diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/daemon/daemon.c | 18 | ||||
-rw-r--r-- | src/daemon/https/gnutls.h | 85 | ||||
-rw-r--r-- | src/daemon/https/tls/Makefile.am | 3 | ||||
-rw-r--r-- | src/daemon/https/tls/auth_anon.c | 180 | ||||
-rw-r--r-- | src/daemon/https/tls/auth_anon.h | 48 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_algorithms.c | 52 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_anon_cred.c | 140 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_auth.c | 16 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_handshake.c | 17 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_session_pack.c | 190 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_state.c | 30 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_ui.c | 573 | ||||
-rw-r--r-- | src/daemon/internal.h | 3 | ||||
-rw-r--r-- | src/include/microhttpd.h | 10 | ||||
-rw-r--r-- | src/testcurl/https/Makefile.am | 16 | ||||
-rw-r--r-- | src/testcurl/https/tls_daemon_options_adh_test.c | 395 | ||||
-rw-r--r-- | src/testcurl/https/tls_daemon_options_dh_test.c | 397 | ||||
-rw-r--r-- | src/testcurl/https/tls_daemon_options_test.c | 11 |
18 files changed, 9 insertions, 2175 deletions
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c index b9e2a5a8..a0a50992 100644 --- a/src/daemon/daemon.c +++ b/src/daemon/daemon.c | |||
@@ -153,15 +153,6 @@ MHD_TLS_init (struct MHD_Daemon *daemon) | |||
153 | { | 153 | { |
154 | switch (daemon->cred_type) | 154 | switch (daemon->cred_type) |
155 | { | 155 | { |
156 | case MHD_GNUTLS_CRD_ANON: | ||
157 | if ((0 != | ||
158 | MHD__gnutls_anon_allocate_server_credentials (&daemon->anon_cred)) | ||
159 | || (0 != MHD__gnutls_dh_params_init (&daemon->dh_params))) | ||
160 | return GNUTLS_E_MEMORY_ERROR; | ||
161 | MHD__gnutls_dh_params_generate2 (daemon->dh_params, 1024); | ||
162 | MHD__gnutls_anon_set_server_dh_params (daemon->anon_cred, | ||
163 | daemon->dh_params); | ||
164 | return 0; | ||
165 | case MHD_GNUTLS_CRD_CERTIFICATE: | 156 | case MHD_GNUTLS_CRD_CERTIFICATE: |
166 | if (0 != | 157 | if (0 != |
167 | MHD__gnutls_certificate_allocate_credentials (&daemon->x509_cred)) | 158 | MHD__gnutls_certificate_allocate_credentials (&daemon->x509_cred)) |
@@ -495,13 +486,6 @@ MHD_accept_connection (struct MHD_Daemon *daemon) | |||
495 | MHD_GNUTLS_CRD_CERTIFICATE, | 486 | MHD_GNUTLS_CRD_CERTIFICATE, |
496 | connection->daemon->x509_cred); | 487 | connection->daemon->x509_cred); |
497 | break; | 488 | break; |
498 | case MHD_GNUTLS_CRD_ANON: | ||
499 | /* set needed credentials for anonymous authentication. */ | ||
500 | MHD__gnutls_credentials_set (connection->tls_session, | ||
501 | MHD_GNUTLS_CRD_ANON, | ||
502 | connection->daemon->anon_cred); | ||
503 | MHD__gnutls_dh_set_prime_bits (connection->tls_session, 1024); | ||
504 | break; | ||
505 | default: | 489 | default: |
506 | #if HAVE_MESSAGES | 490 | #if HAVE_MESSAGES |
507 | MHD_DLOG (connection->daemon, | 491 | MHD_DLOG (connection->daemon, |
@@ -1101,8 +1085,6 @@ MHD_stop_daemon (struct MHD_Daemon *daemon) | |||
1101 | MHD__gnutls_priority_deinit (daemon->priority_cache); | 1085 | MHD__gnutls_priority_deinit (daemon->priority_cache); |
1102 | if (daemon->x509_cred) | 1086 | if (daemon->x509_cred) |
1103 | MHD__gnutls_certificate_free_credentials (daemon->x509_cred); | 1087 | MHD__gnutls_certificate_free_credentials (daemon->x509_cred); |
1104 | if (daemon->anon_cred) | ||
1105 | MHD__gnutls_anon_free_server_credentials (daemon->anon_cred); | ||
1106 | /* lock MHD_gnutls_global mutex since it uses reference counting */ | 1088 | /* lock MHD_gnutls_global mutex since it uses reference counting */ |
1107 | pthread_mutex_lock (&MHD_gnutls_init_mutex); | 1089 | pthread_mutex_lock (&MHD_gnutls_init_mutex); |
1108 | MHD__gnutls_global_deinit (); | 1090 | MHD__gnutls_global_deinit (); |
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h index 217e0fb7..985455c8 100644 --- a/src/daemon/https/gnutls.h +++ b/src/daemon/https/gnutls.h | |||
@@ -448,35 +448,6 @@ extern "C" | |||
448 | typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_server_credentials; | 448 | typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_server_credentials; |
449 | typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_client_credentials; | 449 | typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_client_credentials; |
450 | 450 | ||
451 | typedef struct MHD_gtls_anon_server_credentials_st | ||
452 | *MHD_gtls_anon_server_credentials_t; | ||
453 | typedef struct MHD_gtls_anon_client_credentials_st | ||
454 | *MHD_gtls_anon_client_credentials_t; | ||
455 | |||
456 | void | ||
457 | MHD__gnutls_anon_free_server_credentials | ||
458 | (MHD_gtls_anon_server_credentials_t sc); | ||
459 | int | ||
460 | MHD__gnutls_anon_allocate_server_credentials | ||
461 | (MHD_gtls_anon_server_credentials_t * sc); | ||
462 | |||
463 | void | ||
464 | MHD__gnutls_anon_set_server_dh_params (MHD_gtls_anon_server_credentials_t | ||
465 | res, | ||
466 | MHD_gtls_dh_params_t dh_params); | ||
467 | |||
468 | void | ||
469 | MHD__gnutls_anon_set_server_params_function | ||
470 | (MHD_gtls_anon_server_credentials_t res, | ||
471 | MHD_gnutls_params_function * func); | ||
472 | |||
473 | void | ||
474 | MHD__gnutls_anon_free_client_credentials | ||
475 | (MHD_gtls_anon_client_credentials_t sc); | ||
476 | int | ||
477 | MHD__gnutls_anon_allocate_client_credentials | ||
478 | (MHD_gtls_anon_client_credentials_t * sc); | ||
479 | |||
480 | void MHD__gnutls_certificate_free_credentials (MHD_gtls_cert_credentials_t | 451 | void MHD__gnutls_certificate_free_credentials (MHD_gtls_cert_credentials_t |
481 | sc); | 452 | sc); |
482 | int | 453 | int |
@@ -488,19 +459,6 @@ extern "C" | |||
