert_auth_info_t info, | |||
81 | if (cert->raw.size > 0) | 81 | if (cert->raw.size > 0) |
82 | { | 82 | { |
83 | ret = | 83 | ret = |
84 | _gnutls_set_datum (&info-> | 84 | _gnutls_set_datum (&info->raw_certificate_list[i], |
85 | raw_certificate_list[i], | ||
86 | cert[i].raw.data, cert[i].raw.size); | 85 | cert[i].raw.data, cert[i].raw.size); |
87 | if (ret < 0) | 86 | if (ret < 0) |
88 | { | 87 | { |
@@ -113,9 +112,10 @@ clear: | |||
113 | * -1 otherwise. | 112 | * -1 otherwise. |
114 | */ | 113 | */ |
115 | inline static int | 114 | inline static int |
116 | _gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm * | 115 | _gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm |
117 | pk_algos, int pk_algos_length, | 116 | *pk_algos, int pk_algos_length, |
118 | enum MHD_GNUTLS_PublicKeyAlgorithm algo_to_check) | 117 | enum MHD_GNUTLS_PublicKeyAlgorithm |
118 | algo_to_check) | ||
119 | { | 119 | { |
120 | int i; | 120 | int i; |
121 | for (i = 0; i < pk_algos_length; i++) | 121 | for (i = 0; i < pk_algos_length; i++) |
@@ -129,7 +129,7 @@ _gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm * | |||
129 | } | 129 | } |
130 | 130 | ||
131 | 131 | ||
132 | /* Returns the issuer's Distinguished name in odn, of the certificate | 132 | /* Returns the issuer's Distinguished name in odn, of the certificate |
133 | * specified in cert. | 133 | * specified in cert. |
134 | */ | 134 | */ |
135 | static int | 135 | static int |
@@ -179,13 +179,13 @@ _gnutls_cert_get_issuer_dn (gnutls_cert * cert, gnutls_datum_t * odn) | |||
179 | /* Locates the most appropriate x509 certificate using the | 179 | /* Locates the most appropriate x509 certificate using the |
180 | * given DN. If indx == -1 then no certificate was found. | 180 | * given DN. If indx == -1 then no certificate was found. |
181 | * | 181 | * |
182 | * That is to guess which certificate to use, based on the | 182 | * That is to guess which certificate to use, based on the |
183 | * CAs and sign algorithms supported by the peer server. | 183 | * CAs and sign algorithms supported by the peer server. |
184 | */ | 184 | */ |
185 | static int | 185 | static int |
186 | _find_x509_cert (const mhd_gtls_cert_credentials_t cred, | 186 | _find_x509_cert (const mhd_gtls_cert_credentials_t cred, |
187 | opaque * _data, size_t _data_size, | 187 | opaque * _data, size_t _data_size, |
188 | const enum MHD_GNUTLS_PublicKeyAlgorithm * pk_algos, | 188 | const enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos, |
189 | int pk_algos_length, int *indx) | 189 | int pk_algos_length, int *indx) |
190 | { | 190 | { |
191 | unsigned size; | 191 | unsigned size; |
@@ -210,8 +210,8 @@ _find_x509_cert (const mhd_gtls_cert_credentials_t cred, | |||
210 | for (j = 0; j < cred->cert_list_length[i]; j++) | 210 | for (j = 0; j < cred->cert_list_length[i]; j++) |
211 | { | 211 | { |
212 | if ((result = | 212 | if ((result = |
213 | _gnutls_cert_get_issuer_dn (&cred-> | 213 | _gnutls_cert_get_issuer_dn (&cred->cert_list[i][j], |
214 | cert_list[i][j], &odn)) < 0) | 214 | &odn)) < 0) |
215 | { | 215 | { |
216 | gnutls_assert (); | 216 | gnutls_assert (); |
217 | return result; | 217 | return result; |
@@ -271,7 +271,7 @@ get_issuers_num (mhd_gtls_session_t session, opaque * data, ssize_t data_size) | |||
271 | if (data_size > 0) | 271 | if (data_size > 0) |
272 | do | 272 | do |
273 | { | 273 | { |
274 | /* This works like DECR_LEN() | 274 | /* This works like DECR_LEN() |
275 | */ | 275 | */ |
276 | result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | 276 | result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; |
277 | DECR_LENGTH_COM (data_size, 2, goto error); | 277 | DECR_LENGTH_COM (data_size, 2, goto error); |
@@ -348,14 +348,16 @@ static int | |||
348 | call_get_cert_callback (mhd_gtls_session_t session, | 348 | call_get_cert_callback (mhd_gtls_session_t session, |
349 | gnutls_datum_t * issuers_dn, | 349 | gnutls_datum_t * issuers_dn, |
350 | int issuers_dn_length, | 350 | int issuers_dn_length, |
351 | enum MHD_GNUTLS_PublicKeyAlgorithm * pk_algos, int pk_algos_length) | 351 | enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos, |
352 | int pk_algos_length) | ||
352 | { | 353 | { |
353 | unsigned i; | 354 | unsigned i; |
354 | gnutls_cert *local_certs = NULL; | 355 | gnutls_cert *local_certs = NULL; |
355 | gnutls_privkey *local_key = NULL; | 356 | gnutls_privkey *local_key = NULL; |
356 | gnutls_retr_st st; | 357 | gnutls_retr_st st; |
357 | int ret; | 358 | int ret; |
358 | enum MHD_GNUTLS_CertificateType type = gnutls_certificate_type_get (session); | 359 | enum MHD_GNUTLS_CertificateType type = |
360 | gnutls_certificate_type_get (session); | ||
359 | mhd_gtls_cert_credentials_t cred; | 361 | mhd_gtls_cert_credentials_t cred; |
360 | 362 | ||
361 | cred = (mhd_gtls_cert_credentials_t) | 363 | cred = (mhd_gtls_cert_credentials_t) |
@@ -411,8 +413,8 @@ call_get_cert_callback (mhd_gtls_session_t session, | |||
411 | } | 413 | } |
412 | 414 | ||
413 | mhd_gtls_selected_certs_set (session, local_certs, | 415 | mhd_gtls_selected_certs_set (session, local_certs, |
414 | (local_certs != NULL) ? st.ncerts : 0, | 416 | (local_certs != NULL) ? st.ncerts : 0, |
415 | local_key, 1); | 417 | local_key, 1); |
416 | 418 | ||
417 | ret = 0; | 419 | ret = 0; |
418 | 420 | ||
@@ -443,7 +445,8 @@ cleanup: | |||
443 | static int | 445 | static int |
444 | _select_client_cert (mhd_gtls_session_t session, | 446 | _select_client_cert (mhd_gtls_session_t session, |
445 | opaque * _data, size_t _data_size, | 447 | opaque * _data, size_t _data_size, |
446 | enum MHD_GNUTLS_PublicKeyAlgorithm * pk_algos, int pk_algos_length) | 448 | enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos, |
449 | int pk_algos_length) | ||
447 | { | 450 | { |
448 | int result; | 451 | int result; |
449 | int indx = -1; | 452 | int indx = -1; |
@@ -464,7 +467,7 @@ _select_client_cert (mhd_gtls_session_t session, | |||
464 | if (cred->client_get_cert_callback != NULL) | 467 | if (cred->client_get_cert_callback != NULL) |
465 | { | 468 | { |
466 | 469 | ||
467 | /* use a callback to get certificate | 470 | /* use a callback to get certificate |
468 | */ | 471 | */ |
469 | if (session->security_parameters.cert_type != MHD_GNUTLS_CRT_X509) | 472 | if (session->security_parameters.cert_type != MHD_GNUTLS_CRT_X509) |
470 | issuers_dn_length = 0; | 473 | issuers_dn_length = 0; |
@@ -523,9 +526,9 @@ _select_client_cert (mhd_gtls_session_t session, | |||
523 | if (indx >= 0) | 526 | if (indx >= 0) |
524 | { | 527 | { |
525 | mhd_gtls_selected_certs_set (session, | 528 | mhd_gtls_selected_certs_set (session, |
526 | &cred->cert_list[indx][0], | 529 | &cred->cert_list[indx][0], |
527 | cred->cert_list_length[indx], | 530 | cred->cert_list_length[indx], |
528 | &cred->pkey[indx], 0); | 531 | &cred->pkey[indx], 0); |
529 | } | 532 | } |
530 | else | 533 | else |
531 | { | 534 | { |
@@ -553,11 +556,11 @@ mhd_gtls_gen_x509_crt (mhd_gtls_session_t session, opaque ** data) | |||
553 | gnutls_privkey *apr_pkey; | 556 | gnutls_privkey *apr_pkey; |
554 | int apr_cert_list_length; | 557 | int apr_cert_list_length; |
555 | 558 | ||
556 | /* find the appropriate certificate | 559 | /* find the appropriate certificate |
557 | */ | 560 | */ |
558 | if ((ret = | 561 | if ((ret = |
559 | mhd_gtls_get_selected_cert (session, &apr_cert_list, | 562 | mhd_gtls_get_selected_cert (session, &apr_cert_list, |
560 | &apr_cert_list_length, &apr_pkey)) < 0) | 563 | &apr_cert_list_length, &apr_pkey)) < 0) |
561 | { | 564 | { |
562 | gnutls_assert (); | 565 | gnutls_assert (); |
563 | return ret; | 566 | return ret; |
@@ -576,7 +579,7 @@ mhd_gtls_gen_x509_crt (mhd_gtls_session_t session, opaque ** data) | |||
576 | * instead of: | 579 | * instead of: |
577 | * 0B 00 00 00 // empty certificate handshake | 580 | * 0B 00 00 00 // empty certificate handshake |
578 | * | 581 | * |
579 | * ( the above is the whole handshake message, not | 582 | * ( the above is the whole handshake message, not |
580 | * the one produced here ) | 583 | * the one produced here ) |
581 | */ | 584 | */ |
582 | 585 | ||
@@ -600,7 +603,8 @@ mhd_gtls_gen_x509_crt (mhd_gtls_session_t session, opaque ** data) | |||
600 | } | 603 | } |
601 | 604 | ||
602 | int | 605 | int |
603 | mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, opaque ** data) | 606 | mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, |
607 | opaque ** data) | ||
604 | { | 608 | { |
605 | switch (session->security_parameters.cert_type) | 609 | switch (session->security_parameters.cert_type) |
606 | { | 610 | { |
@@ -614,7 +618,8 @@ mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, opaque ** data | |||
614 | } | 618 | } |
615 | 619 | ||
616 | int | 620 | int |
617 | mhd_gtls_gen_cert_server_certificate (mhd_gtls_session_t session, opaque ** data) | 621 | mhd_gtls_gen_cert_server_certificate (mhd_gtls_session_t session, |
622 | opaque ** data) | ||
618 | { | 623 | { |
619 | switch (session->security_parameters.cert_type) | 624 | switch (session->security_parameters.cert_type) |
620 | { | 625 | { |
@@ -632,7 +637,7 @@ mhd_gtls_gen_cert_server_certificate (mhd_gtls_session_t session, opaque ** data | |||
632 | #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) mhd_gtls_gcert_deinit(&peer_certificate_list[x]) | 637 | #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) mhd_gtls_gcert_deinit(&peer_certificate_list[x]) |
633 | int | 638 | int |
634 | mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session, | 639 | mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session, |
635 | opaque * data, size_t data_size) | 640 | opaque * data, size_t data_size) |
636 | { | 641 | { |
637 | int size, len, ret; | 642 | int size, len, ret; |
638 | opaque *p = data; | 643 | opaque *p = data; |
@@ -655,7 +660,7 @@ mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session, | |||
655 | 660 | ||
656 | if ((ret = | 661 | if ((ret = |
657 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, | 662 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, |
658 | sizeof (cert_auth_info_st), 1)) < 0) | 663 | sizeof (cert_auth_info_st), 1)) < 0) |
659 | { | 664 | { |
660 | gnutls_assert (); | 665 | gnutls_assert (); |
661 | return ret; | 666 | return ret; |
@@ -703,7 +708,7 @@ mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session, | |||
703 | } | 708 | } |
704 | 709 | ||
705 | /* Ok we now allocate the memory to hold the | 710 | /* Ok we now allocate the memory to hold the |
706 | * certificate list | 711 | * certificate list |
707 | */ | 712 | */ |
708 | 713 | ||
709 | peer_certificate_list = | 714 | peer_certificate_list = |
@@ -734,8 +739,8 @@ mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session, | |||
734 | 739 | ||
735 | if ((ret = | 740 | if ((ret = |
736 | mhd_gtls_x509_raw_cert_to_gcert (&peer_certificate_list | 741 | mhd_gtls_x509_raw_cert_to_gcert (&peer_certificate_list |
737 | [j], &tmp, | 742 | [j], &tmp, |
738 | CERT_ONLY_EXTENSIONS)) < 0) | 743 | CERT_ONLY_EXTENSIONS)) < 0) |
739 | { | 744 | { |
740 | gnutls_assert (); | 745 | gnutls_assert (); |
741 | goto cleanup; | 746 | goto cleanup; |
@@ -775,7 +780,7 @@ cleanup: | |||
775 | 780 | ||
776 | int | 781 | int |
777 | mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session, | 782 | mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session, |
778 | opaque * data, size_t data_size) | 783 | opaque * data, size_t data_size) |
779 | { | 784 | { |
780 | switch (session->security_parameters.cert_type) | 785 | switch (session->security_parameters.cert_type) |
781 | { | 786 | { |
@@ -792,7 +797,7 @@ typedef enum CertificateSigType | |||
792 | { RSA_SIGN = 1, DSA_SIGN | 797 | { RSA_SIGN = 1, DSA_SIGN |
793 | } CertificateSigType; | 798 | } CertificateSigType; |
794 | 799 | ||
795 | /* Checks if we support the given signature algorithm | 800 | /* Checks if we support the given signature algorithm |
796 | * (RSA or DSA). Returns the corresponding enum MHD_GNUTLS_PublicKeyAlgorithm | 801 | * (RSA or DSA). Returns the corresponding enum MHD_GNUTLS_PublicKeyAlgorithm |
797 | * if true; | 802 | * if true; |
798 | */ | 803 | */ |
@@ -810,7 +815,7 @@ _gnutls_check_supported_sign_algo (CertificateSigType algo) | |||
810 | 815 | ||
811 | int | 816 | int |
812 | mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, | 817 | mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, |
813 | size_t data_size) | 818 | size_t data_size) |
814 | { | 819 | { |
815 | int size, ret; | 820 | int size, ret; |
816 | opaque *p; | 821 | opaque *p; |
@@ -832,7 +837,7 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, | |||
832 | 837 | ||
833 | if ((ret = | 838 | if ((ret = |
834 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, | 839 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, |
835 | sizeof (cert_auth_info_st), 0)) < 0) | 840 | sizeof (cert_auth_info_st), 0)) < 0) |
836 | { | 841 | { |
837 | gnutls_assert (); | 842 | gnutls_assert (); |
838 | return ret; | 843 | return ret; |
@@ -898,7 +903,7 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, | |||
898 | return ret; | 903 | return ret; |
899 | } | 904 | } |
900 | 905 | ||
901 | /* We should reply with a certificate message, | 906 | /* We should reply with a certificate message, |
902 | * even if we have no certificate to send. | 907 | * even if we have no certificate to send. |
903 | */ | 908 | */ |
904 | session->key->certificate_requested = 1; | 909 | session->key->certificate_requested = 1; |
@@ -907,7 +912,8 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, | |||
907 | } | 912 | } |
908 | 913 | ||
909 | int | 914 | int |
910 | mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, opaque ** data) | 915 | mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, |
916 | opaque ** data) | ||
911 | { | 917 | { |
912 | int ret; | 918 | int ret; |
913 | gnutls_cert *apr_cert_list; | 919 | gnutls_cert *apr_cert_list; |
@@ -920,7 +926,7 @@ mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, opaque ** data) | |||
920 | /* find the appropriate certificate */ | 926 | /* find the appropriate certificate */ |
921 | if ((ret = | 927 | if ((ret = |
922 | mhd_gtls_get_selected_cert (session, &apr_cert_list, | 928 | mhd_gtls_get_selected_cert (session, &apr_cert_list, |
923 | &apr_cert_list_length, &apr_pkey)) < 0) | 929 | &apr_cert_list_length, &apr_pkey)) < 0) |
924 | { | 930 | { |
925 | gnutls_assert (); | 931 | gnutls_assert (); |
926 | return ret; | 932 | return ret; |
@@ -930,8 +936,8 @@ mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, opaque ** data) | |||
930 | { | 936 | { |
931 | if ((ret = | 937 | if ((ret = |
932 | mhd_gtls_tls_sign_hdata (session, | 938 | mhd_gtls_tls_sign_hdata (session, |
933 | &apr_cert_list[0], | 939 | &apr_cert_list[0], |
934 | apr_pkey, &signature)) < 0) | 940 | apr_pkey, &signature)) < 0) |
935 | { | 941 | { |
936 | gnutls_assert (); | 942 | gnutls_assert (); |
937 | return ret; | 943 | return ret; |
@@ -960,7 +966,7 @@ mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, opaque ** data) | |||
960 | 966 | ||
961 | int | 967 | int |
962 | mhd_gtls_proc_cert_client_cert_vrfy (mhd_gtls_session_t session, | 968 | mhd_gtls_proc_cert_client_cert_vrfy (mhd_gtls_session_t session, |
963 | opaque * data, size_t data_size) | 969 | opaque * data, size_t data_size) |
964 | { | 970 | { |
965 | int size, ret; | 971 | int size, ret; |
966 | ssize_t dsize = data_size; | 972 | ssize_t dsize = data_size; |
@@ -986,9 +992,9 @@ mhd_gtls_proc_cert_client_cert_vrfy (mhd_gtls_session_t session, | |||
986 | sig.size = size; | 992 | sig.size = size; |
987 | 993 | ||
988 | ret = mhd_gtls_raw_cert_to_gcert (&peer_cert, | 994 | ret = mhd_gtls_raw_cert_to_gcert (&peer_cert, |
989 | session->security_parameters.cert_type, | 995 | session->security_parameters.cert_type, |
990 | &info->raw_certificate_list[0], | 996 | &info->raw_certificate_list[0], |
991 | CERT_NO_COPY); | 997 | CERT_NO_COPY); |
992 | 998 | ||
993 | if (ret < 0) | 999 | if (ret < 0) |
994 | { | 1000 | { |
@@ -1029,7 +1035,7 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data) | |||
1029 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | 1035 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; |
1030 | } | 1036 | } |
1031 | 1037 | ||
1032 | size = CERTTYPE_SIZE + 2; /* 2 for enum MHD_GNUTLS_CertificateType + 2 for size of rdn_seq | 1038 | size = CERTTYPE_SIZE + 2; /* 2 for enum MHD_GNUTLS_CertificateType + 2 for size of rdn_seq |
1033 | */ | 1039 | */ |
1034 | 1040 | ||
1035 | if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509 && | 1041 | if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509 && |
@@ -1079,7 +1085,7 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data) | |||
1079 | } | 1085 | } |
1080 | 1086 | ||
1081 | 1087 | ||
1082 | /* This function will return the appropriate certificate to use. | 1088 | /* This function will return the appropriate certificate to use. |
1083 | * Fills in the apr_cert_list, apr_cert_list_length and apr_pkey. | 1089 | * Fills in the apr_cert_list, apr_cert_list_length and apr_pkey. |
1084 | * The return value is a negative value on error. | 1090 | * The return value is a negative value on error. |
1085 | * | 1091 | * |
@@ -1088,9 +1094,9 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data) | |||
1088 | */ | 1094 | */ |
1089 | int | 1095 | int |
1090 | mhd_gtls_get_selected_cert (mhd_gtls_session_t session, | 1096 | mhd_gtls_get_selected_cert (mhd_gtls_session_t session, |
1091 | gnutls_cert ** apr_cert_list, | 1097 | gnutls_cert ** apr_cert_list, |
1092 | int *apr_cert_list_length, | 1098 | int *apr_cert_list_length, |
1093 | gnutls_privkey ** apr_pkey) | 1099 | gnutls_privkey ** apr_pkey) |
1094 | { | 1100 | { |
1095 | if (session->security_parameters.entity == GNUTLS_SERVER) | 1101 | if (session->security_parameters.entity == GNUTLS_SERVER) |
1096 | { | 1102 | { |
@@ -1110,7 +1116,7 @@ mhd_gtls_get_selected_cert (mhd_gtls_session_t session, | |||
1110 | 1116 | ||
1111 | } | 1117 | } |
1112 | else | 1118 | else |
1113 | { /* CLIENT SIDE | 1119 | { /* CLIENT SIDE |
1114 | */ | 1120 | */ |
1115 | 1121 | ||
1116 | /* we have already decided which certificate | 1122 | /* we have already decided which certificate |
@@ -1223,8 +1229,8 @@ mhd_gtls_selected_certs_deinit (mhd_gtls_session_t session) | |||
1223 | 1229 | ||
1224 | void | 1230 | void |
1225 | mhd_gtls_selected_certs_set (mhd_gtls_session_t session, | 1231 | mhd_gtls_selected_certs_set (mhd_gtls_session_t session, |
1226 | gnutls_cert * certs, int ncerts, | 1232 | gnutls_cert * certs, int ncerts, |
1227 | gnutls_privkey * key, int need_free) | 1233 | gnutls_privkey * key, int need_free) |
1228 | { | 1234 | { |
1229 | mhd_gtls_selected_certs_deinit (session); | 1235 | mhd_gtls_selected_certs_deinit (session); |
1230 | 1236 | ||
@@ -1248,7 +1254,8 @@ mhd_gtls_selected_certs_set (mhd_gtls_session_t session, | |||
1248 | */ | 1254 | */ |
1249 | int | 1255 | int |
1250 | mhd_gtls_server_select_cert (mhd_gtls_session_t session, | 1256 | mhd_gtls_server_select_cert (mhd_gtls_session_t session, |
1251 | enum MHD_GNUTLS_PublicKeyAlgorithm requested_algo) | 1257 | enum MHD_GNUTLS_PublicKeyAlgorithm |
1258 | requested_algo) | ||
1252 | { | 1259 | { |
1253 | unsigned i; | 1260 | unsigned i; |
1254 | int idx, ret; | 1261 | int idx, ret; |
@@ -1276,12 +1283,12 @@ mhd_gtls_server_select_cert (mhd_gtls_session_t session, | |||
1276 | 1283 | ||
1277 | for (i = 0; i < cred->ncerts; i++) | 1284 | for (i = 0; i < cred->ncerts; i++) |
1278 | { | 1285 | { |
1279 | /* find one compatible certificate | 1286 | /* find one compatible certificate |
1280 | */ | 1287 | */ |
1281 | if (requested_algo == GNUTLS_PK_ANY || | 1288 | if (requested_algo == GNUTLS_PK_ANY || |
1282 | requested_algo == cred->cert_list[i][0].subject_pk_algorithm) | 1289 | requested_algo == cred->cert_list[i][0].subject_pk_algorithm) |
1283 | { | 1290 | { |
1284 | /* if cert type matches | 1291 | /* if cert type matches |
1285 | */ | 1292 | */ |
1286 | if (session->security_parameters.cert_type == | 1293 | if (session->security_parameters.cert_type == |
1287 | cred->cert_list[i][0].cert_type) | 1294 | cred->cert_list[i][0].cert_type) |
@@ -1298,9 +1305,9 @@ mhd_gtls_server_select_cert (mhd_gtls_session_t session, | |||
1298 | if (idx >= 0 && ret == 0) | 1305 | if (idx >= 0 && ret == 0) |
1299 | { | 1306 | { |
1300 | mhd_gtls_selected_certs_set (session, | 1307 | mhd_gtls_selected_certs_set (session, |
1301 | &cred->cert_list[idx][0], | 1308 | &cred->cert_list[idx][0], |
1302 | cred->cert_list_length[idx], | 1309 | cred->cert_list_length[idx], |
1303 | &cred->pkey[idx], 0); | 1310 | &cred->pkey[idx], 0); |
1304 | } | 1311 | } |
1305 | else | 1312 | else |
1306 | /* Certificate does not support REQUESTED_ALGO. */ | 1313 | /* Certificate does not support REQUESTED_ALGO. */ |
diff --git a/src/daemon/https/tls/auth_cert.h b/src/daemon/https/tls/auth_cert.h index 5b420761..9df2bd0d 100644 --- a/src/daemon/https/tls/auth_cert.h +++ b/src/daemon/https/tls/auth_cert.h | |||
@@ -53,9 +53,9 @@ typedef struct mhd_gtls_certificate_credentials_st | |||
53 | /* contains the number of the certificates in a | 53 | /* contains the number of the certificates in a |
54 | * row (should be 1 for OpenPGP keys). | 54 | * row (should be 1 for OpenPGP keys). |
55 | */ | 55 | */ |
56 | unsigned ncerts; /* contains the number of columns in cert_list. | 56 | unsigned ncerts; /* contains the number of columns in cert_list. |
57 | * This is the same with the number of pkeys. | 57 | * This is the same with the number of pkeys. |
58 | */ | 58 | */ |
59 | 59 | ||
60 | gnutls_privkey *pkey; | 60 | gnutls_privkey *pkey; |
61 | /* private keys. It contains ncerts private | 61 | /* private keys. It contains ncerts private |
@@ -75,16 +75,16 @@ typedef struct mhd_gtls_certificate_credentials_st | |||
75 | /* X509 specific stuff */ | 75 | /* X509 specific stuff */ |
76 | 76 | ||
77 | gnutls_x509_crt_t *x509_ca_list; | 77 | gnutls_x509_crt_t *x509_ca_list; |
78 | unsigned x509_ncas; /* number of CAs in the ca_list | 78 | unsigned x509_ncas; /* number of CAs in the ca_list |
79 | */ | 79 | */ |
80 | 80 | ||
81 | gnutls_x509_crl_t *x509_crl_list; | 81 | gnutls_x509_crl_t *x509_crl_list; |
82 | unsigned x509_ncrls; /* number of CRLs in the crl_list | 82 | unsigned x509_ncrls; /* number of CRLs in the crl_list |
83 | */ | 83 | */ |
84 | 84 | ||
85 | unsigned int verify_flags; /* flags to be used at | 85 | unsigned int verify_flags; /* flags to be used at |
86 | * certificate verification. | 86 | * certificate verification. |
87 | */ | 87 | */ |
88 | unsigned int verify_depth; | 88 | unsigned int verify_depth; |
89 | unsigned int verify_bits; | 89 | unsigned int verify_bits; |
90 | 90 | ||
@@ -107,9 +107,9 @@ typedef struct mhd_gtls_rsa_info_st | |||
107 | 107 | ||
108 | typedef struct mhd_gtls_cert_auth_info_st | 108 | typedef struct mhd_gtls_cert_auth_info_st |
109 | { | 109 | { |
110 | int certificate_requested; /* if the peer requested certificate | 110 | int certificate_requested; /* if the peer requested certificate |
111 | * this is non zero; | 111 | * this is non zero; |
112 | */ | 112 | */ |
113 | 113 | ||
114 | /* These (dh/rsa) are just copies from the credentials_t structure. | 114 | /* These (dh/rsa) are just copies from the credentials_t structure. |
115 | * They must be freed. | 115 | * They must be freed. |
@@ -117,11 +117,11 @@ typedef struct mhd_gtls_cert_auth_info_st | |||
117 | mhd_gtls_dh_info_st dh; | 117 | mhd_gtls_dh_info_st dh; |
118 | rsa_info_st rsa_export; | 118 | rsa_info_st rsa_export; |
119 | 119 | ||
120 | gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the | 120 | gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the |
121 | * peer. | 121 | * peer. |
122 | */ | 122 | */ |
123 | unsigned int ncerts; /* holds the size of the list above */ | 123 | unsigned int ncerts; /* holds the size of the list above */ |
124 | } * cert_auth_info_t; | 124 | } *cert_auth_info_t; |
125 | 125 | ||
126 | typedef struct mhd_gtls_cert_auth_info_st cert_auth_info_st; | 126 | typedef struct mhd_gtls_cert_auth_info_st cert_auth_info_st; |
127 | 127 | ||
@@ -133,26 +133,27 @@ int mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t, opaque **); | |||
133 | int mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t, opaque **); | 133 | int mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t, opaque **); |
134 | int mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t, opaque **); | 134 | int mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t, opaque **); |
135 | int mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t, opaque *, size_t); | 135 | int mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t, opaque *, size_t); |
136 | int mhd_gtls_proc_cert_client_cert_vrfy (mhd_gtls_session_t, opaque *, size_t); | 136 | int mhd_gtls_proc_cert_client_cert_vrfy (mhd_gtls_session_t, opaque *, |
137 | int mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t, opaque *, size_t); | 137 | size_t); |
138 | int mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t, opaque *, | ||
139 | size_t); | ||
138 | int mhd_gtls_get_selected_cert (mhd_gtls_session_t session, | 140 | int mhd_gtls_get_selected_cert (mhd_gtls_session_t session, |
139 | gnutls_cert ** apr_cert_list, | 141 | gnutls_cert ** apr_cert_list, |
140 | int *apr_cert_list_length, | 142 | int *apr_cert_list_length, |
141 | gnutls_privkey ** apr_pkey); | 143 | gnutls_privkey ** apr_pkey); |
142 | 144 | ||
143 | int mhd_gtls_server_select_cert (struct MHD_gtls_session_int *, | 145 | int mhd_gtls_server_select_cert (struct MHD_gtls_session_int *, |
144 | enum MHD_GNUTLS_PublicKeyAlgorithm); | 146 | enum MHD_GNUTLS_PublicKeyAlgorithm); |
145 | void mhd_gtls_selected_certs_deinit (mhd_gtls_session_t session); | 147 | void mhd_gtls_selected_certs_deinit (mhd_gtls_session_t session); |
146 | void mhd_gtls_selected_certs_set (mhd_gtls_session_t session, | 148 | void mhd_gtls_selected_certs_set (mhd_gtls_session_t session, |
147 | gnutls_cert * certs, int ncerts, | 149 | gnutls_cert * certs, int ncerts, |
148 | gnutls_privkey * key, int need_free); | 150 | gnutls_privkey * key, int need_free); |
149 | 151 | ||
150 | #define _gnutls_proc_cert_client_certificate mhd_gtls_proc_cert_server_certificate | 152 | #define _gnutls_proc_cert_client_certificate mhd_gtls_proc_cert_server_certificate |
151 | 153 | ||
152 | mhd_gtls_rsa_params_t mhd_gtls_certificate_get_rsa_params (mhd_gtls_rsa_params_t | 154 | mhd_gtls_rsa_params_t |
153 | rsa_params, | 155 | mhd_gtls_certificate_get_rsa_params (mhd_gtls_rsa_params_t rsa_params, |
154 | gnutls_params_function | 156 | gnutls_params_function * func, |
155 | * func, | 157 | mhd_gtls_session_t); |
156 | mhd_gtls_session_t); | ||
157 | 158 | ||
158 | #endif | 159 | #endif |
diff --git a/src/daemon/https/tls/auth_dh_common.c b/src/daemon/https/tls/auth_dh_common.c index 85f4a187..4d471045 100644 --- a/src/daemon/https/tls/auth_dh_common.c +++ b/src/daemon/https/tls/auth_dh_common.c | |||
@@ -52,8 +52,8 @@ mhd_gtls_free_dh_info (mhd_gtls_dh_info_st * dh) | |||
52 | 52 | ||
53 | int | 53 | int |
54 | mhd_gtls_proc_dh_common_client_kx (mhd_gtls_session_t session, | 54 | mhd_gtls_proc_dh_common_client_kx (mhd_gtls_session_t session, |
55 | opaque * data, size_t _data_size, | 55 | opaque * data, size_t _data_size, |
56 | mpi_t g, mpi_t p) | 56 | mpi_t g, mpi_t p) |
57 | { | 57 | { |
58 | uint16_t n_Y; | 58 | uint16_t n_Y; |
59 | size_t _n_Y; | 59 | size_t _n_Y; |
@@ -108,7 +108,7 @@ mhd_gtls_gen_dh_common_client_kx (mhd_gtls_session_t session, opaque ** data) | |||
108 | *data = NULL; | 108 | *data = NULL; |
109 | 109 | ||
110 | X = mhd_gtls_calc_dh_secret (&x, session->key->client_g, | 110 | X = mhd_gtls_calc_dh_secret (&x, session->key->client_g, |
111 | session->key->client_p); | 111 | session->key->client_p); |
112 | if (X == NULL || x == NULL) | 112 | if (X == NULL || x == NULL) |
113 | { | 113 | { |
114 | gnutls_assert (); | 114 | gnutls_assert (); |
@@ -170,7 +170,7 @@ error: | |||
170 | 170 | ||
171 | int | 171 | int |
172 | mhd_gtls_proc_dh_common_server_kx (mhd_gtls_session_t session, | 172 | mhd_gtls_proc_dh_common_server_kx (mhd_gtls_session_t session, |
173 | opaque * data, size_t _data_size, int psk) | 173 | opaque * data, size_t _data_size, int psk) |
174 | { | 174 | { |
175 | uint16_t n_Y, n_g, n_p; | 175 | uint16_t n_Y, n_g, n_p; |
176 | size_t _n_Y, _n_g, _n_p; | 176 | size_t _n_Y, _n_g, _n_p; |
@@ -251,7 +251,7 @@ mhd_gtls_proc_dh_common_server_kx (mhd_gtls_session_t session, | |||
251 | } | 251 | } |
252 | 252 | ||
253 | mhd_gtls_dh_set_group (session, session->key->client_g, | 253 | mhd_gtls_dh_set_group (session, session->key->client_g, |
254 | session->key->client_p); | 254 | session->key->client_p); |
255 | mhd_gtls_dh_set_peer_public (session, session->key->client_Y); | 255 | mhd_gtls_dh_set_peer_public (session, session->key->client_Y); |
256 | 256 | ||
257 | ret = n_Y + n_p + n_g + 6; | 257 | ret = n_Y + n_p + n_g + 6; |
@@ -265,7 +265,7 @@ mhd_gtls_proc_dh_common_server_kx (mhd_gtls_session_t session, | |||
265 | * be inserted */ | 265 | * be inserted */ |
266 | int | 266 | int |
267 | mhd_gtls_dh_common_print_server_kx (mhd_gtls_session_t session, | 267 | mhd_gtls_dh_common_print_server_kx (mhd_gtls_session_t session, |
268 | mpi_t g, mpi_t p, opaque ** data, int psk) | 268 | mpi_t g, mpi_t p, opaque ** data, int psk) |
269 | { | 269 | { |
270 | mpi_t x, X; | 270 | mpi_t x, X; |
271 | size_t n_X, n_g, n_p; | 271 | size_t n_X, n_g, n_p; |
diff --git a/src/daemon/https/tls/auth_dh_common.h b/src/daemon/https/tls/auth_dh_common.h index 440ab5b4..c6129958 100644 --- a/src/daemon/https/tls/auth_dh_common.h +++ b/src/daemon/https/tls/auth_dh_common.h | |||
@@ -37,12 +37,12 @@ typedef struct | |||
37 | void mhd_gtls_free_dh_info (mhd_gtls_dh_info_st * dh); | 37 | void mhd_gtls_free_dh_info (mhd_gtls_dh_info_st * dh); |
38 | int mhd_gtls_gen_dh_common_client_kx (mhd_gtls_session_t, opaque **); | 38 | int mhd_gtls_gen_dh_common_client_kx (mhd_gtls_session_t, opaque **); |
39 | int mhd_gtls_proc_dh_common_client_kx (mhd_gtls_session_t session, | 39 | int mhd_gtls_proc_dh_common_client_kx (mhd_gtls_session_t session, |
40 | opaque * data, size_t _data_size, | 40 | opaque * data, size_t _data_size, |
41 | mpi_t p, mpi_t g); | 41 | mpi_t p, mpi_t g); |
42 | int mhd_gtls_dh_common_print_server_kx (mhd_gtls_session_t, mpi_t g, mpi_t p, | 42 | int mhd_gtls_dh_common_print_server_kx (mhd_gtls_session_t, mpi_t g, mpi_t p, |
43 | opaque ** data, int psk); | 43 | opaque ** data, int psk); |
44 | int mhd_gtls_proc_dh_common_server_kx (mhd_gtls_session_t session, | 44 | int mhd_gtls_proc_dh_common_server_kx (mhd_gtls_session_t session, |
45 | opaque * data, size_t _data_size, | 45 | opaque * data, size_t _data_size, |
46 | int psk); | 46 | int psk); |
47 | 47 | ||
48 | #endif | 48 | #endif |
diff --git a/src/daemon/https/tls/auth_dhe.c b/src/daemon/https/tls/auth_dhe.c index 9cfdbb99..43aedf0b 100644 --- a/src/daemon/https/tls/auth_dhe.c +++ b/src/daemon/https/tls/auth_dhe.c | |||
@@ -49,15 +49,15 @@ const mhd_gtls_mod_auth_st mhd_gtls_dhe_rsa_auth_struct = { | |||
49 | mhd_gtls_gen_cert_client_certificate, | 49 | mhd_gtls_gen_cert_client_certificate, |
50 | gen_dhe_server_kx, | 50 | gen_dhe_server_kx, |
51 | mhd_gtls_gen_dh_common_client_kx, | 51 | mhd_gtls_gen_dh_common_client_kx, |
52 | mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ | 52 | mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ |
53 | mhd_gtls_gen_cert_server_cert_req, /* server cert request */ | 53 | mhd_gtls_gen_cert_server_cert_req, /* server cert request */ |
54 | 54 | ||
55 | mhd_gtls_proc_cert_server_certificate, | 55 | mhd_gtls_proc_cert_server_certificate, |
56 | _gnutls_proc_cert_client_certificate, | 56 | _gnutls_proc_cert_client_certificate, |
57 | proc_dhe_server_kx, | 57 | proc_dhe_server_kx, |
58 | proc_dhe_client_kx, | 58 | proc_dhe_client_kx, |
59 | mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ | 59 | mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ |
60 | mhd_gtls_proc_cert_cert_req /* proc server cert request */ | 60 | mhd_gtls_proc_cert_cert_req /* proc server cert request */ |
61 | }; | 61 | }; |
62 | 62 | ||
63 | const mhd_gtls_mod_auth_st mhd_gtls_dhe_dss_auth_struct = { | 63 | const mhd_gtls_mod_auth_st mhd_gtls_dhe_dss_auth_struct = { |
@@ -66,15 +66,15 @@ const mhd_gtls_mod_auth_st mhd_gtls_dhe_dss_auth_struct = { | |||
66 | mhd_gtls_gen_cert_client_certificate, | 66 | mhd_gtls_gen_cert_client_certificate, |
67 | gen_dhe_server_kx, | 67 | gen_dhe_server_kx, |
68 | mhd_gtls_gen_dh_common_client_kx, | 68 | mhd_gtls_gen_dh_common_client_kx, |
69 | mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ | 69 | mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ |
70 | mhd_gtls_gen_cert_server_cert_req, /* server cert request */ | 70 | mhd_gtls_gen_cert_server_cert_req, /* server cert request */ |
71 | 71 | ||
72 | mhd_gtls_proc_cert_server_certificate, | 72 | mhd_gtls_proc_cert_server_certificate, |
73 | _gnutls_proc_cert_client_certificate, | 73 | _gnutls_proc_cert_client_certificate, |
74 | proc_dhe_server_kx, | 74 | proc_dhe_server_kx, |
75 | proc_dhe_client_kx, | 75 | proc_dhe_client_kx, |
76 | mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ | 76 | mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ |
77 | mhd_gtls_proc_cert_cert_req /* proc server cert request */ | 77 | mhd_gtls_proc_cert_cert_req /* proc server cert request */ |
78 | }; | 78 | }; |
79 | 79 | ||
80 | 80 | ||
@@ -105,7 +105,7 @@ gen_dhe_server_kx (mhd_gtls_session_t session, opaque ** data) | |||
105 | /* find the appropriate certificate */ | 105 | /* find the appropriate certificate */ |
106 | if ((ret = | 106 | if ((ret = |
107 | mhd_gtls_get_selected_cert (session, &apr_cert_list, | 107 | mhd_gtls_get_selected_cert (session, &apr_cert_list, |
108 | &apr_cert_list_length, &apr_pkey)) < 0) | 108 | &apr_cert_list_length, &apr_pkey)) < 0) |
109 | { | 109 | { |
110 | gnutls_assert (); | 110 | gnutls_assert (); |
111 | return ret; | 111 | return ret; |
@@ -124,7 +124,7 @@ gen_dhe_server_kx (mhd_gtls_session_t session, opaque ** data) | |||
124 | g = mpis[1]; | 124 | g = mpis[1]; |
125 | 125 | ||
126 | if ((ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, | 126 | if ((ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, |
127 | sizeof (cert_auth_info_st), 0)) < 0) | 127 | sizeof (cert_auth_info_st), 0)) < 0) |
128 | { | 128 | { |
129 | gnutls_assert (); | 129 | gnutls_assert (); |
130 | return ret; | 130 | return ret; |
@@ -149,7 +149,7 @@ gen_dhe_server_kx (mhd_gtls_session_t session, opaque ** data) | |||
149 | { | 149 | { |
150 | if ((ret = | 150 | if ((ret = |
151 | mhd_gtls_tls_sign_params (session, &apr_cert_list[0], | 151 | mhd_gtls_tls_sign_params (session, &apr_cert_list[0], |
152 | apr_pkey, &ddata, &signature)) < 0) | 152 | apr_pkey, &ddata, &signature)) < 0) |
153 | { | 153 | { |
154 | gnutls_assert (); | 154 | gnutls_assert (); |
155 | gnutls_free (*data); | 155 | gnutls_free (*data); |
@@ -217,15 +217,16 @@ proc_dhe_server_kx (mhd_gtls_session_t session, opaque * data, | |||
217 | 217 | ||
218 | if ((ret = | 218 | if ((ret = |
219 | mhd_gtls_raw_cert_to_gcert (&peer_cert, | 219 | mhd_gtls_raw_cert_to_gcert (&peer_cert, |
220 | session->security_parameters.cert_type, | 220 | session->security_parameters.cert_type, |
221 | &info->raw_certificate_list[0], | 221 | &info->raw_certificate_list[0], |
222 | CERT_NO_COPY)) < 0) | 222 | CERT_NO_COPY)) < 0) |
223 | { | 223 | { |
224 | gnutls_assert (); | 224 | gnutls_assert (); |
225 | return ret; | 225 | return ret; |
226 | } | 226 | } |
227 | 227 | ||
228 | ret = mhd_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature); | 228 | ret = |
229 | mhd_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature); | ||
229 | 230 | ||
230 | mhd_gtls_gcert_deinit (&peer_cert); | 231 | mhd_gtls_gcert_deinit (&peer_cert); |
231 | if (ret < 0) | 232 | if (ret < 0) |
diff --git a/src/daemon/https/tls/auth_rsa.c b/src/daemon/https/tls/auth_rsa.c index f9a19cba..4c909bcc 100644 --- a/src/daemon/https/tls/auth_rsa.c +++ b/src/daemon/https/tls/auth_rsa.c | |||
@@ -51,15 +51,15 @@ const mhd_gtls_mod_auth_st mhd_gtls_rsa_auth_struct = { | |||
51 | mhd_gtls_gen_cert_client_certificate, | 51 | mhd_gtls_gen_cert_client_certificate, |
52 | NULL, /* gen server kx */ | 52 | NULL, /* gen server kx */ |
53 | _gnutls_gen_rsa_client_kx, | 53 | _gnutls_gen_rsa_client_kx, |
54 | mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ | 54 | mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ |
55 | mhd_gtls_gen_cert_server_cert_req, /* server cert request */ | 55 | mhd_gtls_gen_cert_server_cert_req, /* server cert request */ |
56 | 56 | ||
57 | mhd_gtls_proc_cert_server_certificate, | 57 | mhd_gtls_proc_cert_server_certificate, |
58 | _gnutls_proc_cert_client_certificate, | 58 | _gnutls_proc_cert_client_certificate, |
59 | NULL, /* proc server kx */ | 59 | NULL, /* proc server kx */ |
60 | _gnutls_proc_rsa_client_kx, /* proc client kx */ | 60 | _gnutls_proc_rsa_client_kx, /* proc client kx */ |
61 | mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ | 61 | mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ |
62 | mhd_gtls_proc_cert_cert_req /* proc server cert request */ | 62 | mhd_gtls_proc_cert_cert_req /* proc server cert request */ |
63 | }; | 63 | }; |
64 | 64 | ||
65 | /* This function reads the RSA parameters from peer's certificate; | 65 | /* This function reads the RSA parameters from peer's certificate; |
@@ -86,9 +86,9 @@ _gnutls_get_public_rsa_params (mhd_gtls_session_t session, | |||
86 | 86 | ||
87 | ret = | 87 | ret = |
88 | mhd_gtls_raw_cert_to_gcert (&peer_cert, | 88 | mhd_gtls_raw_cert_to_gcert (&peer_cert, |
89 | session->security_parameters.cert_type, | 89 | session->security_parameters.cert_type, |
90 | &info->raw_certificate_list[0], | 90 | &info->raw_certificate_list[0], |
91 | CERT_ONLY_PUBKEY | CERT_NO_COPY); | 91 | CERT_ONLY_PUBKEY | CERT_NO_COPY); |
92 | 92 | ||
93 | if (ret < 0) | 93 | if (ret < 0) |
94 | { | 94 | { |
@@ -179,7 +179,7 @@ _gnutls_get_private_rsa_params (mhd_gtls_session_t session, | |||
179 | 179 | ||
180 | rsa_params = | 180 | rsa_params = |
181 | mhd_gtls_certificate_get_rsa_params (cred->rsa_params, | 181 | mhd_gtls_certificate_get_rsa_params (cred->rsa_params, |
182 | cred->params_func, session); | 182 | cred->params_func, session); |
183 | /* EXPORT case: */ | 183 | /* EXPORT case: */ |
184 | if (rsa_params == NULL) | 184 | if (rsa_params == NULL) |
185 | { | 185 | { |
@@ -219,7 +219,7 @@ _gnutls_proc_rsa_client_kx (mhd_gtls_session_t session, opaque * data, | |||
219 | 219 | ||
220 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) | 220 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) |
221 | { | 221 | { |
222 | /* SSL 3.0 | 222 | /* SSL 3.0 |
223 | */ | 223 | */ |
224 | ciphertext.data = data; | 224 | ciphertext.data = data; |
225 | ciphertext.size = data_size; | 225 | ciphertext.size = data_size; |
@@ -247,7 +247,7 @@ _gnutls_proc_rsa_client_kx (mhd_gtls_session_t session, opaque * data, | |||
247 | return ret; | 247 | return ret; |
248 | } | 248 | } |
249 | 249 | ||
250 | ret = mhd_gtls_pkcs1_rsa_decrypt (&plaintext, &ciphertext, params, params_len, 2); /* btype==2 */ | 250 | ret = mhd_gtls_pkcs1_rsa_decrypt (&plaintext, &ciphertext, params, params_len, 2); /* btype==2 */ |
251 | 251 | ||
252 | if (ret < 0 || plaintext.size != TLS_MASTER_SIZE) | 252 | if (ret < 0 || plaintext.size != TLS_MASTER_SIZE) |
253 | { | 253 | { |
@@ -315,7 +315,7 @@ _gnutls_proc_rsa_client_kx (mhd_gtls_session_t session, opaque * data, | |||
315 | 315 | ||
316 | 316 | ||
317 | 317 | ||
318 | /* return RSA(random) using the peers public key | 318 | /* return RSA(random) using the peers public key |
319 | */ | 319 | */ |
320 | int | 320 | int |
321 | _gnutls_gen_rsa_client_kx (mhd_gtls_session_t session, opaque ** data) | 321 | _gnutls_gen_rsa_client_kx (mhd_gtls_session_t session, opaque ** data) |
@@ -376,7 +376,7 @@ _gnutls_gen_rsa_client_kx (mhd_gtls_session_t session, opaque ** data) | |||
376 | 376 | ||
377 | if ((ret = | 377 | if ((ret = |
378 | mhd_gtls_pkcs1_rsa_encrypt (&sdata, &session->key->key, | 378 | mhd_gtls_pkcs1_rsa_encrypt (&sdata, &session->key->key, |
379 | params, params_len, 2)) < 0) | 379 | params, params_len, 2)) < 0) |
380 | { | 380 | { |
381 | gnutls_assert (); | 381 | gnutls_assert (); |
382 | return ret; | 382 | return ret; |
diff --git a/src/daemon/https/tls/auth_rsa_export.c b/src/daemon/https/tls/auth_rsa_export.c index cb01570f..bc8fecea 100644 --- a/src/daemon/https/tls/auth_rsa_export.c +++ b/src/daemon/https/tls/auth_rsa_export.c | |||
@@ -54,15 +54,15 @@ const mhd_gtls_mod_auth_st rsa_export_auth_struct = { | |||
54 | mhd_gtls_gen_cert_client_certificate, | 54 | mhd_gtls_gen_cert_client_certificate, |
55 | gen_rsa_export_server_kx, | 55 | gen_rsa_export_server_kx, |
56 | _gnutls_gen_rsa_client_kx, | 56 | _gnutls_gen_rsa_client_kx, |
57 | mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ | 57 | mhd_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ |
58 | mhd_gtls_gen_cert_server_cert_req, /* server cert request */ | 58 | mhd_gtls_gen_cert_server_cert_req, /* server cert request */ |
59 | 59 | ||
60 | mhd_gtls_proc_cert_server_certificate, | 60 | mhd_gtls_proc_cert_server_certificate, |
61 | _gnutls_proc_cert_client_certificate, | 61 | _gnutls_proc_cert_client_certificate, |
62 | proc_rsa_export_server_kx, | 62 | proc_rsa_export_server_kx, |
63 | _gnutls_proc_rsa_client_kx, /* proc client kx */ | 63 | _gnutls_proc_rsa_client_kx, /* proc client kx */ |
64 | mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ | 64 | mhd_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ |
65 | mhd_gtls_proc_cert_cert_req /* proc server cert request */ | 65 | mhd_gtls_proc_cert_cert_req /* proc server cert request */ |
66 | }; | 66 | }; |
67 | 67 | ||
68 | static int | 68 | static int |
@@ -91,7 +91,7 @@ gen_rsa_export_server_kx (mhd_gtls_session_t session, opaque ** data) | |||
91 | /* find the appropriate certificate */ | 91 | /* find the appropriate certificate */ |
92 | if ((ret = | 92 | if ((ret = |
93 | mhd_gtls_get_selected_cert (session, &apr_cert_list, | 93 | mhd_gtls_get_selected_cert (session, &apr_cert_list, |
94 | &apr_cert_list_length, &apr_pkey)) < 0) | 94 | &apr_cert_list_length, &apr_pkey)) < 0) |
95 | { | 95 | { |
96 | gnutls_assert (); | 96 | gnutls_assert (); |
97 | return ret; | 97 | return ret; |
@@ -108,7 +108,7 @@ gen_rsa_export_server_kx (mhd_gtls_session_t session, opaque ** data) | |||
108 | 108 | ||
109 | rsa_params = | 109 | rsa_params = |
110 | mhd_gtls_certificate_get_rsa_params (cred->rsa_params, cred->params_func, | 110 | mhd_gtls_certificate_get_rsa_params (cred->rsa_params, cred->params_func, |
111 | session); | 111 | session); |
112 | rsa_mpis = _gnutls_rsa_params_to_mpi (rsa_params); | 112 | rsa_mpis = _gnutls_rsa_params_to_mpi (rsa_params); |
113 | if (rsa_mpis == NULL) | 113 | if (rsa_mpis == NULL) |
114 | { | 114 | { |
@@ -117,7 +117,7 @@ gen_rsa_export_server_kx (mhd_gtls_session_t session, opaque ** data) | |||
117 | } | 117 | } |
118 | 118 | ||
119 | if ((ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, | 119 | if ((ret = mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, |
120 | sizeof (cert_auth_info_st), 0)) < 0) | 120 | sizeof (cert_auth_info_st), 0)) < 0) |
121 | { | 121 | { |
122 | gnutls_assert (); | 122 | gnutls_assert (); |
123 | return ret; | 123 | return ret; |
@@ -157,7 +157,7 @@ gen_rsa_export_server_kx (mhd_gtls_session_t session, opaque ** data) | |||
157 | { | 157 | { |
158 | if ((ret = | 158 | if ((ret = |
159 | mhd_gtls_tls_sign_params (session, &apr_cert_list[0], | 159 | mhd_gtls_tls_sign_params (session, &apr_cert_list[0], |
160 | apr_pkey, &ddata, &signature)) < 0) | 160 | apr_pkey, &ddata, &signature)) < 0) |
161 | { | 161 | { |
162 | gnutls_assert (); | 162 | gnutls_assert (); |
163 | gnutls_free (*data); | 163 | gnutls_free (*data); |
@@ -205,9 +205,9 @@ _gnutls_peers_cert_less_512 (mhd_gtls_session_t session) | |||
205 | 205 | ||
206 | if ((ret = | 206 | if ((ret = |
207 | mhd_gtls_raw_cert_to_gcert (&peer_cert, | 207 | mhd_gtls_raw_cert_to_gcert (&peer_cert, |
208 | session->security_parameters.cert_type, | 208 | session->security_parameters.cert_type, |
209 | &info->raw_certificate_list[0], | 209 | &info->raw_certificate_list[0], |
210 | CERT_NO_COPY)) < 0) | 210 | CERT_NO_COPY)) < 0) |
211 | { | 211 | { |
212 | gnutls_assert (); | 212 | gnutls_assert (); |
213 | return 0; | 213 | return 0; |
@@ -289,7 +289,7 @@ proc_rsa_export_server_kx (mhd_gtls_session_t session, | |||
289 | } | 289 | } |
290 | 290 | ||
291 | mhd_gtls_rsa_export_set_pubkey (session, session->key->rsa[1], | 291 | mhd_gtls_rsa_export_set_pubkey (session, session->key->rsa[1], |
292 | session->key->rsa[0]); | 292 | session->key->rsa[0]); |
293 | 293 | ||
294 | /* VERIFY SIGNATURE */ | 294 | /* VERIFY SIGNATURE */ |
295 | 295 | ||
@@ -305,15 +305,16 @@ proc_rsa_export_server_kx (mhd_gtls_session_t session, | |||
305 | 305 | ||
306 | if ((ret = | 306 | if ((ret = |
307 | mhd_gtls_raw_cert_to_gcert (&peer_cert, | 307 | mhd_gtls_raw_cert_to_gcert (&peer_cert, |
308 | session->security_parameters.cert_type, | 308 | session->security_parameters.cert_type, |
309 | &info->raw_certificate_list[0], | 309 | &info->raw_certificate_list[0], |
310 | CERT_NO_COPY)) < 0) | 310 | CERT_NO_COPY)) < 0) |
311 | { | 311 | { |
312 | gnutls_assert (); | 312 | gnutls_assert (); |
313 | return ret; | 313 | return ret; |
314 | } | 314 | } |
315 | 315 | ||
316 | ret = mhd_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature); | 316 | ret = |
317 | mhd_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature); | ||
317 | 318 | ||
318 | mhd_gtls_gcert_deinit (&peer_cert); | 319 | mhd_gtls_gcert_deinit (&peer_cert); |
319 | if (ret < 0) | 320 | if (ret < 0) |
diff --git a/src/daemon/https/tls/ext_cert_type.c b/src/daemon/https/tls/ext_cert_type.c index 3b47fdbb..2a855abf 100644 --- a/src/daemon/https/tls/ext_cert_type.c +++ b/src/daemon/https/tls/ext_cert_type.c | |||
@@ -47,7 +47,7 @@ inline static int _gnutls_cert_type2num (int record_size); | |||
47 | 47 | ||
48 | int | 48 | int |
49 | mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session, | 49 | mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session, |
50 | const opaque * data, size_t _data_size) | 50 | const opaque * data, size_t _data_size) |
51 | { | 51 | { |
52 | int new_type = -1, ret, i; | 52 | int new_type = -1, ret, i; |
53 | ssize_t data_size = _data_size; | 53 | ssize_t data_size = _data_size; |
@@ -103,7 +103,7 @@ mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session, | |||
103 | /* Check if we support this cert_type */ | 103 | /* Check if we support this cert_type */ |
104 | if ((ret = | 104 | if ((ret = |
105 | mhd_gtls_session_cert_type_supported (session, | 105 | mhd_gtls_session_cert_type_supported (session, |
106 | new_type)) < 0) | 106 | new_type)) < 0) |
107 | { | 107 | { |
108 | gnutls_assert (); | 108 | gnutls_assert (); |
109 | continue; | 109 | continue; |
@@ -144,7 +144,7 @@ mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session, | |||
144 | */ | 144 | */ |
145 | int | 145 | int |
146 | mhd_gtls_cert_type_send_params (mhd_gtls_session_t session, opaque * data, | 146 | mhd_gtls_cert_type_send_params (mhd_gtls_session_t session, opaque * data, |
147 | size_t data_size) | 147 | size_t data_size) |
148 | { | 148 | { |
149 | unsigned len, i; | 149 | unsigned len, i; |
150 | 150 | ||
@@ -180,9 +180,9 @@ mhd_gtls_cert_type_send_params (mhd_gtls_session_t session, opaque * data, | |||
180 | 180 | ||
181 | for (i = 0; i < len; i++) | 181 | for (i = 0; i < len; i++) |
182 | { | 182 | { |
183 | data[i + 1] = _gnutls_cert_type2num (session->internals. | 183 | data[i + 1] = |
184 | priorities.cert_type. | 184 | _gnutls_cert_type2num (session->internals. |
185 | priority[i]); | 185 | priorities.cert_type.priority[i]); |
186 | } | 186 | } |
187 | return len + 1; | 187 | return len + 1; |
188 | } | 188 | } |
diff --git a/src/daemon/https/tls/ext_cert_type.h b/src/daemon/https/tls/ext_cert_type.h index 616e1e7f..cd9b0acc 100644 --- a/src/daemon/https/tls/ext_cert_type.h +++ b/src/daemon/https/tls/ext_cert_type.h | |||
@@ -26,6 +26,6 @@ | |||
26 | * extensions draft. | 26 | * extensions draft. |
27 | */ | 27 | */ |
28 | int mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session, | 28 | int mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session, |
29 | const opaque * data, size_t data_size); | 29 | const opaque * data, size_t data_size); |
30 | int mhd_gtls_cert_type_send_params (mhd_gtls_session_t session, opaque * data, | 30 | int mhd_gtls_cert_type_send_params (mhd_gtls_session_t session, opaque * data, |
31 | size_t); | 31 | size_t); |
diff --git a/src/daemon/https/tls/ext_inner_application.c b/src/daemon/https/tls/ext_inner_application.c index 24dd265f..6c6c83cc 100644 --- a/src/daemon/https/tls/ext_inner_application.c +++ b/src/daemon/https/tls/ext_inner_application.c | |||
@@ -33,7 +33,7 @@ | |||
33 | 33 | ||
34 | int | 34 | int |
35 | mhd_gtls_inner_app_rcv_params (mhd_gtls_session_t session, | 35 | mhd_gtls_inner_app_rcv_params (mhd_gtls_session_t session, |
36 | const opaque * data, size_t data_size) | 36 | const opaque * data, size_t data_size) |
37 | { | 37 | { |
38 | mhd_gtls_ext_st *ext = &session->security_parameters.extensions; | 38 | mhd_gtls_ext_st *ext = &session->security_parameters.extensions; |
39 | 39 | ||
@@ -68,7 +68,7 @@ mhd_gtls_inner_app_rcv_params (mhd_gtls_session_t session, | |||
68 | */ | 68 | */ |
69 | int | 69 | int |
70 | mhd_gtls_inner_app_send_params (mhd_gtls_session_t session, | 70 | mhd_gtls_inner_app_send_params (mhd_gtls_session_t session, |
71 | opaque * data, size_t data_size) | 71 | opaque * data, size_t data_size) |
72 | { | 72 | { |
73 | mhd_gtls_ext_st *ext = &session->security_parameters.extensions; | 73 | mhd_gtls_ext_st *ext = &session->security_parameters.extensions; |
74 | 74 | ||
@@ -86,7 +86,8 @@ mhd_gtls_inner_app_send_params (mhd_gtls_session_t session, | |||
86 | else | 86 | else |
87 | #endif | 87 | #endif |
88 | { | 88 | { |
89 | struct gnutls_ia_server_credentials_st * cred = (struct gnutls_ia_server_credentials_st*) | 89 | struct gnutls_ia_server_credentials_st *cred = |
90 | (struct gnutls_ia_server_credentials_st *) | ||
90 | mhd_gtls_get_cred (session->key, MHD_GNUTLS_CRD_IA, NULL); | 91 | mhd_gtls_get_cred (session->key, MHD_GNUTLS_CRD_IA, NULL); |
91 | 92 | ||
92 | if (cred) | 93 | if (cred) |
diff --git a/src/daemon/https/tls/ext_inner_application.h b/src/daemon/https/tls/ext_inner_application.h index c863fcaa..8ea0ae22 100644 --- a/src/daemon/https/tls/ext_inner_application.h +++ b/src/daemon/https/tls/ext_inner_application.h | |||
@@ -23,7 +23,6 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | int mhd_gtls_inner_app_rcv_params (mhd_gtls_session_t session, | 25 | int mhd_gtls_inner_app_rcv_params (mhd_gtls_session_t session, |
26 | const opaque * data, | 26 | const opaque * data, size_t data_size); |
27 | size_t data_size); | ||
28 | int mhd_gtls_inner_app_send_params (mhd_gtls_session_t session, | 27 | int mhd_gtls_inner_app_send_params (mhd_gtls_session_t session, |
29 | opaque * data, size_t); | 28 | opaque * data, size_t); |
diff --git a/src/daemon/https/tls/ext_max_record.c b/src/daemon/https/tls/ext_max_record.c index 8c3de8f8..1b5f2be2 100644 --- a/src/daemon/https/tls/ext_max_record.c +++ b/src/daemon/https/tls/ext_max_record.c | |||
@@ -42,7 +42,7 @@ | |||
42 | 42 | ||
43 | int | 43 | int |
44 | mhd_gtls_max_record_recv_params (mhd_gtls_session_t session, | 44 | mhd_gtls_max_record_recv_params (mhd_gtls_session_t session, |
45 | const opaque * data, size_t _data_size) | 45 | const opaque * data, size_t _data_size) |
46 | { | 46 | { |
47 | ssize_t new_size; | 47 | ssize_t new_size; |
48 | ssize_t data_size = _data_size; | 48 | ssize_t data_size = _data_size; |
@@ -103,7 +103,7 @@ mhd_gtls_max_record_recv_params (mhd_gtls_session_t session, | |||
103 | */ | 103 | */ |
104 | int | 104 | int |
105 | mhd_gtls_max_record_send_params (mhd_gtls_session_t session, opaque * data, | 105 | mhd_gtls_max_record_send_params (mhd_gtls_session_t session, opaque * data, |
106 | size_t data_size) | 106 | size_t data_size) |
107 | { | 107 | { |
108 | uint16_t len; | 108 | uint16_t len; |
109 | /* this function sends the client extension data (dnsname) */ | 109 | /* this function sends the client extension data (dnsname) */ |
@@ -122,7 +122,7 @@ mhd_gtls_max_record_send_params (mhd_gtls_session_t session, opaque * data, | |||
122 | 122 | ||
123 | data[0] = | 123 | data[0] = |
124 | (uint8_t) mhd_gtls_mre_record2num (session->internals. | 124 | (uint8_t) mhd_gtls_mre_record2num (session->internals. |
125 | proposed_record_size); | 125 | proposed_record_size); |
126 | return len; | 126 | return len; |
127 | } | 127 | } |
128 | 128 | ||
@@ -142,9 +142,9 @@ mhd_gtls_max_record_send_params (mhd_gtls_session_t session, opaque * data, | |||
142 | } | 142 | } |
143 | 143 | ||
144 | data[0] = | 144 | data[0] = |
145 | (uint8_t) mhd_gtls_mre_record2num (session-> | 145 | (uint8_t) |
146 | security_parameters. | 146 | mhd_gtls_mre_record2num |
147 | max_record_recv_size); | 147 | (session->security_parameters.max_record_recv_size); |
148 | return len; | 148 | return len; |
149 | } | 149 | } |
150 | 150 | ||
diff --git a/src/daemon/https/tls/ext_max_record.h b/src/daemon/https/tls/ext_max_record.h index 487fe40d..361470a9 100644 --- a/src/daemon/https/tls/ext_max_record.h +++ b/src/daemon/https/tls/ext_max_record.h | |||
@@ -28,6 +28,6 @@ | |||
28 | int mhd_gtls_mre_num2record (int num); | 28 | int mhd_gtls_mre_num2record (int num); |
29 | int mhd_gtls_mre_record2num (uint16_t record_size); | 29 | int mhd_gtls_mre_record2num (uint16_t record_size); |
30 | int mhd_gtls_max_record_recv_params (mhd_gtls_session_t session, | 30 | int mhd_gtls_max_record_recv_params (mhd_gtls_session_t session, |
31 | const opaque * data, size_t data_size); | 31 | const opaque * data, size_t data_size); |
32 | int mhd_gtls_max_record_send_params (mhd_gtls_session_t session, opaque * data, | 32 | int mhd_gtls_max_record_send_params (mhd_gtls_session_t session, |
33 | size_t); | 33 | opaque * data, size_t); |
diff --git a/src/daemon/https/tls/ext_oprfi.c b/src/daemon/https/tls/ext_oprfi.c index 67a5bcb2..1922fa1c 100644 --- a/src/daemon/https/tls/ext_oprfi.c +++ b/src/daemon/https/tls/ext_oprfi.c | |||
@@ -112,7 +112,7 @@ oprfi_recv_client (mhd_gtls_session_t session, | |||
112 | 112 | ||
113 | int | 113 | int |
114 | mhd_gtls_oprfi_recv_params (mhd_gtls_session_t session, | 114 | mhd_gtls_oprfi_recv_params (mhd_gtls_session_t session, |
115 | const opaque * data, size_t data_size) | 115 | const opaque * data, size_t data_size) |
116 | { | 116 | { |
117 | #if MHD_DEBUG_TLS | 117 | #if MHD_DEBUG_TLS |
118 | if (session->security_parameters.entity == GNUTLS_CLIENT) | 118 | if (session->security_parameters.entity == GNUTLS_CLIENT) |
@@ -123,7 +123,8 @@ mhd_gtls_oprfi_recv_params (mhd_gtls_session_t session, | |||
123 | } | 123 | } |
124 | 124 | ||
125 | int | 125 | int |
126 | oprfi_send_client (mhd_gtls_session_t session, opaque * data, size_t _data_size) | 126 | oprfi_send_client (mhd_gtls_session_t session, opaque * data, |
127 | size_t _data_size) | ||
127 | { | 128 | { |
128 | opaque *p = data; | 129 | opaque *p = data; |
129 | ssize_t data_size = _data_size; | 130 | ssize_t data_size = _data_size; |
@@ -144,7 +145,8 @@ oprfi_send_client (mhd_gtls_session_t session, opaque * data, size_t _data_size) | |||
144 | } | 145 | } |
145 | 146 | ||
146 | int | 147 | int |
147 | oprfi_send_server (mhd_gtls_session_t session, opaque * data, size_t _data_size) | 148 | oprfi_send_server (mhd_gtls_session_t session, opaque * data, |
149 | size_t _data_size) | ||
148 | { | 150 | { |
149 | opaque *p = data; | 151 | opaque *p = data; |
150 | int ret; | 152 | int ret; |
@@ -180,11 +182,12 @@ oprfi_send_server (mhd_gtls_session_t session, opaque * data, size_t _data_size) | |||
180 | 182 | ||
181 | DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER); | 183 | DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER); |
182 | mhd_gtls_write_uint16 (session->security_parameters. | 184 | mhd_gtls_write_uint16 (session->security_parameters. |
183 | extensions.oprfi_server_len, p); | 185 | extensions.oprfi_server_len, p); |
184 | p += 2; | 186 | p += 2; |
185 | 187 | ||
186 | DECR_LENGTH_RET (data_size, session->security_parameters. | 188 | DECR_LENGTH_RET (data_size, |
187 | extensions.oprfi_server_len, GNUTLS_E_SHORT_MEMORY_BUFFER); | 189 | session->security_parameters.extensions.oprfi_server_len, |
190 | GNUTLS_E_SHORT_MEMORY_BUFFER); | ||
188 | 191 | ||
189 | memcpy (p, session->security_parameters.extensions.oprfi_server, | 192 | memcpy (p, session->security_parameters.extensions.oprfi_server, |
190 | session->security_parameters.extensions.oprfi_server_len); | 193 | session->security_parameters.extensions.oprfi_server_len); |
@@ -194,9 +197,9 @@ oprfi_send_server (mhd_gtls_session_t session, opaque * data, size_t _data_size) | |||
194 | 197 | ||
195 | int | 198 | int |
196 | mhd_gtls_oprfi_send_params (mhd_gtls_session_t session, | 199 | mhd_gtls_oprfi_send_params (mhd_gtls_session_t session, |
197 | opaque * data, size_t data_size) | 200 | opaque * data, size_t data_size) |
198 | { | 201 | { |
199 | return oprfi_send_server (session, data, data_size); | 202 | return oprfi_send_server (session, data, data_size); |
200 | } | 203 | } |
201 | 204 | ||
202 | /** | 205 | /** |
@@ -214,7 +217,7 @@ mhd_gtls_oprfi_send_params (mhd_gtls_session_t session, | |||
214 | **/ | 217 | **/ |
215 | void | 218 | void |
216 | MHD_gtls_oprfi_enable_client (mhd_gtls_session_t session, | 219 | MHD_gtls_oprfi_enable_client (mhd_gtls_session_t session, |
217 | size_t len, unsigned char *data) | 220 | size_t len, unsigned char *data) |
218 | { | 221 | { |
219 | session->security_parameters.extensions.oprfi_client_len = len; | 222 | session->security_parameters.extensions.oprfi_client_len = len; |
220 | session->security_parameters.extensions.oprfi_client = data; | 223 | session->security_parameters.extensions.oprfi_client = data; |
@@ -242,7 +245,7 @@ MHD_gtls_oprfi_enable_client (mhd_gtls_session_t session, | |||
242 | **/ | 245 | **/ |
243 | void | 246 | void |
244 | MHD_gtls_oprfi_enable_server (mhd_gtls_session_t session, | 247 | MHD_gtls_oprfi_enable_server (mhd_gtls_session_t session, |
245 | gnutls_oprfi_callback_func cb, void *userdata) | 248 | gnutls_oprfi_callback_func cb, void *userdata) |
246 | { | 249 | { |
247 | session->security_parameters.extensions.oprfi_cb = cb; | 250 | session->security_parameters.extensions.oprfi_cb = cb; |
248 | session->security_parameters.extensions.oprfi_userdata = userdata; | 251 | session->security_parameters.extensions.oprfi_userdata = userdata; |
diff --git a/src/daemon/https/tls/ext_oprfi.h b/src/daemon/https/tls/ext_oprfi.h index 27a9c96a..defb672b 100644 --- a/src/daemon/https/tls/ext_oprfi.h +++ b/src/daemon/https/tls/ext_oprfi.h | |||
@@ -25,9 +25,7 @@ | |||
25 | #include <gnutls_int.h> | 25 | #include <gnutls_int.h> |
26 | 26 | ||
27 | int mhd_gtls_oprfi_recv_params (mhd_gtls_session_t state, | 27 | int mhd_gtls_oprfi_recv_params (mhd_gtls_session_t state, |
28 | const opaque * data, | 28 | const opaque * data, size_t data_size); |
29 | size_t data_size); | ||
30 | 29 | ||
31 | int mhd_gtls_oprfi_send_params (mhd_gtls_session_t state, | 30 | int mhd_gtls_oprfi_send_params (mhd_gtls_session_t state, |
32 | opaque * data, | 31 | opaque * data, size_t data_size); |
33 | size_t data_size); | ||
diff --git a/src/daemon/https/tls/ext_server_name.c b/src/daemon/https/tls/ext_server_name.c index 8c045ae3..64ef0b06 100644 --- a/src/daemon/https/tls/ext_server_name.c +++ b/src/daemon/https/tls/ext_server_name.c | |||
@@ -40,7 +40,7 @@ | |||
40 | 40 | ||
41 | int | 41 | int |
42 | mhd_gtls_server_name_recv_params (mhd_gtls_session_t session, | 42 | mhd_gtls_server_name_recv_params (mhd_gtls_session_t session, |
43 | const opaque * data, size_t _data_size) | 43 | const opaque * data, size_t _data_size) |
44 | { | 44 | { |
45 | int i; | 45 | int i; |
46 | const unsigned char *p; | 46 | const unsigned char *p; |
@@ -125,7 +125,7 @@ mhd_gtls_server_name_recv_params (mhd_gtls_session_t session, | |||
125 | */ | 125 | */ |
126 | int | 126 | int |
127 | mhd_gtls_server_name_send_params (mhd_gtls_session_t session, | 127 | mhd_gtls_server_name_send_params (mhd_gtls_session_t session, |
128 | opaque * data, size_t _data_size) | 128 | opaque * data, size_t _data_size) |
129 | { | 129 | { |
130 | int total_size = 0; | 130 | int total_size = 0; |
131 | #if MHD_DEBUG_TLS | 131 | #if MHD_DEBUG_TLS |
@@ -234,8 +234,8 @@ mhd_gtls_server_name_send_params (mhd_gtls_session_t session, | |||
234 | **/ | 234 | **/ |
235 | int | 235 | int |
236 | MHD_gnutls_server_name_get (mhd_gtls_session_t session, void *data, | 236 | MHD_gnutls_server_name_get (mhd_gtls_session_t session, void *data, |
237 | size_t * data_length, | 237 | size_t * data_length, |
238 | unsigned int *type, unsigned int indx) | 238 | unsigned int *type, unsigned int indx) |
239 | { | 239 | { |
240 | char *_data = data; | 240 | char *_data = data; |
241 | #if MHD_DEBUG_TLS | 241 | #if MHD_DEBUG_TLS |
@@ -259,8 +259,8 @@ MHD_gnutls_server_name_get (mhd_gtls_session_t session, void *data, | |||
259 | session->security_parameters.extensions.server_names[indx]. | 259 | session->security_parameters.extensions.server_names[indx]. |
260 | name_length; | 260 | name_length; |
261 | memcpy (data, | 261 | memcpy (data, |
262 | session->security_parameters.extensions.server_names[indx]. | 262 | session->security_parameters.extensions.server_names[indx].name, |
263 | name, *data_length); | 263 | *data_length); |
264 | 264 | ||
265 | if (*type == GNUTLS_NAME_DNS) /* null terminate */ | 265 | if (*type == GNUTLS_NAME_DNS) /* null terminate */ |
266 | _data[(*data_length)] = 0; | 266 | _data[(*data_length)] = 0; |
@@ -296,8 +296,8 @@ MHD_gnutls_server_name_get (mhd_gtls_session_t session, void *data, | |||
296 | **/ | 296 | **/ |
297 | int | 297 | int |
298 | MHD_gnutls_server_name_set (mhd_gtls_session_t session, | 298 | MHD_gnutls_server_name_set (mhd_gtls_session_t session, |
299 | gnutls_server_name_type_t type, | 299 | gnutls_server_name_type_t type, |
300 | const void *name, size_t name_length) | 300 | const void *name, size_t name_length) |
301 | { | 301 | { |
302 | int server_names; | 302 | int server_names; |
303 | 303 | ||
diff --git a/src/daemon/https/tls/ext_server_name.h b/src/daemon/https/tls/ext_server_name.h index 7a471ad4..5de9304f 100644 --- a/src/daemon/https/tls/ext_server_name.h +++ b/src/daemon/https/tls/ext_server_name.h | |||
@@ -23,6 +23,6 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | int mhd_gtls_server_name_recv_params (mhd_gtls_session_t session, | 25 | int mhd_gtls_server_name_recv_params (mhd_gtls_session_t session, |
26 | const opaque * data, size_t data_size); | 26 | const opaque * data, size_t data_size); |
27 | int mhd_gtls_server_name_send_params (mhd_gtls_session_t session, | 27 | int mhd_gtls_server_name_send_params (mhd_gtls_session_t session, |
28 | opaque * data, size_t); | 28 | opaque * data, size_t); |
diff --git a/src/daemon/https/tls/gnutls_alert.c b/src/daemon/https/tls/gnutls_alert.c index 36c65362..ba5ee803 100644 --- a/src/daemon/https/tls/gnutls_alert.c +++ b/src/daemon/https/tls/gnutls_alert.c | |||
@@ -116,7 +116,7 @@ MHD_gnutls_alert_get_name (gnutls_alert_description_t alert) | |||
116 | **/ | 116 | **/ |
117 | int | 117 | int |
118 | MHD_gnutls_alert_send (mhd_gtls_session_t session, gnutls_alert_level_t level, | 118 | MHD_gnutls_alert_send (mhd_gtls_session_t session, gnutls_alert_level_t level, |
119 | gnutls_alert_description_t desc) | 119 | gnutls_alert_description_t desc) |
120 | { | 120 | { |
121 | uint8_t data[2]; | 121 | uint8_t data[2]; |
122 | int ret; | 122 | int ret; |
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c index 16e67fbd..6d25ff55 100644 --- a/src/daemon/https/tls/gnutls_algorithms.c +++ b/src/daemon/https/tls/gnutls_algorithms.c | |||
@@ -37,7 +37,7 @@ typedef struct | |||
37 | { | 37 | { |
38 | enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm; | 38 | enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm; |
39 | enum MHD_GNUTLS_CredentialsType client_type; | 39 | enum MHD_GNUTLS_CredentialsType client_type; |
40 | enum MHD_GNUTLS_CredentialsType server_type; /* The type of credentials a server | 40 | enum MHD_GNUTLS_CredentialsType server_type; /* The type of credentials a server |
41 | * needs to set */ | 41 | * needs to set */ |
42 | } gnutls_cred_map; | 42 | } gnutls_cred_map; |
43 | 43 | ||
@@ -130,7 +130,7 @@ static const gnutls_pk_map mhd_gtls_pk_mappings[] = { | |||
130 | typedef struct | 130 | typedef struct |
131 | { | 131 | { |
132 | const char *name; | 132 | const char *name; |
133 | enum MHD_GNUTLS_Protocol id; /* gnutls internal version number */ | 133 | enum MHD_GNUTLS_Protocol id; /* gnutls internal version number */ |
134 | int major; /* defined by the protocol */ | 134 | int major; /* defined by the protocol */ |
135 | int minor; /* defined by the protocol */ | 135 | int minor; /* defined by the protocol */ |
136 | int supported; /* 0 not supported, > 0 is supported */ | 136 | int supported; /* 0 not supported, > 0 is supported */ |
@@ -165,7 +165,8 @@ static const gnutls_version_entry mhd_gtls_sup_versions[] = { | |||
165 | }; | 165 | }; |
166 | 166 | ||
167 | /* Keep the contents of this struct the same as the previous one. */ | 167 | /* Keep the contents of this struct the same as the previous one. */ |
168 | static const enum MHD_GNUTLS_Protocol mhd_gtls_supported_protocols[] = { MHD_GNUTLS_SSL3, | 168 | static const enum MHD_GNUTLS_Protocol mhd_gtls_supported_protocols[] = |
169 | { MHD_GNUTLS_SSL3, | ||
169 | MHD_GNUTLS_TLS1_0, | 170 | MHD_GNUTLS_TLS1_0, |
170 | MHD_GNUTLS_TLS1_1, | 171 | MHD_GNUTLS_TLS1_1, |
171 | MHD_GNUTLS_TLS1_2, | 172 | MHD_GNUTLS_TLS1_2, |
@@ -272,7 +273,7 @@ static const gnutls_cipher_entry mhd_gtls_algorithms[] = { | |||
272 | 273 | ||
273 | /* Keep the contents of this struct the same as the previous one. */ | 274 | /* Keep the contents of this struct the same as the previous one. */ |
274 | static const enum MHD_GNUTLS_CipherAlgorithm mhd_gtls_supported_ciphers[] = | 275 | static const enum MHD_GNUTLS_CipherAlgorithm mhd_gtls_supported_ciphers[] = |
275 | { MHD_GNUTLS_CIPHER_AES_256_CBC, | 276 | { MHD_GNUTLS_CIPHER_AES_256_CBC, |
276 | MHD_GNUTLS_CIPHER_AES_128_CBC, | 277 | MHD_GNUTLS_CIPHER_AES_128_CBC, |
277 | MHD_GNUTLS_CIPHER_3DES_CBC, | 278 | MHD_GNUTLS_CIPHER_3DES_CBC, |
278 | MHD_GNUTLS_CIPHER_DES_CBC, | 279 | MHD_GNUTLS_CIPHER_DES_CBC, |
@@ -327,7 +328,8 @@ static const gnutls_hash_entry mhd_gtls_hash_algorithms[] = { | |||
327 | }; | 328 | }; |
328 | 329 | ||
329 | /* Keep the contents of this struct the same as the previous one. */ | 330 | /* Keep the contents of this struct the same as the previous one. */ |
330 | static const enum MHD_GNUTLS_HashAlgorithm mhd_gtls_supported_macs[] = { MHD_GNUTLS_MAC_SHA1, | 331 | static const enum MHD_GNUTLS_HashAlgorithm mhd_gtls_supported_macs[] = |
332 | { MHD_GNUTLS_MAC_SHA1, | ||
331 | MHD_GNUTLS_MAC_MD5, | 333 | MHD_GNUTLS_MAC_MD5, |
332 | MHD_GNUTLS_MAC_SHA256, | 334 | MHD_GNUTLS_MAC_SHA256, |
333 | MHD_GNUTLS_MAC_NULL, | 335 | MHD_GNUTLS_MAC_NULL, |
@@ -364,7 +366,9 @@ gnutls_compression_entry _gnutls_compression_algorithms[MAX_COMP_METHODS] = | |||
364 | 0} | 366 | 0} |
365 | }; | 367 | }; |
366 | 368 | ||
367 | static const enum MHD_GNUTLS_CompressionMethod mhd_gtls_supported_compressions[] = { | 369 | static const enum MHD_GNUTLS_CompressionMethod |
370 | mhd_gtls_supported_compressions[] = | ||
371 | { | ||
368 | #ifdef HAVE_LIBZ | 372 | #ifdef HAVE_LIBZ |
369 | MHD_GNUTLS_COMP_DEFLATE, | 373 | MHD_GNUTLS_COMP_DEFLATE, |
370 | #endif | 374 | #endif |
@@ -444,7 +448,8 @@ static const mhd_gtls_kx_algo_entry_t mhd_gtls_kx_algorithms[] = { | |||
444 | }; | 448 | }; |
445 | 449 | ||
446 | /* Keep the contents of this struct the same as the previous one. */ | 450 | /* Keep the contents of this struct the same as the previous one. */ |
447 | static const enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_supported_kxs[] = { | 451 | static const enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_supported_kxs[] = |
452 | { | ||
448 | #ifdef ENABLE_ANON | 453 | #ifdef ENABLE_ANON |
449 | MHD_GNUTLS_KX_ANON_DH, | 454 | MHD_GNUTLS_KX_ANON_DH, |
450 | #endif | 455 | #endif |
@@ -482,9 +487,9 @@ typedef struct | |||
482 | enum MHD_GNUTLS_CipherAlgorithm block_algorithm; | 487 | enum MHD_GNUTLS_CipherAlgorithm block_algorithm; |
483 | enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm; | 488 | enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm; |
484 | enum MHD_GNUTLS_HashAlgorithm mac_algorithm; | 489 | enum MHD_GNUTLS_HashAlgorithm mac_algorithm; |
485 | enum MHD_GNUTLS_Protocol version; /* this cipher suite is supported | 490 | enum MHD_GNUTLS_Protocol version; /* this cipher suite is supported |
486 | * from 'version' and above; | 491 | * from 'version' and above; |
487 | */ | 492 | */ |
488 | } mhd_gtls_cipher_suite_entry; | 493 | } mhd_gtls_cipher_suite_entry; |
489 | 494 | ||
490 | /* RSA with NULL cipher and MD5 MAC | 495 | /* RSA with NULL cipher and MD5 MAC |
@@ -763,7 +768,7 @@ static const mhd_gtls_cipher_suite_entry mhd_gtls_cs_algorithms[] = { | |||
763 | 768 | ||
764 | int | 769 | int |
765 | mhd_gtls_mac_priority (mhd_gtls_session_t session, | 770 | mhd_gtls_mac_priority (mhd_gtls_session_t session, |
766 | enum MHD_GNUTLS_HashAlgorithm algorithm) | 771 | enum MHD_GNUTLS_HashAlgorithm algorithm) |
767 | { /* actually returns the priority */ | 772 | { /* actually returns the priority */ |
768 | unsigned int i; | 773 | unsigned int i; |
769 | for (i = 0; i < session->internals.priorities.mac.num_algorithms; i++) | 774 | for (i = 0; i < session->internals.priorities.mac.num_algorithms; i++) |
@@ -889,10 +894,11 @@ mhd_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm) | |||
889 | /* Compression Functions */ | 894 | /* Compression Functions */ |
890 | int | 895 | int |
891 | mhd_gtls_compression_priority (mhd_gtls_session_t session, | 896 | mhd_gtls_compression_priority (mhd_gtls_session_t session, |
892 | enum MHD_GNUTLS_CompressionMethod algorithm) | 897 | enum MHD_GNUTLS_CompressionMethod algorithm) |
893 | { /* actually returns the priority */ | 898 | { /* actually returns the priority */ |
894 | unsigned int i; | 899 | unsigned int i; |
895 | for (i = 0; i < session->internals.priorities.compression.num_algorithms; i++) | 900 | for (i = 0; i < session->internals.priorities.compression.num_algorithms; |
901 | i++) | ||
896 | { | 902 | { |
897 | if (session->internals.priorities.compression.priority[i] == algorithm) | 903 | if (session->internals.priorities.compression.priority[i] == algorithm) |
898 | return i; | 904 | return i; |
@@ -980,7 +986,8 @@ mhd_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod algorithm) | |||
980 | } | 986 | } |
981 | 987 | ||
982 | int | 988 | int |
983 | mhd_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod algorithm) | 989 | mhd_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod |
990 | algorithm) | ||
984 | { | 991 | { |
985 | int ret = -1; | 992 | int ret = -1; |
986 | /* avoid prefix */ | 993 | /* avoid prefix */ |
@@ -989,7 +996,8 @@ mhd_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod algorithm) | |||
989 | } | 996 | } |
990 | 997 | ||
991 | int | 998 | int |
992 | mhd_gtls_compression_get_comp_level (enum MHD_GNUTLS_CompressionMethod algorithm) | 999 | mhd_gtls_compression_get_comp_level (enum MHD_GNUTLS_CompressionMethod |
1000 | algorithm) | ||
993 | { | 1001 | { |
994 | int ret = -1; | 1002 | int ret = -1; |
995 | /* avoid prefix */ | 1003 | /* avoid prefix */ |
@@ -1036,7 +1044,7 @@ mhd_gtls_cipher_get_block_size (enum MHD_GNUTLS_CipherAlgorithm algorithm) | |||
1036 | /* returns the priority */ | 1044 | /* returns the priority */ |
1037 | int | 1045 | int |
1038 | mhd_gtls_cipher_priority (mhd_gtls_session_t session, | 1046 | mhd_gtls_cipher_priority (mhd_gtls_session_t session, |
1039 | enum MHD_GNUTLS_CipherAlgorithm algorithm) | 1047 | enum MHD_GNUTLS_CipherAlgorithm algorithm) |
1040 | { | 1048 | { |
1041 | unsigned int i; | 1049 | unsigned int i; |
1042 | for (i = 0; i < session->internals.priorities.cipher.num_algorithms; i++) | 1050 | for (i = 0; i < session->internals.priorities.cipher.num_algorithms; i++) |
@@ -1172,7 +1180,7 @@ mhd_gtls_kx_auth_struct (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) | |||
1172 | 1180 | ||
1173 | int | 1181 | int |
1174 | mhd_gtls_kx_priority (mhd_gtls_session_t session, | 1182 | mhd_gtls_kx_priority (mhd_gtls_session_t session, |
1175 | enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) | 1183 | enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) |
1176 | { | 1184 | { |
1177 | unsigned int i; | 1185 | unsigned int i; |
1178 | for (i = 0; i < session->internals.priorities.kx.num_algorithms; i++) | 1186 | for (i = 0; i < session->internals.priorities.kx.num_algorithms; i++) |
@@ -1265,7 +1273,8 @@ mhd_gtls_kx_needs_dh_params (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) | |||
1265 | 1273 | ||
1266 | /* Version */ | 1274 | /* Version */ |
1267 | int | 1275 | int |
1268 | mhd_gtls_version_priority (mhd_gtls_session_t session, enum MHD_GNUTLS_Protocol version) | 1276 | mhd_gtls_version_priority (mhd_gtls_session_t session, |
1277 | enum MHD_GNUTLS_Protocol version) | ||
1269 | { /* actually returns the priority */ | 1278 | { /* actually returns the priority */ |
1270 | unsigned int i; | 1279 | unsigned int i; |
1271 | 1280 | ||
@@ -1293,7 +1302,8 @@ mhd_gtls_version_lowest (mhd_gtls_session_t session) | |||
1293 | return MHD_GNUTLS_VERSION_UNKNOWN; | 1302 | return MHD_GNUTLS_VERSION_UNKNOWN; |
1294 | } | 1303 | } |
1295 | else | 1304 | else |
1296 | for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++) | 1305 | for (i = 0; i < session->internals.priorities.protocol.num_algorithms; |
1306 | i++) | ||
1297 | { | 1307 | { |
1298 | if (session->internals.priorities.protocol.priority[i] < min) | 1308 | if (session->internals.priorities.protocol.priority[i] < min) |
1299 | min = session->internals.priorities.protocol.priority[i]; | 1309 | min = session->internals.priorities.protocol.priority[i]; |
@@ -1315,7 +1325,8 @@ mhd_gtls_version_max (mhd_gtls_session_t session) | |||
1315 | return MHD_GNUTLS_VERSION_UNKNOWN; | 1325 | return MHD_GNUTLS_VERSION_UNKNOWN; |
1316 | } | 1326 | } |
1317 | else | 1327 | else |
1318 | for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++) | 1328 | for (i = 0; i < session->internals.priorities.protocol.num_algorithms; |
1329 | i++) | ||
1319 | { | 1330 | { |
1320 | if (session->internals.priorities.protocol.priority[i] > max) | 1331 | if (session->internals.priorities.protocol.priority[i] > max) |
