diff options
Diffstat (limited to 'src/daemon/https')
-rw-r--r-- | src/daemon/https/errcodes.c | 41 | ||||
-rw-r--r-- | src/daemon/https/includes/gnutls.h | 6 | ||||
-rw-r--r-- | src/daemon/https/tls/auth_dh_common.c | 48 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_algorithms.c | 44 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_global.c | 161 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_int.h | 17 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_priority.c | 48 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_session_pack.c | 17 |
8 files changed, 122 insertions, 260 deletions
diff --git a/src/daemon/https/errcodes.c b/src/daemon/https/errcodes.c index 96d04240..0177eccc 100644 --- a/src/daemon/https/errcodes.c +++ b/src/daemon/https/errcodes.c | |||
@@ -15,7 +15,6 @@ typedef struct | |||
15 | int error_index; | 15 | int error_index; |
16 | } error_name; | 16 | } error_name; |
17 | 17 | ||
18 | |||
19 | static int | 18 | static int |
20 | compar (const void *_n1, const void *_n2) | 19 | compar (const void *_n1, const void *_n2) |
21 | { | 20 | { |
@@ -23,43 +22,3 @@ compar (const void *_n1, const void *_n2) | |||
23 | *n2 = (const error_name *) _n2; | 22 | *n2 = (const error_name *) _n2; |
24 | return strcmp (n1->name, n2->name); | 23 | return strcmp (n1->name, n2->name); |
25 | } | 24 | } |
26 | |||
27 | //int | ||
28 | //main (int argc, char *argv[]) | ||
29 | //{ | ||
30 | // int i, j; | ||
31 | // const char *desc; | ||
32 | // const char *_name; | ||
33 | // error_name names_to_sort[400]; /* up to 400 names */ | ||
34 | // | ||
35 | // printf ("@table @code\n"); | ||
36 | // | ||
37 | // memset (names_to_sort, 0, sizeof (names_to_sort)); | ||
38 | // j = 0; | ||
39 | // for (i = 0; i > -400; i--) | ||
40 | // { | ||
41 | // _name = _gnutls_strerror (i); | ||
42 | // if (_name == NULL) | ||
43 | // continue; | ||
44 | // | ||
45 | // strcpy (names_to_sort[j].name, _name); | ||
46 | // names_to_sort[j].error_index = i; | ||
47 | // j++; | ||
48 | // } | ||
49 | // | ||
50 | // qsort (names_to_sort, j, sizeof (error_name), compar); | ||
51 | // | ||
52 | // for (i = 0; i < j; i++) | ||
53 | // { | ||
54 | // _name = names_to_sort[i].name; | ||
55 | // desc = gnutls_strerror (names_to_sort[i].error_index); | ||
56 | // if (desc == NULL || _name == NULL) | ||
57 | // continue; | ||
58 | // | ||
59 | // printf ("@item %s:\n%s\n\n", _name, desc); | ||
60 | // } | ||
61 | // | ||
62 | // printf ("@end table\n"); | ||
63 | // | ||
64 | // return 0; | ||
65 | //} | ||
diff --git a/src/daemon/https/includes/gnutls.h b/src/daemon/https/includes/gnutls.h index 535e89ed..5178609b 100644 --- a/src/daemon/https/includes/gnutls.h +++ b/src/daemon/https/includes/gnutls.h | |||
@@ -93,8 +93,6 @@ extern "C" | |||
93 | GNUTLS_KX_RSA_EXPORT, | 93 | GNUTLS_KX_RSA_EXPORT, |
94 | GNUTLS_KX_SRP_RSA, | 94 | GNUTLS_KX_SRP_RSA, |
95 | GNUTLS_KX_SRP_DSS, | 95 | GNUTLS_KX_SRP_DSS, |
96 | GNUTLS_KX_PSK, | ||
97 | GNUTLS_KX_DHE_PSK | ||
98 | } gnutls_kx_algorithm_t; | 96 | } gnutls_kx_algorithm_t; |
99 | 97 | ||
100 | typedef enum | 98 | typedef enum |
@@ -318,7 +316,7 @@ extern "C" | |||
318 | typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t; /* XXX ugly. */ | 316 | typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t; /* XXX ugly. */ |
319 | 317 | ||
320 | struct gnutls_priority_st; | 318 | struct gnutls_priority_st; |
321 | typedef struct gnutls_priority_st *gnutls_priority_t; | 319 | typedef struct gnutls_priority_st * gnutls_priority_t; |
322 | 320 | ||
323 | typedef struct | 321 | typedef struct |
324 | { | 322 | { |
@@ -508,7 +506,7 @@ extern "C" | |||
508 | 506 | ||
509 | /* if you just want some defaults, use the following. | 507 | /* if you just want some defaults, use the following. |
510 | */ | 508 | */ |
511 | int gnutls_priority_init( gnutls_priority_t*, const char *priority, const char** err_pos); | 509 | int gnutls_priority_init( gnutls_priority_t * , const char *priority, const char** err_pos); |
512 | void gnutls_priority_deinit( gnutls_priority_t); | 510 | void gnutls_priority_deinit( gnutls_priority_t); |
513 | 511 | ||
514 | int gnutls_priority_set(gnutls_session_t session, gnutls_priority_t); | 512 | int gnutls_priority_set(gnutls_session_t session, gnutls_priority_t); |
