diff options
Diffstat (limited to 'src/daemon/https/tls/gnutls_sig.c')
| -rw-r--r-- | src/daemon/https/tls/gnutls_sig.c | 58 |
1 files changed, 33 insertions, 25 deletions
diff --git a/src/daemon/https/tls/gnutls_sig.c b/src/daemon/https/tls/gnutls_sig.c index 0309e588..fcd756b5 100644 --- a/src/daemon/https/tls/gnutls_sig.c +++ b/src/daemon/https/tls/gnutls_sig.c | |||
| @@ -38,10 +38,10 @@ | |||
| 38 | #include <gnutls_kx.h> | 38 | #include <gnutls_kx.h> |
| 39 | 39 | ||
| 40 | static int MHD__gnutls_tls_sign (MHD_gtls_session_t session, | 40 | static int MHD__gnutls_tls_sign (MHD_gtls_session_t session, |
| 41 | MHD_gnutls_cert * cert, | 41 | MHD_gnutls_cert * cert, |
| 42 | MHD_gnutls_privkey * pkey, | 42 | MHD_gnutls_privkey * pkey, |
| 43 | const MHD_gnutls_datum_t * hash_concat, | 43 | const MHD_gnutls_datum_t * hash_concat, |
| 44 | MHD_gnutls_datum_t * signature); | 44 | MHD_gnutls_datum_t * signature); |
| 45 | 45 | ||
| 46 | /* Generates a signature of all the previous sent packets in the | 46 | /* Generates a signature of all the previous sent packets in the |
| 47 | * handshake procedure. (20040227: now it works for SSL 3.0 as well) | 47 | * handshake procedure. (20040227: now it works for SSL 3.0 as well) |
| @@ -49,7 +49,8 @@ static int MHD__gnutls_tls_sign (MHD_gtls_session_t session, | |||
| 49 | int | 49 | int |
| 50 | MHD_gtls_tls_sign_hdata (MHD_gtls_session_t session, | 50 | MHD_gtls_tls_sign_hdata (MHD_gtls_session_t session, |
| 51 | MHD_gnutls_cert * cert, | 51 | MHD_gnutls_cert * cert, |
| 52 | MHD_gnutls_privkey * pkey, MHD_gnutls_datum_t * signature) | 52 | MHD_gnutls_privkey * pkey, |
| 53 | MHD_gnutls_datum_t * signature) | ||
| 53 | { | 54 | { |
| 54 | MHD_gnutls_datum_t dconcat; | 55 | MHD_gnutls_datum_t dconcat; |
| 55 | int ret; | 56 | int ret; |
| @@ -75,8 +76,9 @@ MHD_gtls_tls_sign_hdata (MHD_gtls_session_t session, | |||
| 75 | } | 76 | } |
| 76 | 77 | ||
| 77 | MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], | 78 | MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], |
| 78 | session->security_parameters. | 79 | session-> |
| 79 | master_secret, TLS_MASTER_SIZE); | 80 | security_parameters.master_secret, |
| 81 | TLS_MASTER_SIZE); | ||
| 80 | } | 82 | } |
| 81 | else | 83 | else |
| 82 | MHD_gnutls_hash_deinit (td_sha, &concat[16]); | 84 | MHD_gnutls_hash_deinit (td_sha, &concat[16]); |
| @@ -94,8 +96,9 @@ MHD_gtls_tls_sign_hdata (MHD_gtls_session_t session, | |||
| 94 | 96 | ||
| 95 | if (ver == MHD_GNUTLS_PROTOCOL_SSL3) | 97 | if (ver == MHD_GNUTLS_PROTOCOL_SSL3) |
| 96 | MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, | 98 | MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, |
| 97 | session->security_parameters. | 99 | session-> |
| 98 | master_secret, TLS_MASTER_SIZE); | 100 | security_parameters.master_secret, |
| 101 | TLS_MASTER_SIZE); | ||
| 99 | else | 102 | else |
| 100 | MHD_gnutls_hash_deinit (td_md5, concat); | 103 | MHD_gnutls_hash_deinit (td_md5, concat); |
| 101 | 104 | ||
| @@ -122,7 +125,8 @@ int | |||
| 122 | MHD_gtls_tls_sign_params (MHD_gtls_session_t session, | 125 | MHD_gtls_tls_sign_params (MHD_gtls_session_t session, |
| 123 | MHD_gnutls_cert * cert, | 126 | MHD_gnutls_cert * cert, |
| 124 | MHD_gnutls_privkey * pkey, | 127 | MHD_gnutls_privkey * pkey, |
| 125 | MHD_gnutls_datum_t * params, MHD_gnutls_datum_t * signature) | 128 | MHD_gnutls_datum_t * params, |
| 129 | MHD_gnutls_datum_t * signature) | ||
| 126 | { | 130 | { |
| 127 | MHD_gnutls_datum_t dconcat; | 131 | MHD_gnutls_datum_t dconcat; |
| 128 | int ret; | 132 | int ret; |
| @@ -207,7 +211,8 @@ int | |||
| 207 | MHD_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, | 211 | MHD_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, |
| 208 | mpi_t * params, | 212 | mpi_t * params, |