1321 | max = session->internals.priorities.protocol.priority[i]; | 1332 | max = session->internals.priorities.protocol.priority[i]; |
@@ -1412,7 +1423,7 @@ mhd_gtls_version_get_major (enum MHD_GNUTLS_Protocol version) | |||
1412 | 1423 | ||
1413 | int | 1424 | int |
1414 | mhd_gtls_version_is_supported (mhd_gtls_session_t session, | 1425 | mhd_gtls_version_is_supported (mhd_gtls_session_t session, |
1415 | const enum MHD_GNUTLS_Protocol version) | 1426 | const enum MHD_GNUTLS_Protocol version) |
1416 | { | 1427 | { |
1417 | int ret = 0; | 1428 | int ret = 0; |
1418 | 1429 | ||
@@ -1444,7 +1455,8 @@ mhd_gtls_map_kx_get_kx (enum MHD_GNUTLS_CredentialsType type, int server) | |||
1444 | } | 1455 | } |
1445 | 1456 | ||
1446 | enum MHD_GNUTLS_CredentialsType | 1457 | enum MHD_GNUTLS_CredentialsType |
1447 | mhd_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm, int server) | 1458 | mhd_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm, |
1459 | int server) | ||
1448 | { | 1460 | { |
1449 | enum MHD_GNUTLS_CredentialsType ret = -1; | 1461 | enum MHD_GNUTLS_CredentialsType ret = -1; |
1450 | if (server) | 1462 | if (server) |
@@ -1674,7 +1686,7 @@ _gnutls_bsort (mhd_gtls_session_t session, void *_base, size_t nmemb, | |||
1674 | 1686 | ||
1675 | int | 1687 | int |
1676 | mhd_gtls_supported_ciphersuites_sorted (mhd_gtls_session_t session, | 1688 | mhd_gtls_supported_ciphersuites_sorted (mhd_gtls_session_t session, |
1677 | cipher_suite_st ** ciphers) | 1689 | cipher_suite_st ** ciphers) |
1678 | { | 1690 | { |
1679 | 1691 | ||
1680 | #ifdef SORT_DEBUG | 1692 | #ifdef SORT_DEBUG |
@@ -1710,7 +1722,7 @@ mhd_gtls_supported_ciphersuites_sorted (mhd_gtls_session_t session, | |||
1710 | 1722 | ||
1711 | int | 1723 | int |
1712 | mhd_gtls_supported_ciphersuites (mhd_gtls_session_t session, | 1724 | mhd_gtls_supported_ciphersuites (mhd_gtls_session_t session, |
1713 | cipher_suite_st ** _ciphers) | 1725 | cipher_suite_st ** _ciphers) |
1714 | { | 1726 | { |
1715 | 1727 | ||
1716 | unsigned int i, ret_count, j; | 1728 | unsigned int i, ret_count, j; |
@@ -1758,16 +1770,16 @@ mhd_gtls_supported_ciphersuites (mhd_gtls_session_t session, | |||
1758 | continue; | 1770 | continue; |
1759 | 1771 | ||
1760 | if (mhd_gtls_kx_priority (session, | 1772 | if (mhd_gtls_kx_priority (session, |
1761 | mhd_gtls_cipher_suite_get_kx_algo (&tmp_ciphers | 1773 | mhd_gtls_cipher_suite_get_kx_algo |
1762 | [i])) < 0) | 1774 | (&tmp_ciphers[i])) < 0) |
1763 | continue; | 1775 | continue; |
1764 | if (mhd_gtls_mac_priority (session, | 1776 | if (mhd_gtls_mac_priority (session, |
1765 | mhd_gtls_cipher_suite_get_mac_algo | 1777 | mhd_gtls_cipher_suite_get_mac_algo |
1766 | (&tmp_ciphers[i])) < 0) | 1778 | (&tmp_ciphers[i])) < 0) |
1767 | continue; | 1779 | continue; |
1768 | if (mhd_gtls_cipher_priority (session, | 1780 | if (mhd_gtls_cipher_priority (session, |
1769 | mhd_gtls_cipher_suite_get_cipher_algo | 1781 | mhd_gtls_cipher_suite_get_cipher_algo |
1770 | (&tmp_ciphers[i])) < 0) | 1782 | (&tmp_ciphers[i])) < 0) |
1771 | continue; | 1783 | continue; |
1772 | 1784 | ||
1773 | memcpy (&ciphers[j], &tmp_ciphers[i], sizeof (cipher_suite_st)); | 1785 | memcpy (&ciphers[j], &tmp_ciphers[i], sizeof (cipher_suite_st)); |
@@ -1816,7 +1828,7 @@ mhd_gtls_supported_ciphersuites (mhd_gtls_session_t session, | |||
1816 | #define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.num_algorithms | 1828 | #define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.num_algorithms |
1817 | int | 1829 | int |
1818 | mhd_gtls_supported_compression_methods (mhd_gtls_session_t session, | 1830 | mhd_gtls_supported_compression_methods (mhd_gtls_session_t session, |
1819 | uint8_t ** comp) | 1831 | uint8_t ** comp) |
1820 | { | 1832 | { |
1821 | unsigned int i, j; | 1833 | unsigned int i, j; |
1822 | 1834 | ||
@@ -1826,8 +1838,9 @@ mhd_gtls_supported_compression_methods (mhd_gtls_session_t session, | |||
1826 | 1838 | ||
1827 | for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) | 1839 | for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) |
1828 | { | 1840 | { |
1829 | int tmp = mhd_gtls_compression_get_num (session->internals.priorities. | 1841 | int tmp = |
1830 | compression.priority[i]); | 1842 | mhd_gtls_compression_get_num (session->internals.priorities. |
1843 | compression.priority[i]); | ||
1831 | 1844 | ||
1832 | /* remove private compression algorithms, if requested. | 1845 | /* remove private compression algorithms, if requested. |
1833 | */ | 1846 | */ |
@@ -1888,8 +1901,9 @@ MHD_gtls_certificate_type_get_id (const char *name) | |||
1888 | return ret; | 1901 | return ret; |
1889 | } | 1902 | } |
1890 | 1903 | ||
1891 | static const enum MHD_GNUTLS_CertificateType mhd_gtls_supported_certificate_types[] = | 1904 | static const enum MHD_GNUTLS_CertificateType |
1892 | { MHD_GNUTLS_CRT_X509, | 1905 | mhd_gtls_supported_certificate_types[] = |
1906 | { MHD_GNUTLS_CRT_X509, | ||
1893 | 0 | 1907 | 0 |
1894 | }; | 1908 | }; |
1895 | 1909 | ||
@@ -2005,7 +2019,8 @@ mhd_gtls_x509_oid2sign_algorithm (const char *oid) | |||
2005 | } | 2019 | } |
2006 | 2020 | ||
2007 | gnutls_sign_algorithm_t | 2021 | gnutls_sign_algorithm_t |
2008 | mhd_gtls_x509_pk_to_sign (enum MHD_GNUTLS_PublicKeyAlgorithm pk, enum MHD_GNUTLS_HashAlgorithm mac) | 2022 | mhd_gtls_x509_pk_to_sign (enum MHD_GNUTLS_PublicKeyAlgorithm pk, |
2023 | enum MHD_GNUTLS_HashAlgorithm mac) | ||
2009 | { | 2024 | { |
2010 | gnutls_sign_algorithm_t ret = 0; | 2025 | gnutls_sign_algorithm_t ret = 0; |
2011 | 2026 | ||
@@ -2021,7 +2036,7 @@ mhd_gtls_x509_pk_to_sign (enum MHD_GNUTLS_PublicKeyAlgorithm pk, enum MHD_GNUTLS | |||
2021 | 2036 | ||
2022 | const char * | 2037 | const char * |
2023 | mhd_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk, | 2038 | mhd_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk, |
2024 | enum MHD_GNUTLS_HashAlgorithm mac) | 2039 | enum MHD_GNUTLS_HashAlgorithm mac) |
2025 | { | 2040 | { |
2026 | gnutls_sign_algorithm_t sign; | 2041 | gnutls_sign_algorithm_t sign; |
2027 | const char *ret = NULL; | 2042 | const char *ret = NULL; |
diff --git a/src/daemon/https/tls/gnutls_algorithms.h b/src/daemon/https/tls/gnutls_algorithms.h index 5f1a7846..c98e3c41 100644 --- a/src/daemon/https/tls/gnutls_algorithms.h +++ b/src/daemon/https/tls/gnutls_algorithms.h | |||
@@ -31,83 +31,106 @@ | |||
31 | enum MHD_GNUTLS_Protocol mhd_gtls_version_lowest (mhd_gtls_session_t session); | 31 | enum MHD_GNUTLS_Protocol mhd_gtls_version_lowest (mhd_gtls_session_t session); |
32 | enum MHD_GNUTLS_Protocol mhd_gtls_version_max (mhd_gtls_session_t session); | 32 | enum MHD_GNUTLS_Protocol mhd_gtls_version_max (mhd_gtls_session_t session); |
33 | int mhd_gtls_version_priority (mhd_gtls_session_t session, | 33 | int mhd_gtls_version_priority (mhd_gtls_session_t session, |
34 | enum MHD_GNUTLS_Protocol version); | 34 | enum MHD_GNUTLS_Protocol version); |
35 | int mhd_gtls_version_is_supported (mhd_gtls_session_t session, | 35 | int mhd_gtls_version_is_supported (mhd_gtls_session_t session, |
36 | const enum MHD_GNUTLS_Protocol version); | 36 | const enum MHD_GNUTLS_Protocol version); |
37 | int mhd_gtls_version_get_major (enum MHD_GNUTLS_Protocol ver); | 37 | int mhd_gtls_version_get_major (enum MHD_GNUTLS_Protocol ver); |
38 | int mhd_gtls_version_get_minor (enum MHD_GNUTLS_Protocol ver); | 38 | int mhd_gtls_version_get_minor (enum MHD_GNUTLS_Protocol ver); |
39 | enum MHD_GNUTLS_Protocol mhd_gtls_version_get (int major, int minor); | 39 | enum MHD_GNUTLS_Protocol mhd_gtls_version_get (int major, int minor); |
40 | 40 | ||
41 | /* Functions for MACs. */ | 41 | /* Functions for MACs. */ |
42 | int mhd_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm); | 42 | int mhd_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm); |
43 | enum MHD_GNUTLS_HashAlgorithm mhd_gtls_x509_oid2mac_algorithm (const char *oid); | 43 | enum MHD_GNUTLS_HashAlgorithm mhd_gtls_x509_oid2mac_algorithm (const char |
44 | const char * mhd_gtls_x509_mac_to_oid (enum MHD_GNUTLS_HashAlgorithm mac); | 44 | *oid); |
45 | const char *mhd_gtls_x509_mac_to_oid (enum MHD_GNUTLS_HashAlgorithm mac); | ||
45 | 46 | ||
46 | /* Functions for cipher suites. */ | 47 | /* Functions for cipher suites. */ |
47 | int mhd_gtls_supported_ciphersuites (mhd_gtls_session_t session, | 48 | int mhd_gtls_supported_ciphersuites (mhd_gtls_session_t session, |
48 | cipher_suite_st ** ciphers); | 49 | cipher_suite_st ** ciphers); |
49 | int mhd_gtls_supported_ciphersuites_sorted (mhd_gtls_session_t session, | 50 | int mhd_gtls_supported_ciphersuites_sorted (mhd_gtls_session_t session, |
50 | cipher_suite_st ** ciphers); | 51 | cipher_suite_st ** ciphers); |
51 | int mhd_gtls_supported_compression_methods (mhd_gtls_session_t session, | 52 | int mhd_gtls_supported_compression_methods (mhd_gtls_session_t session, |
52 | uint8_t ** comp); | 53 | uint8_t ** comp); |
53 | const char * mhd_gtls_cipher_suite_get_name (cipher_suite_st * algorithm); | 54 | const char *mhd_gtls_cipher_suite_get_name (cipher_suite_st * algorithm); |
54 | enum MHD_GNUTLS_CipherAlgorithm mhd_gtls_cipher_suite_get_cipher_algo (const | 55 | enum MHD_GNUTLS_CipherAlgorithm mhd_gtls_cipher_suite_get_cipher_algo (const |
55 | cipher_suite_st | 56 | cipher_suite_st |
56 | * algorithm); | 57 | * |
57 | enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_cipher_suite_get_kx_algo (const cipher_suite_st | 58 | algorithm); |
58 | * algorithm); | 59 | enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_cipher_suite_get_kx_algo (const |
60 | cipher_suite_st | ||
61 | * | ||
62 | algorithm); | ||
59 | enum MHD_GNUTLS_HashAlgorithm mhd_gtls_cipher_suite_get_mac_algo (const | 63 | enum MHD_GNUTLS_HashAlgorithm mhd_gtls_cipher_suite_get_mac_algo (const |
60 | cipher_suite_st * | 64 | cipher_suite_st |
61 | algorithm); | 65 | * |
62 | enum MHD_GNUTLS_Protocol mhd_gtls_cipher_suite_get_version (const cipher_suite_st * | 66 | algorithm); |
63 | algorithm); | 67 | enum MHD_GNUTLS_Protocol mhd_gtls_cipher_suite_get_version (const |
68 | cipher_suite_st * | ||
69 | algorithm); | ||
64 | cipher_suite_st mhd_gtls_cipher_suite_get_suite_name (cipher_suite_st * | 70 | cipher_suite_st mhd_gtls_cipher_suite_get_suite_name (cipher_suite_st * |
65 | algorithm); | 71 | algorithm); |
66 | 72 | ||
67 | /* Functions for ciphers. */ | 73 | /* Functions for ciphers. */ |
68 | int mhd_gtls_cipher_get_block_size (enum MHD_GNUTLS_CipherAlgorithm algorithm); | 74 | int mhd_gtls_cipher_get_block_size (enum MHD_GNUTLS_CipherAlgorithm |
75 | algorithm); | ||
69 | int mhd_gtls_cipher_is_block (enum MHD_GNUTLS_CipherAlgorithm algorithm); | 76 | int mhd_gtls_cipher_is_block (enum MHD_GNUTLS_CipherAlgorithm algorithm); |
70 | int mhd_gtls_cipher_is_ok (enum MHD_GNUTLS_CipherAlgorithm algorithm); | 77 | int mhd_gtls_cipher_is_ok (enum MHD_GNUTLS_CipherAlgorithm algorithm); |
71 | int mhd_gtls_cipher_get_iv_size (enum MHD_GNUTLS_CipherAlgorithm algorithm); | 78 | int mhd_gtls_cipher_get_iv_size (enum MHD_GNUTLS_CipherAlgorithm algorithm); |
72 | int mhd_gtls_cipher_get_export_flag (enum MHD_GNUTLS_CipherAlgorithm algorithm); | 79 | int mhd_gtls_cipher_get_export_flag (enum MHD_GNUTLS_CipherAlgorithm |
80 | algorithm); | ||
73 | 81 | ||
74 | /* Functions for key exchange. */ | 82 | /* Functions for key exchange. */ |
75 | int mhd_gtls_kx_needs_dh_params (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); | 83 | int mhd_gtls_kx_needs_dh_params (enum MHD_GNUTLS_KeyExchangeAlgorithm |
76 | int mhd_gtls_kx_needs_rsa_params (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); | 84 | algorithm); |
77 | mhd_gtls_mod_auth_st * mhd_gtls_kx_auth_struct (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); | 85 | int mhd_gtls_kx_needs_rsa_params (enum MHD_GNUTLS_KeyExchangeAlgorithm |
86 | algorithm); | ||
87 | mhd_gtls_mod_auth_st *mhd_gtls_kx_auth_struct (enum | ||
88 | MHD_GNUTLS_KeyExchangeAlgorithm | ||
89 | algorithm); | ||
78 | int mhd_gtls_kx_is_ok (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); | 90 | int mhd_gtls_kx_is_ok (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); |
79 | 91 | ||
80 | /* Functions for compression. */ | 92 | /* Functions for compression. */ |
81 | int mhd_gtls_compression_is_ok (enum MHD_GNUTLS_CompressionMethod algorithm); | 93 | int mhd_gtls_compression_is_ok (enum MHD_GNUTLS_CompressionMethod algorithm); |
82 | int mhd_gtls_compression_get_num (enum MHD_GNUTLS_CompressionMethod algorithm); | 94 | int mhd_gtls_compression_get_num (enum MHD_GNUTLS_CompressionMethod |
95 | algorithm); | ||
83 | enum MHD_GNUTLS_CompressionMethod mhd_gtls_compression_get_id (int num); | 96 | enum MHD_GNUTLS_CompressionMethod mhd_gtls_compression_get_id (int num); |
84 | int mhd_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod algorithm); | 97 | int mhd_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod |
98 | algorithm); | ||
85 | int mhd_gtls_compression_get_comp_level (enum MHD_GNUTLS_CompressionMethod | 99 | int mhd_gtls_compression_get_comp_level (enum MHD_GNUTLS_CompressionMethod |
86 | algorithm); | 100 | algorithm); |
87 | int mhd_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod algorithm); | 101 | int mhd_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod |
102 | algorithm); | ||
88 | 103 | ||
89 | /* Type to KX mappings. */ | 104 | /* Type to KX mappings. */ |
90 | enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_map_kx_get_kx (enum MHD_GNUTLS_CredentialsType type, | 105 | enum MHD_GNUTLS_KeyExchangeAlgorithm mhd_gtls_map_kx_get_kx (enum |
91 | int server); | 106 | MHD_GNUTLS_CredentialsType |
92 | enum MHD_GNUTLS_CredentialsType mhd_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm | 107 | type, |
93 | algorithm, int server); | 108 | int server); |
109 | enum MHD_GNUTLS_CredentialsType mhd_gtls_map_kx_get_cred (enum | ||
110 | MHD_GNUTLS_KeyExchangeAlgorithm | ||
111 | algorithm, | ||
112 | int server); | ||
94 | 113 | ||
95 | /* KX to PK mapping. */ | 114 | /* KX to PK mapping. */ |
96 | enum MHD_GNUTLS_PublicKeyAlgorithm mhd_gtls_map_pk_get_pk (enum MHD_GNUTLS_KeyExchangeAlgorithm | 115 | enum MHD_GNUTLS_PublicKeyAlgorithm mhd_gtls_map_pk_get_pk (enum |
97 | kx_algorithm); | 116 | MHD_GNUTLS_KeyExchangeAlgorithm |
98 | enum MHD_GNUTLS_PublicKeyAlgorithm mhd_gtls_x509_oid2pk_algorithm (const char *oid); | 117 | kx_algorithm); |
99 | const char * mhd_gtls_x509_pk_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk); | 118 | enum MHD_GNUTLS_PublicKeyAlgorithm mhd_gtls_x509_oid2pk_algorithm (const char |
119 | *oid); | ||
120 | const char *mhd_gtls_x509_pk_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk); | ||
100 | 121 | ||
101 | enum encipher_type | 122 | enum encipher_type |
102 | { CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN }; | 123 | { CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN }; |
103 | 124 | ||
104 | enum encipher_type mhd_gtls_kx_encipher_type (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); | 125 | enum encipher_type mhd_gtls_kx_encipher_type (enum |
126 | MHD_GNUTLS_KeyExchangeAlgorithm | ||
127 | algorithm); | ||
105 | 128 | ||
106 | struct mhd_gtls_compression_entry | 129 | struct mhd_gtls_compression_entry |
107 | { | 130 | { |
108 | const char *name; | 131 | const char *name; |
109 | enum MHD_GNUTLS_CompressionMethod id; | 132 | enum MHD_GNUTLS_CompressionMethod id; |
110 | int num; /* the number reserved in TLS for the specific compression method */ | 133 | int num; /* the number reserved in TLS for the specific compression method */ |
111 | 134 | ||
112 | /* used in zlib compressor */ | 135 | /* used in zlib compressor */ |
113 | int window_bits; | 136 | int window_bits; |
@@ -118,24 +141,30 @@ typedef struct mhd_gtls_compression_entry gnutls_compression_entry; | |||
118 | 141 | ||
119 | /* Functions for sign algorithms. */ | 142 | /* Functions for sign algorithms. */ |
120 | gnutls_sign_algorithm_t mhd_gtls_x509_oid2sign_algorithm (const char *oid); | 143 | gnutls_sign_algorithm_t mhd_gtls_x509_oid2sign_algorithm (const char *oid); |
121 | gnutls_sign_algorithm_t mhd_gtls_x509_pk_to_sign (enum MHD_GNUTLS_PublicKeyAlgorithm pk, | 144 | gnutls_sign_algorithm_t mhd_gtls_x509_pk_to_sign (enum |
122 | enum MHD_GNUTLS_HashAlgorithm mac); | 145 | MHD_GNUTLS_PublicKeyAlgorithm |
123 | const char * mhd_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm, | 146 | pk, |
124 | enum MHD_GNUTLS_HashAlgorithm mac); | 147 | enum |
148 | MHD_GNUTLS_HashAlgorithm | ||
149 | mac); | ||
150 | const char *mhd_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm, | ||
151 | enum MHD_GNUTLS_HashAlgorithm mac); | ||
125 | 152 | ||
126 | int mhd_gtls_mac_priority (mhd_gtls_session_t session, | 153 | int mhd_gtls_mac_priority (mhd_gtls_session_t session, |
127 | enum MHD_GNUTLS_HashAlgorithm algorithm); | 154 | enum MHD_GNUTLS_HashAlgorithm algorithm); |
128 | int mhd_gtls_cipher_priority (mhd_gtls_session_t session, | 155 | int mhd_gtls_cipher_priority (mhd_gtls_session_t session, |
129 | enum MHD_GNUTLS_CipherAlgorithm algorithm); | 156 | enum MHD_GNUTLS_CipherAlgorithm algorithm); |
130 | int mhd_gtls_kx_priority (mhd_gtls_session_t session, | 157 | int mhd_gtls_kx_priority (mhd_gtls_session_t session, |
131 | enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); | 158 | enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); |
132 | int mhd_gtls_compression_priority (mhd_gtls_session_t session, | 159 | int mhd_gtls_compression_priority (mhd_gtls_session_t session, |
133 | enum MHD_GNUTLS_CompressionMethod algorithm); | 160 | enum MHD_GNUTLS_CompressionMethod |
134 | 161 | algorithm); | |
135 | enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char* name); | 162 | |
136 | enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char* name); | 163 | enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name); |
137 | enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char* name); | 164 | enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name); |
138 | enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char* name); | 165 | enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char *name); |
139 | enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char* name); | 166 | enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char *name); |
167 | enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char | ||
168 | *name); | ||
140 | 169 | ||
141 | #endif | 170 | #endif |
diff --git a/src/daemon/https/tls/gnutls_anon_cred.c b/src/daemon/https/tls/gnutls_anon_cred.c index 9fd344db..3ea9768d 100644 --- a/src/daemon/https/tls/gnutls_anon_cred.c +++ b/src/daemon/https/tls/gnutls_anon_cred.c | |||
@@ -43,7 +43,8 @@ static const int anon_dummy; | |||
43 | * helper function is provided in order to free (deallocate) it. | 43 | * helper function is provided in order to free (deallocate) it. |
44 | **/ | 44 | **/ |
45 | void | 45 | void |
46 | MHD_gnutls_anon_free_server_credentials (mhd_gtls_anon_server_credentials_t sc) | 46 | MHD_gnutls_anon_free_server_credentials (mhd_gtls_anon_server_credentials_t |
47 | sc) | ||
47 | { | 48 | { |
48 | 49 | ||
49 | gnutls_free (sc); | 50 | gnutls_free (sc); |
@@ -59,12 +60,12 @@ MHD_gnutls_anon_free_server_credentials (mhd_gtls_anon_server_credentials_t sc) | |||
59 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code. | 60 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code. |
60 | **/ | 61 | **/ |
61 | int | 62 | int |
62 | MHD_gnutls_anon_allocate_server_credentials (mhd_gtls_anon_server_credentials_t * | 63 | MHD_gnutls_anon_allocate_server_credentials |
63 | sc) | 64 | (mhd_gtls_anon_server_credentials_t * sc) |
64 | { | 65 | { |
65 | *sc = gnutls_calloc (1, sizeof (mhd_anon_server_credentials_st)); | 66 | *sc = gnutls_calloc (1, sizeof (mhd_anon_server_credentials_st)); |
66 | if (*sc == NULL) | 67 | if (*sc == NULL) |
67 | return GNUTLS_E_MEMORY_ERROR; | 68 | return GNUTLS_E_MEMORY_ERROR; |
68 | 69 | ||
69 | return 0; | 70 | return 0; |
70 | } | 71 | } |
@@ -78,7 +79,8 @@ MHD_gnutls_anon_allocate_server_credentials (mhd_gtls_anon_server_credentials_t | |||
78 | * helper function is provided in order to free (deallocate) it. | 79 | * helper function is provided in order to free (deallocate) it. |
79 | **/ | 80 | **/ |
80 | void | 81 | void |
81 | MHD_gnutls_anon_free_client_credentials (mhd_gtls_anon_client_credentials_t sc) | 82 | MHD_gnutls_anon_free_client_credentials (mhd_gtls_anon_client_credentials_t |
83 | sc) | ||
82 | { | 84 | { |
83 | } | 85 | } |
84 | 86 | ||
@@ -92,8 +94,8 @@ MHD_gnutls_anon_free_client_credentials (mhd_gtls_anon_client_credentials_t sc) | |||
92 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code. | 94 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code. |
93 | **/ | 95 | **/ |
94 | int | 96 | int |
95 | MHD_gnutls_anon_allocate_client_credentials (mhd_gtls_anon_client_credentials_t * | 97 | MHD_gnutls_anon_allocate_client_credentials |
96 | sc) | 98 | (mhd_gtls_anon_client_credentials_t * sc) |
97 | { | 99 | { |
98 | /* anon_dummy is only there for *sc not to be null. | 100 | /* anon_dummy is only there for *sc not to be null. |
99 | * it is not used at all; | 101 | * it is not used at all; |
@@ -114,7 +116,7 @@ MHD_gnutls_anon_allocate_client_credentials (mhd_gtls_anon_client_credentials_t | |||
114 | **/ | 116 | **/ |
115 | void | 117 | void |
116 | MHD_gnutls_anon_set_server_dh_params (mhd_gtls_anon_server_credentials_t res, | 118 | MHD_gnutls_anon_set_server_dh_params (mhd_gtls_anon_server_credentials_t res, |
117 | mhd_gtls_dh_params_t dh_params) | 119 | mhd_gtls_dh_params_t dh_params) |
118 | { | 120 | { |
119 | res->dh_params = dh_params; | 121 | res->dh_params = dh_params; |
120 | } | 122 | } |
@@ -129,8 +131,9 @@ MHD_gnutls_anon_set_server_dh_params (mhd_gtls_anon_server_credentials_t res, | |||
129 | * callback should return zero on success. | 131 | * callback should return zero on success. |
130 | **/ | 132 | **/ |
131 | void | 133 | void |
132 | MHD_gnutls_anon_set_server_params_function (mhd_gtls_anon_server_credentials_t res, | 134 | MHD_gnutls_anon_set_server_params_function (mhd_gtls_anon_server_credentials_t |
133 | gnutls_params_function * func) | 135 | res, |
136 | gnutls_params_function * func) | ||
134 | { | 137 | { |
135 | res->params_func = func; | 138 | res->params_func = func; |
136 | } | 139 | } |
diff --git a/src/daemon/https/tls/gnutls_auth.c b/src/daemon/https/tls/gnutls_auth.c index a7ad89cc..1b805c10 100644 --- a/src/daemon/https/tls/gnutls_auth.c +++ b/src/daemon/https/tls/gnutls_auth.c | |||
@@ -60,7 +60,7 @@ MHD_gnutls_credentials_clear (mhd_gtls_session_t session) | |||
60 | } | 60 | } |
61 | } | 61 | } |
62 | 62 | ||
63 | /* | 63 | /* |
64 | * This creates a linked list of the form: | 64 | * This creates a linked list of the form: |
65 | * { algorithm, credentials, pointer to next } | 65 | * { algorithm, credentials, pointer to next } |
66 | */ | 66 | */ |
@@ -71,17 +71,17 @@ MHD_gnutls_credentials_clear (mhd_gtls_session_t session) | |||
71 | * @cred: is a pointer to a structure. | 71 | * @cred: is a pointer to a structure. |
72 | * | 72 | * |
73 | * Sets the needed credentials for the specified type. | 73 | * Sets the needed credentials for the specified type. |
74 | * Eg username, password - or public and private keys etc. | 74 | * Eg username, password - or public and private keys etc. |
75 | * The (void* cred) parameter is a structure that depends on the | 75 | * The (void* cred) parameter is a structure that depends on the |
76 | * specified type and on the current session (client or server). | 76 | * specified type and on the current session (client or server). |
77 | * [ In order to minimize memory usage, and share credentials between | 77 | * [ In order to minimize memory usage, and share credentials between |
78 | * several threads gnutls keeps a pointer to cred, and not the whole cred | 78 | * several threads gnutls keeps a pointer to cred, and not the whole cred |
79 | * structure. Thus you will have to keep the structure allocated until | 79 | * structure. Thus you will have to keep the structure allocated until |
80 | * you call MHD_gnutls_deinit(). ] | 80 | * you call MHD_gnutls_deinit(). ] |
81 | * | 81 | * |
82 | * For GNUTLS_CRD_ANON cred should be mhd_gtls_anon_client_credentials_t in case of a client. | 82 | * For GNUTLS_CRD_ANON cred should be mhd_gtls_anon_client_credentials_t in case of a client. |
83 | * In case of a server it should be mhd_gtls_anon_server_credentials_t. | 83 | * In case of a server it should be mhd_gtls_anon_server_credentials_t. |
84 | * | 84 | * |
85 | * For GNUTLS_CRD_SRP cred should be gnutls_srp_client_credentials_t | 85 | * For GNUTLS_CRD_SRP cred should be gnutls_srp_client_credentials_t |
86 | * in case of a client, and gnutls_srp_server_credentials_t, in case | 86 | * in case of a client, and gnutls_srp_server_credentials_t, in case |
87 | * of a server. | 87 | * of a server. |
@@ -91,7 +91,7 @@ MHD_gnutls_credentials_clear (mhd_gtls_session_t session) | |||
91 | **/ | 91 | **/ |
92 | int | 92 | int |
93 | MHD_gnutls_credentials_set (mhd_gtls_session_t session, | 93 | MHD_gnutls_credentials_set (mhd_gtls_session_t session, |
94 | enum MHD_GNUTLS_CredentialsType type, void *cred) | 94 | enum MHD_GNUTLS_CredentialsType type, void *cred) |
95 | { | 95 | { |
96 | auth_cred_st *ccred = NULL, *pcred = NULL; | 96 | auth_cred_st *ccred = NULL, *pcred = NULL; |
97 | int exists = 0; | 97 | int exists = 0; |
@@ -156,7 +156,7 @@ MHD_gnutls_credentials_set (mhd_gtls_session_t session, | |||
156 | * Returns type of credentials for the current authentication schema. | 156 | * Returns type of credentials for the current authentication schema. |
157 | * The returned information is to be used to distinguish the function used | 157 | * The returned information is to be used to distinguish the function used |
158 | * to access authentication data. | 158 | * to access authentication data. |
159 | * | 159 | * |
160 | * Eg. for CERTIFICATE ciphersuites (key exchange algorithms: KX_RSA, KX_DHE_RSA), | 160 | * Eg. for CERTIFICATE ciphersuites (key exchange algorithms: KX_RSA, KX_DHE_RSA), |
161 | * the same function are to be used to access the authentication data. | 161 | * the same function are to be used to access the authentication data. |
162 | **/ | 162 | **/ |
@@ -170,8 +170,8 @@ MHD_gtls_auth_get_type (mhd_gtls_session_t session) | |||
170 | 170 | ||
171 | return | 171 | return |
172 | mhd_gtls_map_kx_get_cred (mhd_gtls_cipher_suite_get_kx_algo | 172 | mhd_gtls_map_kx_get_cred (mhd_gtls_cipher_suite_get_kx_algo |
173 | (&session->security_parameters. | 173 | (&session->security_parameters. |
174 | current_cipher_suite), server); | 174 | current_cipher_suite), server); |
175 | } | 175 | } |
176 | 176 | ||
177 | /** | 177 | /** |
@@ -181,15 +181,15 @@ MHD_gtls_auth_get_type (mhd_gtls_session_t session) | |||
181 | * Returns the type of credentials that were used for server authentication. | 181 | * Returns the type of credentials that were used for server authentication. |
182 | * The returned information is to be used to distinguish the function used | 182 | * The returned information is to be used to distinguish the function used |
183 | * to access authentication data. | 183 | * to access authentication data. |
184 | * | 184 | * |
185 | **/ | 185 | **/ |
186 | enum MHD_GNUTLS_CredentialsType | 186 | enum MHD_GNUTLS_CredentialsType |
187 | MHD_gtls_auth_server_get_type (mhd_gtls_session_t session) | 187 | MHD_gtls_auth_server_get_type (mhd_gtls_session_t session) |
188 | { | 188 | { |
189 | return | 189 | return |
190 | mhd_gtls_map_kx_get_cred (mhd_gtls_cipher_suite_get_kx_algo | 190 | mhd_gtls_map_kx_get_cred (mhd_gtls_cipher_suite_get_kx_algo |
191 | (&session->security_parameters. | 191 | (&session->security_parameters. |
192 | current_cipher_suite), 1); | 192 | current_cipher_suite), 1); |
193 | } | 193 | } |
194 | 194 | ||
195 | /** | 195 | /** |
@@ -199,34 +199,35 @@ MHD_gtls_auth_server_get_type (mhd_gtls_session_t session) | |||
199 | * Returns the type of credentials that were used for client authentication. | 199 | * Returns the type of credentials that were used for client authentication. |
200 | * The returned information is to be used to distinguish the function used | 200 | * The returned information is to be used to distinguish the function used |
201 | * to access authentication data. | 201 | * to access authentication data. |
202 | * | 202 | * |
203 | **/ | 203 | **/ |
204 | enum MHD_GNUTLS_CredentialsType | 204 | enum MHD_GNUTLS_CredentialsType |
205 | MHD_gtls_auth_client_get_type (mhd_gtls_session_t session) | 205 | MHD_gtls_auth_client_get_type (mhd_gtls_session_t session) |
206 | { | 206 | { |
207 | return | 207 | return |
208 | mhd_gtls_map_kx_get_cred (mhd_gtls_cipher_suite_get_kx_algo | 208 | mhd_gtls_map_kx_get_cred (mhd_gtls_cipher_suite_get_kx_algo |
209 | (&session->security_parameters. | 209 | (&session->security_parameters. |
210 | current_cipher_suite), 0); | 210 | current_cipher_suite), 0); |
211 | } | 211 | } |
212 | 212 | ||
213 | 213 | ||
214 | /* | 214 | /* |
215 | * This returns a pointer to the linked list. Don't | 215 | * This returns a pointer to the linked list. Don't |
216 | * free that!!! | 216 | * free that!!! |
217 | */ | 217 | */ |
218 | const void * | 218 | const void * |
219 | mhd_gtls_get_kx_cred (mhd_gtls_session_t session, | 219 | mhd_gtls_get_kx_cred (mhd_gtls_session_t session, |
220 | enum MHD_GNUTLS_KeyExchangeAlgorithm algo, int *err) | 220 | enum MHD_GNUTLS_KeyExchangeAlgorithm algo, int *err) |
221 | { | 221 | { |
222 | int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0; | 222 | int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0; |
223 | 223 | ||
224 | return mhd_gtls_get_cred (session->key, | 224 | return mhd_gtls_get_cred (session->key, |
225 | mhd_gtls_map_kx_get_cred (algo, server), err); | 225 | mhd_gtls_map_kx_get_cred (algo, server), err); |
226 | } | 226 | } |
227 | 227 | ||
228 | const void * | 228 | const void * |
229 | mhd_gtls_get_cred (mhd_gtls_key_st key, enum MHD_GNUTLS_CredentialsType type, int *err) | 229 | mhd_gtls_get_cred (mhd_gtls_key_st key, enum MHD_GNUTLS_CredentialsType type, |
230 | int *err) | ||
230 | { | 231 | { |
231 | const void *retval = NULL; | 232 | const void *retval = NULL; |
232 | int _err = -1; | 233 | int _err = -1; |
@@ -354,8 +355,8 @@ mhd_gtls_free_auth_info (mhd_gtls_session_t session) | |||
354 | */ | 355 | */ |
355 | int | 356 | int |
356 | mhd_gtls_auth_info_set (mhd_gtls_session_t session, | 357 | mhd_gtls_auth_info_set (mhd_gtls_session_t session, |
357 | enum MHD_GNUTLS_CredentialsType type, int size, | 358 | enum MHD_GNUTLS_CredentialsType type, int size, |
358 | int allow_change) | 359 | int allow_change) |
359 | { | 360 | { |
360 | if (session->key->auth_info == NULL) | 361 | if (session->key->auth_info == NULL) |
361 | { | 362 | { |
@@ -378,7 +379,8 @@ mhd_gtls_auth_info_set (mhd_gtls_session_t session, | |||
378 | * ciphersuite which is negotiated has different authentication | 379 | * ciphersuite which is negotiated has different authentication |
379 | * schema. | 380 | * schema. |
380 | */ | 381 | */ |
381 | if (MHD_gtls_auth_get_type (session) != session->key->auth_info_type) | 382 | if (MHD_gtls_auth_get_type (session) != |
383 | session->key->auth_info_type) | ||
382 | { | 384 | { |
383 | gnutls_assert (); | 385 | gnutls_assert (); |
384 | return GNUTLS_E_INVALID_REQUEST; | 386 | return GNUTLS_E_INVALID_REQUEST; |
@@ -392,7 +394,8 @@ mhd_gtls_auth_info_set (mhd_gtls_session_t session, | |||
392 | * certificate (in order to prevent revealing the certificate's contents, | 394 | * certificate (in order to prevent revealing the certificate's contents, |
393 | * to passive eavesdropers. | 395 | * to passive eavesdropers. |
394 | */ | 396 | */ |
395 | if (MHD_gtls_auth_get_type (session) != session->key->auth_info_type) | 397 | if (MHD_gtls_auth_get_type (session) != |
398 | session->key->auth_info_type) | ||
396 | { | 399 | { |
397 | 400 | ||
398 | mhd_gtls_free_auth_info (session); | 401 | mhd_gtls_free_auth_info (session); |
diff --git a/src/daemon/https/tls/gnutls_auth.h b/src/daemon/https/tls/gnutls_auth.h index 89d07d88..a29a1faa 100644 --- a/src/daemon/https/tls/gnutls_auth.h +++ b/src/daemon/https/tls/gnutls_auth.h | |||
@@ -27,24 +27,25 @@ | |||
27 | 27 | ||
28 | typedef struct mhd_gtls_mod_auth_st_int | 28 | typedef struct mhd_gtls_mod_auth_st_int |
29 | { | 29 | { |
30 | const char *name; /* null terminated */ | 30 | const char *name; /* null terminated */ |
31 | int (* mhd_gtls_gen_server_certificate) (mhd_gtls_session_t, opaque **); | 31 | int (*mhd_gtls_gen_server_certificate) (mhd_gtls_session_t, opaque **); |
32 | int (* mhd_gtls_gen_client_certificate) (mhd_gtls_session_t, opaque **); | 32 | int (*mhd_gtls_gen_client_certificate) (mhd_gtls_session_t, opaque **); |
33 | int (* mhd_gtls_gen_server_kx) (mhd_gtls_session_t, opaque **); | 33 | int (*mhd_gtls_gen_server_kx) (mhd_gtls_session_t, opaque **); |
34 | int (* mhd_gtls_gen_client_kx) (mhd_gtls_session_t, opaque **); /* used in SRP */ | 34 | int (*mhd_gtls_gen_client_kx) (mhd_gtls_session_t, opaque **); /* used in SRP */ |
35 | int (* mhd_gtls_gen_client_cert_vrfy) (mhd_gtls_session_t, opaque **); | 35 | int (*mhd_gtls_gen_client_cert_vrfy) (mhd_gtls_session_t, opaque **); |
36 | int (* mhd_gtls_gen_server_certificate_request) (mhd_gtls_session_t, | 36 | int (*mhd_gtls_gen_server_certificate_request) (mhd_gtls_session_t, |
37 | opaque **); | 37 | opaque **); |
38 | 38 | ||
39 | int (* mhd_gtls_process_server_certificate) (mhd_gtls_session_t, opaque *, | 39 | int (*mhd_gtls_process_server_certificate) (mhd_gtls_session_t, opaque *, |
40 | size_t); | 40 | size_t); |
41 | int (* mhd_gtls_process_client_certificate) (mhd_gtls_session_t, opaque *, | 41 | int (*mhd_gtls_process_client_certificate) (mhd_gtls_session_t, opaque *, |
42 | size_t); | 42 | size_t); |
43 | int (* mhd_gtls_process_server_kx) (mhd_gtls_session_t, opaque *, size_t); | 43 | int (*mhd_gtls_process_server_kx) (mhd_gtls_session_t, opaque *, size_t); |
44 | int (* mhd_gtls_process_client_kx) (mhd_gtls_session_t, opaque *, size_t); | 44 | int (*mhd_gtls_process_client_kx) (mhd_gtls_session_t, opaque *, size_t); |
45 | int (* mhd_gtls_process_client_cert_vrfy) (mhd_gtls_session_t, opaque *, size_t); | 45 | int (*mhd_gtls_process_client_cert_vrfy) (mhd_gtls_session_t, opaque *, |
46 | int (* mhd_gtls_process_server_certificate_request) (mhd_gtls_session_t, | 46 | size_t); |
47 | opaque *, size_t); | 47 | int (*mhd_gtls_process_server_certificate_request) (mhd_gtls_session_t, |
48 | opaque *, size_t); | ||
48 | } mhd_gtls_mod_auth_st; | 49 | } mhd_gtls_mod_auth_st; |
49 | 50 | ||
50 | #endif | 51 | #endif |
diff --git a/src/daemon/https/tls/gnutls_auth_int.h b/src/daemon/https/tls/gnutls_auth_int.h index 5ec71e8e..ac821277 100644 --- a/src/daemon/https/tls/gnutls_auth_int.h +++ b/src/daemon/https/tls/gnutls_auth_int.h | |||
@@ -22,11 +22,12 @@ | |||
22 | * | 22 | * |
23 | */ | 23 | */ |
24 | 24 | ||
25 | const void * mhd_gtls_get_cred (mhd_gtls_key_st key, | 25 | const void *mhd_gtls_get_cred (mhd_gtls_key_st key, |
26 | enum MHD_GNUTLS_CredentialsType kx, int *err); | 26 | enum MHD_GNUTLS_CredentialsType kx, int *err); |
27 | const void * mhd_gtls_get_kx_cred (mhd_gtls_session_t session, | 27 | const void *mhd_gtls_get_kx_cred (mhd_gtls_session_t session, |
28 | enum MHD_GNUTLS_KeyExchangeAlgorithm algo, int *err); | 28 | enum MHD_GNUTLS_KeyExchangeAlgorithm algo, |
29 | void * mhd_gtls_get_auth_info (mhd_gtls_session_t session); | 29 | int *err); |
30 | void *mhd_gtls_get_auth_info (mhd_gtls_session_t session); | ||
30 | int mhd_gtls_auth_info_set (mhd_gtls_session_t session, | 31 | int mhd_gtls_auth_info_set (mhd_gtls_session_t session, |
31 | enum MHD_GNUTLS_CredentialsType type, int size, | 32 | enum MHD_GNUTLS_CredentialsType type, int size, |
32 | int allow_change); | 33 | int allow_change); |
diff --git a/src/daemon/https/tls/gnutls_buffers.c b/src/daemon/https/tls/gnutls_buffers.c index 92979c26..cb2b9e08 100644 --- a/src/daemon/https/tls/gnutls_buffers.c +++ b/src/daemon/https/tls/gnutls_buffers.c | |||
@@ -800,9 +800,9 @@ mhd_gtls_io_write_buffered (mhd_gtls_session_t session, | |||
800 | { | 800 | { |
801 | session->internals.record_send_buffer_prev_size += n - left; | 801 | session->internals.record_send_buffer_prev_size += n - left; |
802 | 802 | ||
803 | retval = _gnutls_buffer_insert (&session->internals. | 803 | retval = |
804 | record_send_buffer, | 804 | _gnutls_buffer_insert (&session->internals.record_send_buffer, |
805 | &ptr[n - left], left); | 805 | &ptr[n - left], left); |
806 | if (retval < 0) | 806 | if (retval < 0) |
807 | { | 807 | { |
808 | gnutls_assert (); | 808 | gnutls_assert (); |
diff --git a/src/daemon/https/tls/gnutls_buffers.h b/src/daemon/https/tls/gnutls_buffers.h index c3a09097..609c2095 100644 --- a/src/daemon/https/tls/gnutls_buffers.h +++ b/src/daemon/https/tls/gnutls_buffers.h | |||
@@ -23,32 +23,32 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | int mhd_gnutls_record_buffer_put (content_type_t type, | 25 | int mhd_gnutls_record_buffer_put (content_type_t type, |
26 | mhd_gtls_session_t session, opaque * data, | 26 | mhd_gtls_session_t session, opaque * data, |
27 | size_t length); | 27 | size_t length); |
28 | int mhd_gnutls_record_buffer_get_size (content_type_t type, | 28 | int mhd_gnutls_record_buffer_get_size (content_type_t type, |
29 | mhd_gtls_session_t session); | 29 | mhd_gtls_session_t session); |
30 | int mhd_gtls_record_buffer_get (content_type_t type, | 30 | int mhd_gtls_record_buffer_get (content_type_t type, |
31 | mhd_gtls_session_t session, opaque * data, | 31 | mhd_gtls_session_t session, opaque * data, |
32 | size_t length); | 32 | size_t length); |
33 | ssize_t mhd_gtls_io_read_buffered (mhd_gtls_session_t, opaque ** iptr, | 33 | ssize_t mhd_gtls_io_read_buffered (mhd_gtls_session_t, opaque ** iptr, |
34 | size_t n, content_type_t); | 34 | size_t n, content_type_t); |
35 | void mhd_gtls_io_clear_read_buffer (mhd_gtls_session_t); | 35 | void mhd_gtls_io_clear_read_buffer (mhd_gtls_session_t); |
36 | int mhd_gtls_io_clear_peeked_data (mhd_gtls_session_t session); | 36 | int mhd_gtls_io_clear_peeked_data (mhd_gtls_session_t session); |
37 | 37 | ||
38 | ssize_t mhd_gtls_io_write_buffered (mhd_gtls_session_t, const void *iptr, | 38 | ssize_t mhd_gtls_io_write_buffered (mhd_gtls_session_t, const void *iptr, |
39 | size_t n); | 39 | size_t n); |
40 | ssize_t mhd_gtls_io_write_buffered2 (mhd_gtls_session_t, const void *iptr, | 40 | ssize_t mhd_gtls_io_write_buffered2 (mhd_gtls_session_t, const void *iptr, |
41 | size_t n, const void *iptr2, size_t n2); | 41 | size_t n, const void *iptr2, size_t n2); |
42 | 42 | ||
43 | int mhd_gtls_handshake_buffer_get_size (mhd_gtls_session_t session); | 43 | int mhd_gtls_handshake_buffer_get_size (mhd_gtls_session_t session); |
44 | int mhd_gtls_handshake_buffer_peek (mhd_gtls_session_t session, opaque * data, | 44 | int mhd_gtls_handshake_buffer_peek (mhd_gtls_session_t session, opaque * data, |
45 | size_t length); | 45 | size_t length); |
46 | int mhd_gtls_handshake_buffer_put (mhd_gtls_session_t session, opaque * data, | 46 | int mhd_gtls_handshake_buffer_put (mhd_gtls_session_t session, opaque * data, |
47 | size_t length); | 47 | size_t length); |
48 | int mhd_gtls_handshake_buffer_clear (mhd_gtls_session_t session); | 48 | int mhd_gtls_handshake_buffer_clear (mhd_gtls_session_t session); |
49 | int mhd_gtls_handshake_buffer_empty (mhd_gtls_session_t session); | 49 | int mhd_gtls_handshake_buffer_empty (mhd_gtls_session_t session); |
50 | int mhd_gtls_handshake_buffer_get_ptr (mhd_gtls_session_t session, | 50 | int mhd_gtls_handshake_buffer_get_ptr (mhd_gtls_session_t session, |
51 | opaque ** data_ptr, size_t * length); | 51 | opaque ** data_ptr, size_t * length); |
52 | 52 | ||
53 | #define _gnutls_handshake_io_buffer_clear( session) \ | 53 | #define _gnutls_handshake_io_buffer_clear( session) \ |
54 | mhd_gtls_buffer_clear( &session->internals.handshake_send_buffer); \ | 54 | mhd_gtls_buffer_clear( &session->internals.handshake_send_buffer); \ |
@@ -56,11 +56,11 @@ int mhd_gtls_handshake_buffer_get_ptr (mhd_gtls_session_t session, | |||
56 | session->internals.handshake_send_buffer_prev_size = 0 | 56 | session->internals.handshake_send_buffer_prev_size = 0 |
57 | 57 | ||
58 | ssize_t mhd_gtls_handshake_io_recv_int (mhd_gtls_session_t, content_type_t, | 58 | ssize_t mhd_gtls_handshake_io_recv_int (mhd_gtls_session_t, content_type_t, |
59 | gnutls_handshake_description_t, void *, | 59 | gnutls_handshake_description_t, |
60 | size_t); | 60 | void *, size_t); |
61 | ssize_t mhd_gtls_handshake_io_send_int (mhd_gtls_session_t, content_type_t, | 61 | ssize_t mhd_gtls_handshake_io_send_int (mhd_gtls_session_t, content_type_t, |
62 | gnutls_handshake_description_t, | 62 | gnutls_handshake_description_t, |
63 | const void *, size_t); | 63 | const void *, size_t); |
64 | ssize_t mhd_gtls_io_write_flush (mhd_gtls_session_t session); | 64 | ssize_t mhd_gtls_io_write_flush (mhd_gtls_session_t session); |
65 | ssize_t mhd_gtls_handshake_io_write_flush (mhd_gtls_session_t session); | 65 | ssize_t mhd_gtls_handshake_io_write_flush (mhd_gtls_session_t session); |
66 | 66 | ||
diff --git a/src/daemon/https/tls/gnutls_cert.c b/src/daemon/https/tls/gnutls_cert.c index c73467bf..17e95e48 100644 --- a/src/daemon/https/tls/gnutls_cert.c +++ b/src/daemon/https/tls/gnutls_cert.c | |||
@@ -141,8 +141,8 @@ MHD_gnutls_certificate_free_ca_names (mhd_gtls_cert_credentials_t sc) | |||
141 | -*/ | 141 | -*/ |
142 | mhd_gtls_rsa_params_t | 142 | mhd_gtls_rsa_params_t |
143 | mhd_gtls_certificate_get_rsa_params (mhd_gtls_rsa_params_t rsa_params, | 143 | mhd_gtls_certificate_get_rsa_params (mhd_gtls_rsa_params_t rsa_params, |
144 | gnutls_params_function * func, | 144 | gnutls_params_function * func, |
145 | mhd_gtls_session_t session) | 145 | mhd_gtls_session_t session) |
146 | { | 146 | { |
147 | gnutls_params_st params; | 147 | gnutls_params_st params; |
148 | int ret; | 148 | int ret; |
@@ -210,7 +210,7 @@ MHD_gnutls_certificate_free_credentials (mhd_gtls_cert_credentials_t sc) | |||
210 | **/ | 210 | **/ |
211 | int | 211 | int |
212 | MHD_gnutls_certificate_allocate_credentials (mhd_gtls_cert_credentials_t * | 212 | MHD_gnutls_certificate_allocate_credentials (mhd_gtls_cert_credentials_t * |
213 | res) | 213 | res) |
214 | { | 214 | { |
215 | *res = gnutls_calloc (1, sizeof (mhd_gtls_cert_credentials_st)); | 215 | *res = gnutls_calloc (1, sizeof (mhd_gtls_cert_credentials_st)); |
216 | 216 | ||
@@ -232,8 +232,8 @@ MHD_gnutls_certificate_allocate_credentials (mhd_gtls_cert_credentials_t * | |||
232 | */ | 232 | */ |
233 | int | 233 | int |
234 | mhd_gtls_selected_cert_supported_kx (mhd_gtls_session_t session, | 234 | mhd_gtls_selected_cert_supported_kx (mhd_gtls_session_t session, |
235 | enum MHD_GNUTLS_KeyExchangeAlgorithm ** alg, | 235 | enum MHD_GNUTLS_KeyExchangeAlgorithm |
236 | int *alg_size) | 236 | **alg, int *alg_size) |
237 | { | 237 | { |
238 | enum MHD_GNUTLS_KeyExchangeAlgorithm kx; | 238 | enum MHD_GNUTLS_KeyExchangeAlgorithm kx; |
239 | enum MHD_GNUTLS_PublicKeyAlgorithm pk; | 239 | enum MHD_GNUTLS_PublicKeyAlgorithm pk; |
@@ -297,7 +297,7 @@ mhd_gtls_selected_cert_supported_kx (mhd_gtls_session_t session, | |||
297 | **/ | 297 | **/ |
298 | void | 298 | void |
299 | MHD_gtls_certificate_server_set_request (mhd_gtls_session_t session, | 299 | MHD_gtls_certificate_server_set_request (mhd_gtls_session_t session, |
300 | gnutls_certificate_request_t req) | 300 | gnutls_certificate_request_t req) |
301 | { | 301 | { |
302 | session->internals.send_cert_req = req; | 302 | session->internals.send_cert_req = req; |
303 | } | 303 | } |
@@ -461,7 +461,7 @@ _gnutls_x509_get_raw_crt_expiration_time (const gnutls_datum_t * cert) | |||
461 | **/ | 461 | **/ |
462 | int | 462 | int |
463 | MHD_gtls_certificate_verify_peers2 (mhd_gtls_session_t session, | 463 | MHD_gtls_certificate_verify_peers2 (mhd_gtls_session_t session, |
464 | unsigned int *status) | 464 | unsigned int *status) |
465 | { | 465 | { |
466 | cert_auth_info_t info; | 466 | cert_auth_info_t info; |
467 | 467 | ||
@@ -549,9 +549,9 @@ MHD_gtls_certificate_expiration_time_peers (mhd_gtls_session_t session) | |||
549 | switch (gnutls_certificate_type_get (session)) | 549 | switch (gnutls_certificate_type_get (session)) |
550 | { | 550 | { |
551 | case MHD_GNUTLS_CRT_X509: | 551 | case MHD_GNUTLS_CRT_X509: |
552 | return _gnutls_x509_get_raw_crt_expiration_time (&info-> | 552 | return |
553 | raw_certificate_list | 553 | _gnutls_x509_get_raw_crt_expiration_time (&info->raw_certificate_list |
554 | [0]); | 554 | [0]); |
555 | default: | 555 | default: |
556 | return (time_t) - 1; | 556 | return (time_t) - 1; |
557 | } | 557 | } |
@@ -588,9 +588,9 @@ MHD_gtls_certificate_activation_time_peers (mhd_gtls_session_t session) | |||
588 | switch (gnutls_certificate_type_get (session)) | 588 | switch (gnutls_certificate_type_get (session)) |
589 | { | 589 | { |
590 | case MHD_GNUTLS_CRT_X509: | 590 | case MHD_GNUTLS_CRT_X509: |
591 | return _gnutls_x509_get_raw_crt_activation_time (&info-> | 591 | return |
592 | raw_certificate_list | 592 | _gnutls_x509_get_raw_crt_activation_time (&info->raw_certificate_list |
593 | [0]); | 593 | [0]); |
594 | default: | 594 | default: |
595 | return (time_t) - 1; | 595 | return (time_t) - 1; |
596 | } | 596 | } |
@@ -598,9 +598,9 @@ MHD_gtls_certificate_activation_time_peers (mhd_gtls_session_t session) | |||
598 | 598 | ||
599 | int | 599 | int |
600 | mhd_gtls_raw_cert_to_gcert (gnutls_cert * gcert, | 600 | mhd_gtls_raw_cert_to_gcert (gnutls_cert * gcert, |
601 | enum MHD_GNUTLS_CertificateType type, | 601 | enum MHD_GNUTLS_CertificateType type, |
602 | const gnutls_datum_t * raw_cert, | 602 | const gnutls_datum_t * raw_cert, |
603 | int flags /* OR of ConvFlags */ ) | 603 | int flags /* OR of ConvFlags */ ) |
604 | { | 604 | { |
605 | switch (type) | 605 | switch (type) |
606 | { | 606 | { |
@@ -614,9 +614,9 @@ mhd_gtls_raw_cert_to_gcert (gnutls_cert * gcert, | |||
614 | 614 | ||
615 | int | 615 | int |
616 | mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key, | 616 | mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key, |
617 | enum MHD_GNUTLS_CertificateType type, | 617 | enum MHD_GNUTLS_CertificateType type, |
618 | const gnutls_datum_t * raw_key, | 618 | const gnutls_datum_t * raw_key, |
619 | int key_enc /* DER or PEM */ ) | 619 | int key_enc /* DER or PEM */ ) |
620 | { | 620 | { |
621 | switch (type) | 621 | switch (type) |
622 | { | 622 | { |
@@ -640,8 +640,8 @@ mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key, | |||
640 | */ | 640 | */ |
641 | int | 641 | int |
642 | mhd_gtls_x509_raw_cert_to_gcert (gnutls_cert * gcert, | 642 | mhd_gtls_x509_raw_cert_to_gcert (gnutls_cert * gcert, |
643 | const gnutls_datum_t * derCert, | 643 | const gnutls_datum_t * derCert, |
644 | int flags /* OR of ConvFlags */ ) | 644 | int flags /* OR of ConvFlags */ ) |
645 | { | 645 | { |
646 | int ret; | 646 | int ret; |
647 | gnutls_x509_crt_t cert; | 647 | gnutls_x509_crt_t cert; |
@@ -671,7 +671,7 @@ mhd_gtls_x509_raw_cert_to_gcert (gnutls_cert * gcert, | |||
671 | */ | 671 | */ |
672 | int | 672 | int |
673 | mhd_gtls_x509_crt_to_gcert (gnutls_cert * gcert, | 673 | mhd_gtls_x509_crt_to_gcert (gnutls_cert * gcert, |
674 | gnutls_x509_crt_t cert, unsigned int flags) | 674 | gnutls_x509_crt_t cert, unsigned int flags) |
675 | { | 675 | { |
676 | int ret = 0; | 676 | int ret = 0; |
677 | 677 | ||
@@ -791,7 +791,7 @@ mhd_gtls_gcert_deinit (gnutls_cert * cert) | |||
791 | **/ | 791 | **/ |
792 | void | 792 | void |
793 | MHD_gtls_sign_callback_set (mhd_gtls_session_t session, | 793 | MHD_gtls_sign_callback_set (mhd_gtls_session_t session, |
794 | gnutls_sign_func sign_func, void *userdata) | 794 | gnutls_sign_func sign_func, void *userdata) |
795 | { | 795 | { |
796 | session->internals.sign_func = sign_func; | 796 | session->internals.sign_func = sign_func; |
797 | session->internals.sign_func_userdata = userdata; | 797 | session->internals.sign_func_userdata = userdata; |
diff --git a/src/daemon/https/tls/gnutls_cert.h b/src/daemon/https/tls/gnutls_cert.h index 877c90d2..129e7e16 100644 --- a/src/daemon/https/tls/gnutls_cert.h +++ b/src/daemon/https/tls/gnutls_cert.h | |||
@@ -29,7 +29,7 @@ | |||
29 | #include <libtasn1.h> | 29 | #include <libtasn1.h> |
30 | #include "x509.h" | 30 | #include "x509.h" |
31 | 31 | ||
32 | #define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */ | 32 | #define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */ |
33 | 33 | ||
34 | /* parameters should not be larger than this limit */ | 34 | /* parameters should not be larger than this limit */ |
35 | #define DSA_PUBLIC_PARAMS 4 | 35 | #define DSA_PUBLIC_PARAMS 4 |
@@ -50,21 +50,21 @@ | |||
50 | 50 | ||
51 | typedef struct gnutls_cert | 51 | typedef struct gnutls_cert |
52 | { | 52 | { |
53 | mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; /* the size of params depends on the public | 53 | mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; /* the size of params depends on the public |
54 | * key algorithm | 54 | * key algorithm |
55 | * RSA: [0] is modulus | 55 | * RSA: [0] is modulus |
56 | * [1] is public exponent | 56 | * [1] is public exponent |
57 | * DSA: [0] is p | 57 | * DSA: [0] is p |
58 | * [1] is q | 58 | * [1] is q |
59 | * [2] is g | 59 | * [2] is g |
60 | * [3] is public key | 60 | * [3] is public key |
61 | */ | 61 | */ |
62 | int params_size; /* holds the size of MPI params */ | 62 | int params_size; /* holds the size of MPI params */ |
63 | 63 | ||
64 | enum MHD_GNUTLS_PublicKeyAlgorithm subject_pk_algorithm; | 64 | enum MHD_GNUTLS_PublicKeyAlgorithm subject_pk_algorithm; |
65 | 65 | ||
66 | unsigned int key_usage; /* bits from KEY_* | 66 | unsigned int key_usage; /* bits from KEY_* |
67 | */ | 67 | */ |
68 | 68 | ||
69 | unsigned int version; | 69 | unsigned int version; |
70 | /* holds the type (PGP, X509) | 70 | /* holds the type (PGP, X509) |
@@ -77,9 +77,9 @@ typedef struct gnutls_cert | |||
77 | 77 | ||
78 | typedef struct gnutls_privkey_int | 78 | typedef struct gnutls_privkey_int |
79 | { | 79 | { |
80 | mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public | 80 | mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public |
81 | * key algorithm | 81 | * key algorithm |
82 | */ | 82 | */ |
83 | /* | 83 | /* |
84 | * RSA: [0] is modulus | 84 | * RSA: [0] is modulus |
85 | * [1] is public exponent | 85 | * [1] is public exponent |
@@ -93,12 +93,12 @@ typedef struct gnutls_privkey_int | |||
93 | * [3] is y (public key) | 93 | * [3] is y (public key) |
94 | * [4] is x (private key) | 94 | * [4] is x (private key) |
95 | */ | 95 | */ |
96 | int params_size; /* holds the number of params */ | 96 | int params_size; /* holds the number of params */ |
97 | 97 | ||
98 | enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; | 98 | enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; |
99 | } gnutls_privkey; | 99 | } gnutls_privkey; |
100 | 100 | ||
101 | struct MHD_gtls_session_int; /* because mhd_gtls_session_t is not defined when this file is included */ | 101 | struct MHD_gtls_session_int; /* because mhd_gtls_session_t is not defined when this file is included */ |
102 | 102 | ||
103 | typedef enum ConvFlags | 103 | typedef enum ConvFlags |
104 | { | 104 | { |
@@ -108,25 +108,25 @@ typedef enum ConvFlags | |||
108 | } ConvFlags; | 108 | } ConvFlags; |
109 | 109 | ||
110 | int mhd_gtls_x509_raw_cert_to_gcert (gnutls_cert * gcert, | 110 | int mhd_gtls_x509_raw_cert_to_gcert (gnutls_cert * gcert, |
111 | const gnutls_datum_t * derCert, | 111 | const gnutls_datum_t * derCert, |
112 | int flags); | 112 | int flags); |
113 | int mhd_gtls_x509_crt_to_gcert (gnutls_cert * gcert, gnutls_x509_crt_t cert, | 113 | int mhd_gtls_x509_crt_to_gcert (gnutls_cert * gcert, gnutls_x509_crt_t cert, |
114 | unsigned int flags); | 114 | unsigned int flags); |
115 | 115 | ||
116 | void mhd_gtls_gkey_deinit (gnutls_privkey * key); | 116 | void mhd_gtls_gkey_deinit (gnutls_privkey * key); |
117 | void mhd_gtls_gcert_deinit (gnutls_cert * cert); | 117 | void mhd_gtls_gcert_deinit (gnutls_cert * cert); |
118 | 118 | ||
119 | int mhd_gtls_selected_cert_supported_kx (struct MHD_gtls_session_int *session, | 119 | int mhd_gtls_selected_cert_supported_kx (struct MHD_gtls_session_int *session, |
120 | enum MHD_GNUTLS_KeyExchangeAlgorithm ** alg, | 120 | enum MHD_GNUTLS_KeyExchangeAlgorithm |
121 | int *alg_size); | 121 | **alg, int *alg_size); |
122 | 122 | ||
123 | int mhd_gtls_raw_cert_to_gcert (gnutls_cert * gcert, | 123 | int mhd_gtls_raw_cert_to_gcert (gnutls_cert * gcert, |
124 | enum MHD_GNUTLS_CertificateType type, | 124 | enum MHD_GNUTLS_CertificateType type, |
125 | const gnutls_datum_t * raw_cert, | 125 | const gnutls_datum_t * raw_cert, |
126 | int flags /* OR of ConvFlags */ ); | 126 | int flags /* OR of ConvFlags */ ); |
127 | int mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key, | 127 | int mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key, |
128 | enum MHD_GNUTLS_CertificateType type, | 128 | enum MHD_GNUTLS_CertificateType type, |
129 | const gnutls_datum_t * raw_key, | 129 | const gnutls_datum_t * raw_key, |
130 | int key_enc /* DER or PEM */ ); | 130 | int key_enc /* DER or PEM */ ); |
131 | 131 | ||
132 | #endif | 132 | #endif |
diff --git a/src/daemon/https/tls/gnutls_cipher.c b/src/daemon/https/tls/gnutls_cipher.c index 8d7d0763..872abdf0 100644 --- a/src/daemon/https/tls/gnutls_cipher.c +++ b/src/daemon/https/tls/gnutls_cipher.c | |||
@@ -69,9 +69,9 @@ is_read_comp_null (mhd_gtls_session_t session) | |||
69 | */ | 69 | */ |
70 | int | 70 | int |
71 | mhd_gtls_encrypt (mhd_gtls_session_t session, const opaque * headers, | 71 | mhd_gtls_encrypt (mhd_gtls_session_t session, const opaque * headers, |
72 | size_t headers_size, const opaque * data, | 72 | size_t headers_size, const opaque * data, |
73 | size_t data_size, opaque * ciphertext, | 73 | size_t data_size, opaque * ciphertext, |
74 | size_t ciphertext_size, content_type_t type, int random_pad) | 74 | size_t ciphertext_size, content_type_t type, int random_pad) |
75 | { | 75 | { |
76 | gnutls_datum_t plain; | 76 | gnutls_datum_t plain; |
77 | gnutls_datum_t comp; | 77 | gnutls_datum_t comp; |
@@ -100,8 +100,8 @@ mhd_gtls_encrypt (mhd_gtls_session_t session, const opaque * headers, | |||
100 | } | 100 | } |
101 | 101 | ||
102 | ret = mhd_gtls_compressed2ciphertext (session, &ciphertext[headers_size], | 102 | ret = mhd_gtls_compressed2ciphertext (session, &ciphertext[headers_size], |
103 | ciphertext_size - headers_size, | 103 | ciphertext_size - headers_size, |
104 | comp, type, random_pad); | 104 | comp, type, random_pad); |
105 | 105 | ||
106 | if (free_comp) | 106 | if (free_comp) |
107 | _gnutls_free_datum (&comp); | 107 | _gnutls_free_datum (&comp); |
@@ -125,8 +125,8 @@ mhd_gtls_encrypt (mhd_gtls_session_t session, const opaque * headers, | |||
125 | */ | 125 | */ |
126 | int | 126 | int |
127 | mhd_gtls_decrypt (mhd_gtls_session_t session, opaque * ciphertext, | 127 | mhd_gtls_decrypt (mhd_gtls_session_t session, opaque * ciphertext, |
128 | size_t ciphertext_size, uint8_t * data, | 128 | size_t ciphertext_size, uint8_t * data, |
129 | size_t max_data_size, content_type_t type) | 129 | size_t max_data_size, content_type_t type) |
130 | { | 130 | { |
131 | gnutls_datum_t gtxt; | 131 | gnutls_datum_t gtxt; |
132 | gnutls_datum_t gcipher; | 132 | gnutls_datum_t gcipher; |
@@ -140,7 +140,7 @@ mhd_gtls_decrypt (mhd_gtls_session_t session, opaque * ciphertext, | |||
140 | 140 | ||
141 | ret = | 141 | ret = |
142 | mhd_gtls_ciphertext2compressed (session, data, max_data_size, | 142 | mhd_gtls_ciphertext2compressed (session, data, max_data_size, |
143 | gcipher, type); | 143 | gcipher, type); |
144 | if (ret < 0) | 144 | if (ret < 0) |
145 | { | 145 | { |
146 | return ret; | 146 | return ret; |
@@ -290,9 +290,9 @@ calc_enc_length (mhd_gtls_session_t session, int data_size, | |||
290 | */ | 290 | */ |
291 | int | 291 | int |
292 | mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, | 292 | mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, |
293 | opaque * cipher_data, int cipher_size, | 293 | opaque * cipher_data, int cipher_size, |
294 | gnutls_datum_t compressed, | 294 | gnutls_datum_t compressed, |
295 | content_type_t _type, int random_pad) | 295 | content_type_t _type, int random_pad) |
296 | { | 296 | { |
297 | uint8_t MAC[MAX_HASH_SIZE]; | 297 | uint8_t MAC[MAX_HASH_SIZE]; |
298 | uint16_t c_length; | 298 | uint16_t c_length; |
@@ -303,14 +303,14 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, | |||
303 | uint8_t major, minor; | 303 | uint8_t major, minor; |
304 | int hash_size = | 304 | int hash_size = |
305 | mhd_gnutls_hash_get_algo_len (session->security_parameters. | 305 | mhd_gnutls_hash_get_algo_len (session->security_parameters. |
306 | write_mac_algorithm); | 306 | write_mac_algorithm); |
307 | enum MHD_GNUTLS_Protocol ver; | 307 | enum MHD_GNUTLS_Protocol ver; |
308 | int blocksize = | 308 | int blocksize = |
309 | mhd_gtls_cipher_get_block_size (session->security_parameters. | 309 | mhd_gtls_cipher_get_block_size (session->security_parameters. |
310 | write_bulk_cipher_algorithm); | 310 | write_bulk_cipher_algorithm); |
311 | cipher_type_t block_algo = | 311 | cipher_type_t block_algo = |
312 | mhd_gtls_cipher_is_block (session->security_parameters. | 312 | mhd_gtls_cipher_is_block (session->security_parameters. |
313 | write_bulk_cipher_algorithm); | 313 | write_bulk_cipher_algorithm); |
314 | opaque *data_ptr; | 314 | opaque *data_ptr; |
315 | 315 | ||
316 | 316 | ||
@@ -336,15 +336,15 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, | |||
336 | 336 | ||
337 | if (td != GNUTLS_MAC_FAILED) | 337 | if (td != GNUTLS_MAC_FAILED) |
338 | { /* actually when the algorithm in not the NULL one */ | 338 | { /* actually when the algorithm in not the NULL one */ |
339 | mhd_gnutls_hash (td, | 339 | mhd_gnutls_hash (td, |
340 | UINT64DATA (session->connection_state. | 340 | UINT64DATA (session->connection_state. |
341 | write_sequence_number), 8); | 341 | write_sequence_number), 8); |
342 | 342 | ||
343 | mhd_gnutls_hash (td, &type, 1); | 343 | mhd_gnutls_hash (td, &type, 1); |
344 | if (ver >= MHD_GNUTLS_TLS1_0) | 344 | if (ver >= MHD_GNUTLS_TLS1_0) |
345 | { /* TLS 1.0 or higher */ | 345 | { /* TLS 1.0 or higher */ |
346 | mhd_gnutls_hash (td, &major, 1); | 346 | mhd_gnutls_hash (td, &major, 1); |
347 | mhd_gnutls_hash (td, &minor, 1); | 347 | mhd_gnutls_hash (td, &minor, 1); |
348 | } | 348 | } |
349 | mhd_gnutls_hash (td, &c_length, 2); | 349 | mhd_gnutls_hash (td, &c_length, 2); |
350 | mhd_gnutls_hash (td, compressed.data, compressed.size); | 350 | mhd_gnutls_hash (td, compressed.data, compressed.size); |
@@ -401,8 +401,9 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, | |||
401 | 401 | ||
402 | /* Actual encryption (inplace). | 402 | /* Actual encryption (inplace). |
403 | */ | 403 | */ |
404 | ret = mhd_gtls_cipher_encrypt (session->connection_state. | 404 | ret = |
405 | write_cipher_state, cipher_data, length); | 405 | mhd_gtls_cipher_encrypt (session->connection_state.write_cipher_state, |
406 | cipher_data, length); | ||
406 | if (ret < 0) | 407 | if (ret < 0) |
407 | { | 408 | { |
408 | gnutls_assert (); | 409 | gnutls_assert (); |
@@ -417,9 +418,9 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, | |||
417 | */ | 418 | */ |
418 | int | 419 | int |
419 | mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, | 420 | mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, |
420 | opaque * compress_data, | 421 | opaque * compress_data, |
421 | int compress_size, | 422 | int compress_size, |
422 | gnutls_datum_t ciphertext, uint8_t type) | 423 | gnutls_datum_t ciphertext, uint8_t type) |
423 | { | 424 | { |
424 | uint8_t MAC[MAX_HASH_SIZE]; | 425 | uint8_t MAC[MAX_HASH_SIZE]; |
425 | uint16_t c_length; | 426 | uint16_t c_length; |
@@ -432,14 +433,15 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, | |||
432 | enum MHD_GNUTLS_Protocol ver; | 433 | enum MHD_GNUTLS_Protocol ver; |
433 | int hash_size = | 434 | int hash_size = |
434 | mhd_gnutls_hash_get_algo_len (session->security_parameters. | 435 | mhd_gnutls_hash_get_algo_len (session->security_parameters. |
435 | read_mac_algorithm); | 436 | read_mac_algorithm); |
436 | 437 | ||
437 | ver = MHD_gnutls_protocol_get_version (session); | 438 | ver = MHD_gnutls_protocol_get_version (session); |
438 | minor = mhd_gtls_version_get_minor (ver); | 439 | minor = mhd_gtls_version_get_minor (ver); |
439 | major = mhd_gtls_version_get_major (ver); | 440 | major = mhd_gtls_version_get_major (ver); |
440 | 441 | ||
441 | blocksize = mhd_gtls_cipher_get_block_size (session->security_parameters. | 442 | blocksize = |
442 | read_bulk_cipher_algorithm); | 443 | mhd_gtls_cipher_get_block_size (session->security_parameters. |
444 | read_bulk_cipher_algorithm); | ||
443 | 445 | ||
444 | /* initialize MAC | 446 | /* initialize MAC |
445 | */ | 447 | */ |
@@ -462,10 +464,10 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, | |||
462 | (session->security_parameters.read_bulk_cipher_algorithm)) | 464 | (session->security_parameters.read_bulk_cipher_algorithm)) |
463 | { | 465 | { |
464 | case CIPHER_STREAM: | 466 | case CIPHER_STREAM: |
465 | if ((ret = mhd_gtls_cipher_decrypt (session->connection_state. | 467 | if ((ret = |
466 | read_cipher_state, | 468 | mhd_gtls_cipher_decrypt (session->connection_state. |
467 | ciphertext.data, | 469 | read_cipher_state, ciphertext.data, |
468 | ciphertext.size)) < 0) | 470 | ciphertext.size)) < 0) |
469 | { | 471 | { |
470 | gnutls_assert (); | 472 | gnutls_assert (); |
471 | return ret; | 473 | return ret; |
@@ -481,10 +483,10 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, | |||
481 | return GNUTLS_E_DECRYPTION_FAILED; | 483 | return GNUTLS_E_DECRYPTION_FAILED; |
482 | } | 484 | } |
483 | 485 | ||
484 | if ((ret = mhd_gtls_cipher_decrypt (session->connection_state. | 486 | if ((ret = |
485 | read_cipher_state, | 487 | mhd_gtls_cipher_decrypt (session->connection_state. |
486 | ciphertext.data, | 488 | read_cipher_state, ciphertext.data, |
487 | ciphertext.size)) < 0) | 489 | ciphertext.size)) < 0) |
488 | { | 490 | { |
489 | gnutls_assert (); | 491 | gnutls_assert (); |
490 | return ret; | 492 | return ret; |
@@ -541,20 +543,20 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, | |||
541 | */ | 543 | */ |
542 | if (td != GNUTLS_MAC_FAILED) | 544 | if (td != GNUTLS_MAC_FAILED) |
543 | { | 545 | { |
544 | mhd_gnutls_hash (td, | 546 | mhd_gnutls_hash (td, |
545 | UINT64DATA (session->connection_state. | 547 | UINT64DATA (session->connection_state. |
546 | read_sequence_number), 8); | 548 | read_sequence_number), 8); |
547 | 549 | ||
548 | mhd_gnutls_hash (td, &type, 1); | 550 | mhd_gnutls_hash (td, &type, 1); |
549 | if (ver >= MHD_GNUTLS_TLS1_0) | 551 | if (ver >= MHD_GNUTLS_TLS1_0) |
550 | { /* TLS 1.x */ | 552 | { /* TLS 1.x */ |
551 | mhd_gnutls_hash (td, &major, 1); | 553 | mhd_gnutls_hash (td, &major, 1); |
552 | mhd_gnutls_hash (td, &minor, 1); | 554 | mhd_gnutls_hash (td, &minor, 1); |
553 | } | 555 | } |
554 | mhd_gnutls_hash (td, &c_length, 2); | 556 | mhd_gnutls_hash (td, &c_length, 2); |
555 | 557 | ||
556 | if (length > 0) | 558 | if (length > 0) |
557 | mhd_gnutls_hash (td, ciphertext.data, length); | 559 | mhd_gnutls_hash (td, ciphertext.data, length); |
558 | 560 | ||
559 | mac_deinit (td, MAC, ver); | 561 | mac_deinit (td, MAC, ver); |
560 | } | 562 | } |
diff --git a/src/daemon/https/tls/gnutls_cipher.h b/src/daemon/https/tls/gnutls_cipher.h index 2bdf5a18..511ee989 100644 --- a/src/daemon/https/tls/gnutls_cipher.h +++ b/src/daemon/https/tls/gnutls_cipher.h | |||
@@ -23,19 +23,18 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | int mhd_gtls_encrypt (mhd_gtls_session_t session, const opaque * headers, | 25 | int mhd_gtls_encrypt (mhd_gtls_session_t session, const opaque * headers, |
26 | size_t headers_size, const opaque * data, | 26 | size_t headers_size, const opaque * data, |
27 | size_t data_size, opaque * ciphertext, | 27 | size_t data_size, opaque * ciphertext, |
28 | size_t ciphertext_size, content_type_t type, | 28 | size_t ciphertext_size, content_type_t type, |
29 | int random_pad); | 29 | int random_pad); |
30 | 30 | ||
31 | int mhd_gtls_decrypt (mhd_gtls_session_t session, opaque * ciphertext, | 31 | int mhd_gtls_decrypt (mhd_gtls_session_t session, opaque * ciphertext, |
32 | size_t ciphertext_size, uint8_t * data, size_t data_size, | 32 | size_t ciphertext_size, uint8_t * data, |
33 | content_type_t type); | 33 | size_t data_size, content_type_t type); |
34 | int mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, | 34 | int mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, |
35 | opaque * cipher_data, int cipher_size, | 35 | opaque * cipher_data, int cipher_size, |
36 | gnutls_datum_t compressed, | 36 | gnutls_datum_t compressed, |
37 | content_type_t _type, int random_pad); | 37 | content_type_t _type, int random_pad); |
38 | int mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, | 38 | int mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, |
39 | opaque * compress_data, | 39 | opaque * compress_data, int compress_size, |
40 | int compress_size, | 40 | gnutls_datum_t ciphertext, uint8_t type); |
41 | gnutls_datum_t ciphertext, uint8_t type); | ||
diff --git a/src/daemon/https/tls/gnutls_cipher_int.c b/src/daemon/https/tls/gnutls_cipher_int.c index 2e250534..836188aa 100644 --- a/src/daemon/https/tls/gnutls_cipher_int.c +++ b/src/daemon/https/tls/gnutls_cipher_int.c | |||
@@ -29,7 +29,7 @@ | |||
29 | 29 | ||
30 | cipher_hd_t | 30 | cipher_hd_t |
31 | mhd_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher, | 31 | mhd_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher, |
32 | const gnutls_datum_t * key, const gnutls_datum_t * iv) | 32 | const gnutls_datum_t * key, const gnutls_datum_t * iv) |
33 | { | 33 | { |
34 | cipher_hd_t ret = NULL; | 34 | cipher_hd_t ret = NULL; |
35 | int err = GC_INVALID_CIPHER; /* doesn't matter */ | 35 | int err = GC_INVALID_CIPHER; /* doesn't matter */ |
@@ -110,7 +110,7 @@ mhd_gtls_cipher_encrypt (cipher_hd_t handle, void *text, int textlen) | |||
110 | 110 | ||
111 | int | 111 | int |
112 | mhd_gtls_cipher_decrypt (cipher_hd_t handle, void *ciphertext, | 112 | mhd_gtls_cipher_decrypt (cipher_hd_t handle, void *ciphertext, |
113 | int ciphertextlen) | 113 | int ciphertextlen) |
114 | { | 114 | { |
115 | if (handle != GNUTLS_CIPHER_FAILED) | 115 | if (handle != GNUTLS_CIPHER_FAILED) |
116 | { | 116 | { |
diff --git a/src/daemon/https/tls/gnutls_cipher_int.h b/src/daemon/https/tls/gnutls_cipher_int.h index 2a3e3193..6e2c8269 100644 --- a/src/daemon/https/tls/gnutls_cipher_int.h +++ b/src/daemon/https/tls/gnutls_cipher_int.h | |||
@@ -29,18 +29,15 @@ | |||
29 | #define GNUTLS_CIPHER_FAILED NULL | 29 | #define GNUTLS_CIPHER_FAILED NULL |
30 | 30 | ||
31 | // TODO gc_cipher_handle -> void * x3 | 31 | // TODO gc_cipher_handle -> void * x3 |
32 | void * mhd_gtls_cipher_init(enum MHD_GNUTLS_CipherAlgorithm cipher, | 32 | void *mhd_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher, |
33 | const gnutls_datum_t * key, | 33 | const gnutls_datum_t * key, |
34 | const gnutls_datum_t * iv); | 34 | const gnutls_datum_t * iv); |
35 | 35 | ||
36 | int mhd_gtls_cipher_encrypt(void * handle, | 36 | int mhd_gtls_cipher_encrypt (void *handle, void *text, int textlen); |
37 | void *text, | ||
38 | int textlen); | ||
39 | 37 | ||
40 | int mhd_gtls_cipher_decrypt(void * handle, | 38 | int mhd_gtls_cipher_decrypt (void *handle, |
41 | void *ciphertext, | 39 | void *ciphertext, int ciphertextlen); |
42 | int ciphertextlen); | ||
43 | 40 | ||
44 | void mhd_gnutls_cipher_deinit(void * handle); | 41 | void mhd_gnutls_cipher_deinit (void *handle); |
45 | 42 | ||
46 | #endif /* GNUTLS_CIPHER_INT */ | 43 | #endif /* GNUTLS_CIPHER_INT */ |
diff --git a/src/daemon/https/tls/gnutls_compress.c b/src/daemon/https/tls/gnutls_compress.c index 7ee4c2fe..9585fcf2 100644 --- a/src/daemon/https/tls/gnutls_compress.c +++ b/src/daemon/https/tls/gnutls_compress.c | |||
@@ -43,8 +43,8 @@ _gnutls_m_plaintext2compressed (mhd_gtls_session_t session, | |||
43 | 43 | ||
44 | size = | 44 | size = |
45 | mhd_gtls_compress (session->connection_state.write_compression_state, | 45 | mhd_gtls_compress (session->connection_state.write_compression_state, |
46 | plaintext->data, plaintext->size, &data, | 46 | plaintext->data, plaintext->size, &data, |
47 | MAX_RECORD_SEND_SIZE + EXTRA_COMP_SIZE); | 47 | MAX_RECORD_SEND_SIZE + EXTRA_COMP_SIZE); |
48 | if (size < 0) | 48 | if (size < 0) |
49 | { | 49 | { |
50 | gnutls_assert (); | 50 | gnutls_assert (); |
@@ -65,9 +65,9 @@ _gnutls_m_compressed2plaintext (mhd_gtls_session_t session, | |||
65 | opaque *data; | 65 | opaque *data; |
66 | 66 | ||
67 | size = | 67 | size = |
68 | mhd_gtls_decompress (session->connection_state. | 68 | mhd_gtls_decompress (session->connection_state.read_compression_state, |
69 | read_compression_state, compressed->data, | 69 | compressed->data, compressed->size, &data, |
70 | compressed->size, &data, MAX_RECORD_RECV_SIZE); | 70 | MAX_RECORD_RECV_SIZE); |
71 | if (size < 0) | 71 | if (size < 0) |
72 | { | 72 | { |
73 | gnutls_assert (); | 73 | gnutls_assert (); |
diff --git a/src/daemon/https/tls/gnutls_compress.h b/src/daemon/https/tls/gnutls_compress.h index 2fa07aaa..7ccca5c3 100644 --- a/src/daemon/https/tls/gnutls_compress.h +++ b/src/daemon/https/tls/gnutls_compress.h | |||
@@ -23,8 +23,8 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | int _gnutls_m_plaintext2compressed (mhd_gtls_session_t session, | 25 | int _gnutls_m_plaintext2compressed (mhd_gtls_session_t session, |
26 | gnutls_datum_t * compressed, | 26 | gnutls_datum_t * compressed, |
27 | const gnutls_datum_t *plaintext); | 27 | const gnutls_datum_t * plaintext); |
28 | int _gnutls_m_compressed2plaintext (mhd_gtls_session_t session, | 28 | int _gnutls_m_compressed2plaintext (mhd_gtls_session_t session, |
29 | gnutls_datum_t * plain, | 29 | gnutls_datum_t * plain, |
30 | const gnutls_datum_t* compressed); | 30 | const gnutls_datum_t * compressed); |
diff --git a/src/daemon/https/tls/gnutls_compress_int.c b/src/daemon/https/tls/gnutls_compress_int.c index 1e1e0adc..1d272bed 100644 --- a/src/daemon/https/tls/gnutls_compress_int.c +++ b/src/daemon/https/tls/gnutls_compress_int.c | |||
@@ -130,8 +130,8 @@ mhd_gtls_comp_deinit (comp_hd_t handle, int d) | |||
130 | 130 | ||
131 | int | 131 | int |
132 | mhd_gtls_compress (comp_hd_t handle, const opaque * plain, | 132 | mhd_gtls_compress (comp_hd_t handle, const opaque * plain, |
133 | size_t plain_size, opaque ** compressed, | 133 | size_t plain_size, opaque ** compressed, |
134 | size_t max_comp_size) | 134 | size_t max_comp_size) |
135 | { | 135 | { |
136 | int compressed_size = GNUTLS_E_COMPRESSION_FAILED; | 136 | int compressed_size = GNUTLS_E_COMPRESSION_FAILED; |
137 | 137 | ||
@@ -205,8 +205,8 @@ mhd_gtls_compress (comp_hd_t handle, const opaque * plain, | |||
205 | 205 | ||
206 | int | 206 | int |
207 | mhd_gtls_decompress (comp_hd_t handle, opaque * compressed, | 207 | mhd_gtls_decompress (comp_hd_t handle, opaque * compressed, |
208 | size_t compressed_size, opaque ** plain, | 208 | size_t compressed_size, opaque ** plain, |
209 | size_t max_record_size) | 209 | size_t max_record_size) |
210 | { | 210 | { |
211 | int plain_size = GNUTLS_E_DECOMPRESSION_FAILED; | 211 | int plain_size = GNUTLS_E_DECOMPRESSION_FAILED; |
212 | 212 | ||
diff --git a/src/daemon/https/tls/gnutls_compress_int.h b/src/daemon/https/tls/gnutls_compress_int.h index 76cf2245..32edae7a 100644 --- a/src/daemon/https/tls/gnutls_compress_int.h +++ b/src/daemon/https/tls/gnutls_compress_int.h | |||
@@ -41,9 +41,9 @@ comp_hd_t mhd_gtls_comp_init (enum MHD_GNUTLS_CompressionMethod, int d); | |||
41 | void mhd_gtls_comp_deinit (comp_hd_t handle, int d); | 41 | void mhd_gtls_comp_deinit (comp_hd_t handle, int d); |
42 | 42 | ||
43 | int mhd_gtls_decompress (comp_hd_t handle, opaque * compressed, | 43 | int mhd_gtls_decompress (comp_hd_t handle, opaque * compressed, |
44 | size_t compressed_size, opaque ** plain, | 44 | size_t compressed_size, opaque ** plain, |
45 | size_t max_record_size); | 45 | size_t max_record_size); |
46 | int mhd_gtls_compress (comp_hd_t, const opaque * plain, size_t plain_size, | 46 | int mhd_gtls_compress (comp_hd_t, const opaque * plain, size_t plain_size, |
47 | opaque ** compressed, size_t max_comp_size); | 47 | opaque ** compressed, size_t max_comp_size); |
48 | 48 | ||
49 | #endif | 49 | #endif |
diff --git a/src/daemon/https/tls/gnutls_constate.c b/src/daemon/https/tls/gnutls_constate.c index 58113a30..d4dff6a9 100644 --- a/src/daemon/https/tls/gnutls_constate.c +++ b/src/daemon/https/tls/gnutls_constate.c | |||
@@ -99,19 +99,16 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, | |||
99 | if (session->security_parameters.version == MHD_GNUTLS_SSL3) | 99 | if (session->security_parameters.version == MHD_GNUTLS_SSL3) |
100 | { /* SSL 3 */ | 100 | { /* SSL 3 */ |
101 | ret = | 101 | ret = |
102 | mhd_gnutls_ssl3_generate_random (session-> | 102 | mhd_gnutls_ssl3_generate_random |
103 | security_parameters. | 103 | (session->security_parameters.master_secret, TLS_MASTER_SIZE, rnd, |
104 | master_secret, | 104 | 2 * TLS_RANDOM_SIZE, block_size, key_block); |
105 | TLS_MASTER_SIZE, rnd, | ||
106 | 2 * TLS_RANDOM_SIZE, | ||
107 | block_size, key_block); | ||
108 | } | 105 | } |
109 | else | 106 | else |
110 | { /* TLS 1.0 */ | 107 | { /* TLS 1.0 */ |
111 | ret = | 108 | ret = |
112 | mhd_gtls_PRF (session, session->security_parameters.master_secret, | 109 | mhd_gtls_PRF (session, session->security_parameters.master_secret, |
113 | TLS_MASTER_SIZE, keyexp, keyexp_length, | 110 | TLS_MASTER_SIZE, keyexp, keyexp_length, |
114 | rnd, 2 * TLS_RANDOM_SIZE, block_size, key_block); | 111 | rnd, 2 * TLS_RANDOM_SIZE, block_size, key_block); |
115 | } | 112 | } |
116 | 113 | ||
117 | if (ret < 0) | 114 | if (ret < 0) |
@@ -123,7 +120,7 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, | |||
123 | 120 | ||
124 | _gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size, | 121 | _gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size, |
125 | mhd_gtls_bin2hex (key_block, block_size, buf, | 122 | mhd_gtls_bin2hex (key_block, block_size, buf, |
126 | sizeof (buf))); | 123 | sizeof (buf))); |
127 | 124 | ||
128 | pos = 0; | 125 | pos = 0; |
129 | if (hash_size > 0) | 126 | if (hash_size > 0) |
@@ -193,20 +190,20 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, | |||
193 | { /* SSL 3 */ | 190 | { /* SSL 3 */ |
194 | ret = | 191 | ret = |
195 | mhd_gnutls_ssl3_hash_md5 (&key_block[pos], | 192 | mhd_gnutls_ssl3_hash_md5 (&key_block[pos], |
196 | key_size, rrnd, | 193 | key_size, rrnd, |
197 | 2 * TLS_RANDOM_SIZE, | 194 | 2 * TLS_RANDOM_SIZE, |
198 | EXPORT_FINAL_KEY_SIZE, | 195 | EXPORT_FINAL_KEY_SIZE, |
199 | client_write_key); | 196 | client_write_key); |
200 | 197 | ||
201 | } | 198 | } |