diff --git a/src/daemon/https/tls/auth_dh_common.c b/src/daemon/https/tls/auth_dh_common.c index f1b82bf9..f6354cb6 100644 --- a/src/daemon/https/tls/auth_dh_common.c +++ b/src/daemon/https/tls/auth_dh_common.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | /* This file contains common stuff in Ephemeral Diffie Hellman (DHE) and | 25 | /* This file contains common stuff in Ephemeral Diffie Hellman (DHE) and |
26 | * Anonymous DH key exchange(DHA). These are used in the handshake procedure | 26 | * Anonymous DH key exchange(DHA). These are used in the handshake procedure |
27 | * of the certificate and anoymous authentication. | 27 | * of the certificate and anoymous authentication. |
28 | */ | 28 | */ |
29 | 29 | ||
@@ -86,29 +86,7 @@ _gnutls_proc_dh_common_client_kx (gnutls_session_t session, | |||
86 | _gnutls_mpi_release (&session->key->client_Y); | 86 | _gnutls_mpi_release (&session->key->client_Y); |
87 | _gnutls_mpi_release (&session->key->dh_secret); | 87 | _gnutls_mpi_release (&session->key->dh_secret); |
88 | 88 | ||
89 | 89 | ret = _gnutls_mpi_dprint (&session->key->key, session->key->KEY); | |
90 | if (_gnutls_cipher_suite_get_kx_algo | ||
91 | (&session->security_parameters.current_cipher_suite) | ||
92 | != GNUTLS_KX_DHE_PSK) | ||
93 | { | ||
94 | ret = _gnutls_mpi_dprint (&session->key->key, session->key->KEY); | ||
95 | } | ||
96 | /* In DHE_PSK the key is set differently | ||
97 | else | ||
98 | { | ||
99 | gnutls_datum_t tmp_dh_key; | ||
100 | ret = _gnutls_mpi_dprint (&tmp_dh_key, session->key->KEY); | ||
101 | if (ret < 0) | ||
102 | { | ||
103 | gnutls_assert (); | ||
104 | return ret; | ||
105 | } | ||
106 | |||
107 | ret = _gnutls_set_psk_session_key (session, &tmp_dh_key); | ||
108 | _gnutls_free_datum (&tmp_dh_key); | ||
109 | |||
110 | } | ||
111 | */ | ||
112 | 90 | ||
113 | _gnutls_mpi_release (&session->key->KEY); | 91 | _gnutls_mpi_release (&session->key->KEY); |
114 | 92 | ||
@@ -170,27 +148,7 @@ _gnutls_gen_dh_common_client_kx (gnutls_session_t session, opaque ** data) | |||
170 | _gnutls_mpi_release (&session->key->client_p); | 148 | _gnutls_mpi_release (&session->key->client_p); |
171 | _gnutls_mpi_release (&session->key->client_g); | 149 | _gnutls_mpi_release (&session->key->client_g); |
172 | 150 | ||
173 | if (_gnutls_cipher_suite_get_kx_algo | 151 | ret = _gnutls_mpi_dprint (&session->key->key, session->key->KEY); |
174 | (&session->security_parameters.current_cipher_suite) | ||
175 | != GNUTLS_KX_DHE_PSK) | ||
176 | { | ||
177 | ret = _gnutls_mpi_dprint (&session->key->key, session->key->KEY); | ||
178 | } | ||
179 | /* In DHE_PSK the key is set differently | ||
180 | else | ||
181 | { | ||
182 | gnutls_datum_t tmp_dh_key; | ||
183 | ret = _gnutls_mpi_dprint (&tmp_dh_key, session->key->KEY); | ||
184 | if (ret < 0) | ||
185 | { | ||
186 | gnutls_assert (); | ||
187 | goto error; | ||
188 | } | ||
189 | |||
190 | ret = _gnutls_set_psk_session_key (session, &tmp_dh_key); | ||
191 | _gnutls_free_datum (&tmp_dh_key); | ||
192 | |||
193 | }*/ | ||
194 | 152 | ||
195 | _gnutls_mpi_release (&session->key->KEY); | 153 | _gnutls_mpi_release (&session->key->KEY); |
196 | 154 | ||
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c index 82bf9bf6..9921d076 100644 --- a/src/daemon/https/tls/gnutls_algorithms.c +++ b/src/daemon/https/tls/gnutls_algorithms.c | |||
@@ -29,7 +29,7 @@ | |||
29 | /* x509 */ | 29 | /* x509 */ |
30 | #include "common.h" | 30 | #include "common.h" |
31 | 31 | ||
32 | /* Cred type mappings to KX algorithms | 32 | /* Cred type mappings to KX algorithms |
33 | * FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require | 33 | * FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require |
34 | * more than one credentials type. | 34 | * more than one credentials type. |
35 | */ | 35 | */ |
@@ -57,12 +57,6 @@ static const gnutls_cred_map cred_mappings[] = { | |||
57 | {GNUTLS_KX_DHE_RSA, | 57 | {GNUTLS_KX_DHE_RSA, |
58 | GNUTLS_CRD_CERTIFICATE, | 58 | GNUTLS_CRD_CERTIFICATE, |
59 | GNUTLS_CRD_CERTIFICATE}, | 59 | GNUTLS_CRD_CERTIFICATE}, |
60 | {GNUTLS_KX_PSK, | ||
61 | GNUTLS_CRD_PSK, | ||
62 | GNUTLS_CRD_PSK}, | ||
63 | {GNUTLS_KX_DHE_PSK, | ||
64 | GNUTLS_CRD_PSK, | ||
65 | GNUTLS_CRD_PSK}, | ||
66 | {GNUTLS_KX_SRP, | 60 | {GNUTLS_KX_SRP, |
67 | GNUTLS_CRD_SRP, | 61 | GNUTLS_CRD_SRP, |
68 | GNUTLS_CRD_SRP}, | 62 | GNUTLS_CRD_SRP}, |
@@ -197,7 +191,7 @@ struct gnutls_cipher_entry | |||
197 | }; | 191 | }; |