| 209 | int params_size, | 213 | int params_size, |
| 210 | const MHD_gnutls_datum_t * data, MHD_gnutls_datum_t * signature) | 214 | const MHD_gnutls_datum_t * data, |
| 215 | MHD_gnutls_datum_t * signature) | ||
| 211 | { | 216 | { |
| 212 | int ret; | 217 | int ret; |
| 213 | 218 | ||
| @@ -239,10 +244,10 @@ MHD_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, | |||
| 239 | */ | 244 | */ |
| 240 | static int | 245 | static int |
| 241 | MHD__gnutls_tls_sign (MHD_gtls_session_t session, | 246 | MHD__gnutls_tls_sign (MHD_gtls_session_t session, |
| 242 | MHD_gnutls_cert * cert, | 247 | MHD_gnutls_cert * cert, |
| 243 | MHD_gnutls_privkey * pkey, | 248 | MHD_gnutls_privkey * pkey, |
| 244 | const MHD_gnutls_datum_t * hash_concat, | 249 | const MHD_gnutls_datum_t * hash_concat, |
| 245 | MHD_gnutls_datum_t * signature) | 250 | MHD_gnutls_datum_t * signature) |
| 246 | { | 251 | { |
| 247 | 252 | ||
| 248 | /* If our certificate supports signing | 253 | /* If our certificate supports signing |
| @@ -263,8 +268,8 @@ MHD__gnutls_tls_sign (MHD_gtls_session_t session, | |||
| 263 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | 268 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; |
| 264 | 269 | ||
| 265 | return (*session->internals.sign_func) (session, | 270 | return (*session->internals.sign_func) (session, |
| 266 | session->internals. | 271 | session-> |
| 267 | sign_func_userdata, | 272 | internals.sign_func_userdata, |
| 268 | cert->cert_type, &cert->raw, | 273 | cert->cert_type, &cert->raw, |
| 269 | hash_concat, signature); | 274 | hash_concat, signature); |
| 270 | } | 275 | } |
| @@ -275,13 +280,13 @@ MHD__gnutls_tls_sign (MHD_gtls_session_t session, | |||
| 275 | 280 | ||
| 276 | static int | 281 | static int |
| 277 | MHD__gnutls_verify_sig (MHD_gnutls_cert * cert, | 282 | MHD__gnutls_verify_sig (MHD_gnutls_cert * cert, |
| 278 | const MHD_gnutls_datum_t * hash_concat, | 283 | const MHD_gnutls_datum_t * hash_concat, |
| 279 | MHD_gnutls_datum_t * signature, size_t sha1pos) | 284 | MHD_gnutls_datum_t * signature, size_t sha1pos) |
| 280 | { | 285 | { |
| 281 | int ret; | 286 | int ret; |
| 282 | MHD_gnutls_datum_t vdata; | 287 | MHD_gnutls_datum_t vdata; |
| 283 | 288 | ||
| 284 | if ( (cert == NULL) || (cert->version == 0) ) | 289 | if ((cert == NULL) || (cert->version == 0)) |
| 285 | { /* this is the only way to check | 290 | { /* this is the only way to check |
| 286 | * if it is initialized | 291 | * if it is initialized |
| 287 | */ | 292 | */ |
| @@ -328,7 +333,8 @@ MHD__gnutls_verify_sig (MHD_gnutls_cert * cert, | |||
| 328 | */ | 333 | */ |
| 329 | int | 334 | int |
| 330 | MHD_gtls_verify_sig_hdata (MHD_gtls_session_t session, | 335 | MHD_gtls_verify_sig_hdata (MHD_gtls_session_t session, |
| 331 | MHD_gnutls_cert * cert, MHD_gnutls_datum_t * signature) | 336 | MHD_gnutls_cert * cert, |
| 337 | MHD_gnutls_datum_t * signature) | ||
| 332 | { | 338 | { |
| 333 | int ret; | 339 | int ret; |
| 334 | opaque concat[36]; | 340 | opaque concat[36]; |
| @@ -362,11 +368,13 @@ MHD_gtls_verify_sig_hdata (MHD_gtls_session_t session, | |||
| 362 | } | 368 | } |
| 363 | 369 | ||
| 364 | MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, | 370 | MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, |
| 365 | session->security_parameters. | 371 | session-> |
| 366 | master_secret, TLS_MASTER_SIZE); | 372 | security_parameters.master_secret, |
| 373 | TLS_MASTER_SIZE); | ||
| 367 | MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], | 374 | MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], |
| 368 | session->security_parameters. | 375 | session-> |
| 369 | master_secret, TLS_MASTER_SIZE); | 376 | security_parameters.master_secret, |
| 377 | TLS_MASTER_SIZE); | ||
| 370 | } | 378 | } |
| 371 | else | 379 | else |
| 372 | { | 380 | { |