202 | else | 199 | else |
203 | { /* TLS 1.0 */ | 200 | { /* TLS 1.0 */ |
204 | ret = | 201 | ret = |
205 | mhd_gtls_PRF (session, &key_block[pos], key_size, | 202 | mhd_gtls_PRF (session, &key_block[pos], key_size, |
206 | cliwrite, cliwrite_length, | 203 | cliwrite, cliwrite_length, |
207 | rrnd, | 204 | rrnd, |
208 | 2 * TLS_RANDOM_SIZE, | 205 | 2 * TLS_RANDOM_SIZE, |
209 | EXPORT_FINAL_KEY_SIZE, client_write_key); | 206 | EXPORT_FINAL_KEY_SIZE, client_write_key); |
210 | } | 207 | } |
211 | 208 | ||
212 | if (ret < 0) | 209 | if (ret < 0) |
@@ -225,17 +222,17 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, | |||
225 | { /* SSL 3 */ | 222 | { /* SSL 3 */ |
226 | ret = | 223 | ret = |
227 | mhd_gnutls_ssl3_hash_md5 (&key_block[pos], key_size, | 224 | mhd_gnutls_ssl3_hash_md5 (&key_block[pos], key_size, |
228 | rnd, 2 * TLS_RANDOM_SIZE, | 225 | rnd, 2 * TLS_RANDOM_SIZE, |
229 | EXPORT_FINAL_KEY_SIZE, | 226 | EXPORT_FINAL_KEY_SIZE, |
230 | server_write_key); | 227 | server_write_key); |
231 | } | 228 | } |
232 | else | 229 | else |
233 | { /* TLS 1.0 */ | 230 | { /* TLS 1.0 */ |
234 | ret = | 231 | ret = |
235 | mhd_gtls_PRF (session, &key_block[pos], key_size, | 232 | mhd_gtls_PRF (session, &key_block[pos], key_size, |
236 | servwrite, servwrite_length, | 233 | servwrite, servwrite_length, |
237 | rrnd, 2 * TLS_RANDOM_SIZE, | 234 | rrnd, 2 * TLS_RANDOM_SIZE, |
238 | EXPORT_FINAL_KEY_SIZE, server_write_key); | 235 | EXPORT_FINAL_KEY_SIZE, server_write_key); |
239 | } | 236 | } |
240 | 237 | ||
241 | if (ret < 0) | 238 | if (ret < 0) |
@@ -263,8 +260,8 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, | |||
263 | _gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n", | 260 | _gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n", |
264 | client_write_key_size, | 261 | client_write_key_size, |
265 | mhd_gtls_bin2hex (client_write_key, | 262 | mhd_gtls_bin2hex (client_write_key, |
266 | client_write_key_size, buf, | 263 | client_write_key_size, buf, |
267 | sizeof (buf))); | 264 | sizeof (buf))); |
268 | 265 | ||
269 | if (_gnutls_sset_datum | 266 | if (_gnutls_sset_datum |
270 | (&session->cipher_specs.server_write_key, | 267 | (&session->cipher_specs.server_write_key, |
@@ -279,8 +276,8 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, | |||
279 | _gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n", | 276 | _gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n", |
280 | server_write_key_size, | 277 | server_write_key_size, |
281 | mhd_gtls_bin2hex (server_write_key, | 278 | mhd_gtls_bin2hex (server_write_key, |
282 | server_write_key_size, buf, | 279 | server_write_key_size, buf, |
283 | sizeof (buf))); | 280 | sizeof (buf))); |
284 | 281 | ||
285 | if (free_keys != 0) | 282 | if (free_keys != 0) |
286 | { | 283 | { |
@@ -326,8 +323,8 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, | |||
326 | if (session->security_parameters.version == MHD_GNUTLS_SSL3) | 323 | if (session->security_parameters.version == MHD_GNUTLS_SSL3) |
327 | { /* SSL 3 */ | 324 | { /* SSL 3 */ |
328 | ret = mhd_gnutls_ssl3_hash_md5 ("", 0, | 325 | ret = mhd_gnutls_ssl3_hash_md5 ("", 0, |
329 | rrnd, TLS_RANDOM_SIZE * 2, | 326 | rrnd, TLS_RANDOM_SIZE * 2, |
330 | IV_size, iv_block); | 327 | IV_size, iv_block); |
331 | 328 | ||
332 | if (ret < 0) | 329 | if (ret < 0) |
333 | { | 330 | { |
@@ -338,15 +335,15 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, | |||
338 | } | 335 | } |
339 | 336 | ||
340 | ret = mhd_gnutls_ssl3_hash_md5 ("", 0, rnd, | 337 | ret = mhd_gnutls_ssl3_hash_md5 ("", 0, rnd, |
341 | TLS_RANDOM_SIZE * 2, | 338 | TLS_RANDOM_SIZE * 2, |
342 | IV_size, &iv_block[IV_size]); | 339 | IV_size, &iv_block[IV_size]); |
343 | 340 | ||
344 | } | 341 | } |
345 | else | 342 | else |
346 | { /* TLS 1.0 */ | 343 | { /* TLS 1.0 */ |
347 | ret = mhd_gtls_PRF (session, "", 0, | 344 | ret = mhd_gtls_PRF (session, "", 0, |
348 | ivblock, ivblock_length, rrnd, | 345 | ivblock, ivblock_length, rrnd, |
349 | 2 * TLS_RANDOM_SIZE, IV_size * 2, iv_block); | 346 | 2 * TLS_RANDOM_SIZE, IV_size * 2, iv_block); |
350 | } | 347 | } |
351 | 348 | ||
352 | if (ret < 0) | 349 | if (ret < 0) |
@@ -505,37 +502,35 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session) | |||
505 | if (session->internals.resumed == RESUME_FALSE) | 502 | if (session->internals.resumed == RESUME_FALSE) |
506 | { | 503 | { |
507 | rc = mhd_gtls_set_read_cipher (session, | 504 | rc = mhd_gtls_set_read_cipher (session, |
508 | mhd_gtls_cipher_suite_get_cipher_algo | 505 | mhd_gtls_cipher_suite_get_cipher_algo |
509 | (&session->security_parameters. | 506 | (&session->security_parameters. |
510 | current_cipher_suite)); | 507 | current_cipher_suite)); |
511 | if (rc < 0) | 508 | if (rc < 0) |
512 | return rc; | 509 | return rc; |
513 | rc = mhd_gtls_set_read_mac (session, | 510 | rc = mhd_gtls_set_read_mac (session, |
514 | mhd_gtls_cipher_suite_get_mac_algo | 511 | mhd_gtls_cipher_suite_get_mac_algo |
515 | (&session->security_parameters. | 512 | (&session->security_parameters. |
516 | current_cipher_suite)); | 513 | current_cipher_suite)); |
517 | if (rc < 0) | 514 | if (rc < 0) |
518 | return rc; | 515 | return rc; |
519 | 516 | ||
520 | rc = mhd_gtls_set_kx (session, | 517 | rc = mhd_gtls_set_kx (session, |
521 | mhd_gtls_cipher_suite_get_kx_algo | 518 | mhd_gtls_cipher_suite_get_kx_algo |
522 | (&session->security_parameters. | 519 | (&session->security_parameters. |
523 | current_cipher_suite)); | 520 | current_cipher_suite)); |
524 | if (rc < 0) | 521 | if (rc < 0) |
525 | return rc; | 522 | return rc; |
526 | 523 | ||
527 | rc = mhd_gtls_set_read_compression (session, | 524 | rc = mhd_gtls_set_read_compression (session, |
528 | session->internals. | 525 | session->internals. |
529 | compression_method); | 526 | compression_method); |
530 | if (rc < 0) | 527 | if (rc < 0) |
531 | return rc; | 528 | return rc; |
532 | } | 529 | } |
533 | else | 530 | else |
534 | { /* RESUME_TRUE */ | 531 | { /* RESUME_TRUE */ |
535 | _gnutls_cpy_read_security_parameters (&session-> | 532 | _gnutls_cpy_read_security_parameters (&session->security_parameters, |
536 | security_parameters, | 533 | &session->internals. |
537 | &session-> | ||
538 | internals. | ||
539 | resumed_security_parameters); | 534 | resumed_security_parameters); |
540 | } | 535 | } |
541 | 536 | ||
@@ -545,9 +540,10 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session) | |||
545 | return rc; | 540 | return rc; |
546 | 541 | ||
547 | _gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n", | 542 | _gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n", |
548 | session, mhd_gtls_cipher_suite_get_name (&session-> | 543 | session, |
549 | security_parameters. | 544 | mhd_gtls_cipher_suite_get_name |
550 | current_cipher_suite)); | 545 | (&session->security_parameters. |
546 | current_cipher_suite)); | ||
551 | 547 | ||
552 | if (mhd_gtls_compression_is_ok | 548 | if (mhd_gtls_compression_is_ok |
553 | (session->security_parameters.read_compression_algorithm) != 0) | 549 | (session->security_parameters.read_compression_algorithm) != 0) |
@@ -572,12 +568,13 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session) | |||
572 | mhd_gnutls_cipher_deinit (session->connection_state.read_cipher_state); | 568 | mhd_gnutls_cipher_deinit (session->connection_state.read_cipher_state); |
573 | 569 | ||
574 | if (session->connection_state.read_compression_state != NULL) | 570 | if (session->connection_state.read_compression_state != NULL) |
575 | mhd_gtls_comp_deinit (session->connection_state.read_compression_state, 1); | 571 | mhd_gtls_comp_deinit (session->connection_state.read_compression_state, |
572 | 1); | ||
576 | 573 | ||
577 | 574 | ||
578 | mac_size = | 575 | mac_size = |
579 | mhd_gnutls_hash_get_algo_len (session->security_parameters. | 576 | mhd_gnutls_hash_get_algo_len (session->security_parameters. |
580 | read_mac_algorithm); | 577 | read_mac_algorithm); |
581 | 578 | ||
582 | _gnutls_handshake_log | 579 | _gnutls_handshake_log |
583 | ("HSK[%x]: Initializing internal [read] cipher sessions\n", session); | 580 | ("HSK[%x]: Initializing internal [read] cipher sessions\n", session); |
@@ -589,14 +586,12 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session) | |||
589 | */ | 586 | */ |
590 | session->connection_state.read_cipher_state = | 587 | session->connection_state.read_cipher_state = |
591 | mhd_gtls_cipher_init (session->security_parameters. | 588 | mhd_gtls_cipher_init (session->security_parameters. |
592 | read_bulk_cipher_algorithm, | 589 | read_bulk_cipher_algorithm, |
593 | &session->cipher_specs. | 590 | &session->cipher_specs.client_write_key, |
594 | client_write_key, | 591 | &session->cipher_specs.client_write_IV); |
595 | &session->cipher_specs.client_write_IV); | 592 | if (session->connection_state.read_cipher_state == GNUTLS_CIPHER_FAILED |
596 | if (session->connection_state.read_cipher_state == | 593 | && session->security_parameters.read_bulk_cipher_algorithm != |
597 | GNUTLS_CIPHER_FAILED | 594 | MHD_GNUTLS_CIPHER_NULL) |
598 | && session->security_parameters. | ||
599 | read_bulk_cipher_algorithm != MHD_GNUTLS_CIPHER_NULL) | ||
600 | { | 595 | { |
601 | gnutls_assert (); | 596 | gnutls_assert (); |
602 | return GNUTLS_E_INTERNAL_ERROR; | 597 | return GNUTLS_E_INTERNAL_ERROR; |
@@ -607,8 +602,7 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session) | |||
607 | */ | 602 | */ |
608 | if (mac_size > 0) | 603 | if (mac_size > 0) |
609 | { | 604 | { |
610 | if (_gnutls_sset_datum (&session->connection_state. | 605 | if (_gnutls_sset_datum (&session->connection_state.read_mac_secret, |
611 | read_mac_secret, | ||
612 | session->cipher_specs. | 606 | session->cipher_specs. |
613 | client_write_mac_secret.data, | 607 | client_write_mac_secret.data, |
614 | session->cipher_specs. | 608 | session->cipher_specs. |
@@ -625,15 +619,14 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session) | |||
625 | case GNUTLS_CLIENT: | 619 | case GNUTLS_CLIENT: |
626 | session->connection_state.read_cipher_state = | 620 | session->connection_state.read_cipher_state = |
627 | mhd_gtls_cipher_init (session->security_parameters. | 621 | mhd_gtls_cipher_init (session->security_parameters. |
628 | read_bulk_cipher_algorithm, | 622 | read_bulk_cipher_algorithm, |
629 | &session->cipher_specs. | 623 | &session->cipher_specs.server_write_key, |
630 | server_write_key, | 624 | &session->cipher_specs.server_write_IV); |
631 | &session->cipher_specs.server_write_IV); | ||
632 | 625 | ||
633 | if (session->connection_state.read_cipher_state == | 626 | if (session->connection_state.read_cipher_state == |
634 | GNUTLS_CIPHER_FAILED | 627 | GNUTLS_CIPHER_FAILED |
635 | && session->security_parameters. | 628 | && session->security_parameters.read_bulk_cipher_algorithm != |
636 | read_bulk_cipher_algorithm != MHD_GNUTLS_CIPHER_NULL) | 629 | MHD_GNUTLS_CIPHER_NULL) |
637 | { | 630 | { |
638 | gnutls_assert (); | 631 | gnutls_assert (); |
639 | return GNUTLS_E_INTERNAL_ERROR; | 632 | return GNUTLS_E_INTERNAL_ERROR; |
@@ -644,8 +637,7 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session) | |||
644 | */ | 637 | */ |
645 | if (mac_size > 0) | 638 | if (mac_size > 0) |
646 | { | 639 | { |
647 | if (_gnutls_sset_datum (&session->connection_state. | 640 | if (_gnutls_sset_datum (&session->connection_state.read_mac_secret, |
648 | read_mac_secret, | ||
649 | session->cipher_specs. | 641 | session->cipher_specs. |
650 | server_write_mac_secret.data, | 642 | server_write_mac_secret.data, |
651 | session->cipher_specs. | 643 | session->cipher_specs. |
@@ -665,7 +657,7 @@ mhd_gtls_read_connection_state_init (mhd_gtls_session_t session) | |||
665 | 657 | ||
666 | session->connection_state.read_compression_state = | 658 | session->connection_state.read_compression_state = |
667 | mhd_gtls_comp_init (session->security_parameters. | 659 | mhd_gtls_comp_init (session->security_parameters. |
668 | read_compression_algorithm, 1); | 660 | read_compression_algorithm, 1); |
669 | 661 | ||
670 | if (session->connection_state.read_compression_state == GNUTLS_COMP_FAILED) | 662 | if (session->connection_state.read_compression_state == GNUTLS_COMP_FAILED) |
671 | { | 663 | { |
@@ -695,37 +687,35 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) | |||
695 | if (session->internals.resumed == RESUME_FALSE) | 687 | if (session->internals.resumed == RESUME_FALSE) |
696 | { | 688 | { |
697 | rc = mhd_gtls_set_write_cipher (session, | 689 | rc = mhd_gtls_set_write_cipher (session, |
698 | mhd_gtls_cipher_suite_get_cipher_algo | 690 | mhd_gtls_cipher_suite_get_cipher_algo |
699 | (&session->security_parameters. | 691 | (&session->security_parameters. |
700 | current_cipher_suite)); | 692 | current_cipher_suite)); |
701 | if (rc < 0) | 693 | if (rc < 0) |
702 | return rc; | 694 | return rc; |
703 | rc = mhd_gtls_set_write_mac (session, | 695 | rc = mhd_gtls_set_write_mac (session, |
704 | mhd_gtls_cipher_suite_get_mac_algo | 696 | mhd_gtls_cipher_suite_get_mac_algo |
705 | (&session->security_parameters. | 697 | (&session->security_parameters. |
706 | current_cipher_suite)); | 698 | current_cipher_suite)); |
707 | if (rc < 0) | 699 | if (rc < 0) |
708 | return rc; | 700 | return rc; |
709 | 701 | ||
710 | rc = mhd_gtls_set_kx (session, | 702 | rc = mhd_gtls_set_kx (session, |
711 | mhd_gtls_cipher_suite_get_kx_algo | 703 | mhd_gtls_cipher_suite_get_kx_algo |
712 | (&session->security_parameters. | 704 | (&session->security_parameters. |
713 | current_cipher_suite)); | 705 | current_cipher_suite)); |
714 | if (rc < 0) | 706 | if (rc < 0) |
715 | return rc; | 707 | return rc; |
716 | 708 | ||
717 | rc = mhd_gtls_set_write_compression (session, | 709 | rc = mhd_gtls_set_write_compression (session, |
718 | session->internals. | 710 | session->internals. |
719 | compression_method); | 711 | compression_method); |
720 | if (rc < 0) | 712 | if (rc < 0) |
721 | return rc; | 713 | return rc; |
722 | } | 714 | } |
723 | else | 715 | else |
724 | { /* RESUME_TRUE */ | 716 | { /* RESUME_TRUE */ |
725 | _gnutls_cpy_write_security_parameters (&session-> | 717 | _gnutls_cpy_write_security_parameters (&session->security_parameters, |
726 | security_parameters, | 718 | &session->internals. |
727 | &session-> | ||
728 | internals. | ||
729 | resumed_security_parameters); | 719 | resumed_security_parameters); |
730 | } | 720 | } |
731 | 721 | ||
@@ -734,9 +724,9 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) | |||
734 | return rc; | 724 | return rc; |
735 | 725 | ||
736 | _gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n", session, | 726 | _gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n", session, |
737 | mhd_gtls_cipher_suite_get_name (&session-> | 727 | mhd_gtls_cipher_suite_get_name |
738 | security_parameters. | 728 | (&session->security_parameters. |
739 | current_cipher_suite)); | 729 | current_cipher_suite)); |
740 | 730 | ||
741 | if (mhd_gtls_compression_is_ok | 731 | if (mhd_gtls_compression_is_ok |
742 | (session->security_parameters.write_compression_algorithm) != 0) | 732 | (session->security_parameters.write_compression_algorithm) != 0) |
@@ -763,12 +753,12 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) | |||
763 | mhd_gnutls_cipher_deinit (session->connection_state.write_cipher_state); | 753 | mhd_gnutls_cipher_deinit (session->connection_state.write_cipher_state); |
764 | 754 | ||
765 | if (session->connection_state.write_compression_state != NULL) | 755 | if (session->connection_state.write_compression_state != NULL) |
766 | mhd_gtls_comp_deinit (session->connection_state. | 756 | mhd_gtls_comp_deinit (session->connection_state.write_compression_state, |
767 | write_compression_state, 0); | 757 | 0); |
768 | 758 | ||
769 | mac_size = | 759 | mac_size = |
770 | mhd_gnutls_hash_get_algo_len (session->security_parameters. | 760 | mhd_gnutls_hash_get_algo_len (session->security_parameters. |
771 | write_mac_algorithm); | 761 | write_mac_algorithm); |
772 | 762 | ||
773 | _gnutls_handshake_log | 763 | _gnutls_handshake_log |
774 | ("HSK[%x]: Initializing internal [write] cipher sessions\n", session); | 764 | ("HSK[%x]: Initializing internal [write] cipher sessions\n", session); |
@@ -780,15 +770,14 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) | |||
780 | */ | 770 | */ |
781 | session->connection_state.write_cipher_state = | 771 | session->connection_state.write_cipher_state = |
782 | mhd_gtls_cipher_init (session->security_parameters. | 772 | mhd_gtls_cipher_init (session->security_parameters. |
783 | write_bulk_cipher_algorithm, | 773 | write_bulk_cipher_algorithm, |
784 | &session->cipher_specs. | 774 | &session->cipher_specs.server_write_key, |
785 | server_write_key, | 775 | &session->cipher_specs.server_write_IV); |
786 | &session->cipher_specs.server_write_IV); | ||
787 | 776 | ||
788 | if (session->connection_state.write_cipher_state == | 777 | if (session->connection_state.write_cipher_state == |
789 | GNUTLS_CIPHER_FAILED | 778 | GNUTLS_CIPHER_FAILED |
790 | && session->security_parameters. | 779 | && session->security_parameters.write_bulk_cipher_algorithm != |
791 | write_bulk_cipher_algorithm != MHD_GNUTLS_CIPHER_NULL) | 780 | MHD_GNUTLS_CIPHER_NULL) |
792 | { | 781 | { |
793 | gnutls_assert (); | 782 | gnutls_assert (); |
794 | return GNUTLS_E_INTERNAL_ERROR; | 783 | return GNUTLS_E_INTERNAL_ERROR; |
@@ -800,8 +789,7 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) | |||
800 | */ | 789 | */ |
801 | if (mac_size > 0) | 790 | if (mac_size > 0) |
802 | { | 791 | { |
803 | if (_gnutls_sset_datum (&session->connection_state. | 792 | if (_gnutls_sset_datum (&session->connection_state.write_mac_secret, |
804 | write_mac_secret, | ||
805 | session->cipher_specs. | 793 | session->cipher_specs. |
806 | server_write_mac_secret.data, | 794 | server_write_mac_secret.data, |
807 | session->cipher_specs. | 795 | session->cipher_specs. |
@@ -819,15 +807,14 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) | |||
819 | case GNUTLS_CLIENT: | 807 | case GNUTLS_CLIENT: |
820 | session->connection_state.write_cipher_state = | 808 | session->connection_state.write_cipher_state = |
821 | mhd_gtls_cipher_init (session->security_parameters. | 809 | mhd_gtls_cipher_init (session->security_parameters. |
822 | write_bulk_cipher_algorithm, | 810 | write_bulk_cipher_algorithm, |
823 | &session->cipher_specs. | 811 | &session->cipher_specs.client_write_key, |
824 | client_write_key, | 812 | &session->cipher_specs.client_write_IV); |
825 | &session->cipher_specs.client_write_IV); | ||
826 | 813 | ||
827 | if (session->connection_state.write_cipher_state == | 814 | if (session->connection_state.write_cipher_state == |
828 | GNUTLS_CIPHER_FAILED | 815 | GNUTLS_CIPHER_FAILED |
829 | && session->security_parameters. | 816 | && session->security_parameters.write_bulk_cipher_algorithm != |
830 | write_bulk_cipher_algorithm != MHD_GNUTLS_CIPHER_NULL) | 817 | MHD_GNUTLS_CIPHER_NULL) |
831 | { | 818 | { |
832 | gnutls_assert (); | 819 | gnutls_assert (); |
833 | return GNUTLS_E_INTERNAL_ERROR; | 820 | return GNUTLS_E_INTERNAL_ERROR; |
@@ -837,8 +824,7 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) | |||
837 | */ | 824 | */ |
838 | if (mac_size > 0) | 825 | if (mac_size > 0) |
839 | { | 826 | { |
840 | if (_gnutls_sset_datum (&session->connection_state. | 827 | if (_gnutls_sset_datum (&session->connection_state.write_mac_secret, |
841 | write_mac_secret, | ||
842 | session->cipher_specs. | 828 | session->cipher_specs. |
843 | client_write_mac_secret.data, | 829 | client_write_mac_secret.data, |
844 | session->cipher_specs. | 830 | session->cipher_specs. |
@@ -859,7 +845,7 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) | |||
859 | 845 | ||
860 | session->connection_state.write_compression_state = | 846 | session->connection_state.write_compression_state = |
861 | mhd_gtls_comp_init (session->security_parameters. | 847 | mhd_gtls_comp_init (session->security_parameters. |
862 | write_compression_algorithm, 0); | 848 | write_compression_algorithm, 0); |
863 | 849 | ||
864 | if (session->connection_state.write_compression_state == GNUTLS_COMP_FAILED) | 850 | if (session->connection_state.write_compression_state == GNUTLS_COMP_FAILED) |
865 | { | 851 | { |
@@ -874,7 +860,7 @@ mhd_gtls_write_connection_state_init (mhd_gtls_session_t session) | |||
874 | */ | 860 | */ |
875 | int | 861 | int |
876 | mhd_gtls_set_read_cipher (mhd_gtls_session_t session, | 862 | mhd_gtls_set_read_cipher (mhd_gtls_session_t session, |
877 | enum MHD_GNUTLS_CipherAlgorithm algo) | 863 | enum MHD_GNUTLS_CipherAlgorithm algo) |
878 | { | 864 | { |
879 | 865 | ||
880 | if (mhd_gtls_cipher_is_ok (algo) == 0) | 866 | if (mhd_gtls_cipher_is_ok (algo) == 0) |
@@ -900,7 +886,7 @@ mhd_gtls_set_read_cipher (mhd_gtls_session_t session, | |||
900 | 886 | ||
901 | int | 887 | int |
902 | mhd_gtls_set_write_cipher (mhd_gtls_session_t session, | 888 | mhd_gtls_set_write_cipher (mhd_gtls_session_t session, |
903 | enum MHD_GNUTLS_CipherAlgorithm algo) | 889 | enum MHD_GNUTLS_CipherAlgorithm algo) |
904 | { | 890 | { |
905 | 891 | ||
906 | if (mhd_gtls_cipher_is_ok (algo) == 0) | 892 | if (mhd_gtls_cipher_is_ok (algo) == 0) |
@@ -929,7 +915,7 @@ mhd_gtls_set_write_cipher (mhd_gtls_session_t session, | |||
929 | */ | 915 | */ |
930 | int | 916 | int |
931 | mhd_gtls_set_read_compression (mhd_gtls_session_t session, | 917 | mhd_gtls_set_read_compression (mhd_gtls_session_t session, |
932 | enum MHD_GNUTLS_CompressionMethod algo) | 918 | enum MHD_GNUTLS_CompressionMethod algo) |
933 | { | 919 | { |
934 | 920 | ||
935 | if (mhd_gtls_compression_is_ok (algo) == 0) | 921 | if (mhd_gtls_compression_is_ok (algo) == 0) |
@@ -947,7 +933,7 @@ mhd_gtls_set_read_compression (mhd_gtls_session_t session, | |||
947 | 933 | ||
948 | int | 934 | int |
949 | mhd_gtls_set_write_compression (mhd_gtls_session_t session, | 935 | mhd_gtls_set_write_compression (mhd_gtls_session_t session, |
950 | enum MHD_GNUTLS_CompressionMethod algo) | 936 | enum MHD_GNUTLS_CompressionMethod algo) |
951 | { | 937 | { |
952 | 938 | ||
953 | if (mhd_gtls_compression_is_ok (algo) == 0) | 939 | if (mhd_gtls_compression_is_ok (algo) == 0) |
@@ -966,7 +952,8 @@ mhd_gtls_set_write_compression (mhd_gtls_session_t session, | |||
966 | /* Sets the specified kx algorithm into pending session | 952 | /* Sets the specified kx algorithm into pending session |
967 | */ | 953 | */ |
968 | int | 954 | int |
969 | mhd_gtls_set_kx (mhd_gtls_session_t session, enum MHD_GNUTLS_KeyExchangeAlgorithm algo) | 955 | mhd_gtls_set_kx (mhd_gtls_session_t session, |
956 | enum MHD_GNUTLS_KeyExchangeAlgorithm algo) | ||
970 | { | 957 | { |
971 | 958 | ||
972 | if (mhd_gtls_kx_is_ok (algo) == 0) | 959 | if (mhd_gtls_kx_is_ok (algo) == 0) |
@@ -991,7 +978,8 @@ mhd_gtls_set_kx (mhd_gtls_session_t session, enum MHD_GNUTLS_KeyExchangeAlgorith | |||
991 | 978 | ||
992 | /* Sets the specified mac algorithm into pending session */ | 979 | /* Sets the specified mac algorithm into pending session */ |
993 | int | 980 | int |
994 | mhd_gtls_set_read_mac (mhd_gtls_session_t session, enum MHD_GNUTLS_HashAlgorithm algo) | 981 | mhd_gtls_set_read_mac (mhd_gtls_session_t session, |
982 | enum MHD_GNUTLS_HashAlgorithm algo) | ||
995 | { | 983 | { |
996 | 984 | ||
997 | if (mhd_gnutls_mac_is_ok (algo) == 0) | 985 | if (mhd_gnutls_mac_is_ok (algo) == 0) |
@@ -1015,7 +1003,8 @@ mhd_gtls_set_read_mac (mhd_gtls_session_t session, enum MHD_GNUTLS_HashAlgorithm | |||
1015 | } | 1003 | } |
1016 | 1004 | ||
1017 | int | 1005 | int |
1018 | mhd_gtls_set_write_mac (mhd_gtls_session_t session, enum MHD_GNUTLS_HashAlgorithm algo) | 1006 | mhd_gtls_set_write_mac (mhd_gtls_session_t session, |
1007 | enum MHD_GNUTLS_HashAlgorithm algo) | ||
1019 | { | 1008 | { |
1020 | 1009 | ||
1021 | if (mhd_gnutls_mac_is_ok (algo) == 0) | 1010 | if (mhd_gnutls_mac_is_ok (algo) == 0) |
diff --git a/src/daemon/https/tls/gnutls_constate.h b/src/daemon/https/tls/gnutls_constate.h index e69a0355..184e7873 100644 --- a/src/daemon/https/tls/gnutls_constate.h +++ b/src/daemon/https/tls/gnutls_constate.h | |||
@@ -26,15 +26,16 @@ int mhd_gtls_connection_state_init (mhd_gtls_session_t session); | |||
26 | int mhd_gtls_read_connection_state_init (mhd_gtls_session_t session); | 26 | int mhd_gtls_read_connection_state_init (mhd_gtls_session_t session); |
27 | int mhd_gtls_write_connection_state_init (mhd_gtls_session_t session); | 27 | int mhd_gtls_write_connection_state_init (mhd_gtls_session_t session); |
28 | int mhd_gtls_set_write_cipher (mhd_gtls_session_t session, | 28 | int mhd_gtls_set_write_cipher (mhd_gtls_session_t session, |
29 | enum MHD_GNUTLS_CipherAlgorithm algo); | 29 | enum MHD_GNUTLS_CipherAlgorithm algo); |
30 | int mhd_gtls_set_write_mac (mhd_gtls_session_t session, | 30 | int mhd_gtls_set_write_mac (mhd_gtls_session_t session, |
31 | enum MHD_GNUTLS_HashAlgorithm algo); | 31 | enum MHD_GNUTLS_HashAlgorithm algo); |
32 | int mhd_gtls_set_read_cipher (mhd_gtls_session_t session, | 32 | int mhd_gtls_set_read_cipher (mhd_gtls_session_t session, |
33 | enum MHD_GNUTLS_CipherAlgorithm algo); | 33 | enum MHD_GNUTLS_CipherAlgorithm algo); |
34 | int mhd_gtls_set_read_mac (mhd_gtls_session_t session, | 34 | int mhd_gtls_set_read_mac (mhd_gtls_session_t session, |
35 | enum MHD_GNUTLS_HashAlgorithm algo); | 35 | enum MHD_GNUTLS_HashAlgorithm algo); |
36 | int mhd_gtls_set_read_compression (mhd_gtls_session_t session, | 36 | int mhd_gtls_set_read_compression (mhd_gtls_session_t session, |
37 | enum MHD_GNUTLS_CompressionMethod algo); | 37 | enum MHD_GNUTLS_CompressionMethod algo); |
38 | int mhd_gtls_set_write_compression (mhd_gtls_session_t session, | 38 | int mhd_gtls_set_write_compression (mhd_gtls_session_t session, |
39 | enum MHD_GNUTLS_CompressionMethod algo); | 39 | enum MHD_GNUTLS_CompressionMethod algo); |
40 | int mhd_gtls_set_kx (mhd_gtls_session_t session, enum MHD_GNUTLS_KeyExchangeAlgorithm algo); | 40 | int mhd_gtls_set_kx (mhd_gtls_session_t session, |
41 | enum MHD_GNUTLS_KeyExchangeAlgorithm algo); | ||
diff --git a/src/daemon/https/tls/gnutls_datum.c b/src/daemon/https/tls/gnutls_datum.c index ea18d801..d437ee2c 100644 --- a/src/daemon/https/tls/gnutls_datum.c +++ b/src/daemon/https/tls/gnutls_datum.c | |||
@@ -68,7 +68,7 @@ mhd_gtls_write_datum8 (opaque * dest, gnutls_datum_t dat) | |||
68 | 68 | ||
69 | int | 69 | int |
70 | mhd_gtls_set_datum_m (gnutls_datum_t * dat, const void *data, | 70 | mhd_gtls_set_datum_m (gnutls_datum_t * dat, const void *data, |
71 | size_t data_size, gnutls_alloc_function galloc_func) | 71 | size_t data_size, gnutls_alloc_function galloc_func) |
72 | { | 72 | { |
73 | if (data_size == 0 || data == NULL) | 73 | if (data_size == 0 || data == NULL) |
74 | { | 74 | { |
@@ -89,8 +89,8 @@ mhd_gtls_set_datum_m (gnutls_datum_t * dat, const void *data, | |||
89 | 89 | ||
90 | int | 90 | int |
91 | mhd_gtls_datum_append_m (gnutls_datum_t * dst, const void *data, | 91 | mhd_gtls_datum_append_m (gnutls_datum_t * dst, const void *data, |
92 | size_t data_size, | 92 | size_t data_size, |
93 | gnutls_realloc_function grealloc_func) | 93 | gnutls_realloc_function grealloc_func) |
94 | { | 94 | { |
95 | 95 | ||
96 | dst->data = grealloc_func (dst->data, data_size + dst->size); | 96 | dst->data = grealloc_func (dst->data, data_size + dst->size); |
diff --git a/src/daemon/https/tls/gnutls_datum.h b/src/daemon/https/tls/gnutls_datum.h index cce91595..f54e300b 100644 --- a/src/daemon/https/tls/gnutls_datum.h +++ b/src/daemon/https/tls/gnutls_datum.h | |||
@@ -28,12 +28,12 @@ void mhd_gtls_write_datum32 (opaque * dest, gnutls_datum_t dat); | |||
28 | void mhd_gtls_write_datum8 (opaque * dest, gnutls_datum_t dat); | 28 | void mhd_gtls_write_datum8 (opaque * dest, gnutls_datum_t dat); |
29 | 29 | ||
30 | int mhd_gtls_set_datum_m (gnutls_datum_t * dat, const void *data, | 30 | int mhd_gtls_set_datum_m (gnutls_datum_t * dat, const void *data, |
31 | size_t data_size, gnutls_alloc_function); | 31 | size_t data_size, gnutls_alloc_function); |
32 | #define _gnutls_set_datum( x, y, z) mhd_gtls_set_datum_m(x,y,z, gnutls_malloc) | 32 | #define _gnutls_set_datum( x, y, z) mhd_gtls_set_datum_m(x,y,z, gnutls_malloc) |
33 | #define _gnutls_sset_datum( x, y, z) mhd_gtls_set_datum_m(x,y,z, gnutls_secure_malloc) | 33 | #define _gnutls_sset_datum( x, y, z) mhd_gtls_set_datum_m(x,y,z, gnutls_secure_malloc) |
34 | 34 | ||
35 | int mhd_gtls_datum_append_m (gnutls_datum_t * dat, const void *data, | 35 | int mhd_gtls_datum_append_m (gnutls_datum_t * dat, const void *data, |
36 | size_t data_size, gnutls_realloc_function); | 36 | size_t data_size, gnutls_realloc_function); |
37 | #define _gnutls_datum_append(x,y,z) mhd_gtls_datum_append_m(x,y,z, gnutls_realloc) | 37 | #define _gnutls_datum_append(x,y,z) mhd_gtls_datum_append_m(x,y,z, gnutls_realloc) |
38 | 38 | ||
39 | void mhd_gtls_free_datum_m (gnutls_datum_t * dat, gnutls_free_function); | 39 | void mhd_gtls_free_datum_m (gnutls_datum_t * dat, gnutls_free_function); |
diff --git a/src/daemon/https/tls/gnutls_dh.c b/src/daemon/https/tls/gnutls_dh.c index 388f6e0c..8cd5175d 100644 --- a/src/daemon/https/tls/gnutls_dh.c +++ b/src/daemon/https/tls/gnutls_dh.c | |||
@@ -26,8 +26,8 @@ | |||
26 | #include <gnutls_errors.h> | 26 | #include <gnutls_errors.h> |
27 | 27 | ||
28 | 28 | ||
29 | /* | 29 | /* |
30 | --Example-- | 30 | --Example-- |
31 | you: X = g ^ x mod p; | 31 | you: X = g ^ x mod p; |
32 | peer:Y = g ^ y mod p; | 32 | peer:Y = g ^ y mod p; |
33 | 33 | ||
@@ -77,7 +77,7 @@ mhd_gtls_calc_dh_secret (mpi_t * ret_x, mpi_t g, mpi_t prime) | |||
77 | do | 77 | do |
78 | { | 78 | { |
79 | _gnutls_mpi_randomize (x, (x_size / 8) * 8, GCRY_STRONG_RANDOM); | 79 | _gnutls_mpi_randomize (x, (x_size / 8) * 8, GCRY_STRONG_RANDOM); |
80 | /* Check whether x is zero. | 80 | /* Check whether x is zero. |
81 | */ | 81 | */ |
82 | } | 82 | } |
83 | while (_gnutls_mpi_cmp_ui (x, 0) == 0); | 83 | while (_gnutls_mpi_cmp_ui (x, 0) == 0); |
@@ -134,8 +134,8 @@ mhd_gtls_calc_dh_key (mpi_t f, mpi_t x, mpi_t prime) | |||
134 | -*/ | 134 | -*/ |
135 | mhd_gtls_dh_params_t | 135 | mhd_gtls_dh_params_t |
136 | mhd_gtls_get_dh_params (mhd_gtls_dh_params_t dh_params, | 136 | mhd_gtls_get_dh_params (mhd_gtls_dh_params_t dh_params, |
137 | gnutls_params_function * func, | 137 | gnutls_params_function * func, |
138 | mhd_gtls_session_t session) | 138 | mhd_gtls_session_t session) |
139 | { | 139 | { |
140 | gnutls_params_st params; | 140 | gnutls_params_st params; |
141 | int ret; | 141 | int ret; |
diff --git a/src/daemon/https/tls/gnutls_dh.h b/src/daemon/https/tls/gnutls_dh.h index 06ac6135..6dec6e64 100644 --- a/src/daemon/https/tls/gnutls_dh.h +++ b/src/daemon/https/tls/gnutls_dh.h | |||
@@ -25,14 +25,14 @@ | |||
25 | #ifndef GNUTLS_DH_H | 25 | #ifndef GNUTLS_DH_H |
26 | # define GNUTLS_DH_H | 26 | # define GNUTLS_DH_H |
27 | 27 | ||
28 | const mpi_t * mhd_gtls_dh_params_to_mpi (mhd_gtls_dh_params_t); | 28 | const mpi_t *mhd_gtls_dh_params_to_mpi (mhd_gtls_dh_params_t); |
29 | mpi_t mhd_gtls_calc_dh_secret (mpi_t * ret_x, mpi_t g, mpi_t prime); | 29 | mpi_t mhd_gtls_calc_dh_secret (mpi_t * ret_x, mpi_t g, mpi_t prime); |
30 | mpi_t mhd_gtls_calc_dh_key (mpi_t f, mpi_t x, mpi_t prime); | 30 | mpi_t mhd_gtls_calc_dh_key (mpi_t f, mpi_t x, mpi_t prime); |
31 | int mhd_gtls_dh_generate_prime (mpi_t * ret_g, mpi_t * ret_n, unsigned bits); | 31 | int mhd_gtls_dh_generate_prime (mpi_t * ret_g, mpi_t * ret_n, unsigned bits); |
32 | 32 | ||
33 | mhd_gtls_dh_params_t | 33 | mhd_gtls_dh_params_t |
34 | mhd_gtls_get_dh_params (mhd_gtls_dh_params_t dh_params, | 34 | mhd_gtls_get_dh_params (mhd_gtls_dh_params_t dh_params, |
35 | gnutls_params_function * func, | 35 | gnutls_params_function * func, |
36 | mhd_gtls_session_t session); | 36 | mhd_gtls_session_t session); |
37 | 37 | ||
38 | #endif | 38 | #endif |
diff --git a/src/daemon/https/tls/gnutls_dh_primes.c b/src/daemon/https/tls/gnutls_dh_primes.c index 0d404bd8..acd08a75 100644 --- a/src/daemon/https/tls/gnutls_dh_primes.c +++ b/src/daemon/https/tls/gnutls_dh_primes.c | |||
@@ -197,7 +197,8 @@ MHD_gnutls_dh_params_deinit (mhd_gtls_dh_params_t dh_params) | |||
197 | * | 197 | * |
198 | **/ | 198 | **/ |
199 | int | 199 | int |
200 | MHD_gnutls_dh_params_generate2 (mhd_gtls_dh_params_t params, unsigned int bits) | 200 | MHD_gnutls_dh_params_generate2 (mhd_gtls_dh_params_t params, |
201 | unsigned int bits) | ||
201 | { | 202 | { |
202 | int ret; | 203 | int ret; |
203 | 204 | ||
diff --git a/src/daemon/https/tls/gnutls_errors.c b/src/daemon/https/tls/gnutls_errors.c index d9b05a5a..107412c5 100644 --- a/src/daemon/https/tls/gnutls_errors.c +++ b/src/daemon/https/tls/gnutls_errors.c | |||
@@ -260,7 +260,7 @@ static const gnutls_error_entry mhd_gtls_error_algorithms[] = { | |||
260 | * @error: is an error returned by a gnutls function. Error should be a negative value. | 260 | * @error: is an error returned by a gnutls function. Error should be a negative value. |
261 | * | 261 | * |
262 | * If a function returns a negative value you may feed that value | 262 | * If a function returns a negative value you may feed that value |
263 | * to this function to see if it is fatal. Returns 1 for a fatal | 263 | * to this function to see if it is fatal. Returns 1 for a fatal |
264 | * error 0 otherwise. However you may want to check the | 264 | * error 0 otherwise. However you may want to check the |
265 | * error code manually, since some non-fatal errors to the protocol | 265 | * error code manually, since some non-fatal errors to the protocol |
266 | * may be fatal for you (your program). | 266 | * may be fatal for you (your program). |
@@ -290,7 +290,7 @@ MHD_gtls_error_is_fatal (int error) | |||
290 | * MHD_gtls_perror - prints a string to stderr with a description of an error | 290 | * MHD_gtls_perror - prints a string to stderr with a description of an error |
291 | * @error: is an error returned by a gnutls function. Error is always a negative value. | 291 | * @error: is an error returned by a gnutls function. Error is always a negative value. |
292 | * | 292 | * |
293 | * This function is like perror(). The only difference is that it accepts an | 293 | * This function is like perror(). The only difference is that it accepts an |
294 | * error number returned by a gnutls function. | 294 | * error number returned by a gnutls function. |
295 | **/ | 295 | **/ |
296 | void | 296 | void |
diff --git a/src/daemon/https/tls/gnutls_extensions.c b/src/daemon/https/tls/gnutls_extensions.c index 6b2f00c8..4cd81f16 100644 --- a/src/daemon/https/tls/gnutls_extensions.c +++ b/src/daemon/https/tls/gnutls_extensions.c | |||
@@ -142,8 +142,8 @@ _gnutls_extension_list_check (mhd_gtls_session_t session, uint16_t type) | |||
142 | 142 | ||
143 | int | 143 | int |
144 | mhd_gtls_parse_extensions (mhd_gtls_session_t session, | 144 | mhd_gtls_parse_extensions (mhd_gtls_session_t session, |
145 | mhd_gtls_ext_parse_type_t parse_type, | 145 | mhd_gtls_ext_parse_type_t parse_type, |
146 | const opaque * data, int data_size) | 146 | const opaque * data, int data_size) |
147 | { | 147 | { |
148 | int next, ret; | 148 | int next, ret; |
149 | int pos = 0; | 149 | int pos = 0; |
@@ -159,9 +159,8 @@ mhd_gtls_parse_extensions (mhd_gtls_session_t session, | |||
159 | { | 159 | { |
160 | _gnutls_debug_log ("EXT[%d]: expecting extension '%s'\n", | 160 | _gnutls_debug_log ("EXT[%d]: expecting extension '%s'\n", |
161 | session, | 161 | session, |
162 | mhd_gtls_extension_get_name (session-> | 162 | mhd_gtls_extension_get_name |
163 | internals. | 163 | (session->internals.extensions_sent[i])); |
164 | extensions_sent[i])); | ||
165 | } | 164 | } |
166 | #endif | 165 | #endif |
167 | 166 | ||
@@ -236,7 +235,7 @@ _gnutls_extension_list_add (mhd_gtls_session_t session, uint16_t type) | |||
236 | 235 | ||
237 | int | 236 | int |
238 | mhd_gtls_gen_extensions (mhd_gtls_session_t session, opaque * data, | 237 | mhd_gtls_gen_extensions (mhd_gtls_session_t session, opaque * data, |
239 | size_t data_size) | 238 | size_t data_size) |
240 | { | 239 | { |
241 | int size; | 240 | int size; |
242 | uint16_t pos = 0; | 241 | uint16_t pos = 0; |
diff --git a/src/daemon/https/tls/gnutls_extensions.h b/src/daemon/https/tls/gnutls_extensions.h index d5e209f8..52604067 100644 --- a/src/daemon/https/tls/gnutls_extensions.h +++ b/src/daemon/https/tls/gnutls_extensions.h | |||
@@ -24,16 +24,18 @@ | |||
24 | 24 | ||
25 | #include <gnutls_int.h> | 25 | #include <gnutls_int.h> |
26 | 26 | ||
27 | const char * mhd_gtls_extension_get_name (uint16_t type); | 27 | const char *mhd_gtls_extension_get_name (uint16_t type); |
28 | int mhd_gtls_parse_extensions (mhd_gtls_session_t, mhd_gtls_ext_parse_type_t, const opaque *, int); | 28 | int mhd_gtls_parse_extensions (mhd_gtls_session_t, mhd_gtls_ext_parse_type_t, |
29 | const opaque *, int); | ||
29 | int mhd_gtls_gen_extensions (mhd_gtls_session_t session, opaque * data, | 30 | int mhd_gtls_gen_extensions (mhd_gtls_session_t session, opaque * data, |
30 | size_t data_size); | 31 | size_t data_size); |
31 | 32 | ||
32 | typedef int (* mhd_gtls_ext_recv_func) (mhd_gtls_session_t, const opaque *, size_t); /* recv data */ | 33 | typedef int (*mhd_gtls_ext_recv_func) (mhd_gtls_session_t, const opaque *, size_t); /* recv data */ |
33 | typedef int (* mhd_gtls_ext_send_func) (mhd_gtls_session_t, opaque *, size_t); /* send data */ | 34 | typedef int (*mhd_gtls_ext_send_func) (mhd_gtls_session_t, opaque *, size_t); /* send data */ |
34 | 35 | ||
35 | mhd_gtls_ext_send_func mhd_gtls_ext_func_send (uint16_t type); | 36 | mhd_gtls_ext_send_func mhd_gtls_ext_func_send (uint16_t type); |
36 | mhd_gtls_ext_recv_func mhd_gtls_ext_func_recv (uint16_t type, mhd_gtls_ext_parse_type_t); | 37 | mhd_gtls_ext_recv_func mhd_gtls_ext_func_recv (uint16_t type, |
38 | mhd_gtls_ext_parse_type_t); | ||
37 | 39 | ||
38 | typedef struct | 40 | typedef struct |
39 | { | 41 | { |
diff --git a/src/daemon/https/tls/gnutls_global.c b/src/daemon/https/tls/gnutls_global.c index 87f92239..a086b1f4 100644 --- a/src/daemon/https/tls/gnutls_global.c +++ b/src/daemon/https/tls/gnutls_global.c | |||
@@ -121,13 +121,14 @@ int _gnutls_is_secure_mem_null (const void *); | |||
121 | * This function must be called before MHD_gnutls_global_init() is called. | 121 | * This function must be called before MHD_gnutls_global_init() is called. |
122 | * | 122 | * |
123 | **/ | 123 | **/ |
124 | void MHD_gtls_global_set_mem_functions(gnutls_alloc_function alloc_func, | 124 | void |
125 | gnutls_alloc_function | 125 | MHD_gtls_global_set_mem_functions (gnutls_alloc_function alloc_func, |
126 | secure_alloc_func, | 126 | gnutls_alloc_function |
127 | gnutls_is_secure_function | 127 | secure_alloc_func, |
128 | is_secure_func, | 128 | gnutls_is_secure_function |
129 | gnutls_realloc_function realloc_func, | 129 | is_secure_func, |
130 | gnutls_free_function free_func) | 130 | gnutls_realloc_function realloc_func, |
131 | gnutls_free_function free_func) | ||
131 | { | 132 | { |
132 | gnutls_secure_malloc = secure_alloc_func; | 133 | gnutls_secure_malloc = secure_alloc_func; |
133 | gnutls_malloc = alloc_func; | 134 | gnutls_malloc = alloc_func; |
@@ -147,7 +148,7 @@ void MHD_gtls_global_set_mem_functions(gnutls_alloc_function alloc_func, | |||
147 | gnutls_calloc = calloc; | 148 | gnutls_calloc = calloc; |
148 | } | 149 | } |
149 | else | 150 | else |
150 | { /* use the included ones */ | 151 | { /* use the included ones */ |
151 | gnutls_calloc = mhd_gtls_calloc; | 152 | gnutls_calloc = mhd_gtls_calloc; |
152 | } | 153 | } |
153 | gnutls_strdup = mhd_gtls_strdup; | 154 | gnutls_strdup = mhd_gtls_strdup; |
@@ -350,7 +351,7 @@ MHD_gnutls_global_deinit (void) | |||
350 | **/ | 351 | **/ |
351 | void | 352 | void |
352 | MHD_gnutls_transport_set_pull_function (mhd_gtls_session_t session, | 353 | MHD_gnutls_transport_set_pull_function (mhd_gtls_session_t session, |
353 | mhd_gtls_pull_func pull_func) | 354 | mhd_gtls_pull_func pull_func) |
354 | { | 355 | { |
355 | session->internals._gnutls_pull_func = pull_func; | 356 | session->internals._gnutls_pull_func = pull_func; |
356 | } | 357 | } |
@@ -371,7 +372,7 @@ MHD_gnutls_transport_set_pull_function (mhd_gtls_session_t session, | |||
371 | **/ | 372 | **/ |
372 | void | 373 | void |
373 | MHD_gnutls_transport_set_push_function (mhd_gtls_session_t session, | 374 | MHD_gnutls_transport_set_push_function (mhd_gtls_session_t session, |
374 | mhd_gtls_push_func push_func) | 375 | mhd_gtls_push_func push_func) |
375 | { | 376 | { |
376 | session->internals._gnutls_push_func = push_func; | 377 | session->internals._gnutls_push_func = push_func; |
377 | } | 378 | } |
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c index 084e0477..52473c27 100644 --- a/src/daemon/https/tls/gnutls_handshake.c +++ b/src/daemon/https/tls/gnutls_handshake.c | |||
@@ -59,7 +59,7 @@ | |||
59 | #define FALSE 0 | 59 | #define FALSE 0 |
60 | 60 | ||
61 | static int _gnutls_server_select_comp_method (mhd_gtls_session_t session, | 61 | static int _gnutls_server_select_comp_method (mhd_gtls_session_t session, |
62 | opaque * data, int datalen); | 62 | opaque * data, int datalen); |
63 | 63 | ||
64 | 64 | ||
65 | /* Clears the handshake hash buffers and handles. | 65 | /* Clears the handshake hash buffers and handles. |
@@ -82,19 +82,16 @@ static void | |||
82 | resume_copy_required_values (mhd_gtls_session_t session) | 82 | resume_copy_required_values (mhd_gtls_session_t session) |
83 | { | 83 | { |
84 | /* get the new random values */ | 84 | /* get the new random values */ |
85 | memcpy (session->internals.resumed_security_parameters. | 85 | memcpy (session->internals.resumed_security_parameters.server_random, |
86 | server_random, | ||
87 | session->security_parameters.server_random, TLS_RANDOM_SIZE); | 86 | session->security_parameters.server_random, TLS_RANDOM_SIZE); |
88 | memcpy (session->internals.resumed_security_parameters. | 87 | memcpy (session->internals.resumed_security_parameters.client_random, |
89 | client_random, | ||
90 | session->security_parameters.client_random, TLS_RANDOM_SIZE); | 88 | session->security_parameters.client_random, TLS_RANDOM_SIZE); |
91 | 89 | ||
92 | /* keep the ciphersuite and compression | 90 | /* keep the ciphersuite and compression |
93 | * That is because the client must see these in our | 91 | * That is because the client must see these in our |
94 | * hello message. | 92 | * hello message. |
95 | */ | 93 | */ |
96 | memcpy (session->security_parameters.current_cipher_suite. | 94 | memcpy (session->security_parameters.current_cipher_suite.suite, |
97 | suite, | ||
98 | session->internals.resumed_security_parameters. | 95 | session->internals.resumed_security_parameters. |
99 | current_cipher_suite.suite, 2); | 96 | current_cipher_suite.suite, 2); |
100 | 97 | ||
@@ -108,15 +105,15 @@ resume_copy_required_values (mhd_gtls_session_t session) | |||
108 | session->internals.resumed_security_parameters.entity; | 105 | session->internals.resumed_security_parameters.entity; |
109 | 106 | ||
110 | mhd_gtls_set_current_version (session, | 107 | mhd_gtls_set_current_version (session, |
111 | session->internals. | 108 | session->internals. |
112 | resumed_security_parameters.version); | 109 | resumed_security_parameters.version); |
113 | 110 | ||
114 | session->security_parameters.cert_type = | 111 | session->security_parameters.cert_type = |
115 | session->internals.resumed_security_parameters.cert_type; | 112 | session->internals.resumed_security_parameters.cert_type; |
116 | 113 | ||
117 | memcpy (session->security_parameters.session_id, | 114 | memcpy (session->security_parameters.session_id, |
118 | session->internals.resumed_security_parameters. | 115 | session->internals.resumed_security_parameters.session_id, |
119 | session_id, sizeof (session->security_parameters.session_id)); | 116 | sizeof (session->security_parameters.session_id)); |
120 | session->security_parameters.session_id_size = | 117 | session->security_parameters.session_id_size = |
121 | session->internals.resumed_security_parameters.session_id_size; | 118 | session->internals.resumed_security_parameters.session_id_size; |
122 | } | 119 | } |
@@ -173,11 +170,11 @@ _gnutls_ssl3_finished (mhd_gtls_session_t session, int type, opaque * ret) | |||
173 | mhd_gnutls_hash (td_sha, mesg, siz); | 170 | mhd_gnutls_hash (td_sha, mesg, siz); |
174 | 171 | ||
175 | mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, ret, | 172 | mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, ret, |
176 | session->security_parameters. | 173 | session->security_parameters. |
177 | master_secret, TLS_MASTER_SIZE); | 174 | master_secret, TLS_MASTER_SIZE); |
178 | mhd_gnutls_mac_deinit_ssl3_handshake (td_sha, &ret[16], | 175 | mhd_gnutls_mac_deinit_ssl3_handshake (td_sha, &ret[16], |
179 | session->security_parameters. | 176 | session->security_parameters. |
180 | master_secret, TLS_MASTER_SIZE); | 177 | master_secret, TLS_MASTER_SIZE); |
181 | 178 | ||
182 | return 0; | 179 | return 0; |
183 | } | 180 | } |
@@ -238,7 +235,7 @@ _gnutls_finished (mhd_gtls_session_t session, int type, void *ret) | |||
238 | } | 235 | } |
239 | 236 | ||
240 | return mhd_gtls_PRF (session, session->security_parameters.master_secret, | 237 | return mhd_gtls_PRF (session, session->security_parameters.master_secret, |
241 | TLS_MASTER_SIZE, mesg, siz, concat, len, 12, ret); | 238 | TLS_MASTER_SIZE, mesg, siz, concat, len, 12, ret); |
242 | } | 239 | } |
243 | 240 | ||
244 | /* this function will produce TLS_RANDOM_SIZE==32 bytes of random data | 241 | /* this function will produce TLS_RANDOM_SIZE==32 bytes of random data |
@@ -271,7 +268,7 @@ mhd_gtls_tls_create_random (opaque * dst) | |||
271 | */ | 268 | */ |
272 | int | 269 | int |
273 | mhd_gtls_negotiate_version (mhd_gtls_session_t session, | 270 | mhd_gtls_negotiate_version (mhd_gtls_session_t session, |
274 | enum MHD_GNUTLS_Protocol adv_version) | 271 | enum MHD_GNUTLS_Protocol adv_version) |
275 | { | 272 | { |
276 | int ret; | 273 | int ret; |
277 | 274 | ||
@@ -302,7 +299,7 @@ mhd_gtls_negotiate_version (mhd_gtls_session_t session, | |||
302 | 299 | ||
303 | int | 300 | int |
304 | mhd_gtls_user_hello_func (mhd_gtls_session_t session, | 301 | mhd_gtls_user_hello_func (mhd_gtls_session_t session, |
305 | enum MHD_GNUTLS_Protocol adv_version) | 302 | enum MHD_GNUTLS_Protocol adv_version) |
306 | { | 303 | { |
307 | int ret; | 304 | int ret; |
308 | 305 | ||
@@ -393,10 +390,9 @@ _gnutls_read_client_hello (mhd_gtls_session_t session, opaque * data, | |||
393 | } | 390 | } |
394 | else | 391 | else |
395 | { | 392 | { |
396 | mhd_gtls_generate_session_id (session->security_parameters. | 393 | mhd_gtls_generate_session_id (session->security_parameters.session_id, |
397 | session_id, | 394 | &session->security_parameters. |
398 | &session->security_parameters. | 395 | session_id_size); |
399 | session_id_size); | ||
400 | 396 | ||
401 | session->internals.resumed = RESUME_FALSE; | 397 | session->internals.resumed = RESUME_FALSE; |
402 | } | 398 | } |
@@ -424,7 +420,7 @@ _gnutls_read_client_hello (mhd_gtls_session_t session, opaque * data, | |||
424 | */ | 420 | */ |
425 | if (neg_version >= MHD_GNUTLS_TLS1_0) | 421 | if (neg_version >= MHD_GNUTLS_TLS1_0) |
426 | { | 422 | { |
427 | ret = mhd_gtls_parse_extensions (session, EXTENSION_APPLICATION, &data[pos], len); /* len is the rest of the parsed length */ | 423 | ret = mhd_gtls_parse_extensions (session, EXTENSION_APPLICATION, &data[pos], len); /* len is the rest of the parsed length */ |
428 | if (ret < 0) | 424 | if (ret < 0) |
429 | { | 425 | { |
430 | gnutls_assert (); | 426 | gnutls_assert (); |
@@ -441,7 +437,7 @@ _gnutls_read_client_hello (mhd_gtls_session_t session, opaque * data, | |||
441 | 437 | ||
442 | if (neg_version >= MHD_GNUTLS_TLS1_0) | 438 | if (neg_version >= MHD_GNUTLS_TLS1_0) |
443 | { | 439 | { |
444 | ret = mhd_gtls_parse_extensions (session, EXTENSION_TLS, &data[pos], len); /* len is the rest of the parsed length */ | 440 | ret = mhd_gtls_parse_extensions (session, EXTENSION_TLS, &data[pos], len); /* len is the rest of the parsed length */ |
445 | if (ret < 0) | 441 | if (ret < 0) |
446 | { | 442 | { |
447 | gnutls_assert (); | 443 | gnutls_assert (); |
@@ -495,8 +491,10 @@ _gnutls_handshake_hash_pending (mhd_gtls_session_t session) | |||
495 | 491 | ||
496 | if (siz > 0) | 492 | if (siz > 0) |
497 | { | 493 | { |
498 | mhd_gnutls_hash (session->internals.handshake_mac_handle_sha, data, siz); | 494 | mhd_gnutls_hash (session->internals.handshake_mac_handle_sha, data, |
499 | mhd_gnutls_hash (session->internals.handshake_mac_handle_md5, data, siz); | 495 | siz); |
496 | mhd_gnutls_hash (session->internals.handshake_mac_handle_md5, data, | ||
497 | siz); | ||
500 | } | 498 | } |
501 | 499 | ||
502 | mhd_gtls_handshake_buffer_empty (session); | 500 | mhd_gtls_handshake_buffer_empty (session); |
@@ -554,7 +552,7 @@ _gnutls_send_finished (mhd_gtls_session_t session, int again) | |||
554 | 552 | ||
555 | ret = | 553 | ret = |
556 | mhd_gtls_send_handshake (session, data, data_size, | 554 | mhd_gtls_send_handshake (session, data, data_size, |
557 | GNUTLS_HANDSHAKE_FINISHED); | 555 | GNUTLS_HANDSHAKE_FINISHED); |
558 | 556 | ||
559 | return ret; | 557 | return ret; |
560 | } | 558 | } |
@@ -572,7 +570,7 @@ _gnutls_recv_finished (mhd_gtls_session_t session) | |||
572 | 570 | ||
573 | ret = | 571 | ret = |
574 | mhd_gtls_recv_handshake (session, &vrfy, &vrfysize, | 572 | mhd_gtls_recv_handshake (session, &vrfy, &vrfysize, |
575 | GNUTLS_HANDSHAKE_FINISHED, MANDATORY_PACKET); | 573 | GNUTLS_HANDSHAKE_FINISHED, MANDATORY_PACKET); |
576 | if (ret < 0) | 574 | if (ret < 0) |
577 | { | 575 | { |
578 | ERR ("recv finished int", ret); | 576 | ERR ("recv finished int", ret); |
@@ -601,8 +599,8 @@ _gnutls_recv_finished (mhd_gtls_session_t session) | |||
601 | { | 599 | { |
602 | ret = | 600 | ret = |
603 | _gnutls_ssl3_finished (session, | 601 | _gnutls_ssl3_finished (session, |
604 | (session->security_parameters. | 602 | (session->security_parameters.entity + 1) % 2, |
605 | entity + 1) % 2, data); | 603 | data); |
606 | } | 604 | } |
607 | else | 605 | else |
608 | { /* TLS 1.0 */ | 606 | { /* TLS 1.0 */ |
@@ -671,14 +669,14 @@ _gnutls_server_find_pk_algos_in_ciphersuites (const opaque * | |||
671 | */ | 669 | */ |
672 | int | 670 | int |
673 | mhd_gtls_server_select_suite (mhd_gtls_session_t session, opaque * data, | 671 | mhd_gtls_server_select_suite (mhd_gtls_session_t session, opaque * data, |
674 | int datalen) | 672 | int datalen) |
675 | { | 673 | { |
676 | int x, i, j; | 674 | int x, i, j; |
677 | cipher_suite_st *ciphers, cs; | 675 | cipher_suite_st *ciphers, cs; |
678 | int retval, err; | 676 | int retval, err; |
679 | enum MHD_GNUTLS_PublicKeyAlgorithm pk_algo; /* will hold the pk algorithms | 677 | enum MHD_GNUTLS_PublicKeyAlgorithm pk_algo; /* will hold the pk algorithms |
680 | * supported by the peer. | 678 | * supported by the peer. |
681 | */ | 679 | */ |
682 | 680 | ||
683 | pk_algo = _gnutls_server_find_pk_algos_in_ciphersuites (data, datalen); | 681 | pk_algo = _gnutls_server_find_pk_algos_in_ciphersuites (data, datalen); |
684 | 682 | ||
@@ -741,8 +739,8 @@ mhd_gtls_server_select_suite (mhd_gtls_session_t session, opaque * data, | |||
741 | _gnutls_handshake_log | 739 | _gnutls_handshake_log |
742 | ("HSK[%x]: Selected cipher suite: %s\n", session, | 740 | ("HSK[%x]: Selected cipher suite: %s\n", session, |
743 | mhd_gtls_cipher_suite_get_name (&cs)); | 741 | mhd_gtls_cipher_suite_get_name (&cs)); |
744 | memcpy (session->security_parameters.current_cipher_suite. | 742 | memcpy (session->security_parameters.current_cipher_suite.suite, |
745 | suite, ciphers[i].suite, 2); | 743 | ciphers[i].suite, 2); |
746 | retval = 0; | 744 | retval = 0; |
747 | goto finish; | 745 | goto finish; |
748 | } | 746 | } |
@@ -763,8 +761,8 @@ finish: | |||
763 | if (mhd_gtls_get_kx_cred | 761 | if (mhd_gtls_get_kx_cred |
764 | (session, | 762 | (session, |
765 | mhd_gtls_cipher_suite_get_kx_algo (&session->security_parameters. | 763 | mhd_gtls_cipher_suite_get_kx_algo (&session->security_parameters. |
766 | current_cipher_suite), | 764 | current_cipher_suite), &err) == NULL |
767 | &err) == NULL && err != 0) | 765 | && err != 0) |
768 | { | 766 | { |
769 | gnutls_assert (); | 767 | gnutls_assert (); |
770 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | 768 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; |
@@ -777,8 +775,8 @@ finish: | |||
777 | */ | 775 | */ |
778 | session->internals.auth_struct = | 776 | session->internals.auth_struct = |
779 | mhd_gtls_kx_auth_struct (mhd_gtls_cipher_suite_get_kx_algo | 777 | mhd_gtls_kx_auth_struct (mhd_gtls_cipher_suite_get_kx_algo |
780 | (&session->security_parameters. | 778 | (&session->security_parameters. |
781 | current_cipher_suite)); | 779 | current_cipher_suite)); |
782 | if (session->internals.auth_struct == NULL) | 780 | if (session->internals.auth_struct == NULL) |
783 | { | 781 | { |
784 | 782 | ||
@@ -828,7 +826,7 @@ _gnutls_server_select_comp_method (mhd_gtls_session_t session, | |||
828 | _gnutls_handshake_log | 826 | _gnutls_handshake_log |
829 | ("HSK[%x]: Selected Compression Method: %s\n", session, | 827 | ("HSK[%x]: Selected Compression Method: %s\n", session, |
830 | MHD_gnutls_compression_get_name (session->internals. | 828 | MHD_gnutls_compression_get_name (session->internals. |
831 | compression_method)); | 829 | compression_method)); |
832 | 830 | ||
833 | 831 | ||
834 | return 0; | 832 | return 0; |
@@ -883,9 +881,9 @@ _gnutls_handshake_hash_add_sent (mhd_gtls_session_t session, | |||
883 | if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) | 881 | if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) |
884 | { | 882 | { |
885 | mhd_gnutls_hash (session->internals.handshake_mac_handle_sha, dataptr, | 883 | mhd_gnutls_hash (session->internals.handshake_mac_handle_sha, dataptr, |
886 | datalen); | 884 | datalen); |
887 | mhd_gnutls_hash (session->internals.handshake_mac_handle_md5, dataptr, | 885 | mhd_gnutls_hash (session->internals.handshake_mac_handle_md5, dataptr, |
888 | datalen); | 886 | datalen); |
889 | } | 887 | } |
890 | 888 | ||
891 | return 0; | 889 | return 0; |
@@ -899,8 +897,8 @@ _gnutls_handshake_hash_add_sent (mhd_gtls_session_t session, | |||
899 | */ | 897 | */ |
900 | int | 898 | int |
901 | mhd_gtls_send_handshake (mhd_gtls_session_t session, void *i_data, | 899 | mhd_gtls_send_handshake (mhd_gtls_session_t session, void *i_data, |
902 | uint32_t i_datasize, | 900 | uint32_t i_datasize, |
903 | gnutls_handshake_description_t type) | 901 | gnutls_handshake_description_t type) |
904 | { | 902 | { |
905 | int ret; | 903 | int ret; |
906 | uint8_t *data; | 904 | uint8_t *data; |
@@ -954,7 +952,7 @@ mhd_gtls_send_handshake (mhd_gtls_session_t session, void *i_data, | |||
954 | 952 | ||
955 | ret = | 953 | ret = |
956 | mhd_gtls_handshake_io_send_int (session, GNUTLS_HANDSHAKE, type, | 954 | mhd_gtls_handshake_io_send_int (session, GNUTLS_HANDSHAKE, type, |
957 | data, datasize); | 955 | data, datasize); |
958 | 956 | ||
959 | _gnutls_handshake_log ("HSK[%x]: %s was sent [%ld bytes]\n", | 957 | _gnutls_handshake_log ("HSK[%x]: %s was sent [%ld bytes]\n", |
960 | session, _gnutls_handshake2str (type), datasize); | 958 | session, _gnutls_handshake2str (type), datasize); |
@@ -1007,7 +1005,7 @@ _gnutls_recv_handshake_header (mhd_gtls_session_t session, | |||
1007 | { | 1005 | { |
1008 | ret = | 1006 | ret = |
1009 | mhd_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, | 1007 | mhd_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, |
1010 | type, dataptr, SSL2_HEADERS); | 1008 | type, dataptr, SSL2_HEADERS); |
1011 | 1009 | ||
1012 | if (ret < 0) | 1010 | if (ret < 0) |
1013 | { | 1011 | { |
@@ -1030,14 +1028,13 @@ _gnutls_recv_handshake_header (mhd_gtls_session_t session, | |||
1030 | { | 1028 | { |
1031 | ret = | 1029 | ret = |
1032 | mhd_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, | 1030 | mhd_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, |
1033 | type, | 1031 | type, |
1034 | &dataptr[session-> | 1032 | &dataptr |
1035 | internals. | 1033 | [session->internals. |
1036 | handshake_header_buffer. | 1034 | handshake_header_buffer.header_size], |
1037 | header_size], | 1035 | HANDSHAKE_HEADER_SIZE - |
1038 | HANDSHAKE_HEADER_SIZE - | 1036 | session->internals. |
1039 | session->internals. | 1037 | handshake_header_buffer.header_size); |
1040 | handshake_header_buffer.header_size); | ||
1041 | if (ret <= 0) | 1038 | if (ret <= 0) |
1042 | { | 1039 | { |
1043 | gnutls_assert (); | 1040 | gnutls_assert (); |
@@ -1155,8 +1152,8 @@ _gnutls_handshake_hash_add_recvd (mhd_gtls_session_t session, | |||
1155 | */ | 1152 | */ |
1156 | int | 1153 | int |
1157 | mhd_gtls_recv_handshake (mhd_gtls_session_t session, uint8_t ** data, | 1154 | mhd_gtls_recv_handshake (mhd_gtls_session_t session, uint8_t ** data, |
1158 | int *datalen, gnutls_handshake_description_t type, | 1155 | int *datalen, gnutls_handshake_description_t type, |
1159 | Optional optional) | 1156 | Optional optional) |
1160 | { | 1157 | { |
1161 | int ret; | 1158 | int ret; |
1162 | uint32_t length32 = 0; | 1159 | uint32_t length32 = 0; |
@@ -1205,7 +1202,7 @@ mhd_gtls_recv_handshake (mhd_gtls_session_t session, uint8_t ** data, | |||
1205 | { | 1202 | { |
1206 | ret = | 1203 | ret = |
1207 | mhd_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, | 1204 | mhd_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, |
1208 | type, dataptr, length32); | 1205 | type, dataptr, length32); |
1209 | if (ret <= 0) | 1206 | if (ret <= 0) |
1210 | { | 1207 | { |
1211 | gnutls_assert (); | 1208 | gnutls_assert (); |
@@ -1222,8 +1219,8 @@ mhd_gtls_recv_handshake (mhd_gtls_session_t session, uint8_t ** data, | |||
1222 | session->internals. | 1219 | session->internals. |
1223 | handshake_header_buffer.header, | 1220 | handshake_header_buffer.header, |
1224 | session->internals. | 1221 | session->internals. |
1225 | handshake_header_buffer. | 1222 | handshake_header_buffer.header_size, |
1226 | header_size, dataptr, length32); | 1223 | dataptr, length32); |
1227 | if (ret < 0) | 1224 | if (ret < 0) |
1228 | { | 1225 | { |
1229 | gnutls_assert (); | 1226 | gnutls_assert (); |
@@ -1286,7 +1283,8 @@ _gnutls_client_set_ciphersuite (mhd_gtls_session_t session, opaque suite[2]) | |||
1286 | int i, err; | 1283 | int i, err; |
1287 | 1284 | ||
1288 | z = 1; | 1285 | z = 1; |
1289 | cipher_suite_num = mhd_gtls_supported_ciphersuites (session, &cipher_suites); | 1286 | cipher_suite_num = |
1287 | mhd_gtls_supported_ciphersuites (session, &cipher_suites); | ||
1290 | if (cipher_suite_num < 0) | 1288 | if (cipher_suite_num < 0) |
1291 | { | 1289 | { |
1292 | gnutls_assert (); | 1290 | gnutls_assert (); |
@@ -1313,19 +1311,19 @@ _gnutls_client_set_ciphersuite (mhd_gtls_session_t session, opaque suite[2]) | |||
1313 | memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2); | 1311 | memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2); |
1314 | 1312 | ||
1315 | _gnutls_handshake_log ("HSK[%x]: Selected cipher suite: %s\n", session, | 1313 | _gnutls_handshake_log ("HSK[%x]: Selected cipher suite: %s\n", session, |
1316 | mhd_gtls_cipher_suite_get_name (&session-> | 1314 | mhd_gtls_cipher_suite_get_name |
1317 | security_parameters. | 1315 | (&session->security_parameters. |
1318 | current_cipher_suite)); | 1316 | current_cipher_suite)); |
1319 | 1317 | ||
1320 | 1318 | ||
1321 | /* check if the credentials (username, public key etc.) are ok. | 1319 | /* check if the credentials (username, public key etc.) are ok. |
1322 | * Actually checks if they exist. | 1320 | * Actually checks if they exist. |
1323 | */ | 1321 | */ |
1324 | if (mhd_gtls_get_kx_cred | 1322 | if (mhd_gtls_get_kx_cred |
1325 | (session, mhd_gtls_cipher_suite_get_kx_algo (&session-> | 1323 | (session, |
1326 | security_parameters. | 1324 | mhd_gtls_cipher_suite_get_kx_algo |
1327 | current_cipher_suite), | 1325 | (&session->security_parameters.current_cipher_suite), &err) == NULL |
1328 | &err) == NULL && err != 0) | 1326 | && err != 0) |
1329 | { | 1327 | { |
1330 | gnutls_assert (); | 1328 | gnutls_assert (); |
1331 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | 1329 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; |
@@ -1338,8 +1336,8 @@ _gnutls_client_set_ciphersuite (mhd_gtls_session_t session, opaque suite[2]) | |||
1338 | */ | 1336 | */ |
1339 | session->internals.auth_struct = | 1337 | session->internals.auth_struct = |
1340 | mhd_gtls_kx_auth_struct (mhd_gtls_cipher_suite_get_kx_algo | 1338 | mhd_gtls_kx_auth_struct (mhd_gtls_cipher_suite_get_kx_algo |
1341 | (&session->security_parameters. | 1339 | (&session->security_parameters. |
1342 | current_cipher_suite)); | 1340 | current_cipher_suite)); |
1343 | 1341 | ||
1344 | if (session->internals.auth_struct == NULL) | 1342 | if (session->internals.auth_struct == NULL) |
1345 | { | 1343 | { |
@@ -1358,14 +1356,15 @@ _gnutls_client_set_ciphersuite (mhd_gtls_session_t session, opaque suite[2]) | |||
1358 | /* This function sets the given comp method to the session. | 1356 | /* This function sets the given comp method to the session. |
1359 | */ | 1357 | */ |
1360 | static int | 1358 | static int |
1361 | _gnutls_client_set_comp_method (mhd_gtls_session_t session, opaque comp_method) | 1359 | _gnutls_client_set_comp_method (mhd_gtls_session_t session, |
1360 | opaque comp_method) | ||
1362 | { | 1361 | { |
1363 | int comp_methods_num; | 1362 | int comp_methods_num; |
1364 | uint8_t *compression_methods; | 1363 | uint8_t *compression_methods; |
1365 | int i; | 1364 | int i; |
1366 | 1365 | ||
1367 | comp_methods_num = mhd_gtls_supported_compression_methods (session, | 1366 | comp_methods_num = mhd_gtls_supported_compression_methods (session, |
1368 | &compression_methods); | 1367 | &compression_methods); |
1369 | if (comp_methods_num < 0) | 1368 | if (comp_methods_num < 0) |
1370 | { | 1369 | { |
1371 | gnutls_assert (); | 1370 | gnutls_assert (); |
@@ -1410,21 +1409,19 @@ _gnutls_client_check_if_resuming (mhd_gtls_session_t session, | |||
1410 | session_id_len); | 1409 | session_id_len); |
1411 | _gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, | 1410 | _gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, |
1412 | mhd_gtls_bin2hex (session_id, session_id_len, buf, | 1411 | mhd_gtls_bin2hex (session_id, session_id_len, buf, |
1413 | sizeof (buf))); | 1412 | sizeof (buf))); |
1414 | 1413 | ||
1415 | if (session_id_len > 0 && | 1414 | if (session_id_len > 0 && |
1416 | session->internals.resumed_security_parameters.session_id_size == | 1415 | session->internals.resumed_security_parameters.session_id_size == |
1417 | session_id_len | 1416 | session_id_len |
1418 | && memcmp (session_id, | 1417 | && memcmp (session_id, |
1419 | session->internals.resumed_security_parameters. | 1418 | session->internals.resumed_security_parameters.session_id, |
1420 | session_id, session_id_len) == 0) | 1419 | session_id_len) == 0) |
1421 | { | 1420 | { |
1422 | /* resume session */ | 1421 | /* resume session */ |
1423 | memcpy (session->internals. | 1422 | memcpy (session->internals.resumed_security_parameters.server_random, |
1424 | resumed_security_parameters.server_random, | ||
1425 | session->security_parameters.server_random, TLS_RANDOM_SIZE); | 1423 | session->security_parameters.server_random, TLS_RANDOM_SIZE); |
1426 | memcpy (session->internals. | 1424 | memcpy (session->internals.resumed_security_parameters.client_random, |
1427 | resumed_security_parameters.client_random, | ||
1428 | session->security_parameters.client_random, TLS_RANDOM_SIZE); | 1425 | session->security_parameters.client_random, TLS_RANDOM_SIZE); |
1429 | session->internals.resumed = RESUME_TRUE; /* we are resuming */ | 1426 | session->internals.resumed = RESUME_TRUE; /* we are resuming */ |
1430 | 1427 | ||
@@ -1536,7 +1533,7 @@ _gnutls_read_server_hello (mhd_gtls_session_t session, | |||
1536 | */ | 1533 | */ |
1537 | if (version >= MHD_GNUTLS_TLS1_0) | 1534 | if (version >= MHD_GNUTLS_TLS1_0) |
1538 | { | 1535 | { |
1539 | ret = mhd_gtls_parse_extensions (session, EXTENSION_ANY, &data[pos], len); /* len is the rest of the parsed length */ | 1536 | ret = mhd_gtls_parse_extensions (session, EXTENSION_ANY, &data[pos], len); /* len is the rest of the parsed length */ |
1540 | if (ret < 0) | 1537 | if (ret < 0) |
1541 | { | 1538 | { |
1542 | gnutls_assert (); | 1539 | gnutls_assert (); |
@@ -1627,7 +1624,8 @@ _gnutls_copy_comp_methods (mhd_gtls_session_t session, | |||
1627 | uint8_t *compression_methods, comp_num; | 1624 | uint8_t *compression_methods, comp_num; |
1628 | int datalen, pos; | 1625 | int datalen, pos; |
1629 | 1626 | ||
1630 | ret = mhd_gtls_supported_compression_methods (session, &compression_methods); | 1627 | ret = |
1628 | mhd_gtls_supported_compression_methods (session, &compression_methods); | ||
1631 | if (ret < 0) | 1629 | if (ret < 0) |
1632 | { | 1630 | { |
1633 | gnutls_assert (); | 1631 | gnutls_assert (); |
@@ -1841,7 +1839,7 @@ _gnutls_send_client_hello (mhd_gtls_session_t session, int again) | |||
1841 | 1839 | ||
1842 | ret = | 1840 | ret = |
1843 | mhd_gtls_send_handshake (session, data, datalen, | 1841 | mhd_gtls_send_handshake (session, data, datalen, |
1844 | GNUTLS_HANDSHAKE_CLIENT_HELLO); | 1842 | GNUTLS_HANDSHAKE_CLIENT_HELLO); |
1845 | gnutls_free (data); | 1843 | gnutls_free (data); |
1846 | 1844 | ||
1847 | return ret; | 1845 | return ret; |
@@ -1883,7 +1881,7 @@ _gnutls_send_server_hello (mhd_gtls_session_t session, int again) | |||
1883 | */ | 1881 | */ |
1884 | gnutls_assert (); | 1882 | gnutls_assert (); |
1885 | ret = MHD_gnutls_alert_send (session, GNUTLS_AL_FATAL, | 1883 | ret = MHD_gnutls_alert_send (session, GNUTLS_AL_FATAL, |
1886 | GNUTLS_A_UNKNOWN_PSK_IDENTITY); | 1884 | GNUTLS_A_UNKNOWN_PSK_IDENTITY); |
1887 | if (ret < 0) | 1885 | if (ret < 0) |
1888 | { | 1886 | { |
1889 | gnutls_assert (); | 1887 | gnutls_assert (); |
@@ -1932,7 +1930,7 @@ _gnutls_send_server_hello (mhd_gtls_session_t session, int again) | |||
1932 | 1930 | ||
1933 | _gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, | 1931 | _gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, |
1934 | mhd_gtls_bin2hex (SessionID, session_id_len, | 1932 | mhd_gtls_bin2hex (SessionID, session_id_len, |
1935 | buf, sizeof (buf))); | 1933 | buf, sizeof (buf))); |
1936 | 1934 | ||
1937 | memcpy (&data[pos], | 1935 | memcpy (&data[pos], |
1938 | session->security_parameters.current_cipher_suite.suite, 2); | 1936 | session->security_parameters.current_cipher_suite.suite, 2); |
@@ -1940,7 +1938,7 @@ _gnutls_send_server_hello (mhd_gtls_session_t session, int again) | |||
1940 | 1938 | ||
1941 | comp = | 1939 | comp = |
1942 | (uint8_t) mhd_gtls_compression_get_num (session-> | 1940 | (uint8_t) mhd_gtls_compression_get_num (session-> |
1943 | internals.compression_method); | 1941 | internals.compression_method); |
1944 | data[pos++] = comp; | 1942 | data[pos++] = comp; |
1945 | 1943 | ||
1946 | 1944 | ||
@@ -1954,7 +1952,7 @@ _gnutls_send_server_hello (mhd_gtls_session_t session, int again) | |||
1954 | 1952 | ||
1955 | ret = | 1953 | ret = |
1956 | mhd_gtls_send_handshake (session, data, datalen, | 1954 | mhd_gtls_send_handshake (session, data, datalen, |
1957 | GNUTLS_HANDSHAKE_SERVER_HELLO); | 1955 | GNUTLS_HANDSHAKE_SERVER_HELLO); |
1958 | gnutls_afree (data); | 1956 | gnutls_afree (data); |
1959 | 1957 | ||
1960 | return ret; | 1958 | return ret; |
@@ -2137,7 +2135,7 @@ _gnutls_send_supplemental (mhd_gtls_session_t session, int again) | |||
2137 | 2135 | ||
2138 | if (again) | 2136 | if (again) |
2139 | ret = mhd_gtls_send_handshake (session, NULL, 0, | 2137 | ret = mhd_gtls_send_handshake (session, NULL, 0, |
2140 | GNUTLS_HANDSHAKE_SUPPLEMENTAL); | 2138 | GNUTLS_HANDSHAKE_SUPPLEMENTAL); |
2141 | else | 2139 | else |
2142 | { | 2140 | { |
2143 | mhd_gtls_buffer buf; | 2141 | mhd_gtls_buffer buf; |
@@ -2151,7 +2149,7 @@ _gnutls_send_supplemental (mhd_gtls_session_t session, int again) | |||
2151 | } | 2149 | } |
2152 | 2150 | ||
2153 | ret = mhd_gtls_send_handshake (session, buf.data, buf.length, | 2151 | ret = mhd_gtls_send_handshake (session, buf.data, buf.length, |
2154 | GNUTLS_HANDSHAKE_SUPPLEMENTAL); | 2152 | GNUTLS_HANDSHAKE_SUPPLEMENTAL); |
2155 | mhd_gtls_buffer_clear (&buf); | 2153 | mhd_gtls_buffer_clear (&buf); |
2156 | } | 2154 | } |
2157 | 2155 | ||
@@ -2168,8 +2166,8 @@ _gnutls_recv_supplemental (mhd_gtls_session_t session) | |||
2168 | _gnutls_debug_log ("EXT[%x]: Expecting supplemental data\n", session); | 2166 | _gnutls_debug_log ("EXT[%x]: Expecting supplemental data\n", session); |
2169 | 2167 | ||
2170 | ret = mhd_gtls_recv_handshake (session, &data, &datalen, | 2168 | ret = mhd_gtls_recv_handshake (session, &data, &datalen, |
2171 | GNUTLS_HANDSHAKE_SUPPLEMENTAL, | 2169 | GNUTLS_HANDSHAKE_SUPPLEMENTAL, |
2172 | OPTIONAL_PACKET); | 2170 | OPTIONAL_PACKET); |
2173 | if (ret < 0) | 2171 | if (ret < 0) |
2174 | { | 2172 | { |
2175 | gnutls_assert (); | 2173 | gnutls_assert (); |
@@ -2290,12 +2288,12 @@ mhd_gtls_handshake_client (mhd_gtls_session_t session) | |||
2290 | if (session->internals.resumed_security_parameters.session_id_size > 0) | 2288 | if (session->internals.resumed_security_parameters.session_id_size > 0) |
2291 | _gnutls_handshake_log ("HSK[%x]: Ask to resume: %s\n", session, | 2289 | _gnutls_handshake_log ("HSK[%x]: Ask to resume: %s\n", session, |
2292 | mhd_gtls_bin2hex (session->internals. | 2290 | mhd_gtls_bin2hex (session->internals. |
2293 | resumed_security_parameters. | 2291 | resumed_security_parameters. |
2294 | session_id, | 2292 | session_id, |
2295 | session->internals. | 2293 | session->internals. |
2296 | resumed_security_parameters. | 2294 | resumed_security_parameters. |
2297 | session_id_size, buf, | 2295 | session_id_size, buf, |
2298 | sizeof (buf))); | 2296 | sizeof (buf))); |
2299 | #endif | 2297 | #endif |
2300 | 2298 | ||
2301 | switch (STATE) | 2299 | switch (STATE) |
@@ -2310,8 +2308,8 @@ mhd_gtls_handshake_client (mhd_gtls_session_t session) | |||
2310 | /* receive the server hello */ | 2308 | /* receive the server hello */ |
2311 | ret = | 2309 | ret = |
2312 | mhd_gtls_recv_handshake (session, NULL, NULL, | 2310 | mhd_gtls_recv_handshake (session, NULL, NULL, |
2313 | GNUTLS_HANDSHAKE_SERVER_HELLO, | 2311 | GNUTLS_HANDSHAKE_SERVER_HELLO, |
2314 | MANDATORY_PACKET); | 2312 | MANDATORY_PACKET); |
2315 | STATE = STATE2; | 2313 | STATE = STATE2; |
2316 | IMED_RET ("recv hello", ret); | 2314 | IMED_RET ("recv hello", ret); |
2317 | 2315 | ||
@@ -2351,8 +2349,8 @@ mhd_gtls_handshake_client (mhd_gtls_session_t session) | |||
2351 | if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ | 2349 | if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ |
2352 | ret = | 2350 | ret = |
2353 | mhd_gtls_recv_handshake (session, NULL, NULL, | 2351 | mhd_gtls_recv_handshake (session, NULL, NULL, |
2354 | GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, | 2352 | GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, |
2355 | MANDATORY_PACKET); | 2353 | MANDATORY_PACKET); |
2356 | STATE = STATE6; | 2354 | STATE = STATE6; |
2357 | IMED_RET ("recv server hello done", ret); | 2355 | IMED_RET ("recv server hello done", ret); |
2358 | 2356 | ||
@@ -2469,7 +2467,8 @@ _gnutls_recv_handshake_final (mhd_gtls_session_t session, int init) | |||
2469 | { | 2467 | { |
2470 | case STATE0: | 2468 | case STATE0: |
2471 | case STATE30: | 2469 | case STATE30: |
2472 | ret = mhd_gtls_recv_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, 1); | 2470 | ret = |
2471 | mhd_gtls_recv_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, 1); | ||
2473 | STATE = STATE30; | 2472 | STATE = STATE30; |
2474 | if (ret <= 0) | 2473 | if (ret <= 0) |
2475 | { | 2474 | { |
@@ -2530,8 +2529,8 @@ mhd_gtls_handshake_server (mhd_gtls_session_t session) | |||
2530 | case STATE1: | 2529 | case STATE1: |
2531 | ret = | 2530 | ret = |
2532 | mhd_gtls_recv_handshake (session, NULL, NULL, | 2531 | mhd_gtls_recv_handshake (session, NULL, NULL, |
2533 | GNUTLS_HANDSHAKE_CLIENT_HELLO, | 2532 | GNUTLS_HANDSHAKE_CLIENT_HELLO, |
2534 | MANDATORY_PACKET); | 2533 | MANDATORY_PACKET); |
2535 | STATE = STATE1; | 2534 | STATE = STATE1; |
2536 | IMED_RET ("recv hello", ret); | 2535 | IMED_RET ("recv hello", ret); |
2537 | 2536 | ||
@@ -2671,7 +2670,7 @@ mhd_gtls_generate_session_id (opaque * session_id, uint8_t * len) | |||
2671 | 2670 | ||
2672 | int | 2671 | int |
2673 | mhd_gtls_recv_hello_request (mhd_gtls_session_t session, void *data, | 2672 | mhd_gtls_recv_hello_request (mhd_gtls_session_t session, void *data, |
2674 | uint32_t data_size) | 2673 | uint32_t data_size) |
2675 | { | 2674 | { |
2676 | uint8_t type; | 2675 | uint8_t type; |
2677 | 2676 | ||
@@ -2701,7 +2700,7 @@ mhd_gtls_recv_hello_request (mhd_gtls_session_t session, void *data, | |||
2701 | inline static int | 2700 | inline static int |
2702 | check_server_params (mhd_gtls_session_t session, | 2701 | check_server_params (mhd_gtls_session_t session, |
2703 | enum MHD_GNUTLS_KeyExchangeAlgorithm kx, | 2702 | enum MHD_GNUTLS_KeyExchangeAlgorithm kx, |
2704 | enum MHD_GNUTLS_KeyExchangeAlgorithm * alg, int alg_size) | 2703 | enum MHD_GNUTLS_KeyExchangeAlgorithm *alg, int alg_size) |
2705 | { | 2704 | { |
2706 | int cred_type; | 2705 | int cred_type; |
2707 | mhd_gtls_dh_params_t dh_params = NULL; | 2706 | mhd_gtls_dh_params_t dh_params = NULL; |
@@ -2717,17 +2716,17 @@ check_server_params (mhd_gtls_session_t session, | |||
2717 | int delete; | 2716 | int delete; |
2718 | mhd_gtls_cert_credentials_t x509_cred = | 2717 | mhd_gtls_cert_credentials_t x509_cred = |
2719 | (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key, | 2718 | (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key, |
2720 | cred_type, NULL); | 2719 | cred_type, NULL); |
2721 | 2720 | ||
2722 | if (x509_cred != NULL) | 2721 | if (x509_cred != NULL) |
2723 | { | 2722 | { |
2724 | dh_params = | 2723 | dh_params = |
2725 | mhd_gtls_get_dh_params (x509_cred->dh_params, | 2724 | mhd_gtls_get_dh_params (x509_cred->dh_params, |
2726 | x509_cred->params_func, session); | 2725 | x509_cred->params_func, session); |
2727 | rsa_params = | 2726 | rsa_params = |
2728 | mhd_gtls_certificate_get_rsa_params (x509_cred->rsa_params, | 2727 | mhd_gtls_certificate_get_rsa_params (x509_cred->rsa_params, |
2729 | x509_cred->params_func, | 2728 | x509_cred->params_func, |
2730 | session); | 2729 | session); |
2731 | } | 2730 | } |
2732 | 2731 | ||
2733 | /* Check also if the certificate supports the | 2732 | /* Check also if the certificate supports the |
@@ -2752,13 +2751,14 @@ check_server_params (mhd_gtls_session_t session, | |||
2752 | { | 2751 | { |
2753 | mhd_gtls_anon_server_credentials_t anon_cred = | 2752 | mhd_gtls_anon_server_credentials_t anon_cred = |
2754 | (mhd_gtls_anon_server_credentials_t) mhd_gtls_get_cred (session->key, | 2753 | (mhd_gtls_anon_server_credentials_t) mhd_gtls_get_cred (session->key, |
2755 | cred_type, NULL); | 2754 | cred_type, |
2755 | NULL); | ||
2756 | 2756 | ||