198 | typedef struct gnutls_cipher_entry gnutls_cipher_entry; | 192 | typedef struct gnutls_cipher_entry gnutls_cipher_entry; |
199 | 193 | ||
200 | /* Note that all algorithms are in CBC or STREAM modes. | 194 | /* Note that all algorithms are in CBC or STREAM modes. |
201 | * Do not add any algorithms in other modes (avoid modified algorithms). | 195 | * Do not add any algorithms in other modes (avoid modified algorithms). |
202 | * View first: "The order of encryption and authentication for | 196 | * View first: "The order of encryption and authentication for |
203 | * protecting communications" by Hugo Krawczyk - CRYPTO 2001 | 197 | * protecting communications" by Hugo Krawczyk - CRYPTO 2001 |
@@ -614,34 +608,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { | |||
614 | GNUTLS_MAC_SHA1, GNUTLS_TLS1), | 608 | GNUTLS_MAC_SHA1, GNUTLS_TLS1), |
615 | #endif | 609 | #endif |
616 | 610 | ||
617 | /* PSK */ | ||
618 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1, | ||
619 | GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK, | ||
620 | GNUTLS_MAC_SHA1, GNUTLS_TLS1), | ||
621 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1, | ||
622 | GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK, | ||
623 | GNUTLS_MAC_SHA1, GNUTLS_TLS1), | ||
624 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1, | ||
625 | GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, | ||
626 | GNUTLS_MAC_SHA1, GNUTLS_TLS1), | ||
627 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1, | ||
628 | GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK, | ||
629 | GNUTLS_MAC_SHA1, GNUTLS_TLS1), | ||
630 | |||
631 | /* DHE-PSK */ | ||
632 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1, | ||
633 | GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK, | ||
634 | GNUTLS_MAC_SHA1, GNUTLS_TLS1), | ||
635 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1, | ||
636 | GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK, | ||
637 | GNUTLS_MAC_SHA1, GNUTLS_TLS1), | ||
638 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1, | ||
639 | GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, | ||
640 | GNUTLS_MAC_SHA1, GNUTLS_TLS1), | ||
641 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1, | ||
642 | GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, | ||
643 | GNUTLS_MAC_SHA1, GNUTLS_TLS1), | ||
644 | |||
645 | /* SRP */ | 611 | /* SRP */ |
646 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, | 612 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, |
647 | GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP, | 613 | GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP, |
@@ -1689,8 +1655,8 @@ _gnutls_qsort (gnutls_session_t session, | |||
1689 | compar); | 1655 | compar); |
1690 | } | 1656 | } |
1691 | 1657 | ||
1692 | /* a compare function for KX algorithms (using priorities). | 1658 | /* a compare function for KX algorithms (using priorities). |
1693 | * For use with qsort | 1659 | * For use with qsort |
1694 | */ | 1660 | */ |
1695 | static int | 1661 | static int |
1696 | _gnutls_compare_algo (gnutls_session_t session, | 1662 | _gnutls_compare_algo (gnutls_session_t session, |
@@ -1894,7 +1860,7 @@ _gnutls_supported_ciphersuites (gnutls_session_t session, | |||
1894 | 1860 | ||
1895 | #define MIN_PRIVATE_COMP_ALGO 0xEF | 1861 | #define MIN_PRIVATE_COMP_ALGO 0xEF |
1896 | 1862 | ||
1897 | /* returns the TLS numbers of the compression methods we support | 1863 | /* returns the TLS numbers of the compression methods we support |
1898 | */ | 1864 | */ |
1899 | #define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.algorithms | 1865 | #define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.algorithms |
1900 | int | 1866 | int |
diff --git a/src/daemon/https/tls/gnutls_global.c b/src/daemon/https/tls/gnutls_global.c index d019dcda..822293ac 100644 --- a/src/daemon/https/tls/gnutls_global.c +++ b/src/daemon/https/tls/gnutls_global.c | |||
@@ -27,10 +27,19 @@ | |||
27 | #include <libtasn1.h> | 27 | #include <libtasn1.h> |
28 | #include <gnutls_dh.h> | 28 | #include <gnutls_dh.h> |
29 | 29 | ||
30 | /* this is used in order to make the multi-threaded initialization call to libgcrypt */ | ||
31 | #include <pthread.h> | ||
32 | #include <gcrypt.h> | ||
33 | /* TODO fix : needed by GCRY_THREAD_OPTION_PTHREAD_IMPL but missing otherwise */ | ||
34 | #define ENOMEM 12 /* Out of memory */ | ||