488 | void MHD__gnutls_certificate_free_ca_names (MHD_gtls_cert_credentials_t sc); | 459 | void MHD__gnutls_certificate_free_ca_names (MHD_gtls_cert_credentials_t sc); |
489 | void MHD__gnutls_certificate_free_crls (MHD_gtls_cert_credentials_t sc); | 460 | void MHD__gnutls_certificate_free_crls (MHD_gtls_cert_credentials_t sc); |
490 | 461 | ||
491 | void MHD__gnutls_certificate_set_dh_params (MHD_gtls_cert_credentials_t res, | ||
492 | MHD_gtls_dh_params_t dh_params); | ||
493 | void | ||
494 | MHD__gnutls_certificate_set_rsa_export_params (MHD_gtls_cert_credentials_t | ||
495 | res, | ||
496 | MHD_gtls_rsa_params_t | ||
497 | rsa_params); | ||
498 | void MHD__gnutls_certificate_set_verify_flags (MHD_gtls_cert_credentials_t | ||
499 | res, unsigned int flags); | ||
500 | void MHD__gnutls_certificate_set_verify_limits (MHD_gtls_cert_credentials_t | ||
501 | res, unsigned int max_bits, | ||
502 | unsigned int max_depth); | ||
503 | |||
504 | int MHD__gnutls_certificate_set_x509_trust_file (MHD_gtls_cert_credentials_t | 462 | int MHD__gnutls_certificate_set_x509_trust_file (MHD_gtls_cert_credentials_t |
505 | res, const char *CAFILE, | 463 | res, const char *CAFILE, |
506 | MHD_gnutls_x509_crt_fmt_t | 464 | MHD_gnutls_x509_crt_fmt_t |
@@ -647,13 +605,6 @@ extern "C" | |||
647 | void MHD__gnutls_session_set_ptr (MHD_gtls_session_t session, void *ptr); | 605 | void MHD__gnutls_session_set_ptr (MHD_gtls_session_t session, void *ptr); |
648 | void *MHD_gtls_session_get_ptr (MHD_gtls_session_t session); | 606 | void *MHD_gtls_session_get_ptr (MHD_gtls_session_t session); |
649 | 607 | ||
650 | /* | ||
651 | * this function returns the hash of the given data. | ||
652 | */ | ||
653 | int MHD__gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo, | ||
654 | const MHD_gnutls_datum_t * data, void *result, | ||
655 | size_t * result_size); | ||
656 | |||
657 | typedef enum MHD_gnutls_x509_subject_alt_name_t | 608 | typedef enum MHD_gnutls_x509_subject_alt_name_t |
658 | { | 609 | { |
659 | GNUTLS_SAN_DNSNAME = 1, | 610 | GNUTLS_SAN_DNSNAME = 1, |
@@ -714,23 +665,6 @@ extern "C" | |||
714 | */ | 665 | */ |
715 | void MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session, | 666 | void MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session, |
716 | unsigned int bits); | 667 | unsigned int bits); |
717 | int MHD__gnutls_dh_get_secret_bits (MHD_gtls_session_t session); | ||
718 | int MHD__gnutls_dh_get_peers_public_bits (MHD_gtls_session_t session); | ||
719 | int MHD__gnutls_dh_get_prime_bits (MHD_gtls_session_t session); | ||
720 | |||
721 | int MHD__gnutls_dh_get_group (MHD_gtls_session_t session, | ||
722 | MHD_gnutls_datum_t * raw_gen, | ||
723 | MHD_gnutls_datum_t * raw_prime); | ||
724 | int MHD__gnutls_dh_get_pubkey (MHD_gtls_session_t session, | ||
725 | MHD_gnutls_datum_t * raw_key); | ||
726 | |||
727 | /* | ||
728 | * RSA | ||
729 | */ | ||
730 | int MHD_gtls_rsa_export_get_pubkey (MHD_gtls_session_t session, | ||
731 | MHD_gnutls_datum_t * exponent, | ||
732 | MHD_gnutls_datum_t * modulus); | ||
733 | int MHD_gtls_rsa_export_get_modulus_bits (MHD_gtls_session_t session); | ||
734 | 668 | ||
735 | /* External signing callback. Experimental. */ | 669 | /* External signing callback. Experimental. */ |
736 | typedef int (*MHD_gnutls_sign_func) (MHD_gtls_session_t session, | 670 | typedef int (*MHD_gnutls_sign_func) (MHD_gtls_session_t session, |
@@ -761,20 +695,11 @@ extern "C" | |||
761 | req); | 695 | req); |
762 | 696 | ||
763 | /* get data from the session */ | 697 | /* get data from the session */ |
764 | const MHD_gnutls_datum_t *MHD_gtls_certificate_get_peers (MHD_gtls_session_t | ||
765 | session, | ||
766 | unsigned int | ||
767 | *list_size); | ||
768 | const MHD_gnutls_datum_t *MHD_gtls_certificate_get_ours (MHD_gtls_session_t | ||
769 | session); | ||
770 | |||
771 | time_t MHD_gtls_certificate_activation_time_peers (MHD_gtls_session_t | 698 | time_t MHD_gtls_certificate_activation_time_peers (MHD_gtls_session_t |
772 | session); | 699 | session); |
773 | time_t MHD_gtls_certificate_expiration_time_peers (MHD_gtls_session_t | 700 | time_t MHD_gtls_certificate_expiration_time_peers (MHD_gtls_session_t |
774 | session); | 701 | session); |
775 | 702 | ||
776 | int MHD_gtls_certificate_client_get_request_status (MHD_gtls_session_t | ||
777 | session); | ||
778 | int MHD_gtls_certificate_verify_peers2 (MHD_gtls_session_t session, | 703 | int MHD_gtls_certificate_verify_peers2 (MHD_gtls_session_t session, |
779 | unsigned int *status); | 704 | unsigned int *status); |
780 | 705 | ||
@@ -796,16 +721,6 @@ extern "C" | |||
796 | const MHD_gnutls_datum_t * b64_data, | 721 | const MHD_gnutls_datum_t * b64_data, |
797 | MHD_gnutls_datum_t * result); | 722 | MHD_gnutls_datum_t * result); |
798 | 723 | ||
799 | // void | ||
800 | // MHD_gnutls_certificate_set_params_function (MHD_gtls_cert_credentials_t | ||
801 | // res, | ||
802 | // MHD_gnutls_params_function * func); | ||
803 | // void MHD_gnutls_anon_set_params_function (MHD_gtls_anon_server_credentials_t res, | ||
804 | // MHD_gnutls_params_function * func); | ||
805 | // void MHD_gnutls_psk_set_params_function (MHD_gnutls_psk_server_credentials_t res, | ||
806 | // MHD_gnutls_params_function * func); | ||
807 | |||
808 | |||
809 | /* key_usage will be an OR of the following values: */ | 724 | /* key_usage will be an OR of the following values: */ |
810 | /* when the key is to be used for signing: */ | 725 | /* when the key is to be used for signing: */ |
811 | #define GNUTLS_KEY_DIGITAL_SIGNATURE 128 | 726 | #define GNUTLS_KEY_DIGITAL_SIGNATURE 128 |
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am index aa8a71a7..420307fc 100644 --- a/src/daemon/https/tls/Makefile.am +++ b/src/daemon/https/tls/Makefile.am | |||
@@ -16,7 +16,6 @@ libtls_la_LDFLAGS = \ | |||
16 | -L$(GCRYPT_LIB_PATH) | 16 | -L$(GCRYPT_LIB_PATH) |