2757 | if (anon_cred != NULL) | 2757 | if (anon_cred != NULL) |
2758 | { | 2758 | { |
2759 | dh_params = | 2759 | dh_params = |
2760 | mhd_gtls_get_dh_params (anon_cred->dh_params, | 2760 | mhd_gtls_get_dh_params (anon_cred->dh_params, |
2761 | anon_cred->params_func, session); | 2761 | anon_cred->params_func, session); |
2762 | } | 2762 | } |
2763 | #endif | 2763 | #endif |
2764 | #ifdef ENABLE_PSK | 2764 | #ifdef ENABLE_PSK |
@@ -2767,13 +2767,13 @@ check_server_params (mhd_gtls_session_t session, | |||
2767 | { | 2767 | { |
2768 | gnutls_psk_server_credentials_t psk_cred = | 2768 | gnutls_psk_server_credentials_t psk_cred = |
2769 | (gnutls_psk_server_credentials_t) mhd_gtls_get_cred (session->key, | 2769 | (gnutls_psk_server_credentials_t) mhd_gtls_get_cred (session->key, |
2770 | cred_type, NULL); | 2770 | cred_type, NULL); |
2771 | 2771 | ||
2772 | if (psk_cred != NULL) | 2772 | if (psk_cred != NULL) |
2773 | { | 2773 | { |
2774 | dh_params = | 2774 | dh_params = |
2775 | mhd_gtls_get_dh_params (psk_cred->dh_params, psk_cred->params_func, | 2775 | mhd_gtls_get_dh_params (psk_cred->dh_params, |
2776 | session); | 2776 | psk_cred->params_func, session); |
2777 | } | 2777 | } |
2778 | #endif | 2778 | #endif |
2779 | } | 2779 | } |
@@ -2816,9 +2816,10 @@ check_server_params (mhd_gtls_session_t session, | |||
2816 | */ | 2816 | */ |
2817 | int | 2817 | int |
2818 | mhd_gtls_remove_unwanted_ciphersuites (mhd_gtls_session_t session, | 2818 | mhd_gtls_remove_unwanted_ciphersuites (mhd_gtls_session_t session, |
2819 | cipher_suite_st ** cipherSuites, | 2819 | cipher_suite_st ** cipherSuites, |
2820 | int numCipherSuites, | 2820 | int numCipherSuites, |
2821 | enum MHD_GNUTLS_PublicKeyAlgorithm requested_pk_algo) | 2821 | enum MHD_GNUTLS_PublicKeyAlgorithm |
2822 | requested_pk_algo) | ||
2822 | { | 2823 | { |
2823 | 2824 | ||
2824 | int ret = 0; | 2825 | int ret = 0; |
@@ -2838,8 +2839,8 @@ mhd_gtls_remove_unwanted_ciphersuites (mhd_gtls_session_t session, | |||
2838 | 2839 | ||
2839 | cert_cred = | 2840 | cert_cred = |
2840 | (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key, | 2841 | (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key, |
2841 | MHD_GNUTLS_CRD_CERTIFICATE, | 2842 | MHD_GNUTLS_CRD_CERTIFICATE, |
2842 | NULL); | 2843 | NULL); |
2843 | 2844 | ||
2844 | /* If there are certificate credentials, find an appropriate certificate | 2845 | /* If there are certificate credentials, find an appropriate certificate |
2845 | * or disable them; | 2846 | * or disable them; |
@@ -2953,13 +2954,15 @@ mhd_gtls_remove_unwanted_ciphersuites (mhd_gtls_session_t session, | |||
2953 | * | 2954 | * |
2954 | **/ | 2955 | **/ |
2955 | void | 2956 | void |
2956 | MHD_gnutls_handshake_set_max_packet_length (mhd_gtls_session_t session, size_t max) | 2957 | MHD_gnutls_handshake_set_max_packet_length (mhd_gtls_session_t session, |
2958 | size_t max) | ||
2957 | { | 2959 | { |
2958 | session->internals.max_handshake_data_buffer_size = max; | 2960 | session->internals.max_handshake_data_buffer_size = max; |
2959 | } | 2961 | } |
2960 | 2962 | ||
2961 | void | 2963 | void |
2962 | mhd_gtls_set_adv_version (mhd_gtls_session_t session, enum MHD_GNUTLS_Protocol ver) | 2964 | mhd_gtls_set_adv_version (mhd_gtls_session_t session, |
2965 | enum MHD_GNUTLS_Protocol ver) | ||
2963 | { | 2966 | { |
2964 | set_adv_version (session, mhd_gtls_version_get_major (ver), | 2967 | set_adv_version (session, mhd_gtls_version_get_major (ver), |
2965 | mhd_gtls_version_get_minor (ver)); | 2968 | mhd_gtls_version_get_minor (ver)); |
@@ -2969,7 +2972,7 @@ enum MHD_GNUTLS_Protocol | |||
2969 | mhd_gtls_get_adv_version (mhd_gtls_session_t session) | 2972 | mhd_gtls_get_adv_version (mhd_gtls_session_t session) |
2970 | { | 2973 | { |
2971 | return mhd_gtls_version_get (_gnutls_get_adv_version_major (session), | 2974 | return mhd_gtls_version_get (_gnutls_get_adv_version_major (session), |
2972 | _gnutls_get_adv_version_minor (session)); | 2975 | _gnutls_get_adv_version_minor (session)); |
2973 | } | 2976 | } |
2974 | 2977 | ||
2975 | /** | 2978 | /** |
diff --git a/src/daemon/https/tls/gnutls_handshake.h b/src/daemon/https/tls/gnutls_handshake.h index f3128a95..7679653f 100644 --- a/src/daemon/https/tls/gnutls_handshake.h +++ b/src/daemon/https/tls/gnutls_handshake.h | |||
@@ -26,15 +26,16 @@ typedef enum Optional | |||
26 | { OPTIONAL_PACKET, MANDATORY_PACKET } Optional; | 26 | { OPTIONAL_PACKET, MANDATORY_PACKET } Optional; |
27 | 27 | ||
28 | int mhd_gtls_send_handshake (mhd_gtls_session_t session, void *i_data, | 28 | int mhd_gtls_send_handshake (mhd_gtls_session_t session, void *i_data, |
29 | uint32_t i_datasize, | 29 | uint32_t i_datasize, |
30 | gnutls_handshake_description_t type); | 30 | gnutls_handshake_description_t type); |
31 | int mhd_gtls_recv_hello_request (mhd_gtls_session_t session, void *data, | 31 | int mhd_gtls_recv_hello_request (mhd_gtls_session_t session, void *data, |
32 | uint32_t data_size); | 32 | uint32_t data_size); |
33 | int mhd_gtls_send_hello (mhd_gtls_session_t session, int again); | 33 | int mhd_gtls_send_hello (mhd_gtls_session_t session, int again); |
34 | int mhd_gtls_recv_hello (mhd_gtls_session_t session, opaque * data, int datalen); | 34 | int mhd_gtls_recv_hello (mhd_gtls_session_t session, opaque * data, |
35 | int datalen); | ||
35 | int mhd_gtls_recv_handshake (mhd_gtls_session_t session, uint8_t **, int *, | 36 | int mhd_gtls_recv_handshake (mhd_gtls_session_t session, uint8_t **, int *, |
36 | gnutls_handshake_description_t, | 37 | gnutls_handshake_description_t, |
37 | Optional optional); | 38 | Optional optional); |
38 | int mhd_gtls_generate_session_id (opaque * session_id, uint8_t * len); | 39 | int mhd_gtls_generate_session_id (opaque * session_id, uint8_t * len); |
39 | int mhd_gtls_handshake_common (mhd_gtls_session_t session); | 40 | int mhd_gtls_handshake_common (mhd_gtls_session_t session); |
40 | int mhd_gtls_handshake_server (mhd_gtls_session_t session); | 41 | int mhd_gtls_handshake_server (mhd_gtls_session_t session); |
@@ -42,15 +43,18 @@ void mhd_gtls_set_server_random (mhd_gtls_session_t session, uint8_t * rnd); | |||
42 | void mhd_gtls_set_client_random (mhd_gtls_session_t session, uint8_t * rnd); | 43 | void mhd_gtls_set_client_random (mhd_gtls_session_t session, uint8_t * rnd); |
43 | int mhd_gtls_tls_create_random (opaque * dst); | 44 | int mhd_gtls_tls_create_random (opaque * dst); |
44 | int mhd_gtls_remove_unwanted_ciphersuites (mhd_gtls_session_t session, | 45 | int mhd_gtls_remove_unwanted_ciphersuites (mhd_gtls_session_t session, |
45 | cipher_suite_st ** cipherSuites, | 46 | cipher_suite_st ** cipherSuites, |
46 | int numCipherSuites, | 47 | int numCipherSuites, |
47 | enum MHD_GNUTLS_PublicKeyAlgorithm); | 48 | enum |
49 | MHD_GNUTLS_PublicKeyAlgorithm); | ||
48 | int mhd_gtls_find_pk_algos_in_ciphersuites (opaque * data, int datalen); | 50 | int mhd_gtls_find_pk_algos_in_ciphersuites (opaque * data, int datalen); |
49 | int mhd_gtls_server_select_suite (mhd_gtls_session_t session, opaque * data, | 51 | int mhd_gtls_server_select_suite (mhd_gtls_session_t session, opaque * data, |
50 | int datalen); | 52 | int datalen); |
51 | 53 | ||
52 | int mhd_gtls_negotiate_version( mhd_gtls_session_t session, enum MHD_GNUTLS_Protocol adv_version); | 54 | int mhd_gtls_negotiate_version (mhd_gtls_session_t session, |
53 | int mhd_gtls_user_hello_func( mhd_gtls_session_t, enum MHD_GNUTLS_Protocol adv_version); | 55 | enum MHD_GNUTLS_Protocol adv_version); |
56 | int mhd_gtls_user_hello_func (mhd_gtls_session_t, | ||
57 | enum MHD_GNUTLS_Protocol adv_version); | ||
54 | 58 | ||
55 | #if MHD_DEBUG_TLS | 59 | #if MHD_DEBUG_TLS |
56 | int mhd_gtls_handshake_client (mhd_gtls_session_t session); | 60 | int mhd_gtls_handshake_client (mhd_gtls_session_t session); |
diff --git a/src/daemon/https/tls/gnutls_hash_int.c b/src/daemon/https/tls/gnutls_hash_int.c index c4d2b20d..da1880f2 100644 --- a/src/daemon/https/tls/gnutls_hash_int.c +++ b/src/daemon/https/tls/gnutls_hash_int.c | |||
@@ -145,7 +145,7 @@ mhd_gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest) | |||
145 | 145 | ||
146 | mac_hd_t | 146 | mac_hd_t |
147 | mhd_gtls_hmac_init (enum MHD_GNUTLS_HashAlgorithm algorithm, | 147 | mhd_gtls_hmac_init (enum MHD_GNUTLS_HashAlgorithm algorithm, |
148 | const void *key, int keylen) | 148 | const void *key, int keylen) |
149 | { | 149 | { |
150 | mac_hd_t ret; | 150 | mac_hd_t ret; |
151 | int result; | 151 | int result; |
@@ -204,7 +204,7 @@ get_padsize (enum MHD_GNUTLS_HashAlgorithm algorithm) | |||
204 | 204 | ||
205 | mac_hd_t | 205 | mac_hd_t |
206 | mhd_gnutls_mac_init_ssl3 (enum MHD_GNUTLS_HashAlgorithm algorithm, void *key, | 206 | mhd_gnutls_mac_init_ssl3 (enum MHD_GNUTLS_HashAlgorithm algorithm, void *key, |
207 | int keylen) | 207 | int keylen) |
208 | { | 208 | { |
209 | mac_hd_t ret; | 209 | mac_hd_t ret; |
210 | opaque ipad[48]; | 210 | opaque ipad[48]; |
@@ -259,7 +259,7 @@ mhd_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest) | |||
259 | 259 | ||
260 | mhd_gnutls_hash (td, opad, padsize); | 260 | mhd_gnutls_hash (td, opad, padsize); |
261 | block = mhd_gnutls_hash_get_algo_len (handle->algorithm); | 261 | block = mhd_gnutls_hash_get_algo_len (handle->algorithm); |
262 | mhd_gnutls_hash_deinit (handle, ret); /* get the previous hash */ | 262 | mhd_gnutls_hash_deinit (handle, ret); /* get the previous hash */ |
263 | mhd_gnutls_hash (td, ret, block); | 263 | mhd_gnutls_hash (td, ret, block); |
264 | 264 | ||
265 | mhd_gnutls_hash_deinit (td, digest); | 265 | mhd_gnutls_hash_deinit (td, digest); |
@@ -268,8 +268,8 @@ mhd_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest) | |||
268 | 268 | ||
269 | void | 269 | void |
270 | mhd_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle, | 270 | mhd_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle, |
271 | void *digest, opaque * key, | 271 | void *digest, opaque * key, |
272 | uint32_t key_size) | 272 | uint32_t key_size) |
273 | { | 273 | { |
274 | opaque ret[MAX_HASH_SIZE]; | 274 | opaque ret[MAX_HASH_SIZE]; |
275 | mac_hd_t td; | 275 | mac_hd_t td; |
@@ -300,7 +300,7 @@ mhd_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle, | |||
300 | if (key_size > 0) | 300 | if (key_size > 0) |
301 | mhd_gnutls_hash (handle, key, key_size); | 301 | mhd_gnutls_hash (handle, key, key_size); |
302 | mhd_gnutls_hash (handle, ipad, padsize); | 302 | mhd_gnutls_hash (handle, ipad, padsize); |
303 | mhd_gnutls_hash_deinit (handle, ret); /* get the previous hash */ | 303 | mhd_gnutls_hash_deinit (handle, ret); /* get the previous hash */ |
304 | 304 | ||
305 | mhd_gnutls_hash (td, ret, block); | 305 | mhd_gnutls_hash (td, ret, block); |
306 | 306 | ||
@@ -362,7 +362,8 @@ ssl3_md5 (int i, opaque * secret, int secret_len, | |||
362 | return ret; | 362 | return ret; |
363 | } | 363 | } |
364 | 364 | ||
365 | mhd_gnutls_hash (td, tmp, mhd_gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_SHA1)); | 365 | mhd_gnutls_hash (td, tmp, |
366 | mhd_gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_SHA1)); | ||
366 | 367 | ||
367 | mhd_gnutls_hash_deinit (td, digest); | 368 | mhd_gnutls_hash_deinit (td, digest); |
368 | return 0; | 369 | return 0; |
@@ -370,8 +371,8 @@ ssl3_md5 (int i, opaque * secret, int secret_len, | |||
370 | 371 | ||
371 | int | 372 | int |
372 | mhd_gnutls_ssl3_hash_md5 (void *first, int first_len, | 373 | mhd_gnutls_ssl3_hash_md5 (void *first, int first_len, |
373 | void *second, int second_len, int ret_len, | 374 | void *second, int second_len, int ret_len, |
374 | opaque * ret) | 375 | opaque * ret) |
375 | { | 376 | { |
376 | opaque digest[MAX_HASH_SIZE]; | 377 | opaque digest[MAX_HASH_SIZE]; |
377 | mac_hd_t td; | 378 | mac_hd_t td; |
@@ -403,8 +404,8 @@ mhd_gnutls_ssl3_hash_md5 (void *first, int first_len, | |||
403 | 404 | ||
404 | int | 405 | int |
405 | mhd_gnutls_ssl3_generate_random (void *secret, int secret_len, | 406 | mhd_gnutls_ssl3_generate_random (void *secret, int secret_len, |
406 | void *rnd, int rnd_len, | 407 | void *rnd, int rnd_len, |
407 | int ret_bytes, opaque * ret) | 408 | int ret_bytes, opaque * ret) |
408 | { | 409 | { |
409 | int i = 0, copy, output_bytes; | 410 | int i = 0, copy, output_bytes; |
410 | opaque digest[MAX_HASH_SIZE]; | 411 | opaque digest[MAX_HASH_SIZE]; |
diff --git a/src/daemon/https/tls/gnutls_hash_int.h b/src/daemon/https/tls/gnutls_hash_int.h index a85933d3..7cd33a03 100644 --- a/src/daemon/https/tls/gnutls_hash_int.h +++ b/src/daemon/https/tls/gnutls_hash_int.h | |||
@@ -43,28 +43,29 @@ typedef mac_hd_t GNUTLS_HASH_HANDLE; | |||
43 | #define GNUTLS_MAC_FAILED NULL | 43 | #define GNUTLS_MAC_FAILED NULL |
44 | 44 | ||
45 | mac_hd_t mhd_gtls_hmac_init (enum MHD_GNUTLS_HashAlgorithm algorithm, | 45 | mac_hd_t mhd_gtls_hmac_init (enum MHD_GNUTLS_HashAlgorithm algorithm, |
46 | const void *key, int keylen); | 46 | const void *key, int keylen); |
47 | 47 | ||
48 | void mhd_gnutls_hmac_deinit (mac_hd_t handle, void *digest); | 48 | void mhd_gnutls_hmac_deinit (mac_hd_t handle, void *digest); |
49 | 49 | ||
50 | mac_hd_t mhd_gnutls_mac_init_ssl3 (enum MHD_GNUTLS_HashAlgorithm algorithm, void *key, | 50 | mac_hd_t mhd_gnutls_mac_init_ssl3 (enum MHD_GNUTLS_HashAlgorithm algorithm, |
51 | int keylen); | 51 | void *key, int keylen); |
52 | void mhd_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest); | 52 | void mhd_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest); |
53 | 53 | ||
54 | GNUTLS_HASH_HANDLE mhd_gtls_hash_init (enum MHD_GNUTLS_HashAlgorithm algorithm); | 54 | GNUTLS_HASH_HANDLE mhd_gtls_hash_init (enum MHD_GNUTLS_HashAlgorithm |
55 | algorithm); | ||
55 | int mhd_gnutls_hash_get_algo_len (enum MHD_GNUTLS_HashAlgorithm algorithm); | 56 | int mhd_gnutls_hash_get_algo_len (enum MHD_GNUTLS_HashAlgorithm algorithm); |
56 | int mhd_gnutls_hash (GNUTLS_HASH_HANDLE handle, const void *text, | 57 | int mhd_gnutls_hash (GNUTLS_HASH_HANDLE handle, const void *text, |
57 | size_t textlen); | 58 | size_t textlen); |
58 | void mhd_gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest); | 59 | void mhd_gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest); |
59 | 60 | ||
60 | int mhd_gnutls_ssl3_generate_random (void *secret, int secret_len, | 61 | int mhd_gnutls_ssl3_generate_random (void *secret, int secret_len, |
61 | void *rnd, int random_len, int bytes, | 62 | void *rnd, int random_len, int bytes, |
62 | opaque * ret); | 63 | opaque * ret); |
63 | int mhd_gnutls_ssl3_hash_md5 (void *first, int first_len, void *second, | 64 | int mhd_gnutls_ssl3_hash_md5 (void *first, int first_len, void *second, |
64 | int second_len, int ret_len, opaque * ret); | 65 | int second_len, int ret_len, opaque * ret); |
65 | 66 | ||
66 | void mhd_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle, void *digest, | 67 | void mhd_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle, void *digest, |
67 | opaque * key, uint32_t key_size); | 68 | opaque * key, uint32_t key_size); |
68 | 69 | ||
69 | GNUTLS_HASH_HANDLE mhd_gnutls_hash_copy (GNUTLS_HASH_HANDLE handle); | 70 | GNUTLS_HASH_HANDLE mhd_gnutls_hash_copy (GNUTLS_HASH_HANDLE handle); |
70 | 71 | ||
diff --git a/src/daemon/https/tls/gnutls_int.h b/src/daemon/https/tls/gnutls_int.h index ba36f52e..e8f15924 100644 --- a/src/daemon/https/tls/gnutls_int.h +++ b/src/daemon/https/tls/gnutls_int.h | |||
@@ -55,7 +55,7 @@ | |||
55 | */ | 55 | */ |
56 | #define MAX_HASH_SIZE 64 | 56 | #define MAX_HASH_SIZE 64 |
57 | 57 | ||
58 | #define MAX_LOG_SIZE 1024 /* maximum size of log message */ | 58 | #define MAX_LOG_SIZE 1024 /* maximum size of log message */ |
59 | #define MAX_SRP_USERNAME 128 | 59 | #define MAX_SRP_USERNAME 128 |
60 | #define MAX_SERVER_NAME_SIZE 128 | 60 | #define MAX_SERVER_NAME_SIZE 128 |
61 | 61 | ||
@@ -107,25 +107,25 @@ | |||
107 | 107 | ||
108 | typedef unsigned char opaque; | 108 | typedef unsigned char opaque; |
109 | typedef struct | 109 | typedef struct |
110 | { | 110 | { |
111 | opaque pint[3]; | 111 | opaque pint[3]; |
112 | } uint24; | 112 | } uint24; |
113 | 113 | ||
114 | #include <gnutls_mpi.h> | 114 | #include <gnutls_mpi.h> |
115 | 115 | ||
116 | typedef enum change_cipher_spec_t | 116 | typedef enum change_cipher_spec_t |
117 | { | 117 | { |
118 | GNUTLS_TYPE_CHANGE_CIPHER_SPEC = 1 | 118 | GNUTLS_TYPE_CHANGE_CIPHER_SPEC = 1 |
119 | } change_cipher_spec_t; | 119 | } change_cipher_spec_t; |
120 | 120 | ||
121 | typedef enum handshake_state_t | 121 | typedef enum handshake_state_t |
122 | { | 122 | { |
123 | STATE0 = 0, STATE1, STATE2, | 123 | STATE0 = 0, STATE1, STATE2, |
124 | STATE3, STATE4, STATE5, | 124 | STATE3, STATE4, STATE5, |
125 | STATE6, STATE7, STATE8, STATE9, STATE20 = 20, STATE21, | 125 | STATE6, STATE7, STATE8, STATE9, STATE20 = 20, STATE21, |
126 | STATE30 = 30, STATE31, STATE50 = 50, STATE60 = 60, STATE61, STATE62, | 126 | STATE30 = 30, STATE31, STATE50 = 50, STATE60 = 60, STATE61, STATE62, |
127 | STATE70, STATE71 | 127 | STATE70, STATE71 |
128 | } handshake_state_t; | 128 | } handshake_state_t; |
129 | 129 | ||
130 | #include <gnutls_str.h> | 130 | #include <gnutls_str.h> |
131 | 131 | ||
@@ -143,88 +143,87 @@ typedef mhd_gtls_string mhd_gtls_buffer; | |||
143 | #define MAX_CIPHERSUITES 256 | 143 | #define MAX_CIPHERSUITES 256 |
144 | 144 | ||
145 | typedef enum extensions_t | 145 | typedef enum extensions_t |
146 | { GNUTLS_EXTENSION_SERVER_NAME = 0, | 146 | { GNUTLS_EXTENSION_SERVER_NAME = 0, |
147 | GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1, | 147 | GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1, |
148 | GNUTLS_EXTENSION_CERT_TYPE = 9, | 148 | GNUTLS_EXTENSION_CERT_TYPE = 9, |
149 | #ifdef ENABLE_OPRFI | 149 | #ifdef ENABLE_OPRFI |
150 | GNUTLS_EXTENSION_OPAQUE_PRF_INPUT = ENABLE_OPRFI, | 150 | GNUTLS_EXTENSION_OPAQUE_PRF_INPUT = ENABLE_OPRFI, |
151 | #endif | 151 | #endif |
152 | GNUTLS_EXTENSION_SRP = 12, | 152 | GNUTLS_EXTENSION_SRP = 12, |
153 | GNUTLS_EXTENSION_INNER_APPLICATION = 37703 | 153 | GNUTLS_EXTENSION_INNER_APPLICATION = 37703 |
154 | } extensions_t; | 154 | } extensions_t; |
155 | 155 | ||
156 | typedef enum | 156 | typedef enum |
157 | { CIPHER_STREAM, CIPHER_BLOCK} cipher_type_t; | 157 | { CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t; |
158 | 158 | ||
159 | typedef enum valid_session_t | 159 | typedef enum valid_session_t |
160 | { VALID_TRUE, VALID_FALSE} valid_session_t; | 160 | { VALID_TRUE, VALID_FALSE } valid_session_t; |
161 | typedef enum resumable_session_t | 161 | typedef enum resumable_session_t |
162 | { RESUME_TRUE, | 162 | { RESUME_TRUE, |
163 | RESUME_FALSE | 163 | RESUME_FALSE |
164 | } resumable_session_t; | 164 | } resumable_session_t; |
165 | 165 | ||
166 | /* Record Protocol */ | 166 | /* Record Protocol */ |
167 | typedef enum content_type_t | 167 | typedef enum content_type_t |
168 | { | 168 | { |
169 | GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT, | 169 | GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT, |
170 | GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA, | 170 | GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA, |
171 | GNUTLS_INNER_APPLICATION = 24 | 171 | GNUTLS_INNER_APPLICATION = 24 |
172 | } content_type_t; | 172 | } content_type_t; |
173 | 173 | ||
174 | #define GNUTLS_PK_ANY (enum MHD_GNUTLS_PublicKeyAlgorithm)-1 | 174 | #define GNUTLS_PK_ANY (enum MHD_GNUTLS_PublicKeyAlgorithm)-1 |
175 | #define GNUTLS_PK_NONE (enum MHD_GNUTLS_PublicKeyAlgorithm)-2 | 175 | #define GNUTLS_PK_NONE (enum MHD_GNUTLS_PublicKeyAlgorithm)-2 |
176 | 176 | ||
177 | /* STATE (stop) */ | 177 | /* STATE (stop) */ |
178 | 178 | ||
179 | typedef void (*LOG_FUNC)(int, | 179 | typedef void (*LOG_FUNC) (int, const char *); |
180 | const char *); | ||
181 | 180 | ||
182 | /* Store & Retrieve functions defines: */ | 181 | /* Store & Retrieve functions defines: */ |
183 | typedef struct mhd_gtls_auth_cred_st | 182 | typedef struct mhd_gtls_auth_cred_st |
184 | { | 183 | { |
185 | enum MHD_GNUTLS_CredentialsType algorithm; | 184 | enum MHD_GNUTLS_CredentialsType algorithm; |
186 | 185 | ||
187 | /* the type of credentials depends on algorithm | 186 | /* the type of credentials depends on algorithm |
188 | */ | 187 | */ |
189 | void *credentials; | 188 | void *credentials; |
190 | struct mhd_gtls_auth_cred_st *next; | 189 | struct mhd_gtls_auth_cred_st *next; |
191 | } auth_cred_st; | 190 | } auth_cred_st; |
192 | 191 | ||
193 | struct mhd_gtls_key | 192 | struct mhd_gtls_key |
194 | { | 193 | { |
195 | /* For DH KX */ | 194 | /* For DH KX */ |
196 | gnutls_datum_t key; | 195 | gnutls_datum_t key; |
197 | mpi_t KEY; | 196 | mpi_t KEY; |
198 | mpi_t client_Y; | 197 | mpi_t client_Y; |
199 | mpi_t client_g; | 198 | mpi_t client_g; |
200 | mpi_t client_p; | 199 | mpi_t client_p; |
201 | mpi_t dh_secret; | 200 | mpi_t dh_secret; |
202 | /* for SRP */ | 201 | /* for SRP */ |
203 | mpi_t A; | 202 | mpi_t A; |
204 | mpi_t B; | 203 | mpi_t B; |
205 | mpi_t u; | 204 | mpi_t u; |
206 | mpi_t b; | 205 | mpi_t b; |
207 | mpi_t a; | 206 | mpi_t a; |
208 | mpi_t x; | 207 | mpi_t x; |
209 | /* RSA: e, m | 208 | /* RSA: e, m |
210 | */ | 209 | */ |
211 | mpi_t rsa[2]; | 210 | mpi_t rsa[2]; |
212 | 211 | ||
213 | /* this is used to hold the peers authentication data | 212 | /* this is used to hold the peers authentication data |
214 | */ | 213 | */ |
215 | /* auth_info_t structures SHOULD NOT contain malloced | 214 | /* auth_info_t structures SHOULD NOT contain malloced |
216 | * elements. Check gnutls_session_pack.c, and gnutls_auth.c. | 215 | * elements. Check gnutls_session_pack.c, and gnutls_auth.c. |
217 | * Rememember that this should be calloced! | 216 | * Rememember that this should be calloced! |
218 | */ | 217 | */ |
219 | void *auth_info; | 218 | void *auth_info; |
220 | enum MHD_GNUTLS_CredentialsType auth_info_type; | 219 | enum MHD_GNUTLS_CredentialsType auth_info_type; |
221 | int auth_info_size; /* needed in order to store to db for restoring | 220 | int auth_info_size; /* needed in order to store to db for restoring |
222 | */ | 221 | */ |
223 | uint8_t crypt_algo; | 222 | uint8_t crypt_algo; |
224 | 223 | ||
225 | auth_cred_st *cred; /* used to specify keys/certificates etc */ | 224 | auth_cred_st *cred; /* used to specify keys/certificates etc */ |
226 | 225 | ||
227 | int certificate_requested; | 226 | int certificate_requested; |
228 | /* some ciphersuites use this | 227 | /* some ciphersuites use this |
229 | * to provide client authentication. | 228 | * to provide client authentication. |
230 | * 1 if client auth was requested | 229 | * 1 if client auth was requested |
@@ -233,8 +232,8 @@ struct mhd_gtls_key | |||
233 | * holds 1 if we should wait | 232 | * holds 1 if we should wait |
234 | * for a client certificate verify | 233 | * for a client certificate verify |
235 | */ | 234 | */ |
236 | }; | 235 | }; |
237 | typedef struct mhd_gtls_key * mhd_gtls_key_st; | 236 | typedef struct mhd_gtls_key *mhd_gtls_key_st; |
238 | 237 | ||
239 | /* STATE (cont) */ | 238 | /* STATE (cont) */ |
240 | #include <gnutls_hash_int.h> | 239 | #include <gnutls_hash_int.h> |
@@ -243,45 +242,45 @@ typedef struct mhd_gtls_key * mhd_gtls_key_st; | |||
243 | #include <gnutls_cert.h> | 242 | #include <gnutls_cert.h> |
244 | 243 | ||
245 | typedef struct | 244 | typedef struct |
246 | { | 245 | { |
247 | uint8_t suite[2]; | 246 | uint8_t suite[2]; |
248 | } cipher_suite_st; | 247 | } cipher_suite_st; |
249 | 248 | ||
250 | /* This structure holds parameters got from TLS extension | 249 | /* This structure holds parameters got from TLS extension |
251 | * mechanism. (some extensions may hold parameters in auth_info_t | 250 | * mechanism. (some extensions may hold parameters in auth_info_t |
252 | * structures also - see SRP). | 251 | * structures also - see SRP). |
253 | */ | 252 | */ |
254 | typedef struct | 253 | typedef struct |
255 | { | 254 | { |
256 | opaque name[MAX_SERVER_NAME_SIZE]; | 255 | opaque name[MAX_SERVER_NAME_SIZE]; |
257 | unsigned name_length; | 256 | unsigned name_length; |
258 | gnutls_server_name_type_t type; | 257 | gnutls_server_name_type_t type; |
259 | } server_name_st; | 258 | } server_name_st; |
260 | 259 | ||
261 | #define MAX_SERVER_NAME_EXTENSIONS 3 | 260 | #define MAX_SERVER_NAME_EXTENSIONS 3 |
262 | typedef struct | 261 | typedef struct |
263 | { | 262 | { |
264 | server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS]; | 263 | server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS]; |
265 | /* limit server_name extensions */ | 264 | /* limit server_name extensions */ |
266 | unsigned server_names_size; | 265 | unsigned server_names_size; |
267 | 266 | ||
268 | opaque srp_username[MAX_SRP_USERNAME + 1]; | 267 | opaque srp_username[MAX_SRP_USERNAME + 1]; |
269 | 268 | ||
270 | /* TLS/IA data. */ | 269 | /* TLS/IA data. */ |
271 | int gnutls_ia_enable, gnutls_ia_peer_enable; | 270 | int gnutls_ia_enable, gnutls_ia_peer_enable; |
272 | int gnutls_ia_allowskip, gnutls_ia_peer_allowskip; | 271 | int gnutls_ia_allowskip, gnutls_ia_peer_allowskip; |
273 | 272 | ||
274 | /* Used by extensions that enable supplemental data. */ | 273 | /* Used by extensions that enable supplemental data. */ |
275 | int do_recv_supplemental, do_send_supplemental; | 274 | int do_recv_supplemental, do_send_supplemental; |
276 | 275 | ||
277 | /* Opaque PRF input. */ | 276 | /* Opaque PRF input. */ |
278 | gnutls_oprfi_callback_func oprfi_cb; | 277 | gnutls_oprfi_callback_func oprfi_cb; |
279 | void *oprfi_userdata; | 278 | void *oprfi_userdata; |
280 | opaque *oprfi_client; | 279 | opaque *oprfi_client; |
281 | uint16_t oprfi_client_len; | 280 | uint16_t oprfi_client_len; |
282 | opaque *oprfi_server; | 281 | opaque *oprfi_server; |
283 | uint16_t oprfi_server_len; | 282 | uint16_t oprfi_server_len; |
284 | } mhd_gtls_ext_st; | 283 | } mhd_gtls_ext_st; |
285 | 284 | ||
286 | /* This flag indicates for an extension whether | 285 | /* This flag indicates for an extension whether |
287 | * it is useful to application level or TLS level only. | 286 | * it is useful to application level or TLS level only. |
@@ -289,11 +288,11 @@ typedef struct | |||
289 | * before the user_hello callback is called. | 288 | * before the user_hello callback is called. |
290 | */ | 289 | */ |
291 | typedef enum tls_ext_parse_type_t | 290 | typedef enum tls_ext_parse_type_t |
292 | { | 291 | { |
293 | EXTENSION_ANY, | 292 | EXTENSION_ANY, |
294 | EXTENSION_APPLICATION, | 293 | EXTENSION_APPLICATION, |
295 | EXTENSION_TLS | 294 | EXTENSION_TLS |
296 | } mhd_gtls_ext_parse_type_t; | 295 | } mhd_gtls_ext_parse_type_t; |
297 | 296 | ||
298 | /* auth_info_t structures now MAY contain malloced | 297 | /* auth_info_t structures now MAY contain malloced |
299 | * elements. | 298 | * elements. |
@@ -314,349 +313,349 @@ typedef enum tls_ext_parse_type_t | |||
314 | * the handshake is in progress is the cipher suite value. | 313 | * the handshake is in progress is the cipher suite value. |
315 | */ | 314 | */ |
316 | typedef struct | 315 | typedef struct |
317 | { | 316 | { |
318 | gnutls_connection_end_t entity; | 317 | gnutls_connection_end_t entity; |
319 | enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm; | 318 | enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm; |
320 | /* we've got separate write/read bulk/macs because | 319 | /* we've got separate write/read bulk/macs because |
321 | * there is a time in handshake where the peer has | 320 | * there is a time in handshake where the peer has |
322 | * null cipher and we don't | 321 | * null cipher and we don't |
323 | */ | 322 | */ |
324 | enum MHD_GNUTLS_CipherAlgorithm read_bulk_cipher_algorithm; | 323 | enum MHD_GNUTLS_CipherAlgorithm read_bulk_cipher_algorithm; |
325 | enum MHD_GNUTLS_HashAlgorithm read_mac_algorithm; | 324 | enum MHD_GNUTLS_HashAlgorithm read_mac_algorithm; |
326 | enum MHD_GNUTLS_CompressionMethod read_compression_algorithm; | 325 | enum MHD_GNUTLS_CompressionMethod read_compression_algorithm; |
327 | 326 | ||
328 | enum MHD_GNUTLS_CipherAlgorithm write_bulk_cipher_algorithm; | 327 | enum MHD_GNUTLS_CipherAlgorithm write_bulk_cipher_algorithm; |
329 | enum MHD_GNUTLS_HashAlgorithm write_mac_algorithm; | 328 | enum MHD_GNUTLS_HashAlgorithm write_mac_algorithm; |
330 | enum MHD_GNUTLS_CompressionMethod write_compression_algorithm; | 329 | enum MHD_GNUTLS_CompressionMethod write_compression_algorithm; |
331 | 330 | ||
332 | /* this is the ciphersuite we are going to use | 331 | /* this is the ciphersuite we are going to use |
333 | * moved here from internals in order to be restored | 332 | * moved here from internals in order to be restored |
334 | * on resume; | 333 | * on resume; |
335 | */ | 334 | */ |
336 | cipher_suite_st current_cipher_suite; | 335 | cipher_suite_st current_cipher_suite; |
337 | opaque master_secret[TLS_MASTER_SIZE]; | 336 | opaque master_secret[TLS_MASTER_SIZE]; |
338 | opaque client_random[TLS_RANDOM_SIZE]; | 337 | opaque client_random[TLS_RANDOM_SIZE]; |
339 | opaque server_random[TLS_RANDOM_SIZE]; | 338 | opaque server_random[TLS_RANDOM_SIZE]; |
340 | opaque session_id[TLS_MAX_SESSION_ID_SIZE]; | 339 | opaque session_id[TLS_MAX_SESSION_ID_SIZE]; |
341 | uint8_t session_id_size; | 340 | uint8_t session_id_size; |
342 | time_t timestamp; | 341 | time_t timestamp; |
343 | mhd_gtls_ext_st extensions; | 342 | mhd_gtls_ext_st extensions; |
344 | 343 | ||
345 | /* The send size is the one requested by the programmer. | 344 | /* The send size is the one requested by the programmer. |
346 | * The recv size is the one negotiated with the peer. | 345 | * The recv size is the one negotiated with the peer. |
347 | */ | 346 | */ |
348 | uint16_t max_record_send_size; | 347 | uint16_t max_record_send_size; |
349 | uint16_t max_record_recv_size; | 348 | uint16_t max_record_recv_size; |
350 | /* holds the negotiated certificate type */ | 349 | /* holds the negotiated certificate type */ |
351 | enum MHD_GNUTLS_CertificateType cert_type; | 350 | enum MHD_GNUTLS_CertificateType cert_type; |
352 | enum MHD_GNUTLS_Protocol version; /* moved here */ | 351 | enum MHD_GNUTLS_Protocol version; /* moved here */ |
353 | /* For TLS/IA. XXX: Move to IA credential? */ | 352 | /* For TLS/IA. XXX: Move to IA credential? */ |
354 | opaque inner_secret[TLS_MASTER_SIZE]; | 353 | opaque inner_secret[TLS_MASTER_SIZE]; |
355 | } mhd_gtls_security_param_st; | 354 | } mhd_gtls_security_param_st; |
356 | 355 | ||
357 | /* This structure holds the generated keys | 356 | /* This structure holds the generated keys |
358 | */ | 357 | */ |
359 | typedef struct | 358 | typedef struct |
360 | { | 359 | { |
361 | gnutls_datum_t server_write_mac_secret; | 360 | gnutls_datum_t server_write_mac_secret; |
362 | gnutls_datum_t client_write_mac_secret; | 361 | gnutls_datum_t client_write_mac_secret; |
363 | gnutls_datum_t server_write_IV; | 362 | gnutls_datum_t server_write_IV; |
364 | gnutls_datum_t client_write_IV; | 363 | gnutls_datum_t client_write_IV; |
365 | gnutls_datum_t server_write_key; | 364 | gnutls_datum_t server_write_key; |
366 | gnutls_datum_t client_write_key; | 365 | gnutls_datum_t client_write_key; |
367 | int generated_keys; /* zero if keys have not | 366 | int generated_keys; /* zero if keys have not |
368 | * been generated. Non zero | 367 | * been generated. Non zero |
369 | * otherwise. | 368 | * otherwise. |
370 | */ | 369 | */ |
371 | } mhd_gtls_cipher_specs_st; | 370 | } mhd_gtls_cipher_specs_st; |
372 | 371 | ||
373 | typedef struct | 372 | typedef struct |
374 | { | 373 | { |
375 | cipher_hd_t write_cipher_state; | 374 | cipher_hd_t write_cipher_state; |
376 | cipher_hd_t read_cipher_state; | 375 | cipher_hd_t read_cipher_state; |
377 | comp_hd_t read_compression_state; | 376 | comp_hd_t read_compression_state; |
378 | comp_hd_t write_compression_state; | 377 | comp_hd_t write_compression_state; |
379 | gnutls_datum_t read_mac_secret; | 378 | gnutls_datum_t read_mac_secret; |
380 | gnutls_datum_t write_mac_secret; | 379 | gnutls_datum_t write_mac_secret; |
381 | uint64 read_sequence_number; | 380 | uint64 read_sequence_number; |
382 | uint64 write_sequence_number; | 381 | uint64 write_sequence_number; |
383 | } mhd_gtls_conn_stat_st; | 382 | } mhd_gtls_conn_stat_st; |
384 | 383 | ||
385 | typedef struct | 384 | typedef struct |
386 | { | 385 | { |
387 | unsigned int priority[MAX_ALGOS]; | 386 | unsigned int priority[MAX_ALGOS]; |
388 | unsigned int num_algorithms; | 387 | unsigned int num_algorithms; |
389 | } mhd_gtls_priority_st; | 388 | } mhd_gtls_priority_st; |
390 | 389 | ||
391 | /* For the external api */ | 390 | /* For the external api */ |
392 | struct MHD_gtls_priority_st | 391 | struct MHD_gtls_priority_st |
393 | { | 392 | { |
394 | mhd_gtls_priority_st cipher; | 393 | mhd_gtls_priority_st cipher; |
395 | mhd_gtls_priority_st mac; | 394 | mhd_gtls_priority_st mac; |
396 | mhd_gtls_priority_st kx; | 395 | mhd_gtls_priority_st kx; |
397 | mhd_gtls_priority_st compression; | 396 | mhd_gtls_priority_st compression; |
398 | mhd_gtls_priority_st protocol; | 397 | mhd_gtls_priority_st protocol; |
399 | 398 | ||
400 | /* certificate type : x509, OpenPGP, etc. */ | 399 | /* certificate type : x509, OpenPGP, etc. */ |
401 | mhd_gtls_priority_st cert_type; | 400 | mhd_gtls_priority_st cert_type; |
402 | 401 | ||
403 | /* to disable record padding */ | 402 | /* to disable record padding */ |
404 | int no_padding; | 403 | int no_padding; |
405 | }; | 404 | }; |
406 | 405 | ||
407 | /* DH and RSA parameters types. | 406 | /* DH and RSA parameters types. |
408 | */ | 407 | */ |
409 | typedef struct MHD_gtls_dh_params_int | 408 | typedef struct MHD_gtls_dh_params_int |
410 | { | 409 | { |
411 | /* [0] is the prime, [1] is the generator. | 410 | /* [0] is the prime, [1] is the generator. |
412 | */ | 411 | */ |
413 | mpi_t params[2]; | 412 | mpi_t params[2]; |
414 | } mhd_gtls_dh_params_st; | 413 | } mhd_gtls_dh_params_st; |
415 | 414 | ||
416 | typedef struct | 415 | typedef struct |
417 | { | 416 | { |
418 | mhd_gtls_dh_params_t dh_params; | 417 | mhd_gtls_dh_params_t dh_params; |
419 | int free_dh_params; | 418 | int free_dh_params; |
420 | mhd_gtls_rsa_params_t rsa_params; | 419 | mhd_gtls_rsa_params_t rsa_params; |
421 | int free_rsa_params; | 420 | int free_rsa_params; |
422 | } mhd_gtls_internal_params_st; | 421 | } mhd_gtls_internal_params_st; |
423 | 422 | ||
424 | typedef struct | 423 | typedef struct |
425 | { | 424 | { |
426 | opaque header[HANDSHAKE_HEADER_SIZE]; | 425 | opaque header[HANDSHAKE_HEADER_SIZE]; |
427 | /* this holds the number of bytes in the handshake_header[] */ | 426 | /* this holds the number of bytes in the handshake_header[] */ |
428 | size_t header_size; | 427 | size_t header_size; |
429 | /* this holds the length of the handshake packet */ | 428 | /* this holds the length of the handshake packet */ |
430 | size_t packet_length; | 429 | size_t packet_length; |
431 | gnutls_handshake_description_t recv_type; | 430 | gnutls_handshake_description_t recv_type; |
432 | } mhd_gtls_handshake_header_buffer_st; | 431 | } mhd_gtls_handshake_header_buffer_st; |
433 | 432 | ||
434 | typedef struct | 433 | typedef struct |
435 | { | 434 | { |
436 | mhd_gtls_buffer application_data_buffer; /* holds data to be delivered to application layer */ | 435 | mhd_gtls_buffer application_data_buffer; /* holds data to be delivered to application layer */ |
437 | mhd_gtls_buffer handshake_hash_buffer; /* used to keep the last received handshake | 436 | mhd_gtls_buffer handshake_hash_buffer; /* used to keep the last received handshake |
438 | * message */ | 437 | * message */ |
439 | mac_hd_t handshake_mac_handle_sha; /* hash of the handshake messages */ | 438 | mac_hd_t handshake_mac_handle_sha; /* hash of the handshake messages */ |
440 | mac_hd_t handshake_mac_handle_md5; /* hash of the handshake messages */ | 439 | mac_hd_t handshake_mac_handle_md5; /* hash of the handshake messages */ |
441 | 440 | ||
442 | mhd_gtls_buffer handshake_data_buffer; /* this is a buffer that holds the current handshake message */ | 441 | mhd_gtls_buffer handshake_data_buffer; /* this is a buffer that holds the current handshake message */ |
443 | mhd_gtls_buffer ia_data_buffer; /* holds inner application data (TLS/IA) */ | 442 | mhd_gtls_buffer ia_data_buffer; /* holds inner application data (TLS/IA) */ |
444 | resumable_session_t resumable; /* TRUE or FALSE - if we can resume that session */ | 443 | resumable_session_t resumable; /* TRUE or FALSE - if we can resume that session */ |
445 | handshake_state_t handshake_state; /* holds | 444 | handshake_state_t handshake_state; /* holds |
446 | * a number which indicates where | 445 | * a number which indicates where |
447 | * the handshake procedure has been | 446 | * the handshake procedure has been |
448 | * interrupted. If it is 0 then | 447 | * interrupted. If it is 0 then |
449 | * no interruption has happened. | 448 | * no interruption has happened. |
450 | */ | 449 | */ |
451 | 450 | ||
452 | valid_session_t valid_connection; /* true or FALSE - if this session is valid */ | 451 | valid_session_t valid_connection; /* true or FALSE - if this session is valid */ |
453 | 452 | ||
454 | int may_not_read; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write | 453 | int may_not_read; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write |
455 | */ | 454 | */ |
456 | int may_not_write; | 455 | int may_not_write; |
457 | int read_eof; /* non-zero if we have received a closure alert. */ | 456 | int read_eof; /* non-zero if we have received a closure alert. */ |
458 | 457 | ||
459 | int last_alert; /* last alert received */ | 458 | int last_alert; /* last alert received */ |
460 | int last_alert_level; /* last alert level */ | 459 | int last_alert_level; /* last alert level */ |
461 | 460 | ||
462 | /* The last handshake messages sent or received. | 461 | /* The last handshake messages sent or received. |
463 | */ | 462 | */ |
464 | int last_handshake_in; | 463 | int last_handshake_in; |
465 | int last_handshake_out; | 464 | int last_handshake_out; |
466 | 465 | ||
467 | /* this is the compression method we are going to use */ | 466 | /* this is the compression method we are going to use */ |
468 | enum MHD_GNUTLS_CompressionMethod compression_method; | 467 | enum MHD_GNUTLS_CompressionMethod compression_method; |
469 | 468 | ||
470 | /* priorities */ | 469 | /* priorities */ |
471 | struct MHD_gtls_priority_st priorities; | 470 | struct MHD_gtls_priority_st priorities; |
472 | 471 | ||
473 | /* resumed session */ | 472 | /* resumed session */ |
474 | resumable_session_t resumed; /* RESUME_TRUE or FALSE - if we are resuming a session */ | 473 | resumable_session_t resumed; /* RESUME_TRUE or FALSE - if we are resuming a session */ |
475 | mhd_gtls_security_param_st resumed_security_parameters; | 474 | mhd_gtls_security_param_st resumed_security_parameters; |
476 | 475 | ||
477 | /* sockets internals */ | 476 | /* sockets internals */ |
478 | int lowat; | 477 | int lowat; |
479 | 478 | ||
480 | /* These buffers are used in the handshake | 479 | /* These buffers are used in the handshake |
481 | * protocol only. freed using _gnutls_handshake_io_buffer_clear(); | 480 | * protocol only. freed using _gnutls_handshake_io_buffer_clear(); |
482 | */ | 481 | */ |
483 | mhd_gtls_buffer handshake_send_buffer; | 482 | mhd_gtls_buffer handshake_send_buffer; |
484 | size_t handshake_send_buffer_prev_size; | 483 | size_t handshake_send_buffer_prev_size; |
485 | content_type_t handshake_send_buffer_type; | 484 | content_type_t handshake_send_buffer_type; |
486 | gnutls_handshake_description_t handshake_send_buffer_htype; | 485 | gnutls_handshake_description_t handshake_send_buffer_htype; |
487 | content_type_t handshake_recv_buffer_type; | 486 | content_type_t handshake_recv_buffer_type; |
488 | gnutls_handshake_description_t handshake_recv_buffer_htype; | 487 | gnutls_handshake_description_t handshake_recv_buffer_htype; |
489 | mhd_gtls_buffer handshake_recv_buffer; | 488 | mhd_gtls_buffer handshake_recv_buffer; |
490 | 489 | ||
491 | /* this buffer holds a record packet -mostly used for | 490 | /* this buffer holds a record packet -mostly used for |
492 | * non blocking IO. | 491 | * non blocking IO. |
493 | */ | 492 | */ |
494 | mhd_gtls_buffer record_recv_buffer; | 493 | mhd_gtls_buffer record_recv_buffer; |
495 | mhd_gtls_buffer record_send_buffer; /* holds cached data | 494 | mhd_gtls_buffer record_send_buffer; /* holds cached data |
496 | * for the gnutls_io_write_buffered() | 495 | * for the gnutls_io_write_buffered() |
497 | * function. | 496 | * function. |
498 | */ | 497 | */ |
499 | size_t record_send_buffer_prev_size; /* holds the | 498 | size_t record_send_buffer_prev_size; /* holds the |
500 | * data written in the previous runs. | 499 | * data written in the previous runs. |
501 | */ | 500 | */ |
502 | size_t record_send_buffer_user_size; /* holds the | 501 | size_t record_send_buffer_user_size; /* holds the |
503 | * size of the user specified data to | 502 | * size of the user specified data to |
504 | * send. | 503 | * send. |
505 | */ | 504 | */ |
506 | 505 | ||
507 | /* 0 if no peeked data was kept, 1 otherwise. | 506 | /* 0 if no peeked data was kept, 1 otherwise. |
508 | */ | 507 | */ |
509 | int have_peeked_data; | 508 | int have_peeked_data; |
510 | 509 | ||
511 | int expire_time; /* after expire_time seconds this session will expire */ | 510 | int expire_time; /* after expire_time seconds this session will expire */ |
512 | struct mhd_gtls_mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */ | 511 | struct mhd_gtls_mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */ |
513 | 512 | ||
514 | /* TODO rm */ | 513 | /* TODO rm */ |
515 | int v2_hello; /* 0 if the client hello is v3+. | 514 | int v2_hello; /* 0 if the client hello is v3+. |
516 | * non-zero if we got a v2 hello. | 515 | * non-zero if we got a v2 hello. |
517 | */ | 516 | */ |
518 | /* keeps the headers of the handshake packet | 517 | /* keeps the headers of the handshake packet |
519 | */ | 518 | */ |
520 | mhd_gtls_handshake_header_buffer_st handshake_header_buffer; | 519 | mhd_gtls_handshake_header_buffer_st handshake_header_buffer; |
521 | 520 | ||
522 | /* this is the highest version available | 521 | /* this is the highest version available |
523 | * to the peer. (advertized version). | 522 | * to the peer. (advertized version). |
524 | * This is obtained by the Handshake Client Hello | 523 | * This is obtained by the Handshake Client Hello |
525 | * message. (some implementations read the Record version) | 524 | * message. (some implementations read the Record version) |
526 | */ | 525 | */ |
527 | uint8_t adv_version_major; | 526 | uint8_t adv_version_major; |
528 | uint8_t adv_version_minor; | 527 | uint8_t adv_version_minor; |
529 | 528 | ||
530 | /* if this is non zero a certificate request message | 529 | /* if this is non zero a certificate request message |
531 | * will be sent to the client. - only if the ciphersuite | 530 | * will be sent to the client. - only if the ciphersuite |
532 | * supports it. | 531 | * supports it. |
533 | */ | 532 | */ |
534 | int send_cert_req; | 533 | int send_cert_req; |
535 | 534 | ||
536 | /* bits to use for DHE and DHA | 535 | /* bits to use for DHE and DHA |
537 | * use _gnutls_dh_get_prime_bits() and MHD_gnutls_dh_set_prime_bits() | 536 | * use _gnutls_dh_get_prime_bits() and MHD_gnutls_dh_set_prime_bits() |
538 | * to access it. | 537 | * to access it. |
539 | */ | 538 | */ |
540 | uint16_t dh_prime_bits; | 539 | uint16_t dh_prime_bits; |
541 | 540 | ||
542 | size_t max_handshake_data_buffer_size; | 541 | size_t max_handshake_data_buffer_size; |
543 | 542 | ||
544 | /* PUSH & PULL functions. | 543 | /* PUSH & PULL functions. |
545 | */ | 544 | */ |
546 | mhd_gtls_pull_func _gnutls_pull_func; | 545 | mhd_gtls_pull_func _gnutls_pull_func; |
547 | mhd_gtls_push_func _gnutls_push_func; | 546 | mhd_gtls_push_func _gnutls_push_func; |
548 | /* Holds the first argument of PUSH and PULL | 547 | /* Holds the first argument of PUSH and PULL |
549 | * functions; | 548 | * functions; |
550 | */ | 549 | */ |
551 | gnutls_transport_ptr_t transport_recv_ptr; | 550 | gnutls_transport_ptr_t transport_recv_ptr; |
552 | gnutls_transport_ptr_t transport_send_ptr; | 551 | gnutls_transport_ptr_t transport_send_ptr; |
553 | 552 | ||
554 | /* post client hello callback (server side only) | 553 | /* post client hello callback (server side only) |
555 | */ | 554 | */ |
556 | gnutls_handshake_post_client_hello_func user_hello_func; | 555 | gnutls_handshake_post_client_hello_func user_hello_func; |
557 | 556 | ||
558 | /* Holds the record size requested by the | 557 | /* Holds the record size requested by the |
559 | * user. | 558 | * user. |
560 | */ | 559 | */ |
561 | uint16_t proposed_record_size; | 560 | uint16_t proposed_record_size; |
562 | 561 | ||
563 | /* holds the selected certificate and key. | 562 | /* holds the selected certificate and key. |
564 | * use mhd_gtls_selected_certs_deinit() and mhd_gtls_selected_certs_set() | 563 | * use mhd_gtls_selected_certs_deinit() and mhd_gtls_selected_certs_set() |
565 | * to change them. | 564 | * to change them. |
566 | */ | 565 | */ |
567 | gnutls_cert *selected_cert_list; | 566 | gnutls_cert *selected_cert_list; |
568 | int selected_cert_list_length; | 567 | int selected_cert_list_length; |
569 | gnutls_privkey *selected_key; | 568 | gnutls_privkey *selected_key; |
570 | int selected_need_free; | 569 | int selected_need_free; |
571 | 570 | ||
572 | /* holds the extensions we sent to the peer | 571 | /* holds the extensions we sent to the peer |
573 | * (in case of a client) | 572 | * (in case of a client) |
574 | */ | 573 | */ |
575 | uint16_t extensions_sent[MAX_EXT_TYPES]; | 574 | uint16_t extensions_sent[MAX_EXT_TYPES]; |
576 | uint16_t extensions_sent_size; | 575 | uint16_t extensions_sent_size; |
577 | 576 | ||
578 | /* is 0 if we are to send the whole PGP key, or non zero | 577 | /* is 0 if we are to send the whole PGP key, or non zero |
579 | * if the fingerprint is to be sent. | 578 | * if the fingerprint is to be sent. |
580 | */ | 579 | */ |
581 | int pgp_fingerprint; | 580 | int pgp_fingerprint; |
582 | 581 | ||
583 | /* This holds the default version that our first | 582 | /* This holds the default version that our first |
584 | * record packet will have. */ | 583 | * record packet will have. */ |
585 | opaque default_record_version[2]; | 584 | opaque default_record_version[2]; |
586 | 585 | ||
587 | int cbc_protection_hack; | 586 | int cbc_protection_hack; |
588 | 587 | ||
589 | void *user_ptr; | 588 | void *user_ptr; |
590 | 589 | ||
591 | int enable_private; /* non zero to | 590 | int enable_private; /* non zero to |
592 | * enable cipher suites | 591 | * enable cipher suites |
593 | * which have 0xFF status. | 592 | * which have 0xFF status. |
594 | */ | 593 | */ |
595 | 594 | ||
596 | /* Holds 0 if the last called function was interrupted while | 595 | /* Holds 0 if the last called function was interrupted while |
597 | * receiving, and non zero otherwise. | 596 | * receiving, and non zero otherwise. |
598 | */ | 597 | */ |
599 | int direction; | 598 | int direction; |
600 | 599 | ||
601 | /* If non zero the server will not advertize the CA's he | 600 | /* If non zero the server will not advertize the CA's he |
602 | * trusts (do not send an RDN sequence). | 601 | * trusts (do not send an RDN sequence). |
603 | */ | 602 | */ |
604 | int ignore_rdn_sequence; | 603 | int ignore_rdn_sequence; |
605 | 604 | ||
606 | /* This is used to set an arbitary version in the RSA | 605 | /* This is used to set an arbitary version in the RSA |
607 | * PMS secret. Can be used by clients to test whether the | 606 | * PMS secret. Can be used by clients to test whether the |
608 | * server checks that version. (** only used in gnutls-cli-debug) | 607 | * server checks that version. (** only used in gnutls-cli-debug) |
609 | */ | 608 | */ |
610 | opaque rsa_pms_version[2]; | 609 | opaque rsa_pms_version[2]; |
611 | 610 | ||
612 | char *srp_username; | 611 | char *srp_username; |
613 | char *srp_password; | 612 | char *srp_password; |
614 | 613 | ||
615 | /* Here we cache the DH or RSA parameters got from the | 614 | /* Here we cache the DH or RSA parameters got from the |
616 | * credentials structure, or from a callback. That is to | 615 | * credentials structure, or from a callback. That is to |
617 | * minimize external calls. | 616 | * minimize external calls. |
618 | */ | 617 | */ |
619 | mhd_gtls_internal_params_st params; | 618 | mhd_gtls_internal_params_st params; |
620 | 619 | ||
621 | /* This buffer is used by the record recv functions, | 620 | /* This buffer is used by the record recv functions, |
622 | * as a temporary store buffer. | 621 | * as a temporary store buffer. |
623 | */ | 622 | */ |
624 | gnutls_datum_t recv_buffer; | 623 | gnutls_datum_t recv_buffer; |
625 | 624 | ||
626 | /* To avoid using global variables, and especially on Windows where | 625 | /* To avoid using global variables, and especially on Windows where |
627 | * the application may use a different errno variable than GnuTLS, | 626 | * the application may use a different errno variable than GnuTLS, |
628 | * it is possible to use MHD_gnutls_transport_set_errno to set a | 627 | * it is possible to use MHD_gnutls_transport_set_errno to set a |
629 | * session-specific errno variable in the user-replaceable push/pull | 628 | * session-specific errno variable in the user-replaceable push/pull |
630 | * functions. This value is used by the send/recv functions. (The | 629 | * functions. This value is used by the send/recv functions. (The |
631 | * strange name of this variable is because 'errno' is typically | 630 | * strange name of this variable is because 'errno' is typically |
632 | * #define'd.) | 631 | * #define'd.) |
633 | */ | 632 | */ |
634 | int errnum; | 633 | int errnum; |
635 | 634 | ||
636 | /* Function used to perform public-key signing operation during | 635 | /* Function used to perform public-key signing operation during |
637 | handshake. Used by gnutls_sig.c:_gnutls_tls_sign(), see also | 636 | handshake. Used by gnutls_sig.c:_gnutls_tls_sign(), see also |
638 | MHD_gtls_sign_callback_set(). */ | 637 | MHD_gtls_sign_callback_set(). */ |
639 | gnutls_sign_func sign_func; | 638 | gnutls_sign_func sign_func; |
640 | void *sign_func_userdata; | 639 | void *sign_func_userdata; |
641 | 640 | ||
642 | /* If you add anything here, check mhd_gtls_handshake_internal_state_clear(). | 641 | /* If you add anything here, check mhd_gtls_handshake_internal_state_clear(). |
643 | */ | 642 | */ |
644 | } mhd_gtls_internals_st; | 643 | } mhd_gtls_internals_st; |
645 | 644 | ||
646 | struct MHD_gtls_session_int | 645 | struct MHD_gtls_session_int |
647 | { | 646 | { |
648 | mhd_gtls_security_param_st security_parameters; | 647 | mhd_gtls_security_param_st security_parameters; |
649 | mhd_gtls_cipher_specs_st cipher_specs; | 648 | mhd_gtls_cipher_specs_st cipher_specs; |
650 | mhd_gtls_conn_stat_st connection_state; | 649 | mhd_gtls_conn_stat_st connection_state; |
651 | mhd_gtls_internals_st internals; | 650 | mhd_gtls_internals_st internals; |
652 | mhd_gtls_key_st key; | 651 | mhd_gtls_key_st key; |
653 | }; | 652 | }; |
654 | 653 | ||
655 | /* functions */ | 654 | /* functions */ |
656 | void mhd_gtls_set_current_version(mhd_gtls_session_t session, | 655 | void mhd_gtls_set_current_version (mhd_gtls_session_t session, |
657 | enum MHD_GNUTLS_Protocol version); | 656 | enum MHD_GNUTLS_Protocol version); |
658 | 657 | ||
659 | void mhd_gtls_free_auth_info(mhd_gtls_session_t session); | 658 | void mhd_gtls_free_auth_info (mhd_gtls_session_t session); |
660 | 659 | ||
661 | /* These two macros return the advertized TLS version of | 660 | /* These two macros return the advertized TLS version of |
662 | * the peer. | 661 | * the peer. |
@@ -671,8 +670,7 @@ void mhd_gtls_free_auth_info(mhd_gtls_session_t session); | |||
671 | session->internals.adv_version_major = major; \ | 670 | session->internals.adv_version_major = major; \ |
672 | session->internals.adv_version_minor = minor | 671 | session->internals.adv_version_minor = minor |
673 | 672 | ||
674 | void mhd_gtls_set_adv_version(mhd_gtls_session_t, | 673 | void mhd_gtls_set_adv_version (mhd_gtls_session_t, enum MHD_GNUTLS_Protocol); |
675 | enum MHD_GNUTLS_Protocol); | 674 | enum MHD_GNUTLS_Protocol mhd_gtls_get_adv_version (mhd_gtls_session_t); |
676 | enum MHD_GNUTLS_Protocol mhd_gtls_get_adv_version(mhd_gtls_session_t); | ||
677 | 675 | ||
678 | #endif /* GNUTLS_INT_H */ | 676 | #endif /* GNUTLS_INT_H */ |
diff --git a/src/daemon/https/tls/gnutls_kx.c b/src/daemon/https/tls/gnutls_kx.c index ad42e5a1..024af674 100644 --- a/src/daemon/https/tls/gnutls_kx.c +++ b/src/daemon/https/tls/gnutls_kx.c | |||
@@ -63,13 +63,13 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster) | |||
63 | 63 | ||
64 | _gnutls_hard_log ("INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size, | 64 | _gnutls_hard_log ("INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size, |
65 | mhd_gtls_bin2hex (PREMASTER.data, PREMASTER.size, buf, | 65 | mhd_gtls_bin2hex (PREMASTER.data, PREMASTER.size, buf, |
66 | sizeof (buf))); | 66 | sizeof (buf))); |
67 | _gnutls_hard_log ("INT: CLIENT RANDOM[%d]: %s\n", 32, | 67 | _gnutls_hard_log ("INT: CLIENT RANDOM[%d]: %s\n", 32, |
68 | mhd_gtls_bin2hex (session->security_parameters. | 68 | mhd_gtls_bin2hex (session->security_parameters. |
69 | client_random, 32, buf, sizeof (buf))); | 69 | client_random, 32, buf, sizeof (buf))); |
70 | _gnutls_hard_log ("INT: SERVER RANDOM[%d]: %s\n", 32, | 70 | _gnutls_hard_log ("INT: SERVER RANDOM[%d]: %s\n", 32, |
71 | mhd_gtls_bin2hex (session->security_parameters. | 71 | mhd_gtls_bin2hex (session->security_parameters. |
72 | server_random, 32, buf, sizeof (buf))); | 72 | server_random, 32, buf, sizeof (buf))); |
73 | 73 | ||
74 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) | 74 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) |
75 | { | 75 | { |
@@ -82,10 +82,10 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster) | |||
82 | 82 | ||
83 | ret = | 83 | ret = |
84 | mhd_gnutls_ssl3_generate_random (PREMASTER.data, PREMASTER.size, | 84 | mhd_gnutls_ssl3_generate_random (PREMASTER.data, PREMASTER.size, |
85 | rnd, 2 * TLS_RANDOM_SIZE, | 85 | rnd, 2 * TLS_RANDOM_SIZE, |
86 | TLS_MASTER_SIZE, | 86 | TLS_MASTER_SIZE, |
87 | session->security_parameters. | 87 | session->security_parameters. |
88 | master_secret); | 88 | master_secret); |
89 | 89 | ||
90 | } | 90 | } |
91 | else if (session->security_parameters.extensions.oprfi_client_len > 0 && | 91 | else if (session->security_parameters.extensions.oprfi_client_len > 0 && |
@@ -108,18 +108,18 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster) | |||
108 | session->security_parameters. | 108 | session->security_parameters. |
109 | extensions.oprfi_server_len, | 109 | extensions.oprfi_server_len, |
110 | mhd_gtls_bin2hex (session->security_parameters. | 110 | mhd_gtls_bin2hex (session->security_parameters. |
111 | extensions.oprfi_client, | 111 | extensions.oprfi_client, |
112 | session->security_parameters. | 112 | session->security_parameters. |
113 | extensions.oprfi_client_len, | 113 | extensions.oprfi_client_len, buf, |
114 | buf, sizeof (buf))); | 114 | sizeof (buf))); |
115 | _gnutls_hard_log ("INT: SERVER OPRFI[%d]: %s\n", | 115 | _gnutls_hard_log ("INT: SERVER OPRFI[%d]: %s\n", |
116 | session->security_parameters. | 116 | session->security_parameters. |
117 | extensions.oprfi_server_len, | 117 | extensions.oprfi_server_len, |
118 | mhd_gtls_bin2hex (session->security_parameters. | 118 | mhd_gtls_bin2hex (session->security_parameters. |
119 | extensions.oprfi_server, | 119 | extensions.oprfi_server, |
120 | session->security_parameters. | 120 | session->security_parameters. |
121 | extensions.oprfi_server_len, | 121 | extensions.oprfi_server_len, buf, |
122 | buf, sizeof (buf))); | 122 | sizeof (buf))); |
123 | 123 | ||
124 | memcpy (rnd, session->security_parameters.client_random, | 124 | memcpy (rnd, session->security_parameters.client_random, |
125 | TLS_RANDOM_SIZE); | 125 | TLS_RANDOM_SIZE); |
@@ -136,9 +136,9 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster) | |||
136 | session->security_parameters.extensions.oprfi_server_len); | 136 | session->security_parameters.extensions.oprfi_server_len); |
137 | 137 | ||
138 | ret = mhd_gtls_PRF (session, PREMASTER.data, PREMASTER.size, | 138 | ret = mhd_gtls_PRF (session, PREMASTER.data, PREMASTER.size, |
139 | MASTER_SECRET, strlen (MASTER_SECRET), | 139 | MASTER_SECRET, strlen (MASTER_SECRET), |
140 | rnd, rndlen, TLS_MASTER_SIZE, | 140 | rnd, rndlen, TLS_MASTER_SIZE, |
141 | session->security_parameters.master_secret); | 141 | session->security_parameters.master_secret); |
142 | 142 | ||
143 | gnutls_free (rnd); | 143 | gnutls_free (rnd); |
144 | } | 144 | } |
@@ -153,9 +153,9 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster) | |||
153 | 153 | ||
154 | ret = | 154 | ret = |
155 | mhd_gtls_PRF (session, PREMASTER.data, PREMASTER.size, | 155 | mhd_gtls_PRF (session, PREMASTER.data, PREMASTER.size, |
156 | MASTER_SECRET, strlen (MASTER_SECRET), | 156 | MASTER_SECRET, strlen (MASTER_SECRET), |
157 | rnd, 2 * TLS_RANDOM_SIZE, TLS_MASTER_SIZE, | 157 | rnd, 2 * TLS_RANDOM_SIZE, TLS_MASTER_SIZE, |
158 | session->security_parameters.master_secret); | 158 | session->security_parameters.master_secret); |
159 | } | 159 | } |
160 | 160 | ||
161 | /* TLS/IA inner secret is derived from the master secret. */ | 161 | /* TLS/IA inner secret is derived from the master secret. */ |
@@ -170,8 +170,8 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster) | |||
170 | 170 | ||
171 | _gnutls_hard_log ("INT: MASTER SECRET: %s\n", | 171 | _gnutls_hard_log ("INT: MASTER SECRET: %s\n", |
172 | mhd_gtls_bin2hex (session->security_parameters. | 172 | mhd_gtls_bin2hex (session->security_parameters. |
173 | master_secret, TLS_MASTER_SIZE, buf, | 173 | master_secret, TLS_MASTER_SIZE, buf, |
174 | sizeof (buf))); | 174 | sizeof (buf))); |
175 | 175 | ||
176 | return ret; | 176 | return ret; |
177 | } | 177 | } |
@@ -179,7 +179,7 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster) | |||
179 | 179 | ||
180 | /* This is called when we want to receive the key exchange message of the | 180 | /* This is called when we want to receive the key exchange message of the |
181 | * server. It does nothing if this type of message is not required | 181 | * server. It does nothing if this type of message is not required |
182 | * by the selected ciphersuite. | 182 | * by the selected ciphersuite. |
183 | */ | 183 | */ |
184 | int | 184 | int |
185 | mhd_gtls_send_server_kx_message (mhd_gtls_session_t session, int again) | 185 | mhd_gtls_send_server_kx_message (mhd_gtls_session_t session, int again) |
@@ -197,8 +197,8 @@ mhd_gtls_send_server_kx_message (mhd_gtls_session_t session, int again) | |||
197 | if (again == 0) | 197 | if (again == 0) |
198 | { | 198 | { |
199 | data_size = | 199 | data_size = |
200 | session->internals.auth_struct-> | 200 | session->internals.auth_struct->mhd_gtls_gen_server_kx (session, |
201 | mhd_gtls_gen_server_kx (session, &data); | 201 | &data); |
202 | 202 | ||
203 | if (data_size == GNUTLS_E_INT_RET_0) | 203 | if (data_size == GNUTLS_E_INT_RET_0) |
204 | { | 204 | { |
@@ -215,7 +215,7 @@ mhd_gtls_send_server_kx_message (mhd_gtls_session_t session, int again) | |||
215 | 215 | ||
216 | ret = | 216 | ret = |
217 | mhd_gtls_send_handshake (session, data, data_size, | 217 | mhd_gtls_send_handshake (session, data, data_size, |
218 | GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE); | 218 | GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE); |
219 | gnutls_free (data); | 219 | gnutls_free (data); |
220 | 220 | ||
221 | if (ret < 0) | 221 | if (ret < 0) |
@@ -230,7 +230,8 @@ mhd_gtls_send_server_kx_message (mhd_gtls_session_t session, int again) | |||
230 | * client. | 230 | * client. |
231 | */ | 231 | */ |
232 | int | 232 | int |
233 | mhd_gtls_send_server_certificate_request (mhd_gtls_session_t session, int again) | 233 | mhd_gtls_send_server_certificate_request (mhd_gtls_session_t session, |
234 | int again) | ||
234 | { | 235 | { |
235 | uint8_t *data = NULL; | 236 | uint8_t *data = NULL; |
236 | int data_size = 0; | 237 | int data_size = 0; |
@@ -260,7 +261,7 @@ mhd_gtls_send_server_certificate_request (mhd_gtls_session_t session, int again) | |||
260 | } | 261 | } |
261 | ret = | 262 | ret = |
262 | mhd_gtls_send_handshake (session, data, data_size, | 263 | mhd_gtls_send_handshake (session, data, data_size, |
263 | GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST); | 264 | GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST); |
264 | gnutls_free (data); | 265 | gnutls_free (data); |
265 | 266 | ||
266 | if (ret < 0) | 267 | if (ret < 0) |
@@ -273,7 +274,7 @@ mhd_gtls_send_server_certificate_request (mhd_gtls_session_t session, int again) | |||
273 | 274 | ||
274 | 275 | ||
275 | /* This is the function for the client to send the key | 276 | /* This is the function for the client to send the key |
276 | * exchange message | 277 | * exchange message |
277 | */ | 278 | */ |
278 | int | 279 | int |
279 | mhd_gtls_send_client_kx_message (mhd_gtls_session_t session, int again) | 280 | mhd_gtls_send_client_kx_message (mhd_gtls_session_t session, int again) |
@@ -292,8 +293,8 @@ mhd_gtls_send_client_kx_message (mhd_gtls_session_t session, int again) | |||
292 | if (again == 0) | 293 | if (again == 0) |
293 | { | 294 | { |
294 | data_size = | 295 | data_size = |
295 | session->internals.auth_struct-> | 296 | session->internals.auth_struct->mhd_gtls_gen_client_kx (session, |
296 | mhd_gtls_gen_client_kx (session, &data); | 297 | &data); |
297 | if (data_size < 0) | 298 | if (data_size < 0) |
298 | { | 299 | { |
299 | gnutls_assert (); | 300 | gnutls_assert (); |
@@ -302,7 +303,7 @@ mhd_gtls_send_client_kx_message (mhd_gtls_session_t session, int again) | |||
302 | } | 303 | } |
303 | ret = | 304 | ret = |
304 | mhd_gtls_send_handshake (session, data, data_size, | 305 | mhd_gtls_send_handshake (session, data, data_size, |
305 | GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE); | 306 | GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE); |
306 | gnutls_free (data); | 307 | gnutls_free (data); |
307 | 308 | ||
308 | if (ret < 0) | 309 | if (ret < 0) |
@@ -319,7 +320,8 @@ mhd_gtls_send_client_kx_message (mhd_gtls_session_t session, int again) | |||
319 | * verify message | 320 | * verify message |
320 | */ | 321 | */ |
321 | int | 322 | int |
322 | mhd_gtls_send_client_certificate_verify (mhd_gtls_session_t session, int again) | 323 | mhd_gtls_send_client_certificate_verify (mhd_gtls_session_t session, |
324 | int again) | ||
323 | { | 325 | { |
324 | uint8_t *data; | 326 | uint8_t *data; |
325 | int ret = 0; | 327 | int ret = 0; |
@@ -330,16 +332,15 @@ mhd_gtls_send_client_certificate_verify (mhd_gtls_session_t session, int again) | |||
330 | if (session->security_parameters.entity == GNUTLS_SERVER) | 332 | if (session->security_parameters.entity == GNUTLS_SERVER) |
331 | return 0; | 333 | return 0; |
332 | 334 | ||
333 | /* if certificate verify is not needed just exit | 335 | /* if certificate verify is not needed just exit |
334 | */ | 336 | */ |
335 | if (session->key->certificate_requested == 0) | 337 | if (session->key->certificate_requested == 0) |
336 | return 0; | 338 | return 0; |
337 | 339 | ||
338 | if (session->internals.auth_struct->mhd_gtls_gen_client_cert_vrfy == | 340 | if (session->internals.auth_struct->mhd_gtls_gen_client_cert_vrfy == NULL) |
339 | NULL) | ||
340 | { | 341 | { |
341 | gnutls_assert (); | 342 | gnutls_assert (); |
342 | return 0; /* this algorithm does not support cli_cert_vrfy | 343 | return 0; /* this algorithm does not support cli_cert_vrfy |
343 | */ | 344 | */ |
344 | } | 345 | } |
345 | 346 | ||
@@ -362,7 +363,7 @@ mhd_gtls_send_client_certificate_verify (mhd_gtls_session_t session, int again) | |||
362 | } | 363 | } |
363 | ret = | 364 | ret = |
364 | mhd_gtls_send_handshake (session, data, | 365 | mhd_gtls_send_handshake (session, data, |
365 | data_size, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY); | 366 | data_size, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY); |
366 | gnutls_free (data); | 367 | gnutls_free (data); |
367 | 368 | ||
368 | return ret; | 369 | return ret; |
@@ -379,7 +380,7 @@ mhd_gtls_recv_server_kx_message (mhd_gtls_session_t session) | |||
379 | if (session->internals.auth_struct->mhd_gtls_process_server_kx != NULL) | 380 | if (session->internals.auth_struct->mhd_gtls_process_server_kx != NULL) |
380 | { | 381 | { |
381 | 382 | ||
382 | /* EXCEPTION FOR RSA_EXPORT cipher suite | 383 | /* EXCEPTION FOR RSA_EXPORT cipher suite |
383 | */ | 384 | */ |
384 | if (mhd_gtls_session_is_export (session) != 0 && | 385 | if (mhd_gtls_session_is_export (session) != 0 && |
385 | _gnutls_peers_cert_less_512 (session) != 0) | 386 | _gnutls_peers_cert_less_512 (session) != 0) |
@@ -390,9 +391,9 @@ mhd_gtls_recv_server_kx_message (mhd_gtls_session_t session) | |||
390 | 391 | ||
391 | ret = | 392 | ret = |
392 | mhd_gtls_recv_handshake (session, &data, | 393 | mhd_gtls_recv_handshake (session, &data, |
393 | &datasize, | 394 | &datasize, |
394 | GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE, | 395 | GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE, |
395 | MANDATORY_PACKET); | 396 | MANDATORY_PACKET); |
396 | if (ret < 0) | 397 | if (ret < 0) |
397 | { | 398 | { |
398 | gnutls_assert (); | 399 | gnutls_assert (); |
@@ -400,8 +401,9 @@ mhd_gtls_recv_server_kx_message (mhd_gtls_session_t session) | |||
400 | } | 401 | } |
401 | 402 | ||
402 | ret = | 403 | ret = |
403 | session->internals.auth_struct-> | 404 | session->internals.auth_struct->mhd_gtls_process_server_kx (session, |
404 | mhd_gtls_process_server_kx (session, data, datasize); | 405 | data, |
406 | datasize); | ||
405 | gnutls_free (data); | 407 | gnutls_free (data); |
406 | 408 | ||
407 | if (ret < 0) | 409 | if (ret < 0) |
@@ -427,9 +429,9 @@ mhd_gtls_recv_server_certificate_request (mhd_gtls_session_t session) | |||
427 | 429 | ||
428 | ret = | 430 | ret = |
429 | mhd_gtls_recv_handshake (session, &data, | 431 | mhd_gtls_recv_handshake (session, &data, |
430 | &datasize, | 432 | &datasize, |
431 | GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, | 433 | GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, |
432 | OPTIONAL_PACKET); | 434 | OPTIONAL_PACKET); |
433 | if (ret < 0) | 435 | if (ret < 0) |
434 | return ret; | 436 | return ret; |
435 | 437 | ||
@@ -461,15 +463,16 @@ mhd_gtls_recv_client_kx_message (mhd_gtls_session_t session) | |||
461 | 463 | ||
462 | ret = | 464 | ret = |
463 | mhd_gtls_recv_handshake (session, &data, | 465 | mhd_gtls_recv_handshake (session, &data, |
464 | &datasize, | 466 | &datasize, |
465 | GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE, | 467 | GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE, |
466 | MANDATORY_PACKET); | 468 | MANDATORY_PACKET); |
467 | if (ret < 0) | 469 | if (ret < 0) |
468 | return ret; | 470 | return ret; |
469 | 471 | ||
470 | ret = | 472 | ret = |
471 | session->internals.auth_struct-> | 473 | session->internals.auth_struct->mhd_gtls_process_client_kx (session, |
472 | mhd_gtls_process_client_kx (session, data, datasize); | 474 | data, |
475 | datasize); | ||
473 | gnutls_free (data); | 476 | gnutls_free (data); |
474 | if (ret < 0) | 477 | if (ret < 0) |
475 | return ret; | 478 | return ret; |
@@ -493,8 +496,7 @@ mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again) | |||
493 | if (session->key->certificate_requested == 0) | 496 | if (session->key->certificate_requested == 0) |
494 | return 0; | 497 | return 0; |
495 | 498 | ||
496 | if (session->internals.auth_struct-> | 499 | if (session->internals.auth_struct->mhd_gtls_gen_client_certificate == NULL) |
497 | mhd_gtls_gen_client_certificate == NULL) | ||
498 | return 0; | 500 | return 0; |
499 | 501 | ||
500 | data = NULL; | 502 | data = NULL; |
@@ -505,7 +507,7 @@ mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again) | |||
505 | if (MHD_gnutls_protocol_get_version (session) != MHD_GNUTLS_SSL3 || | 507 | if (MHD_gnutls_protocol_get_version (session) != MHD_GNUTLS_SSL3 || |
506 | session->internals.selected_cert_list_length > 0) | 508 | session->internals.selected_cert_list_length > 0) |
507 | { | 509 | { |
508 | /* TLS 1.0 or SSL 3.0 with a valid certificate | 510 | /* TLS 1.0 or SSL 3.0 with a valid certificate |
509 | */ | 511 | */ |
510 | data_size = | 512 | data_size = |
511 | session->internals.auth_struct-> | 513 | session->internals.auth_struct-> |
@@ -528,15 +530,15 @@ mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again) | |||
528 | { | 530 | { |
529 | ret = | 531 | ret = |
530 | MHD_gnutls_alert_send (session, GNUTLS_AL_WARNING, | 532 | MHD_gnutls_alert_send (session, GNUTLS_AL_WARNING, |
531 | GNUTLS_A_SSL3_NO_CERTIFICATE); | 533 | GNUTLS_A_SSL3_NO_CERTIFICATE); |
532 | 534 | ||
533 | } | 535 | } |
534 | else | 536 | else |
535 | { /* TLS 1.0 or SSL 3.0 with a valid certificate | 537 | { /* TLS 1.0 or SSL 3.0 with a valid certificate |
536 | */ | 538 | */ |
537 | ret = | 539 | ret = |
538 | mhd_gtls_send_handshake (session, data, data_size, | 540 | mhd_gtls_send_handshake (session, data, data_size, |
539 | GNUTLS_HANDSHAKE_CERTIFICATE_PKT); | 541 | GNUTLS_HANDSHAKE_CERTIFICATE_PKT); |
540 | gnutls_free (data); | 542 | gnutls_free (data); |
541 | } | 543 | } |
542 | 544 | ||
@@ -560,8 +562,7 @@ mhd_gtls_send_server_certificate (mhd_gtls_session_t session, int again) | |||
560 | int ret = 0; | 562 | int ret = 0; |
561 | 563 | ||
562 | 564 | ||
563 | if (session->internals.auth_struct-> | 565 | if (session->internals.auth_struct->mhd_gtls_gen_server_certificate == NULL) |
564 | mhd_gtls_gen_server_certificate == NULL) | ||
565 | return 0; | 566 | return 0; |
566 | 567 | ||
567 | data = NULL; | 568 | data = NULL; |
@@ -581,7 +582,7 @@ mhd_gtls_send_server_certificate (mhd_gtls_session_t session, int again) | |||
581 | } | 582 | } |
582 | ret = | 583 | ret = |
583 | mhd_gtls_send_handshake (session, data, data_size, | 584 | mhd_gtls_send_handshake (session, data, data_size, |
584 | GNUTLS_HANDSHAKE_CERTIFICATE_PKT); | 585 | GNUTLS_HANDSHAKE_CERTIFICATE_PKT); |
585 | gnutls_free (data); | 586 | gnutls_free (data); |
586 | 587 | ||
587 | if (ret < 0) | 588 | if (ret < 0) |
@@ -602,8 +603,8 @@ mhd_gtls_recv_client_certificate (mhd_gtls_session_t session) | |||
602 | int ret = 0; | 603 | int ret = 0; |
603 | int optional; | 604 | int optional; |
604 | 605 | ||
605 | if (session->internals.auth_struct-> | 606 | if (session->internals.auth_struct->mhd_gtls_process_client_certificate != |
606 | mhd_gtls_process_client_certificate != NULL) | 607 | NULL) |
607 | { | 608 | { |
608 | 609 | ||
609 | /* if we have not requested a certificate then just return | 610 | /* if we have not requested a certificate then just return |
@@ -620,8 +621,8 @@ mhd_gtls_recv_client_certificate (mhd_gtls_session_t session) | |||
620 | 621 | ||
621 | ret = | 622 | ret = |
622 | mhd_gtls_recv_handshake (session, &data, | 623 | mhd_gtls_recv_handshake (session, &data, |
623 | &datasize, | 624 | &datasize, |
624 | GNUTLS_HANDSHAKE_CERTIFICATE_PKT, optional); | 625 | GNUTLS_HANDSHAKE_CERTIFICATE_PKT, optional); |
625 | 626 | ||
626 | if (ret < 0) | 627 | if (ret < 0) |
627 | { | 628 | { |
@@ -642,7 +643,7 @@ mhd_gtls_recv_client_certificate (mhd_gtls_session_t session) | |||
642 | return 0; | 643 | return 0; |
643 | } | 644 | } |
644 | 645 | ||
645 | /* certificate was required | 646 | /* certificate was required |
646 | */ | 647 | */ |
647 | if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED | 648 | if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED |
648 | || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) | 649 | || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) |
@@ -675,7 +676,7 @@ mhd_gtls_recv_client_certificate (mhd_gtls_session_t session) | |||
675 | return ret; | 676 | return ret; |
676 | } | 677 | } |
677 | 678 | ||
678 | /* ok we should expect a certificate verify message now | 679 | /* ok we should expect a certificate verify message now |
679 | */ | 680 | */ |
680 | if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional == OPTIONAL_PACKET) | 681 | if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional == OPTIONAL_PACKET) |
681 | ret = 0; | 682 | ret = 0; |
@@ -694,15 +695,15 @@ mhd_gtls_recv_server_certificate (mhd_gtls_session_t session) | |||
694 | opaque *data; | 695 | opaque *data; |
695 | int ret = 0; | 696 | int ret = 0; |
696 | 697 | ||
697 | if (session->internals.auth_struct-> | 698 | if (session->internals.auth_struct->mhd_gtls_process_server_certificate != |
698 | mhd_gtls_process_server_certificate != NULL) | 699 | NULL) |
699 | { | 700 | { |
700 | 701 | ||
701 | ret = | 702 | ret = |
702 | mhd_gtls_recv_handshake (session, &data, | 703 | mhd_gtls_recv_handshake (session, &data, |
703 | &datasize, | 704 | &datasize, |
704 | GNUTLS_HANDSHAKE_CERTIFICATE_PKT, | 705 | GNUTLS_HANDSHAKE_CERTIFICATE_PKT, |
705 | MANDATORY_PACKET); | 706 | MANDATORY_PACKET); |
706 | if (ret < 0) | 707 | if (ret < 0) |
707 | { | 708 | { |
708 | gnutls_assert (); | 709 | gnutls_assert (); |
@@ -735,7 +736,8 @@ mhd_gtls_recv_client_certificate_verify_message (mhd_gtls_session_t session) | |||
735 | int ret = 0; | 736 | int ret = 0; |
736 | 737 | ||
737 | 738 | ||
738 | if (session->internals.auth_struct->mhd_gtls_process_client_cert_vrfy != NULL) | 739 | if (session->internals.auth_struct->mhd_gtls_process_client_cert_vrfy != |
740 | NULL) | ||
739 | { | 741 | { |
740 | 742 | ||
741 | if (session->internals.send_cert_req == 0 || | 743 | if (session->internals.send_cert_req == 0 || |
@@ -746,9 +748,9 @@ mhd_gtls_recv_client_certificate_verify_message (mhd_gtls_session_t session) | |||
746 | 748 | ||
747 | ret = | 749 | ret = |
748 | mhd_gtls_recv_handshake (session, &data, | 750 | mhd_gtls_recv_handshake (session, &data, |
749 | &datasize, | 751 | &datasize, |
750 | GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY, | 752 | GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY, |
751 | OPTIONAL_PACKET); | 753 | OPTIONAL_PACKET); |
752 | if (ret < 0) | 754 | if (ret < 0) |
753 | return ret; | 755 | return ret; |
754 | 756 | ||
diff --git a/src/daemon/https/tls/gnutls_kx.h b/src/daemon/https/tls/gnutls_kx.h index bc99eb5c..e8bdf199 100644 --- a/src/daemon/https/tls/gnutls_kx.h +++ b/src/daemon/https/tls/gnutls_kx.h | |||
@@ -27,7 +27,7 @@ int mhd_gtls_send_client_kx_message (mhd_gtls_session_t session, int again); | |||
27 | int mhd_gtls_recv_server_kx_message (mhd_gtls_session_t session); | 27 | int mhd_gtls_recv_server_kx_message (mhd_gtls_session_t session); |
28 | int mhd_gtls_recv_client_kx_message (mhd_gtls_session_t session); | 28 | int mhd_gtls_recv_client_kx_message (mhd_gtls_session_t session); |
29 | int mhd_gtls_send_client_certificate_verify (mhd_gtls_session_t session, | 29 | int mhd_gtls_send_client_certificate_verify (mhd_gtls_session_t session, |
30 | int again); | 30 | int again); |