35 | |||
30 | #ifdef HAVE_WINSOCK | 36 | #ifdef HAVE_WINSOCK |
31 | # include <winsock2.h> | 37 | # include <winsock2.h> |
32 | #endif | 38 | #endif |
33 | 39 | ||
40 | |||
41 | GCRY_THREAD_OPTION_PTHREAD_IMPL; | ||
42 | |||
34 | #include "gettext.h" | 43 | #include "gettext.h" |
35 | 44 | ||
36 | #define gnutls_log_func LOG_FUNC | 45 | #define gnutls_log_func LOG_FUNC |
@@ -57,7 +66,8 @@ ASN1_TYPE _gnutls_gnutls_asn; | |||
57 | * gnutls_log_func is of the form, | 66 | * gnutls_log_func is of the form, |
58 | * void (*gnutls_log_func)( int level, const char*); | 67 | * void (*gnutls_log_func)( int level, const char*); |
59 | **/ | 68 | **/ |
60 | void gnutls_global_set_log_function(gnutls_log_func log_func) | 69 | void |
70 | gnutls_global_set_log_function (gnutls_log_func log_func) | ||
61 | { | 71 | { |
62 | _gnutls_log_func = log_func; | 72 | _gnutls_log_func = log_func; |
63 | } | 73 | } |
@@ -74,7 +84,8 @@ void gnutls_global_set_log_function(gnutls_log_func log_func) | |||
74 | * Use a log level over 10 to enable all debugging options. | 84 | * Use a log level over 10 to enable all debugging options. |
75 | * | 85 | * |
76 | **/ | 86 | **/ |
77 | void gnutls_global_set_log_level(int level) | 87 | void |
88 | gnutls_global_set_log_level (int level) | ||
78 | { | 89 | { |
79 | _gnutls_log_level = level; | 90 | _gnutls_log_level = level; |
80 | } | 91 | } |
@@ -83,21 +94,20 @@ void gnutls_global_set_log_level(int level) | |||
83 | /* default logging function */ | 94 | /* default logging function */ |
84 | static void | 95 | static void |
85 | dlog (int level, const char *str) | 96 | dlog (int level, const char *str) |
86 | { | 97 | { |
87 | fputs (str, stderr); | 98 | fputs (str, stderr); |
88 | } | 99 | } |
89 | #endif | 100 | #endif |
90 | 101 | ||
91 | extern gnutls_alloc_function gnutls_secure_malloc; | 102 | extern gnutls_alloc_function gnutls_secure_malloc; |
92 | extern gnutls_alloc_function gnutls_malloc; | 103 | extern gnutls_alloc_function gnutls_malloc; |
93 | extern gnutls_free_function gnutls_free; | 104 | extern gnutls_free_function gnutls_free; |
94 | extern int (*_gnutls_is_secure_memory)(const void *); | 105 | extern int (*_gnutls_is_secure_memory) (const void *); |
95 | extern gnutls_realloc_function gnutls_realloc; | 106 | extern gnutls_realloc_function gnutls_realloc; |
96 | extern char *(*gnutls_strdup)(const char *); | 107 | extern char *(*gnutls_strdup) (const char *); |
97 | extern void *(*gnutls_calloc)(size_t, | 108 | extern void *(*gnutls_calloc) (size_t, size_t); |
98 | size_t); | ||
99 | 109 | ||
100 | int _gnutls_is_secure_mem_null(const void *); | 110 | int _gnutls_is_secure_mem_null (const void *); |
101 | 111 | ||
102 | /** | 112 | /** |
103 | * gnutls_global_set_mem_functions - This function sets the memory allocation functions | 113 | * gnutls_global_set_mem_functions - This function sets the memory allocation functions |
@@ -116,13 +126,14 @@ int _gnutls_is_secure_mem_null(const void *); | |||
116 | * This function must be called before gnutls_global_init() is called. | 126 | * This function must be called before gnutls_global_init() is called. |
117 | * | 127 | * |
118 | **/ | 128 | **/ |
119 | void gnutls_global_set_mem_functions(gnutls_alloc_function alloc_func, | 129 | void |
120 | gnutls_alloc_function | 130 | gnutls_global_set_mem_functions (gnutls_alloc_function alloc_func, |
121 | secure_alloc_func, | 131 | gnutls_alloc_function |
122 | gnutls_is_secure_function | 132 | secure_alloc_func, |
123 | is_secure_func, | 133 | gnutls_is_secure_function |
124 | gnutls_realloc_function realloc_func, | 134 | is_secure_func, |
125 | gnutls_free_function free_func) | 135 | gnutls_realloc_function realloc_func, |
136 | gnutls_free_function free_func) | ||
126 | { | 137 | { |
127 | gnutls_secure_malloc = secure_alloc_func; | 138 | gnutls_secure_malloc = secure_alloc_func; |
128 | gnutls_malloc = alloc_func; | 139 | gnutls_malloc = alloc_func; |
@@ -152,10 +163,10 @@ void gnutls_global_set_mem_functions(gnutls_alloc_function alloc_func, | |||
152 | #ifdef DEBUG | 163 | #ifdef DEBUG |
153 | static void | 164 | static void |
154 | _gnutls_gcry_log_handler (void *dummy, int level, | 165 | _gnutls_gcry_log_handler (void *dummy, int level, |
155 | const char *fmt, va_list list) | 166 | const char *fmt, va_list list) |
156 | { | 167 | { |