17 | 17 | ||
18 | libtls_la_SOURCES = \ | 18 | libtls_la_SOURCES = \ |
19 | auth_anon.c \ | ||
20 | auth_cert.c \ | 19 | auth_cert.c \ |
21 | auth_dh_common.c \ | 20 | auth_dh_common.c \ |
22 | auth_dhe.c \ | 21 | auth_dhe.c \ |
@@ -30,7 +29,6 @@ ext_oprfi.c \ | |||
30 | ext_server_name.c \ | 29 | ext_server_name.c \ |
31 | gnutls_alert.c \ | 30 | gnutls_alert.c \ |
32 | gnutls_algorithms.c \ | 31 | gnutls_algorithms.c \ |
33 | gnutls_anon_cred.c \ | ||
34 | gnutls_asn1_tab.c \ | 32 | gnutls_asn1_tab.c \ |
35 | gnutls_auth.c \ | 33 | gnutls_auth.c \ |
36 | gnutls_buffers.c \ | 34 | gnutls_buffers.c \ |
@@ -66,7 +64,6 @@ gnutls_ui.c \ | |||
66 | gnutls_x509.c \ | 64 | gnutls_x509.c \ |
67 | pkix_asn1_tab.c \ | 65 | pkix_asn1_tab.c \ |
68 | x509_b64.c \ | 66 | x509_b64.c \ |
69 | auth_anon.h \ | ||
70 | auth_cert.h \ | 67 | auth_cert.h \ |
71 | auth_dh_common.h \ | 68 | auth_dh_common.h \ |
72 | debug.h \ | 69 | debug.h \ |
diff --git a/src/daemon/https/tls/auth_anon.c b/src/daemon/https/tls/auth_anon.c deleted file mode 100644 index 1d6922cc..00000000 --- a/src/daemon/https/tls/auth_anon.c +++ /dev/null | |||
@@ -1,180 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains the Anonymous Diffie Hellman key exchange part of | ||
26 | * the anonymous authentication. The functions here are used in the | ||
27 | * handshake. | ||
28 | */ | ||
29 | |||
30 | #include <gnutls_int.h> | ||
31 | |||
32 | #ifdef ENABLE_ANON | ||
33 | |||
34 | #include "gnutls_auth_int.h" | ||
35 | #include "gnutls_errors.h" | ||
36 | #include "gnutls_dh.h" | ||
37 | #include "auth_anon.h" | ||
38 | #include "gnutls_num.h" | ||
39 | #include "gnutls_mpi.h" | ||
40 | #include <gnutls_state.h> | ||
41 | #include <auth_dh_common.h> | ||
42 | |||
43 | static int MHD_gtls_gen_anon_server_kx (MHD_gtls_session_t, opaque **); | ||
44 | static int MHD_gtls_proc_anon_client_kx (MHD_gtls_session_t, opaque *, | ||
45 | size_t); | ||
46 | static int MHD_gtls_proc_anon_server_kx (MHD_gtls_session_t, opaque *, | ||
47 | size_t); | ||
48 | |||
49 | const MHD_gtls_mod_auth_st MHD_gtls_anon_auth_struct = { | ||
50 | "ANON", | ||
51 | NULL, | ||
52 | NULL, | ||
53 | MHD_gtls_gen_anon_server_kx, | ||
54 | MHD_gtls_gen_dh_common_client_kx, /* this can be shared */ | ||
55 | NULL, | ||
56 | NULL, | ||
57 | |||
58 | NULL, | ||
59 | NULL, /* certificate */ | ||
60 | MHD_gtls_proc_anon_server_kx, | ||
61 | MHD_gtls_proc_anon_client_kx, | ||
62 | NULL, | ||
63 | NULL | ||
64 | }; | ||
65 | |||
66 | static int | ||
67 | MHD_gtls_gen_anon_server_kx (MHD_gtls_session_t session, opaque ** data) | ||
68 | { | ||
69 | mpi_t g, p; | ||
70 | const mpi_t *mpis; | ||
71 | int ret; | ||
72 | MHD_gtls_dh_params_t dh_params; | ||
73 | MHD_gtls_anon_server_credentials_t cred; | ||
74 | |||
75 | cred = (MHD_gtls_anon_server_credentials_t) | ||
76 | MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_ANON, NULL); | ||
77 | if (cred == NULL) | ||
78 | { | ||
79 | MHD_gnutls_assert (); | ||
80 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
81 | } | ||
82 | |||
83 | dh_params = | ||
84 | MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session); | ||
85 | mpis = MHD_gtls_dh_params_to_mpi (dh_params); | ||
86 | if (mpis == NULL) | ||
87 | { | ||
88 | MHD_gnutls_assert (); | ||
89 | return GNUTLS_E_NO_TEMPORARY_DH_PARAMS; | ||
90 | } | ||
91 | |||
92 | p = mpis[0]; | ||
93 | g = mpis[1]; | ||
94 | |||
95 | if ((ret = | ||
96 | MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, | ||
97 | sizeof (anon_auth_info_st), 1)) < 0) | ||
98 | { | ||
99 | MHD_gnutls_assert (); | ||
100 | return ret; | ||
101 | } | ||
102 | |||
103 | MHD_gtls_dh_set_group (session, g, p); | ||
104 | |||
105 | ret = MHD_gtls_dh_common_print_server_kx (session, g, p, data, 0); | ||
106 | if (ret < 0) | ||
107 | { | ||
108 | MHD_gnutls_assert (); | ||
109 | } | ||
110 | |||
111 | return ret; | ||
112 | } | ||
113 | |||
114 | |||
115 | static int | ||
116 | MHD_gtls_proc_anon_client_kx (MHD_gtls_session_t session, opaque * data, | ||
117 | size_t _data_size) | ||
118 | { | ||
119 | MHD_gtls_anon_server_credentials_t cred; | ||
120 | int bits; | ||
121 | int ret; | ||
122 | mpi_t p, g; | ||
123 | MHD_gtls_dh_params_t dh_params; | ||
124 | const mpi_t *mpis; | ||
125 | |||
126 | bits = MHD_gtls_dh_get_allowed_prime_bits (session); | ||
127 | |||
128 | cred = (MHD_gtls_anon_server_credentials_t) | ||
129 | MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_ANON, NULL); | ||
130 | if (cred == NULL) | ||
131 | { | ||
132 | MHD_gnutls_assert (); | ||
133 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
134 | } | ||
135 | |||
136 | dh_params = | ||
137 | MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session); | ||
138 | mpis = MHD_gtls_dh_params_to_mpi (dh_params); | ||
139 | if (mpis == NULL) | ||
140 | { | ||
141 | MHD_gnutls_assert (); | ||
142 | return GNUTLS_E_NO_TEMPORARY_DH_PARAMS; | ||
143 | } | ||
144 | |||
145 | p = mpis[0]; | ||
146 | g = mpis[1]; | ||
147 | |||
148 | ret = MHD_gtls_proc_dh_common_client_kx (session, data, _data_size, g, p); | ||
149 | |||
150 | return ret; | ||
151 | |||
152 | } | ||
153 | |||
154 | int | ||
155 | MHD_gtls_proc_anon_server_kx (MHD_gtls_session_t session, opaque * data, | ||
156 | size_t _data_size) | ||
157 | { | ||
158 | |||
159 | int ret; | ||
160 | |||
161 | /* set auth_info */ | ||
162 | if ((ret = | ||
163 | MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, | ||
164 | sizeof (anon_auth_info_st), 1)) < 0) | ||
165 | { | ||
166 | MHD_gnutls_assert (); | ||
167 | return ret; | ||
168 | } | ||
169 | |||
170 | ret = MHD_gtls_proc_dh_common_server_kx (session, data, _data_size, 0); | ||
171 | if (ret < 0) | ||
172 | { | ||
173 | MHD_gnutls_assert (); | ||
174 | return ret; | ||
175 | } | ||
176 | |||
177 | return 0; | ||
178 | } | ||