31 | int mhd_gtls_send_server_certificate (mhd_gtls_session_t session, int again); | 31 | int mhd_gtls_send_server_certificate (mhd_gtls_session_t session, int again); |
32 | int mhd_gtls_generate_master (mhd_gtls_session_t session, int keep_premaster); | 32 | int mhd_gtls_generate_master (mhd_gtls_session_t session, int keep_premaster); |
33 | int mhd_gtls_recv_client_certificate (mhd_gtls_session_t session); | 33 | int mhd_gtls_recv_client_certificate (mhd_gtls_session_t session); |
@@ -35,5 +35,6 @@ int mhd_gtls_recv_server_certificate (mhd_gtls_session_t session); | |||
35 | int mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again); | 35 | int mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again); |
36 | int mhd_gtls_recv_server_certificate_request (mhd_gtls_session_t session); | 36 | int mhd_gtls_recv_server_certificate_request (mhd_gtls_session_t session); |
37 | int mhd_gtls_send_server_certificate_request (mhd_gtls_session_t session, | 37 | int mhd_gtls_send_server_certificate_request (mhd_gtls_session_t session, |
38 | int again); | 38 | int again); |
39 | int mhd_gtls_recv_client_certificate_verify_message (mhd_gtls_session_t session); | 39 | int mhd_gtls_recv_client_certificate_verify_message (mhd_gtls_session_t |
40 | session); | ||
diff --git a/src/daemon/https/tls/gnutls_mem.h b/src/daemon/https/tls/gnutls_mem.h index 2d32d6e1..51b37e32 100644 --- a/src/daemon/https/tls/gnutls_mem.h +++ b/src/daemon/https/tls/gnutls_mem.h | |||
@@ -29,7 +29,7 @@ | |||
29 | # include <dmalloc.h> | 29 | # include <dmalloc.h> |
30 | #endif | 30 | #endif |
31 | 31 | ||
32 | typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */ | 32 | typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */ |
33 | 33 | ||
34 | /* Use gnutls_afree() when calling alloca, or | 34 | /* Use gnutls_afree() when calling alloca, or |
35 | * memory leaks may occur in systems which do not | 35 | * memory leaks may occur in systems which do not |
@@ -60,11 +60,11 @@ extern int (*_gnutls_is_secure_memory) (const void *); | |||
60 | /* this realloc function will return ptr if size==0, and | 60 | /* this realloc function will return ptr if size==0, and |
61 | * will free the ptr if the new allocation failed. | 61 | * will free the ptr if the new allocation failed. |
62 | */ | 62 | */ |
63 | void * mhd_gtls_realloc_fast (void *ptr, size_t size); | 63 | void *mhd_gtls_realloc_fast (void *ptr, size_t size); |
64 | 64 | ||
65 | svoid * mhd_gtls_secure_calloc (size_t nmemb, size_t size); | 65 | svoid *mhd_gtls_secure_calloc (size_t nmemb, size_t size); |
66 | 66 | ||
67 | void * mhd_gtls_calloc (size_t nmemb, size_t size); | 67 | void *mhd_gtls_calloc (size_t nmemb, size_t size); |
68 | char * mhd_gtls_strdup (const char *); | 68 | char *mhd_gtls_strdup (const char *); |
69 | 69 | ||
70 | #endif /* GNUTLS_MEM_H */ | 70 | #endif /* GNUTLS_MEM_H */ |
diff --git a/src/daemon/https/tls/gnutls_mpi.c b/src/daemon/https/tls/gnutls_mpi.c index 250c9c77..10831b71 100644 --- a/src/daemon/https/tls/gnutls_mpi.c +++ b/src/daemon/https/tls/gnutls_mpi.c | |||
@@ -80,7 +80,8 @@ mhd_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer, size_t * nbytes) | |||
80 | } | 80 | } |
81 | 81 | ||
82 | int | 82 | int |
83 | mhd_gtls_mpi_scan_pgp (mpi_t * ret_mpi, const opaque * buffer, size_t * nbytes) | 83 | mhd_gtls_mpi_scan_pgp (mpi_t * ret_mpi, const opaque * buffer, |
84 | size_t * nbytes) | ||
84 | { | 85 | { |
85 | int ret; | 86 | int ret; |
86 | ret = gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_PGP, buffer, *nbytes, nbytes); | 87 | ret = gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_PGP, buffer, *nbytes, nbytes); |
diff --git a/src/daemon/https/tls/gnutls_mpi.h b/src/daemon/https/tls/gnutls_mpi.h index dc70e36f..24d60c8a 100644 --- a/src/daemon/https/tls/gnutls_mpi.h +++ b/src/daemon/https/tls/gnutls_mpi.h | |||
@@ -63,11 +63,11 @@ typedef gcry_mpi_t mpi_t; | |||
63 | void mhd_gtls_mpi_release (mpi_t * x); | 63 | void mhd_gtls_mpi_release (mpi_t * x); |
64 | 64 | ||
65 | int mhd_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer, | 65 | int mhd_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer, |
66 | size_t * nbytes); | 66 | size_t * nbytes); |
67 | int mhd_gtls_mpi_scan (mpi_t * ret_mpi, const opaque * buffer, | 67 | int mhd_gtls_mpi_scan (mpi_t * ret_mpi, const opaque * buffer, |
68 | size_t * nbytes); | 68 | size_t * nbytes); |
69 | int mhd_gtls_mpi_scan_pgp (mpi_t * ret_mpi, const opaque * buffer, | 69 | int mhd_gtls_mpi_scan_pgp (mpi_t * ret_mpi, const opaque * buffer, |
70 | size_t * nbytes); | 70 | size_t * nbytes); |
71 | 71 | ||
72 | int mhd_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a); | 72 | int mhd_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a); |
73 | int mhd_gtls_mpi_print_lz (void *buffer, size_t * nbytes, const mpi_t a); | 73 | int mhd_gtls_mpi_print_lz (void *buffer, size_t * nbytes, const mpi_t a); |
diff --git a/src/daemon/https/tls/gnutls_pk.c b/src/daemon/https/tls/gnutls_pk.c index b1361c0b..527ab8ab 100644 --- a/src/daemon/https/tls/gnutls_pk.c +++ b/src/daemon/https/tls/gnutls_pk.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | /* This file contains the functions needed for RSA/DSA public key | 25 | /* This file contains the functions needed for RSA/DSA public key |
26 | * encryption and signatures. | 26 | * encryption and signatures. |
27 | */ | 27 | */ |
28 | 28 | ||
29 | #include <gnutls_int.h> | 29 | #include <gnutls_int.h> |
@@ -50,14 +50,14 @@ static int _gnutls_pk_decrypt (int algo, mpi_t * resarr, mpi_t data, | |||
50 | mpi_t * pkey, int); | 50 | mpi_t * pkey, int); |
51 | 51 | ||
52 | 52 | ||
53 | /* Do PKCS-1 RSA encryption. | 53 | /* Do PKCS-1 RSA encryption. |
54 | * params is modulus, public exp. | 54 | * params is modulus, public exp. |
55 | */ | 55 | */ |
56 | int | 56 | int |
57 | mhd_gtls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, | 57 | mhd_gtls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, |
58 | const gnutls_datum_t * plaintext, | 58 | const gnutls_datum_t * plaintext, |
59 | mpi_t * params, unsigned params_len, | 59 | mpi_t * params, unsigned params_len, |
60 | unsigned btype) | 60 | unsigned btype) |
61 | { | 61 | { |
62 | unsigned int i, pad; | 62 | unsigned int i, pad; |
63 | int ret; | 63 | int ret; |
@@ -84,7 +84,7 @@ mhd_gtls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, | |||
84 | return GNUTLS_E_MEMORY_ERROR; | 84 | return GNUTLS_E_MEMORY_ERROR; |
85 | } | 85 | } |
86 | 86 | ||
87 | /* EB = 00||BT||PS||00||D | 87 | /* EB = 00||BT||PS||00||D |
88 | * (use block type 'btype') | 88 | * (use block type 'btype') |
89 | */ | 89 | */ |
90 | 90 | ||
@@ -203,15 +203,15 @@ mhd_gtls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, | |||
203 | } | 203 | } |
204 | 204 | ||
205 | 205 | ||
206 | /* Do PKCS-1 RSA decryption. | 206 | /* Do PKCS-1 RSA decryption. |
207 | * params is modulus, public exp., private key | 207 | * params is modulus, public exp., private key |
208 | * Can decrypt block type 1 and type 2 packets. | 208 | * Can decrypt block type 1 and type 2 packets. |
209 | */ | 209 | */ |
210 | int | 210 | int |
211 | mhd_gtls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, | 211 | mhd_gtls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, |
212 | const gnutls_datum_t * ciphertext, | 212 | const gnutls_datum_t * ciphertext, |
213 | mpi_t * params, unsigned params_len, | 213 | mpi_t * params, unsigned params_len, |
214 | unsigned btype) | 214 | unsigned btype) |
215 | { | 215 | { |
216 | unsigned k, i; | 216 | unsigned k, i; |
217 | int ret; | 217 | int ret; |
@@ -346,8 +346,8 @@ mhd_gtls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, | |||
346 | 346 | ||
347 | int | 347 | int |
348 | mhd_gtls_rsa_verify (const gnutls_datum_t * vdata, | 348 | mhd_gtls_rsa_verify (const gnutls_datum_t * vdata, |
349 | const gnutls_datum_t * ciphertext, mpi_t * params, | 349 | const gnutls_datum_t * ciphertext, mpi_t * params, |
350 | int params_len, int btype) | 350 | int params_len, int btype) |
351 | { | 351 | { |
352 | 352 | ||
353 | gnutls_datum_t plain; | 353 | gnutls_datum_t plain; |
@@ -356,7 +356,7 @@ mhd_gtls_rsa_verify (const gnutls_datum_t * vdata, | |||
356 | /* decrypt signature */ | 356 | /* decrypt signature */ |
357 | if ((ret = | 357 | if ((ret = |
358 | mhd_gtls_pkcs1_rsa_decrypt (&plain, ciphertext, params, params_len, | 358 | mhd_gtls_pkcs1_rsa_decrypt (&plain, ciphertext, params, params_len, |
359 | btype)) < 0) | 359 | btype)) < 0) |
360 | { | 360 | { |
361 | gnutls_assert (); | 361 | gnutls_assert (); |
362 | return ret; | 362 | return ret; |
@@ -434,8 +434,8 @@ encode_ber_rs (gnutls_datum_t * sig_value, mpi_t r, mpi_t s) | |||
434 | */ | 434 | */ |
435 | int | 435 | int |
436 | mhd_gtls_dsa_sign (gnutls_datum_t * signature, | 436 | mhd_gtls_dsa_sign (gnutls_datum_t * signature, |
437 | const gnutls_datum_t * hash, mpi_t * params, | 437 | const gnutls_datum_t * hash, mpi_t * params, |
438 | unsigned params_len) | 438 | unsigned params_len) |
439 | { | 439 | { |
440 | mpi_t rs[2], mdata; | 440 | mpi_t rs[2], mdata; |
441 | int ret; | 441 | int ret; |
@@ -530,8 +530,8 @@ decode_ber_rs (const gnutls_datum_t * sig_value, mpi_t * r, mpi_t * s) | |||
530 | */ | 530 | */ |
531 | int | 531 | int |
532 | mhd_gtls_dsa_verify (const gnutls_datum_t * vdata, | 532 | mhd_gtls_dsa_verify (const gnutls_datum_t * vdata, |
533 | const gnutls_datum_t * sig_value, mpi_t * params, | 533 | const gnutls_datum_t * sig_value, mpi_t * params, |
534 | int params_len) | 534 | int params_len) |
535 | { | 535 | { |
536 | 536 | ||
537 | mpi_t mdata; | 537 | mpi_t mdata; |
@@ -576,7 +576,7 @@ mhd_gtls_dsa_verify (const gnutls_datum_t * vdata, | |||
576 | } | 576 | } |
577 | 577 | ||
578 | 578 | ||
579 | /* this is taken from gnupg | 579 | /* this is taken from gnupg |
580 | */ | 580 | */ |
581 | 581 | ||
582 | /**************** | 582 | /**************** |
diff --git a/src/daemon/https/tls/gnutls_pk.h b/src/daemon/https/tls/gnutls_pk.h index bde27a2a..ef4723d4 100644 --- a/src/daemon/https/tls/gnutls_pk.h +++ b/src/daemon/https/tls/gnutls_pk.h | |||
@@ -26,21 +26,21 @@ | |||
26 | #define GNUTLS_PK_H | 26 | #define GNUTLS_PK_H |
27 | 27 | ||
28 | int mhd_gtls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, | 28 | int mhd_gtls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, |
29 | const gnutls_datum_t * plaintext, | 29 | const gnutls_datum_t * plaintext, |
30 | mpi_t * params, unsigned params_len, | 30 | mpi_t * params, unsigned params_len, |
31 | unsigned btype); | 31 | unsigned btype); |
32 | int mhd_gtls_dsa_sign (gnutls_datum_t * signature, | 32 | int mhd_gtls_dsa_sign (gnutls_datum_t * signature, |
33 | const gnutls_datum_t * plaintext, mpi_t * params, | 33 | const gnutls_datum_t * plaintext, mpi_t * params, |
34 | unsigned params_len); | 34 | unsigned params_len); |
35 | int mhd_gtls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, | 35 | int mhd_gtls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, |
36 | const gnutls_datum_t * ciphertext, | 36 | const gnutls_datum_t * ciphertext, |
37 | mpi_t * params, unsigned params_len, | 37 | mpi_t * params, unsigned params_len, |
38 | unsigned btype); | 38 | unsigned btype); |
39 | int mhd_gtls_rsa_verify (const gnutls_datum_t * vdata, | 39 | int mhd_gtls_rsa_verify (const gnutls_datum_t * vdata, |
40 | const gnutls_datum_t * ciphertext, mpi_t * params, | 40 | const gnutls_datum_t * ciphertext, mpi_t * params, |
41 | int params_len, int btype); | 41 | int params_len, int btype); |
42 | int mhd_gtls_dsa_verify (const gnutls_datum_t * vdata, | 42 | int mhd_gtls_dsa_verify (const gnutls_datum_t * vdata, |
43 | const gnutls_datum_t * sig_value, mpi_t * params, | 43 | const gnutls_datum_t * sig_value, mpi_t * params, |
44 | int params_len); | 44 | int params_len); |
45 | 45 | ||
46 | #endif /* GNUTLS_PK_H */ | 46 | #endif /* GNUTLS_PK_H */ |
diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c index 82725899..f871a1cf 100644 --- a/src/daemon/https/tls/gnutls_priority.c +++ b/src/daemon/https/tls/gnutls_priority.c | |||
@@ -147,7 +147,8 @@ MHD_gnutls_mac_set_priority (mhd_gtls_session_t session, const int *list) | |||
147 | * | 147 | * |
148 | **/ | 148 | **/ |
149 | int | 149 | int |
150 | MHD_gnutls_compression_set_priority (mhd_gtls_session_t session, const int *list) | 150 | MHD_gnutls_compression_set_priority (mhd_gtls_session_t session, |
151 | const int *list) | ||
151 | { | 152 | { |
152 | return _set_priority (&session->internals.priorities.compression, list); | 153 | return _set_priority (&session->internals.priorities.compression, list); |
153 | } | 154 | } |
@@ -197,7 +198,7 @@ MHD_gnutls_protocol_set_priority (mhd_gtls_session_t session, const int *list) | |||
197 | **/ | 198 | **/ |
198 | int | 199 | int |
199 | MHD_gnutls_certificate_type_set_priority (mhd_gtls_session_t session, | 200 | MHD_gnutls_certificate_type_set_priority (mhd_gtls_session_t session, |
200 | const int *list) | 201 | const int *list) |
201 | { | 202 | { |
202 | #if ENABLE_OPENPGP | 203 | #if ENABLE_OPENPGP |
203 | return _set_priority (&session->internals.priorities.cert_type, list); | 204 | return _set_priority (&session->internals.priorities.cert_type, list); |
@@ -249,7 +250,8 @@ typedef void (rmadd_func) (mhd_gtls_priority_st * priority_list, int alg); | |||
249 | * | 250 | * |
250 | **/ | 251 | **/ |
251 | int | 252 | int |
252 | MHD_gnutls_priority_set (mhd_gtls_session_t session, gnutls_priority_t priority) | 253 | MHD_gnutls_priority_set (mhd_gtls_session_t session, |
254 | gnutls_priority_t priority) | ||
253 | { | 255 | { |
254 | if (priority == NULL) | 256 | if (priority == NULL) |
255 | { | 257 | { |
@@ -330,7 +332,7 @@ MHD_gnutls_priority_set (mhd_gtls_session_t session, gnutls_priority_t priority) | |||
330 | **/ | 332 | **/ |
331 | int | 333 | int |
332 | MHD_tls_set_default_priority (gnutls_priority_t * priority_cache, | 334 | MHD_tls_set_default_priority (gnutls_priority_t * priority_cache, |
333 | const char *priorities, const char **err_pos) | 335 | const char *priorities, const char **err_pos) |
334 | { | 336 | { |
335 | *priority_cache = gnutls_calloc (1, sizeof (struct MHD_gtls_priority_st)); | 337 | *priority_cache = gnutls_calloc (1, sizeof (struct MHD_gtls_priority_st)); |
336 | if (*priority_cache == NULL) | 338 | if (*priority_cache == NULL) |
@@ -341,7 +343,8 @@ MHD_tls_set_default_priority (gnutls_priority_t * priority_cache, | |||
341 | 343 | ||
342 | /* set mode to "SECURE256" */ | 344 | /* set mode to "SECURE256" */ |
343 | _set_priority (&(*priority_cache)->protocol, mhd_gtls_protocol_priority); | 345 | _set_priority (&(*priority_cache)->protocol, mhd_gtls_protocol_priority); |
344 | _set_priority (&(*priority_cache)->cipher, mhd_gtls_cipher_priority_secure256); | 346 | _set_priority (&(*priority_cache)->cipher, |
347 | mhd_gtls_cipher_priority_secure256); | ||
345 | _set_priority (&(*priority_cache)->kx, mhd_gtls_kx_priority_secure); | 348 | _set_priority (&(*priority_cache)->kx, mhd_gtls_kx_priority_secure); |
346 | _set_priority (&(*priority_cache)->mac, mhd_gtls_mac_priority_secure); | 349 | _set_priority (&(*priority_cache)->mac, mhd_gtls_mac_priority_secure); |
347 | _set_priority (&(*priority_cache)->cert_type, mhd_gtls_cert_type_priority); | 350 | _set_priority (&(*priority_cache)->cert_type, mhd_gtls_cert_type_priority); |
@@ -380,7 +383,7 @@ MHD_gnutls_priority_deinit (gnutls_priority_t priority_cache) | |||
380 | **/ | 383 | **/ |
381 | int | 384 | int |
382 | MHD_gnutls_priority_set_direct (mhd_gtls_session_t session, | 385 | MHD_gnutls_priority_set_direct (mhd_gtls_session_t session, |
383 | const char *priorities, const char **err_pos) | 386 | const char *priorities, const char **err_pos) |
384 | { | 387 | { |
385 | gnutls_priority_t prio; | 388 | gnutls_priority_t prio; |
386 | int ret; | 389 | int ret; |
diff --git a/src/daemon/https/tls/gnutls_record.c b/src/daemon/https/tls/gnutls_record.c index c56dc483..3c6122d5 100644 --- a/src/daemon/https/tls/gnutls_record.c +++ b/src/daemon/https/tls/gnutls_record.c | |||
@@ -57,7 +57,7 @@ MHD_gnutls_protocol_get_version (mhd_gtls_session_t session) | |||
57 | 57 | ||
58 | void | 58 | void |
59 | mhd_gtls_set_current_version (mhd_gtls_session_t session, | 59 | mhd_gtls_set_current_version (mhd_gtls_session_t session, |
60 | enum MHD_GNUTLS_Protocol version) | 60 | enum MHD_GNUTLS_Protocol version) |
61 | { | 61 | { |
62 | session->security_parameters.version = version; | 62 | session->security_parameters.version = version; |
63 | } | 63 | } |
@@ -109,7 +109,7 @@ MHD_gtls_record_disable_padding (mhd_gtls_session_t session) | |||
109 | **/ | 109 | **/ |
110 | void | 110 | void |
111 | MHD_gnutls_transport_set_ptr (mhd_gtls_session_t session, | 111 | MHD_gnutls_transport_set_ptr (mhd_gtls_session_t session, |
112 | gnutls_transport_ptr_t ptr) | 112 | gnutls_transport_ptr_t ptr) |
113 | { | 113 | { |
114 | session->internals.transport_recv_ptr = ptr; | 114 | session->internals.transport_recv_ptr = ptr; |
115 | session->internals.transport_send_ptr = ptr; | 115 | session->internals.transport_send_ptr = ptr; |
@@ -128,8 +128,8 @@ MHD_gnutls_transport_set_ptr (mhd_gtls_session_t session, | |||
128 | **/ | 128 | **/ |
129 | void | 129 | void |
130 | MHD_gnutls_transport_set_ptr2 (mhd_gtls_session_t session, | 130 | MHD_gnutls_transport_set_ptr2 (mhd_gtls_session_t session, |
131 | gnutls_transport_ptr_t recv_ptr, | 131 | gnutls_transport_ptr_t recv_ptr, |
132 | gnutls_transport_ptr_t send_ptr) | 132 | gnutls_transport_ptr_t send_ptr) |
133 | { | 133 | { |
134 | session->internals.transport_send_ptr = send_ptr; | 134 | session->internals.transport_send_ptr = send_ptr; |
135 | session->internals.transport_recv_ptr = recv_ptr; | 135 | session->internals.transport_recv_ptr = recv_ptr; |
@@ -187,7 +187,8 @@ MHD_gnutls_bye (mhd_gtls_session_t session, gnutls_close_request_t how) | |||
187 | 187 | ||
188 | case STATE61: | 188 | case STATE61: |
189 | ret = | 189 | ret = |
190 | MHD_gnutls_alert_send (session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY); | 190 | MHD_gnutls_alert_send (session, GNUTLS_AL_WARNING, |
191 | GNUTLS_A_CLOSE_NOTIFY); | ||
191 | STATE = STATE61; | 192 | STATE = STATE61; |
192 | if (ret < 0) | 193 | if (ret < 0) |
193 | { | 194 | { |
@@ -292,9 +293,9 @@ copy_record_version (mhd_gtls_session_t session, | |||
292 | */ | 293 | */ |
293 | ssize_t | 294 | ssize_t |
294 | mhd_gtls_send_int (mhd_gtls_session_t session, | 295 | mhd_gtls_send_int (mhd_gtls_session_t session, |
295 | content_type_t type, | 296 | content_type_t type, |
296 | gnutls_handshake_description_t htype, | 297 | gnutls_handshake_description_t htype, |
297 | const void *_data, size_t sizeofdata) | 298 | const void *_data, size_t sizeofdata) |
298 | { | 299 | { |
299 | uint8_t *cipher; | 300 | uint8_t *cipher; |
300 | int cipher_size; | 301 | int cipher_size; |
@@ -331,7 +332,7 @@ mhd_gtls_send_int (mhd_gtls_session_t session, | |||
331 | _gnutls_record_log | 332 | _gnutls_record_log |
332 | ("REC[%x]: Sending Packet[%d] %s(%d) with length: %d\n", session, | 333 | ("REC[%x]: Sending Packet[%d] %s(%d) with length: %d\n", session, |
333 | (int) mhd_gtls_uint64touint32 (&session->connection_state. | 334 | (int) mhd_gtls_uint64touint32 (&session->connection_state. |
334 | write_sequence_number), | 335 | write_sequence_number), |
335 | _gnutls_packet2str (type), type, sizeofdata); | 336 | _gnutls_packet2str (type), type, sizeofdata); |
336 | 337 | ||
337 | if (sizeofdata > MAX_RECORD_SEND_SIZE) | 338 | if (sizeofdata > MAX_RECORD_SEND_SIZE) |
@@ -368,9 +369,9 @@ mhd_gtls_send_int (mhd_gtls_session_t session, | |||
368 | 369 | ||
369 | cipher_size = | 370 | cipher_size = |
370 | mhd_gtls_encrypt (session, headers, RECORD_HEADER_SIZE, data, | 371 | mhd_gtls_encrypt (session, headers, RECORD_HEADER_SIZE, data, |
371 | data2send_size, cipher, cipher_size, type, | 372 | data2send_size, cipher, cipher_size, type, |
372 | (session->internals.priorities.no_padding == | 373 | (session->internals.priorities.no_padding == |
373 | 0) ? 1 : 0); | 374 | 0) ? 1 : 0); |
374 | if (cipher_size <= 0) | 375 | if (cipher_size <= 0) |
375 | { | 376 | { |
376 | gnutls_assert (); | 377 | gnutls_assert (); |
@@ -424,9 +425,9 @@ mhd_gtls_send_int (mhd_gtls_session_t session, | |||
424 | 425 | ||
425 | _gnutls_record_log ("REC[%x]: Sent Packet[%d] %s(%d) with length: %d\n", | 426 | _gnutls_record_log ("REC[%x]: Sent Packet[%d] %s(%d) with length: %d\n", |
426 | session, | 427 | session, |
427 | (int) mhd_gtls_uint64touint32 (&session-> | 428 | (int) |
428 | connection_state. | 429 | mhd_gtls_uint64touint32 |
429 | write_sequence_number), | 430 | (&session->connection_state.write_sequence_number), |
430 | _gnutls_packet2str (type), type, cipher_size); | 431 | _gnutls_packet2str (type), type, cipher_size); |
431 | 432 | ||
432 | return retval; | 433 | return retval; |
@@ -445,7 +446,8 @@ mhd_gtls_send_change_cipher_spec (mhd_gtls_session_t session, int again) | |||
445 | _gnutls_handshake_log ("REC[%x]: Sent ChangeCipherSpec\n", session); | 446 | _gnutls_handshake_log ("REC[%x]: Sent ChangeCipherSpec\n", session); |
446 | 447 | ||
447 | if (again == 0) | 448 | if (again == 0) |
448 | return mhd_gtls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, 1); | 449 | return mhd_gtls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, |
450 | 1); | ||
449 | else | 451 | else |
450 | { | 452 | { |
451 | return mhd_gtls_io_write_flush (session); | 453 | return mhd_gtls_io_write_flush (session); |
@@ -478,9 +480,8 @@ check_buffers (mhd_gtls_session_t session, | |||
478 | content_type_t type, opaque * data, int sizeofdata) | 480 | content_type_t type, opaque * data, int sizeofdata) |
479 | { | 481 | { |
480 | if ((type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE || type | 482 | if ((type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE || type |
481 | == GNUTLS_INNER_APPLICATION) && mhd_gnutls_record_buffer_get_size (type, | 483 | == GNUTLS_INNER_APPLICATION) |
482 | session) | 484 | && mhd_gnutls_record_buffer_get_size (type, session) > 0) |
483 | > 0) | ||
484 | { | 485 | { |
485 | int ret, ret2; | 486 | int ret, ret2; |
486 | ret = mhd_gtls_record_buffer_get (type, session, data, sizeofdata); | 487 | ret = mhd_gtls_record_buffer_get (type, session, data, sizeofdata); |
@@ -674,8 +675,8 @@ record_check_type (mhd_gtls_session_t session, | |||
674 | case GNUTLS_APPLICATION_DATA: | 675 | case GNUTLS_APPLICATION_DATA: |
675 | /* even if data is unexpected put it into the buffer */ | 676 | /* even if data is unexpected put it into the buffer */ |
676 | if ((ret = | 677 | if ((ret = |
677 | mhd_gnutls_record_buffer_put (recv_type, session, (void *) data, | 678 | mhd_gnutls_record_buffer_put (recv_type, session, |
678 | data_size)) < 0) | 679 | (void *) data, data_size)) < 0) |
679 | { | 680 | { |
680 | gnutls_assert (); | 681 | gnutls_assert (); |
681 | return ret; | 682 | return ret; |
@@ -717,8 +718,8 @@ record_check_type (mhd_gtls_session_t session, | |||
717 | case GNUTLS_INNER_APPLICATION: | 718 | case GNUTLS_INNER_APPLICATION: |
718 | /* even if data is unexpected put it into the buffer */ | 719 | /* even if data is unexpected put it into the buffer */ |
719 | if ((ret = | 720 | if ((ret = |
720 | mhd_gnutls_record_buffer_put (recv_type, session, (void *) data, | 721 | mhd_gnutls_record_buffer_put (recv_type, session, |
721 | data_size)) < 0) | 722 | (void *) data, data_size)) < 0) |
722 | { | 723 | { |
723 | gnutls_assert (); | 724 | gnutls_assert (); |
724 | return ret; | 725 | return ret; |
@@ -796,9 +797,9 @@ get_temp_recv_buffer (mhd_gtls_session_t session, gnutls_datum_t * tmp) | |||
796 | */ | 797 | */ |
797 | ssize_t | 798 | ssize_t |
798 | mhd_gtls_recv_int (mhd_gtls_session_t session, | 799 | mhd_gtls_recv_int (mhd_gtls_session_t session, |
799 | content_type_t type, | 800 | content_type_t type, |
800 | gnutls_handshake_description_t htype, | 801 | gnutls_handshake_description_t htype, |
801 | opaque * data, size_t sizeofdata) | 802 | opaque * data, size_t sizeofdata) |
802 | { | 803 | { |
803 | gnutls_datum_t tmp; | 804 | gnutls_datum_t tmp; |
804 | int decrypted_length; | 805 | int decrypted_length; |
@@ -895,13 +896,14 @@ begin: | |||
895 | _gnutls_record_log | 896 | _gnutls_record_log |
896 | ("REC[%x]: Expected Packet[%d] %s(%d) with length: %d\n", session, | 897 | ("REC[%x]: Expected Packet[%d] %s(%d) with length: %d\n", session, |
897 | (int) mhd_gtls_uint64touint32 (&session->connection_state. | 898 | (int) mhd_gtls_uint64touint32 (&session->connection_state. |
898 | read_sequence_number), | 899 | read_sequence_number), |
899 | _gnutls_packet2str (type), type, sizeofdata); | 900 | _gnutls_packet2str (type), type, sizeofdata); |
900 | _gnutls_record_log | 901 | _gnutls_record_log ("REC[%x]: Received Packet[%d] %s(%d) with length: %d\n", |
901 | ("REC[%x]: Received Packet[%d] %s(%d) with length: %d\n", session, | 902 | session, |
902 | (int) mhd_gtls_uint64touint32 (&session->connection_state. | 903 | (int) |
903 | read_sequence_number), | 904 | mhd_gtls_uint64touint32 (&session->connection_state. |
904 | _gnutls_packet2str (recv_type), recv_type, length); | 905 | read_sequence_number), |
906 | _gnutls_packet2str (recv_type), recv_type, length); | ||
905 | 907 | ||
906 | if (length > MAX_RECV_SIZE) | 908 | if (length > MAX_RECV_SIZE) |
907 | { | 909 | { |
@@ -918,7 +920,7 @@ begin: | |||
918 | /* check if we have that data into buffer. | 920 | /* check if we have that data into buffer. |
919 | */ | 921 | */ |
920 | if ((ret = mhd_gtls_io_read_buffered (session, &recv_data, | 922 | if ((ret = mhd_gtls_io_read_buffered (session, &recv_data, |
921 | header_size + length, recv_type)) | 923 | header_size + length, recv_type)) |
922 | != header_size + length) | 924 | != header_size + length) |
923 | { | 925 | { |
924 | if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0) | 926 | if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0) |
@@ -945,7 +947,7 @@ begin: | |||
945 | 947 | ||
946 | /* decrypt the data we got. */ | 948 | /* decrypt the data we got. */ |
947 | ret = mhd_gtls_decrypt (session, ciphertext, length, tmp.data, tmp.size, | 949 | ret = mhd_gtls_decrypt (session, ciphertext, length, tmp.data, tmp.size, |
948 | recv_type); | 950 | recv_type); |
949 | if (ret < 0) | 951 | if (ret < 0) |
950 | { | 952 | { |
951 | session_unresumable (session); | 953 | session_unresumable (session); |
@@ -977,12 +979,13 @@ begin: | |||
977 | _gnutls_record_log | 979 | _gnutls_record_log |
978 | ("REC[%x]: Decrypted Packet[%d] %s(%d) with length: %d\n", session, | 980 | ("REC[%x]: Decrypted Packet[%d] %s(%d) with length: %d\n", session, |
979 | (int) mhd_gtls_uint64touint32 (&session->connection_state. | 981 | (int) mhd_gtls_uint64touint32 (&session->connection_state. |
980 | read_sequence_number), | 982 | read_sequence_number), |
981 | _gnutls_packet2str (recv_type), recv_type, decrypted_length); | 983 | _gnutls_packet2str (recv_type), recv_type, decrypted_length); |
982 | 984 | ||
983 | /* increase sequence number | 985 | /* increase sequence number |
984 | */ | 986 | */ |
985 | if (mhd_gtls_uint64pp (&session->connection_state.read_sequence_number) != 0) | 987 | if (mhd_gtls_uint64pp (&session->connection_state.read_sequence_number) != |
988 | 0) | ||
986 | { | 989 | { |
987 | session_invalidate (session); | 990 | session_invalidate (session); |
988 | gnutls_assert (); | 991 | gnutls_assert (); |
@@ -1079,10 +1082,10 @@ begin: | |||
1079 | **/ | 1082 | **/ |
1080 | ssize_t | 1083 | ssize_t |
1081 | MHD_gnutls_record_send (mhd_gtls_session_t session, | 1084 | MHD_gnutls_record_send (mhd_gtls_session_t session, |
1082 | const void *data, size_t sizeofdata) | 1085 | const void *data, size_t sizeofdata) |
1083 | { | 1086 | { |
1084 | return mhd_gtls_send_int (session, GNUTLS_APPLICATION_DATA, -1, data, | 1087 | return mhd_gtls_send_int (session, GNUTLS_APPLICATION_DATA, -1, data, |
1085 | sizeofdata); | 1088 | sizeofdata); |
1086 | } | 1089 | } |
1087 | 1090 | ||
1088 | /** | 1091 | /** |
@@ -1116,10 +1119,11 @@ MHD_gnutls_record_send (mhd_gtls_session_t session, | |||
1116 | * received might be less than @sizeofdata. | 1119 | * received might be less than @sizeofdata. |
1117 | **/ | 1120 | **/ |
1118 | ssize_t | 1121 | ssize_t |
1119 | MHD_gnutls_record_recv (mhd_gtls_session_t session, void *data, size_t sizeofdata) | 1122 | MHD_gnutls_record_recv (mhd_gtls_session_t session, void *data, |
1123 | size_t sizeofdata) | ||
1120 | { | 1124 | { |
1121 | return mhd_gtls_recv_int (session, GNUTLS_APPLICATION_DATA, -1, data, | 1125 | return mhd_gtls_recv_int (session, GNUTLS_APPLICATION_DATA, -1, data, |
1122 | sizeofdata); | 1126 | sizeofdata); |
1123 | } | 1127 | } |
1124 | 1128 | ||
1125 | /** | 1129 | /** |
diff --git a/src/daemon/https/tls/gnutls_record.h b/src/daemon/https/tls/gnutls_record.h index 74069bfc..e1fea3f2 100644 --- a/src/daemon/https/tls/gnutls_record.h +++ b/src/daemon/https/tls/gnutls_record.h | |||
@@ -23,10 +23,11 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | ssize_t mhd_gtls_send_int (mhd_gtls_session_t session, content_type_t type, | 25 | ssize_t mhd_gtls_send_int (mhd_gtls_session_t session, content_type_t type, |
26 | gnutls_handshake_description_t htype, | 26 | gnutls_handshake_description_t htype, |
27 | const void *data, size_t sizeofdata); | 27 | const void *data, size_t sizeofdata); |
28 | ssize_t mhd_gtls_recv_int (mhd_gtls_session_t session, content_type_t type, | 28 | ssize_t mhd_gtls_recv_int (mhd_gtls_session_t session, content_type_t type, |
29 | gnutls_handshake_description_t, opaque * data, | 29 | gnutls_handshake_description_t, opaque * data, |
30 | size_t sizeofdata); | 30 | size_t sizeofdata); |
31 | ssize_t mhd_gtls_send_change_cipher_spec (mhd_gtls_session_t session, int again); | 31 | ssize_t mhd_gtls_send_change_cipher_spec (mhd_gtls_session_t session, |
32 | int again); | ||
32 | void MHD_gnutls_transport_set_lowat (mhd_gtls_session_t session, int num); | 33 | void MHD_gnutls_transport_set_lowat (mhd_gtls_session_t session, int num); |
diff --git a/src/daemon/https/tls/gnutls_rsa_export.c b/src/daemon/https/tls/gnutls_rsa_export.c index c939f06e..ce06e47e 100644 --- a/src/daemon/https/tls/gnutls_rsa_export.c +++ b/src/daemon/https/tls/gnutls_rsa_export.c | |||
@@ -220,7 +220,8 @@ MHD_gnutls_rsa_params_deinit (mhd_gtls_rsa_params_t rsa_params) | |||
220 | * | 220 | * |
221 | **/ | 221 | **/ |
222 | int | 222 | int |
223 | MHD_gnutls_rsa_params_generate2 (mhd_gtls_rsa_params_t params, unsigned int bits) | 223 | MHD_gnutls_rsa_params_generate2 (mhd_gtls_rsa_params_t params, |
224 | unsigned int bits) | ||
224 | { | 225 | { |
225 | return gnutls_x509_privkey_generate (params, MHD_GNUTLS_PK_RSA, bits, 0); | 226 | return gnutls_x509_privkey_generate (params, MHD_GNUTLS_PK_RSA, bits, 0); |
226 | } | 227 | } |
diff --git a/src/daemon/https/tls/gnutls_rsa_export.h b/src/daemon/https/tls/gnutls_rsa_export.h index 029e38c5..8e21ed59 100644 --- a/src/daemon/https/tls/gnutls_rsa_export.h +++ b/src/daemon/https/tls/gnutls_rsa_export.h | |||
@@ -22,6 +22,6 @@ | |||
22 | * | 22 | * |
23 | */ | 23 | */ |
24 | 24 | ||
25 | const mpi_t * _gnutls_rsa_params_to_mpi (mhd_gtls_rsa_params_t); | 25 | const mpi_t *_gnutls_rsa_params_to_mpi (mhd_gtls_rsa_params_t); |
26 | int _gnutls_peers_cert_less_512 (mhd_gtls_session_t session); | 26 | int _gnutls_peers_cert_less_512 (mhd_gtls_session_t session); |
27 | int _gnutls_rsa_generate_params (mpi_t * resarr, int *resarr_len, int bits); | 27 | int _gnutls_rsa_generate_params (mpi_t * resarr, int *resarr_len, int bits); |
diff --git a/src/daemon/https/tls/gnutls_session.c b/src/daemon/https/tls/gnutls_session.c index afc00966..fe14904c 100644 --- a/src/daemon/https/tls/gnutls_session.c +++ b/src/daemon/https/tls/gnutls_session.c | |||
@@ -135,7 +135,7 @@ | |||
135 | **/ | 135 | **/ |
136 | int | 136 | int |
137 | MHD_gtls_session_get_id (mhd_gtls_session_t session, | 137 | MHD_gtls_session_get_id (mhd_gtls_session_t session, |
138 | void *session_id, size_t * session_id_size) | 138 | void *session_id, size_t * session_id_size) |
139 | { | 139 | { |
140 | size_t given_session_id_size = *session_id_size; | 140 | size_t given_session_id_size = *session_id_size; |
141 | 141 | ||
diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c index 545e4a0c..85bebc8c 100644 --- a/src/daemon/https/tls/gnutls_session_pack.c +++ b/src/daemon/https/tls/gnutls_session_pack.c | |||
@@ -69,7 +69,8 @@ static int pack_security_parameters (mhd_gtls_session_t session, | |||
69 | * x bytes the public key | 69 | * x bytes the public key |
70 | */ | 70 | */ |
71 | static int | 71 | static int |
72 | pack_anon_auth_info (mhd_gtls_session_t session, gnutls_datum_t * packed_session) | 72 | pack_anon_auth_info (mhd_gtls_session_t session, |
73 | gnutls_datum_t * packed_session) | ||
73 | { | 74 | { |
74 | mhd_anon_auth_info_t info = mhd_gtls_get_auth_info (session); | 75 | mhd_anon_auth_info_t info = mhd_gtls_get_auth_info (session); |
75 | int pos = 0; | 76 | int pos = 0; |
@@ -100,14 +101,16 @@ pack_anon_auth_info (mhd_gtls_session_t session, gnutls_datum_t * packed_session | |||
100 | 101 | ||
101 | if (pack_size > 0) | 102 | if (pack_size > 0) |
102 | { | 103 | { |
103 | mhd_gtls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]); | 104 | mhd_gtls_write_uint16 (info->dh.secret_bits, |
105 | &packed_session->data[pos]); | ||
104 | pos += 2; | 106 | pos += 2; |
105 | 107 | ||
106 | mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime); | 108 | mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime); |
107 | pos += 4 + info->dh.prime.size; | 109 | pos += 4 + info->dh.prime.size; |
108 | mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator); | 110 | mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator); |
109 | pos += 4 + info->dh.generator.size; | 111 | pos += 4 + info->dh.generator.size; |
110 | mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.public_key); | 112 | mhd_gtls_write_datum32 (&packed_session->data[pos], |
113 | info->dh.public_key); | ||
111 | pos += 4 + info->dh.public_key.size; | 114 | pos += 4 + info->dh.public_key.size; |
112 | 115 | ||
113 | } | 116 | } |
@@ -158,7 +161,7 @@ unpack_anon_auth_info (mhd_gtls_session_t session, | |||
158 | */ | 161 | */ |
159 | ret = | 162 | ret = |
160 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, | 163 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, |
161 | sizeof (anon_auth_info_st), 1); | 164 | sizeof (anon_auth_info_st), 1); |
162 | if (ret < 0) | 165 | if (ret < 0) |
163 | { | 166 | { |
164 | gnutls_assert (); | 167 | gnutls_assert (); |
@@ -228,7 +231,7 @@ error: | |||
228 | */ | 231 | */ |
229 | int | 232 | int |
230 | mhd_gtls_session_pack (mhd_gtls_session_t session, | 233 | mhd_gtls_session_pack (mhd_gtls_session_t session, |
231 | gnutls_datum_t * packed_session) | 234 | gnutls_datum_t * packed_session) |
232 | { | 235 | { |
233 | int ret; | 236 | int ret; |
234 | 237 | ||
@@ -303,7 +306,7 @@ mhd_gtls_session_pack (mhd_gtls_session_t session, | |||
303 | */ | 306 | */ |
304 | int | 307 | int |
305 | mhd_gtls_session_unpack (mhd_gtls_session_t session, | 308 | mhd_gtls_session_unpack (mhd_gtls_session_t session, |
306 | const gnutls_datum_t * packed_session) | 309 | const gnutls_datum_t * packed_session) |
307 | { | 310 | { |
308 | int ret; | 311 | int ret; |
309 | 312 | ||
@@ -444,21 +447,23 @@ pack_certificate_auth_info (mhd_gtls_session_t session, | |||
444 | if (pack_size > 0) | 447 | if (pack_size > 0) |
445 | { | 448 | { |
446 | 449 | ||
447 | mhd_gtls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]); | 450 | mhd_gtls_write_uint16 (info->dh.secret_bits, |
451 | &packed_session->data[pos]); | ||
448 | pos += 2; | 452 | pos += 2; |
449 | 453 | ||
450 | mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime); | 454 | mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime); |
451 | pos += 4 + info->dh.prime.size; | 455 | pos += 4 + info->dh.prime.size; |
452 | mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator); | 456 | mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator); |
453 | pos += 4 + info->dh.generator.size; | 457 | pos += 4 + info->dh.generator.size; |
454 | mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.public_key); | 458 | mhd_gtls_write_datum32 (&packed_session->data[pos], |
459 | info->dh.public_key); | ||
455 | pos += 4 + info->dh.public_key.size; | 460 | pos += 4 + info->dh.public_key.size; |
456 | 461 | ||
457 | mhd_gtls_write_datum32 (&packed_session->data[pos], | 462 | mhd_gtls_write_datum32 (&packed_session->data[pos], |
458 | info->rsa_export.modulus); | 463 | info->rsa_export.modulus); |
459 | pos += 4 + info->rsa_export.modulus.size; | 464 | pos += 4 + info->rsa_export.modulus.size; |
460 | mhd_gtls_write_datum32 (&packed_session->data[pos], | 465 | mhd_gtls_write_datum32 (&packed_session->data[pos], |
461 | info->rsa_export.exponent); | 466 | info->rsa_export.exponent); |
462 | pos += 4 + info->rsa_export.exponent.size; | 467 | pos += 4 + info->rsa_export.exponent.size; |
463 | 468 | ||
464 | mhd_gtls_write_uint32 (info->ncerts, &packed_session->data[pos]); | 469 | mhd_gtls_write_uint32 (info->ncerts, &packed_session->data[pos]); |
@@ -467,7 +472,7 @@ pack_certificate_auth_info (mhd_gtls_session_t session, | |||
467 | for (i = 0; i < info->ncerts; i++) | 472 | for (i = 0; i < info->ncerts; i++) |
468 | { | 473 | { |
469 | mhd_gtls_write_datum32 (&packed_session->data[pos], | 474 | mhd_gtls_write_datum32 (&packed_session->data[pos], |
470 | info->raw_certificate_list[i]); | 475 | info->raw_certificate_list[i]); |
471 | pos += sizeof (uint32_t) + info->raw_certificate_list[i].size; | 476 | pos += sizeof (uint32_t) + info->raw_certificate_list[i].size; |
472 | } | 477 | } |
473 | } | 478 | } |
@@ -510,7 +515,7 @@ unpack_certificate_auth_info (mhd_gtls_session_t session, | |||
510 | */ | 515 | */ |
511 | ret = | 516 | ret = |
512 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, | 517 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, |
513 | sizeof (cert_auth_info_st), 1); | 518 | sizeof (cert_auth_info_st), 1); |
514 | if (ret < 0) | 519 | if (ret < 0) |
515 | { | 520 | { |
516 | gnutls_assert (); | 521 | gnutls_assert (); |
@@ -646,7 +651,8 @@ error: | |||
646 | * x bytes the SRP username | 651 | * x bytes the SRP username |
647 | */ | 652 | */ |
648 | static int | 653 | static int |
649 | pack_srp_auth_info (mhd_gtls_session_t session, gnutls_datum_t * packed_session) | 654 | pack_srp_auth_info (mhd_gtls_session_t session, |
655 | gnutls_datum_t * packed_session) | ||
650 | { | 656 | { |
651 | srp_server_auth_info_t info = mhd_gtls_get_auth_info (session); | 657 | srp_server_auth_info_t info = mhd_gtls_get_auth_info (session); |
652 | int pack_size; | 658 | int pack_size; |
@@ -709,7 +715,7 @@ unpack_srp_auth_info (mhd_gtls_session_t session, | |||
709 | 715 | ||
710 | ret = | 716 | ret = |
711 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_SRP, | 717 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_SRP, |
712 | sizeof (srp_server_auth_info_st), 1); | 718 | sizeof (srp_server_auth_info_st), 1); |
713 | if (ret < 0) | 719 | if (ret < 0) |
714 | { | 720 | { |
715 | gnutls_assert (); | 721 | gnutls_assert (); |
@@ -751,7 +757,8 @@ unpack_srp_auth_info (mhd_gtls_session_t session, | |||
751 | * x bytes the public key | 757 | * x bytes the public key |
752 | */ | 758 | */ |
753 | static int | 759 | static int |
754 | pack_psk_auth_info (mhd_gtls_session_t session, gnutls_datum_t * packed_session) | 760 | pack_psk_auth_info (mhd_gtls_session_t session, |
761 | gnutls_datum_t * packed_session) | ||
755 | { | 762 | { |
756 | psk_auth_info_t info; | 763 | psk_auth_info_t info; |
757 | int pack_size, username_size = 0, pos; | 764 | int pack_size, username_size = 0, pos; |
@@ -798,14 +805,16 @@ pack_psk_auth_info (mhd_gtls_session_t session, gnutls_datum_t * packed_session) | |||
798 | memcpy (&packed_session->data[pos], info->username, username_size); | 805 | memcpy (&packed_session->data[pos], info->username, username_size); |
799 | pos += username_size; | 806 | pos += username_size; |
800 | 807 | ||
801 | mhd_gtls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]); | 808 | mhd_gtls_write_uint16 (info->dh.secret_bits, |
809 | &packed_session->data[pos]); | ||
802 | pos += 2; | 810 | pos += 2; |
803 | 811 | ||
804 | mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime); | 812 | mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime); |
805 | pos += 4 + info->dh.prime.size; | 813 | pos += 4 + info->dh.prime.size; |
806 | mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator); | 814 | mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator); |
807 | pos += 4 + info->dh.generator.size; | 815 | pos += 4 + info->dh.generator.size; |
808 | mhd_gtls_write_datum32 (&packed_session->data[pos], info->dh.public_key); | 816 | mhd_gtls_write_datum32 (&packed_session->data[pos], |
817 | info->dh.public_key); | ||
809 | pos += 4 + info->dh.public_key.size; | 818 | pos += 4 + info->dh.public_key.size; |
810 | 819 | ||
811 | } | 820 | } |
@@ -847,7 +856,7 @@ unpack_psk_auth_info (mhd_gtls_session_t session, | |||
847 | */ | 856 | */ |
848 | ret = | 857 | ret = |
849 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_PSK, | 858 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_PSK, |
850 | sizeof (psk_auth_info_st), 1); | 859 | sizeof (psk_auth_info_st), 1); |
851 | if (ret < 0) | 860 | if (ret < 0) |
852 | { | 861 | { |
853 | gnutls_assert (); | 862 | gnutls_assert (); |
@@ -1016,16 +1025,16 @@ pack_security_parameters (mhd_gtls_session_t session, | |||
1016 | pos += session->security_parameters.session_id_size; | 1025 | pos += session->security_parameters.session_id_size; |
1017 | 1026 | ||
1018 | mhd_gtls_write_uint32 (session->security_parameters.timestamp, | 1027 | mhd_gtls_write_uint32 (session->security_parameters.timestamp, |
1019 | &packed_session->data[pos]); | 1028 | &packed_session->data[pos]); |
1020 | pos += 4; | 1029 | pos += 4; |
1021 | 1030 | ||
1022 | /* Extensions */ | 1031 | /* Extensions */ |
1023 | mhd_gtls_write_uint16 (session->security_parameters.max_record_send_size, | 1032 | mhd_gtls_write_uint16 (session->security_parameters.max_record_send_size, |
1024 | &packed_session->data[pos]); | 1033 | &packed_session->data[pos]); |
1025 | pos += 2; | 1034 | pos += 2; |
1026 | 1035 | ||
1027 | mhd_gtls_write_uint16 (session->security_parameters.max_record_recv_size, | 1036 | mhd_gtls_write_uint16 (session->security_parameters.max_record_recv_size, |
1028 | &packed_session->data[pos]); | 1037 | &packed_session->data[pos]); |
1029 | pos += 2; | 1038 | pos += 2; |
1030 | 1039 | ||
1031 | /* SRP */ | 1040 | /* SRP */ |
@@ -1037,7 +1046,7 @@ pack_security_parameters (mhd_gtls_session_t session, | |||
1037 | pos += len; | 1046 | pos += len; |
1038 | 1047 | ||
1039 | mhd_gtls_write_uint16 (session->security_parameters.extensions. | 1048 | mhd_gtls_write_uint16 (session->security_parameters.extensions. |
1040 | server_names_size, &packed_session->data[pos]); | 1049 | server_names_size, &packed_session->data[pos]); |
1041 | pos += 2; | 1050 | pos += 2; |
1042 | 1051 | ||
1043 | for (i = 0; i < session->security_parameters.extensions.server_names_size; | 1052 | for (i = 0; i < session->security_parameters.extensions.server_names_size; |
@@ -1046,8 +1055,8 @@ pack_security_parameters (mhd_gtls_session_t session, | |||
1046 | packed_session->data[pos++] = | 1055 | packed_session->data[pos++] = |
1047 | session->security_parameters.extensions.server_names[i].type; | 1056 | session->security_parameters.extensions.server_names[i].type; |
1048 | mhd_gtls_write_uint16 (session->security_parameters.extensions. | 1057 | mhd_gtls_write_uint16 (session->security_parameters.extensions. |
1049 | server_names[i].name_length, | 1058 | server_names[i].name_length, |
1050 | &packed_session->data[pos]); | 1059 | &packed_session->data[pos]); |
1051 | pos += 2; | 1060 | pos += 2; |
1052 | 1061 | ||
1053 | memcpy (&packed_session->data[pos], | 1062 | memcpy (&packed_session->data[pos], |
diff --git a/src/daemon/https/tls/gnutls_session_pack.h b/src/daemon/https/tls/gnutls_session_pack.h index fa47f9e1..e93d9d28 100644 --- a/src/daemon/https/tls/gnutls_session_pack.h +++ b/src/daemon/https/tls/gnutls_session_pack.h | |||
@@ -23,6 +23,6 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | int mhd_gtls_session_pack (mhd_gtls_session_t session, | 25 | int mhd_gtls_session_pack (mhd_gtls_session_t session, |
26 | gnutls_datum_t * packed_session); | 26 | gnutls_datum_t * packed_session); |
27 | int mhd_gtls_session_unpack (mhd_gtls_session_t session, | 27 | int mhd_gtls_session_unpack (mhd_gtls_session_t session, |
28 | const gnutls_datum_t * packed_session); | 28 | const gnutls_datum_t * packed_session); |
diff --git a/src/daemon/https/tls/gnutls_sig.c b/src/daemon/https/tls/gnutls_sig.c index 235aa9d0..64d6c7d0 100644 --- a/src/daemon/https/tls/gnutls_sig.c +++ b/src/daemon/https/tls/gnutls_sig.c | |||
@@ -43,13 +43,13 @@ static int _gnutls_tls_sign (mhd_gtls_session_t session, | |||
43 | const gnutls_datum_t * hash_concat, | 43 | const gnutls_datum_t * hash_concat, |
44 | gnutls_datum_t * signature); | 44 | gnutls_datum_t * signature); |
45 | 45 | ||
46 | /* Generates a signature of all the previous sent packets in the | 46 | /* Generates a signature of all the previous sent packets in the |
47 | * handshake procedure. (20040227: now it works for SSL 3.0 as well) | 47 | * handshake procedure. (20040227: now it works for SSL 3.0 as well) |
48 | */ | 48 | */ |
49 | int | 49 | int |
50 | mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, | 50 | mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, |
51 | gnutls_cert * cert, | 51 | gnutls_cert * cert, |
52 | gnutls_privkey * pkey, gnutls_datum_t * signature) | 52 | gnutls_privkey * pkey, gnutls_datum_t * signature) |
53 | { | 53 | { |
54 | gnutls_datum_t dconcat; | 54 | gnutls_datum_t dconcat; |
55 | int ret; | 55 | int ret; |
@@ -75,8 +75,8 @@ mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, | |||
75 | } | 75 | } |
76 | 76 | ||
77 | mhd_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], | 77 | mhd_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], |
78 | session->security_parameters. | 78 | session->security_parameters. |
79 | master_secret, TLS_MASTER_SIZE); | 79 | master_secret, TLS_MASTER_SIZE); |
80 | } | 80 | } |
81 | else | 81 | else |
82 | mhd_gnutls_hash_deinit (td_sha, &concat[16]); | 82 | mhd_gnutls_hash_deinit (td_sha, &concat[16]); |
@@ -94,8 +94,8 @@ mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, | |||
94 | 94 | ||
95 | if (ver == MHD_GNUTLS_SSL3) | 95 | if (ver == MHD_GNUTLS_SSL3) |
96 | mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, | 96 | mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, |
97 | session->security_parameters. | 97 | session->security_parameters. |
98 | master_secret, TLS_MASTER_SIZE); | 98 | master_secret, TLS_MASTER_SIZE); |
99 | else | 99 | else |
100 | mhd_gnutls_hash_deinit (td_md5, concat); | 100 | mhd_gnutls_hash_deinit (td_md5, concat); |
101 | 101 | ||
@@ -120,9 +120,9 @@ mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, | |||
120 | */ | 120 | */ |
121 | int | 121 | int |
122 | mhd_gtls_tls_sign_params (mhd_gtls_session_t session, | 122 | mhd_gtls_tls_sign_params (mhd_gtls_session_t session, |
123 | gnutls_cert * cert, | 123 | gnutls_cert * cert, |
124 | gnutls_privkey * pkey, | 124 | gnutls_privkey * pkey, |
125 | gnutls_datum_t * params, gnutls_datum_t * signature) | 125 | gnutls_datum_t * params, gnutls_datum_t * signature) |
126 | { | 126 | { |
127 | gnutls_datum_t dconcat; | 127 | gnutls_datum_t dconcat; |
128 | int ret; | 128 | int ret; |
@@ -138,9 +138,9 @@ mhd_gtls_tls_sign_params (mhd_gtls_session_t session, | |||
138 | } | 138 | } |
139 | 139 | ||
140 | mhd_gnutls_hash (td_sha, session->security_parameters.client_random, | 140 | mhd_gnutls_hash (td_sha, session->security_parameters.client_random, |
141 | TLS_RANDOM_SIZE); | 141 | TLS_RANDOM_SIZE); |
142 | mhd_gnutls_hash (td_sha, session->security_parameters.server_random, | 142 | mhd_gnutls_hash (td_sha, session->security_parameters.server_random, |
143 | TLS_RANDOM_SIZE); | 143 | TLS_RANDOM_SIZE); |
144 | mhd_gnutls_hash (td_sha, params->data, params->size); | 144 | mhd_gnutls_hash (td_sha, params->data, params->size); |
145 | 145 | ||
146 | switch (cert->subject_pk_algorithm) | 146 | switch (cert->subject_pk_algorithm) |
@@ -156,9 +156,9 @@ mhd_gtls_tls_sign_params (mhd_gtls_session_t session, | |||
156 | } | 156 | } |
157 | 157 | ||
158 | mhd_gnutls_hash (td_md5, session->security_parameters.client_random, | 158 | mhd_gnutls_hash (td_md5, session->security_parameters.client_random, |
159 | TLS_RANDOM_SIZE); | 159 | TLS_RANDOM_SIZE); |
160 | mhd_gnutls_hash (td_md5, session->security_parameters.server_random, | 160 | mhd_gnutls_hash (td_md5, session->security_parameters.server_random, |
161 | TLS_RANDOM_SIZE); | 161 | TLS_RANDOM_SIZE); |
162 | mhd_gnutls_hash (td_md5, params->data, params->size); | 162 | mhd_gnutls_hash (td_md5, params->data, params->size); |
163 | 163 | ||
164 | mhd_gnutls_hash_deinit (td_md5, concat); | 164 | mhd_gnutls_hash_deinit (td_md5, concat); |
@@ -205,9 +205,9 @@ mhd_gtls_tls_sign_params (mhd_gtls_session_t session, | |||
205 | */ | 205 | */ |
206 | int | 206 | int |
207 | mhd_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, | 207 | mhd_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, |
208 | mpi_t * params, | 208 | mpi_t * params, |
209 | int params_size, | 209 | int params_size, |
210 | const gnutls_datum_t * data, gnutls_datum_t * signature) | 210 | const gnutls_datum_t * data, gnutls_datum_t * signature) |
211 | { | 211 | { |
212 | int ret; | 212 | int ret; |
213 | 213 | ||
@@ -217,7 +217,7 @@ mhd_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, | |||
217 | /* encrypt */ | 217 | /* encrypt */ |
218 | if ((ret = | 218 | if ((ret = |
219 | mhd_gtls_pkcs1_rsa_encrypt (signature, data, params, params_size, | 219 | mhd_gtls_pkcs1_rsa_encrypt (signature, data, params, params_size, |
220 | 1)) < 0) | 220 | 1)) < 0) |
221 | { | 221 | { |
222 | gnutls_assert (); | 222 | gnutls_assert (); |
223 | return ret; | 223 | return ret; |
@@ -270,7 +270,7 @@ _gnutls_tls_sign (mhd_gtls_session_t session, | |||
270 | } | 270 | } |
271 | 271 | ||
272 | return mhd_gtls_sign (pkey->pk_algorithm, pkey->params, pkey->params_size, | 272 | return mhd_gtls_sign (pkey->pk_algorithm, pkey->params, pkey->params_size, |
273 | hash_concat, signature); | 273 | hash_concat, signature); |
274 | } | 274 | } |
275 | 275 | ||
276 | static int | 276 | static int |
@@ -308,7 +308,7 @@ _gnutls_verify_sig (gnutls_cert * cert, | |||
308 | 308 | ||
309 | /* verify signature */ | 309 | /* verify signature */ |
310 | if ((ret = mhd_gtls_rsa_verify (&vdata, signature, cert->params, | 310 | if ((ret = mhd_gtls_rsa_verify (&vdata, signature, cert->params, |
311 | cert->params_size, 1)) < 0) | 311 | cert->params_size, 1)) < 0) |
312 | { | 312 | { |
313 | gnutls_assert (); | 313 | gnutls_assert (); |
314 | return ret; | 314 | return ret; |
@@ -324,11 +324,11 @@ _gnutls_verify_sig (gnutls_cert * cert, | |||
324 | } | 324 | } |
325 | 325 | ||
326 | /* Verifies a TLS signature (like the one in the client certificate | 326 | /* Verifies a TLS signature (like the one in the client certificate |
327 | * verify message). | 327 | * verify message). |
328 | */ | 328 | */ |
329 | int | 329 | int |
330 | mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session, | 330 | mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session, |
331 | gnutls_cert * cert, gnutls_datum_t * signature) | 331 | gnutls_cert * cert, gnutls_datum_t * signature) |
332 | { | 332 | { |
333 | int ret; | 333 | int ret; |
334 | opaque concat[36]; | 334 | opaque concat[36]; |
@@ -362,11 +362,11 @@ mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session, | |||
362 | } | 362 | } |
363 | 363 | ||
364 | mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, | 364 | mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, |
365 | session->security_parameters. | 365 | session->security_parameters. |
366 | master_secret, TLS_MASTER_SIZE); | 366 | master_secret, TLS_MASTER_SIZE); |
367 | mhd_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], | 367 | mhd_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], |
368 | session->security_parameters. | 368 | session->security_parameters. |
369 | master_secret, TLS_MASTER_SIZE); | 369 | master_secret, TLS_MASTER_SIZE); |
370 | } | 370 | } |
371 | else | 371 | else |
372 | { | 372 | { |
@@ -393,9 +393,9 @@ mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session, | |||
393 | */ | 393 | */ |
394 | int | 394 | int |
395 | mhd_gtls_verify_sig_params (mhd_gtls_session_t session, | 395 | mhd_gtls_verify_sig_params (mhd_gtls_session_t session, |
396 | gnutls_cert * cert, | 396 | gnutls_cert * cert, |
397 | const gnutls_datum_t * params, | 397 | const gnutls_datum_t * params, |
398 | gnutls_datum_t * signature) | 398 | gnutls_datum_t * signature) |
399 | { | 399 | { |
400 | gnutls_datum_t dconcat; | 400 | gnutls_datum_t dconcat; |
401 | int ret; | 401 | int ret; |
@@ -414,9 +414,9 @@ mhd_gtls_verify_sig_params (mhd_gtls_session_t session, | |||
414 | } | 414 | } |
415 | 415 | ||
416 | mhd_gnutls_hash (td_md5, session->security_parameters.client_random, | 416 | mhd_gnutls_hash (td_md5, session->security_parameters.client_random, |
417 | TLS_RANDOM_SIZE); | 417 | TLS_RANDOM_SIZE); |
418 | mhd_gnutls_hash (td_md5, session->security_parameters.server_random, | 418 | mhd_gnutls_hash (td_md5, session->security_parameters.server_random, |
419 | TLS_RANDOM_SIZE); | 419 | TLS_RANDOM_SIZE); |
420 | mhd_gnutls_hash (td_md5, params->data, params->size); | 420 | mhd_gnutls_hash (td_md5, params->data, params->size); |
421 | } | 421 | } |
422 | 422 | ||
@@ -430,9 +430,9 @@ mhd_gtls_verify_sig_params (mhd_gtls_session_t session, | |||
430 | } | 430 | } |
431 | 431 | ||
432 | mhd_gnutls_hash (td_sha, session->security_parameters.client_random, | 432 | mhd_gnutls_hash (td_sha, session->security_parameters.client_random, |
433 | TLS_RANDOM_SIZE); | 433 | TLS_RANDOM_SIZE); |
434 | mhd_gnutls_hash (td_sha, session->security_parameters.server_random, | 434 | mhd_gnutls_hash (td_sha, session->security_parameters.server_random, |
435 | TLS_RANDOM_SIZE); | 435 | TLS_RANDOM_SIZE); |
436 | mhd_gnutls_hash (td_sha, params->data, params->size); | 436 | mhd_gnutls_hash (td_sha, params->data, params->size); |
437 | 437 | ||
438 | if (ver < MHD_GNUTLS_TLS1_2) | 438 | if (ver < MHD_GNUTLS_TLS1_2) |
diff --git a/src/daemon/https/tls/gnutls_sig.h b/src/daemon/https/tls/gnutls_sig.h index edeb30f4..eaef5226 100644 --- a/src/daemon/https/tls/gnutls_sig.h +++ b/src/daemon/https/tls/gnutls_sig.h | |||
@@ -26,26 +26,27 @@ | |||
26 | # define GNUTLS_SIG_H | 26 | # define GNUTLS_SIG_H |
27 | 27 | ||
28 | int mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, | 28 | int mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, |
29 | gnutls_cert * cert, | 29 | gnutls_cert * cert, |
30 | gnutls_privkey * pkey, | 30 | gnutls_privkey * pkey, |
31 | gnutls_datum_t * signature); | 31 | gnutls_datum_t * signature); |
32 | 32 | ||
33 | int mhd_gtls_tls_sign_params (mhd_gtls_session_t session, | 33 | int mhd_gtls_tls_sign_params (mhd_gtls_session_t session, |
34 | gnutls_cert * cert, | 34 | gnutls_cert * cert, |
35 | gnutls_privkey * pkey, | 35 | gnutls_privkey * pkey, |
36 | gnutls_datum_t * params, | 36 | gnutls_datum_t * params, |
37 | gnutls_datum_t * signature); | 37 | gnutls_datum_t * signature); |
38 | 38 | ||
39 | int mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session, | 39 | int mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session, |
40 | gnutls_cert * cert, gnutls_datum_t * signature); | 40 | gnutls_cert * cert, |
41 | gnutls_datum_t * signature); | ||
41 | 42 | ||
42 | int mhd_gtls_verify_sig_params (mhd_gtls_session_t session, | 43 | int mhd_gtls_verify_sig_params (mhd_gtls_session_t session, |
43 | gnutls_cert * cert, | 44 | gnutls_cert * cert, |
44 | const gnutls_datum_t * params, | 45 | const gnutls_datum_t * params, |
45 | gnutls_datum_t * signature); | 46 | gnutls_datum_t * signature); |
46 | 47 | ||
47 | int mhd_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, | 48 | int mhd_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, |
48 | mpi_t * params, int params_size, | 49 | mpi_t * params, int params_size, |
49 | const gnutls_datum_t * data, gnutls_datum_t * signature); | 50 | const gnutls_datum_t * data, gnutls_datum_t * signature); |
50 | 51 | ||
51 | #endif | 52 | #endif |
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c index 799a3d65..d4a47d09 100644 --- a/src/daemon/https/tls/gnutls_state.c +++ b/src/daemon/https/tls/gnutls_state.c | |||
@@ -119,7 +119,8 @@ gnutls_compression_get (mhd_gtls_session_t session) | |||
119 | */ | 119 | */ |
120 | int | 120 | int |
121 | mhd_gtls_session_cert_type_supported (mhd_gtls_session_t session, | 121 | mhd_gtls_session_cert_type_supported (mhd_gtls_session_t session, |
122 | enum MHD_GNUTLS_CertificateType cert_type) | 122 | enum MHD_GNUTLS_CertificateType |
123 | cert_type) | ||
123 | { | 124 | { |
124 | unsigned i; | 125 | unsigned i; |
125 | unsigned cert_found = 0; | 126 | unsigned cert_found = 0; |
@@ -129,8 +130,8 @@ mhd_gtls_session_cert_type_supported (mhd_gtls_session_t session, | |||
129 | { | 130 | { |
130 | cred | 131 | cred |
131 | = (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key, | 132 | = (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key, |
132 | MHD_GNUTLS_CRD_CERTIFICATE, | 133 | MHD_GNUTLS_CRD_CERTIFICATE, |
133 | NULL); | 134 | NULL); |
134 | 135 | ||
135 | if (cred == NULL) | 136 | if (cred == NULL) |
136 | return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; | 137 | return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; |
@@ -234,7 +235,8 @@ mhd_gtls_handshake_internal_state_clear (mhd_gtls_session_t session) | |||
234 | 235 | ||
235 | /* TODO rm redundent pointer ref */ | 236 | /* TODO rm redundent pointer ref */ |
236 | int | 237 | int |
237 | MHD_gnutls_init (mhd_gtls_session_t * session, gnutls_connection_end_t con_end) | 238 | MHD_gnutls_init (mhd_gtls_session_t * session, |
239 | gnutls_connection_end_t con_end) | ||
238 | { | 240 | { |
239 | *session = gnutls_calloc (1, sizeof (struct MHD_gtls_session_int)); | 241 | *session = gnutls_calloc (1, sizeof (struct MHD_gtls_session_int)); |
240 | if (*session == NULL) | 242 | if (*session == NULL) |
@@ -284,10 +286,10 @@ MHD_gnutls_init (mhd_gtls_session_t * session, gnutls_connection_end_t con_end) | |||
284 | 286 | ||
285 | MHD_gnutls_dh_set_prime_bits ((*session), MIN_DH_BITS); | 287 | MHD_gnutls_dh_set_prime_bits ((*session), MIN_DH_BITS); |
286 | 288 | ||
287 | MHD_gnutls_transport_set_lowat ((*session), DEFAULT_LOWAT); /* the default for tcp */ | 289 | MHD_gnutls_transport_set_lowat ((*session), DEFAULT_LOWAT); /* the default for tcp */ |
288 | 290 | ||
289 | MHD_gnutls_handshake_set_max_packet_length ((*session), | 291 | MHD_gnutls_handshake_set_max_packet_length ((*session), |
290 | MAX_HANDSHAKE_PACKET_SIZE); | 292 | MAX_HANDSHAKE_PACKET_SIZE); |
291 | 293 | ||
292 | /* Allocate a minimum size for recv_data | 294 | /* Allocate a minimum size for recv_data |
293 | * This is allocated in order to avoid small messages, making | 295 | * This is allocated in order to avoid small messages, making |
@@ -369,10 +371,11 @@ MHD_gnutls_deinit (mhd_gtls_session_t session) | |||
369 | mhd_gnutls_cipher_deinit (session->connection_state.write_cipher_state); | 371 | mhd_gnutls_cipher_deinit (session->connection_state.write_cipher_state); |
370 | 372 | ||
371 | if (session->connection_state.read_compression_state != NULL) | 373 | if (session->connection_state.read_compression_state != NULL) |
372 | mhd_gtls_comp_deinit (session->connection_state.read_compression_state, 1); | 374 | mhd_gtls_comp_deinit (session->connection_state.read_compression_state, |
375 | 1); | ||
373 | if (session->connection_state.write_compression_state != NULL) | 376 | if (session->connection_state.write_compression_state != NULL) |
374 | mhd_gtls_comp_deinit (session->connection_state. | 377 | mhd_gtls_comp_deinit (session->connection_state.write_compression_state, |
375 | write_compression_state, 0); | 378 | 0); |
376 | 379 | ||
377 | _gnutls_free_datum (&session->cipher_specs.server_write_mac_secret); | 380 | _gnutls_free_datum (&session->cipher_specs.server_write_mac_secret); |
378 | _gnutls_free_datum (&session->cipher_specs.client_write_mac_secret); | 381 | _gnutls_free_datum (&session->cipher_specs.client_write_mac_secret); |
@@ -508,7 +511,7 @@ mhd_gtls_dh_set_secret_bits (mhd_gtls_session_t session, unsigned bits) | |||
508 | */ | 511 | */ |
509 | int | 512 | int |
510 | mhd_gtls_rsa_export_set_pubkey (mhd_gtls_session_t session, | 513 | mhd_gtls_rsa_export_set_pubkey (mhd_gtls_session_t session, |
511 | mpi_t exponent, mpi_t modulus) | 514 | mpi_t exponent, mpi_t modulus) |
512 | { | 515 | { |
513 | cert_auth_info_t info; | 516 | cert_auth_info_t info; |
514 | int ret; | 517 | int ret; |
@@ -609,7 +612,7 @@ mhd_gtls_dh_set_group (mhd_gtls_session_t session, mpi_t gen, mpi_t prime) | |||
609 | **/ | 612 | **/ |
610 | void | 613 | void |
611 | MHD_gnutls_certificate_send_x509_rdn_sequence (mhd_gtls_session_t session, | 614 | MHD_gnutls_certificate_send_x509_rdn_sequence (mhd_gtls_session_t session, |
612 | int status) | 615 | int status) |
613 | { | 616 | { |
614 | session->internals.ignore_rdn_sequence = status; | 617 | session->internals.ignore_rdn_sequence = status; |
615 | } | 618 | } |
@@ -650,7 +653,8 @@ _gnutls_record_set_default_version (mhd_gtls_session_t session, | |||
650 | * gnutls servers and clients may cause interoperability problems. | 653 | * gnutls servers and clients may cause interoperability problems. |
651 | **/ | 654 | **/ |
652 | void | 655 | void |
653 | MHD_gtls_handshake_set_private_extensions (mhd_gtls_session_t session, int allow) | 656 | MHD_gtls_handshake_set_private_extensions (mhd_gtls_session_t session, |
657 | int allow) | ||
654 | { | 658 | { |
655 | session->internals.enable_private = allow; | 659 | session->internals.enable_private = allow; |
656 | } | 660 | } |
@@ -778,11 +782,11 @@ _gnutls_xor (opaque * o1, opaque * o2, int length) | |||
778 | */ | 782 | */ |
779 | int | 783 | int |
780 | mhd_gtls_PRF (mhd_gtls_session_t session, | 784 | mhd_gtls_PRF (mhd_gtls_session_t session, |
781 | const opaque * secret, | 785 | const opaque * secret, |
782 | int secret_size, | 786 | int secret_size, |
783 | const char *label, | 787 | const char *label, |
784 | int label_size, | 788 | int label_size, |
785 | const opaque * seed, int seed_size, int total_bytes, void *ret) | 789 | const opaque * seed, int seed_size, int total_bytes, void *ret) |
786 | { | 790 | { |
787 | int l_s, s_seed_size; | 791 | int l_s, s_seed_size; |
788 | const opaque *s1, *s2; | 792 | const opaque *s1, *s2; |
@@ -889,15 +893,16 @@ mhd_gtls_PRF (mhd_gtls_session_t session, | |||
889 | **/ | 893 | **/ |
890 | int | 894 | int |
891 | MHD_gnutls_prf_raw (mhd_gtls_session_t session, | 895 | MHD_gnutls_prf_raw (mhd_gtls_session_t session, |
892 | size_t label_size, | 896 | size_t label_size, |
893 | const char *label, | 897 | const char *label, |
894 | size_t seed_size, const char *seed, size_t outsize, char *out) | 898 | size_t seed_size, const char *seed, size_t outsize, |
899 | char *out) | ||
895 | { | 900 | { |
896 | int ret; | 901 | int ret; |
897 | 902 | ||
898 | ret = mhd_gtls_PRF (session, session->security_parameters.master_secret, | 903 | ret = mhd_gtls_PRF (session, session->security_parameters.master_secret, |
899 | TLS_MASTER_SIZE, label, label_size, (opaque *) seed, | 904 | TLS_MASTER_SIZE, label, label_size, (opaque *) seed, |
900 | seed_size, outsize, out); | 905 | seed_size, outsize, out); |
901 | 906 | ||
902 | return ret; | 907 | return ret; |
903 | } | 908 | } |
@@ -933,10 +938,11 @@ MHD_gnutls_prf_raw (mhd_gtls_session_t session, | |||
933 | **/ | 938 | **/ |
934 | int | 939 | int |
935 | MHD_gnutls_prf (mhd_gtls_session_t session, | 940 | MHD_gnutls_prf (mhd_gtls_session_t session, |
936 | size_t label_size, | 941 | size_t label_size, |
937 | const char *label, | 942 | const char *label, |
938 | int server_random_first, | 943 | int server_random_first, |
939 | size_t extra_size, const char *extra, size_t outsize, char *out) | 944 | size_t extra_size, const char *extra, size_t outsize, |
945 | char *out) | ||
940 | { | 946 | { |
941 | int ret; | 947 | int ret; |
942 | opaque *seed; | 948 | opaque *seed; |
@@ -959,8 +965,8 @@ MHD_gnutls_prf (mhd_gtls_session_t session, | |||
959 | memcpy (seed + 2 * TLS_RANDOM_SIZE, extra, extra_size); | 965 | memcpy (seed + 2 * TLS_RANDOM_SIZE, extra, extra_size); |
960 | 966 | ||
961 | ret = mhd_gtls_PRF (session, session->security_parameters.master_secret, | 967 | ret = mhd_gtls_PRF (session, session->security_parameters.master_secret, |
962 | TLS_MASTER_SIZE, label, label_size, seed, seedsize, | 968 | TLS_MASTER_SIZE, label, label_size, seed, seedsize, |
963 | outsize, out); | 969 | outsize, out); |
964 | 970 | ||
965 | gnutls_free (seed); | 971 | gnutls_free (seed); |
966 | 972 | ||
@@ -1045,8 +1051,8 @@ MHD_gtls_session_is_resumed (mhd_gtls_session_t session) | |||
1045 | == session->internals.resumed_security_parameters.session_id_size | 1051 | == session->internals.resumed_security_parameters.session_id_size |
1046 | && memcmp (session->security_parameters.session_id, | 1052 | && memcmp (session->security_parameters.session_id, |
1047 | session->internals.resumed_security_parameters. | 1053 | session->internals.resumed_security_parameters. |
1048 | session_id, session->security_parameters.session_id_size) | 1054 | session_id, |
1049 | == 0) | 1055 | session->security_parameters.session_id_size) == 0) |
1050 | return 1; | 1056 | return 1; |
1051 | } | 1057 | } |
1052 | else | 1058 | else |
@@ -1073,7 +1079,7 @@ mhd_gtls_session_is_export (mhd_gtls_session_t session) | |||
1073 | 1079 | ||
1074 | cipher = | 1080 | cipher = |
1075 | mhd_gtls_cipher_suite_get_cipher_algo (&session->security_parameters. | 1081 | mhd_gtls_cipher_suite_get_cipher_algo (&session->security_parameters. |
1076 | current_cipher_suite); | 1082 | current_cipher_suite); |
1077 | 1083 | ||
1078 | if (mhd_gtls_cipher_get_export_flag (cipher) != 0) | 1084 | if (mhd_gtls_cipher_get_export_flag (cipher) != 0) |
1079 | return 1; | 1085 | return 1; |
@@ -1174,9 +1180,10 @@ _gnutls_rsa_pms_set_version (mhd_gtls_session_t session, | |||
1174 | * | 1180 | * |
1175 | **/ | 1181 | **/ |
1176 | void | 1182 | void |
1177 | MHD_gnutls_handshake_set_post_client_hello_function (mhd_gtls_session_t session, | 1183 | MHD_gnutls_handshake_set_post_client_hello_function (mhd_gtls_session_t |
1178 | gnutls_handshake_post_client_hello_func | 1184 | session, |
1179 | func) | 1185 | gnutls_handshake_post_client_hello_func |
1186 | func) | ||
1180 | { | 1187 | { |
1181 | session->internals.user_hello_func = func; | 1188 | session->internals.user_hello_func = func; |
1182 | } | 1189 | } |
diff --git a/src/daemon/https/tls/gnutls_state.h b/src/daemon/https/tls/gnutls_state.h index e9e06226..e5d1877a 100644 --- a/src/daemon/https/tls/gnutls_state.h +++ b/src/daemon/https/tls/gnutls_state.h | |||
@@ -28,10 +28,13 @@ | |||
28 | #include <gnutls_int.h> | 28 | #include <gnutls_int.h> |
29 | 29 | ||
30 | void _gnutls_session_cert_type_set (mhd_gtls_session_t session, | 30 | void _gnutls_session_cert_type_set (mhd_gtls_session_t session, |
31 | enum MHD_GNUTLS_CertificateType); | 31 | enum MHD_GNUTLS_CertificateType); |
32 | enum MHD_GNUTLS_KeyExchangeAlgorithm gnutls_kx_get (mhd_gtls_session_t session); | 32 | enum MHD_GNUTLS_KeyExchangeAlgorithm gnutls_kx_get (mhd_gtls_session_t |
33 | enum MHD_GNUTLS_CipherAlgorithm gnutls_cipher_get (mhd_gtls_session_t session); | 33 | session); |
34 | enum MHD_GNUTLS_CertificateType gnutls_certificate_type_get (mhd_gtls_session_t); | 34 | enum MHD_GNUTLS_CipherAlgorithm gnutls_cipher_get (mhd_gtls_session_t |
35 | session); | ||
36 | enum MHD_GNUTLS_CertificateType | ||
37 | gnutls_certificate_type_get (mhd_gtls_session_t); | ||
35 | 38 | ||
36 | #include <gnutls_auth_int.h> | 39 | #include <gnutls_auth_int.h> |
37 | 40 | ||
@@ -43,18 +46,19 @@ enum MHD_GNUTLS_CertificateType gnutls_certificate_type_get (mhd_gtls_session_t) | |||
43 | #endif | 46 | #endif |
44 | 47 | ||
45 | int mhd_gtls_session_cert_type_supported (mhd_gtls_session_t, | 48 | int mhd_gtls_session_cert_type_supported (mhd_gtls_session_t, |
46 | enum MHD_GNUTLS_CertificateType); | 49 | enum MHD_GNUTLS_CertificateType); |
47 | 50 | ||
48 | int mhd_gtls_dh_set_secret_bits (mhd_gtls_session_t session, unsigned bits); | 51 | int mhd_gtls_dh_set_secret_bits (mhd_gtls_session_t session, unsigned bits); |
49 | 52 | ||
50 | int mhd_gtls_dh_set_peer_public (mhd_gtls_session_t session, mpi_t public); | 53 | int mhd_gtls_dh_set_peer_public (mhd_gtls_session_t session, mpi_t public); |
51 | int mhd_gtls_dh_set_group (mhd_gtls_session_t session, mpi_t gen, mpi_t prime); | 54 | int mhd_gtls_dh_set_group (mhd_gtls_session_t session, mpi_t gen, |
55 | mpi_t prime); | ||
52 | 56 | ||
53 | int mhd_gtls_dh_get_allowed_prime_bits (mhd_gtls_session_t session); | 57 | int mhd_gtls_dh_get_allowed_prime_bits (mhd_gtls_session_t session); |
54 | void mhd_gtls_handshake_internal_state_clear (mhd_gtls_session_t); | 58 | void mhd_gtls_handshake_internal_state_clear (mhd_gtls_session_t); |
55 | 59 | ||
56 | int mhd_gtls_rsa_export_set_pubkey (mhd_gtls_session_t session, | 60 | int mhd_gtls_rsa_export_set_pubkey (mhd_gtls_session_t session, |
57 | mpi_t exponent, mpi_t modulus); | 61 | mpi_t exponent, mpi_t modulus); |
58 | 62 | ||
59 | int mhd_gtls_session_is_resumable (mhd_gtls_session_t session); | 63 | int mhd_gtls_session_is_resumable (mhd_gtls_session_t session); |
60 | int mhd_gtls_session_is_export (mhd_gtls_session_t session); | 64 | int mhd_gtls_session_is_export (mhd_gtls_session_t session); |
@@ -62,11 +66,12 @@ int mhd_gtls_session_is_export (mhd_gtls_session_t session); | |||
62 | int mhd_gtls_openpgp_send_fingerprint (mhd_gtls_session_t session); | 66 | int mhd_gtls_openpgp_send_fingerprint (mhd_gtls_session_t session); |
63 | 67 | ||
64 | int mhd_gtls_PRF (mhd_gtls_session_t session, | 68 | int mhd_gtls_PRF (mhd_gtls_session_t session, |
65 | const opaque * secret, int secret_size, | 69 | const opaque * secret, int secret_size, |
66 | const char *label, int label_size, | 70 | const char *label, int label_size, |
67 | const opaque * seed, int seed_size, | 71 | const opaque * seed, int seed_size, |
68 | int total_bytes, void *ret); | 72 | int total_bytes, void *ret); |
69 | 73 | ||
70 | int MHD_gnutls_init (mhd_gtls_session_t * session, gnutls_connection_end_t con_end); | 74 | int MHD_gnutls_init (mhd_gtls_session_t * session, |
75 | gnutls_connection_end_t con_end); | ||
71 | 76 | ||
72 | #define DEFAULT_CERT_TYPE MHD_GNUTLS_CRT_X509 | 77 | #define DEFAULT_CERT_TYPE MHD_GNUTLS_CRT_X509 |
diff --git a/src/daemon/https/tls/gnutls_str.c b/src/daemon/https/tls/gnutls_str.c index 0a2a656a..22f949d6 100644 --- a/src/daemon/https/tls/gnutls_str.c +++ b/src/daemon/https/tls/gnutls_str.c | |||
@@ -74,7 +74,7 @@ mhd_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src) | |||
74 | 74 | ||
75 | void | 75 | void |
76 | mhd_gtls_mem_cpy (char *dest, | 76 | mhd_gtls_mem_cpy (char *dest, |
77 | size_t dest_tot_size, const char *src, size_t src_size) | 77 | size_t dest_tot_size, const char *src, size_t src_size) |
78 | { | 78 | { |
79 | 79 | ||
80 | if (dest_tot_size >= src_size) | 80 | if (dest_tot_size >= src_size) |
@@ -92,9 +92,9 @@ mhd_gtls_mem_cpy (char *dest, | |||
92 | 92 | ||
93 | void | 93 | void |
94 | mhd_gtls_string_init (mhd_gtls_string * str, | 94 | mhd_gtls_string_init (mhd_gtls_string * str, |
95 | gnutls_alloc_function alloc_func, | 95 | gnutls_alloc_function alloc_func, |
96 | gnutls_realloc_function realloc_func, | 96 | gnutls_realloc_function realloc_func, |
97 | gnutls_free_function free_func) | 97 | gnutls_free_function free_func) |
98 | { | 98 | { |
99 | str->data = NULL; | 99 | str->data = NULL; |
100 | str->max_length = 0; | 100 | str->max_length = 0; |
@@ -197,7 +197,7 @@ mhd_gtls_string_append_str (mhd_gtls_string * dest, const char *src) | |||
197 | 197 | ||
198 | int | 198 | int |
199 | mhd_gtls_string_append_data (mhd_gtls_string * dest, | 199 | mhd_gtls_string_append_data (mhd_gtls_string * dest, |
200 | const void *data, size_t data_size) | 200 | const void *data, size_t data_size) |
201 | { | 201 | { |
202 | size_t tot_len = data_size + dest->length; | 202 | size_t tot_len = data_size + dest->length; |
203 | 203 | ||
@@ -256,7 +256,7 @@ mhd_gtls_string_append_printf (mhd_gtls_string * dest, const char *fmt, ...) | |||
256 | */ | 256 | */ |
257 | char * | 257 | char * |
258 | mhd_gtls_bin2hex (const void *_old, | 258 | mhd_gtls_bin2hex (const void *_old, |
259 | size_t oldlen, char *buffer, size_t buffer_size) | 259 | size_t oldlen, char *buffer, size_t buffer_size) |
260 | { | 260 | { |
261 | unsigned int i, j; | 261 | unsigned int i, j; |
262 | const opaque *old = _old; | 262 | const opaque *old = _old; |
@@ -275,7 +275,7 @@ mhd_gtls_bin2hex (const void *_old, | |||
275 | */ | 275 | */ |
276 | int | 276 | int |
277 | mhd_gtls_hex2bin (const opaque * hex_data, | 277 | mhd_gtls_hex2bin (const opaque * hex_data, |
278 | int hex_size, opaque * bin_data, size_t * bin_size) | 278 | int hex_size, opaque * bin_data, size_t * bin_size) |
279 | { | 279 | { |
280 | int i, j; | 280 | int i, j; |
281 | opaque hex2_data[3]; | 281 | opaque hex2_data[3]; |
diff --git a/src/daemon/https/tls/gnutls_str.h b/src/daemon/https/tls/gnutls_str.h index 84ff8eb5..45ad33ae 100644 --- a/src/daemon/https/tls/gnutls_str.h +++ b/src/daemon/https/tls/gnutls_str.h | |||
@@ -29,12 +29,12 @@ | |||
29 | 29 | ||
30 | void mhd_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src); | 30 | void mhd_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src); |
31 | void mhd_gtls_mem_cpy (char *dest, size_t dest_tot_size, const char *src, | 31 | void mhd_gtls_mem_cpy (char *dest, size_t dest_tot_size, const char *src, |
32 | size_t src_size); | 32 | size_t src_size); |
33 | void mhd_gtls_str_cat (char *dest, size_t dest_tot_size, const char *src); | 33 | void mhd_gtls_str_cat (char *dest, size_t dest_tot_size, const char *src); |
34 | 34 | ||
35 | typedef struct | 35 | typedef struct |
36 | { | 36 | { |
37 | opaque * data; | 37 | opaque *data; |
38 | size_t max_length; | 38 | size_t max_length; |
39 | size_t length; | 39 | size_t length; |
40 | gnutls_realloc_function realloc_func; | 40 | gnutls_realloc_function realloc_func; |
@@ -43,7 +43,7 @@ typedef struct | |||
43 | } mhd_gtls_string; | 43 | } mhd_gtls_string; |
44 | 44 | ||
45 | void mhd_gtls_string_init (mhd_gtls_string *, gnutls_alloc_function, | 45 | void mhd_gtls_string_init (mhd_gtls_string *, gnutls_alloc_function, |