157 | _gnutls_log (fmt, list); | 168 | _gnutls_log (fmt, list); |
158 | } | 169 | } |
159 | #endif | 170 | #endif |
160 | 171 | ||
161 | static int _gnutls_init = 0; | 172 | static int _gnutls_init = 0; |
@@ -190,7 +201,8 @@ static int _gnutls_init = 0; | |||
190 | * memory leak is also an option. | 201 | * memory leak is also an option. |
191 | * | 202 | * |
192 | **/ | 203 | **/ |
193 | int gnutls_global_init(void) | 204 | int |
205 | gnutls_global_init (void) | ||
194 | { | 206 | { |
195 | int result = 0; | 207 | int result = 0; |
196 | int res; | 208 | int res; |
@@ -200,41 +212,62 @@ int gnutls_global_init(void) | |||
200 | return; | 212 | return; |
201 | 213 | ||
202 | #if HAVE_WINSOCK | 214 | #if HAVE_WINSOCK |
215 | { | ||
216 | WORD requested; | ||
217 | WSADATA data; | ||
218 | int err; | ||
219 | |||
220 | requested = MAKEWORD (1, 1); | ||
221 | err = WSAStartup (requested, &data); | ||
222 | if (err != 0) | ||
223 | { | ||
224 | _gnutls_debug_log ("WSAStartup failed: %d.\n", err); | ||
225 | return GNUTLS_E_LIBRARY_VERSION_MISMATCH; | ||
226 | } | ||
227 | |||
228 | if (data.wVersion < requested) | ||
229 | { | ||
230 | _gnutls_debug_log ("WSAStartup version check failed (%d < %d).\n", | ||
231 | data.wVersion, requested); | ||
232 | WSACleanup (); | ||
233 | return GNUTLS_E_LIBRARY_VERSION_MISMATCH; | ||
234 | } | ||
235 | } | ||
236 | #endif | ||
237 | |||
238 | |||
239 | // bindtextdomain("mhd", "./"); | ||
240 | |||
241 | if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P) == 0) | ||
203 | { | 242 | { |
204 | WORD requested; | 243 | const char *p; |
205 | WSADATA data; | ||
206 | int err; | ||
207 | 244 | ||
208 | requested = MAKEWORD (1, 1); | 245 | /* to enable multi-threading this call must precede any other call made to libgcrypt */ |
209 | err = WSAStartup (requested, &data); | 246 | gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); |
210 | if (err != 0) | ||
211 | { | ||
212 | _gnutls_debug_log ("WSAStartup failed: %d.\n", err); | ||
213 | return GNUTLS_E_LIBRARY_VERSION_MISMATCH; | ||
214 | } | ||
215 | 247 | ||
216 | if (data.wVersion < requested) | 248 | /* set p to point at the required version of gcrypt */ |
249 | p = strchr(MHD_GCRYPT_VERSION, ':'); | ||
250 | if (p == NULL) | ||
251 | p = MHD_GCRYPT_VERSION; | ||
252 | else | ||
253 | p++; | ||
254 | |||
255 | /* this call initializes libgcrypt */ | ||
256 | if (gcry_check_version(p) == NULL) | ||
217 | { | 257 | { |
218 | _gnutls_debug_log ("WSAStartup version check failed (%d < %d).\n", | 258 | gnutls_assert(); |
219 | data.wVersion, requested); | 259 | _gnutls_debug_log("Checking for libgcrypt failed '%s'\n", p); |
220 | WSACleanup (); | 260 | return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY; |
221 | return GNUTLS_E_LIBRARY_VERSION_MISMATCH; | ||
222 | } | 261 | } |
223 | } | ||
224 | #endif | ||
225 | 262 | ||
226 | // TODO rm ? bindtextdomain(PACKAGE, LOCALEDIR); | ||
227 | |||
228 | if (gcry_control(GCRYCTL_ANY_INITIALIZATION_P) == 0) | ||
229 | { | ||
230 | /* for gcrypt in order to be able to allocate memory */ | 263 | /* for gcrypt in order to be able to allocate memory */ |
231 | gcry_set_allocation_handler(gnutls_malloc, gnutls_secure_malloc, | 264 | gcry_set_allocation_handler (gnutls_malloc, gnutls_secure_malloc, |
232 | _gnutls_is_secure_memory, gnutls_realloc, | 265 | _gnutls_is_secure_memory, gnutls_realloc, |
233 | gnutls_free); | 266 | gnutls_free); |
234 | 267 | ||
235 | /* gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING, NULL, 0); */ | 268 | /* gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING, NULL, 0); */ |
236 | 269 | ||
237 | gcry_control(GCRYCTL_INITIALIZATION_FINISHED, NULL, 0); | 270 | gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0); |
238 | 271 | ||
239 | #ifdef DEBUG | 272 | #ifdef DEBUG |
240 | /* applications may want to override that, so we only use | 273 | /* applications may want to override that, so we only use |
@@ -244,7 +277,7 @@ int gnutls_global_init(void) | |||
244 | #endif | 277 | #endif |
245 | } | 278 | } |
246 | 279 | ||
247 | if (gc_init() != GC_OK) | 280 | if (gc_init () != GC_OK) |
248 | { | 281 | { |
249 | gnutls_assert (); | 282 | gnutls_assert (); |
250 | _gnutls_debug_log ("Initializing crypto backend failed\n"); | 283 | _gnutls_debug_log ("Initializing crypto backend failed\n"); |
@@ -267,16 +300,16 @@ int gnutls_global_init(void) | |||
