diff options
Diffstat (limited to 'src/daemon/https/tls/gnutls_sig.c')
-rw-r--r-- | src/daemon/https/tls/gnutls_sig.c | 58 |
1 files changed, 33 insertions, 25 deletions
diff --git a/src/daemon/https/tls/gnutls_sig.c b/src/daemon/https/tls/gnutls_sig.c index 0309e588..fcd756b5 100644 --- a/src/daemon/https/tls/gnutls_sig.c +++ b/src/daemon/https/tls/gnutls_sig.c | |||
@@ -38,10 +38,10 @@ | |||
38 | #include <gnutls_kx.h> | 38 | #include <gnutls_kx.h> |
39 | 39 | ||
40 | static int MHD__gnutls_tls_sign (MHD_gtls_session_t session, | 40 | static int MHD__gnutls_tls_sign (MHD_gtls_session_t session, |
41 | MHD_gnutls_cert * cert, | 41 | MHD_gnutls_cert * cert, |
42 | MHD_gnutls_privkey * pkey, | 42 | MHD_gnutls_privkey * pkey, |
43 | const MHD_gnutls_datum_t * hash_concat, | 43 | const MHD_gnutls_datum_t * hash_concat, |
44 | MHD_gnutls_datum_t * signature); | 44 | MHD_gnutls_datum_t * signature); |
45 | 45 | ||
46 | /* Generates a signature of all the previous sent packets in the | 46 | /* Generates a signature of all the previous sent packets in the |
47 | * handshake procedure. (20040227: now it works for SSL 3.0 as well) | 47 | * handshake procedure. (20040227: now it works for SSL 3.0 as well) |
@@ -49,7 +49,8 @@ static int MHD__gnutls_tls_sign (MHD_gtls_session_t session, | |||
49 | int | 49 | int |
50 | MHD_gtls_tls_sign_hdata (MHD_gtls_session_t session, | 50 | MHD_gtls_tls_sign_hdata (MHD_gtls_session_t session, |
51 | MHD_gnutls_cert * cert, | 51 | MHD_gnutls_cert * cert, |
52 | MHD_gnutls_privkey * pkey, MHD_gnutls_datum_t * signature) | 52 | MHD_gnutls_privkey * pkey, |
53 | MHD_gnutls_datum_t * signature) | ||
53 | { | 54 | { |
54 | MHD_gnutls_datum_t dconcat; | 55 | MHD_gnutls_datum_t dconcat; |
55 | int ret; | 56 | int ret; |
@@ -75,8 +76,9 @@ MHD_gtls_tls_sign_hdata (MHD_gtls_session_t session, | |||
75 | } | 76 | } |
76 | 77 | ||
77 | MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], | 78 | MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], |
78 | session->security_parameters. | 79 | session-> |
79 | master_secret, TLS_MASTER_SIZE); | 80 | security_parameters.master_secret, |
81 | TLS_MASTER_SIZE); | ||
80 | } | 82 | } |
81 | else | 83 | else |
82 | MHD_gnutls_hash_deinit (td_sha, &concat[16]); | 84 | MHD_gnutls_hash_deinit (td_sha, &concat[16]); |
@@ -94,8 +96,9 @@ MHD_gtls_tls_sign_hdata (MHD_gtls_session_t session, | |||
94 | 96 | ||
95 | if (ver == MHD_GNUTLS_PROTOCOL_SSL3) | 97 | if (ver == MHD_GNUTLS_PROTOCOL_SSL3) |
96 | MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, | 98 | MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, |
97 | session->security_parameters. | 99 | session-> |
98 | master_secret, TLS_MASTER_SIZE); | 100 | security_parameters.master_secret, |
101 | TLS_MASTER_SIZE); | ||
99 | else | 102 | else |
100 | MHD_gnutls_hash_deinit (td_md5, concat); | 103 | MHD_gnutls_hash_deinit (td_md5, concat); |
101 | 104 | ||
@@ -122,7 +125,8 @@ int | |||
122 | MHD_gtls_tls_sign_params (MHD_gtls_session_t session, | 125 | MHD_gtls_tls_sign_params (MHD_gtls_session_t session, |
123 | MHD_gnutls_cert * cert, | 126 | MHD_gnutls_cert * cert, |
124 | MHD_gnutls_privkey * pkey, | 127 | MHD_gnutls_privkey * pkey, |
125 | MHD_gnutls_datum_t * params, MHD_gnutls_datum_t * signature) | 128 | MHD_gnutls_datum_t * params, |
129 | MHD_gnutls_datum_t * signature) | ||
126 | { | 130 | { |
127 | MHD_gnutls_datum_t dconcat; | 131 | MHD_gnutls_datum_t dconcat; |
128 | int ret; | 132 | int ret; |
@@ -207,7 +211,8 @@ int | |||
207 | MHD_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, | 211 | MHD_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, |
208 | mpi_t * params, | 212 | mpi_t * params, |