179 | |||
180 | #endif /* ENABLE_ANON */ | ||
diff --git a/src/daemon/https/tls/auth_anon.h b/src/daemon/https/tls/auth_anon.h deleted file mode 100644 index 4602ab23..00000000 --- a/src/daemon/https/tls/auth_anon.h +++ /dev/null | |||
@@ -1,48 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* this is not to be included by MHD_gnutls_anon.c */ | ||
26 | #include <gnutls_auth.h> | ||
27 | #include <auth_dh_common.h> | ||
28 | |||
29 | typedef struct MHD_gtls_anon_server_credentials_st | ||
30 | { | ||
31 | MHD_gtls_dh_params_t dh_params; | ||
32 | /* this callback is used to retrieve the DH or RSA | ||
33 | * parameters. | ||
34 | */ | ||
35 | MHD_gnutls_params_function *params_func; | ||
36 | } mhd_anon_server_credentials_st; | ||
37 | |||
38 | typedef struct MHD_gtls_anon_client_credentials_st | ||
39 | { | ||
40 | int dummy; | ||
41 | } mhd_anon_client_credentials_st; | ||
42 | |||
43 | typedef struct MHD_gtls_anon_auth_info_st | ||
44 | { | ||
45 | MHD_gtls_dh_info_st dh; | ||
46 | } *mhd_anon_auth_info_t; | ||
47 | |||
48 | typedef struct MHD_gtls_anon_auth_info_st anon_auth_info_st; | ||
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c index 18ba0457..89ca70bc 100644 --- a/src/daemon/https/tls/gnutls_algorithms.c +++ b/src/daemon/https/tls/gnutls_algorithms.c | |||
@@ -42,9 +42,6 @@ typedef struct | |||
42 | } MHD_gnutls_cred_map; | 42 | } MHD_gnutls_cred_map; |
43 | 43 | ||
44 | static const MHD_gnutls_cred_map MHD_gtls_cred_mappings[] = { | 44 | static const MHD_gnutls_cred_map MHD_gtls_cred_mappings[] = { |
45 | {MHD_GNUTLS_KX_ANON_DH, | ||
46 | MHD_GNUTLS_CRD_ANON, | ||
47 | MHD_GNUTLS_CRD_ANON}, | ||
48 | {MHD_GNUTLS_KX_RSA, | 45 | {MHD_GNUTLS_KX_RSA, |
49 | MHD_GNUTLS_CRD_CERTIFICATE, | 46 | MHD_GNUTLS_CRD_CERTIFICATE, |
50 | MHD_GNUTLS_CRD_CERTIFICATE}, | 47 | MHD_GNUTLS_CRD_CERTIFICATE}, |
@@ -390,7 +387,6 @@ extern MHD_gtls_mod_auth_st MHD_gtls_rsa_auth_struct; | |||
390 | extern MHD_gtls_mod_auth_st MHD_rsa_export_auth_struct; | 387 | extern MHD_gtls_mod_auth_st MHD_rsa_export_auth_struct; |
391 | extern MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct; | 388 | extern MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct; |
392 | extern MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct; | 389 | extern MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct; |
393 | extern MHD_gtls_mod_auth_st MHD_gtls_anon_auth_struct; | ||
394 | extern MHD_gtls_mod_auth_st srp_auth_struct; | 390 | extern MHD_gtls_mod_auth_st srp_auth_struct; |
395 | extern MHD_gtls_mod_auth_st psk_auth_struct; | 391 | extern MHD_gtls_mod_auth_st psk_auth_struct; |
396 | extern MHD_gtls_mod_auth_st dhe_psk_auth_struct; | 392 | extern MHD_gtls_mod_auth_st dhe_psk_auth_struct; |
@@ -407,9 +403,6 @@ typedef struct MHD_gtls_kx_algo_entry | |||
407 | } MHD_gtls_kx_algo_entry_t; | 403 | } MHD_gtls_kx_algo_entry_t; |
408 | 404 | ||
409 | static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = { | 405 | static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = { |
410 | #ifdef ENABLE_ANON | ||
411 | {"ANON-DH", MHD_GNUTLS_KX_ANON_DH, &MHD_gtls_anon_auth_struct, 1, 0}, | ||
412 | #endif | ||
413 | {"RSA", | 406 | {"RSA", |
414 | MHD_GNUTLS_KX_RSA, | 407 | MHD_GNUTLS_KX_RSA, |
415 | &MHD_gtls_rsa_auth_struct, | 408 | &MHD_gtls_rsa_auth_struct, |
@@ -451,9 +444,6 @@ static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = { | |||
451 | /* Keep the contents of this struct the same as the previous one. */ | 444 | /* Keep the contents of this struct the same as the previous one. */ |
452 | static const enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_supported_kxs[] = | 445 | static const enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_supported_kxs[] = |
453 | { | 446 | { |
454 | #ifdef ENABLE_ANON | ||
455 | MHD_GNUTLS_KX_ANON_DH, | ||
456 | #endif | ||
457 | MHD_GNUTLS_KX_RSA, | 447 | MHD_GNUTLS_KX_RSA, |
458 | MHD_GNUTLS_KX_RSA_EXPORT, | 448 | MHD_GNUTLS_KX_RSA_EXPORT, |
459 | MHD_GNUTLS_KX_DHE_RSA, | 449 | MHD_GNUTLS_KX_DHE_RSA, |
@@ -498,20 +488,6 @@ typedef struct | |||
498 | */ | 488 | */ |
499 | #define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 } | 489 | #define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 } |
500 | 490 | ||
501 | /* ANONymous cipher suites. | ||
502 | */ | ||
503 | |||
504 | #define GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1 { 0x00, 0x1B } | ||
505 | #define GNUTLS_ANON_DH_ARCFOUR_MD5 { 0x00, 0x18 } | ||
506 | |||
507 | /* rfc3268: */ | ||
508 | #define GNUTLS_ANON_DH_AES_128_CBC_SHA1 { 0x00, 0x34 } | ||
509 | #define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A } | ||
510 | |||
511 | /* rfc4132 */ | ||
512 | #define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 } | ||
513 | #define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 } | ||
514 | |||
515 | /* PSK (not in TLS 1.0) | 491 | /* PSK (not in TLS 1.0) |
516 | * draft-ietf-tls-psk: | 492 | * draft-ietf-tls-psk: |
517 | */ | 493 | */ |
@@ -590,34 +566,6 @@ typedef struct | |||
590 | #define CIPHER_SUITES_COUNT sizeof(MHD_gtls_cs_algorithms)/sizeof(MHD_gtls_cipher_suite_entry)-1 | 566 | #define CIPHER_SUITES_COUNT sizeof(MHD_gtls_cs_algorithms)/sizeof(MHD_gtls_cipher_suite_entry)-1 |
591 | 567 | ||
592 | static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = { | 568 | static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = { |
593 | /* ANON_DH */ | ||
594 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5, | ||
595 | MHD_GNUTLS_CIPHER_ARCFOUR_128, | ||
596 | MHD_GNUTLS_KX_ANON_DH, MHD_GNUTLS_MAC_MD5, | ||
597 | MHD_GNUTLS_PROTOCOL_SSL3), | ||
598 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1, | ||
599 | MHD_GNUTLS_CIPHER_3DES_CBC, | ||
600 | MHD_GNUTLS_KX_ANON_DH, | ||
601 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), | ||