267 | return result; | 300 | return result; |
268 | } | 301 | } |
269 | 302 | ||
270 | res = asn1_array2tree(gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL); | 303 | res = asn1_array2tree (gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL); |
271 | if (res != ASN1_SUCCESS) | 304 | if (res != ASN1_SUCCESS) |
272 | { | 305 | { |
273 | asn1_delete_structure(&_gnutls_pkix1_asn); | 306 | asn1_delete_structure (&_gnutls_pkix1_asn); |
274 | result = _gnutls_asn2err(res); | 307 | result = _gnutls_asn2err (res); |
275 | return result; | 308 | return result; |
276 | } | 309 | } |
277 | 310 | ||
278 | /* Initialize the gcrypt (if used random generator) */ | 311 | /* Initialize the gcrypt (if used random generator) */ |
279 | gc_pseudo_random(&c, 1); | 312 | gc_pseudo_random (&c, 1); |
280 | 313 | ||
281 | return result; | 314 | return result; |
282 | } | 315 | } |
@@ -291,16 +324,17 @@ int gnutls_global_init(void) | |||
291 | * gnutls_global_init() for more information. | 324 | * gnutls_global_init() for more information. |
292 | * | 325 | * |
293 | **/ | 326 | **/ |
294 | void gnutls_global_deinit(void) | 327 | void |
328 | gnutls_global_deinit (void) | ||
295 | { | 329 | { |
296 | if (_gnutls_init == 1) | 330 | if (_gnutls_init == 1) |
297 | { | 331 | { |
298 | #if HAVE_WINSOCK | 332 | #if HAVE_WINSOCK |
299 | WSACleanup (); | 333 | WSACleanup (); |
300 | #endif | 334 | #endif |
301 | asn1_delete_structure(&_gnutls_gnutls_asn); | 335 | asn1_delete_structure (&_gnutls_gnutls_asn); |
302 | asn1_delete_structure(&_gnutls_pkix1_asn); | 336 | asn1_delete_structure (&_gnutls_pkix1_asn); |
303 | gc_done(); | 337 | gc_done (); |
304 | } | 338 | } |
305 | _gnutls_init--; | 339 | _gnutls_init--; |
306 | } | 340 | } |
@@ -322,8 +356,9 @@ void gnutls_global_deinit(void) | |||
322 | * PULL_FUNC is of the form, | 356 | * PULL_FUNC is of the form, |
323 | * ssize_t (*gnutls_pull_func)(gnutls_transport_ptr_t, void*, size_t); | 357 | * ssize_t (*gnutls_pull_func)(gnutls_transport_ptr_t, void*, size_t); |
324 | **/ | 358 | **/ |
325 | void gnutls_transport_set_pull_function(gnutls_session_t session, | 359 | void |
326 | gnutls_pull_func pull_func) | 360 | gnutls_transport_set_pull_function (gnutls_session_t session, |
361 | gnutls_pull_func pull_func) | ||
327 | { | 362 | { |
328 | session->internals._gnutls_pull_func = pull_func; | 363 | session->internals._gnutls_pull_func = pull_func; |
329 | } | 364 | } |
@@ -342,8 +377,9 @@ void gnutls_transport_set_pull_function(gnutls_session_t session, | |||
342 | * PUSH_FUNC is of the form, | 377 | * PUSH_FUNC is of the form, |
343 | * ssize_t (*gnutls_push_func)(gnutls_transport_ptr_t, const void*, size_t); | 378 | * ssize_t (*gnutls_push_func)(gnutls_transport_ptr_t, const void*, size_t); |
344 | **/ | 379 | **/ |
345 | void gnutls_transport_set_push_function(gnutls_session_t session, | 380 | void |
346 | gnutls_push_func push_func) | 381 | gnutls_transport_set_push_function (gnutls_session_t session, |
382 | gnutls_push_func push_func) | ||
347 | { | 383 | { |
348 | session->internals._gnutls_push_func = push_func; | 384 | session->internals._gnutls_push_func = push_func; |
349 | } | 385 | } |
@@ -366,9 +402,10 @@ void gnutls_transport_set_push_function(gnutls_session_t session, | |||
366 | * %NULL is passed to this function no check is done and only the | 402 | * %NULL is passed to this function no check is done and only the |
367 | * version string is returned. | 403 | * version string is returned. |
368 | **/ | 404 | **/ |
369 | const char * gnutls_check_version(const char *req_version) | 405 | const char * |
406 | gnutls_check_version (const char *req_version) | ||
370 | { | 407 | { |
371 | if (!req_version || strverscmp(req_version, VERSION) <= 0) | 408 | if (!req_version || strverscmp (req_version, VERSION) <= 0) |
372 | return VERSION; | 409 | return VERSION; |
373 | 410 | ||
374 | return NULL; | 411 | return NULL; |
diff --git a/src/daemon/https/tls/gnutls_int.h b/src/daemon/https/tls/gnutls_int.h index 5161c966..c1e501a0 100644 --- a/src/daemon/https/tls/gnutls_int.h +++ b/src/daemon/https/tls/gnutls_int.h | |||
@@ -28,9 +28,9 @@ | |||
28 | 28 | ||
29 | #include <defines.h> | 29 | #include <defines.h> |
30 | 30 | ||
31 | #include <gnutls.h> | 31 | #include "gnutls.h" |
32 | #include <extra.h> | 32 | #include "extra.h" |
33 | #include <gnutls_mem.h> | 33 | #include "gnutls_mem.h" |