46 | gnutls_realloc_function, gnutls_free_function); | 46 | gnutls_realloc_function, gnutls_free_function); |
47 | void mhd_gtls_string_clear (mhd_gtls_string *); | 47 | void mhd_gtls_string_clear (mhd_gtls_string *); |
48 | 48 | ||
49 | /* Beware, do not clear the string, after calling this | 49 | /* Beware, do not clear the string, after calling this |
@@ -54,12 +54,13 @@ gnutls_datum_t mhd_gtls_string2datum (mhd_gtls_string * str); | |||
54 | int mhd_gtls_string_copy_str (mhd_gtls_string * dest, const char *src); | 54 | int mhd_gtls_string_copy_str (mhd_gtls_string * dest, const char *src); |
55 | int mhd_gtls_string_append_str (mhd_gtls_string *, const char *str); | 55 | int mhd_gtls_string_append_str (mhd_gtls_string *, const char *str); |
56 | int mhd_gtls_string_append_data (mhd_gtls_string *, const void *data, | 56 | int mhd_gtls_string_append_data (mhd_gtls_string *, const void *data, |
57 | size_t data_size); | 57 | size_t data_size); |
58 | int mhd_gtls_string_append_printf (mhd_gtls_string * dest, const char *fmt, ...); | 58 | int mhd_gtls_string_append_printf (mhd_gtls_string * dest, const char *fmt, |
59 | ...); | ||
59 | 60 | ||
60 | char * mhd_gtls_bin2hex (const void *old, size_t oldlen, char *buffer, | 61 | char *mhd_gtls_bin2hex (const void *old, size_t oldlen, char *buffer, |
61 | size_t buffer_size); | 62 | size_t buffer_size); |
62 | int mhd_gtls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data, | 63 | int mhd_gtls_hex2bin (const opaque * hex_data, int hex_size, |
63 | size_t * bin_size); | 64 | opaque * bin_data, size_t * bin_size); |
64 | 65 | ||
65 | #endif | 66 | #endif |
diff --git a/src/daemon/https/tls/gnutls_supplemental.c b/src/daemon/https/tls/gnutls_supplemental.c index 1a5fcd6f..997da8a1 100644 --- a/src/daemon/https/tls/gnutls_supplemental.c +++ b/src/daemon/https/tls/gnutls_supplemental.c | |||
@@ -52,7 +52,8 @@ | |||
52 | 52 | ||
53 | typedef int (*supp_recv_func) (mhd_gtls_session_t session, | 53 | typedef int (*supp_recv_func) (mhd_gtls_session_t session, |
54 | const opaque * data, size_t data_size); | 54 | const opaque * data, size_t data_size); |
55 | typedef int (*supp_send_func) (mhd_gtls_session_t session, mhd_gtls_buffer * buf); | 55 | typedef int (*supp_send_func) (mhd_gtls_session_t session, |
56 | mhd_gtls_buffer * buf); | ||
56 | 57 | ||
57 | typedef struct | 58 | typedef struct |
58 | { | 59 | { |
diff --git a/src/daemon/https/tls/gnutls_supplemental.h b/src/daemon/https/tls/gnutls_supplemental.h index 3f8d9217..eaccfe74 100644 --- a/src/daemon/https/tls/gnutls_supplemental.h +++ b/src/daemon/https/tls/gnutls_supplemental.h | |||
@@ -25,7 +25,6 @@ | |||
25 | #include <gnutls_int.h> | 25 | #include <gnutls_int.h> |
26 | 26 | ||
27 | int _gnutls_parse_supplemental (mhd_gtls_session_t session, | 27 | int _gnutls_parse_supplemental (mhd_gtls_session_t session, |
28 | const uint8_t *data, | 28 | const uint8_t * data, int data_size); |
29 | int data_size); | ||
30 | int _gnutls_gen_supplemental (mhd_gtls_session_t session, | 29 | int _gnutls_gen_supplemental (mhd_gtls_session_t session, |
31 | mhd_gtls_buffer *buf); | 30 | mhd_gtls_buffer * buf); |
diff --git a/src/daemon/https/tls/gnutls_ui.c b/src/daemon/https/tls/gnutls_ui.c index c894f0ad..b211a175 100644 --- a/src/daemon/https/tls/gnutls_ui.c +++ b/src/daemon/https/tls/gnutls_ui.c | |||
@@ -41,13 +41,13 @@ | |||
41 | * @session: is a #mhd_gtls_session_t structure. | 41 | * @session: is a #mhd_gtls_session_t structure. |
42 | * @bits: is the number of bits | 42 | * @bits: is the number of bits |
43 | * | 43 | * |
44 | * This function sets the number of bits, for use in an | 44 | * This function sets the number of bits, for use in an |
45 | * Diffie Hellman key exchange. This is used both in DH ephemeral and | 45 | * Diffie Hellman key exchange. This is used both in DH ephemeral and |
46 | * DH anonymous cipher suites. This will set the | 46 | * DH anonymous cipher suites. This will set the |
47 | * minimum size of the prime that will be used for the handshake. | 47 | * minimum size of the prime that will be used for the handshake. |
48 | * | 48 | * |
49 | * In the client side it sets the minimum accepted number of bits. | 49 | * In the client side it sets the minimum accepted number of bits. |
50 | * If a server sends a prime with less bits than that | 50 | * If a server sends a prime with less bits than that |
51 | * GNUTLS_E_DH_PRIME_UNACCEPTABLE will be returned by the | 51 | * GNUTLS_E_DH_PRIME_UNACCEPTABLE will be returned by the |
52 | * handshake. | 52 | * handshake. |
53 | * | 53 | * |
@@ -64,7 +64,7 @@ MHD_gnutls_dh_set_prime_bits (mhd_gtls_session_t session, unsigned int bits) | |||
64 | * @raw_gen: will hold the generator. | 64 | * @raw_gen: will hold the generator. |
65 | * @raw_prime: will hold the prime. | 65 | * @raw_prime: will hold the prime. |
66 | * | 66 | * |
67 | * This function will return the group parameters used in the last Diffie Hellman | 67 | * This function will return the group parameters used in the last Diffie Hellman |
68 | * authentication with the peer. These are the prime and the generator used. | 68 | * authentication with the peer. These are the prime and the generator used. |
69 | * This function should be used for both anonymous and ephemeral diffie Hellman. | 69 | * This function should be used for both anonymous and ephemeral diffie Hellman. |
70 | * The output parameters must be freed with gnutls_free(). | 70 | * The output parameters must be freed with gnutls_free(). |
@@ -74,7 +74,7 @@ MHD_gnutls_dh_set_prime_bits (mhd_gtls_session_t session, unsigned int bits) | |||
74 | **/ | 74 | **/ |
75 | int | 75 | int |
76 | MHD_gnutls_dh_get_group (mhd_gtls_session_t session, | 76 | MHD_gnutls_dh_get_group (mhd_gtls_session_t session, |
77 | gnutls_datum_t * raw_gen, gnutls_datum_t * raw_prime) | 77 | gnutls_datum_t * raw_gen, gnutls_datum_t * raw_prime) |
78 | { | 78 | { |
79 | mhd_gtls_dh_info_st *dh; | 79 | mhd_gtls_dh_info_st *dh; |
80 | int ret; | 80 | int ret; |
@@ -131,7 +131,8 @@ MHD_gnutls_dh_get_group (mhd_gtls_session_t session, | |||
131 | * | 131 | * |
132 | **/ | 132 | **/ |
133 | int | 133 | int |
134 | MHD_gnutls_dh_get_pubkey (mhd_gtls_session_t session, gnutls_datum_t * raw_key) | 134 | MHD_gnutls_dh_get_pubkey (mhd_gtls_session_t session, |
135 | gnutls_datum_t * raw_key) | ||
135 | { | 136 | { |
136 | mhd_gtls_dh_info_st *dh; | 137 | mhd_gtls_dh_info_st *dh; |
137 | mhd_anon_auth_info_t anon_info; | 138 | mhd_anon_auth_info_t anon_info; |
@@ -189,8 +190,8 @@ MHD_gnutls_dh_get_pubkey (mhd_gtls_session_t session, gnutls_datum_t * raw_key) | |||
189 | **/ | 190 | **/ |
190 | int | 191 | int |
191 | MHD_gtls_rsa_export_get_pubkey (mhd_gtls_session_t session, | 192 | MHD_gtls_rsa_export_get_pubkey (mhd_gtls_session_t session, |
192 | gnutls_datum_t * exponent, | 193 | gnutls_datum_t * exponent, |
193 | gnutls_datum_t * modulus) | 194 | gnutls_datum_t * modulus) |
194 | { | 195 | { |
195 | cert_auth_info_t info; | 196 | cert_auth_info_t info; |
196 | int ret; | 197 | int ret; |
@@ -314,7 +315,7 @@ MHD_gnutls_dh_get_prime_bits (mhd_gtls_session_t session) | |||
314 | * @session: is a gnutls session | 315 | * @session: is a gnutls session |
315 | * | 316 | * |
316 | * This function will return the bits used in the last RSA-EXPORT key exchange | 317 | * This function will return the bits used in the last RSA-EXPORT key exchange |
317 | * with the peer. | 318 | * with the peer. |
318 | * Returns a negative value in case of an error. | 319 | * Returns a negative value in case of an error. |
319 | * | 320 | * |
320 | **/ | 321 | **/ |
@@ -384,7 +385,7 @@ MHD_gnutls_dh_get_peers_public_bits (mhd_gtls_session_t session) | |||
384 | * @session: is a gnutls session | 385 | * @session: is a gnutls session |
385 | * | 386 | * |
386 | * This function will return the certificate as sent to the peer, | 387 | * This function will return the certificate as sent to the peer, |
387 | * in the last handshake. These certificates are in raw format. | 388 | * in the last handshake. These certificates are in raw format. |
388 | * In X.509 this is a certificate list. In OpenPGP this is a single | 389 | * In X.509 this is a certificate list. In OpenPGP this is a single |
389 | * certificate. | 390 | * certificate. |
390 | * Returns NULL in case of an error, or if no certificate was used. | 391 | * Returns NULL in case of an error, or if no certificate was used. |
@@ -399,8 +400,8 @@ MHD_gtls_certificate_get_ours (mhd_gtls_session_t session) | |||
399 | 400 | ||
400 | cred | 401 | cred |
401 | = (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key, | 402 | = (mhd_gtls_cert_credentials_t) mhd_gtls_get_cred (session->key, |
402 | MHD_GNUTLS_CRD_CERTIFICATE, | 403 | MHD_GNUTLS_CRD_CERTIFICATE, |
403 | NULL); | 404 | NULL); |
404 | if (cred == NULL || cred->cert_list == NULL) | 405 | if (cred == NULL || cred->cert_list == NULL) |
405 | { | 406 | { |
406 | gnutls_assert (); | 407 | gnutls_assert (); |
@@ -418,9 +419,9 @@ MHD_gtls_certificate_get_ours (mhd_gtls_session_t session) | |||
418 | * @session: is a gnutls session | 419 | * @session: is a gnutls session |
419 | * @list_size: is the length of the certificate list | 420 | * @list_size: is the length of the certificate list |
420 | * | 421 | * |
421 | * This function will return the peer's raw certificate (chain) as | 422 | * This function will return the peer's raw certificate (chain) as |
422 | * sent by the peer. These certificates are in raw format (DER encoded | 423 | * sent by the peer. These certificates are in raw format (DER encoded |
423 | * for X.509). In case of a X.509 then a certificate list may be present. | 424 | * for X.509). In case of a X.509 then a certificate list may be present. |
424 | * The first certificate in the list is the peer's certificate, | 425 | * The first certificate in the list is the peer's certificate, |
425 | * following the issuer's certificate, then the issuer's issuer etc. | 426 | * following the issuer's certificate, then the issuer's issuer etc. |
426 | * | 427 | * |
@@ -432,7 +433,7 @@ MHD_gtls_certificate_get_ours (mhd_gtls_session_t session) | |||
432 | **/ | 433 | **/ |
433 | const gnutls_datum_t * | 434 | const gnutls_datum_t * |
434 | MHD_gtls_certificate_get_peers (mhd_gtls_session_t | 435 | MHD_gtls_certificate_get_peers (mhd_gtls_session_t |
435 | session, unsigned int *list_size) | 436 | session, unsigned int *list_size) |
436 | { | 437 | { |
437 | cert_auth_info_t info; | 438 | cert_auth_info_t info; |
438 | 439 | ||
@@ -472,7 +473,7 @@ MHD_gtls_certificate_client_get_request_status (mhd_gtls_session_t session) | |||
472 | * MHD_gnutls_fingerprint - This function calculates the fingerprint of the given data | 473 | * MHD_gnutls_fingerprint - This function calculates the fingerprint of the given data |
473 | * @algo: is a digest algorithm | 474 | * @algo: is a digest algorithm |
474 | * @data: is the data | 475 | * @data: is the data |
475 | * @result: is the place where the result will be copied (may be null). | 476 | * @result: is the place where the result will be copied (may be null). |
476 | * @result_size: should hold the size of the result. The actual size | 477 | * @result_size: should hold the size of the result. The actual size |
477 | * of the returned result will also be copied there. | 478 | * of the returned result will also be copied there. |
478 | * | 479 | * |
@@ -480,8 +481,8 @@ MHD_gtls_certificate_client_get_request_status (mhd_gtls_session_t session) | |||
480 | * given data. The result is not printable data. You should convert it | 481 | * given data. The result is not printable data. You should convert it |
481 | * to hex, or to something else printable. | 482 | * to hex, or to something else printable. |
482 | * | 483 | * |
483 | * This is the usual way to calculate a fingerprint of an X.509 | 484 | * This is the usual way to calculate a fingerprint of an X.509 |
484 | * DER encoded certificate. Note however that the fingerprint | 485 | * DER encoded certificate. Note however that the fingerprint |
485 | * of an OpenPGP is not just a hash and cannot be calculated with | 486 | * of an OpenPGP is not just a hash and cannot be calculated with |
486 | * this function. | 487 | * this function. |
487 | * | 488 | * |
@@ -490,8 +491,8 @@ MHD_gtls_certificate_client_get_request_status (mhd_gtls_session_t session) | |||
490 | **/ | 491 | **/ |
491 | int | 492 | int |
492 | MHD_gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo, | 493 | MHD_gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo, |
493 | const gnutls_datum_t * data, | 494 | const gnutls_datum_t * data, |
494 | void *result, size_t * result_size) | 495 | void *result, size_t * result_size) |
495 | { | 496 | { |
496 | GNUTLS_HASH_HANDLE td; | 497 | GNUTLS_HASH_HANDLE td; |
497 | int hash_len = mhd_gnutls_hash_get_algo_len (HASH2MAC (algo)); | 498 | int hash_len = mhd_gnutls_hash_get_algo_len (HASH2MAC (algo)); |
@@ -532,7 +533,7 @@ MHD_gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo, | |||
532 | **/ | 533 | **/ |
533 | void | 534 | void |
534 | MHD_gnutls_certificate_set_dh_params (mhd_gtls_cert_credentials_t res, | 535 | MHD_gnutls_certificate_set_dh_params (mhd_gtls_cert_credentials_t res, |
535 | mhd_gtls_dh_params_t dh_params) | 536 | mhd_gtls_dh_params_t dh_params) |
536 | { | 537 | { |
537 | res->dh_params = dh_params; | 538 | res->dh_params = dh_params; |
538 | } | 539 | } |
@@ -542,7 +543,7 @@ MHD_gnutls_certificate_set_dh_params (mhd_gtls_cert_credentials_t res, | |||
542 | * @res: is a mhd_gtls_cert_credentials_t structure | 543 | * @res: is a mhd_gtls_cert_credentials_t structure |
543 | * @func: is the function to be called | 544 | * @func: is the function to be called |
544 | * | 545 | * |
545 | * This function will set a callback in order for the server to get the | 546 | * This function will set a callback in order for the server to get the |
546 | * diffie hellman or RSA parameters for certificate authentication. The callback | 547 | * diffie hellman or RSA parameters for certificate authentication. The callback |
547 | * should return zero on success. | 548 | * should return zero on success. |
548 | * | 549 | * |
@@ -566,7 +567,7 @@ gnutls_certificate_set_params_function (mhd_gtls_cert_credentials_t res, | |||
566 | **/ | 567 | **/ |
567 | void | 568 | void |
568 | MHD_gnutls_certificate_set_verify_flags (mhd_gtls_cert_credentials_t | 569 | MHD_gnutls_certificate_set_verify_flags (mhd_gtls_cert_credentials_t |
569 | res, unsigned int flags) | 570 | res, unsigned int flags) |
570 | { | 571 | { |
571 | res->verify_flags = flags; | 572 | res->verify_flags = flags; |
572 | } | 573 | } |
@@ -584,9 +585,9 @@ MHD_gnutls_certificate_set_verify_flags (mhd_gtls_cert_credentials_t | |||
584 | **/ | 585 | **/ |
585 | void | 586 | void |
586 | MHD_gnutls_certificate_set_verify_limits (mhd_gtls_cert_credentials_t | 587 | MHD_gnutls_certificate_set_verify_limits (mhd_gtls_cert_credentials_t |
587 | res, | 588 | res, |
588 | unsigned int max_bits, | 589 | unsigned int max_bits, |
589 | unsigned int max_depth) | 590 | unsigned int max_depth) |
590 | { | 591 | { |
591 | res->verify_depth = max_depth; | 592 | res->verify_depth = max_depth; |
592 | res->verify_bits = max_bits; | 593 | res->verify_bits = max_bits; |
@@ -604,7 +605,9 @@ MHD_gnutls_certificate_set_verify_limits (mhd_gtls_cert_credentials_t | |||
604 | **/ | 605 | **/ |
605 | void | 606 | void |
606 | MHD_gnutls_certificate_set_rsa_export_params (mhd_gtls_cert_credentials_t | 607 | MHD_gnutls_certificate_set_rsa_export_params (mhd_gtls_cert_credentials_t |
607 | res, mhd_gtls_rsa_params_t rsa_params) | 608 | res, |
609 | mhd_gtls_rsa_params_t | ||
610 | rsa_params) | ||
608 | { | 611 | { |
609 | res->rsa_params = rsa_params; | 612 | res->rsa_params = rsa_params; |
610 | } | 613 | } |
@@ -614,7 +617,7 @@ MHD_gnutls_certificate_set_rsa_export_params (mhd_gtls_cert_credentials_t | |||
614 | * @res: is a mhd_gtls_anon_server_credentials_t structure | 617 | * @res: is a mhd_gtls_anon_server_credentials_t structure |
615 | * @func: is the function to be called | 618 | * @func: is the function to be called |
616 | * | 619 | * |
617 | * This function will set a callback in order for the server to get the | 620 | * This function will set a callback in order for the server to get the |
618 | * diffie hellman or RSA parameters for anonymous authentication. The callback | 621 | * diffie hellman or RSA parameters for anonymous authentication. The callback |
619 | * should return zero on success. | 622 | * should return zero on success. |
620 | * | 623 | * |
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c index ad0764f4..3db59b06 100644 --- a/src/daemon/https/tls/gnutls_x509.c +++ b/src/daemon/https/tls/gnutls_x509.c | |||
@@ -223,8 +223,7 @@ _gnutls_check_key_cert_match (mhd_gtls_cert_credentials_t res) | |||
223 | 1].params_size, &kid); | 223 | 1].params_size, &kid); |
224 | 224 | ||
225 | 225 | ||
226 | _gnutls_x509_write_rsa_params (res->cert_list[res->ncerts - 1][0]. | 226 | _gnutls_x509_write_rsa_params (res->cert_list[res->ncerts - 1][0].params, |
227 | params, | ||
228 | res->cert_list[res->ncerts - | 227 | res->cert_list[res->ncerts - |
229 | 1][0].params_size, &cid); | 228 | 1][0].params_size, &cid); |
230 | 229 | ||
@@ -264,7 +263,7 @@ parse_crt_mem (gnutls_cert ** cert_list, unsigned *ncerts, | |||
264 | 263 | ||
265 | *cert_list = | 264 | *cert_list = |
266 | (gnutls_cert *) mhd_gtls_realloc_fast (*cert_list, | 265 | (gnutls_cert *) mhd_gtls_realloc_fast (*cert_list, |
267 | i * sizeof (gnutls_cert)); | 266 | i * sizeof (gnutls_cert)); |
268 | 267 | ||
269 | if (*cert_list == NULL) | 268 | if (*cert_list == NULL) |
270 | { | 269 | { |
@@ -409,7 +408,7 @@ parse_pkcs7_cert_mem (gnutls_cert ** cert_list, unsigned *ncerts, const | |||
409 | { | 408 | { |
410 | *cert_list = | 409 | *cert_list = |
411 | (gnutls_cert *) mhd_gtls_realloc_fast (*cert_list, | 410 | (gnutls_cert *) mhd_gtls_realloc_fast (*cert_list, |
412 | i * sizeof (gnutls_cert)); | 411 | i * sizeof (gnutls_cert)); |
413 | 412 | ||
414 | if (*cert_list == NULL) | 413 | if (*cert_list == NULL) |
415 | { | 414 | { |
@@ -503,7 +502,7 @@ parse_pem_cert_mem (gnutls_cert ** cert_list, unsigned *ncerts, | |||
503 | 502 | ||
504 | *cert_list = | 503 | *cert_list = |
505 | (gnutls_cert *) mhd_gtls_realloc_fast (*cert_list, | 504 | (gnutls_cert *) mhd_gtls_realloc_fast (*cert_list, |
506 | i * sizeof (gnutls_cert)); | 505 | i * sizeof (gnutls_cert)); |
507 | 506 | ||
508 | if (*cert_list == NULL) | 507 | if (*cert_list == NULL) |
509 | { | 508 | { |
@@ -567,9 +566,9 @@ read_cert_mem (mhd_gtls_cert_credentials_t res, const void *cert, | |||
567 | /* allocate space for the certificate to add | 566 | /* allocate space for the certificate to add |
568 | */ | 567 | */ |
569 | res->cert_list = mhd_gtls_realloc_fast (res->cert_list, | 568 | res->cert_list = mhd_gtls_realloc_fast (res->cert_list, |
570 | (1 + | 569 | (1 + |
571 | res->ncerts) * | 570 | res->ncerts) * |
572 | sizeof (gnutls_cert *)); | 571 | sizeof (gnutls_cert *)); |
573 | if (res->cert_list == NULL) | 572 | if (res->cert_list == NULL) |
574 | { | 573 | { |
575 | gnutls_assert (); | 574 | gnutls_assert (); |
@@ -577,8 +576,9 @@ read_cert_mem (mhd_gtls_cert_credentials_t res, const void *cert, | |||
577 | } | 576 | } |
578 | 577 | ||
579 | res->cert_list_length = mhd_gtls_realloc_fast (res->cert_list_length, | 578 | res->cert_list_length = mhd_gtls_realloc_fast (res->cert_list_length, |
580 | (1 + | 579 | (1 + |
581 | res->ncerts) * sizeof (int)); | 580 | res->ncerts) * |
581 | sizeof (int)); | ||
582 | if (res->cert_list_length == NULL) | 582 | if (res->cert_list_length == NULL) |
583 | { | 583 | { |
584 | gnutls_assert (); | 584 | gnutls_assert (); |
@@ -712,7 +712,7 @@ read_key_mem (mhd_gtls_cert_credentials_t res, | |||
712 | */ | 712 | */ |
713 | res->pkey = | 713 | res->pkey = |
714 | mhd_gtls_realloc_fast (res->pkey, | 714 | mhd_gtls_realloc_fast (res->pkey, |
715 | (res->ncerts + 1) * sizeof (gnutls_privkey)); | 715 | (res->ncerts + 1) * sizeof (gnutls_privkey)); |
716 | if (res->pkey == NULL) | 716 | if (res->pkey == NULL) |
717 | { | 717 | { |
718 | gnutls_assert (); | 718 | gnutls_assert (); |
@@ -819,9 +819,9 @@ read_key_file (mhd_gtls_cert_credentials_t res, | |||
819 | **/ | 819 | **/ |
820 | int | 820 | int |
821 | MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t | 821 | MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t |
822 | res, const gnutls_datum_t * cert, | 822 | res, const gnutls_datum_t * cert, |
823 | const gnutls_datum_t * key, | 823 | const gnutls_datum_t * key, |
824 | gnutls_x509_crt_fmt_t type) | 824 | gnutls_x509_crt_fmt_t type) |
825 | { | 825 | { |
826 | int ret; | 826 | int ret; |
827 | 827 | ||
@@ -865,9 +865,9 @@ MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t | |||
865 | **/ | 865 | **/ |
866 | int | 866 | int |
867 | MHD_gnutls_certificate_set_x509_key_file (mhd_gtls_cert_credentials_t | 867 | MHD_gnutls_certificate_set_x509_key_file (mhd_gtls_cert_credentials_t |
868 | res, const char *CERTFILE, | 868 | res, const char *CERTFILE, |
869 | const char *KEYFILE, | 869 | const char *KEYFILE, |
870 | gnutls_x509_crt_fmt_t type) | 870 | gnutls_x509_crt_fmt_t type) |
871 | { | 871 | { |
872 | int ret; | 872 | int ret; |
873 | 873 | ||
@@ -955,7 +955,8 @@ generate_rdn_seq (mhd_gtls_cert_credentials_t res) | |||
955 | * certificate (uses the KeyUsage field). | 955 | * certificate (uses the KeyUsage field). |
956 | */ | 956 | */ |
957 | int | 957 | int |
958 | _gnutls_check_key_usage (const gnutls_cert * cert, enum MHD_GNUTLS_KeyExchangeAlgorithm alg) | 958 | _gnutls_check_key_usage (const gnutls_cert * cert, |
959 | enum MHD_GNUTLS_KeyExchangeAlgorithm alg) | ||
959 | { | 960 | { |
960 | unsigned int key_usage = 0; | 961 | unsigned int key_usage = 0; |
961 | int encipher_type; | 962 | int encipher_type; |
@@ -1041,9 +1042,9 @@ parse_pem_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | |||
1041 | 1042 | ||
1042 | *cert_list = | 1043 | *cert_list = |
1043 | (gnutls_x509_crt_t *) mhd_gtls_realloc_fast (*cert_list, | 1044 | (gnutls_x509_crt_t *) mhd_gtls_realloc_fast (*cert_list, |
1044 | i * | 1045 | i * |
1045 | sizeof | 1046 | sizeof |
1046 | (gnutls_x509_crt_t)); | 1047 | (gnutls_x509_crt_t)); |
1047 | 1048 | ||
1048 | if (*cert_list == NULL) | 1049 | if (*cert_list == NULL) |
1049 | { | 1050 | { |
@@ -1119,8 +1120,8 @@ parse_der_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | |||
1119 | 1120 | ||
1120 | *cert_list = | 1121 | *cert_list = |
1121 | (gnutls_x509_crt_t *) mhd_gtls_realloc_fast (*cert_list, | 1122 | (gnutls_x509_crt_t *) mhd_gtls_realloc_fast (*cert_list, |
1122 | i * | 1123 | i * |
1123 | sizeof (gnutls_x509_crt_t)); | 1124 | sizeof (gnutls_x509_crt_t)); |
1124 | 1125 | ||
1125 | if (*cert_list == NULL) | 1126 | if (*cert_list == NULL) |
1126 | { | 1127 | { |
@@ -1172,8 +1173,8 @@ parse_der_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | |||
1172 | **/ | 1173 | **/ |
1173 | int | 1174 | int |
1174 | MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t | 1175 | MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t |
1175 | res, const gnutls_datum_t * ca, | 1176 | res, const gnutls_datum_t * ca, |
1176 | gnutls_x509_crt_fmt_t type) | 1177 | gnutls_x509_crt_fmt_t type) |
1177 | { | 1178 | { |
1178 | int ret, ret2; | 1179 | int ret, ret2; |
1179 | 1180 | ||
@@ -1211,8 +1212,8 @@ MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t | |||
1211 | **/ | 1212 | **/ |
1212 | int | 1213 | int |
1213 | MHD_gnutls_certificate_set_x509_trust_file (mhd_gtls_cert_credentials_t | 1214 | MHD_gnutls_certificate_set_x509_trust_file (mhd_gtls_cert_credentials_t |
1214 | res, const char *cafile, | 1215 | res, const char *cafile, |
1215 | gnutls_x509_crt_fmt_t type) | 1216 | gnutls_x509_crt_fmt_t type) |
1216 | { | 1217 | { |
1217 | int ret, ret2; | 1218 | int ret, ret2; |
1218 | size_t size; | 1219 | size_t size; |
@@ -1274,9 +1275,9 @@ parse_pem_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls, | |||
1274 | 1275 | ||
1275 | *crl_list = | 1276 | *crl_list = |
1276 | (gnutls_x509_crl_t *) mhd_gtls_realloc_fast (*crl_list, | 1277 | (gnutls_x509_crl_t *) mhd_gtls_realloc_fast (*crl_list, |
1277 | i * | 1278 | i * |
1278 | sizeof | 1279 | sizeof |
1279 | (gnutls_x509_crl_t)); | 1280 | (gnutls_x509_crl_t)); |
1280 | 1281 | ||
1281 | if (*crl_list == NULL) | 1282 | if (*crl_list == NULL) |
1282 | { | 1283 | { |
@@ -1342,8 +1343,8 @@ parse_der_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls, | |||
1342 | 1343 | ||
1343 | *crl_list = | 1344 | *crl_list = |
1344 | (gnutls_x509_crl_t *) mhd_gtls_realloc_fast (*crl_list, | 1345 | (gnutls_x509_crl_t *) mhd_gtls_realloc_fast (*crl_list, |
1345 | i * | 1346 | i * |
1346 | sizeof (gnutls_x509_crl_t)); | 1347 | sizeof (gnutls_x509_crl_t)); |
1347 | 1348 | ||
1348 | if (*crl_list == NULL) | 1349 | if (*crl_list == NULL) |
1349 | { | 1350 | { |
@@ -1386,9 +1387,9 @@ read_crl_mem (mhd_gtls_cert_credentials_t res, const void *crl, | |||
1386 | /* allocate space for the certificate to add | 1387 | /* allocate space for the certificate to add |
1387 | */ | 1388 | */ |
1388 | res->x509_crl_list = mhd_gtls_realloc_fast (res->x509_crl_list, | 1389 | res->x509_crl_list = mhd_gtls_realloc_fast (res->x509_crl_list, |
1389 | (1 + | 1390 | (1 + |
1390 | res->x509_ncrls) * | 1391 | res->x509_ncrls) * |
1391 | sizeof (gnutls_x509_crl_t)); | 1392 | sizeof (gnutls_x509_crl_t)); |
1392 | if (res->x509_crl_list == NULL) | 1393 | if (res->x509_crl_list == NULL) |
1393 | { | 1394 | { |
1394 | gnutls_assert (); | 1395 | gnutls_assert (); |
@@ -1427,8 +1428,8 @@ read_crl_mem (mhd_gtls_cert_credentials_t res, const void *crl, | |||
1427 | **/ | 1428 | **/ |
1428 | int | 1429 | int |
1429 | MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t | 1430 | MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t |
1430 | res, const gnutls_datum_t * CRL, | 1431 | res, const gnutls_datum_t * CRL, |
1431 | gnutls_x509_crt_fmt_t type) | 1432 | gnutls_x509_crt_fmt_t type) |
1432 | { | 1433 | { |
1433 | int ret; | 1434 | int ret; |
1434 | 1435 | ||
@@ -1454,8 +1455,8 @@ MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t | |||
1454 | **/ | 1455 | **/ |
1455 | int | 1456 | int |
1456 | MHD_gnutls_certificate_set_x509_crl_file (mhd_gtls_cert_credentials_t | 1457 | MHD_gnutls_certificate_set_x509_crl_file (mhd_gtls_cert_credentials_t |
1457 | res, const char *crlfile, | 1458 | res, const char *crlfile, |
1458 | gnutls_x509_crt_fmt_t type) | 1459 | gnutls_x509_crt_fmt_t type) |
1459 | { | 1460 | { |
1460 | int ret; | 1461 | int ret; |
1461 | size_t size; | 1462 | size_t size; |
diff --git a/src/daemon/https/tls/gnutls_x509.h b/src/daemon/https/tls/gnutls_x509.h index 58af5ea5..d252051a 100644 --- a/src/daemon/https/tls/gnutls_x509.h +++ b/src/daemon/https/tls/gnutls_x509.h | |||
@@ -25,7 +25,7 @@ | |||
25 | #include <libtasn1.h> | 25 | #include <libtasn1.h> |
26 | 26 | ||
27 | int _gnutls_x509_cert_verify_peers (mhd_gtls_session_t session, | 27 | int _gnutls_x509_cert_verify_peers (mhd_gtls_session_t session, |
28 | unsigned int *status); | 28 | unsigned int *status); |
29 | 29 | ||
30 | #define PEM_CERT_SEP2 "-----BEGIN X509 CERTIFICATE" | 30 | #define PEM_CERT_SEP2 "-----BEGIN X509 CERTIFICATE" |
31 | #define PEM_CERT_SEP "-----BEGIN CERTIFICATE" | 31 | #define PEM_CERT_SEP "-----BEGIN CERTIFICATE" |
@@ -37,13 +37,13 @@ int _gnutls_x509_cert_verify_peers (mhd_gtls_session_t session, | |||
37 | #define PEM_KEY_DSA_SEP "-----BEGIN DSA" | 37 | #define PEM_KEY_DSA_SEP "-----BEGIN DSA" |
38 | 38 | ||
39 | int _gnutls_check_key_usage (const gnutls_cert * cert, | 39 | int _gnutls_check_key_usage (const gnutls_cert * cert, |
40 | enum MHD_GNUTLS_KeyExchangeAlgorithm alg); | 40 | enum MHD_GNUTLS_KeyExchangeAlgorithm alg); |
41 | 41 | ||
42 | int _gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params); | 42 | int _gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params); |
43 | int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, mpi_t * params); | 43 | int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, mpi_t * params); |
44 | 44 | ||
45 | int _gnutls_x509_raw_privkey_to_gkey (gnutls_privkey * privkey, | 45 | int _gnutls_x509_raw_privkey_to_gkey (gnutls_privkey * privkey, |
46 | const gnutls_datum_t * raw_key, | 46 | const gnutls_datum_t * raw_key, |
47 | gnutls_x509_crt_fmt_t type); | 47 | gnutls_x509_crt_fmt_t type); |
48 | int _gnutls_x509_privkey_to_gkey (gnutls_privkey * privkey, | 48 | int _gnutls_x509_privkey_to_gkey (gnutls_privkey * privkey, |
49 | gnutls_x509_privkey_t); | 49 | gnutls_x509_privkey_t); |
diff --git a/src/daemon/https/tls/io_debug.h b/src/daemon/https/tls/io_debug.h index 53d9c371..cd39d60c 100644 --- a/src/daemon/https/tls/io_debug.h +++ b/src/daemon/https/tls/io_debug.h | |||
@@ -33,7 +33,7 @@ | |||
33 | 33 | ||
34 | #include <gnutls_int.h> | 34 | #include <gnutls_int.h> |
35 | 35 | ||
36 | #define EDUNNO EAGAIN /* EAGAIN */ | 36 | #define EDUNNO EAGAIN /* EAGAIN */ |
37 | 37 | ||
38 | extern int errno; | 38 | extern int errno; |
39 | static int initialized_rand = 0; | 39 | static int initialized_rand = 0; |
diff --git a/src/daemon/https/tls/x509_b64.c b/src/daemon/https/tls/x509_b64.c index 5bb2b4a5..d4100bc9 100644 --- a/src/daemon/https/tls/x509_b64.c +++ b/src/daemon/https/tls/x509_b64.c | |||
@@ -293,17 +293,17 @@ _gnutls_fbase64_encode (const char *msg, const uint8_t * data, | |||
293 | * @result: the place where base64 data will be copied | 293 | * @result: the place where base64 data will be copied |
294 | * @result_size: holds the size of the result | 294 | * @result_size: holds the size of the result |
295 | * | 295 | * |
296 | * This function will convert the given data to printable data, using the base64 | 296 | * This function will convert the given data to printable data, using the base64 |
297 | * encoding. This is the encoding used in PEM messages. If the provided | 297 | * encoding. This is the encoding used in PEM messages. If the provided |
298 | * buffer is not long enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned. | 298 | * buffer is not long enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned. |
299 | * | 299 | * |
300 | * The output string will be null terminated, although the size will not include | 300 | * The output string will be null terminated, although the size will not include |
301 | * the terminating null. | 301 | * the terminating null. |
302 | * | 302 | * |
303 | **/ | 303 | **/ |
304 | int | 304 | int |
305 | MHD_gtls_pem_base64_encode (const char *msg, const gnutls_datum_t * data, | 305 | MHD_gtls_pem_base64_encode (const char *msg, const gnutls_datum_t * data, |
306 | char *result, size_t * result_size) | 306 | char *result, size_t * result_size) |
307 | { | 307 | { |
308 | opaque *ret; | 308 | opaque *ret; |
309 | int size; | 309 | int size; |
@@ -334,17 +334,17 @@ MHD_gtls_pem_base64_encode (const char *msg, const gnutls_datum_t * data, | |||
334 | * @data: contains the raw data | 334 | * @data: contains the raw data |
335 | * @result: will hold the newly allocated encoded data | 335 | * @result: will hold the newly allocated encoded data |
336 | * | 336 | * |
337 | * This function will convert the given data to printable data, using the base64 | 337 | * This function will convert the given data to printable data, using the base64 |
338 | * encoding. This is the encoding used in PEM messages. This function will | 338 | * encoding. This is the encoding used in PEM messages. This function will |
339 | * allocate the required memory to hold the encoded data. | 339 | * allocate the required memory to hold the encoded data. |
340 | * | 340 | * |
341 | * You should use gnutls_free() to free the returned data. | 341 | * You should use gnutls_free() to free the returned data. |
342 | * | 342 | * |
343 | **/ | 343 | **/ |
344 | int | 344 | int |
345 | MHD_gtls_pem_base64_encode_alloc (const char *msg, | 345 | MHD_gtls_pem_base64_encode_alloc (const char *msg, |
346 | const gnutls_datum_t * data, | 346 | const gnutls_datum_t * data, |
347 | gnutls_datum_t * result) | 347 | gnutls_datum_t * result) |
348 | { | 348 | { |
349 | opaque *ret; | 349 | opaque *ret; |
350 | int size; | 350 | int size; |
@@ -483,7 +483,7 @@ _gnutls_fbase64_decode (const char *header, const opaque * data, | |||
483 | return GNUTLS_E_BASE64_DECODING_ERROR; | 483 | return GNUTLS_E_BASE64_DECODING_ERROR; |
484 | } | 484 | } |
485 | 485 | ||
486 | /* position of kdata is before the ----END--- footer | 486 | /* position of kdata is before the ----END--- footer |
487 | */ | 487 | */ |
488 | rdata_size = (unsigned long int) kdata - (unsigned long int) rdata; | 488 | rdata_size = (unsigned long int) kdata - (unsigned long int) rdata; |
489 | 489 | ||
@@ -535,8 +535,8 @@ _gnutls_fbase64_decode (const char *header, const opaque * data, | |||
535 | **/ | 535 | **/ |
536 | int | 536 | int |
537 | MHD_gtls_pem_base64_decode (const char *header, | 537 | MHD_gtls_pem_base64_decode (const char *header, |
538 | const gnutls_datum_t * b64_data, | 538 | const gnutls_datum_t * b64_data, |
539 | unsigned char *result, size_t * result_size) | 539 | unsigned char *result, size_t * result_size) |
540 | { | 540 | { |
541 | opaque *ret; | 541 | opaque *ret; |
542 | int size; | 542 | int size; |
@@ -570,8 +570,8 @@ MHD_gtls_pem_base64_decode (const char *header, | |||
570 | * | 570 | * |
571 | * This function will decode the given encoded data. The decoded data | 571 | * This function will decode the given encoded data. The decoded data |
572 | * will be allocated, and stored into result. | 572 | * will be allocated, and stored into result. |
573 | * If the header given is non null this function will search for | 573 | * If the header given is non null this function will search for |
574 | * "-----BEGIN header" and decode only this part. Otherwise it will decode the | 574 | * "-----BEGIN header" and decode only this part. Otherwise it will decode the |
575 | * first PEM packet found. | 575 | * first PEM packet found. |
576 | * | 576 | * |
577 | * You should use gnutls_free() to free the returned data. | 577 | * You should use gnutls_free() to free the returned data. |
@@ -579,8 +579,8 @@ MHD_gtls_pem_base64_decode (const char *header, | |||
579 | **/ | 579 | **/ |
580 | int | 580 | int |
581 | MHD_gtls_pem_base64_decode_alloc (const char *header, | 581 | MHD_gtls_pem_base64_decode_alloc (const char *header, |
582 | const gnutls_datum_t * b64_data, | 582 | const gnutls_datum_t * b64_data, |
583 | gnutls_datum_t * result) | 583 | gnutls_datum_t * result) |
584 | { | 584 | { |
585 | opaque *ret; | 585 | opaque *ret; |
586 | int size; | 586 | int size; |
diff --git a/src/daemon/https/tls/x509_b64.h b/src/daemon/https/tls/x509_b64.h index 539bec42..d079ebc6 100644 --- a/src/daemon/https/tls/x509_b64.h +++ b/src/daemon/https/tls/x509_b64.h | |||
@@ -23,13 +23,13 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | int _gnutls_base64_encode (const uint8_t * data, size_t data_size, | 25 | int _gnutls_base64_encode (const uint8_t * data, size_t data_size, |
26 | uint8_t ** result); | 26 | uint8_t ** result); |
27 | int _gnutls_fbase64_encode (const char *msg, const uint8_t * data, | 27 | int _gnutls_fbase64_encode (const char *msg, const uint8_t * data, |
28 | int data_size, uint8_t ** result); | 28 | int data_size, uint8_t ** result); |
29 | int _gnutls_base64_decode (const uint8_t * data, size_t data_size, | 29 | int _gnutls_base64_decode (const uint8_t * data, size_t data_size, |
30 | uint8_t ** result); | 30 | uint8_t ** result); |
31 | int _gnutls_fbase64_decode (const char *header, const uint8_t * data, | 31 | int _gnutls_fbase64_decode (const char *header, const uint8_t * data, |
32 | size_t data_size, uint8_t ** result); | 32 | size_t data_size, uint8_t ** result); |
33 | 33 | ||
34 | #define B64SIZE( data_size) ((data_size%3==0)?((data_size*4)/3):(4+((data_size/3)*4))) | 34 | #define B64SIZE( data_size) ((data_size%3==0)?((data_size*4)/3):(4+((data_size/3)*4))) |
35 | 35 | ||
diff --git a/src/daemon/https/x509/common.c b/src/daemon/https/x509/common.c index e8c21fe9..53ae4be8 100644 --- a/src/daemon/https/x509/common.c +++ b/src/daemon/https/x509/common.c | |||
@@ -440,7 +440,7 @@ _gnutls_x509_data2hex (const opaque * data, | |||
440 | return 0; | 440 | return 0; |
441 | } | 441 | } |
442 | 442 | ||
443 | /* TIME functions | 443 | /* TIME functions |
444 | * Convertions between generalized or UTC time to time_t | 444 | * Convertions between generalized or UTC time to time_t |
445 | * | 445 | * |
446 | */ | 446 | */ |
@@ -463,7 +463,7 @@ typedef struct fake_tm | |||
463 | * who placed it under public domain: | 463 | * who placed it under public domain: |
464 | */ | 464 | */ |
465 | 465 | ||
466 | /* The number of days in each month. | 466 | /* The number of days in each month. |
467 | */ | 467 | */ |
468 | static const int MONTHDAYS[] = { 31, | 468 | static const int MONTHDAYS[] = { 31, |
469 | 28, | 469 | 28, |
@@ -498,12 +498,12 @@ mktime_utc (const struct fake_tm *tm) | |||
498 | /* We do allow some ill-formed dates, but we don't do anything special | 498 | /* We do allow some ill-formed dates, but we don't do anything special |
499 | * with them and our callers really shouldn't pass them to us. Do | 499 | * with them and our callers really shouldn't pass them to us. Do |
500 | * explicitly disallow the ones that would cause invalid array accesses | 500 | * explicitly disallow the ones that would cause invalid array accesses |
501 | * or other algorithm problems. | 501 | * or other algorithm problems. |
502 | */ | 502 | */ |
503 | if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970) | 503 | if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970) |
504 | return (time_t) - 1; | 504 | return (time_t) - 1; |
505 | 505 | ||
506 | /* Convert to a time_t. | 506 | /* Convert to a time_t. |
507 | */ | 507 | */ |
508 | for (i = 1970; i < tm->tm_year; i++) | 508 | for (i = 1970; i < tm->tm_year; i++) |
509 | result += 365 + ISLEAP (i); | 509 | result += 365 + ISLEAP (i); |
@@ -1319,7 +1319,7 @@ _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, | |||
1319 | return algo; | 1319 | return algo; |
1320 | } | 1320 | } |
1321 | 1321 | ||
1322 | /* Now read the parameters' bits | 1322 | /* Now read the parameters' bits |
1323 | */ | 1323 | */ |
1324 | mhd_gtls_str_cpy (name, sizeof (name), src_name); | 1324 | mhd_gtls_str_cpy (name, sizeof (name), src_name); |
1325 | mhd_gtls_str_cat (name, sizeof (name), ".subjectPublicKey"); | 1325 | mhd_gtls_str_cat (name, sizeof (name), ".subjectPublicKey"); |
@@ -1442,7 +1442,7 @@ _gnutls_x509_get_signature (ASN1_TYPE src, | |||
1442 | signature->data = NULL; | 1442 | signature->data = NULL; |
1443 | signature->size = 0; | 1443 | signature->size = 0; |
1444 | 1444 | ||
1445 | /* Read the signature | 1445 | /* Read the signature |
1446 | */ | 1446 | */ |
1447 | bits = 0; | 1447 | bits = 0; |
1448 | result = asn1_read_value (src, src_name, NULL, &bits); | 1448 | result = asn1_read_value (src, src_name, NULL, &bits); |
diff --git a/src/daemon/https/x509/common.h b/src/daemon/https/x509/common.h index 01b1bf30..0e91c96d 100644 --- a/src/daemon/https/x509/common.h +++ b/src/daemon/https/x509/common.h | |||
@@ -63,13 +63,13 @@ time_t _gnutls_x509_generalTime2gtime (const char *ttime); | |||
63 | int _gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim); | 63 | int _gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim); |
64 | 64 | ||
65 | int _gnutls_x509_decode_octet_string (const char *string_type, | 65 | int _gnutls_x509_decode_octet_string (const char *string_type, |
66 | const opaque * der, size_t der_size, | 66 | const opaque * der, size_t der_size, |
67 | opaque * output, size_t * output_size); | 67 | opaque * output, size_t * output_size); |
68 | int _gnutls_x509_oid_data2string (const char *OID, void *value, | 68 | int _gnutls_x509_oid_data2string (const char *OID, void *value, |
69 | int value_size, char *res, | 69 | int value_size, char *res, |
70 | size_t * res_size); | 70 | size_t * res_size); |
71 | int _gnutls_x509_data2hex (const opaque * data, size_t data_size, | 71 | int _gnutls_x509_data2hex (const opaque * data, size_t data_size, |
72 | opaque * out, size_t * sizeof_out); | 72 | opaque * out, size_t * sizeof_out); |
73 | 73 | ||
74 | const char *_gnutls_x509_oid2ldap_string (const char *OID); | 74 | const char *_gnutls_x509_oid2ldap_string (const char *OID); |
75 | 75 | ||
@@ -81,46 +81,47 @@ time_t _gnutls_x509_get_time (ASN1_TYPE c2, const char *when); | |||
81 | gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type (char *str_type); | 81 | gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type (char *str_type); |
82 | 82 | ||
83 | int _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name, | 83 | int _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name, |
84 | ASN1_TYPE dest, const char *dest_name, | 84 | ASN1_TYPE dest, const char *dest_name, |
85 | int str); | 85 | int str); |
86 | int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, | 86 | int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, |
87 | gnutls_datum_t * res, int str); | 87 | gnutls_datum_t * res, int str); |
88 | 88 | ||
89 | int _gnutls_x509_export_int (ASN1_TYPE asn1_data, | 89 | int _gnutls_x509_export_int (ASN1_TYPE asn1_data, |
90 | gnutls_x509_crt_fmt_t format, char *pem_header, | 90 | gnutls_x509_crt_fmt_t format, char *pem_header, |
91 | unsigned char *output_data, | 91 | unsigned char *output_data, |
92 | size_t * output_data_size); | 92 | size_t * output_data_size); |
93 | 93 | ||
94 | int _gnutls_x509_read_value (ASN1_TYPE c, const char *root, | 94 | int _gnutls_x509_read_value (ASN1_TYPE c, const char *root, |
95 | gnutls_datum_t * ret, int str); | 95 | gnutls_datum_t * ret, int str); |
96 | int _gnutls_x509_write_value (ASN1_TYPE c, const char *root, | 96 | int _gnutls_x509_write_value (ASN1_TYPE c, const char *root, |
97 | const gnutls_datum_t * data, int str); | 97 | const gnutls_datum_t * data, int str); |
98 | 98 | ||
99 | int _gnutls_x509_encode_and_write_attribute (const char *given_oid, | 99 | int _gnutls_x509_encode_and_write_attribute (const char *given_oid, |
100 | ASN1_TYPE asn1_struct, | 100 | ASN1_TYPE asn1_struct, |
101 | const char *where, | 101 | const char *where, |
102 | const void *data, | 102 | const void *data, |
103 | int sizeof_data, int multi); | 103 | int sizeof_data, int multi); |
104 | int _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, | 104 | int _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, |
105 | const char *where, char *oid, | 105 | const char *where, char *oid, |
106 | int oid_size, | 106 | int oid_size, |
107 | gnutls_datum_t * value, int multi, | 107 | gnutls_datum_t * value, int multi, |
108 | int octet); | 108 | int octet); |
109 | 109 | ||
110 | int _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, | 110 | int _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, |
111 | unsigned int *bits); | 111 | unsigned int *bits); |
112 | 112 | ||
113 | int _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, | 113 | int _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, |
114 | const char *dst_name, | 114 | const char *dst_name, |
115 | enum MHD_GNUTLS_PublicKeyAlgorithm | 115 | enum |
116 | pk_algorithm, mpi_t * params, | 116 | MHD_GNUTLS_PublicKeyAlgorithm |
117 | int params_size); | 117 | pk_algorithm, mpi_t * params, |
118 | int params_size); | ||
118 | int _gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name, | 119 | int _gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name, |
119 | ASN1_TYPE src, const char *src_name); | 120 | ASN1_TYPE src, const char *src_name); |
120 | 121 | ||
121 | int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name, | 122 | int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name, |
122 | gnutls_datum_t * signed_data); | 123 | gnutls_datum_t * signed_data); |
123 | int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name, | 124 | int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name, |
124 | gnutls_datum_t * signature); | 125 | gnutls_datum_t * signature); |
125 | 126 | ||
126 | #endif | 127 | #endif |
diff --git a/src/daemon/https/x509/crl.c b/src/daemon/https/x509/crl.c index 98eb4806..9ad49c67 100644 --- a/src/daemon/https/x509/crl.c +++ b/src/daemon/https/x509/crl.c | |||
@@ -73,7 +73,7 @@ gnutls_x509_crl_init (gnutls_x509_crl_t * crl) | |||
73 | * gnutls_x509_crl_deinit - This function deinitializes memory used by a gnutls_x509_crl_t structure | 73 | * gnutls_x509_crl_deinit - This function deinitializes memory used by a gnutls_x509_crl_t structure |
74 | * @crl: The structure to be initialized | 74 | * @crl: The structure to be initialized |
75 | * | 75 | * |
76 | * This function will deinitialize a CRL structure. | 76 | * This function will deinitialize a CRL structure. |
77 | * | 77 | * |
78 | **/ | 78 | **/ |
79 | void | 79 | void |
@@ -168,7 +168,7 @@ cleanup: | |||
168 | * @buf: a pointer to a structure to hold the peer's name (may be null) | 168 | * @buf: a pointer to a structure to hold the peer's name (may be null) |
169 | * @sizeof_buf: initially holds the size of @buf | 169 | * @sizeof_buf: initially holds the size of @buf |
170 | * | 170 | * |
171 | * This function will copy the name of the CRL issuer in the provided buffer. The name | 171 | * This function will copy the name of the CRL issuer in the provided buffer. The name |
172 | * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output | 172 | * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output |
173 | * string will be ASCII or UTF-8 encoded, depending on the certificate data. | 173 | * string will be ASCII or UTF-8 encoded, depending on the certificate data. |
174 | * | 174 | * |
@@ -208,7 +208,7 @@ gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, char *buf, | |||
208 | * string will be ASCII or UTF-8 encoded, depending on the certificate data. | 208 | * string will be ASCII or UTF-8 encoded, depending on the certificate data. |
209 | * | 209 | * |
210 | * Some helper macros with popular OIDs can be found in gnutls/x509.h | 210 | * Some helper macros with popular OIDs can be found in gnutls/x509.h |
211 | * If raw flag is zero, this function will only return known OIDs as text. Other OIDs | 211 | * If raw flag is zero, this function will only return known OIDs as text. Other OIDs |
212 | * will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix. | 212 | * will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix. |
213 | * You can check about known OIDs using gnutls_x509_dn_oid_known(). | 213 | * You can check about known OIDs using gnutls_x509_dn_oid_known(). |
214 | * | 214 | * |
@@ -244,7 +244,7 @@ gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl, | |||
244 | * @sizeof_oid: initially holds the size of 'oid' | 244 | * @sizeof_oid: initially holds the size of 'oid' |
245 | * | 245 | * |
246 | * This function will extract the requested OID of the name of the CRL issuer, specified | 246 | * This function will extract the requested OID of the name of the CRL issuer, specified |
247 | * by the given index. | 247 | * by the given index. |
248 | * | 248 | * |
249 | * If oid is null then only the size will be filled. | 249 | * If oid is null then only the size will be filled. |
250 | * | 250 | * |
@@ -273,8 +273,8 @@ gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, | |||
273 | * gnutls_x509_crl_get_signature_algorithm - This function returns the CRL's signature algorithm | 273 | * gnutls_x509_crl_get_signature_algorithm - This function returns the CRL's signature algorithm |
274 | * @crl: should contain a gnutls_x509_crl_t structure | 274 | * @crl: should contain a gnutls_x509_crl_t structure |
275 | * | 275 | * |
276 | * This function will return a value of the gnutls_sign_algorithm_t enumeration that | 276 | * This function will return a value of the gnutls_sign_algorithm_t enumeration that |
277 | * is the signature algorithm. | 277 | * is the signature algorithm. |
278 | * | 278 | * |
279 | * Returns a negative value on error. | 279 | * Returns a negative value on error. |
280 | * | 280 | * |
@@ -651,7 +651,7 @@ gnutls_x509_crl_export (gnutls_x509_crl_t crl, | |||
651 | * @dest: The structure where to copy | 651 | * @dest: The structure where to copy |
652 | * @src: The structure to be copied | 652 | * @src: The structure to be copied |
653 | * | 653 | * |
654 | * This function will copy an X.509 certificate structure. | 654 | * This function will copy an X.509 certificate structure. |
655 | * | 655 | * |
656 | * Returns 0 on success. | 656 | * Returns 0 on success. |
657 | * | 657 | * |
diff --git a/src/daemon/https/x509/crl_write.c b/src/daemon/https/x509/crl_write.c index 7b651695..5e323be2 100644 --- a/src/daemon/https/x509/crl_write.c +++ b/src/daemon/https/x509/crl_write.c | |||
@@ -197,7 +197,7 @@ gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time) | |||
197 | * @serial_size: Holds the size of the serial field. | 197 | * @serial_size: Holds the size of the serial field. |
198 | * @revocation_time: The time this certificate was revoked | 198 | * @revocation_time: The time this certificate was revoked |
199 | * | 199 | * |
200 | * This function will set a revoked certificate's serial number to the CRL. | 200 | * This function will set a revoked certificate's serial number to the CRL. |
201 | * | 201 | * |
202 | * Returns 0 on success, or a negative value in case of an error. | 202 | * Returns 0 on success, or a negative value in case of an error. |
203 | * | 203 | * |
@@ -262,7 +262,7 @@ gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, | |||
262 | * @crt: should contain a gnutls_x509_crt_t structure with the revoked certificate | 262 | * @crt: should contain a gnutls_x509_crt_t structure with the revoked certificate |
263 | * @revocation_time: The time this certificate was revoked | 263 | * @revocation_time: The time this certificate was revoked |
264 | * | 264 | * |
265 | * This function will set a revoked certificate's serial number to the CRL. | 265 | * This function will set a revoked certificate's serial number to the CRL. |
266 | * | 266 | * |
267 | * Returns 0 on success, or a negative value in case of an error. | 267 | * Returns 0 on success, or a negative value in case of an error. |
268 | * | 268 | * |
diff --git a/src/daemon/https/x509/crq.c b/src/daemon/https/x509/crq.c index 3868a455..68b0477a 100644 --- a/src/daemon/https/x509/crq.c +++ b/src/daemon/https/x509/crq.c | |||
@@ -46,7 +46,7 @@ | |||
46 | * gnutls_x509_crq_init - This function initializes a gnutls_x509_crq_t structure | 46 | * gnutls_x509_crq_init - This function initializes a gnutls_x509_crq_t structure |
47 | * @crq: The structure to be initialized | 47 | * @crq: The structure to be initialized |
48 | * | 48 | * |
49 | * This function will initialize a PKCS10 certificate request structure. | 49 | * This function will initialize a PKCS10 certificate request structure. |
50 | * | 50 | * |
51 | * Returns 0 on success. | 51 | * Returns 0 on success. |
52 | * | 52 | * |
@@ -76,7 +76,7 @@ gnutls_x509_crq_init (gnutls_x509_crq_t * crq) | |||
76 | * gnutls_x509_crq_deinit - This function deinitializes memory used by a gnutls_x509_crq_t structure | 76 | * gnutls_x509_crq_deinit - This function deinitializes memory used by a gnutls_x509_crq_t structure |
77 | * @crq: The structure to be initialized | 77 | * @crq: The structure to be initialized |
78 | * | 78 | * |
79 | * This function will deinitialize a CRL structure. | 79 | * This function will deinitialize a CRL structure. |
80 | * | 80 | * |
81 | **/ | 81 | **/ |
82 | void | 82 | void |
@@ -336,7 +336,7 @@ parse_attribute (ASN1_TYPE asn1_struct, | |||
336 | 336 | ||
337 | /* Move to the attibute type and values | 337 | /* Move to the attibute type and values |
338 | */ | 338 | */ |
339 | /* Read the OID | 339 | /* Read the OID |
340 | */ | 340 | */ |
341 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer1); | 341 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer1); |
342 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); | 342 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); |
@@ -356,7 +356,7 @@ parse_attribute (ASN1_TYPE asn1_struct, | |||
356 | if (strcmp (oid, given_oid) == 0) | 356 | if (strcmp (oid, given_oid) == 0) |
357 | { /* Found the OID */ | 357 | { /* Found the OID */ |
358 | 358 | ||
359 | /* Read the Value | 359 | /* Read the Value |
360 | */ | 360 | */ |
361 | snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u", | 361 | snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u", |
362 | tmpbuffer1, indx + 1); | 362 | tmpbuffer1, indx + 1); |
@@ -421,7 +421,7 @@ cleanup: | |||
421 | } | 421 | } |
422 | 422 | ||
423 | /** | 423 | /** |
424 | * gnutls_x509_crq_get_challenge_password - This function will get the challenge password | 424 | * gnutls_x509_crq_get_challenge_password - This function will get the challenge password |
425 | * @crq: should contain a gnutls_x509_crq_t structure | 425 | * @crq: should contain a gnutls_x509_crq_t structure |
426 | * @pass: will hold a null terminated password | 426 | * @pass: will hold a null terminated password |
427 | * @sizeof_pass: Initially holds the size of @pass. | 427 | * @sizeof_pass: Initially holds the size of @pass. |
@@ -499,7 +499,7 @@ gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq, | |||
499 | } | 499 | } |
500 | 500 | ||
501 | /** | 501 | /** |
502 | * gnutls_x509_crq_get_attribute_by_oid - This function will get an attribute of the request | 502 | * gnutls_x509_crq_get_attribute_by_oid - This function will get an attribute of the request |
503 | * @crq: should contain a gnutls_x509_crq_t structure | 503 | * @crq: should contain a gnutls_x509_crq_t structure |
504 | * @oid: holds an Object Identified in null terminated string | 504 | * @oid: holds an Object Identified in null terminated string |
505 | * @indx: In case multiple same OIDs exist in the attribute list, this specifies | 505 | * @indx: In case multiple same OIDs exist in the attribute list, this specifies |
@@ -674,7 +674,7 @@ gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) | |||
674 | } | 674 | } |
675 | 675 | ||
676 | /** | 676 | /** |
677 | * gnutls_x509_crq_set_challenge_password - This function will set a challenge password | 677 | * gnutls_x509_crq_set_challenge_password - This function will set a challenge password |
678 | * @crq: should contain a gnutls_x509_crq_t structure | 678 | * @crq: should contain a gnutls_x509_crq_t structure |
679 | * @pass: holds a null terminated password | 679 | * @pass: holds a null terminated password |
680 | * | 680 | * |
@@ -849,11 +849,11 @@ gnutls_x509_crq_export (gnutls_x509_crq_t crq, | |||
849 | * @crq: should contain a gnutls_x509_crq_t structure | 849 | * @crq: should contain a gnutls_x509_crq_t structure |
850 | * @bits: if bits is non null it will hold the size of the parameters' in bits | 850 | * @bits: if bits is non null it will hold the size of the parameters' in bits |
851 | * | 851 | * |
852 | * This function will return the public key algorithm of a PKCS \#10 | 852 | * This function will return the public key algorithm of a PKCS \#10 |
853 | * certificate request. | 853 | * certificate request. |
854 | * | 854 | * |
855 | * If bits is non null, it should have enough size to hold the parameters | 855 | * If bits is non null, it should have enough size to hold the parameters |
856 | * size in bits. For RSA the bits returned is the modulus. | 856 | * size in bits. For RSA the bits returned is the modulus. |
857 | * For DSA the bits returned are of the public | 857 | * For DSA the bits returned are of the public |
858 | * exponent. | 858 | * exponent. |
859 | * | 859 | * |
diff --git a/src/daemon/https/x509/dn.c b/src/daemon/https/x509/dn.c index 784ac4a7..27c53084 100644 --- a/src/daemon/https/x509/dn.c +++ b/src/daemon/https/x509/dn.c | |||
@@ -37,7 +37,7 @@ | |||
37 | */ | 37 | */ |
38 | 38 | ||
39 | /* Converts the given OID to an ldap acceptable string or | 39 | /* Converts the given OID to an ldap acceptable string or |
40 | * a dotted OID. | 40 | * a dotted OID. |
41 | */ | 41 | */ |
42 | static const char * | 42 | static const char * |
43 | oid2ldap_string (const char *oid) | 43 | oid2ldap_string (const char *oid) |
@@ -173,7 +173,7 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, | |||
173 | goto cleanup; | 173 | goto cleanup; |
174 | } | 174 | } |
175 | 175 | ||
176 | /* Read the OID | 176 | /* Read the OID |
177 | */ | 177 | */ |
178 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); | 178 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); |
179 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); | 179 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); |
@@ -190,7 +190,7 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, | |||
190 | goto cleanup; | 190 | goto cleanup; |
191 | } | 191 | } |
192 | 192 | ||
193 | /* Read the Value | 193 | /* Read the Value |
194 | */ | 194 | */ |
195 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); | 195 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); |
196 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); | 196 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); |
@@ -280,7 +280,8 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, | |||
280 | gnutls_assert (); | 280 | gnutls_assert (); |
281 | _gnutls_x509_log | 281 | _gnutls_x509_log |
282 | ("Found OID: '%s' with value '%s'\n", | 282 | ("Found OID: '%s' with value '%s'\n", |
283 | oid, mhd_gtls_bin2hex (value2, len, escaped, sizeof_escaped)); | 283 | oid, mhd_gtls_bin2hex (value2, len, escaped, |
284 | sizeof_escaped)); | ||
284 | goto cleanup; | 285 | goto cleanup; |
285 | } | 286 | } |
286 | STR_APPEND (str_escape (string, escaped, sizeof_escaped)); | 287 | STR_APPEND (str_escape (string, escaped, sizeof_escaped)); |
@@ -416,7 +417,7 @@ _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, | |||
416 | goto cleanup; | 417 | goto cleanup; |
417 | } | 418 | } |
418 | 419 | ||
419 | /* Read the OID | 420 | /* Read the OID |
420 | */ | 421 | */ |
421 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); | 422 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); |
422 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); | 423 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); |
@@ -436,7 +437,7 @@ _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, | |||
436 | if (strcmp (oid, given_oid) == 0 && indx == i++) | 437 | if (strcmp (oid, given_oid) == 0 && indx == i++) |
437 | { /* Found the OID */ | 438 | { /* Found the OID */ |
438 | 439 | ||
439 | /* Read the Value | 440 | /* Read the Value |
440 | */ | 441 | */ |
441 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); | 442 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); |
442 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); | 443 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); |
@@ -585,7 +586,7 @@ _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct, | |||
585 | goto cleanup; | 586 | goto cleanup; |
586 | } | 587 | } |
587 | 588 | ||
588 | /* Read the OID | 589 | /* Read the OID |
589 | */ | 590 | */ |
590 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); | 591 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); |
591 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); | 592 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); |
@@ -722,7 +723,7 @@ _gnutls_x509_encode_and_write_attribute (const char *given_oid, | |||
722 | 723 | ||
723 | if (multi != 0) | 724 | if (multi != 0) |
724 | { /* if not writing an AttributeTypeAndValue, but an Attribute */ | 725 | { /* if not writing an AttributeTypeAndValue, but an Attribute */ |
725 | mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */ | 726 | mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */ |
726 | 727 | ||
727 | result = asn1_write_value (asn1_struct, tmp, "NEW", 1); | 728 | result = asn1_write_value (asn1_struct, tmp, "NEW", 1); |
728 | if (result != ASN1_SUCCESS) | 729 | if (result != ASN1_SUCCESS) |
@@ -777,7 +778,7 @@ _gnutls_x509_write_attribute (const char *given_oid, | |||
777 | 778 | ||
778 | if (multi != 0) | 779 | if (multi != 0) |
779 | { /* if not writing an AttributeTypeAndValue, but an Attribute */ | 780 | { /* if not writing an AttributeTypeAndValue, but an Attribute */ |
780 | mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */ | 781 | mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */ |
781 | 782 | ||
782 | result = asn1_write_value (asn1_struct, tmp, "NEW", 1); | 783 | result = asn1_write_value (asn1_struct, tmp, "NEW", 1); |
783 | if (result != ASN1_SUCCESS) | 784 | if (result != ASN1_SUCCESS) |
@@ -830,7 +831,7 @@ _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, | |||
830 | char tmpbuffer[128]; | 831 | char tmpbuffer[128]; |
831 | int len, result; | 832 | int len, result; |
832 | 833 | ||
833 | /* Read the OID | 834 | /* Read the OID |
834 | */ | 835 | */ |
835 | mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where); | 836 | mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where); |
836 | mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".type"); | 837 | mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".type"); |
@@ -845,14 +846,14 @@ _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, | |||
845 | return result; | 846 | return result; |
846 | } | 847 | } |
847 | 848 | ||
848 | /* Read the Value | 849 | /* Read the Value |
849 | */ | 850 | */ |
850 | 851 | ||
851 | mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where); | 852 | mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where); |
852 | mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value"); | 853 | mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value"); |
853 | 854 | ||
854 | if (multi) | 855 | if (multi) |
855 | mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */ | 856 | mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */ |
856 | 857 | ||
857 | result = | 858 | result = |
858 | _gnutls_x509_read_value (asn1_struct, tmpbuffer, value, octet_string); | 859 | _gnutls_x509_read_value (asn1_struct, tmpbuffer, value, octet_string); |
@@ -899,7 +900,7 @@ _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct, | |||
899 | mhd_gtls_str_cpy (asn1_rdn_name, sizeof (asn1_rdn_name), asn1_name); | 900 | mhd_gtls_str_cpy (asn1_rdn_name, sizeof (asn1_rdn_name), asn1_name); |
900 | mhd_gtls_str_cat (asn1_rdn_name, sizeof (asn1_rdn_name), ".rdnSequence"); | 901 | mhd_gtls_str_cat (asn1_rdn_name, sizeof (asn1_rdn_name), ".rdnSequence"); |
901 | 902 | ||
902 | /* create a new element | 903 | /* create a new element |
903 | */ | 904 | */ |
904 | result = asn1_write_value (asn1_struct, asn1_rdn_name, "NEW", 1); | 905 | result = asn1_write_value (asn1_struct, asn1_rdn_name, "NEW", 1); |
905 | if (result != ASN1_SUCCESS) | 906 | if (result != ASN1_SUCCESS) |
diff --git a/src/daemon/https/x509/dn.h b/src/daemon/https/x509/dn.h index 93a9262c..97f85e16 100644 --- a/src/daemon/https/x509/dn.h +++ b/src/daemon/https/x509/dn.h | |||
@@ -38,21 +38,21 @@ | |||
38 | #define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" | 38 | #define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" |
39 | 39 | ||
40 | int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, | 40 | int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, |
41 | const char *asn1_rdn_name, char *buf, | 41 | const char *asn1_rdn_name, char *buf, |
42 | size_t * sizeof_buf); | 42 | size_t * sizeof_buf); |
43 | 43 | ||
44 | int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, | 44 | int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, |
45 | const char *asn1_rdn_name, const char *oid, | 45 | const char *asn1_rdn_name, const char *oid, |
46 | int indx, unsigned int raw_flag, void *buf, | 46 | int indx, unsigned int raw_flag, void *buf, |
47 | size_t * sizeof_buf); | 47 | size_t * sizeof_buf); |
48 | 48 | ||
49 | int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct, | 49 | int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct, |
50 | const char *asn1_rdn_name, const char *oid, | 50 | const char *asn1_rdn_name, const char *oid, |
51 | int raw_flag, const char *name, int sizeof_name); | 51 | int raw_flag, const char *name, int sizeof_name); |
52 | 52 | ||
53 | int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct, | 53 | int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct, |
54 | const char *asn1_rdn_name, | 54 | const char *asn1_rdn_name, |
55 | int indx, void *_oid, size_t * sizeof_oid); | 55 | int indx, void *_oid, size_t * sizeof_oid); |
56 | 56 | ||
57 | 57 | ||
58 | #endif | 58 | #endif |
diff --git a/src/daemon/https/x509/dsa.c b/src/daemon/https/x509/dsa.c index af403911..d65bcede 100644 --- a/src/daemon/https/x509/dsa.c +++ b/src/daemon/https/x509/dsa.c | |||
@@ -59,7 +59,7 @@ _gnutls_dsa_generate_params (mpi_t * resarr, int *resarr_len, int bits) | |||
59 | return GNUTLS_E_INTERNAL_ERROR; | 59 | return GNUTLS_E_INTERNAL_ERROR; |
60 | } | 60 | } |
61 | 61 | ||
62 | /* generate the DSA key | 62 | /* generate the DSA key |
63 | */ | 63 | */ |
64 | ret = gcry_pk_genkey (&key, parms); | 64 | ret = gcry_pk_genkey (&key, parms); |
65 | gcry_sexp_release (parms); | 65 | gcry_sexp_release (parms); |
diff --git a/src/daemon/https/x509/extensions.c b/src/daemon/https/x509/extensions.c index ea3891b0..5cf170af 100644 --- a/src/daemon/https/x509/extensions.c +++ b/src/daemon/https/x509/extensions.c | |||
@@ -99,11 +99,11 @@ _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert, | |||
99 | return mhd_gtls_asn2err (result); | 99 | return mhd_gtls_asn2err (result); |
100 | } | 100 | } |
101 | 101 | ||
102 | /* Handle Extension | 102 | /* Handle Extension |
103 | */ | 103 | */ |
104 | if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++) | 104 | if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++) |
105 | { | 105 | { |
106 | /* extension was found | 106 | /* extension was found |
107 | */ | 107 | */ |
108 | 108 | ||
109 | /* read the critical status. | 109 | /* read the critical status. |
@@ -170,7 +170,7 @@ _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert, | |||
170 | } | 170 | } |
171 | 171 | ||
172 | /* This function will attempt to return the requested extension OID found in | 172 | /* This function will attempt to return the requested extension OID found in |
173 | * the given X509v3 certificate. | 173 | * the given X509v3 certificate. |
174 | * | 174 | * |
175 | * If you have passed the last extension, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will | 175 | * If you have passed the last extension, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will |
176 | * be returned. | 176 | * be returned. |
@@ -223,7 +223,7 @@ _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, | |||
223 | return mhd_gtls_asn2err (result); | 223 | return mhd_gtls_asn2err (result); |
224 | } | 224 | } |
225 | 225 | ||
226 | /* Handle Extension | 226 | /* Handle Extension |
227 | */ | 227 | */ |
228 | if (indx == indx_counter++) | 228 | if (indx == indx_counter++) |
229 | { | 229 | { |
@@ -260,7 +260,7 @@ _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, | |||
260 | } | 260 | } |
261 | 261 | ||
262 | /* This function will attempt to set the requested extension in | 262 | /* This function will attempt to set the requested extension in |
263 | * the given X509v3 certificate. | 263 | * the given X509v3 certificate. |
264 | * | 264 | * |
265 | * Critical will be either 0 or 1. | 265 | * Critical will be either 0 or 1. |
266 | */ | 266 | */ |
@@ -359,7 +359,7 @@ overwrite_extension (ASN1_TYPE asn, unsigned int indx, | |||
359 | } | 359 | } |
360 | 360 | ||
361 | /* This function will attempt to overwrite the requested extension with | 361 | /* This function will attempt to overwrite the requested extension with |
362 | * the given one. | 362 | * the given one. |
363 | * | 363 | * |
364 | * Critical will be either 0 or 1. | 364 | * Critical will be either 0 or 1. |
365 | */ | 365 | */ |
@@ -414,11 +414,11 @@ _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert, | |||
414 | return mhd_gtls_asn2err (result); | 414 | return mhd_gtls_asn2err (result); |
415 | } | 415 | } |
416 | 416 | ||
417 | /* Handle Extension | 417 | /* Handle Extension |
418 | */ | 418 | */ |
419 | if (strcmp (extnID, ext_id) == 0) | 419 | if (strcmp (extnID, ext_id) == 0) |
420 | { | 420 | { |
421 | /* extension was found | 421 | /* extension was found |
422 | */ | 422 | */ |
423 | return overwrite_extension (cert->cert, k, ext_data, critical); | 423 | return overwrite_extension (cert->cert, k, ext_data, critical); |
424 | } | 424 | } |
@@ -839,7 +839,7 @@ _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size, | |||
839 | 839 | ||
840 | 840 | ||
841 | /* Creates and encodes the CRL Distribution points. data_string should be a name | 841 | /* Creates and encodes the CRL Distribution points. data_string should be a name |
842 | * and type holds the type of the name. | 842 | * and type holds the type of the name. |
843 | * reason_flags should be an or'ed sequence of GNUTLS_CRL_REASON_*. | 843 | * reason_flags should be an or'ed sequence of GNUTLS_CRL_REASON_*. |
844 | * | 844 | * |
845 | */ | 845 | */ |
diff --git a/src/daemon/https/x509/extensions.h b/src/daemon/https/x509/extensions.h index fb758c90..143775a6 100644 --- a/src/daemon/https/x509/extensions.h +++ b/src/daemon/https/x509/extensions.h | |||
@@ -23,46 +23,46 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert, | 25 | int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert, |
26 | const char *extension_id, int indx, | 26 | const char *extension_id, int indx, |
27 | gnutls_datum_t * ret, | 27 | gnutls_datum_t * ret, |
28 | unsigned int *critical); | 28 | unsigned int *critical); |
29 | 29 | ||
30 | int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, | 30 | int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, |
31 | int indx, void *ret, | 31 | int indx, void *ret, |
32 | size_t * ret_size); | 32 | size_t * ret_size); |
33 | int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage, | 33 | int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage, |
34 | opaque * extnValue, int extnValueLen); | 34 | opaque * extnValue, int extnValueLen); |
35 | int _gnutls_x509_ext_extract_basicConstraints (int *CA, | 35 | int _gnutls_x509_ext_extract_basicConstraints (int *CA, |
36 | int *pathLenConstraint, | 36 | int *pathLenConstraint, |
37 | opaque * extnValue, | 37 | opaque * extnValue, |
38 | int extnValueLen); | 38 | int extnValueLen); |
39 | int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert, | 39 | int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert, |
40 | const char *extension_id, | 40 | const char *extension_id, |
41 | const gnutls_datum_t * ext_data, | 41 | const gnutls_datum_t * ext_data, |
42 | unsigned int critical); | 42 | unsigned int critical); |
43 | int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint, | 43 | int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint, |
44 | gnutls_datum_t * der_ext); | 44 | gnutls_datum_t * der_ext); |
45 | int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext); | 45 | int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext); |
46 | int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t | 46 | int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t |
47 | type, const char *data_string, | 47 | type, const char *data_string, |
48 | gnutls_datum_t * der_ext); | 48 | gnutls_datum_t * der_ext); |
49 | int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t | 49 | int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t |
50 | type, const void *data_string, | 50 | type, const void *data_string, |
51 | unsigned int reason_flags, | 51 | unsigned int reason_flags, |
52 | gnutls_datum_t * der_ext); | 52 | gnutls_datum_t * der_ext); |
53 | int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size, | 53 | int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size, |
54 | gnutls_datum_t * der_data); | 54 | gnutls_datum_t * der_data); |
55 | int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size, | 55 | int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size, |
56 | gnutls_datum_t * der_data); | 56 | gnutls_datum_t * der_data); |
57 | 57 | ||
58 | int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint, | 58 | int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint, |
59 | char **policyLanguage, | 59 | char **policyLanguage, |
60 | char **policy, | 60 | char **policy, |
61 | size_t *sizeof_policy, | 61 | size_t * sizeof_policy, |
62 | opaque * extnValue, | 62 | opaque * extnValue, |
63 | int extnValueLen); | 63 | int extnValueLen); |
64 | int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint, | 64 | int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint, |
65 | const char *policyLanguage, | 65 | const char *policyLanguage, |
66 | const char *policy, | 66 | const char *policy, |
67 | size_t sizeof_policy, | 67 | size_t sizeof_policy, |
68 | gnutls_datum_t * der_ext); | 68 | gnutls_datum_t * der_ext); |
diff --git a/src/daemon/https/x509/mpi.c b/src/daemon/https/x509/mpi.c index 73f091c1..c43b3dce 100644 --- a/src/daemon/https/x509/mpi.c +++ b/src/daemon/https/x509/mpi.c | |||
@@ -335,7 +335,8 @@ cleanup:asn1_delete_structure (&spk); | |||
335 | int | 335 | int |
336 | _gnutls_x509_write_sig_params (ASN1_TYPE dst, | 336 | _gnutls_x509_write_sig_params (ASN1_TYPE dst, |
337 | const char *dst_name, | 337 | const char *dst_name, |
338 | enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm, | 338 | enum MHD_GNUTLS_PublicKeyAlgorithm |
339 | pk_algorithm, | ||
339 | enum MHD_GNUTLS_HashAlgorithm dig, | 340 | enum MHD_GNUTLS_HashAlgorithm dig, |
340 | mpi_t * params, int params_size) | 341 | mpi_t * params, int params_size) |
341 | { | 342 | { |
diff --git a/src/daemon/https/x509/mpi.h b/src/daemon/https/x509/mpi.h index 30f8fd77..69e725bd 100644 --- a/src/daemon/https/x509/mpi.h +++ b/src/daemon/https/x509/mpi.h | |||
@@ -26,32 +26,32 @@ | |||
26 | #include "x509.h" | 26 | #include "x509.h" |
27 | 27 | ||
28 | int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert, | 28 | int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert, |
29 | mpi_t * params, int *params_size); | 29 | mpi_t * params, int *params_size); |
30 | int _gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params); | 30 | int _gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params); |
31 | int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, mpi_t * params); | 31 | int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, mpi_t * params); |
32 | int _gnutls_x509_read_dsa_params (opaque * der, int dersize, mpi_t * params); | 32 | int _gnutls_x509_read_dsa_params (opaque * der, int dersize, mpi_t * params); |
33 | 33 | ||
34 | int _gnutls_x509_write_rsa_params (mpi_t * params, int params_size, | 34 | int _gnutls_x509_write_rsa_params (mpi_t * params, int params_size, |
35 | gnutls_datum_t * der); | 35 | gnutls_datum_t * der); |
36 | int _gnutls_x509_write_dsa_params (mpi_t * params, int params_size, | 36 | int _gnutls_x509_write_dsa_params (mpi_t * params, int params_size, |