602 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1, | ||
603 | MHD_GNUTLS_CIPHER_AES_128_CBC, | ||
604 | MHD_GNUTLS_KX_ANON_DH, | ||
605 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), | ||
606 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1, | ||
607 | MHD_GNUTLS_CIPHER_AES_256_CBC, | ||
608 | MHD_GNUTLS_KX_ANON_DH, | ||
609 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), | ||
610 | #ifdef ENABLE_CAMELLIA | ||
611 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1, | ||
612 | MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, | ||
613 | MHD_GNUTLS_KX_ANON_DH, | ||
614 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), | ||
615 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1, | ||
616 | MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, | ||
617 | MHD_GNUTLS_KX_ANON_DH, | ||
618 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), | ||
619 | #endif | ||
620 | |||
621 | /* SRP */ | 569 | /* SRP */ |
622 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, | 570 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, |
623 | MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_SRP, | 571 | MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_SRP, |
diff --git a/src/daemon/https/tls/gnutls_anon_cred.c b/src/daemon/https/tls/gnutls_anon_cred.c deleted file mode 100644 index d73c0edd..00000000 --- a/src/daemon/https/tls/gnutls_anon_cred.c +++ /dev/null | |||
@@ -1,140 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include "gnutls_int.h" | ||
26 | |||
27 | #ifdef ENABLE_ANON | ||
28 | |||
29 | #include "gnutls_errors.h" | ||
30 | #include "auth_anon.h" | ||
31 | #include "gnutls_auth_int.h" | ||
32 | #include "gnutls_dh.h" | ||
33 | #include "gnutls_num.h" | ||
34 | #include "gnutls_mpi.h" | ||
35 | |||
36 | static const int anon_dummy; | ||
37 | |||
38 | /** | ||
39 | * MHD__gnutls_anon_free_server_credentials - Used to free an allocated MHD_gtls_anon_server_credentials_t structure | ||
40 | * @sc: is an #MHD_gtls_anon_server_credentials_t structure. | ||
41 | * | ||
42 | * This structure is complex enough to manipulate directly thus this | ||
43 | * helper function is provided in order to free (deallocate) it. | ||
44 | **/ | ||
45 | void | ||
46 | MHD__gnutls_anon_free_server_credentials (MHD_gtls_anon_server_credentials_t | ||
47 | sc) | ||
48 | { | ||
49 | |||
50 | MHD_gnutls_free (sc); | ||
51 | } | ||
52 | |||
53 | /** | ||
54 | * MHD__gnutls_anon_allocate_server_credentials - Used to allocate an MHD_gtls_anon_server_credentials_t structure | ||
55 | * @sc: is a pointer to an #MHD_gtls_anon_server_credentials_t structure. | ||
56 | * | ||
57 | * This structure is complex enough to manipulate directly thus this | ||
58 | * helper function is provided in order to allocate it. | ||
59 | * | ||
60 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code. | ||
61 | **/ | ||
62 | int | ||
63 | MHD__gnutls_anon_allocate_server_credentials | ||
64 | (MHD_gtls_anon_server_credentials_t * sc) | ||
65 | { | ||
66 | *sc = MHD_gnutls_calloc (1, sizeof (mhd_anon_server_credentials_st)); | ||
67 | if (*sc == NULL) | ||
68 | return GNUTLS_E_MEMORY_ERROR; | ||
69 | |||
70 | return 0; | ||
71 | } | ||
72 | |||
73 | |||
74 | /** | ||
75 | * MHD__gnutls_anon_free_client_credentials - Used to free an allocated MHD_gtls_anon_client_credentials_t structure | ||
76 | * @sc: is an #MHD_gtls_anon_client_credentials_t structure. | ||
77 | * | ||
78 | * This structure is complex enough to manipulate directly thus this | ||
79 | * helper function is provided in order to free (deallocate) it. | ||
80 | **/ | ||
81 | void | ||
82 | MHD__gnutls_anon_free_client_credentials (MHD_gtls_anon_client_credentials_t | ||
83 | sc) | ||
84 | { | ||
85 | } | ||
86 | |||
87 | /** | ||
88 | * MHD__gnutls_anon_allocate_client_credentials - Used to allocate a credentials structure | ||
89 | * @sc: is a pointer to an #MHD_gtls_anon_client_credentials_t structure. | ||
90 | * | ||
91 | * This structure is complex enough to manipulate directly thus | ||
92 | * this helper function is provided in order to allocate it. | ||
93 | * | ||
94 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code. | ||
95 | **/ | ||
96 | int | ||
97 | MHD__gnutls_anon_allocate_client_credentials | ||
98 | (MHD_gtls_anon_client_credentials_t * sc) | ||
99 | { | ||
100 | /* anon_dummy is only there for *sc not to be null. | ||
101 | * it is not used at all; | ||
102 | */ | ||
103 | *sc = (void *) &anon_dummy; | ||
104 | |||
105 | return 0; | ||
106 | } | ||
107 | |||
108 | /** | ||
109 | * MHD__gnutls_anon_set_server_dh_params - This function will set the DH parameters for a server to use | ||
110 | * @res: is a MHD_gtls_anon_server_credentials_t structure | ||
111 | * @dh_params: is a structure that holds diffie hellman parameters. | ||
112 | * | ||
113 | * This function will set the diffie hellman parameters for an | ||
114 | * anonymous server to use. These parameters will be used in | ||
115 | * Anonymous Diffie Hellman cipher suites. | ||
116 | **/ | ||
117 | void | ||
118 | MHD__gnutls_anon_set_server_dh_params (MHD_gtls_anon_server_credentials_t res, | ||
119 | MHD_gtls_dh_params_t dh_params) | ||
120 | { | ||
121 | res->dh_params = dh_params; | ||
122 | } | ||
123 | |||
124 | /** | ||
125 | * MHD__gnutls_anon_set_server_params_function - This function will set the DH parameters callback | ||
126 | * @res: is a MHD_gtls_cert_credentials_t structure | ||
127 | * @func: is the function to be called | ||
128 | * | ||
129 | * This function will set a callback in order for the server to get | ||
130 | * the diffie hellman parameters for anonymous authentication. The | ||
131 | * callback should return zero on success. | ||
132 | **/ | ||
133 | void | ||
134 | MHD__gnutls_anon_set_server_params_function | ||