34 | 34 | ||
35 | /* FIXME: delete this once opencdk has reentrant keyring functions | 35 | /* FIXME: delete this once opencdk has reentrant keyring functions |
36 | */ | 36 | */ |
@@ -210,7 +210,7 @@ struct gnutls_key_st | |||
210 | */ | 210 | */ |
211 | void *auth_info; | 211 | void *auth_info; |
212 | gnutls_credentials_type_t auth_info_type; | 212 | gnutls_credentials_type_t auth_info_type; |
213 | int auth_info_size; /* needed in order to store to db for restoring | 213 | int auth_info_size; /* needed in order to store to db for restoring |
214 | */ | 214 | */ |
215 | uint8_t crypt_algo; | 215 | uint8_t crypt_algo; |
216 | 216 | ||
@@ -424,7 +424,7 @@ typedef struct | |||
424 | typedef struct | 424 | typedef struct |
425 | { | 425 | { |
426 | gnutls_buffer application_data_buffer; /* holds data to be delivered to application layer */ | 426 | gnutls_buffer application_data_buffer; /* holds data to be delivered to application layer */ |
427 | gnutls_buffer handshake_hash_buffer; /* used to keep the last received handshake | 427 | gnutls_buffer handshake_hash_buffer; /* used to keep the last received handshake |
428 | * message */ | 428 | * message */ |
429 | mac_hd_t handshake_mac_handle_sha; /* hash of the handshake messages */ | 429 | mac_hd_t handshake_mac_handle_sha; /* hash of the handshake messages */ |
430 | mac_hd_t handshake_mac_handle_md5; /* hash of the handshake messages */ | 430 | mac_hd_t handshake_mac_handle_md5; /* hash of the handshake messages */ |
@@ -500,10 +500,12 @@ typedef struct | |||
500 | 500 | ||
501 | int expire_time; /* after expire_time seconds this session will expire */ | 501 | int expire_time; /* after expire_time seconds this session will expire */ |
502 | struct mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */ | 502 | struct mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */ |
503 | |||
504 | /* TODO rm */ | ||
503 | int v2_hello; /* 0 if the client hello is v3+. | 505 | int v2_hello; /* 0 if the client hello is v3+. |
504 | * non-zero if we got a v2 hello. | 506 | * non-zero if we got a v2 hello. |
505 | */ | 507 | */ |
506 | /* keeps the headers of the handshake packet | 508 | /* keeps the headers of the handshake packet |
507 | */ | 509 | */ |
508 | handshake_header_buffer_st handshake_header_buffer; | 510 | handshake_header_buffer_st handshake_header_buffer; |
509 | 511 | ||
@@ -653,8 +655,7 @@ struct gnutls_session_int | |||
653 | gnutls_key_st key; | 655 | gnutls_key_st key; |
654 | }; | 656 | }; |
655 | 657 | ||
656 | /* functions | 658 | /* functions */ |
657 | */ | ||
658 | void _gnutls_set_current_version(gnutls_session_t session, | 659 | void _gnutls_set_current_version(gnutls_session_t session, |
659 | gnutls_protocol_t version); | 660 | gnutls_protocol_t version); |
660 | 661 | ||
diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c index 1b20cd1a..29132f8a 100644 --- a/src/daemon/https/tls/gnutls_priority.c +++ b/src/daemon/https/tls/gnutls_priority.c | |||
@@ -32,10 +32,6 @@ | |||
32 | 32 | ||
33 | #define MAX_ELEMENTS 48 | 33 | #define MAX_ELEMENTS 48 |
34 | 34 | ||
35 | static void break_comma_list (char *etag, | ||
36 | char **broken_etag, | ||
37 | int *elements, int max_elements, char sep); | ||
38 | |||
39 | /** | 35 | /** |
40 | * gnutls_cipher_set_priority - Sets the priority on the ciphers supported by gnutls. | 36 | * gnutls_cipher_set_priority - Sets the priority on the ciphers supported by gnutls. |
41 | * @session: is a #gnutls_session_t structure. | 37 | * @session: is a #gnutls_session_t structure. |
@@ -87,7 +83,6 @@ _set_priority (priority_st * st, const int *list) | |||
87 | } | 83 | } |
88 | 84 | ||
89 | return 0; | 85 | return 0; |
90 | |||
91 | } | 86 | } |
92 | 87 | ||
93 | /** | 88 | /** |
@@ -215,7 +210,8 @@ gnutls_certificate_type_set_priority (gnutls_session_t session, | |||
215 | } | 210 | } |
216 | 211 | ||
217 | static const int protocol_priority[] = { GNUTLS_TLS1_1, | 212 | static const int protocol_priority[] = { GNUTLS_TLS1_1, |
218 | GNUTLS_TLS1_0, GNUTLS_SSL3, | 213 | GNUTLS_TLS1_0, |
214 | GNUTLS_SSL3, | ||
219 | 0 | 215 | 0 |
220 | }; | 216 | }; |
221 | 217 | ||
@@ -336,10 +332,6 @@ int | |||
336 | gnutls_priority_init (gnutls_priority_t * priority_cache, | 332 | gnutls_priority_init (gnutls_priority_t * priority_cache, |