209 | int params_size, | 213 | int params_size, |
210 | const MHD_gnutls_datum_t * data, MHD_gnutls_datum_t * signature) | 214 | const MHD_gnutls_datum_t * data, |
215 | MHD_gnutls_datum_t * signature) | ||
211 | { | 216 | { |
212 | int ret; | 217 | int ret; |
213 | 218 | ||
@@ -239,10 +244,10 @@ MHD_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, | |||
239 | */ | 244 | */ |
240 | static int | 245 | static int |
241 | MHD__gnutls_tls_sign (MHD_gtls_session_t session, | 246 | MHD__gnutls_tls_sign (MHD_gtls_session_t session, |
242 | MHD_gnutls_cert * cert, | 247 | MHD_gnutls_cert * cert, |
243 | MHD_gnutls_privkey * pkey, | 248 | MHD_gnutls_privkey * pkey, |
244 | const MHD_gnutls_datum_t * hash_concat, | 249 | const MHD_gnutls_datum_t * hash_concat, |
245 | MHD_gnutls_datum_t * signature) | 250 | MHD_gnutls_datum_t * signature) |
246 | { | 251 | { |
247 | 252 | ||
248 | /* If our certificate supports signing | 253 | /* If our certificate supports signing |
@@ -263,8 +268,8 @@ MHD__gnutls_tls_sign (MHD_gtls_session_t session, | |||
263 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | 268 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; |
264 | 269 | ||
265 | return (*session->internals.sign_func) (session, | 270 | return (*session->internals.sign_func) (session, |
266 | session->internals. | 271 | session-> |
267 | sign_func_userdata, | 272 | internals.sign_func_userdata, |
268 | cert->cert_type, &cert->raw, | 273 | cert->cert_type, &cert->raw, |
269 | hash_concat, signature); | 274 | hash_concat, signature); |
270 | } | 275 | } |
@@ -275,13 +280,13 @@ MHD__gnutls_tls_sign (MHD_gtls_session_t session, | |||
275 | 280 | ||
276 | static int | 281 | static int |
277 | MHD__gnutls_verify_sig (MHD_gnutls_cert * cert, | 282 | MHD__gnutls_verify_sig (MHD_gnutls_cert * cert, |
278 | const MHD_gnutls_datum_t * hash_concat, | 283 | const MHD_gnutls_datum_t * hash_concat, |
279 | MHD_gnutls_datum_t * signature, size_t sha1pos) | 284 | MHD_gnutls_datum_t * signature, size_t sha1pos) |
280 | { | 285 | { |
281 | int ret; | 286 | int ret; |
282 | MHD_gnutls_datum_t vdata; | 287 | MHD_gnutls_datum_t vdata; |
283 | 288 | ||
284 | if ( (cert == NULL) || (cert->version == 0) ) | 289 | if ((cert == NULL) || (cert->version == 0)) |
285 | { /* this is the only way to check | 290 | { /* this is the only way to check |
286 | * if it is initialized | 291 | * if it is initialized |
287 | */ | 292 | */ |
@@ -328,7 +333,8 @@ MHD__gnutls_verify_sig (MHD_gnutls_cert * cert, | |||
328 | */ | 333 | */ |
329 | int | 334 | int |
330 | MHD_gtls_verify_sig_hdata (MHD_gtls_session_t session, | 335 | MHD_gtls_verify_sig_hdata (MHD_gtls_session_t session, |
331 | MHD_gnutls_cert * cert, MHD_gnutls_datum_t * signature) | 336 | MHD_gnutls_cert * cert, |
337 | MHD_gnutls_datum_t * signature) | ||
332 | { | 338 | { |
333 | int ret; | 339 | int ret; |
334 | opaque concat[36]; | 340 | opaque concat[36]; |
@@ -362,11 +368,13 @@ MHD_gtls_verify_sig_hdata (MHD_gtls_session_t session, | |||
362 | } | 368 | } |
363 | 369 | ||
364 | MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, | 370 | MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, |
365 | session->security_parameters. | 371 | session-> |
366 | master_secret, TLS_MASTER_SIZE); | 372 | security_parameters.master_secret, |
373 | TLS_MASTER_SIZE); | ||
367 | MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], | 374 | MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], |
368 | session->security_parameters. | 375 | session-> |
369 | master_secret, TLS_MASTER_SIZE); | 376 | security_parameters.master_secret, |
377 | TLS_MASTER_SIZE); | ||
370 | } | 378 | } |
371 | else | 379 | else |
372 | { | 380 | { |