135 | (MHD_gtls_anon_server_credentials_t res, MHD_gnutls_params_function * func) | ||
136 | { | ||
137 | res->params_func = func; | ||
138 | } | ||
139 | |||
140 | #endif | ||
diff --git a/src/daemon/https/tls/gnutls_auth.c b/src/daemon/https/tls/gnutls_auth.c index 6f14d9c8..fcb8ed55 100644 --- a/src/daemon/https/tls/gnutls_auth.c +++ b/src/daemon/https/tls/gnutls_auth.c | |||
@@ -30,7 +30,6 @@ | |||
30 | #include "auth_cert.h" | 30 | #include "auth_cert.h" |
31 | #include <gnutls_datum.h> | 31 | #include <gnutls_datum.h> |
32 | 32 | ||
33 | #include "auth_anon.h" | ||
34 | /* The functions here are used in order for authentication algorithms | 33 | /* The functions here are used in order for authentication algorithms |
35 | * to be able to retrieve the needed credentials eg public and private | 34 | * to be able to retrieve the needed credentials eg public and private |
36 | * key etc. | 35 | * key etc. |
@@ -79,9 +78,6 @@ MHD__gnutls_credentials_clear (MHD_gtls_session_t session) | |||
79 | * structure. Thus you will have to keep the structure allocated until | 78 | * structure. Thus you will have to keep the structure allocated until |
80 | * you call MHD__gnutls_deinit(). ] | 79 | * you call MHD__gnutls_deinit(). ] |
81 | * | 80 | * |
82 | * For GNUTLS_CRD_ANON cred should be MHD_gtls_anon_client_credentials_t in case of a client. | ||
83 | * In case of a server it should be MHD_gtls_anon_server_credentials_t. | ||
84 | * | ||
85 | * For GNUTLS_CRD_SRP cred should be MHD_gnutls_srp_client_credentials_t | 81 | * For GNUTLS_CRD_SRP cred should be MHD_gnutls_srp_client_credentials_t |
86 | * in case of a client, and MHD_gnutls_srp_server_credentials_t, in case | 82 | * in case of a client, and MHD_gnutls_srp_server_credentials_t, in case |
87 | * of a server. | 83 | * of a server. |
@@ -267,7 +263,6 @@ out: | |||
267 | * is data obtained by the handshake protocol, the key exchange algorithm, | 263 | * is data obtained by the handshake protocol, the key exchange algorithm, |
268 | * and the TLS extensions messages. | 264 | * and the TLS extensions messages. |
269 | * | 265 | * |
270 | * In case of GNUTLS_CRD_ANON returns a type of &anon_(server/client)_auth_info_t; | ||
271 | * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t; | 266 | * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t; |
272 | * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t; | 267 | * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t; |
273 | -*/ | 268 | -*/ |
@@ -301,17 +296,6 @@ MHD_gtls_free_auth_info (MHD_gtls_session_t session) | |||
301 | { | 296 | { |
302 | case MHD_GNUTLS_CRD_SRP: | 297 | case MHD_GNUTLS_CRD_SRP: |
303 | break; | 298 | break; |
304 | case MHD_GNUTLS_CRD_ANON: | ||
305 | { | ||
306 | mhd_anon_auth_info_t info = MHD_gtls_get_auth_info (session); | ||
307 | |||
308 | if (info == NULL) | ||
309 | break; | ||
310 | |||
311 | dh_info = &info->dh; | ||
312 | MHD_gtls_free_dh_info (dh_info); | ||
313 | } | ||
314 | break; | ||
315 | case MHD_GNUTLS_CRD_CERTIFICATE: | 299 | case MHD_GNUTLS_CRD_CERTIFICATE: |
316 | { | 300 | { |
317 | unsigned int i; | 301 | unsigned int i; |
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c index db28ad9a..ba93018d 100644 --- a/src/daemon/https/tls/gnutls_handshake.c +++ b/src/daemon/https/tls/gnutls_handshake.c | |||
@@ -47,7 +47,6 @@ | |||
47 | #include "gnutls_record.h" | 47 | #include "gnutls_record.h" |
48 | #include "gnutls_state.h" | 48 | #include "gnutls_state.h" |
49 | #include "gnutls_rsa_export.h" /* for MHD_gnutls_get_rsa_params() */ | 49 | #include "gnutls_rsa_export.h" /* for MHD_gnutls_get_rsa_params() */ |
50 | #include "auth_anon.h" /* for MHD_gtls_anon_server_credentials_t */ | ||
51 | #include "gc.h" | 50 | #include "gc.h" |
52 | 51 | ||
53 | #ifdef HANDSHAKE_DEBUG | 52 | #ifdef HANDSHAKE_DEBUG |
@@ -2800,22 +2799,6 @@ check_server_params (MHD_gtls_session_t session, | |||
2800 | if (delete == 1) | 2799 | if (delete == 1) |
2801 | return 1; | 2800 | return 1; |
2802 | 2801 | ||
2803 | #ifdef ENABLE_ANON | ||
2804 | } | ||
2805 | else if (cred_type == MHD_GNUTLS_CRD_ANON) | ||
2806 | { | ||
2807 | MHD_gtls_anon_server_credentials_t anon_cred = | ||
2808 | (MHD_gtls_anon_server_credentials_t) MHD_gtls_get_cred (session->key, | ||
2809 | cred_type, | ||
2810 | NULL); | ||
2811 | |||
2812 | if (anon_cred != NULL) | ||
2813 | { | ||
2814 | dh_params = | ||
2815 | MHD_gtls_get_dh_params (anon_cred->dh_params, | ||
2816 | anon_cred->params_func, session); | ||
2817 | } | ||
2818 | #endif | ||
2819 | #ifdef ENABLE_PSK | 2802 | #ifdef ENABLE_PSK |
2820 | } | 2803 | } |
2821 | else if (cred_type == MHD_GNUTLS_CRD_PSK) | 2804 | else if (cred_type == MHD_GNUTLS_CRD_PSK) |
diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c index ab359f6c..be80bfb7 100644 --- a/src/daemon/https/tls/gnutls_session_pack.c +++ b/src/daemon/https/tls/gnutls_session_pack.c | |||
@@ -33,7 +33,6 @@ | |||
33 | #ifdef ENABLE_PSK | 33 | #ifdef ENABLE_PSK |
34 | # include <auth_psk.h> | 34 | # include <auth_psk.h> |
35 | #endif | 35 | #endif |
36 | #include <auth_anon.h> | ||
37 | #include <auth_cert.h> | 36 | #include <auth_cert.h> |
38 | #include <gnutls_errors.h> | 37 | #include <gnutls_errors.h> |
39 | #include <gnutls_auth_int.h> | 38 | #include <gnutls_auth_int.h> |
@@ -55,175 +54,6 @@ static int unpack_security_parameters (MHD_gtls_session_t session, | |||
55 | static int pack_security_parameters (MHD_gtls_session_t session, | 54 | static int pack_security_parameters (MHD_gtls_session_t session, |
56 | MHD_gnutls_datum_t * packed_session); | 55 | MHD_gnutls_datum_t * packed_session); |
57 | 56 | ||
58 | /* Packs the ANON session authentication data. */ | ||
59 | #ifdef ENABLE_ANON | ||
60 | |||
61 | /* Format: | ||
62 | * 1 byte the credentials type | ||