337 | const char *priorities, const char **err_pos) | 333 | const char *priorities, const char **err_pos) |
338 | { | 334 | { |
339 | int broken_list_size, i, j; | ||
340 | char *darg; | ||
341 | int algo; | ||
342 | |||
343 | *priority_cache = gnutls_calloc (1, sizeof (struct gnutls_priority_st)); | 335 | *priority_cache = gnutls_calloc (1, sizeof (struct gnutls_priority_st)); |
344 | if (*priority_cache == NULL) | 336 | if (*priority_cache == NULL) |
345 | { | 337 | { |
@@ -354,8 +346,8 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, | |||
354 | _set_priority (&(*priority_cache)->mac, mac_priority_secure); | 346 | _set_priority (&(*priority_cache)->mac, mac_priority_secure); |
355 | _set_priority (&(*priority_cache)->cert_type, cert_type_priority); | 347 | _set_priority (&(*priority_cache)->cert_type, cert_type_priority); |
356 | _set_priority (&(*priority_cache)->compression, comp_priority); | 348 | _set_priority (&(*priority_cache)->compression, comp_priority); |
357 | (*priority_cache)->no_padding = 0; | ||
358 | 349 | ||
350 | (*priority_cache)->no_padding = 0; | ||
359 | return 0; | 351 | return 0; |
360 | } | 352 | } |
361 | 353 | ||
@@ -412,40 +404,6 @@ gnutls_priority_set_direct (gnutls_session_t session, | |||
412 | return 0; | 404 | return 0; |
413 | } | 405 | } |
414 | 406 | ||
415 | /* Breaks a list of "xxx", "yyy", to a character array, of | ||
416 | * MAX_COMMA_SEP_ELEMENTS size; Note that the given string is modified. | ||
417 | */ | ||
418 | static void | ||
419 | break_comma_list (char *etag, | ||
420 | char **broken_etag, | ||
421 | int *elements, int max_elements, char sep) | ||
422 | { | ||
423 | char *p = etag; | ||
424 | if (sep == 0) | ||
425 | sep = ','; | ||
426 | |||
427 | *elements = 0; | ||
428 | |||
429 | do | ||
430 | { | ||
431 | broken_etag[*elements] = p; | ||
432 | |||
433 | (*elements)++; | ||
434 | |||
435 | p = strchr (p, sep); | ||
436 | if (p) | ||
437 | { | ||
438 | *p = 0; | ||
439 | p++; /* move to next entry and skip white | ||
440 | * space. | ||
441 | */ | ||
442 | while (*p == ' ') | ||
443 | p++; | ||
444 | } | ||
445 | } | ||
446 | while (p != NULL && *elements < max_elements); | ||
447 | } | ||
448 | |||
449 | /** | 407 | /** |
450 | * gnutls_set_default_priority - Sets some default priority on the cipher suites supported by gnutls. | 408 | * gnutls_set_default_priority - Sets some default priority on the cipher suites supported by gnutls. |
451 | * @session: is a #gnutls_session_t structure. | 409 | * @session: is a #gnutls_session_t structure. |
diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c index f18fe97a..c05e27cb 100644 --- a/src/daemon/https/tls/gnutls_session_pack.c +++ b/src/daemon/https/tls/gnutls_session_pack.c | |||
@@ -49,21 +49,6 @@ static int unpack_certificate_auth_info (gnutls_session_t, | |||
49 | const gnutls_datum_t * | 49 | const gnutls_datum_t * |
50 | packed_session); | 50 | packed_session); |
51 | 51 | ||
52 | static int unpack_srp_auth_info (gnutls_session_t session, | ||
53 | const gnutls_datum_t * packed_session); | ||
54 | static int pack_srp_auth_info (gnutls_session_t session, | ||
55 | gnutls_datum_t * packed_session); | ||
56 | |||
57 | static int unpack_psk_auth_info (gnutls_session_t session, | ||
58 | const gnutls_datum_t * packed_session); | ||
59 | static int pack_psk_auth_info (gnutls_session_t session, | ||
60 | gnutls_datum_t * packed_session); | ||
61 | |||
62 | static int unpack_anon_auth_info (gnutls_session_t session, | ||
63 | const gnutls_datum_t * packed_session); | ||
64 | static int pack_anon_auth_info (gnutls_session_t session, | ||
65 | gnutls_datum_t * packed_session); | ||
66 | |||
67 | static int unpack_security_parameters (gnutls_session_t session, | 52 | static int unpack_security_parameters (gnutls_session_t session, |
68 | const gnutls_datum_t * packed_session); | 53 | const gnutls_datum_t * packed_session); |
69 | static int pack_security_parameters (gnutls_session_t session, | 54 | static int pack_security_parameters (gnutls_session_t session, |
@@ -230,7 +215,7 @@ _gnutls_session_unpack (gnutls_session_t session, | |||
230 | } | 215 | } |
231 | 216 | ||
232 | 217 | ||
233 | /* Format: | 218 | /* Format: |
234 | * 1 byte the credentials type | 219 | * 1 byte the credentials type |
235 | * 4 bytes the size of the whole structure | 220 | * 4 bytes the size of the whole structure |
236 | * DH stuff | 221 | * DH stuff |