37 | gnutls_datum_t * der); | 37 | gnutls_datum_t * der); |
38 | int _gnutls_x509_write_dsa_public_key (mpi_t * params, int params_size, | 38 | int _gnutls_x509_write_dsa_public_key (mpi_t * params, int params_size, |
39 | gnutls_datum_t * der); | 39 | gnutls_datum_t * der); |
40 | 40 | ||
41 | int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value, | 41 | int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value, |
42 | unsigned int *ret); | 42 | unsigned int *ret); |
43 | 43 | ||
44 | int | 44 | int _gnutls_x509_read_der_int (opaque * der, int dersize, mpi_t * out); |
45 | _gnutls_x509_read_der_int (opaque * der, int dersize, mpi_t* out); | ||
46 | 45 | ||
47 | int _gnutls_x509_read_int (ASN1_TYPE node, const char *value, | 46 | int _gnutls_x509_read_int (ASN1_TYPE node, const char *value, |
48 | mpi_t * ret_mpi); | 47 | mpi_t * ret_mpi); |
49 | int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi, | 48 | int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi, |
50 | int lz); | 49 | int lz); |
51 | int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value, | 50 | int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value, |
52 | uint32_t num); | 51 | uint32_t num); |
53 | 52 | ||
54 | int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name, | 53 | int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name, |
55 | enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm, | 54 | enum MHD_GNUTLS_PublicKeyAlgorithm |
56 | enum MHD_GNUTLS_HashAlgorithm, mpi_t * params, | 55 | pk_algorithm, |
57 | int params_size); | 56 | enum MHD_GNUTLS_HashAlgorithm, |
57 | mpi_t * params, int params_size); | ||
diff --git a/src/daemon/https/x509/pkcs12.h b/src/daemon/https/x509/pkcs12.h index 3c75dff5..38131ece 100644 --- a/src/daemon/https/x509/pkcs12.h +++ b/src/daemon/https/x509/pkcs12.h | |||
@@ -28,7 +28,7 @@ | |||
28 | 28 | ||
29 | #ifdef __cplusplus | 29 | #ifdef __cplusplus |
30 | extern "C" | 30 | extern "C" |
31 | { | 31 | { |
32 | #endif | 32 | #endif |
33 | 33 | ||
34 | #include <x509.h> | 34 | #include <x509.h> |
@@ -37,15 +37,15 @@ extern "C" | |||
37 | 37 | ||
38 | /* PKCS12 structures handling | 38 | /* PKCS12 structures handling |
39 | */ | 39 | */ |
40 | struct gnutls_pkcs12_int; | 40 | struct gnutls_pkcs12_int; |
41 | 41 | ||
42 | struct gnutls_pkcs12_bag_int; | 42 | struct gnutls_pkcs12_bag_int; |
43 | typedef struct gnutls_pkcs12_int | 43 | typedef struct gnutls_pkcs12_int |
44 | { | 44 | { |
45 | ASN1_TYPE pkcs12; | 45 | ASN1_TYPE pkcs12; |
46 | } gnutls_pkcs12_int; | 46 | } gnutls_pkcs12_int; |
47 | 47 | ||
48 | typedef enum gnutls_pkcs12_bag_type_t | 48 | typedef enum gnutls_pkcs12_bag_type_t |
49 | { | 49 | { |
50 | GNUTLS_BAG_EMPTY = 0, | 50 | GNUTLS_BAG_EMPTY = 0, |
51 | 51 | ||
@@ -57,7 +57,7 @@ typedef enum gnutls_pkcs12_bag_type_t | |||
57 | GNUTLS_BAG_UNKNOWN = 20 | 57 | GNUTLS_BAG_UNKNOWN = 20 |
58 | } gnutls_pkcs12_bag_type_t; | 58 | } gnutls_pkcs12_bag_type_t; |
59 | 59 | ||
60 | struct bag_element | 60 | struct bag_element |
61 | { | 61 | { |
62 | gnutls_datum_t data; | 62 | gnutls_datum_t data; |
63 | gnutls_pkcs12_bag_type_t type; | 63 | gnutls_pkcs12_bag_type_t type; |
@@ -65,7 +65,7 @@ struct bag_element | |||
65 | char *friendly_name; | 65 | char *friendly_name; |
66 | }; | 66 | }; |
67 | 67 | ||
68 | typedef struct gnutls_pkcs12_bag_int | 68 | typedef struct gnutls_pkcs12_bag_int |
69 | { | 69 | { |
70 | struct bag_element element[MAX_BAG_ELEMENTS]; | 70 | struct bag_element element[MAX_BAG_ELEMENTS]; |
71 | int bag_elements; | 71 | int bag_elements; |
@@ -75,68 +75,54 @@ typedef struct gnutls_pkcs12_bag_int | |||
75 | #define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20" | 75 | #define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20" |
76 | #define KEY_ID_OID "1.2.840.113549.1.9.21" | 76 | #define KEY_ID_OID "1.2.840.113549.1.9.21" |
77 | 77 | ||
78 | typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t; | 78 | typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t; |
79 | typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t; | 79 | typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t; |
80 | 80 | ||
81 | int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12); | 81 | int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12); |
82 | void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12); | 82 | void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12); |
83 | int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, | 83 | int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12, |
84 | const gnutls_datum_t * data, | 84 | const gnutls_datum_t * data, |
85 | gnutls_x509_crt_fmt_t format, | 85 | gnutls_x509_crt_fmt_t format, unsigned int flags); |
86 | unsigned int flags); | 86 | int gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12, |
87 | int gnutls_pkcs12_export(gnutls_pkcs12_t pkcs12, | 87 | gnutls_x509_crt_fmt_t format, |
88 | gnutls_x509_crt_fmt_t format, | 88 | void *output_data, size_t * output_data_size); |
89 | void *output_data, | 89 | |
90 | size_t * output_data_size); | 90 | int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12, |
91 | 91 | int indx, gnutls_pkcs12_bag_t bag); | |
92 | int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, | 92 | int gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag); |
93 | int indx, | 93 | |
94 | gnutls_pkcs12_bag_t bag); | 94 | int gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass); |
95 | int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, | 95 | int gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass); |
96 | gnutls_pkcs12_bag_t bag); | 96 | |
97 | 97 | int gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass); | |
98 | int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12, | 98 | int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, |
99 | const char *pass); | 99 | const char *pass, unsigned int flags); |
100 | int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, | 100 | |
101 | const char *pass); | 101 | gnutls_pkcs12_bag_type_t gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t |
102 | 102 | bag, int indx); | |
103 | int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag, | 103 | int gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, |
104 | const char *pass); | 104 | int indx, gnutls_datum_t * data); |
105 | int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag, | 105 | int gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag, |
106 | const char *pass, | 106 | gnutls_pkcs12_bag_type_t type, |
107 | unsigned int flags); | 107 | const gnutls_datum_t * data); |
108 | 108 | int gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, | |
109 | gnutls_pkcs12_bag_type_t gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag_t | 109 | gnutls_x509_crl_t crl); |
110 | bag, | 110 | int gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag, |
111 | int indx); | 111 | gnutls_x509_crt_t crt); |
112 | int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, | 112 | |
113 | int indx, | 113 | int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag); |
114 | gnutls_datum_t * data); | 114 | void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag); |
115 | int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag, | 115 | int gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag); |
116 | gnutls_pkcs12_bag_type_t type, | 116 | |
117 | const gnutls_datum_t * data); | 117 | int gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, |
118 | int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag, | 118 | int indx, gnutls_datum_t * id); |
119 | gnutls_x509_crl_t crl); | 119 | int gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, |
120 | int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag, | 120 | int indx, const gnutls_datum_t * id); |
121 | gnutls_x509_crt_t crt); | 121 | |
122 | 122 | int gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, | |
123 | int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag); | 123 | int indx, char **name); |
124 | void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag); | 124 | int gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, |
125 | int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag); | 125 | int indx, const char *name); |
126 | |||
127 | int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, | ||
128 | int indx, | ||
129 | gnutls_datum_t * id); | ||
130 | int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, | ||
131 | int indx, | ||
132 | const gnutls_datum_t * id); | ||
133 | |||
134 | int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag, | ||
135 | int indx, | ||
136 | char **name); | ||
137 | int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag, | ||
138 | int indx, | ||
139 | const char *name); | ||
140 | 126 | ||
141 | #ifdef __cplusplus | 127 | #ifdef __cplusplus |
142 | } | 128 | } |
@@ -152,56 +138,48 @@ int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag, | |||
152 | #define DATA_OID "1.2.840.113549.1.7.1" | 138 | #define DATA_OID "1.2.840.113549.1.7.1" |
153 | #define ENC_DATA_OID "1.2.840.113549.1.7.6" | 139 | #define ENC_DATA_OID "1.2.840.113549.1.7.6" |
154 | 140 | ||
155 | int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12); | 141 | int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12); |
156 | void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12); | 142 | void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12); |
157 | int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, | 143 | int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12, |
158 | const gnutls_datum_t * data, | 144 | const gnutls_datum_t * data, |
159 | gnutls_x509_crt_fmt_t format, | 145 | gnutls_x509_crt_fmt_t format, unsigned int flags); |
160 | unsigned int flags); | ||
161 | 146 | ||
162 | int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, | 147 | int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12, |
163 | int indx, | 148 | int indx, gnutls_pkcs12_bag_t bag); |
164 | gnutls_pkcs12_bag_t bag); | ||
165 | 149 | ||
166 | int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag); | 150 | int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag); |
167 | void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag); | 151 | void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag); |
168 | 152 | ||
169 | int _pkcs12_string_to_key(unsigned int id, | 153 | int _pkcs12_string_to_key (unsigned int id, |
170 | const opaque * salt, | 154 | const opaque * salt, |
171 | unsigned int salt_size, | 155 | unsigned int salt_size, |
172 | unsigned int iter, | 156 | unsigned int iter, |
173 | const char *pw, | 157 | const char *pw, |
174 | unsigned int req_keylen, | 158 | unsigned int req_keylen, opaque * keybuf); |
175 | opaque * keybuf); | ||
176 | 159 | ||
177 | int _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, | 160 | int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data, |
178 | const char *password, | 161 | const char *password, gnutls_datum_t * dec); |
179 | gnutls_datum_t * dec); | ||
180 | 162 | ||
181 | typedef enum schema_id | 163 | typedef enum schema_id |
182 | { | 164 | { |
183 | PBES2, /* the stuff in PKCS #5 */ | 165 | PBES2, /* the stuff in PKCS #5 */ |
184 | PKCS12_3DES_SHA1, /* the fucking stuff in PKCS #12 */ | 166 | PKCS12_3DES_SHA1, /* the fucking stuff in PKCS #12 */ |
185 | PKCS12_ARCFOUR_SHA1, | 167 | PKCS12_ARCFOUR_SHA1, |
186 | PKCS12_RC2_40_SHA1 | 168 | PKCS12_RC2_40_SHA1 |
187 | } schema_id; | 169 | } schema_id; |
188 | 170 | ||
189 | int _gnutls_pkcs7_encrypt_data(schema_id schema, | 171 | int _gnutls_pkcs7_encrypt_data (schema_id schema, |
190 | const gnutls_datum_t * data, | 172 | const gnutls_datum_t * data, |
191 | const char *password, | 173 | const char *password, gnutls_datum_t * enc); |
192 | gnutls_datum_t * enc); | 174 | int _pkcs12_decode_safe_contents (const gnutls_datum_t * content, |
193 | int _pkcs12_decode_safe_contents(const gnutls_datum_t * content, | 175 | gnutls_pkcs12_bag_t bag); |
194 | gnutls_pkcs12_bag_t bag); | 176 | |
195 | 177 | int _pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, | |
196 | int _pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, | 178 | ASN1_TYPE * content, int *enc); |
197 | ASN1_TYPE * content, | 179 | |
198 | int *enc); | 180 | int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type, |
199 | 181 | const gnutls_datum_t * in, gnutls_datum_t * out); | |
200 | int _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, | 182 | int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type, |
201 | const gnutls_datum_t * in, | 183 | const gnutls_datum_t * raw, gnutls_datum_t * out); |
202 | gnutls_datum_t * out); | 184 | |
203 | int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, | 185 | #endif /* GNUTLS_PKCS12_H */ |
204 | const gnutls_datum_t * raw, | ||
205 | gnutls_datum_t * out); | ||
206 | |||
207 | #endif /* GNUTLS_PKCS12_H */ | ||
diff --git a/src/daemon/https/x509/pkcs12_bag.c b/src/daemon/https/x509/pkcs12_bag.c index 780dfb52..63b290bc 100644 --- a/src/daemon/https/x509/pkcs12_bag.c +++ b/src/daemon/https/x509/pkcs12_bag.c | |||
@@ -80,7 +80,7 @@ _pkcs12_bag_free_data (gnutls_pkcs12_bag_t bag) | |||
80 | * gnutls_pkcs12_bag_deinit - This function deinitializes memory used by a gnutls_pkcs12_t structure | 80 | * gnutls_pkcs12_bag_deinit - This function deinitializes memory used by a gnutls_pkcs12_t structure |
81 | * @bag: The structure to be initialized | 81 | * @bag: The structure to be initialized |
82 | * | 82 | * |
83 | * This function will deinitialize a PKCS12 Bag structure. | 83 | * This function will deinitialize a PKCS12 Bag structure. |
84 | * | 84 | * |
85 | **/ | 85 | **/ |
86 | void | 86 | void |
@@ -121,7 +121,7 @@ gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx) | |||
121 | * gnutls_pkcs12_bag_get_count - This function returns the bag's elements count | 121 | * gnutls_pkcs12_bag_get_count - This function returns the bag's elements count |
122 | * @bag: The bag | 122 | * @bag: The bag |
123 | * | 123 | * |
124 | * This function will return the number of the elements withing the bag. | 124 | * This function will return the number of the elements withing the bag. |
125 | * | 125 | * |
126 | **/ | 126 | **/ |
127 | int | 127 | int |
@@ -332,7 +332,7 @@ cleanup: | |||
332 | * @data: the data to be copied. | 332 | * @data: the data to be copied. |
333 | * | 333 | * |
334 | * This function will insert the given data of the given type into the | 334 | * This function will insert the given data of the given type into the |
335 | * bag. | 335 | * bag. |
336 | * | 336 | * |
337 | * Returns the index of the added bag on success, or a negative | 337 | * Returns the index of the added bag on success, or a negative |
338 | * value on error. | 338 | * value on error. |
@@ -475,7 +475,7 @@ gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl) | |||
475 | * This function will add the given key ID, to the specified, by the index, bag | 475 | * This function will add the given key ID, to the specified, by the index, bag |
476 | * element. The key ID will be encoded as a 'Local key identifier' bag attribute, | 476 | * element. The key ID will be encoded as a 'Local key identifier' bag attribute, |
477 | * which is usually used to distinguish the local private key and the certificate pair. | 477 | * which is usually used to distinguish the local private key and the certificate pair. |
478 | * | 478 | * |
479 | * Returns 0 on success, or a negative value on error. | 479 | * Returns 0 on success, or a negative value on error. |
480 | * | 480 | * |
481 | **/ | 481 | **/ |
@@ -518,7 +518,7 @@ gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx, | |||
518 | * | 518 | * |
519 | * This function will return the key ID, of the specified bag element. | 519 | * This function will return the key ID, of the specified bag element. |
520 | * The key ID is usually used to distinguish the local private key and the certificate pair. | 520 | * The key ID is usually used to distinguish the local private key and the certificate pair. |
521 | * | 521 | * |
522 | * Returns 0 on success, or a negative value on error. | 522 | * Returns 0 on success, or a negative value on error. |
523 | * | 523 | * |
524 | **/ | 524 | **/ |
@@ -552,7 +552,7 @@ gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx, | |||
552 | * | 552 | * |
553 | * This function will return the friendly name, of the specified bag element. | 553 | * This function will return the friendly name, of the specified bag element. |
554 | * The key ID is usually used to distinguish the local private key and the certificate pair. | 554 | * The key ID is usually used to distinguish the local private key and the certificate pair. |
555 | * | 555 | * |
556 | * Returns 0 on success, or a negative value on error. | 556 | * Returns 0 on success, or a negative value on error. |
557 | * | 557 | * |
558 | **/ | 558 | **/ |
@@ -587,7 +587,7 @@ gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx, | |||
587 | * This function will add the given key friendly name, to the specified, by the index, bag | 587 | * This function will add the given key friendly name, to the specified, by the index, bag |
588 | * element. The name will be encoded as a 'Friendly name' bag attribute, | 588 | * element. The name will be encoded as a 'Friendly name' bag attribute, |
589 | * which is usually used to set a user name to the local private key and the certificate pair. | 589 | * which is usually used to set a user name to the local private key and the certificate pair. |
590 | * | 590 | * |
591 | * Returns 0 on success, or a negative value on error. | 591 | * Returns 0 on success, or a negative value on error. |
592 | * | 592 | * |
593 | **/ | 593 | **/ |
@@ -752,7 +752,7 @@ gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass, | |||
752 | return ret; | 752 | return ret; |
753 | } | 753 | } |
754 | 754 | ||
755 | /* encryption succeeded. | 755 | /* encryption succeeded. |
756 | */ | 756 | */ |
757 | 757 | ||
758 | _pkcs12_bag_free_data (bag); | 758 | _pkcs12_bag_free_data (bag); |
diff --git a/src/daemon/https/x509/pkcs7.c b/src/daemon/https/x509/pkcs7.c index 3cef67c2..6af89425 100644 --- a/src/daemon/https/x509/pkcs7.c +++ b/src/daemon/https/x509/pkcs7.c | |||
@@ -40,7 +40,7 @@ | |||
40 | 40 | ||
41 | #define SIGNED_DATA_OID "1.2.840.113549.1.7.2" | 41 | #define SIGNED_DATA_OID "1.2.840.113549.1.7.2" |
42 | 42 | ||
43 | /* Decodes the PKCS #7 signed data, and returns an ASN1_TYPE, | 43 | /* Decodes the PKCS #7 signed data, and returns an ASN1_TYPE, |
44 | * which holds them. If raw is non null then the raw decoded | 44 | * which holds them. If raw is non null then the raw decoded |
45 | * data are copied (they are locally allocated) there. | 45 | * data are copied (they are locally allocated) there. |
46 | */ | 46 | */ |
@@ -175,7 +175,7 @@ gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7) | |||
175 | * gnutls_pkcs7_deinit - This function deinitializes memory used by a gnutls_pkcs7_t structure | 175 | * gnutls_pkcs7_deinit - This function deinitializes memory used by a gnutls_pkcs7_t structure |
176 | * @pkcs7: The structure to be initialized | 176 | * @pkcs7: The structure to be initialized |
177 | * | 177 | * |
178 | * This function will deinitialize a PKCS7 structure. | 178 | * This function will deinitialize a PKCS7 structure. |
179 | * | 179 | * |
180 | **/ | 180 | **/ |
181 | void | 181 | void |
@@ -298,7 +298,7 @@ gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, | |||
298 | return result; | 298 | return result; |
299 | } | 299 | } |
300 | 300 | ||
301 | /* Step 2. Parse the CertificateSet | 301 | /* Step 2. Parse the CertificateSet |
302 | */ | 302 | */ |
303 | 303 | ||
304 | snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1); | 304 | snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1); |
@@ -320,7 +320,7 @@ gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, | |||
320 | goto cleanup; | 320 | goto cleanup; |
321 | } | 321 | } |
322 | 322 | ||
323 | /* if 'Certificate' is the choice found: | 323 | /* if 'Certificate' is the choice found: |
324 | */ | 324 | */ |
325 | if (strcmp (oid, "certificate") == 0) | 325 | if (strcmp (oid, "certificate") == 0) |
326 | { | 326 | { |
@@ -369,7 +369,7 @@ cleanup: | |||
369 | * gnutls_pkcs7_get_crt_count - This function returns the number of certificates in a PKCS7 certificate set | 369 | * gnutls_pkcs7_get_crt_count - This function returns the number of certificates in a PKCS7 certificate set |
370 | * @pkcs7_struct: should contain a gnutls_pkcs7_t structure | 370 | * @pkcs7_struct: should contain a gnutls_pkcs7_t structure |
371 | * | 371 | * |
372 | * This function will return the number of certifcates in the PKCS7 or | 372 | * This function will return the number of certifcates in the PKCS7 or |
373 | * RFC2630 certificate set. | 373 | * RFC2630 certificate set. |
374 | * | 374 | * |
375 | * Returns a negative value on failure. | 375 | * Returns a negative value on failure. |
@@ -755,12 +755,12 @@ gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7, | |||
755 | return result; | 755 | return result; |
756 | } | 756 | } |
757 | 757 | ||
758 | /* Step 2. Parse the CertificateSet | 758 | /* Step 2. Parse the CertificateSet |
759 | */ | 759 | */ |
760 | 760 | ||
761 | snprintf (root2, sizeof (root2), "crls.?%u", indx + 1); | 761 | snprintf (root2, sizeof (root2), "crls.?%u", indx + 1); |
762 | 762 | ||
763 | /* Get the raw CRL | 763 | /* Get the raw CRL |
764 | */ | 764 | */ |
765 | result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size, | 765 | result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size, |
766 | root2, &start, &end); | 766 | root2, &start, &end); |
@@ -799,7 +799,7 @@ cleanup: | |||
799 | * gnutls_pkcs7_get_crl_count - This function returns the number of crls in a PKCS7 crl set | 799 | * gnutls_pkcs7_get_crl_count - This function returns the number of crls in a PKCS7 crl set |
800 | * @pkcs7_struct: should contain a gnutls_pkcs7_t structure | 800 | * @pkcs7_struct: should contain a gnutls_pkcs7_t structure |
801 | * | 801 | * |
802 | * This function will return the number of certifcates in the PKCS7 or | 802 | * This function will return the number of certifcates in the PKCS7 or |
803 | * RFC2630 crl set. | 803 | * RFC2630 crl set. |
804 | * | 804 | * |
805 | * Returns a negative value on failure. | 805 | * Returns a negative value on failure. |
diff --git a/src/daemon/https/x509/privkey.h b/src/daemon/https/x509/privkey.h index 6e645b9d..59dc936b 100644 --- a/src/daemon/https/x509/privkey.h +++ b/src/daemon/https/x509/privkey.h | |||
@@ -25,7 +25,7 @@ | |||
25 | #include "x509.h" | 25 | #include "x509.h" |
26 | 26 | ||
27 | ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * | 27 | ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * |
28 | raw_key, | 28 | raw_key, |
29 | gnutls_x509_privkey_t pkey); | 29 | gnutls_x509_privkey_t pkey); |
30 | 30 | ||
31 | int _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params); | 31 | int _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params); |
diff --git a/src/daemon/https/x509/privkey_pkcs8.c b/src/daemon/https/x509/privkey_pkcs8.c index fa5b5c43..8b92f266 100644 --- a/src/daemon/https/x509/privkey_pkcs8.c +++ b/src/daemon/https/x509/privkey_pkcs8.c | |||
@@ -1284,7 +1284,7 @@ error: | |||
1284 | /* Converts an OID to a gnutls cipher type. | 1284 | /* Converts an OID to a gnutls cipher type. |
1285 | */ | 1285 | */ |
1286 | inline static int | 1286 | inline static int |
1287 | oid2cipher (const char *oid, enum MHD_GNUTLS_CipherAlgorithm * algo) | 1287 | oid2cipher (const char *oid, enum MHD_GNUTLS_CipherAlgorithm *algo) |
1288 | { | 1288 | { |
1289 | 1289 | ||
1290 | *algo = 0; | 1290 | *algo = 0; |
diff --git a/src/daemon/https/x509/sign.c b/src/daemon/https/x509/sign.c index 9a548665..2d367732 100644 --- a/src/daemon/https/x509/sign.c +++ b/src/daemon/https/x509/sign.c | |||
@@ -132,8 +132,9 @@ encode_ber_digest_info (enum MHD_GNUTLS_HashAlgorithm hash, | |||
132 | * params[1] is public key | 132 | * params[1] is public key |
133 | */ | 133 | */ |
134 | static int | 134 | static int |
135 | pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, const gnutls_datum_t * text, | 135 | pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, |
136 | mpi_t * params, int params_len, gnutls_datum_t * signature) | 136 | const gnutls_datum_t * text, mpi_t * params, int params_len, |
137 | gnutls_datum_t * signature) | ||
137 | { | 138 | { |
138 | int ret; | 139 | int ret; |
139 | opaque _digest[MAX_HASH_SIZE]; | 140 | opaque _digest[MAX_HASH_SIZE]; |
@@ -163,7 +164,7 @@ pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, const gnutls_datum_t * text, | |||
163 | 164 | ||
164 | if ((ret = | 165 | if ((ret = |
165 | mhd_gtls_sign (MHD_GNUTLS_PK_RSA, params, params_len, &info, | 166 | mhd_gtls_sign (MHD_GNUTLS_PK_RSA, params, params_len, &info, |
166 | signature)) < 0) | 167 | signature)) < 0) |
167 | { | 168 | { |
168 | gnutls_assert (); | 169 | gnutls_assert (); |
169 | _gnutls_free_datum (&info); | 170 | _gnutls_free_datum (&info); |
@@ -179,7 +180,7 @@ pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, const gnutls_datum_t * text, | |||
179 | * private key. | 180 | * private key. |
180 | * | 181 | * |
181 | * returns 0 on success. | 182 | * returns 0 on success. |
182 | * | 183 | * |
183 | * 'tbs' is the data to be signed | 184 | * 'tbs' is the data to be signed |
184 | * 'signature' will hold the signature! | 185 | * 'signature' will hold the signature! |
185 | * 'hash' is only used in PKCS1 RSA signing. | 186 | * 'hash' is only used in PKCS1 RSA signing. |
@@ -327,7 +328,7 @@ _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, | |||
327 | } | 328 | } |
328 | 329 | ||
329 | /* Step 3. Move up and write the AlgorithmIdentifier, which is also | 330 | /* Step 3. Move up and write the AlgorithmIdentifier, which is also |
330 | * the same. | 331 | * the same. |
331 | */ | 332 | */ |
332 | 333 | ||
333 | result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm", | 334 | result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm", |
diff --git a/src/daemon/https/x509/sign.h b/src/daemon/https/x509/sign.h index c7da9e2e..86d9859c 100644 --- a/src/daemon/https/x509/sign.h +++ b/src/daemon/https/x509/sign.h | |||
@@ -23,14 +23,14 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | int _gnutls_x509_sign (const gnutls_datum_t * tbs, | 25 | int _gnutls_x509_sign (const gnutls_datum_t * tbs, |
26 | enum MHD_GNUTLS_HashAlgorithm hash, | 26 | enum MHD_GNUTLS_HashAlgorithm hash, |
27 | gnutls_x509_privkey_t signer, | 27 | gnutls_x509_privkey_t signer, |
28 | gnutls_datum_t * signature); | 28 | gnutls_datum_t * signature); |
29 | int _gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name, | 29 | int _gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name, |
30 | enum MHD_GNUTLS_HashAlgorithm hash, | 30 | enum MHD_GNUTLS_HashAlgorithm hash, |
31 | gnutls_x509_privkey_t signer, | 31 | gnutls_x509_privkey_t signer, |
32 | gnutls_datum_t * signature); | 32 | gnutls_datum_t * signature); |
33 | int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, | 33 | int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, |
34 | enum MHD_GNUTLS_HashAlgorithm, | 34 | enum MHD_GNUTLS_HashAlgorithm, |
35 | gnutls_x509_crt_t issuer, | 35 | gnutls_x509_crt_t issuer, |
36 | gnutls_x509_privkey_t issuer_key); | 36 | gnutls_x509_privkey_t issuer_key); |
diff --git a/src/daemon/https/x509/verify.h b/src/daemon/https/x509/verify.h index d7ca5151..c7e3c63d 100644 --- a/src/daemon/https/x509/verify.h +++ b/src/daemon/https/x509/verify.h | |||
@@ -25,10 +25,10 @@ | |||
25 | #include "x509.h" | 25 | #include "x509.h" |
26 | 26 | ||
27 | int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert, | 27 | int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert, |
28 | gnutls_x509_crt_t issuer); | 28 | gnutls_x509_crt_t issuer); |
29 | int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, | 29 | int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, |
30 | const gnutls_datum_t * signature, | 30 | const gnutls_datum_t * signature, |
31 | gnutls_x509_crt_t issuer); | 31 | gnutls_x509_crt_t issuer); |
32 | int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, | 32 | int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, |
33 | const gnutls_datum_t * signature, | 33 | const gnutls_datum_t * signature, |
34 | gnutls_x509_privkey_t issuer); | 34 | gnutls_x509_privkey_t issuer); |
diff --git a/src/daemon/https/x509/x509.c b/src/daemon/https/x509/x509.c index e8dff3c7..76ad46ac 100644 --- a/src/daemon/https/x509/x509.c +++ b/src/daemon/https/x509/x509.c | |||
@@ -76,7 +76,7 @@ gnutls_x509_crt_init (gnutls_x509_crt_t * cert) | |||
76 | * @dest: The structure where to copy | 76 | * @dest: The structure where to copy |
77 | * @src: The structure to be copied | 77 | * @src: The structure to be copied |
78 | * | 78 | * |
79 | * This function will copy an X.509 certificate structure. | 79 | * This function will copy an X.509 certificate structure. |
80 | * | 80 | * |
81 | * Returns 0 on success. | 81 | * Returns 0 on success. |
82 | * | 82 | * |
@@ -131,7 +131,7 @@ _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src) | |||
131 | * gnutls_x509_crt_deinit - This function deinitializes memory used by a gnutls_x509_crt_t structure | 131 | * gnutls_x509_crt_deinit - This function deinitializes memory used by a gnutls_x509_crt_t structure |
132 | * @cert: The structure to be initialized | 132 | * @cert: The structure to be initialized |
133 | * | 133 | * |
134 | * This function will deinitialize a CRL structure. | 134 | * This function will deinitialize a CRL structure. |
135 | * | 135 | * |
136 | **/ | 136 | **/ |
137 | void | 137 | void |
@@ -456,8 +456,8 @@ gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, | |||
456 | * gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm | 456 | * gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm |
457 | * @cert: should contain a gnutls_x509_crt_t structure | 457 | * @cert: should contain a gnutls_x509_crt_t structure |
458 | * | 458 | * |
459 | * This function will return a value of the gnutls_sign_algorithm_t enumeration that | 459 | * This function will return a value of the gnutls_sign_algorithm_t enumeration that |
460 | * is the signature algorithm. | 460 | * is the signature algorithm. |
461 | * | 461 | * |
462 | * Returns a negative value on error. | 462 | * Returns a negative value on error. |
463 | * | 463 | * |
@@ -635,11 +635,11 @@ gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert) | |||
635 | * @result: The place where the serial number will be copied | 635 | * @result: The place where the serial number will be copied |
636 | * @result_size: Holds the size of the result field. | 636 | * @result_size: Holds the size of the result field. |
637 | * | 637 | * |
638 | * This function will return the X.509 certificate's serial number. | 638 | * This function will return the X.509 certificate's serial number. |
639 | * This is obtained by the X509 Certificate serialNumber | 639 | * This is obtained by the X509 Certificate serialNumber |
640 | * field. Serial is not always a 32 or 64bit number. Some CAs use | 640 | * field. Serial is not always a 32 or 64bit number. Some CAs use |
641 | * large serial numbers, thus it may be wise to handle it as something | 641 | * large serial numbers, thus it may be wise to handle it as something |
642 | * opaque. | 642 | * opaque. |
643 | * | 643 | * |
644 | * Returns 0 on success and a negative value in case of an error. | 644 | * Returns 0 on success and a negative value in case of an error. |
645 | * | 645 | * |
@@ -680,7 +680,7 @@ gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, | |||
680 | * | 680 | * |
681 | * This function will return the X.509v3 certificate's subject key identifier. | 681 | * This function will return the X.509v3 certificate's subject key identifier. |
682 | * This is obtained by the X.509 Subject Key identifier extension | 682 | * This is obtained by the X.509 Subject Key identifier extension |
683 | * field (2.5.29.14). | 683 | * field (2.5.29.14). |
684 | * | 684 | * |
685 | * Returns 0 on success and a negative value in case of an error. | 685 | * Returns 0 on success and a negative value in case of an error. |
686 | * | 686 | * |
@@ -850,11 +850,11 @@ gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, | |||
850 | * @cert: should contain a gnutls_x509_crt_t structure | 850 | * @cert: should contain a gnutls_x509_crt_t structure |
851 | * @bits: if bits is non null it will hold the size of the parameters' in bits | 851 | * @bits: if bits is non null it will hold the size of the parameters' in bits |
852 | * | 852 | * |
853 | * This function will return the public key algorithm of an X.509 | 853 | * This function will return the public key algorithm of an X.509 |
854 | * certificate. | 854 | * certificate. |
855 | * | 855 | * |
856 | * If bits is non null, it should have enough size to hold the parameters | 856 | * If bits is non null, it should have enough size to hold the parameters |
857 | * size in bits. For RSA the bits returned is the modulus. | 857 | * size in bits. For RSA the bits returned is the modulus. |
858 | * For DSA the bits returned are of the public | 858 | * For DSA the bits returned are of the public |
859 | * exponent. | 859 | * exponent. |
860 | * | 860 | * |
@@ -1353,7 +1353,7 @@ gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical) | |||
1353 | * @key_usage: where the key usage bits will be stored | 1353 | * @key_usage: where the key usage bits will be stored |
1354 | * @critical: will be non zero if the extension is marked as critical | 1354 | * @critical: will be non zero if the extension is marked as critical |
1355 | * | 1355 | * |
1356 | * This function will return certificate's key usage, by reading the | 1356 | * This function will return certificate's key usage, by reading the |
1357 | * keyUsage X.509 extension (2.5.29.15). The key usage value will ORed values of the: | 1357 | * keyUsage X.509 extension (2.5.29.15). The key usage value will ORed values of the: |
1358 | * GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_NON_REPUDIATION, | 1358 | * GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_NON_REPUDIATION, |
1359 | * GNUTLS_KEY_KEY_ENCIPHERMENT, GNUTLS_KEY_DATA_ENCIPHERMENT, | 1359 | * GNUTLS_KEY_KEY_ENCIPHERMENT, GNUTLS_KEY_DATA_ENCIPHERMENT, |
@@ -1547,7 +1547,7 @@ gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, | |||
1547 | * The extension OID will be stored as a string in the provided buffer. | 1547 | * The extension OID will be stored as a string in the provided buffer. |
1548 | * | 1548 | * |
1549 | * A negative value may be returned in case of parsing error. | 1549 | * A negative value may be returned in case of parsing error. |
1550 | * If your have reached the last extension available | 1550 | * If your have reached the last extension available |
1551 | * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. | 1551 | * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. |
1552 | * | 1552 | * |
1553 | **/ | 1553 | **/ |
@@ -2166,7 +2166,7 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, | |||
2166 | } | 2166 | } |
2167 | 2167 | ||
2168 | result = MHD_gnutls_fingerprint (MHD_GNUTLS_MAC_SHA1, &pubkey, output_data, | 2168 | result = MHD_gnutls_fingerprint (MHD_GNUTLS_MAC_SHA1, &pubkey, output_data, |
2169 | output_data_size); | 2169 | output_data_size); |
2170 | 2170 | ||
2171 | gnutls_afree (pubkey.data); | 2171 | gnutls_afree (pubkey.data); |
2172 | 2172 | ||
@@ -2813,7 +2813,7 @@ gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, | |||
2813 | } | 2813 | } |
2814 | } | 2814 | } |
2815 | 2815 | ||
2816 | /* now we move ptr after the pem header | 2816 | /* now we move ptr after the pem header |
2817 | */ | 2817 | */ |
2818 | ptr++; | 2818 | ptr++; |
2819 | /* find the next certificate (if any) | 2819 | /* find the next certificate (if any) |
diff --git a/src/daemon/https/x509/x509.h b/src/daemon/https/x509/x509.h index f779759f..d718767a 100644 --- a/src/daemon/https/x509/x509.h +++ b/src/daemon/https/x509/x509.h | |||
@@ -29,7 +29,7 @@ | |||
29 | 29 | ||
30 | #ifdef __cplusplus | 30 | #ifdef __cplusplus |
31 | extern "C" | 31 | extern "C" |
32 | { | 32 | { |
33 | #endif | 33 | #endif |
34 | 34 | ||
35 | #include <gnutls.h> | 35 | #include <gnutls.h> |
@@ -78,7 +78,7 @@ extern "C" | |||
78 | 78 | ||
79 | /* Certificate handling functions. | 79 | /* Certificate handling functions. |
80 | */ | 80 | */ |
81 | typedef enum gnutls_certificate_import_flags | 81 | typedef enum gnutls_certificate_import_flags |
82 | { | 82 | { |
83 | /* Fail if the certificates in the buffer are more than the space | 83 | /* Fail if the certificates in the buffer are more than the space |
84 | * allocated for certificates. The error code will be | 84 | * allocated for certificates. The error code will be |
@@ -87,71 +87,61 @@ typedef enum gnutls_certificate_import_flags | |||
87 | GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1 | 87 | GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1 |
88 | } gnutls_certificate_import_flags; | 88 | } gnutls_certificate_import_flags; |
89 | 89 | ||
90 | int gnutls_x509_crt_init(gnutls_x509_crt_t * cert); | 90 | int gnutls_x509_crt_init (gnutls_x509_crt_t * cert); |
91 | void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert); | 91 | void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert); |
92 | int gnutls_x509_crt_import(gnutls_x509_crt_t cert, | 92 | int gnutls_x509_crt_import (gnutls_x509_crt_t cert, |
93 | const gnutls_datum_t * data, | 93 | const gnutls_datum_t * data, |
94 | gnutls_x509_crt_fmt_t format); | 94 | gnutls_x509_crt_fmt_t format); |
95 | int gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs, | 95 | int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, |
96 | unsigned int *cert_max, | 96 | unsigned int *cert_max, |
97 | const gnutls_datum_t * data, | 97 | const gnutls_datum_t * data, |
98 | gnutls_x509_crt_fmt_t format, | 98 | gnutls_x509_crt_fmt_t format, |
99 | unsigned int flags); | 99 | unsigned int flags); |
100 | int gnutls_x509_crt_export(gnutls_x509_crt_t cert, | 100 | int gnutls_x509_crt_export (gnutls_x509_crt_t cert, |
101 | gnutls_x509_crt_fmt_t format, | 101 | gnutls_x509_crt_fmt_t format, |
102 | void *output_data, | 102 | void *output_data, size_t * output_data_size); |
103 | size_t * output_data_size); | 103 | int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, |
104 | int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, | 104 | char *buf, size_t * sizeof_buf); |
105 | char *buf, | 105 | int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, |
106 | size_t * sizeof_buf); | ||
107 | int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert, | ||
108 | int indx, | ||
109 | void *oid, | ||
110 | size_t * sizeof_oid); | ||
111 | int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, | ||
112 | const char *oid, | ||
113 | int indx, | 106 | int indx, |
114 | unsigned int raw_flag, | 107 | void *oid, size_t * sizeof_oid); |
115 | void *buf, | 108 | int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, |
116 | size_t * sizeof_buf); | 109 | const char *oid, |
117 | int gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, | 110 | int indx, |
118 | char *buf, | 111 | unsigned int raw_flag, |
119 | size_t * sizeof_buf); | 112 | void *buf, size_t * sizeof_buf); |
120 | int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, | 113 | int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, |
121 | int indx, | 114 | char *buf, size_t * sizeof_buf); |
122 | void *oid, | 115 | int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, |
123 | size_t * sizeof_oid); | 116 | int indx, void *oid, size_t * sizeof_oid); |
124 | int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, | 117 | int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, |
125 | const char *oid, | 118 | const char *oid, |
126 | int indx, | 119 | int indx, |
127 | unsigned int raw_flag, | 120 | unsigned int raw_flag, |
128 | void *buf, | 121 | void *buf, size_t * sizeof_buf); |
129 | size_t * sizeof_buf); | 122 | int gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert, |
130 | int gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert, | 123 | const char *hostname); |
131 | const char *hostname); | 124 | |
132 | 125 | int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert); | |
133 | int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert); | 126 | int gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert, |
134 | int gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert, | 127 | char *sig, size_t * sizeof_sig); |
135 | char *sig, | 128 | int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert); |
136 | size_t *sizeof_sig); | 129 | int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, |
137 | int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert); | 130 | unsigned int flags, |
138 | int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, | 131 | unsigned char *output_data, |
139 | unsigned int flags, | 132 | size_t * output_data_size); |
140 | unsigned char *output_data, | 133 | |
141 | size_t * output_data_size); | 134 | int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert, |
142 | 135 | const void *id, size_t id_size); | |
143 | int gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert, | 136 | int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, |
144 | const void *id, | 137 | void *ret, |
145 | size_t id_size); | 138 | size_t * ret_size, |
146 | int gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, | 139 | unsigned int *critical); |
147 | void *ret, | 140 | |
148 | size_t * ret_size, | 141 | int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, |
149 | unsigned int *critical); | 142 | void *ret, |
150 | 143 | size_t * ret_size, | |
151 | int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, | 144 | unsigned int *critical); |
152 | void *ret, | ||
153 | size_t * ret_size, | ||
154 | unsigned int *critical); | ||
155 | 145 | ||
156 | #define GNUTLS_CRL_REASON_UNUSED 128 | 146 | #define GNUTLS_CRL_REASON_UNUSED 128 |
157 | #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 | 147 | #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 |
@@ -163,336 +153,303 @@ int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, | |||
163 | #define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 | 153 | #define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 |
164 | #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 | 154 | #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 |
165 | 155 | ||
166 | int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert, | 156 | int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert, |
167 | unsigned int seq, | 157 | unsigned int seq, |
168 | void *ret, | 158 | void *ret, |
169 | size_t * ret_size, | 159 | size_t * ret_size, |
170 | unsigned int *reason_flags, | 160 | unsigned int *reason_flags, |
171 | unsigned int *critical); | 161 | unsigned int *critical); |
172 | int gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt, | 162 | int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt, |
173 | gnutls_x509_subject_alt_name_t | 163 | gnutls_x509_subject_alt_name_t |
174 | type, | 164 | type, |
175 | const void *data_string, | 165 | const void *data_string, |
176 | unsigned int reason_flags); | 166 | unsigned int reason_flags); |
177 | int gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst, | 167 | int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst, |
178 | gnutls_x509_crt_t src); | 168 | gnutls_x509_crt_t src); |
179 | 169 | ||
180 | time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert); | 170 | time_t gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert); |
181 | time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert); | 171 | time_t gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert); |
182 | int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, | 172 | int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, |
183 | void *result, | 173 | void *result, size_t * result_size); |
184 | size_t * result_size); | 174 | |
185 | 175 | int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, | |
186 | int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, | 176 | unsigned int *bits); |
187 | unsigned int *bits); | 177 | int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt, |
188 | int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, | 178 | gnutls_datum_t * m, gnutls_datum_t * e); |
189 | gnutls_datum_t * m, | 179 | int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt, |
190 | gnutls_datum_t * e); | 180 | gnutls_datum_t * p, |
191 | int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt, | 181 | gnutls_datum_t * q, |
192 | gnutls_datum_t * p, | 182 | gnutls_datum_t * g, gnutls_datum_t * y); |
193 | gnutls_datum_t * q, | 183 | |
194 | gnutls_datum_t * g, | 184 | int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, |
195 | gnutls_datum_t * y); | 185 | unsigned int seq, |
196 | 186 | void *ret, | |
197 | int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, | 187 | size_t * ret_size, |
198 | unsigned int seq, | 188 | unsigned int *critical); |
199 | void *ret, | 189 | int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert, |
200 | size_t * ret_size, | 190 | unsigned int seq, |
201 | unsigned int *critical); | 191 | void *ret, |
202 | int gnutls_x509_crt_get_subject_alt_name2(gnutls_x509_crt_t cert, | 192 | size_t * ret_size, |
203 | unsigned int seq, | 193 | unsigned int *ret_type, |
204 | void *ret, | 194 | unsigned int *critical); |
205 | size_t * ret_size, | 195 | |
206 | unsigned int* ret_type, | 196 | int gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert, |
207 | unsigned int *critical); | 197 | unsigned int seq, |
208 | 198 | void *ret, | |
209 | int gnutls_x509_crt_get_subject_alt_othername_oid(gnutls_x509_crt_t cert, | 199 | size_t * ret_size); |
210 | unsigned int seq, | 200 | |
211 | void *ret, | 201 | int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, |
212 | size_t * ret_size); | 202 | unsigned int *critical); |
213 | 203 | int gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert, | |
214 | int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, | 204 | unsigned int *critical, |
215 | unsigned int *critical); | 205 | int *ca, int *pathlen); |
216 | int gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert, | ||
217 | unsigned int *critical, | ||
218 | int *ca, | ||
219 | int *pathlen); | ||
220 | 206 | ||
221 | /* The key_usage flags are defined in gnutls.h. They are the | 207 | /* The key_usage flags are defined in gnutls.h. They are the |
222 | * GNUTLS_KEY_* definitions. | 208 | * GNUTLS_KEY_* definitions. |
223 | */ | 209 | */ |
224 | int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, | 210 | int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, |
225 | unsigned int *key_usage, | 211 | unsigned int *key_usage, |
226 | unsigned int *critical); | 212 | unsigned int *critical); |
227 | int gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t crt, | 213 | int gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, |
228 | unsigned int usage); | 214 | unsigned int usage); |
229 | 215 | ||
230 | int gnutls_x509_crt_get_proxy(gnutls_x509_crt_t cert, | 216 | int gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert, |
231 | unsigned int *critical, | 217 | unsigned int *critical, |
232 | int *pathlen, | 218 | int *pathlen, |
233 | char **policyLanguage, | 219 | char **policyLanguage, |
234 | char **policy, | 220 | char **policy, size_t * sizeof_policy); |
235 | size_t *sizeof_policy); | ||
236 | 221 | ||
237 | int gnutls_x509_dn_oid_known(const char *oid); | 222 | int gnutls_x509_dn_oid_known (const char *oid); |
238 | 223 | ||
239 | /* Read extensions by OID. */ | 224 | /* Read extensions by OID. */ |
240 | int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, | 225 | int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, |
241 | int indx, | ||
242 | void *oid, | ||
243 | size_t * sizeof_oid); | ||
244 | int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert, | ||
245 | const char *oid, | ||
246 | int indx, | 226 | int indx, |
247 | void *buf, | 227 | void *oid, size_t * sizeof_oid); |
248 | size_t * sizeof_buf, | 228 | int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, |
249 | unsigned int *critical); | 229 | const char *oid, |
230 | int indx, | ||
231 | void *buf, | ||
232 | size_t * sizeof_buf, | ||
233 | unsigned int *critical); | ||
250 | 234 | ||
251 | /* Read extensions by sequence number. */ | 235 | /* Read extensions by sequence number. */ |
252 | int gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, | 236 | int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, |
253 | int indx, | 237 | int indx, |
254 | void *oid, | 238 | void *oid, |
255 | size_t * sizeof_oid, | 239 | size_t * sizeof_oid, int *critical); |
256 | int *critical); | 240 | int gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, |
257 | int gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert, | 241 | int indx, |
258 | int indx, | 242 | void *data, size_t * sizeof_data); |
259 | void *data, | 243 | |
260 | size_t * sizeof_data); | 244 | int gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt, |
261 | 245 | const char *oid, | |
262 | int gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt, | 246 | const void *buf, |
263 | const char *oid, | 247 | size_t sizeof_buf, |
264 | const void *buf, | 248 | unsigned int critical); |
265 | size_t sizeof_buf, | ||
266 | unsigned int critical); | ||
267 | 249 | ||
268 | /* X.509 Certificate writing. | 250 | /* X.509 Certificate writing. |
269 | */ | 251 | */ |
270 | int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt, | 252 | int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, |
271 | const char *oid, | 253 | const char *oid, |
272 | unsigned int raw_flag, | 254 | unsigned int raw_flag, |
273 | const void *name, | 255 | const void *name, |
274 | unsigned int sizeof_name); | 256 | unsigned int sizeof_name); |
275 | int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt, | 257 | int gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt, |
276 | const char *oid, | 258 | const char *oid, |
277 | unsigned int raw_flag, | 259 | unsigned int raw_flag, |
278 | const void *name, | 260 | const void *name, |
279 | unsigned int sizeof_name); | 261 | unsigned int sizeof_name); |
280 | int gnutls_x509_crt_set_version(gnutls_x509_crt_t crt, | 262 | int gnutls_x509_crt_set_version (gnutls_x509_crt_t crt, |
281 | unsigned int version); | 263 | unsigned int version); |
282 | int gnutls_x509_crt_set_key(gnutls_x509_crt_t crt, | 264 | int gnutls_x509_crt_set_key (gnutls_x509_crt_t crt, |
283 | gnutls_x509_privkey_t key); | 265 | gnutls_x509_privkey_t key); |
284 | int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t crt, | 266 | int gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca); |
285 | unsigned int ca); | 267 | int gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt, |
286 | int gnutls_x509_crt_set_basic_constraints(gnutls_x509_crt_t crt, | 268 | unsigned int ca, |
287 | unsigned int ca, | 269 | int pathLenConstraint); |
288 | int pathLenConstraint); | 270 | int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, |
289 | int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t crt, | 271 | gnutls_x509_subject_alt_name_t |
290 | gnutls_x509_subject_alt_name_t | 272 | type, |
291 | type, | 273 | const char *data_string); |
292 | const char *data_string); | 274 | int gnutls_x509_crt_sign (gnutls_x509_crt_t crt, |
293 | int gnutls_x509_crt_sign(gnutls_x509_crt_t crt, | 275 | gnutls_x509_crt_t issuer, |
294 | gnutls_x509_crt_t issuer, | 276 | gnutls_x509_privkey_t issuer_key); |
295 | gnutls_x509_privkey_t issuer_key); | 277 | int gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, |
296 | int gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, | 278 | gnutls_x509_crt_t issuer, |
297 | gnutls_x509_crt_t issuer, | 279 | gnutls_x509_privkey_t issuer_key, |
298 | gnutls_x509_privkey_t issuer_key, | 280 | enum MHD_GNUTLS_HashAlgorithm, |
299 | enum MHD_GNUTLS_HashAlgorithm, | 281 | unsigned int flags); |
300 | unsigned int flags); | 282 | int gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert, |
301 | int gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert, | 283 | time_t act_time); |
302 | time_t act_time); | 284 | int gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, |
303 | int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert, | 285 | time_t exp_time); |
304 | time_t exp_time); | 286 | int gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, |
305 | int gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert, | 287 | const void *serial, size_t serial_size); |
306 | const void *serial, | 288 | |
307 | size_t serial_size); | 289 | int gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert, |
308 | 290 | const void *id, size_t id_size); | |
309 | int gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert, | 291 | |
310 | const void *id, | 292 | int gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt, |
311 | size_t id_size); | 293 | gnutls_x509_crt_t eecrt, |
312 | 294 | unsigned int raw_flag, | |
313 | int gnutls_x509_crt_set_proxy_dn(gnutls_x509_crt_t crt, | 295 | const void *name, |
314 | gnutls_x509_crt_t eecrt, | 296 | unsigned int sizeof_name); |
315 | unsigned int raw_flag, | 297 | int gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt, |
316 | const void *name, | 298 | int pathLenConstraint, |
317 | unsigned int sizeof_name); | 299 | const char *policyLanguage, |
318 | int gnutls_x509_crt_set_proxy(gnutls_x509_crt_t crt, | 300 | const char *policy, size_t sizeof_policy); |
319 | int pathLenConstraint, | 301 | |
320 | const char *policyLanguage, | 302 | typedef enum gnutls_certificate_print_formats |
321 | const char *policy, | ||
322 | size_t sizeof_policy); | ||
323 | |||
324 | typedef enum gnutls_certificate_print_formats | ||
325 | { | 303 | { |
326 | GNUTLS_X509_CRT_FULL, | 304 | GNUTLS_X509_CRT_FULL, |
327 | GNUTLS_X509_CRT_ONELINE, | 305 | GNUTLS_X509_CRT_ONELINE, |
328 | GNUTLS_X509_CRT_UNSIGNED_FULL | 306 | GNUTLS_X509_CRT_UNSIGNED_FULL |
329 | } gnutls_certificate_print_formats_t; | 307 | } gnutls_certificate_print_formats_t; |
330 | 308 | ||
331 | int gnutls_x509_crt_print(gnutls_x509_crt_t cert, | 309 | int gnutls_x509_crt_print (gnutls_x509_crt_t cert, |
332 | gnutls_certificate_print_formats_t format, | 310 | gnutls_certificate_print_formats_t format, |
333 | gnutls_datum_t *out); | 311 | gnutls_datum_t * out); |
334 | int gnutls_x509_crl_print(gnutls_x509_crl_t crl, | 312 | int gnutls_x509_crl_print (gnutls_x509_crl_t crl, |
335 | gnutls_certificate_print_formats_t format, | 313 | gnutls_certificate_print_formats_t format, |
336 | gnutls_datum_t *out); | 314 | gnutls_datum_t * out); |
337 | 315 | ||
338 | /* Access to internal Certificate fields. | 316 | /* Access to internal Certificate fields. |
339 | */ | 317 | */ |
340 | int gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert, | 318 | int gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert, |
341 | gnutls_datum_t * start); | 319 | gnutls_datum_t * start); |
342 | int gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, | 320 | int gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert, |
343 | gnutls_datum_t * start); | 321 | gnutls_datum_t * start); |
344 | 322 | ||
345 | /* RDN handling. | 323 | /* RDN handling. |
346 | */ | 324 | */ |
347 | int gnutls_x509_rdn_get(const gnutls_datum_t * idn, | 325 | int gnutls_x509_rdn_get (const gnutls_datum_t * idn, |
348 | char *buf, | 326 | char *buf, size_t * sizeof_buf); |
349 | size_t * sizeof_buf); | 327 | int gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn, |
350 | int gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn, | 328 | int indx, void *buf, size_t * sizeof_buf); |
351 | int indx, | 329 | |
352 | void *buf, | 330 | int gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, |
353 | size_t * sizeof_buf); | 331 | const char *oid, |
354 | 332 | int indx, | |
355 | int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, | 333 | unsigned int raw_flag, |
356 | const char *oid, | 334 | void *buf, size_t * sizeof_buf); |
357 | int indx, | 335 | |
358 | unsigned int raw_flag, | 336 | typedef void *gnutls_x509_dn_t; |
359 | void *buf, | 337 | |
360 | size_t * sizeof_buf); | 338 | typedef struct gnutls_x509_ava_st |
361 | |||
362 | typedef void *gnutls_x509_dn_t; | ||
363 | |||
364 | typedef struct gnutls_x509_ava_st | ||
365 | { | 339 | { |
366 | gnutls_datum_t oid; | 340 | gnutls_datum_t oid; |
367 | gnutls_datum_t value; | 341 | gnutls_datum_t value; |
368 | unsigned long value_tag; | 342 | unsigned long value_tag; |
369 | } gnutls_x509_ava_st; | 343 | } gnutls_x509_ava_st; |
370 | 344 | ||
371 | int gnutls_x509_crt_get_subject(gnutls_x509_crt_t cert, | 345 | int gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert, |
372 | gnutls_x509_dn_t *dn); | 346 | gnutls_x509_dn_t * dn); |
373 | int gnutls_x509_crt_get_issuer(gnutls_x509_crt_t cert, | 347 | int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert, |
374 | gnutls_x509_dn_t *dn); | 348 | gnutls_x509_dn_t * dn); |
375 | int gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn, | 349 | int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, |
376 | int irdn, | 350 | int irdn, |
377 | int iava, | 351 | int iava, gnutls_x509_ava_st * avast); |
378 | gnutls_x509_ava_st *avast); | ||
379 | 352 | ||
380 | /* CRL handling functions. | 353 | /* CRL handling functions. |
381 | */ | 354 | */ |
382 | int gnutls_x509_crl_init(gnutls_x509_crl_t * crl); | 355 | int gnutls_x509_crl_init (gnutls_x509_crl_t * crl); |
383 | void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl); | 356 | void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl); |
384 | 357 | ||
385 | int gnutls_x509_crl_import(gnutls_x509_crl_t crl, | 358 | int gnutls_x509_crl_import (gnutls_x509_crl_t crl, |
386 | const gnutls_datum_t * data, | 359 | const gnutls_datum_t * data, |
387 | gnutls_x509_crt_fmt_t format); | 360 | gnutls_x509_crt_fmt_t format); |
388 | int gnutls_x509_crl_export(gnutls_x509_crl_t crl, | 361 | int gnutls_x509_crl_export (gnutls_x509_crl_t crl, |
389 | gnutls_x509_crt_fmt_t format, | 362 | gnutls_x509_crt_fmt_t format, |
390 | void *output_data, | 363 | void *output_data, size_t * output_data_size); |
391 | size_t * output_data_size); | 364 | |
392 | 365 | int gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, | |
393 | int gnutls_x509_crl_get_issuer_dn(const gnutls_x509_crl_t crl, | 366 | char *buf, size_t * sizeof_buf); |
394 | char *buf, | 367 | int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl, |
395 | size_t * sizeof_buf); | 368 | const char *oid, |
396 | int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl, | 369 | int indx, |
397 | const char *oid, | 370 | unsigned int raw_flag, |
398 | int indx, | 371 | void *buf, size_t * sizeof_buf); |
399 | unsigned int raw_flag, | 372 | int gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, |
400 | void *buf, | 373 | int indx, void *oid, size_t * sizeof_oid); |
401 | size_t * sizeof_buf); | 374 | |
402 | int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl, | 375 | int gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl); |
403 | int indx, | 376 | int gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl, |
404 | void *oid, | 377 | char *sig, size_t * sizeof_sig); |
405 | size_t * sizeof_oid); | 378 | int gnutls_x509_crl_get_version (gnutls_x509_crl_t crl); |
406 | 379 | ||
407 | int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl_t crl); | 380 | time_t gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl); |
408 | int gnutls_x509_crl_get_signature(gnutls_x509_crl_t crl, | 381 | time_t gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl); |
409 | char *sig, | 382 | |
410 | size_t *sizeof_sig); | 383 | int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl); |
411 | int gnutls_x509_crl_get_version(gnutls_x509_crl_t crl); | 384 | int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, |
412 | 385 | int indx, | |
413 | time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl_t crl); | 386 | unsigned char *serial, |
414 | time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl); | 387 | size_t * serial_size, time_t * t); |
415 | |||
416 | int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl); | ||
417 | int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, | ||
418 | int indx, | ||
419 | unsigned char *serial, | ||
420 | size_t * serial_size, | ||
421 | time_t * t); | ||
422 | #define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count | 388 | #define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count |
423 | #define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial | 389 | #define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial |
424 | 390 | ||
425 | int gnutls_x509_crl_check_issuer(gnutls_x509_crl_t crl, | 391 | int gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl, |
426 | gnutls_x509_crt_t issuer); | 392 | gnutls_x509_crt_t issuer); |
427 | 393 | ||
428 | /* CRL writing. | 394 | /* CRL writing. |
429 | */ | 395 | */ |
430 | int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, | 396 | int gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, |
431 | unsigned int version); | 397 | unsigned int version); |
432 | int gnutls_x509_crl_sign(gnutls_x509_crl_t crl, | 398 | int gnutls_x509_crl_sign (gnutls_x509_crl_t crl, |
433 | gnutls_x509_crt_t issuer, | 399 | gnutls_x509_crt_t issuer, |
434 | gnutls_x509_privkey_t issuer_key); | 400 | gnutls_x509_privkey_t issuer_key); |
435 | int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, | 401 | int gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, |
436 | gnutls_x509_crt_t issuer, | 402 | gnutls_x509_crt_t issuer, |
437 | gnutls_x509_privkey_t issuer_key, | 403 | gnutls_x509_privkey_t issuer_key, |
438 | enum MHD_GNUTLS_HashAlgorithm, | 404 | enum MHD_GNUTLS_HashAlgorithm, |
439 | unsigned int flags); | 405 | unsigned int flags); |
440 | int gnutls_x509_crl_set_this_update(gnutls_x509_crl_t crl, | 406 | int gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, |
441 | time_t act_time); | 407 | time_t act_time); |
442 | int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t crl, | 408 | int gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, |
443 | time_t exp_time); | 409 | time_t exp_time); |
444 | int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl, | 410 | int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, |
445 | const void *serial, | 411 | const void *serial, |
446 | size_t serial_size, | 412 | size_t serial_size, |
447 | time_t revocation_time); | 413 | time_t revocation_time); |
448 | int gnutls_x509_crl_set_crt(gnutls_x509_crl_t crl, | 414 | int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, |
449 | gnutls_x509_crt_t crt, | 415 | gnutls_x509_crt_t crt, time_t revocation_time); |
450 | time_t revocation_time); | ||
451 | 416 | ||
452 | /* PKCS7 structures handling | 417 | /* PKCS7 structures handling |
453 | */ | 418 | */ |
454 | struct gnutls_pkcs7_int; | 419 | struct gnutls_pkcs7_int; |
455 | typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t; | 420 | typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t; |
456 | 421 | ||
457 | int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7); | 422 | int gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7); |
458 | void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7); | 423 | void gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7); |
459 | int gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, | 424 | int gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7, |
460 | const gnutls_datum_t * data, | 425 | const gnutls_datum_t * data, |
461 | gnutls_x509_crt_fmt_t format); | 426 | gnutls_x509_crt_fmt_t format); |
462 | int gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7, | 427 | int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7, |
463 | gnutls_x509_crt_fmt_t format, | 428 | gnutls_x509_crt_fmt_t format, |
464 | void *output_data, | 429 | void *output_data, size_t * output_data_size); |
465 | size_t * output_data_size); | 430 | |
466 | 431 | int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7); | |
467 | int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7); | 432 | int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, |
468 | int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, | 433 | int indx, |
469 | int indx, | 434 | void *certificate, size_t * certificate_size); |
470 | void *certificate, | 435 | |
471 | size_t * certificate_size); | 436 | int gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7, |
472 | 437 | const gnutls_datum_t * crt); | |
473 | int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, | 438 | int gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt); |
474 | const gnutls_datum_t * crt); | 439 | int gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx); |
475 | int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, | 440 | |
476 | gnutls_x509_crt_t crt); | 441 | int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7, |
477 | int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, | 442 | int indx, void *crl, size_t * crl_size); |
478 | int indx); | 443 | int gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7); |
479 | 444 | ||
480 | int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7, | 445 | int gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7, |
481 | int indx, | 446 | const gnutls_datum_t * crt); |
482 | void *crl, | 447 | int gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl); |
483 | size_t * crl_size); | 448 | int gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx); |
484 | int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7); | ||
485 | |||
486 | int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, | ||
487 | const gnutls_datum_t * crt); | ||
488 | int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7, | ||
489 | gnutls_x509_crl_t crl); | ||
490 | int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, | ||
491 | int indx); | ||
492 | 449 | ||
493 | /* X.509 Certificate verification functions. | 450 | /* X.509 Certificate verification functions. |
494 | */ | 451 | */ |
495 | typedef enum gnutls_certificate_verify_flags | 452 | typedef enum gnutls_certificate_verify_flags |
496 | { | 453 | { |
497 | /* If set a signer does not have to be a certificate authority. This | 454 | /* If set a signer does not have to be a certificate authority. This |
498 | * flag should normaly be disabled, unless you know what this means. | 455 | * flag should normaly be disabled, unless you know what this means. |
@@ -527,58 +484,53 @@ typedef enum gnutls_certificate_verify_flags | |||
527 | GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32 | 484 | GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32 |
528 | } gnutls_certificate_verify_flags; | 485 | } gnutls_certificate_verify_flags; |
529 | 486 | ||
530 | int gnutls_x509_crt_check_issuer(gnutls_x509_crt_t cert, | 487 | int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert, |
531 | gnutls_x509_crt_t issuer); | 488 | gnutls_x509_crt_t issuer); |
532 | 489 | ||
533 | int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * cert_list, | 490 | int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, |
534 | int cert_list_length, | 491 | int cert_list_length, |
535 | const gnutls_x509_crt_t * CA_list, | 492 | const gnutls_x509_crt_t * CA_list, |
536 | int CA_list_length, | 493 | int CA_list_length, |
537 | const gnutls_x509_crl_t * CRL_list, | 494 | const gnutls_x509_crl_t * CRL_list, |
538 | int CRL_list_length, | 495 | int CRL_list_length, |
539 | unsigned int flags, | 496 | unsigned int flags, unsigned int *verify); |
540 | unsigned int *verify); | 497 | |
541 | 498 | int gnutls_x509_crt_verify (gnutls_x509_crt_t cert, | |
542 | int gnutls_x509_crt_verify(gnutls_x509_crt_t cert, | 499 | const gnutls_x509_crt_t * CA_list, |
543 | const gnutls_x509_crt_t * CA_list, | 500 | int CA_list_length, |
544 | int CA_list_length, | 501 | unsigned int flags, unsigned int *verify); |
545 | unsigned int flags, | 502 | int gnutls_x509_crl_verify (gnutls_x509_crl_t crl, |
546 | unsigned int *verify); | 503 | const gnutls_x509_crt_t * CA_list, |
547 | int gnutls_x509_crl_verify(gnutls_x509_crl_t crl, | 504 | int CA_list_length, |
548 | const gnutls_x509_crt_t * CA_list, | 505 | unsigned int flags, unsigned int *verify); |
549 | int CA_list_length, | 506 | |
550 | unsigned int flags, | 507 | int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, |
551 | unsigned int *verify); | 508 | const gnutls_x509_crl_t * |
552 | 509 | crl_list, int crl_list_length); | |
553 | int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, | 510 | |
554 | const gnutls_x509_crl_t * | 511 | int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert, |
555 | crl_list, | 512 | enum MHD_GNUTLS_HashAlgorithm algo, |
556 | int crl_list_length); | 513 | void *buf, size_t * sizeof_buf); |
557 | 514 | ||
558 | int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert, | 515 | int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, |
559 | enum MHD_GNUTLS_HashAlgorithm algo, | 516 | int indx, |
560 | void *buf, | 517 | void *oid, |
561 | size_t * sizeof_buf); | 518 | size_t * sizeof_oid, |
562 | 519 | unsigned int *critical); | |
563 | int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, | 520 | int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert, |
564 | int indx, | 521 | const void *oid, |
565 | void *oid, | 522 | unsigned int critical); |
566 | size_t * sizeof_oid, | ||
567 | unsigned int *critical); | ||
568 | int gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert, | ||
569 | const void *oid, | ||
570 | unsigned int critical); | ||
571 | 523 | ||
572 | /* Private key handling. | 524 | /* Private key handling. |
573 | */ | 525 | */ |
574 | 526 | ||
575 | /* Flags for the gnutls_x509_privkey_export_pkcs8() function. | 527 | /* Flags for the gnutls_x509_privkey_export_pkcs8() function. |
576 | */ | 528 | */ |
577 | typedef enum gnutls_pkcs_encrypt_flags_t | 529 | typedef enum gnutls_pkcs_encrypt_flags_t |
578 | { | 530 | { |
579 | GNUTLS_PKCS_PLAIN = 1, /* if set the private key will not | 531 | GNUTLS_PKCS_PLAIN = 1, /* if set the private key will not |
580 | * be encrypted. | 532 | * be encrypted. |
581 | */ | 533 | */ |
582 | GNUTLS_PKCS_USE_PKCS12_3DES = 2, | 534 | GNUTLS_PKCS_USE_PKCS12_3DES = 2, |
583 | GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4, | 535 | GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4, |
584 | GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8, | 536 | GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8, |
@@ -590,154 +542,143 @@ typedef enum gnutls_pkcs_encrypt_flags_t | |||
590 | #define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR | 542 | #define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR |
591 | #define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40 | 543 | #define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40 |
592 | 544 | ||
593 | int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key); | 545 | int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key); |
594 | void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key); | 546 | void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key); |
595 | int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst, | 547 | int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, |
596 | gnutls_x509_privkey_t src); | 548 | gnutls_x509_privkey_t src); |
597 | int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, | 549 | int gnutls_x509_privkey_import (gnutls_x509_privkey_t key, |
598 | const gnutls_datum_t * data, | 550 | const gnutls_datum_t * data, |
599 | gnutls_x509_crt_fmt_t format); | 551 | gnutls_x509_crt_fmt_t format); |
600 | int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, | 552 | int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, |
601 | const gnutls_datum_t * data, | 553 | const gnutls_datum_t * data, |
602 | gnutls_x509_crt_fmt_t format, | 554 | gnutls_x509_crt_fmt_t format, |
603 | const char *pass, | 555 | const char *pass, unsigned int flags); |
604 | unsigned int flags); | 556 | int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, |
605 | int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, | 557 | const gnutls_datum_t * m, |
606 | const gnutls_datum_t * m, | 558 | const gnutls_datum_t * e, |
607 | const gnutls_datum_t * e, | 559 | const gnutls_datum_t * d, |
608 | const gnutls_datum_t * d, | 560 | const gnutls_datum_t * p, |
609 | const gnutls_datum_t * p, | 561 | const gnutls_datum_t * q, |
610 | const gnutls_datum_t * q, | 562 | const gnutls_datum_t * u); |
611 | const gnutls_datum_t * u); | 563 | int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key); |
612 | int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key); | 564 | |
613 | 565 | int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, | |
614 | int gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key, | 566 | gnutls_datum_t * p, |
615 | gnutls_datum_t * p, | 567 | gnutls_datum_t * q, |
616 | gnutls_datum_t * q, | 568 | gnutls_datum_t * g, |
617 | gnutls_datum_t * g, | 569 | gnutls_datum_t * y, |
618 | gnutls_datum_t * y, | 570 | gnutls_datum_t * x); |
619 | gnutls_datum_t * x); | 571 | int gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key, |
620 | int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, | 572 | const gnutls_datum_t * p, |
621 | const gnutls_datum_t * p, | 573 | const gnutls_datum_t * q, |
622 | const gnutls_datum_t * q, | 574 | const gnutls_datum_t * g, |
623 | const gnutls_datum_t * g, | 575 | const gnutls_datum_t * y, |
624 | const gnutls_datum_t * y, | 576 | const gnutls_datum_t * x); |
625 | const gnutls_datum_t * x); | 577 | |
626 | 578 | int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key); | |
627 | int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key); | 579 | int gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key, |
628 | int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, | 580 | unsigned int flags, |
629 | unsigned int flags, | 581 | unsigned char *output_data, |
630 | unsigned char *output_data, | 582 | size_t * output_data_size); |
631 | size_t * output_data_size); | 583 | |
632 | 584 | int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, | |
633 | int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, | 585 | enum MHD_GNUTLS_PublicKeyAlgorithm algo, |
634 | enum MHD_GNUTLS_PublicKeyAlgorithm algo, | 586 | unsigned int bits, unsigned int flags); |
635 | unsigned int bits, | 587 | |
636 | unsigned int flags); | 588 | int gnutls_x509_privkey_export (gnutls_x509_privkey_t key, |
637 | 589 | gnutls_x509_crt_fmt_t format, | |
638 | int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, | 590 | void *output_data, |