63 | * 4 bytes the size of the whole structure | ||
64 | * 2 bytes the size of secret key in bits | ||
65 | * 4 bytes the size of the prime | ||
66 | * x bytes the prime | ||
67 | * 4 bytes the size of the generator | ||
68 | * x bytes the generator | ||
69 | * 4 bytes the size of the public key | ||
70 | * x bytes the public key | ||
71 | */ | ||
72 | static int | ||
73 | pack_anon_auth_info (MHD_gtls_session_t session, | ||
74 | MHD_gnutls_datum_t * packed_session) | ||
75 | { | ||
76 | mhd_anon_auth_info_t info = MHD_gtls_get_auth_info (session); | ||
77 | int pos = 0; | ||
78 | size_t pack_size; | ||
79 | |||
80 | if (info) | ||
81 | pack_size = 2 + 4 * 3 + info->dh.prime.size + | ||
82 | info->dh.generator.size + info->dh.public_key.size; | ||
83 | else | ||
84 | pack_size = 0; | ||
85 | |||
86 | packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t); | ||
87 | |||
88 | /* calculate the size and allocate the data. | ||
89 | */ | ||
90 | packed_session->data = | ||
91 | MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS); | ||
92 | |||
93 | if (packed_session->data == NULL) | ||
94 | { | ||
95 | MHD_gnutls_assert (); | ||
96 | return GNUTLS_E_MEMORY_ERROR; | ||
97 | } | ||
98 | |||
99 | packed_session->data[0] = MHD_GNUTLS_CRD_ANON; | ||
100 | MHD_gtls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]); | ||
101 | pos += 4 + PACK_HEADER_SIZE; | ||
102 | |||
103 | if (pack_size > 0) | ||
104 | { | ||
105 | MHD_gtls_write_uint16 (info->dh.secret_bits, | ||
106 | &packed_session->data[pos]); | ||
107 | pos += 2; | ||
108 | |||
109 | MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime); | ||
110 | pos += 4 + info->dh.prime.size; | ||
111 | MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator); | ||
112 | pos += 4 + info->dh.generator.size; | ||
113 | MHD_gtls_write_datum32 (&packed_session->data[pos], | ||
114 | info->dh.public_key); | ||
115 | pos += 4 + info->dh.public_key.size; | ||
116 | |||
117 | } | ||
118 | |||
119 | return 0; | ||
120 | } | ||
121 | |||
122 | /* Format: | ||
123 | * 1 byte the credentials type | ||
124 | * 4 bytes the size of the whole structure | ||
125 | * 2 bytes the size of secret key in bits | ||
126 | * 4 bytes the size of the prime | ||
127 | * x bytes the prime | ||
128 | * 4 bytes the size of the generator | ||
129 | * x bytes the generator | ||
130 | * 4 bytes the size of the public key | ||
131 | * x bytes the public key | ||
132 | */ | ||
133 | static int | ||
134 | unpack_anon_auth_info (MHD_gtls_session_t session, | ||
135 | const MHD_gnutls_datum_t * packed_session) | ||
136 | { | ||
137 | size_t pack_size; | ||
138 | int pos = 0, size, ret; | ||
139 | mhd_anon_auth_info_t info; | ||
140 | |||
141 | if (packed_session->data[0] != MHD_GNUTLS_CRD_ANON) | ||
142 | { | ||
143 | MHD_gnutls_assert (); | ||
144 | return GNUTLS_E_INVALID_REQUEST; | ||
145 | } | ||
146 | |||
147 | pack_size = MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]); | ||
148 | pos += PACK_HEADER_SIZE + 4; | ||
149 | |||
150 | |||
151 | if (pack_size == 0) | ||
152 | return 0; /* nothing to be done */ | ||
153 | |||
154 | /* a simple check for integrity */ | ||
155 | if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size) | ||
156 | { | ||
157 | MHD_gnutls_assert (); | ||
158 | return GNUTLS_E_INVALID_REQUEST; | ||
159 | } | ||
160 | |||
161 | /* client and serer have the same auth_info here | ||
162 | */ | ||
163 | ret = | ||
164 | MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, | ||
165 | sizeof (anon_auth_info_st), 1); | ||
166 | if (ret < 0) | ||
167 | { | ||
168 | MHD_gnutls_assert (); | ||
169 | return ret; | ||
170 | } | ||
171 | |||
172 | info = MHD_gtls_get_auth_info (session); | ||
173 | if (info == NULL) | ||
174 | { | ||
175 | MHD_gnutls_assert (); | ||
176 | return GNUTLS_E_INTERNAL_ERROR; | ||
177 | } | ||
178 | |||
179 | info->dh.secret_bits = MHD_gtls_read_uint16 (&packed_session->data[pos]); | ||
180 | pos += 2; | ||
181 | |||
182 | size = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
183 | pos += 4; | ||
184 | ret = | ||
185 | MHD__gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size); | ||
186 | if (ret < 0) | ||
187 | { | ||
188 | MHD_gnutls_assert (); | ||
189 | goto error; | ||
190 | } | ||
191 | pos += size; | ||
192 | |||
193 | size = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
194 | pos += 4; | ||
195 | ret = | ||
196 | MHD__gnutls_set_datum (&info->dh.generator, &packed_session->data[pos], | ||
197 | size); | ||
198 | if (ret < 0) | ||
199 | { | ||
200 | MHD_gnutls_assert (); | ||
201 | goto error; | ||
202 | } | ||
203 | pos += size; | ||
204 | |||
205 | size = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
206 | pos += 4; | ||
207 | ret = | ||
208 | MHD__gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos], | ||
209 | size); | ||
210 | if (ret < 0) | ||
211 | { | ||
212 | MHD_gnutls_assert (); | ||
213 | goto error; | ||
214 | } | ||
215 | pos += size; | ||
216 | |||
217 | return 0; | ||
218 | |||
219 | error: | ||
220 | MHD__gnutls_free_datum (&info->dh.prime); | ||
221 | MHD__gnutls_free_datum (&info->dh.generator); | ||
222 | MHD__gnutls_free_datum (&info->dh.public_key); | ||
223 | return ret; | ||
224 | } | ||
225 | #endif /* ANON */ | ||
226 | |||
227 | /* Since auth_info structures contain malloced data, this function | 57 | /* Since auth_info structures contain malloced data, this function |
228 | * is required in order to pack these structures in a vector in | 58 | * is required in order to pack these structures in a vector in |
229 | * order to store them to the DB. | 59 | * order to store them to the DB. |
@@ -267,16 +97,6 @@ MHD_gtls_session_pack (MHD_gtls_session_t session, | |||
267 | } | 97 | } |
268 | break; | 98 | break; |
269 | #endif | 99 | #endif |
270 | #ifdef ENABLE_ANON | ||
271 | case MHD_GNUTLS_CRD_ANON: | ||