639 | gnutls_x509_crt_fmt_t format, | 591 | size_t * output_data_size); |
640 | void *output_data, | 592 | int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, |
641 | size_t * output_data_size); | 593 | gnutls_x509_crt_fmt_t format, |
642 | int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key, | 594 | const char *password, |
643 | gnutls_x509_crt_fmt_t format, | 595 | unsigned int flags, |
644 | const char *password, | 596 | void *output_data, |
645 | unsigned int flags, | 597 | size_t * output_data_size); |
646 | void *output_data, | 598 | int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, |
647 | size_t * output_data_size); | 599 | gnutls_datum_t * m, |
648 | int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, | 600 | gnutls_datum_t * e, |
649 | gnutls_datum_t * m, | 601 | gnutls_datum_t * d, |
650 | gnutls_datum_t * e, | 602 | gnutls_datum_t * p, |
651 | gnutls_datum_t * d, | 603 | gnutls_datum_t * q, |
652 | gnutls_datum_t * p, | 604 | gnutls_datum_t * u); |
653 | gnutls_datum_t * q, | ||
654 | gnutls_datum_t * u); | ||
655 | 605 | ||
656 | /* Signing stuff. | 606 | /* Signing stuff. |
657 | */ | 607 | */ |
658 | int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, | 608 | int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key, |
659 | enum MHD_GNUTLS_HashAlgorithm digest, | 609 | enum MHD_GNUTLS_HashAlgorithm digest, |
660 | unsigned int flags, | 610 | unsigned int flags, |
661 | const gnutls_datum_t * data, | 611 | const gnutls_datum_t * data, |
662 | void *signature, | 612 | void *signature, |
663 | size_t * signature_size); | 613 | size_t * signature_size); |
664 | int gnutls_x509_privkey_verify_data(gnutls_x509_privkey_t key, | 614 | int gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key, |
665 | unsigned int flags, | 615 | unsigned int flags, |
666 | const gnutls_datum_t * data, | 616 | const gnutls_datum_t * data, |
667 | const gnutls_datum_t * signature); | 617 | const gnutls_datum_t * signature); |
668 | int gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt, | 618 | int gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, |
669 | unsigned int flags, | 619 | unsigned int flags, |
670 | const gnutls_datum_t * data, | 620 | const gnutls_datum_t * data, |
671 | const gnutls_datum_t * signature); | 621 | const gnutls_datum_t * signature); |
672 | 622 | ||
673 | int gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key, | 623 | int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key, |
674 | const gnutls_datum_t * hash, | 624 | const gnutls_datum_t * hash, |
675 | gnutls_datum_t * signature); | 625 | gnutls_datum_t * signature); |
676 | 626 | ||
677 | /* Certificate request stuff. | 627 | /* Certificate request stuff. |
678 | */ | 628 | */ |
679 | struct gnutls_x509_crq_int; | 629 | struct gnutls_x509_crq_int; |
680 | typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t; | 630 | typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t; |
681 | 631 | ||
682 | int gnutls_x509_crq_init(gnutls_x509_crq_t * crq); | 632 | int gnutls_x509_crq_init (gnutls_x509_crq_t * crq); |
683 | void gnutls_x509_crq_deinit(gnutls_x509_crq_t crq); | 633 | void gnutls_x509_crq_deinit (gnutls_x509_crq_t crq); |
684 | int gnutls_x509_crq_import(gnutls_x509_crq_t crq, | 634 | int gnutls_x509_crq_import (gnutls_x509_crq_t crq, |
685 | const gnutls_datum_t * data, | 635 | const gnutls_datum_t * data, |
686 | gnutls_x509_crt_fmt_t format); | 636 | gnutls_x509_crt_fmt_t format); |
687 | int gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t crq, | 637 | int gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq, |
688 | unsigned int *bits); | 638 | unsigned int *bits); |
689 | int gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, | 639 | int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, |
690 | char *buf, | 640 | char *buf, size_t * sizeof_buf); |
691 | size_t * sizeof_buf); | 641 | int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, |
692 | int gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq, | 642 | int indx, void *oid, size_t * sizeof_oid); |
693 | int indx, | 643 | int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq, |
694 | void *oid, | 644 | const char *oid, |
695 | size_t * sizeof_oid); | 645 | int indx, |
696 | int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq, | 646 | unsigned int raw_flag, |
697 | const char *oid, | 647 | void *buf, size_t * sizeof_buf); |
698 | int indx, | 648 | int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, |
699 | unsigned int raw_flag, | 649 | const char *oid, |
700 | void *buf, | 650 | unsigned int raw_flag, |
701 | size_t * sizeof_buf); | 651 | const void *name, |
702 | int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t crq, | 652 | unsigned int sizeof_name); |
703 | const char *oid, | 653 | int gnutls_x509_crq_set_version (gnutls_x509_crq_t crq, |
704 | unsigned int raw_flag, | 654 | unsigned int version); |
705 | const void *name, | 655 | int gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, |
706 | unsigned int sizeof_name); | 656 | gnutls_x509_privkey_t key); |
707 | int gnutls_x509_crq_set_version(gnutls_x509_crq_t crq, | 657 | int gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, |
708 | unsigned int version); | 658 | gnutls_x509_privkey_t key, |
709 | int gnutls_x509_crq_set_key(gnutls_x509_crq_t crq, | 659 | enum MHD_GNUTLS_HashAlgorithm, |
710 | gnutls_x509_privkey_t key); | 660 | unsigned int flags); |
711 | int gnutls_x509_crq_sign2(gnutls_x509_crq_t crq, | 661 | int gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key); |
712 | gnutls_x509_privkey_t key, | 662 | |
713 | enum MHD_GNUTLS_HashAlgorithm, | 663 | int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq, |
714 | unsigned int flags); | 664 | const char *pass); |
715 | int gnutls_x509_crq_sign(gnutls_x509_crq_t crq, | 665 | int gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq, |
716 | gnutls_x509_privkey_t key); | 666 | char *pass, |
717 | 667 | size_t * sizeof_pass); | |
718 | int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, | 668 | |
719 | const char *pass); | 669 | int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq, |
720 | int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq, | 670 | const char *oid, |
721 | char *pass, | 671 | void *buf, size_t sizeof_buf); |
722 | size_t * sizeof_pass); | 672 | int gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq, |
723 | 673 | const char *oid, | |
724 | int gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq, | 674 | int indx, |
725 | const char *oid, | 675 | void *buf, size_t * sizeof_buf); |
726 | void *buf, | 676 | |
727 | size_t sizeof_buf); | 677 | int gnutls_x509_crq_export (gnutls_x509_crq_t crq, |
728 | int gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq, | 678 | gnutls_x509_crt_fmt_t format, |
729 | const char *oid, | 679 | void *output_data, size_t * output_data_size); |
730 | int indx, | 680 | |
731 | void *buf, | 681 | int gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq); |
732 | size_t * sizeof_buf); | ||
733 | |||
734 | int gnutls_x509_crq_export(gnutls_x509_crq_t crq, | ||
735 | gnutls_x509_crt_fmt_t format, | ||
736 | void *output_data, | ||
737 | size_t * output_data_size); | ||
738 | |||
739 | int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt, | ||
740 | gnutls_x509_crq_t crq); | ||
741 | 682 | ||
742 | #ifdef __cplusplus | 683 | #ifdef __cplusplus |
743 | } | 684 | } |
@@ -752,17 +693,17 @@ int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt, | |||
752 | #define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3" | 693 | #define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3" |
753 | 694 | ||
754 | typedef struct gnutls_x509_crl_int | 695 | typedef struct gnutls_x509_crl_int |
755 | { | 696 | { |
756 | ASN1_TYPE crl; | 697 | ASN1_TYPE crl; |
757 | } gnutls_x509_crl_int; | 698 | } gnutls_x509_crl_int; |
758 | 699 | ||
759 | typedef struct gnutls_x509_crt_int | 700 | typedef struct gnutls_x509_crt_int |
760 | { | 701 | { |
761 | ASN1_TYPE cert; | 702 | ASN1_TYPE cert; |
762 | int use_extensions; | 703 | int use_extensions; |
763 | } gnutls_x509_crt_int; | 704 | } gnutls_x509_crt_int; |
764 | 705 | ||
765 | #define MAX_PRIV_PARAMS_SIZE 6 /* ok for RSA and DSA */ | 706 | #define MAX_PRIV_PARAMS_SIZE 6 /* ok for RSA and DSA */ |
766 | 707 | ||
767 | /* parameters should not be larger than this limit */ | 708 | /* parameters should not be larger than this limit */ |
768 | #define DSA_PRIVATE_PARAMS 5 | 709 | #define DSA_PRIVATE_PARAMS 5 |
@@ -779,140 +720,130 @@ typedef struct gnutls_x509_crt_int | |||
779 | #endif | 720 | #endif |
780 | 721 | ||
781 | typedef struct MHD_gtls_x509_privkey_int | 722 | typedef struct MHD_gtls_x509_privkey_int |
782 | { | 723 | { |
783 | mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public | 724 | mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public |
784 | * key algorithm | 725 | * key algorithm |
785 | */ | 726 | */ |
786 | /* | 727 | /* |
787 | * RSA: [0] is modulus | 728 | * RSA: [0] is modulus |
788 | * [1] is public exponent | 729 | * [1] is public exponent |
789 | * [2] is private exponent | 730 | * [2] is private exponent |
790 | * [3] is prime1 (p) | 731 | * [3] is prime1 (p) |
791 | * [4] is prime2 (q) | 732 | * [4] is prime2 (q) |
792 | * [5] is coefficient (u == inverse of p mod q) | 733 | * [5] is coefficient (u == inverse of p mod q) |
793 | * note that other packages used inverse of q mod p, | 734 | * note that other packages used inverse of q mod p, |
794 | * so we need to perform conversions. | 735 | * so we need to perform conversions. |
795 | * DSA: [0] is p | 736 | * DSA: [0] is p |
796 | * [1] is q | 737 | * [1] is q |
797 | * [2] is g | 738 | * [2] is g |
798 | * [3] is y (public key) | 739 | * [3] is y (public key) |
799 | * [4] is x (private key) | 740 | * [4] is x (private key) |
800 | */ | 741 | */ |
801 | int params_size; /* holds the number of params */ | 742 | int params_size; /* holds the number of params */ |
802 | 743 | ||
803 | enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; | 744 | enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; |
804 | 745 | ||
805 | int crippled; /* The crippled keys will not use the ASN1_TYPE key. | 746 | int crippled; /* The crippled keys will not use the ASN1_TYPE key. |
806 | * The encoding will only be performed at the export | 747 | * The encoding will only be performed at the export |
807 | * phase, to optimize copying etc. Cannot be used with | 748 | * phase, to optimize copying etc. Cannot be used with |
808 | * the exported API (used internally only). | 749 | * the exported API (used internally only). |
809 | */ | 750 | */ |
810 | ASN1_TYPE key; | 751 | ASN1_TYPE key; |
811 | } gnutls_x509_privkey_int; | 752 | } gnutls_x509_privkey_int; |
812 | 753 | ||
813 | int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, | 754 | int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, |
814 | const char *oid, | 755 | const char *oid, |
815 | int indx, | 756 | int indx, |
816 | unsigned int raw_flag, | 757 | unsigned int raw_flag, |
817 | void *buf, | 758 | void *buf, size_t * sizeof_buf); |
818 | size_t * sizeof_buf); | 759 | int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, |
819 | int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, | 760 | unsigned int seq, |
820 | unsigned int seq, | 761 | void *ret, |
821 | void *ret, | 762 | size_t * ret_size, |
822 | size_t * ret_size, | 763 | unsigned int *critical); |
823 | unsigned int *critical); | 764 | int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, |
824 | int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, | 765 | const char *oid, |
825 | const char *oid, | ||
826 | int indx, | ||
827 | unsigned int raw_flag, | ||
828 | void *buf, | ||
829 | size_t * sizeof_buf); | ||
830 | int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, | ||
831 | unsigned int *critical); | ||
832 | int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, | ||
833 | unsigned int *bits); | ||
834 | |||
835 | int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, | ||
836 | gnutls_x509_crt_t src); | ||
837 | |||
838 | int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, | ||
839 | void *result, | ||
840 | size_t * result_size); | ||
841 | |||
842 | int _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1, | ||
843 | const gnutls_datum_t * dn2); | ||
844 | |||
845 | int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, | ||
846 | const gnutls_x509_crl_t * crl_list, | ||
847 | int crl_list_length); | ||
848 | |||
849 | int _gnutls_x509_crl_cpy(gnutls_x509_crl_t dest, | ||
850 | gnutls_x509_crl_t src); | ||
851 | int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl, | ||
852 | gnutls_datum_t * dn); | ||
853 | int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl); | ||
854 | int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, | ||
855 | int indx, | 766 | int indx, |
856 | unsigned char *serial, | 767 | unsigned int raw_flag, |
857 | size_t * serial_size, | 768 | void *buf, size_t * sizeof_buf); |
858 | time_t * t); | 769 | int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, |
859 | 770 | unsigned int *critical); | |
860 | void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl); | 771 | int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, |
861 | int gnutls_x509_crl_init(gnutls_x509_crl_t * crl); | 772 | unsigned int *bits); |
862 | int gnutls_x509_crl_import(gnutls_x509_crl_t crl, | 773 | |
863 | const gnutls_datum_t * data, | 774 | int _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src); |
864 | gnutls_x509_crt_fmt_t format); | 775 | |
865 | int gnutls_x509_crl_export(gnutls_x509_crl_t crl, | 776 | int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, |
866 | gnutls_x509_crt_fmt_t format, | 777 | void *result, size_t * result_size); |
867 | void *output_data, | 778 | |
868 | size_t * output_data_size); | 779 | int _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1, |
869 | 780 | const gnutls_datum_t * dn2); | |
870 | int gnutls_x509_crt_init(gnutls_x509_crt_t * cert); | 781 | |
871 | void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert); | 782 | int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, |
872 | int gnutls_x509_crt_import(gnutls_x509_crt_t cert, | 783 | const gnutls_x509_crl_t * crl_list, |
873 | const gnutls_datum_t * data, | 784 | int crl_list_length); |
874 | gnutls_x509_crt_fmt_t format); | 785 | |
875 | int gnutls_x509_crt_export(gnutls_x509_crt_t cert, | 786 | int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src); |
876 | gnutls_x509_crt_fmt_t format, | 787 | int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl, |
877 | void *output_data, | 788 | gnutls_datum_t * dn); |
878 | size_t * output_data_size); | 789 | int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl); |
879 | 790 | int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, | |
880 | int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, | 791 | int indx, |
881 | unsigned int *key_usage, | 792 | unsigned char *serial, |
882 | unsigned int *critical); | 793 | size_t * serial_size, time_t * t); |
883 | int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert); | 794 | |
884 | int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert); | 795 | void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl); |
885 | 796 | int gnutls_x509_crl_init (gnutls_x509_crl_t * crl); | |
886 | int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key); | 797 | int gnutls_x509_crl_import (gnutls_x509_crl_t crl, |
887 | void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key); | 798 | const gnutls_datum_t * data, |
888 | 799 | gnutls_x509_crt_fmt_t format); | |
889 | int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, | 800 | int gnutls_x509_crl_export (gnutls_x509_crl_t crl, |
890 | enum MHD_GNUTLS_PublicKeyAlgorithm algo, | 801 | gnutls_x509_crt_fmt_t format, |
891 | unsigned int bits, | 802 | void *output_data, size_t * output_data_size); |
892 | unsigned int flags); | 803 | |
893 | 804 | int gnutls_x509_crt_init (gnutls_x509_crt_t * cert); | |
894 | int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, | 805 | void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert); |
895 | const gnutls_datum_t * data, | 806 | int gnutls_x509_crt_import (gnutls_x509_crt_t cert, |
896 | gnutls_x509_crt_fmt_t format); | 807 | const gnutls_datum_t * data, |
897 | int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key); | 808 | gnutls_x509_crt_fmt_t format); |
898 | int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, | 809 | int gnutls_x509_crt_export (gnutls_x509_crt_t cert, |
899 | const gnutls_datum_t * m, | 810 | gnutls_x509_crt_fmt_t format, |
900 | const gnutls_datum_t * e, | 811 | void *output_data, size_t * output_data_size); |
901 | const gnutls_datum_t * d, | 812 | |
902 | const gnutls_datum_t * p, | 813 | int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, |
903 | const gnutls_datum_t * q, | 814 | unsigned int *key_usage, |
904 | const gnutls_datum_t * u); | 815 | unsigned int *critical); |
905 | int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, | 816 | int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert); |
906 | gnutls_datum_t * m, | 817 | int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert); |
907 | gnutls_datum_t * e, | 818 | |
908 | gnutls_datum_t * d, | 819 | int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key); |
909 | gnutls_datum_t * p, | 820 | void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key); |
910 | gnutls_datum_t * q, | 821 | |
911 | gnutls_datum_t * u); | 822 | int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, |
912 | int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, | 823 | enum MHD_GNUTLS_PublicKeyAlgorithm algo, |
913 | gnutls_x509_crt_fmt_t format, | 824 | unsigned int bits, unsigned int flags); |
914 | void *output_data, | 825 | |
915 | size_t * output_data_size); | 826 | int gnutls_x509_privkey_import (gnutls_x509_privkey_t key, |
827 | const gnutls_datum_t * data, | ||
828 | gnutls_x509_crt_fmt_t format); | ||
829 | int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key); | ||
830 | int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, | ||
831 | const gnutls_datum_t * m, | ||
832 | const gnutls_datum_t * e, | ||
833 | const gnutls_datum_t * d, | ||
834 | const gnutls_datum_t * p, | ||
835 | const gnutls_datum_t * q, | ||
836 | const gnutls_datum_t * u); | ||
837 | int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, | ||
838 | gnutls_datum_t * m, | ||
839 | gnutls_datum_t * e, | ||
840 | gnutls_datum_t * d, | ||
841 | gnutls_datum_t * p, | ||
842 | gnutls_datum_t * q, | ||
843 | gnutls_datum_t * u); | ||
844 | int gnutls_x509_privkey_export (gnutls_x509_privkey_t key, | ||
845 | gnutls_x509_crt_fmt_t format, | ||
846 | void *output_data, size_t * output_data_size); | ||
916 | 847 | ||
917 | #define GNUTLS_CRL_REASON_UNUSED 128 | 848 | #define GNUTLS_CRL_REASON_UNUSED 128 |
918 | #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 | 849 | #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 |
diff --git a/src/daemon/https/x509/x509_privkey.c b/src/daemon/https/x509/x509_privkey.c index 5e58cffb..e890843d 100644 --- a/src/daemon/https/x509/x509_privkey.c +++ b/src/daemon/https/x509/x509_privkey.c | |||
@@ -446,7 +446,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, | |||
446 | * | 446 | * |
447 | * This function will convert the given RSA raw parameters | 447 | * This function will convert the given RSA raw parameters |
448 | * to the native gnutls_x509_privkey_t format. The output will be stored in @key. | 448 | * to the native gnutls_x509_privkey_t format. The output will be stored in @key. |
449 | * | 449 | * |
450 | **/ | 450 | **/ |
451 | int | 451 | int |
452 | gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, | 452 | gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, |
@@ -646,7 +646,7 @@ gnutls_x509_privkey_export (gnutls_x509_privkey_t key, | |||
646 | * This function will export the RSA private key's parameters found in the given | 646 | * This function will export the RSA private key's parameters found in the given |
647 | * structure. The new parameters will be allocated using | 647 | * structure. The new parameters will be allocated using |
648 | * gnutls_malloc() and will be stored in the appropriate datum. | 648 | * gnutls_malloc() and will be stored in the appropriate datum. |
649 | * | 649 | * |
650 | **/ | 650 | **/ |
651 | int | 651 | int |
652 | gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, | 652 | gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, |
@@ -760,7 +760,7 @@ error:_gnutls_free_datum (m); | |||
760 | * This function will export the DSA private key's parameters found in the given | 760 | * This function will export the DSA private key's parameters found in the given |
761 | * structure. The new parameters will be allocated using | 761 | * structure. The new parameters will be allocated using |
762 | * gnutls_malloc() and will be stored in the appropriate datum. | 762 | * gnutls_malloc() and will be stored in the appropriate datum. |
763 | * | 763 | * |
764 | **/ | 764 | **/ |
765 | int | 765 | int |
766 | gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, | 766 | gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, |
@@ -960,7 +960,7 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params) | |||
960 | goto cleanup; | 960 | goto cleanup; |
961 | } | 961 | } |
962 | 962 | ||
963 | /* Write PRIME | 963 | /* Write PRIME |
964 | */ | 964 | */ |
965 | if ((result = asn1_write_value (*c2, "modulus", m_data, size[0])) | 965 | if ((result = asn1_write_value (*c2, "modulus", m_data, size[0])) |
966 | != ASN1_SUCCESS) | 966 | != ASN1_SUCCESS) |
@@ -1120,7 +1120,7 @@ _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params) | |||
1120 | goto cleanup; | 1120 | goto cleanup; |
1121 | } | 1121 | } |
1122 | 1122 | ||
1123 | /* Write PRIME | 1123 | /* Write PRIME |
1124 | */ | 1124 | */ |
1125 | if ((result = asn1_write_value (*c2, "p", p_data, size[0])) != ASN1_SUCCESS) | 1125 | if ((result = asn1_write_value (*c2, "p", p_data, size[0])) != ASN1_SUCCESS) |
1126 | { | 1126 | { |
@@ -1183,7 +1183,7 @@ cleanup:asn1_delete_structure (c2); | |||
1183 | * @flags: unused for now. Must be 0. | 1183 | * @flags: unused for now. Must be 0. |
1184 | * | 1184 | * |
1185 | * This function will generate a random private key. Note that | 1185 | * This function will generate a random private key. Note that |
1186 | * this function must be called on an empty private key. | 1186 | * this function must be called on an empty private key. |
1187 | * | 1187 | * |
1188 | * Returns 0 on success or a negative value on error. | 1188 | * Returns 0 on success or a negative value on error. |
1189 | * | 1189 | * |
@@ -1409,7 +1409,7 @@ gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key, | |||
1409 | } | 1409 | } |
1410 | 1410 | ||
1411 | result = mhd_gtls_sign (key->pk_algorithm, key->params, | 1411 | result = mhd_gtls_sign (key->pk_algorithm, key->params, |
1412 | key->params_size, hash, signature); | 1412 | key->params_size, hash, signature); |
1413 | if (result < 0) | 1413 | if (result < 0) |
1414 | { | 1414 | { |
1415 | gnutls_assert (); | 1415 | gnutls_assert (); |
diff --git a/src/daemon/https/x509/x509_verify.c b/src/daemon/https/x509/x509_verify.c index 646bdf10..e9d784ce 100644 --- a/src/daemon/https/x509/x509_verify.c +++ b/src/daemon/https/x509/x509_verify.c | |||
@@ -201,7 +201,7 @@ find_issuer (gnutls_x509_crt_t cert, | |||
201 | { | 201 | { |
202 | int i; | 202 | int i; |
203 | 203 | ||
204 | /* this is serial search. | 204 | /* this is serial search. |
205 | */ | 205 | */ |
206 | 206 | ||
207 | for (i = 0; i < tcas_size; i++) | 207 | for (i = 0; i < tcas_size; i++) |
@@ -214,11 +214,11 @@ find_issuer (gnutls_x509_crt_t cert, | |||
214 | return NULL; | 214 | return NULL; |
215 | } | 215 | } |
216 | 216 | ||
217 | /* | 217 | /* |
218 | * Verifies the given certificate again a certificate list of | 218 | * Verifies the given certificate again a certificate list of |
219 | * trusted CAs. | 219 | * trusted CAs. |
220 | * | 220 | * |
221 | * Returns only 0 or 1. If 1 it means that the certificate | 221 | * Returns only 0 or 1. If 1 it means that the certificate |
222 | * was successfuly verified. | 222 | * was successfuly verified. |
223 | * | 223 | * |
224 | * 'flags': an OR of the gnutls_certificate_verify_flags enumeration. | 224 | * 'flags': an OR of the gnutls_certificate_verify_flags enumeration. |
@@ -435,7 +435,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, | |||
435 | clist_size--; | 435 | clist_size--; |
436 | } | 436 | } |
437 | 437 | ||
438 | /* Verify the certificate path (chain) | 438 | /* Verify the certificate path (chain) |
439 | */ | 439 | */ |
440 | for (i = clist_size - 1; i > 0; i--) | 440 | for (i = clist_size - 1; i > 0; i--) |
441 | { | 441 | { |
@@ -465,7 +465,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, | |||
465 | */ | 465 | */ |
466 | static int | 466 | static int |
467 | decode_ber_digest_info (const gnutls_datum_t * info, | 467 | decode_ber_digest_info (const gnutls_datum_t * info, |
468 | enum MHD_GNUTLS_HashAlgorithm * hash, | 468 | enum MHD_GNUTLS_HashAlgorithm *hash, |
469 | opaque * digest, int *digest_size) | 469 | opaque * digest, int *digest_size) |
470 | { | 470 | { |
471 | ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; | 471 | ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; |
@@ -664,7 +664,7 @@ verify_sig (const gnutls_datum_t * tbs, | |||
664 | 664 | ||
665 | /* verifies if the certificate is properly signed. | 665 | /* verifies if the certificate is properly signed. |
666 | * returns 0 on failure and 1 on success. | 666 | * returns 0 on failure and 1 on success. |
667 | * | 667 | * |
668 | * 'tbs' is the signed data | 668 | * 'tbs' is the signed data |
669 | * 'signature' is the signature! | 669 | * 'signature' is the signature! |
670 | */ | 670 | */ |
@@ -707,7 +707,7 @@ _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, | |||
707 | 707 | ||
708 | /* verifies if the certificate is properly signed. | 708 | /* verifies if the certificate is properly signed. |
709 | * returns 0 on failure and 1 on success. | 709 | * returns 0 on failure and 1 on success. |
710 | * | 710 | * |
711 | * 'tbs' is the signed data | 711 | * 'tbs' is the signed data |
712 | * 'signature' is the signature! | 712 | * 'signature' is the signature! |
713 | */ | 713 | */ |
@@ -743,12 +743,12 @@ _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, | |||
743 | * Note that expiration and activation dates are not checked | 743 | * Note that expiration and activation dates are not checked |
744 | * by this function, you should check them using the appropriate functions. | 744 | * by this function, you should check them using the appropriate functions. |
745 | * | 745 | * |
746 | * If no flags are specified (0), this function will use the | 746 | * If no flags are specified (0), this function will use the |
747 | * basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate | 747 | * basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate |
748 | * authority is allowed to sign a certificate. | 748 | * authority is allowed to sign a certificate. |
749 | * | 749 | * |
750 | * You must also check the peer's name in order to check if the verified | 750 | * You must also check the peer's name in order to check if the verified |
751 | * certificate belongs to the actual peer. | 751 | * certificate belongs to the actual peer. |
752 | * | 752 | * |
753 | * The certificate verification output will be put in @verify and will be | 753 | * The certificate verification output will be put in @verify and will be |
754 | * one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd. | 754 | * one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd. |
@@ -774,7 +774,7 @@ gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, | |||
774 | if (cert_list == NULL || cert_list_length == 0) | 774 | if (cert_list == NULL || cert_list_length == 0) |
775 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | 775 | return GNUTLS_E_NO_CERTIFICATE_FOUND; |
776 | 776 | ||
777 | /* Verify certificate | 777 | /* Verify certificate |
778 | */ | 778 | */ |
779 | *verify = _gnutls_x509_verify_certificate (cert_list, cert_list_length, | 779 | *verify = _gnutls_x509_verify_certificate (cert_list, cert_list_length, |
780 | CA_list, CA_list_length, | 780 | CA_list, CA_list_length, |
@@ -792,7 +792,7 @@ gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, | |||
792 | * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. | 792 | * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. |
793 | * @verify: will hold the certificate verification output. | 793 | * @verify: will hold the certificate verification output. |
794 | * | 794 | * |
795 | * This function will try to verify the given certificate and return its status. | 795 | * This function will try to verify the given certificate and return its status. |
796 | * The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID. | 796 | * The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID. |
797 | * | 797 | * |
798 | * Returns 0 on success and a negative value in case of an error. | 798 | * Returns 0 on success and a negative value in case of an error. |
@@ -805,7 +805,7 @@ gnutls_x509_crt_verify (gnutls_x509_crt_t cert, | |||
805 | unsigned int flags, unsigned int *verify) | 805 | unsigned int flags, unsigned int *verify) |
806 | { | 806 | { |
807 | int ret; | 807 | int ret; |
808 | /* Verify certificate | 808 | /* Verify certificate |
809 | */ | 809 | */ |
810 | ret = _gnutls_verify_certificate2 (cert, CA_list, CA_list_length, flags, | 810 | ret = _gnutls_verify_certificate2 (cert, CA_list, CA_list_length, flags, |
811 | verify); | 811 | verify); |
@@ -861,7 +861,7 @@ gnutls_x509_crl_verify (gnutls_x509_crl_t crl, | |||
861 | unsigned int *verify) | 861 | unsigned int *verify) |
862 | { | 862 | { |
863 | int ret; | 863 | int ret; |
864 | /* Verify crl | 864 | /* Verify crl |
865 | */ | 865 | */ |
866 | ret = _gnutls_verify_crl2 (crl, CA_list, CA_list_length, flags, verify); | 866 | ret = _gnutls_verify_crl2 (crl, CA_list, CA_list_length, flags, verify); |
867 | if (ret < 0) | 867 | if (ret < 0) |
@@ -912,7 +912,7 @@ find_crl_issuer (gnutls_x509_crl_t crl, | |||
912 | { | 912 | { |
913 | int i; | 913 | int i; |
914 | 914 | ||
915 | /* this is serial search. | 915 | /* this is serial search. |
916 | */ | 916 | */ |
917 | 917 | ||
918 | for (i = 0; i < tcas_size; i++) | 918 | for (i = 0; i < tcas_size; i++) |
@@ -925,14 +925,14 @@ find_crl_issuer (gnutls_x509_crl_t crl, | |||
925 | return NULL; | 925 | return NULL; |
926 | } | 926 | } |
927 | 927 | ||
928 | /* | 928 | /* |
929 | * Returns only 0 or 1. If 1 it means that the CRL | 929 | * Returns only 0 or 1. If 1 it means that the CRL |
930 | * was successfuly verified. | 930 | * was successfuly verified. |
931 | * | 931 | * |
932 | * 'flags': an OR of the gnutls_certificate_verify_flags enumeration. | 932 | * 'flags': an OR of the gnutls_certificate_verify_flags enumeration. |
933 | * | 933 | * |
934 | * Output will hold information about the verification | 934 | * Output will hold information about the verification |
935 | * procedure. | 935 | * procedure. |
936 | */ | 936 | */ |
937 | static int | 937 | static int |
938 | _gnutls_verify_crl2 (gnutls_x509_crl_t crl, | 938 | _gnutls_verify_crl2 (gnutls_x509_crl_t crl, |
diff --git a/src/daemon/https/x509/x509_write.c b/src/daemon/https/x509/x509_write.c index 944b863c..342e117d 100644 --- a/src/daemon/https/x509/x509_write.c +++ b/src/daemon/https/x509/x509_write.c | |||
@@ -118,7 +118,7 @@ gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt, | |||
118 | } | 118 | } |
119 | 119 | ||
120 | /** | 120 | /** |
121 | * gnutls_x509_crt_set_proxy_dn - Set Proxy Certificate subject's distinguished name | 121 | * gnutls_x509_crt_set_proxy_dn - Set Proxy Certificate subject's distinguished name |
122 | * @crt: a gnutls_x509_crt_t structure with the new proxy cert | 122 | * @crt: a gnutls_x509_crt_t structure with the new proxy cert |
123 | * @eecrt: the end entity certificate that will be issuing the proxy | 123 | * @eecrt: the end entity certificate that will be issuing the proxy |
124 | * @raw_flag: must be 0, or 1 if the CN is DER encoded | 124 | * @raw_flag: must be 0, or 1 if the CN is DER encoded |
@@ -407,7 +407,7 @@ gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca) | |||
407 | * @crt: should contain a gnutls_x509_crt_t structure | 407 | * @crt: should contain a gnutls_x509_crt_t structure |
408 | * @usage: an ORed sequence of the GNUTLS_KEY_* elements. | 408 | * @usage: an ORed sequence of the GNUTLS_KEY_* elements. |
409 | * | 409 | * |
410 | * This function will set the keyUsage certificate extension. | 410 | * This function will set the keyUsage certificate extension. |
411 | * | 411 | * |
412 | * Returns 0 on success. | 412 | * Returns 0 on success. |
413 | * | 413 | * |
@@ -454,7 +454,7 @@ gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, unsigned int usage) | |||
454 | * @type: is one of the gnutls_x509_subject_alt_name_t enumerations | 454 | * @type: is one of the gnutls_x509_subject_alt_name_t enumerations |
455 | * @data_string: The data to be set | 455 | * @data_string: The data to be set |
456 | * | 456 | * |
457 | * This function will set the subject alternative name certificate extension. | 457 | * This function will set the subject alternative name certificate extension. |
458 | * | 458 | * |
459 | * Returns 0 on success. | 459 | * Returns 0 on success. |
460 | * | 460 | * |
@@ -520,7 +520,7 @@ gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, | |||
520 | * and negative values indicate that the pathLenConstraints field should | 520 | * and negative values indicate that the pathLenConstraints field should |
521 | * not be present. | 521 | * not be present. |
522 | * @policyLanguage: OID describing the language of @policy. | 522 | * @policyLanguage: OID describing the language of @policy. |
523 | * @policy: opaque byte array with policy language, can be %NULL | 523 | * @policy: opaque byte array with policy language, can be %NULL |
524 | * @sizeof_policy: size of @policy. | 524 | * @sizeof_policy: size of @policy. |
525 | * | 525 | * |
526 | * This function will set the proxyCertInfo extension. | 526 | * This function will set the proxyCertInfo extension. |
@@ -688,10 +688,10 @@ gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, time_t exp_time) | |||
688 | * @serial: The serial number | 688 | * @serial: The serial number |
689 | * @serial_size: Holds the size of the serial field. | 689 | * @serial_size: Holds the size of the serial field. |
690 | * | 690 | * |
691 | * This function will set the X.509 certificate's serial number. | 691 | * This function will set the X.509 certificate's serial number. |
692 | * Serial is not always a 32 or 64bit number. Some CAs use | 692 | * Serial is not always a 32 or 64bit number. Some CAs use |
693 | * large serial numbers, thus it may be wise to handle it as something | 693 | * large serial numbers, thus it may be wise to handle it as something |
694 | * opaque. | 694 | * opaque. |
695 | * | 695 | * |
696 | * Returns 0 on success, or a negative value in case of an error. | 696 | * Returns 0 on success, or a negative value in case of an error. |
697 | * | 697 | * |
@@ -748,7 +748,7 @@ disable_optional_stuff (gnutls_x509_crt_t cert) | |||
748 | * @data_string: The data to be set | 748 | * @data_string: The data to be set |
749 | * @reason_flags: revocation reasons | 749 | * @reason_flags: revocation reasons |
750 | * | 750 | * |
751 | * This function will set the CRL distribution points certificate extension. | 751 | * This function will set the CRL distribution points certificate extension. |
752 | * | 752 | * |
753 | * Returns 0 on success. | 753 | * Returns 0 on success. |
754 | * | 754 | * |
@@ -814,7 +814,7 @@ gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt, | |||
814 | * @dst: should contain a gnutls_x509_crt_t structure | 814 | * @dst: should contain a gnutls_x509_crt_t structure |
815 | * @src: the certificate where the dist points will be copied from | 815 | * @src: the certificate where the dist points will be copied from |
816 | * | 816 | * |
817 | * This function will copy the CRL distribution points certificate | 817 | * This function will copy the CRL distribution points certificate |
818 | * extension, from the source to the destination certificate. | 818 | * extension, from the source to the destination certificate. |
819 | * This may be useful to copy from a CA certificate to issued ones. | 819 | * This may be useful to copy from a CA certificate to issued ones. |
820 | * | 820 | * |
diff --git a/src/daemon/internal.h b/src/daemon/internal.h index 0fca73d2..940d631f 100644 --- a/src/daemon/internal.h +++ b/src/daemon/internal.h | |||
@@ -279,7 +279,7 @@ enum MHD_CONNECTION_STATE | |||
279 | * Handshake messages will be processed in this state & while | 279 | * Handshake messages will be processed in this state & while |
280 | * in the 'MHD_TLS_HELLO_REQUEST' state | 280 | * in the 'MHD_TLS_HELLO_REQUEST' state |
281 | */ | 281 | */ |
282 | MHD_TLS_CONNECTION_INIT = MHD_CONNECTION_CLOSED +1, | 282 | MHD_TLS_CONNECTION_INIT = MHD_CONNECTION_CLOSED + 1, |
283 | 283 | ||
284 | /* | 284 | /* |
285 | * This state indicates the server has send a 'Hello Request' to | 285 | * This state indicates the server has send a 'Hello Request' to |
@@ -303,7 +303,7 @@ enum MHD_CONNECTION_STATE | |||
303 | #define DEBUG_STATES MHD_NO | 303 | #define DEBUG_STATES MHD_NO |
304 | 304 | ||
305 | #if DEBUG_STATES | 305 | #if DEBUG_STATES |
306 | char * MHD_state_to_string(enum MHD_CONNECTION_STATE state); | 306 | char *MHD_state_to_string (enum MHD_CONNECTION_STATE state); |
307 | #endif | 307 | #endif |
308 | 308 | ||
309 | struct MHD_Connection | 309 | struct MHD_Connection |
@@ -543,9 +543,9 @@ struct MHD_Connection | |||
543 | * function pointers to the appropriate send & receive funtions | 543 | * function pointers to the appropriate send & receive funtions |
544 | * according to whether this is a HTTPS / HTTP daemon | 544 | * according to whether this is a HTTPS / HTTP daemon |
545 | */ | 545 | */ |
546 | ssize_t (*recv_cls) (struct MHD_Connection * connection); | 546 | ssize_t (*recv_cls) (struct MHD_Connection * connection); |
547 | 547 | ||
548 | ssize_t (*send_cls) (struct MHD_Connection * connection); | 548 | ssize_t (*send_cls) (struct MHD_Connection * connection); |
549 | 549 | ||
550 | #if HTTPS_SUPPORT | 550 | #if HTTPS_SUPPORT |
551 | /* TODO rename as this might be an SSL connection */ | 551 | /* TODO rename as this might be an SSL connection */ |
@@ -641,13 +641,13 @@ struct MHD_Daemon | |||
641 | /* Diffie-Hellman parameters */ | 641 | /* Diffie-Hellman parameters */ |
642 | mhd_gtls_dh_params_t dh_params; | 642 | mhd_gtls_dh_params_t dh_params; |
643 | 643 | ||
644 | const char * https_key_path; | 644 | const char *https_key_path; |
645 | 645 | ||
646 | const char * https_cert_path; | 646 | const char *https_cert_path; |
647 | 647 | ||
648 | const char * https_mem_key; | 648 | const char *https_mem_key; |
649 | 649 | ||
650 | const char * https_mem_cert; | 650 | const char *https_mem_cert; |
651 | #endif | 651 | #endif |
652 | }; | 652 | }; |
653 | 653 | ||
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h index 1238d789..c3f55942 100644 --- a/src/include/microhttpd.h +++ b/src/include/microhttpd.h | |||
@@ -280,7 +280,6 @@ enum MHD_FLAG | |||
280 | * MHD, and OFF in production. | 280 | * MHD, and OFF in production. |
281 | */ | 281 | */ |
282 | MHD_USE_PEDANTIC_CHECKS = 32 | 282 | MHD_USE_PEDANTIC_CHECKS = 32 |
283 | |||
284 | }; | 283 | }; |
285 | 284 | ||
286 | /** | 285 | /** |
@@ -373,7 +372,7 @@ enum MHD_OPTION | |||
373 | * This should be used in conjunction with 'MHD_OPTION_HTTPS_MEM_CERT'. | 372 | * This should be used in conjunction with 'MHD_OPTION_HTTPS_MEM_CERT'. |
374 | */ | 373 | */ |
375 | MHD_OPTION_HTTPS_MEM_KEY = 9, | 374 | MHD_OPTION_HTTPS_MEM_KEY = 9, |
376 | 375 | ||
377 | /** | 376 | /** |
378 | * Memory pointer for the certificate (cert.pem) to be used by the | 377 | * Memory pointer for the certificate (cert.pem) to be used by the |
379 | * HTTPS daemon. This option should be followed by an | 378 | * HTTPS daemon. This option should be followed by an |
@@ -392,16 +391,16 @@ enum MHD_OPTION | |||
392 | /** | 391 | /** |
393 | * SSL/TLS protocol version. | 392 | * SSL/TLS protocol version. |
394 | * | 393 | * |
395 | * Memory pointer to a zero (MHD_GNUTLS_PROTOCOL_END) terminated | 394 | * Memory pointer to a zero (MHD_GNUTLS_PROTOCOL_END) terminated |
396 | * (const) array of 'enum MHD_GNUTLS_Protocol' values representing the | 395 | * (const) array of 'enum MHD_GNUTLS_Protocol' values representing the |
397 | * protocol versions to this server should support. Unsupported | 396 | * protocol versions to this server should support. Unsupported |
398 | * requests will be droped by the server. | 397 | * requests will be droped by the server. |
399 | */ | 398 | */ |
400 | MHD_OPTION_PROTOCOL_VERSION = 12, | 399 | MHD_OPTION_PROTOCOL_VERSION = 12, |
401 | 400 | ||
402 | /** | 401 | /** |
403 | * Memory pointer to a zero (MHD_GNUTLS_CIPHER_UNKNOWN) | 402 | * Memory pointer to a zero (MHD_GNUTLS_CIPHER_UNKNOWN) |
404 | * terminated (const) array of 'enum MHD_GNUTLS_CipherAlgorithm' | 403 | * terminated (const) array of 'enum MHD_GNUTLS_CipherAlgorithm' |
405 | * representing the cipher priority order to which the HTTPS | 404 | * representing the cipher priority order to which the HTTPS |
406 | * daemon should adhere. | 405 | * daemon should adhere. |
407 | */ | 406 | */ |
@@ -421,7 +420,7 @@ enum MHD_OPTION | |||
421 | MHD_OPTION_CERT_TYPE = 15, | 420 | MHD_OPTION_CERT_TYPE = 15, |
422 | 421 | ||
423 | /** | 422 | /** |
424 | * Specify the mac algorithm used by server. | 423 | * Specify the mac algorithm used by server. |
425 | * The argument should be of type "enum MHD_GNUTLS_MacAlgorithm" | 424 | * The argument should be of type "enum MHD_GNUTLS_MacAlgorithm" |
426 | */ | 425 | */ |
427 | MHD_OPTION_MAC_ALGO = 16, | 426 | MHD_OPTION_MAC_ALGO = 16, |
@@ -481,7 +480,6 @@ enum MHD_ValueKind | |||
481 | * HTTP footer (only for http 1.1 chunked encodings). | 480 | * HTTP footer (only for http 1.1 chunked encodings). |
482 | */ | 481 | */ |
483 | MHD_FOOTER_KIND = 16 | 482 | MHD_FOOTER_KIND = 16 |
484 | |||
485 | }; | 483 | }; |
486 | 484 | ||
487 | /** | 485 | /** |
@@ -519,13 +517,12 @@ enum MHD_RequestTerminationCode | |||
519 | /* FIXME: add TLS-specific error codes, | 517 | /* FIXME: add TLS-specific error codes, |
520 | but only those that are useful! */ | 518 | but only those that are useful! */ |
521 | /** | 519 | /** |
522 | * Processing of this secure connection encountered | 520 | * Processing of this secure connection encountered |
523 | * an error. | 521 | * an error. |
524 | */ | 522 | */ |
525 | MHD_TLS_REQUEST_TERMINATED_WITH_ERROR, | 523 | MHD_TLS_REQUEST_TERMINATED_WITH_ERROR, |
526 | |||
527 | MHD_TLS_REQUEST_TERMINATED_WITH_FATAL_ALERT | ||
528 | 524 | ||
525 | MHD_TLS_REQUEST_TERMINATED_WITH_FATAL_ALERT | ||
529 | }; | 526 | }; |
530 | 527 | ||
531 | /** | 528 | /** |
@@ -546,7 +543,7 @@ enum MHD_GNUTLS_CipherAlgorithm | |||
546 | MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, | 543 | MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, |
547 | MHD_GNUTLS_CIPHER_RC2_40_CBC = 90, | 544 | MHD_GNUTLS_CIPHER_RC2_40_CBC = 90, |
548 | MHD_GNUTLS_CIPHER_DES_CBC | 545 | MHD_GNUTLS_CIPHER_DES_CBC |
549 | }; // enum MHD_GNUTLS_CipherAlgorithm; | 546 | }; // enum MHD_GNUTLS_CipherAlgorithm; |
550 | 547 | ||
551 | /** | 548 | /** |
552 | * Which public key algorithm should be used | 549 | * Which public key algorithm should be used |
@@ -568,7 +565,7 @@ enum MHD_GNUTLS_KeyExchangeAlgorithm | |||
568 | }; | 565 | }; |
569 | 566 | ||
570 | /** | 567 | /** |
571 | * Server credentials type | 568 | * Server credentials type |
572 | */ | 569 | */ |
573 | enum MHD_GNUTLS_CredentialsType | 570 | enum MHD_GNUTLS_CredentialsType |
574 | { | 571 | { |
@@ -590,8 +587,8 @@ enum MHD_GNUTLS_HashAlgorithm | |||
590 | MHD_GNUTLS_MAC_MD5, | 587 | MHD_GNUTLS_MAC_MD5, |
591 | MHD_GNUTLS_MAC_SHA1, | 588 | MHD_GNUTLS_MAC_SHA1, |
592 | MHD_GNUTLS_MAC_SHA256 | 589 | MHD_GNUTLS_MAC_SHA256 |
593 | //GNUTLS_MAC_SHA384, | 590 | //GNUTLS_MAC_SHA384, |
594 | //GNUTLS_MAC_SHA512 | 591 | //GNUTLS_MAC_SHA512 |
595 | }; | 592 | }; |
596 | 593 | ||
597 | /** | 594 | /** |
@@ -630,7 +627,7 @@ enum MHD_GNUTLS_PublicKeyAlgorithm | |||
630 | { | 627 | { |
631 | MHD_GNUTLS_PK_UNKNOWN = 0, | 628 | MHD_GNUTLS_PK_UNKNOWN = 0, |
632 | MHD_GNUTLS_PK_RSA = 1 | 629 | MHD_GNUTLS_PK_RSA = 1 |
633 | //GNUTLS_PK_DSA | 630 | //GNUTLS_PK_DSA |
634 | }; | 631 | }; |
635 | 632 | ||
636 | /** | 633 | /** |
@@ -906,18 +903,18 @@ typedef int | |||
906 | * terminated with MHD_OPTION_END). | 903 | * terminated with MHD_OPTION_END). |
907 | * @return NULL on error, handle to daemon on success | 904 | * @return NULL on error, handle to daemon on success |
908 | */ | 905 | */ |
909 | struct MHD_Daemon * | 906 | struct MHD_Daemon *MHD_start_daemon_va (unsigned int options, |
910 | MHD_start_daemon_va (unsigned int options, | 907 | unsigned short port, |
911 | unsigned short port, | 908 | MHD_AcceptPolicyCallback apc, |
912 | MHD_AcceptPolicyCallback apc, | 909 | void *apc_cls, |
913 | void *apc_cls, | 910 | MHD_AccessHandlerCallback dh, |
914 | MHD_AccessHandlerCallback dh, void *dh_cls, va_list ap); | 911 | void *dh_cls, va_list ap); |
915 | 912 | ||
916 | /* | 913 | /* |
917 | * Variadic version of MHD_start_daemon_va. This function will delegate calls | 914 | * Variadic version of MHD_start_daemon_va. This function will delegate calls |
918 | * to MHD_start_daemon_va() once argument list is analyzed. | 915 | * to MHD_start_daemon_va() once argument list is analyzed. |
919 | */ | 916 | */ |
920 | struct MHD_Daemon * MHD_start_daemon (unsigned int flags, | 917 | struct MHD_Daemon *MHD_start_daemon (unsigned int flags, |
921 | unsigned short port, | 918 | unsigned short port, |
922 | MHD_AcceptPolicyCallback apc, | 919 | MHD_AcceptPolicyCallback apc, |
923 | void *apc_cls, | 920 | void *apc_cls, |
@@ -1014,9 +1011,8 @@ MHD_get_connection_values (struct MHD_Connection *connection, | |||
1014 | */ | 1011 | */ |
1015 | int | 1012 | int |
1016 | MHD_set_connection_value (struct MHD_Connection *connection, | 1013 | MHD_set_connection_value (struct MHD_Connection *connection, |
1017 | enum MHD_ValueKind kind, | 1014 | enum MHD_ValueKind kind, |
1018 | const char *key, | 1015 | const char *key, const char *value); |
1019 | const char *value); | ||
1020 | 1016 | ||
1021 | /** | 1017 | /** |
1022 | * Get a particular header value. If multiple | 1018 | * Get a particular header value. If multiple |
@@ -1129,7 +1125,7 @@ MHD_get_response_headers (struct MHD_Response *response, | |||
1129 | * @param key which header to get | 1125 | * @param key which header to get |
1130 | * @return NULL if header does not exist | 1126 | * @return NULL if header does not exist |
1131 | */ | 1127 | */ |
1132 | const char * MHD_get_response_header (struct MHD_Response *response, | 1128 | const char *MHD_get_response_header (struct MHD_Response *response, |
1133 | const char *key); | 1129 | const char *key); |
1134 | 1130 | ||
1135 | 1131 | ||
@@ -1211,10 +1207,11 @@ union MHD_ConnectionInfo | |||
1211 | * @return NULL if this information is not available | 1207 | * @return NULL if this information is not available |
1212 | * (or if the infoType is unknown) | 1208 | * (or if the infoType is unknown) |
1213 | */ | 1209 | */ |
1214 | const union MHD_ConnectionInfo * | 1210 | const union MHD_ConnectionInfo *MHD_get_connection_info (struct MHD_Connection |
1215 | MHD_get_connection_info (struct MHD_Connection * connection, | 1211 | *connection, |
1216 | enum MHD_ConnectionInfoType infoType, | 1212 | enum |
1217 | ...); | 1213 | MHD_ConnectionInfoType |
1214 | infoType, ...); | ||
1218 | 1215 | ||
1219 | 1216 | ||
1220 | /** | 1217 | /** |
@@ -1242,10 +1239,9 @@ union MHD_DaemonInfo | |||
1242 | * @return NULL if this information is not available | 1239 | * @return NULL if this information is not available |
1243 | * (or if the infoType is unknown) | 1240 | * (or if the infoType is unknown) |
1244 | */ | 1241 | */ |
1245 | const union MHD_DaemonInfo * | 1242 | const union MHD_DaemonInfo *MHD_get_daemon_info (struct MHD_Daemon *daemon, |
1246 | MHD_get_daemon_info (struct MHD_Daemon * daemon, | 1243 | enum MHD_DaemonInfoType |
1247 | enum MHD_DaemonInfoType infoType, | 1244 | infoType, ...); |
1248 | ...); | ||
1249 | 1245 | ||
1250 | #if 0 /* keep Emacsens' auto-indent happy */ | 1246 | #if 0 /* keep Emacsens' auto-indent happy */ |
1251 | { | 1247 | { |
diff --git a/src/include/platform.h b/src/include/platform.h index 3e81a4f6..a4a16f21 100644 --- a/src/include/platform.h +++ b/src/include/platform.h | |||
@@ -26,7 +26,7 @@ | |||
26 | * before "microhttpd.h"; it provides the required | 26 | * before "microhttpd.h"; it provides the required |
27 | * standard headers (which are platform-specific).<p> | 27 | * standard headers (which are platform-specific).<p> |
28 | * | 28 | * |
29 | * Note that this file depends on our configure.ac | 29 | * Note that this file depends on our configure.ac |
30 | * build process and the generated config.h file. | 30 | * build process and the generated config.h file. |
31 | * Hence you cannot include it directly in applications | 31 | * Hence you cannot include it directly in applications |
32 | * that use libmicrohttpd. | 32 | * that use libmicrohttpd. |
diff --git a/src/testcurl/https/mhds_session_info_test.c b/src/testcurl/https/mhds_session_info_test.c index 2c8f37c2..1fe8cde3 100644 --- a/src/testcurl/https/mhds_session_info_test.c +++ b/src/testcurl/https/mhds_session_info_test.c | |||
@@ -69,8 +69,8 @@ query_session_ahc (void *cls, struct MHD_Connection *connection, | |||
69 | int ret; | 69 | int ret; |
70 | 70 | ||
71 | /* assert actual connection cipher is the one negotiated */ | 71 | /* assert actual connection cipher is the one negotiated */ |
72 | if (MHD_get_session_info (connection, MHS_INFO_CIPHER_ALGO). | 72 | if (MHD_get_session_info (connection, MHS_INFO_CIPHER_ALGO).cipher_algorithm |
73 | cipher_algorithm != MHD_GNUTLS_CIPHER_AES_256_CBC) | 73 | != MHD_GNUTLS_CIPHER_AES_256_CBC) |
74 | { | 74 | { |
75 | fprintf (stderr, "Error: requested cipher mismatch. %s\n", | 75 | fprintf (stderr, "Error: requested cipher mismatch. %s\n", |
76 | strerror (errno)); | 76 | strerror (errno)); |
@@ -85,16 +85,18 @@ query_session_ahc (void *cls, struct MHD_Connection *connection, | |||
85 | return -1; | 85 | return -1; |
86 | } | 86 | } |
87 | 87 | ||
88 | if (MHD_get_session_info (connection, MHD_INFO_MAC_ALGO). | 88 | if (MHD_get_session_info (connection, MHD_INFO_MAC_ALGO).mac_algorithm != |
89 | mac_algorithm != MHD_GNUTLS_MAC_SHA1) | 89 | MHD_GNUTLS_MAC_SHA1) |
90 | { | 90 | { |
91 | fprintf (stderr, "Error: requested mac algorithm mismatch. %s\n", | 91 | fprintf (stderr, "Error: requested mac algorithm mismatch. %s\n", |
92 | strerror (errno)); | 92 | strerror (errno)); |
93 | return -1; | 93 | return -1; |
94 | } | 94 | } |
95 | 95 | ||
96 | if (MHD_get_session_info (connection, MHD_INFO_COMPRESSION_METHOD). | 96 | if (MHD_get_session_info |
97 | compression_method != MHD_GNUTLS_COMP_NULL) | 97 | (connection, |
98 | MHD_INFO_COMPRESSION_METHOD).compression_method != | ||
99 | MHD_GNUTLS_COMP_NULL) | ||
98 | { | 100 | { |
99 | fprintf (stderr, "Error: requested compression mismatch. %s\n", | 101 | fprintf (stderr, "Error: requested compression mismatch. %s\n", |
100 | strerror (errno)); | 102 | strerror (errno)); |
@@ -109,16 +111,18 @@ query_session_ahc (void *cls, struct MHD_Connection *connection, | |||
109 | return -1; | 111 | return -1; |
110 | } | 112 | } |
111 | 113 | ||
112 | if (MHD_get_session_info (connection, MHD_INFO_CERT_TYPE). | 114 | if (MHD_get_session_info (connection, MHD_INFO_CERT_TYPE).certificate_type |
113 | certificate_type != MHD_GNUTLS_CRT_X509) | 115 | != MHD_GNUTLS_CRT_X509) |
114 | { | 116 | { |
115 | fprintf (stderr, "Error: requested certificate mismatch. %s\n", | 117 | fprintf (stderr, "Error: requested certificate mismatch. %s\n", |
116 | strerror (errno)); | 118 | strerror (errno)); |
117 | return -1; | 119 | return -1; |
118 | } | 120 | } |
119 | 121 | ||
120 | if (MHD_get_session_info (connection, MHD_INFO_CREDENTIALS_TYPE). | 122 | if (MHD_get_session_info |
121 | credentials_type != MHD_GNUTLS_CRD_CERTIFICATE) | 123 | (connection, |
124 | MHD_INFO_CREDENTIALS_TYPE).credentials_type != | ||
125 | MHD_GNUTLS_CRD_CERTIFICATE) | ||
122 | { | 126 | { |
123 | fprintf (stderr, "Error: requested certificate mismatch. %s\n", | 127 | fprintf (stderr, "Error: requested certificate mismatch. %s\n", |
124 | strerror (errno)); | 128 | strerror (errno)); |
diff --git a/src/testcurl/https/tls_alert_test.c b/src/testcurl/https/tls_alert_test.c index 50fcc677..34ab883f 100644 --- a/src/testcurl/https/tls_alert_test.c +++ b/src/testcurl/https/tls_alert_test.c | |||
@@ -62,16 +62,16 @@ setup (mhd_gtls_session_t * session, | |||
62 | gnutls_datum_t * cert, mhd_gtls_cert_credentials_t * xcred) | 62 | gnutls_datum_t * cert, mhd_gtls_cert_credentials_t * xcred) |
63 | { | 63 | { |
64 | int ret; | 64 | int ret; |
65 | const char ** err_pos; | 65 | const char **err_pos; |
66 | 66 | ||
67 | MHD_gnutls_certificate_allocate_credentials (xcred); | 67 | MHD_gnutls_certificate_allocate_credentials (xcred); |
68 | 68 | ||
69 | mhd_gtls_set_datum_m (key, srv_key_pem, strlen (srv_key_pem), &malloc); | 69 | mhd_gtls_set_datum_m (key, srv_key_pem, strlen (srv_key_pem), &malloc); |
70 | mhd_gtls_set_datum_m (cert, srv_self_signed_cert_pem, | 70 | mhd_gtls_set_datum_m (cert, srv_self_signed_cert_pem, |
71 | strlen (srv_self_signed_cert_pem), &malloc); | 71 | strlen (srv_self_signed_cert_pem), &malloc); |
72 | 72 | ||
73 | MHD_gnutls_certificate_set_x509_key_mem (*xcred, cert, key, | 73 | MHD_gnutls_certificate_set_x509_key_mem (*xcred, cert, key, |
74 | GNUTLS_X509_FMT_PEM); | 74 | GNUTLS_X509_FMT_PEM); |
75 | 75 | ||
76 | MHD_gnutls_init (session, GNUTLS_CLIENT); | 76 | MHD_gnutls_init (session, GNUTLS_CLIENT); |
77 | ret = MHD_gnutls_priority_set_direct (*session, "NORMAL", err_pos); | 77 | ret = MHD_gnutls_priority_set_direct (*session, "NORMAL", err_pos); |
@@ -166,7 +166,8 @@ test_alert_unexpected_message (mhd_gtls_session_t session) | |||
166 | sa.sin_port = htons (42433); | 166 | sa.sin_port = htons (42433); |
167 | inet_pton (AF_INET, "127.0.0.1", &sa.sin_addr); | 167 | inet_pton (AF_INET, "127.0.0.1", &sa.sin_addr); |
168 | 168 | ||
169 | MHD_gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) ((void *) sd)); | 169 | MHD_gnutls_transport_set_ptr (session, |
170 | (gnutls_transport_ptr_t) ((void *) sd)); | ||
170 | 171 | ||
171 | ret = connect (sd, &sa, sizeof (struct sockaddr_in)); | 172 | ret = connect (sd, &sa, sizeof (struct sockaddr_in)); |
172 | 173 | ||
@@ -182,7 +183,8 @@ test_alert_unexpected_message (mhd_gtls_session_t session) | |||
182 | return -1; | 183 | return -1; |
183 | } | 184 | } |
184 | 185 | ||
185 | MHD_gnutls_alert_send (session, GNUTLS_AL_FATAL, GNUTLS_A_UNEXPECTED_MESSAGE); | 186 | MHD_gnutls_alert_send (session, GNUTLS_AL_FATAL, |
187 | GNUTLS_A_UNEXPECTED_MESSAGE); | ||
186 | usleep (100); | 188 | usleep (100); |
187 | 189 | ||
188 | /* TODO better RST trigger */ | 190 | /* TODO better RST trigger */ |
diff --git a/src/testcurl/https/tls_authentication_test.c b/src/testcurl/https/tls_authentication_test.c index 77990c0e..82c3a0a3 100644 --- a/src/testcurl/https/tls_authentication_test.c +++ b/src/testcurl/https/tls_authentication_test.c | |||
@@ -227,7 +227,7 @@ test_secure_get (FILE * test_fd, char *cipher_suite, int proto_version) | |||
227 | int ret; | 227 | int ret; |
228 | struct MHD_Daemon *d; | 228 | struct MHD_Daemon *d; |
229 | 229 | ||
230 | d = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | | 230 | d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | |
231 | MHD_USE_DEBUG, 42433, | 231 | MHD_USE_DEBUG, 42433, |
232 | NULL, NULL, &http_ahc, NULL, | 232 | NULL, NULL, &http_ahc, NULL, |
233 | MHD_OPTION_HTTPS_MEM_KEY, srv_signed_key_pem, | 233 | MHD_OPTION_HTTPS_MEM_KEY, srv_signed_key_pem, |
diff --git a/src/testcurl/https/tls_cipher_change_test.c b/src/testcurl/https/tls_cipher_change_test.c index 2446d716..cbd832e4 100644 --- a/src/testcurl/https/tls_cipher_change_test.c +++ b/src/testcurl/https/tls_cipher_change_test.c | |||
@@ -70,10 +70,10 @@ setup (mhd_gtls_session_t * session, | |||
70 | 70 | ||
71 | mhd_gtls_set_datum_m (key, srv_key_pem, strlen (srv_key_pem), &malloc); | 71 | mhd_gtls_set_datum_m (key, srv_key_pem, strlen (srv_key_pem), &malloc); |
72 | mhd_gtls_set_datum_m (cert, srv_self_signed_cert_pem, | 72 | mhd_gtls_set_datum_m (cert, srv_self_signed_cert_pem, |
73 | strlen (srv_self_signed_cert_pem), &malloc); | 73 | strlen (srv_self_signed_cert_pem), &malloc); |
74 | 74 | ||
75 | MHD_gnutls_certificate_set_x509_key_mem (*xcred, cert, key, | 75 | MHD_gnutls_certificate_set_x509_key_mem (*xcred, cert, key, |
76 | GNUTLS_X509_FMT_PEM); | 76 | GNUTLS_X509_FMT_PEM); |
77 | 77 | ||
78 | MHD_gnutls_init (session, GNUTLS_CLIENT); | 78 | MHD_gnutls_init (session, GNUTLS_CLIENT); |
79 | ret = MHD_gnutls_priority_set_direct (*session, "NORMAL", err_pos); | 79 | ret = MHD_gnutls_priority_set_direct (*session, "NORMAL", err_pos); |
diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c index 1418dac0..556d6684 100644 --- a/src/testcurl/https/tls_daemon_options_test.c +++ b/src/testcurl/https/tls_daemon_options_test.c | |||
@@ -463,11 +463,10 @@ main (int argc, char *const *argv) | |||
463 | MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_KX_PRIORITY, | 463 | MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_KX_PRIORITY, |
464 | kx, MHD_OPTION_END); | 464 | kx, MHD_OPTION_END); |
465 | errorCount += | 465 | errorCount += |
466 | test_wrap ("ADH-AES256-SHA", &test_https_transfer, test_fd, | 466 | test_wrap ("ADH-AES256-SHA", &test_https_transfer, test_fd, |
467 | "ADH-AES256-SHA", CURL_SSLVERSION_TLSv1, | 467 | "ADH-AES256-SHA", CURL_SSLVERSION_TLSv1, |
468 | MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON, | 468 | MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON, |
469 | MHD_OPTION_KX_PRIORITY, | 469 | MHD_OPTION_KX_PRIORITY, kx, MHD_OPTION_END); |
470 | kx, MHD_OPTION_END); | ||
471 | 470 | ||
472 | if (errorCount != 0) | 471 | if (errorCount != 0) |
473 | fprintf (stderr, "Failed test: %s.\n", argv[0]); | 472 | fprintf (stderr, "Failed test: %s.\n", argv[0]); |
diff --git a/src/testcurl/https/tls_session_time_out_test.c b/src/testcurl/https/tls_session_time_out_test.c index e9679b81..37d28656 100644 --- a/src/testcurl/https/tls_session_time_out_test.c +++ b/src/testcurl/https/tls_session_time_out_test.c | |||
@@ -66,10 +66,10 @@ setup (mhd_gtls_session_t * session, | |||
66 | 66 | ||
67 | mhd_gtls_set_datum_m (key, srv_key_pem, strlen (srv_key_pem), &malloc); | 67 | mhd_gtls_set_datum_m (key, srv_key_pem, strlen (srv_key_pem), &malloc); |
68 | mhd_gtls_set_datum_m (cert, srv_self_signed_cert_pem, | 68 | mhd_gtls_set_datum_m (cert, srv_self_signed_cert_pem, |
69 | strlen (srv_self_signed_cert_pem), &malloc); | 69 | strlen (srv_self_signed_cert_pem), &malloc); |
70 | 70 | ||
71 | MHD_gnutls_certificate_set_x509_key_mem (*xcred, cert, key, | 71 | MHD_gnutls_certificate_set_x509_key_mem (*xcred, cert, key, |
72 | GNUTLS_X509_FMT_PEM); | 72 | GNUTLS_X509_FMT_PEM); |
73 | 73 | ||
74 | MHD_gnutls_init (session, GNUTLS_CLIENT); | 74 | MHD_gnutls_init (session, GNUTLS_CLIENT); |
75 | ret = MHD_gnutls_priority_set_direct (*session, "NORMAL", err_pos); | 75 | ret = MHD_gnutls_priority_set_direct (*session, "NORMAL", err_pos); |
@@ -152,7 +152,7 @@ main (int argc, char *const *argv) | |||
152 | MHD_gnutls_global_init (); | 152 | MHD_gnutls_global_init (); |
153 | MHD_gtls_global_set_log_level (11); | 153 | MHD_gtls_global_set_log_level (11); |
154 | 154 | ||
155 | d = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | | 155 | d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | |
156 | MHD_USE_DEBUG, 42433, | 156 | MHD_USE_DEBUG, 42433, |
157 | NULL, NULL, &http_ahc, NULL, | 157 | NULL, NULL, &http_ahc, NULL, |
158 | MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT, | 158 | MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT, |
diff --git a/src/testcurl/https/tls_test_keys.h b/src/testcurl/https/tls_test_keys.h index 871f99b1..7d7dac67 100644 --- a/src/testcurl/https/tls_test_keys.h +++ b/src/testcurl/https/tls_test_keys.h | |||
@@ -24,106 +24,104 @@ | |||
24 | 24 | ||
25 | /* Certificate Authority key */ | 25 | /* Certificate Authority key */ |
26 | const char ca_key_pem[] = | 26 | const char ca_key_pem[] = |
27 | "-----BEGIN RSA PRIVATE KEY-----\n" | 27 | "-----BEGIN RSA PRIVATE KEY-----\n" |
28 | "MIIEowIBAAKCAQEAthkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3\n" | 28 | "MIIEowIBAAKCAQEAthkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3\n" |
29 | "JeszCWwDgzw5Ac4o2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdu\n" | 29 | "JeszCWwDgzw5Ac4o2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdu\n" |
30 | "jxdJPGfakZTktRAA3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqV\n" | 30 | "jxdJPGfakZTktRAA3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqV\n" |
31 | "FXRaDmoLWkmxplKz6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlY\n" | 31 | "FXRaDmoLWkmxplKz6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlY\n" |
32 | "JhjkTk1u75HP41yQC6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb\n" | 32 | "JhjkTk1u75HP41yQC6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb\n" |
33 | "625+lHQpH4nfzGcna/RFok6xRpjZu7mB3t7XGwIDAQABAoIBABhD2x5/RHn5uFsI\n" | 33 | "625+lHQpH4nfzGcna/RFok6xRpjZu7mB3t7XGwIDAQABAoIBABhD2x5/RHn5uFsI\n" |
34 | "bwv07SwXhsnyAmoru89rjphYe1FOVBDcsa2W2tUtlIY/VyVbcGw0j+APnvy9EUJ6\n" | 34 | "bwv07SwXhsnyAmoru89rjphYe1FOVBDcsa2W2tUtlIY/VyVbcGw0j+APnvy9EUJ6\n" |
35 | "cMrwsKEBgk1oT4CIwkmGmjpXUCCkF8Wl99CPfM3U1PZDTfqmqEbCRx+KktP8Sq+m\n" | 35 | "cMrwsKEBgk1oT4CIwkmGmjpXUCCkF8Wl99CPfM3U1PZDTfqmqEbCRx+KktP8Sq+m\n" |
36 | "/YryyNjbracnNilmIMq9V6+YWbm7kJHRLVQWHqh/ljji+kCx5y9VII7HYz4217Er\n" | 36 | "/YryyNjbracnNilmIMq9V6+YWbm7kJHRLVQWHqh/ljji+kCx5y9VII7HYz4217Er\n" |
37 | "I5HrnPJodmYrH5Tj8Hj9NY7Ok/IeqD186fPuYH/qf9zWcyg7aa0rTPt/E4XjeOjU\n" | 37 | "I5HrnPJodmYrH5Tj8Hj9NY7Ok/IeqD186fPuYH/qf9zWcyg7aa0rTPt/E4XjeOjU\n" |
38 | "kxb68+Ybozm0EY1ypa1Yxf3B4hkyrlQ5lfzDSBKqvQkGA92yNDPYiZX71nDHDj9H\n" | 38 | "kxb68+Ybozm0EY1ypa1Yxf3B4hkyrlQ5lfzDSBKqvQkGA92yNDPYiZX71nDHDj9H\n" |
39 | "wf8tWlECgYEAxN8bnMXzmGLbNJUQFuEFBCDFE/tAMhBWcN6eyupIwyXXNA8/xGnJ\n" | 39 | "wf8tWlECgYEAxN8bnMXzmGLbNJUQFuEFBCDFE/tAMhBWcN6eyupIwyXXNA8/xGnJ\n" |
40 | "rYO4U08YrgvQ6d71xLXAJnsypeJ3FsyIXDar21o5DwVj1ON0nW6xuXsfQWYGEsXm\n" | 40 | "rYO4U08YrgvQ6d71xLXAJnsypeJ3FsyIXDar21o5DwVj1ON0nW6xuXsfQWYGEsXm\n" |
41 | "fDVf4LVO+P58uAnM3+lKXWMwsw7/ja9VECrOvfTlf7CwwIPfmRzxZEMCgYEA7Mn+\n" | 41 | "fDVf4LVO+P58uAnM3+lKXWMwsw7/ja9VECrOvfTlf7CwwIPfmRzxZEMCgYEA7Mn+\n" |
42 | "PBO352EXzXbGTuLY9iFXo3GL4EXB2nbkXBdTxEbPl+ICjg/1MPtRN9l03y8l06/G\n" | 42 | "PBO352EXzXbGTuLY9iFXo3GL4EXB2nbkXBdTxEbPl+ICjg/1MPtRN9l03y8l06/G\n" |
43 | "MpbxkpPnSXdjXQ1fgXfG9FuKS89BNUfoEfG/3015w49ZAcBYRmvCSGTspu/hshdQ\n" | 43 | "MpbxkpPnSXdjXQ1fgXfG9FuKS89BNUfoEfG/3015w49ZAcBYRmvCSGTspu/hshdQ\n" |
44 | "iom2AFy2aRXfvsoUlePRccs1/7RKclK7ahfdwEkCgYBXQOLGCt25rialGWO2ICjO\n" | 44 | "iom2AFy2aRXfvsoUlePRccs1/7RKclK7ahfdwEkCgYBXQOLGCt25rialGWO2ICjO\n" |
45 | "+Y8fGf4Lsj39bE1IdammBAFrK08ByDkAVB6/nZC8orQG0zBt7HerFnMOHl7VlfTh\n" | 45 | "+Y8fGf4Lsj39bE1IdammBAFrK08ByDkAVB6/nZC8orQG0zBt7HerFnMOHl7VlfTh\n" |
46 | "mcF1SHl9dNAYLG8kz0ipgi4KGCOc8mUCq81AlFrZ9EBmeMF6g7TXyvxsf7s3mnvC\n" | 46 | "mcF1SHl9dNAYLG8kz0ipgi4KGCOc8mUCq81AlFrZ9EBmeMF6g7TXyvxsf7s3mnvC\n" |
47 | "3JYgjoegnjjYOhpBjBhYbQKBgQCpwJmBakVyG/obcyXx0dDmirqwUquLaZbyzj8i\n" | 47 | "3JYgjoegnjjYOhpBjBhYbQKBgQCpwJmBakVyG/obcyXx0dDmirqwUquLaZbyzj8i\n" |
48 | "AhssX/NdGErqm2gU6GauWjfd9IfyvVWiWPHwOhYaZfuW7wpj34GDFskLVhaSYu1t\n" | 48 | "AhssX/NdGErqm2gU6GauWjfd9IfyvVWiWPHwOhYaZfuW7wpj34GDFskLVhaSYu1t\n" |
49 | "R9lc9cbwOqj9h24Bdik/CxNZDinIKcy0tMsEcXLX3TWdKnQdjMhPAvbATPj+Am+X\n" | 49 | "R9lc9cbwOqj9h24Bdik/CxNZDinIKcy0tMsEcXLX3TWdKnQdjMhPAvbATPj+Am+X\n" |
50 | "PGrd+QKBgF5U2i0d2Mgw/JmlVCY79uD9eERivF5HLOYv3XUr9N1/bgIqKSQnrKJC\n" | 50 | "PGrd+QKBgF5U2i0d2Mgw/JmlVCY79uD9eERivF5HLOYv3XUr9N1/bgIqKSQnrKJC\n" |
51 | "pXC+ZHP9yTmcznwFkbMbJ9cTwMVU1n+hguvyjIJHmmeGrpBuaiT4HwPgV6IZY3N2\n" | 51 | "pXC+ZHP9yTmcznwFkbMbJ9cTwMVU1n+hguvyjIJHmmeGrpBuaiT4HwPgV6IZY3N2\n" |
52 | "a05cOyYYE3I7h9fQs1MfZRK44rRiXycwb+HA4lwuFWTI7h5qdc/U\n" | 52 | "a05cOyYYE3I7h9fQs1MfZRK44rRiXycwb+HA4lwuFWTI7h5qdc/U\n" |
53 | "-----END RSA PRIVATE KEY-----\n"; | 53 | "-----END RSA PRIVATE KEY-----\n"; |
54 | 54 | ||
55 | /* Certificate Authority cert */ | 55 | /* Certificate Authority cert */ |
56 | const char ca_cert_pem[] = | 56 | const char ca_cert_pem[] = |
57 | "-----BEGIN CERTIFICATE-----\n" | 57 | "-----BEGIN CERTIFICATE-----\n" |
58 | "MIIC6DCCAdKgAwIBAgIESJ2sXDALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" | 58 | "MIIC6DCCAdKgAwIBAgIESJ2sXDALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" |
59 | "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAyOFoXDTA5MDgwOTE0NDAyOFowFzEVMBMG\n" | 59 | "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAyOFoXDTA5MDgwOTE0NDAyOFowFzEVMBMG\n" |
60 | "A1UEAxMMdGVzdF9jYV9jZXJ0MIIBHzALBgkqhkiG9w0BAQEDggEOADCCAQkCggEA\n" | 60 | "A1UEAxMMdGVzdF9jYV9jZXJ0MIIBHzALBgkqhkiG9w0BAQEDggEOADCCAQkCggEA\n" |
61 | "thkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3JeszCWwDgzw5Ac4o\n" | 61 | "thkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3JeszCWwDgzw5Ac4o\n" |
62 | "2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdujxdJPGfakZTktRAA\n" | 62 | "2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdujxdJPGfakZTktRAA\n" |
63 | "3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqVFXRaDmoLWkmxplKz\n" | 63 | "3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqVFXRaDmoLWkmxplKz\n" |
64 | "6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlYJhjkTk1u75HP41yQ\n" | 64 | "6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlYJhjkTk1u75HP41yQ\n" |
65 | "C6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb625+lHQpH4nfzGcn\n" | 65 | "C6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb625+lHQpH4nfzGcn\n" |
66 | "a/RFok6xRpjZu7mB3t7XGwIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n" | 66 | "a/RFok6xRpjZu7mB3t7XGwIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n" |
67 | "DwEB/wQFAwMHBAAwHQYDVR0OBBYEFGTWojUUrKbS/Uid9S3hPxmgKeaxMAsGCSqG\n" | 67 | "DwEB/wQFAwMHBAAwHQYDVR0OBBYEFGTWojUUrKbS/Uid9S3hPxmgKeaxMAsGCSqG\n" |
68 | "SIb3DQEBBQOCAQEAWP1f/sfNsvA/oz7OJSBCsQxAnjrKMIXgbVnop+4bEWPxk4e9\n" | 68 | "SIb3DQEBBQOCAQEAWP1f/sfNsvA/oz7OJSBCsQxAnjrKMIXgbVnop+4bEWPxk4e9\n" |
69 | "TETSk5MMXt2BfaCtaLZw19Zbqlh4ZFuVw+QC1GTa0xlagHiRgXU2DOvPT5+y+XUR\n" | 69 | "TETSk5MMXt2BfaCtaLZw19Zbqlh4ZFuVw+QC1GTa0xlagHiRgXU2DOvPT5+y+XUR\n" |
70 | "TSy0Pqou7spgEkLcFxlXYlx3tpDu+Awmx9DBGHMCysVynnEzeBYW4woCfBG2UiVA\n" | 70 | "TSy0Pqou7spgEkLcFxlXYlx3tpDu+Awmx9DBGHMCysVynnEzeBYW4woCfBG2UiVA\n" |
71 | "iHVz6jBc4bBkylKVkA42GiroExuPc+W9qtHGuVX045R7gz78KK0CMIObdySbogBe\n" | 71 | "iHVz6jBc4bBkylKVkA42GiroExuPc+W9qtHGuVX045R7gz78KK0CMIObdySbogBe\n" |
72 | "gYZUbyVvPVHINEc929PoV12dHP7wrKnqPbiwb+h1SHui8bVinE+1JY3mRB1VGVTa\n" | 72 | "gYZUbyVvPVHINEc929PoV12dHP7wrKnqPbiwb+h1SHui8bVinE+1JY3mRB1VGVTa\n" |
73 | "rgvlVGs2S+Zq48XMs4aeLgHkGWFAIXbpX34HSw==\n" | 73 | "rgvlVGs2S+Zq48XMs4aeLgHkGWFAIXbpX34HSw==\n" "-----END CERTIFICATE-----\n"; |
74 | "-----END CERTIFICATE-----\n"; | ||
75 | 74 | ||
76 | /* test server CA signed certificates */ | 75 | /* test server CA signed certificates */ |
77 | const char srv_signed_cert_pem[] = | 76 | const char srv_signed_cert_pem[] = |
78 | "-----BEGIN CERTIFICATE-----\n" | 77 | "-----BEGIN CERTIFICATE-----\n" |
79 | "MIIDBDCCAe6gAwIBAgIESJ2sXzALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" | 78 | "MIIDBDCCAe6gAwIBAgIESJ2sXzALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" |
80 | "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAzMloXDTA5MDgwOTE0NDAzNVowADCCAR8w\n" | 79 | "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAzMloXDTA5MDgwOTE0NDAzNVowADCCAR8w\n" |
81 | "CwYJKoZIhvcNAQEBA4IBDgAwggEJAoIBAOb6G6WJrrNC48NSh5i4eT7J1BCqlMB4\n" | 80 | "CwYJKoZIhvcNAQEBA4IBDgAwggEJAoIBAOb6G6WJrrNC48NSh5i4eT7J1BCqlMB4\n" |
82 | "e0No+td/PQf+sPywbQToYGiPfOFfMyge1G6SyRpXavKbPwuw1BN183WoYzID5mtz\n" | 81 | "e0No+td/PQf+sPywbQToYGiPfOFfMyge1G6SyRpXavKbPwuw1BN183WoYzID5mtz\n" |
83 | "shAOl/JRhdusScFijS3pITiNK4G5NLToCP4KZhqguqHUzEdanifSb/D4x54Rq/Tc\n" | 82 | "shAOl/JRhdusScFijS3pITiNK4G5NLToCP4KZhqguqHUzEdanifSb/D4x54Rq/Tc\n" |
84 | "A7oHGp0wjdWC/AMtGWv6v55xMe00ALZ1zDxCOi8nri9W7mLy+hyduETCq+1Y7uHl\n" | 83 | "A7oHGp0wjdWC/AMtGWv6v55xMe00ALZ1zDxCOi8nri9W7mLy+hyduETCq+1Y7uHl\n" |
85 | "mqbAk8D7ruu0JtNU2N8WuJJcAtxgZhCCfIHTgAUWqepeRBM8cy8uu0tywgxcJiyt\n" | 84 | "mqbAk8D7ruu0JtNU2N8WuJJcAtxgZhCCfIHTgAUWqepeRBM8cy8uu0tywgxcJiyt\n" |
86 | "Uu1wXQHnnpWrr/9r6IfhjFpc9pr5giHBeM4KdlU49UsYgaS1tAZsDJcCAwEAAaN2\n" | 85 | "Uu1wXQHnnpWrr/9r6IfhjFpc9pr5giHBeM4KdlU49UsYgaS1tAZsDJcCAwEAAaN2\n" |
87 | "MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8E\n" | 86 | "MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8E\n" |
88 | "BQMDB6AAMB0GA1UdDgQWBBSxP229okDqlKyMCyg0cnzbf+eb4DAfBgNVHSMEGDAW\n" | 87 | "BQMDB6AAMB0GA1UdDgQWBBSxP229okDqlKyMCyg0cnzbf+eb4DAfBgNVHSMEGDAW\n" |
89 | "gBRk1qI1FKym0v1InfUt4T8ZoCnmsTALBgkqhkiG9w0BAQUDggEBAEabY4FLsFQr\n" | 88 | "gBRk1qI1FKym0v1InfUt4T8ZoCnmsTALBgkqhkiG9w0BAQUDggEBAEabY4FLsFQr\n" |
90 | "PACNe3p5tU3hWvvQ9S1pRlfnc/z1o+k9NDWTHlNjXfVTl6/6cIKHA+r8SvRks27+\n" | 89 | "PACNe3p5tU3hWvvQ9S1pRlfnc/z1o+k9NDWTHlNjXfVTl6/6cIKHA+r8SvRks27+\n" |
91 | "lScfxFkiCi22YC7uPbn8fW1nWcsqEkK4e0TDekSUi1o6SDx6cU07kMpx3iKvpLs3\n" | 90 | "lScfxFkiCi22YC7uPbn8fW1nWcsqEkK4e0TDekSUi1o6SDx6cU07kMpx3iKvpLs3\n" |
92 | "5QiCFjivMjrY8pEFJIke/ucI8QuLVZLLUSdTHb9Ck128PtPKA4y2uZA/MmYS/OtR\n" | 91 | "5QiCFjivMjrY8pEFJIke/ucI8QuLVZLLUSdTHb9Ck128PtPKA4y2uZA/MmYS/OtR\n" |
93 | "/UZN67pJ+BqcQBE5vNolWQTM+NxfMzb48IV9q32HRT4HErvUjLIWV0nwwedUSdDG\n" | 92 | "/UZN67pJ+BqcQBE5vNolWQTM+NxfMzb48IV9q32HRT4HErvUjLIWV0nwwedUSdDG\n" |
94 | "63tr9jp0GF6b5Eum0MTVV/zbBxfyRFg+Q8xRn70zJlB/W7byaFq/95Rpfqjdnta2\n" | 93 | "63tr9jp0GF6b5Eum0MTVV/zbBxfyRFg+Q8xRn70zJlB/W7byaFq/95Rpfqjdnta2\n" |
95 | "aO/omlvGHrI=\n" | 94 | "aO/omlvGHrI=\n" "-----END CERTIFICATE-----\n"; |
96 | "-----END CERTIFICATE-----\n"; | ||
97 | 95 | ||
98 | /* test server key */ | 96 | /* test server key */ |
99 | const char srv_signed_key_pem[] = | 97 | const char srv_signed_key_pem[] = |
100 | "-----BEGIN RSA PRIVATE KEY-----\n" | 98 | "-----BEGIN RSA PRIVATE KEY-----\n" |
101 | "MIIEowIBAAKCAQEA5vobpYmus0Ljw1KHmLh5PsnUEKqUwHh7Q2j61389B/6w/LBt\n" | 99 | "MIIEowIBAAKCAQEA5vobpYmus0Ljw1KHmLh5PsnUEKqUwHh7Q2j61389B/6w/LBt\n" |
102 | "BOhgaI984V8zKB7UbpLJGldq8ps/C7DUE3XzdahjMgPma3OyEA6X8lGF26xJwWKN\n" | 100 | "BOhgaI984V8zKB7UbpLJGldq8ps/C7DUE3XzdahjMgPma3OyEA6X8lGF26xJwWKN\n" |
103 | "LekhOI0rgbk0tOgI/gpmGqC6odTMR1qeJ9Jv8PjHnhGr9NwDugcanTCN1YL8Ay0Z\n" | 101 | "LekhOI0rgbk0tOgI/gpmGqC6odTMR1qeJ9Jv8PjHnhGr9NwDugcanTCN1YL8Ay0Z\n" |
104 | "a/q/nnEx7TQAtnXMPEI6LyeuL1buYvL6HJ24RMKr7Vju4eWapsCTwPuu67Qm01TY\n" | 102 | "a/q/nnEx7TQAtnXMPEI6LyeuL1buYvL6HJ24RMKr7Vju4eWapsCTwPuu67Qm01TY\n" |
105 | "3xa4klwC3GBmEIJ8gdOABRap6l5EEzxzLy67S3LCDFwmLK1S7XBdAeeelauv/2vo\n" | 103 | "3xa4klwC3GBmEIJ8gdOABRap6l5EEzxzLy67S3LCDFwmLK1S7XBdAeeelauv/2vo\n" |
106 | "h+GMWlz2mvmCIcF4zgp2VTj1SxiBpLW0BmwMlwIDAQABAoIBACJGvGKQ74V3qDAc\n" | 104 | "h+GMWlz2mvmCIcF4zgp2VTj1SxiBpLW0BmwMlwIDAQABAoIBACJGvGKQ74V3qDAc\n" |
107 | "p7WwroF0Vw2QGtoDJxumUQ84uRheIeqlzc/cIi5yGLCjPYa3KIQuMTzA+0R8aFs2\n" | 105 | "p7WwroF0Vw2QGtoDJxumUQ84uRheIeqlzc/cIi5yGLCjPYa3KIQuMTzA+0R8aFs2\n" |
108 | "RwqKRvJPZkUOUhvhA+whFkhl86zZQOq7UsMc5Qqs3Gd4UguEoYz9gxBxiLCqURRH\n" | 106 | "RwqKRvJPZkUOUhvhA+whFkhl86zZQOq7UsMc5Qqs3Gd4UguEoYz9gxBxiLCqURRH\n" |
109 | "rM+xCV6jtI/PBIsmOUFae4cXJP0pljUXyYmwwb/WrsvnJXf9Gz8/VLZGBMchMH7R\n" | 107 | "rM+xCV6jtI/PBIsmOUFae4cXJP0pljUXyYmwwb/WrsvnJXf9Gz8/VLZGBMchMH7R\n" |
110 | "MwD7xdwc/ht2XfZ0TuDntpJDtj0JrW9i/Cxt8PnNhQjgLsAe+oUUZt7Bo+vXBxhu\n" | 108 | "MwD7xdwc/ht2XfZ0TuDntpJDtj0JrW9i/Cxt8PnNhQjgLsAe+oUUZt7Bo+vXBxhu\n" |
111 | "JPKj6BHcj768l+gDn5zzaXKq0eF7mMXc7fgAp0u8lJkC0LxLq/WmIfqw4Z4mEjkX\n" | 109 | "JPKj6BHcj768l+gDn5zzaXKq0eF7mMXc7fgAp0u8lJkC0LxLq/WmIfqw4Z4mEjkX\n" |
112 | "DremIoUCgYEA53vX9Hd8V85hCfeaTDf3B5q6g9kIliR+Y2tX2aSqN06df9J/KOdL\n" | 110 | "DremIoUCgYEA53vX9Hd8V85hCfeaTDf3B5q6g9kIliR+Y2tX2aSqN06df9J/KOdL\n" |
113 | "G/lEQn4rsOOtOwyTU2luPmcr0XgbXA1T1kj56+UZrxtRducsdsVbVixzD2KswtJO\n" | 111 | "G/lEQn4rsOOtOwyTU2luPmcr0XgbXA1T1kj56+UZrxtRducsdsVbVixzD2KswtJO\n" |
114 | "wUH6XAJNdpI++64TuZadnKAaKiqim7CPzQYrBXYKKRFGSDd50urkTRMCgYEA/3CG\n" | 112 | "wUH6XAJNdpI++64TuZadnKAaKiqim7CPzQYrBXYKKRFGSDd50urkTRMCgYEA/3CG\n" |
115 | "NMaG3qtzQceQUw7BBAhey387MR+1FUQHQ7xoq2jc3yAx4H2NEyGa6wL5CtFKn5In\n" | 113 | "NMaG3qtzQceQUw7BBAhey387MR+1FUQHQ7xoq2jc3yAx4H2NEyGa6wL5CtFKn5In\n" |
116 | "BP6f30sk2ilXRv5pbIIiS8Xzngxy3m17GH33YrSc3ff/u+LWgR/EOVpa9F+sMAjp\n" | 114 | "BP6f30sk2ilXRv5pbIIiS8Xzngxy3m17GH33YrSc3ff/u+LWgR/EOVpa9F+sMAjp\n" |
117 | "ohDgI8iH8GtahrRA0BxQKfNIo2zUTqNwFP88xu0CgYADOY1zoWqBCqX9bo6euzTc\n" | 115 | "ohDgI8iH8GtahrRA0BxQKfNIo2zUTqNwFP88xu0CgYADOY1zoWqBCqX9bo6euzTc\n" |
118 | "zUIF7jMZbF66Yddyd8HLTXQSQMt2tWotdJaH2pwfNbzHEtDGm7RmeCd7HpI7ARCG\n" | 116 | "zUIF7jMZbF66Yddyd8HLTXQSQMt2tWotdJaH2pwfNbzHEtDGm7RmeCd7HpI7ARCG\n" |
119 | "7rNUnvdxog7LekL7UJqKI8pij3xapnVkadfkCkAsA7OO7AjoT/nYIb7bkYZ8ZsRK\n" | 117 | "7rNUnvdxog7LekL7UJqKI8pij3xapnVkadfkCkAsA7OO7AjoT/nYIb7bkYZ8ZsRK\n" |
120 | "FejphZB0rAHvpZ4z2wPdMwKBgQCfkr70RzVH81lcNXwutt/TUhtOCxyCMqmgMFBN\n" | 118 | "FejphZB0rAHvpZ4z2wPdMwKBgQCfkr70RzVH81lcNXwutt/TUhtOCxyCMqmgMFBN\n" |
121 | "e2zz791TMjyWXjh8RBkQSVok7NwuVVI055AeIUZTV1IjkplvZNhh97aZ/HLiCwjE\n" | 119 | "e2zz791TMjyWXjh8RBkQSVok7NwuVVI055AeIUZTV1IjkplvZNhh97aZ/HLiCwjE\n" |
122 | "IyUhL21zqRLEYA/auGqP3adGVGIv29GAIgSztfleMuJplj+LArT9j/LHzRvQSH+j\n" | 120 | "IyUhL21zqRLEYA/auGqP3adGVGIv29GAIgSztfleMuJplj+LArT9j/LHzRvQSH+j\n" |
123 | "TlO8fQKBgE5og4pTfPrD0A7W/Li1HDGf8Ylb+DZlxoyMriW82Z/zCBvYvn1UvQRi\n" | 121 | "TlO8fQKBgE5og4pTfPrD0A7W/Li1HDGf8Ylb+DZlxoyMriW82Z/zCBvYvn1UvQRi\n" |
124 | "b8f3IQFXuXdf3Bx4C91kQJPovxDp14FOHJxO7F32fGMnJaU2kyp4sf4WAJZZOLnd\n" | 122 | "b8f3IQFXuXdf3Bx4C91kQJPovxDp14FOHJxO7F32fGMnJaU2kyp4sf4WAJZZOLnd\n" |
125 | "l64hMUsgYPI8qfsanAudD4gTAsLEP+ueWqkcb3SJNLSoQAtcGzYs\n" | 123 | "l64hMUsgYPI8qfsanAudD4gTAsLEP+ueWqkcb3SJNLSoQAtcGzYs\n" |
126 | "-----END RSA PRIVATE KEY-----\n"; | 124 | "-----END RSA PRIVATE KEY-----\n"; |
127 | 125 | ||
128 | /* test server self signed certificates */ | 126 | /* test server self signed certificates */ |
129 | const char srv_self_signed_cert_pem[] = | 127 | const char srv_self_signed_cert_pem[] = |