272 | ret = pack_anon_auth_info (session, packed_session); | ||
273 | if (ret < 0) | ||
274 | { | ||
275 | MHD_gnutls_assert (); | ||
276 | return ret; | ||
277 | } | ||
278 | break; | ||
279 | #endif | ||
280 | case MHD_GNUTLS_CRD_CERTIFICATE: | 100 | case MHD_GNUTLS_CRD_CERTIFICATE: |
281 | ret = pack_certificate_auth_info (session, packed_session); | 101 | ret = pack_certificate_auth_info (session, packed_session); |
282 | if (ret < 0) | 102 | if (ret < 0) |
@@ -346,16 +166,6 @@ MHD_gtls_session_unpack (MHD_gtls_session_t session, | |||
346 | } | 166 | } |
347 | break; | 167 | break; |
348 | #endif | 168 | #endif |
349 | #ifdef ENABLE_ANON | ||
350 | case MHD_GNUTLS_CRD_ANON: | ||
351 | ret = unpack_anon_auth_info (session, packed_session); | ||
352 | if (ret < 0) | ||
353 | { | ||
354 | MHD_gnutls_assert (); | ||
355 | return ret; | ||
356 | } | ||
357 | break; | ||
358 | #endif | ||
359 | case MHD_GNUTLS_CRD_CERTIFICATE: | 169 | case MHD_GNUTLS_CRD_CERTIFICATE: |
360 | ret = unpack_certificate_auth_info (session, packed_session); | 170 | ret = unpack_certificate_auth_info (session, packed_session); |
361 | if (ret < 0) | 171 | if (ret < 0) |
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c index 4f4ea122..0372b0f6 100644 --- a/src/daemon/https/tls/gnutls_state.c +++ b/src/daemon/https/tls/gnutls_state.c | |||
@@ -38,7 +38,6 @@ | |||
38 | #include <gnutls_buffers.h> | 38 | #include <gnutls_buffers.h> |
39 | #include <gnutls_state.h> | 39 | #include <gnutls_state.h> |
40 | #include <auth_cert.h> | 40 | #include <auth_cert.h> |
41 | #include <auth_anon.h> | ||
42 | #include <gnutls_algorithms.h> | 41 | #include <gnutls_algorithms.h> |
43 | #include <gnutls_rsa_export.h> | 42 | #include <gnutls_rsa_export.h> |
44 | 43 | ||
@@ -437,16 +436,6 @@ MHD_gtls_dh_set_peer_public (MHD_gtls_session_t session, mpi_t public) | |||
437 | 436 | ||
438 | switch (MHD_gtls_auth_get_type (session)) | 437 | switch (MHD_gtls_auth_get_type (session)) |
439 | { | 438 | { |
440 | case MHD_GNUTLS_CRD_ANON: | ||
441 | { | ||
442 | mhd_anon_auth_info_t info; | ||
443 | info = MHD_gtls_get_auth_info (session); | ||
444 | if (info == NULL) | ||
445 | return GNUTLS_E_INTERNAL_ERROR; | ||
446 | |||
447 | dh = &info->dh; | ||
448 | break; | ||
449 | } | ||
450 | case MHD_GNUTLS_CRD_CERTIFICATE: | 439 | case MHD_GNUTLS_CRD_CERTIFICATE: |
451 | { | 440 | { |
452 | cert_auth_info_t info; | 441 | cert_auth_info_t info; |
@@ -478,15 +467,6 @@ MHD_gtls_dh_set_secret_bits (MHD_gtls_session_t session, unsigned bits) | |||
478 | { | 467 | { |
479 | switch (MHD_gtls_auth_get_type (session)) | 468 | switch (MHD_gtls_auth_get_type (session)) |
480 | { | 469 | { |
481 | case MHD_GNUTLS_CRD_ANON: | ||
482 | { | ||
483 | mhd_anon_auth_info_t info; | ||
484 | info = MHD_gtls_get_auth_info (session); | ||
485 | if (info == NULL) | ||
486 | return GNUTLS_E_INTERNAL_ERROR; | ||
487 | info->dh.secret_bits = bits; | ||
488 | break; | ||
489 | } | ||
490 | case MHD_GNUTLS_CRD_CERTIFICATE: | 470 | case MHD_GNUTLS_CRD_CERTIFICATE: |
491 | { | 471 | { |
492 | cert_auth_info_t info; | 472 | cert_auth_info_t info; |
@@ -548,16 +528,6 @@ MHD_gtls_dh_set_group (MHD_gtls_session_t session, mpi_t gen, mpi_t prime) | |||
548 | 528 | ||
549 | switch (MHD_gtls_auth_get_type (session)) | 529 | switch (MHD_gtls_auth_get_type (session)) |
550 | { | 530 | { |
551 | case MHD_GNUTLS_CRD_ANON: | ||
552 | { | ||
553 | mhd_anon_auth_info_t info; | ||
554 | info = MHD_gtls_get_auth_info (session); | ||
555 | if (info == NULL) | ||
556 | return GNUTLS_E_INTERNAL_ERROR; | ||
557 | |||
558 | dh = &info->dh; | ||
559 | break; | ||
560 | } | ||
561 | case MHD_GNUTLS_CRD_CERTIFICATE: | 531 | case MHD_GNUTLS_CRD_CERTIFICATE: |
562 | { | 532 | { |
563 | cert_auth_info_t info; | 533 | cert_auth_info_t info; |
diff --git a/src/daemon/https/tls/gnutls_ui.c b/src/daemon/https/tls/gnutls_ui.c index a2594332..1963ce08 100644 --- a/src/daemon/https/tls/gnutls_ui.c +++ b/src/daemon/https/tls/gnutls_ui.c | |||
@@ -27,7 +27,6 @@ | |||
27 | */ | 27 | */ |
28 | 28 | ||
29 | #include <gnutls_int.h> | 29 | #include <gnutls_int.h> |
30 | #include <auth_anon.h> | ||
31 | #include <auth_cert.h> | 30 | #include <auth_cert.h> |
32 | #include <gnutls_errors.h> | 31 | #include <gnutls_errors.h> |
33 | #include <gnutls_auth_int.h> | 32 | #include <gnutls_auth_int.h> |
@@ -58,575 +57,3 @@ MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session, unsigned int bits) | |||
58 | session->internals.dh_prime_bits = bits; | 57 | session->internals.dh_prime_bits = bits; |
59 | } | 58 | } |
60 | 59 | ||
61 | /** | ||
62 | * MHD__gnutls_dh_get_group - This function returns the group of the DH authentication | ||
63 | * @session: is a gnutls session | ||
64 | * @raw_gen: will hold the generator. | ||
65 | * @raw_prime: will hold the prime. | ||
66 | * | ||
67 | * This function will return the group parameters used in the last Diffie Hellman | ||
68 | * authentication with the peer. These are the prime and the generator used. | ||
69 | * This function should be used for both anonymous and ephemeral diffie Hellman. | ||
70 | * The output parameters must be freed with MHD_gnutls_free(). | ||
71 | * | ||
72 | * Returns a negative value in case of an error. | ||
73 | * | ||
74 | **/ | ||
75 | int | ||
76 | MHD__gnutls_dh_get_group (MHD_gtls_session_t session, | ||
77 | MHD_gnutls_datum_t * raw_gen, | ||
78 | MHD_gnutls_datum_t * raw_prime) | ||
79 | { | ||
80 | MHD_gtls_dh_info_st *dh; | ||
81 | int ret; | ||
82 | mhd_anon_auth_info_t anon_info; | ||
83 | cert_auth_info_t cert_info; | ||
84 | |||
85 | switch (MHD_gtls_auth_get_type (session)) | ||
86 | { | ||
87 | case MHD_GNUTLS_CRD_ANON: | ||
88 | anon_info = MHD_gtls_get_auth_info (session); | ||
89 | if (anon_info == NULL) | ||
90 | return GNUTLS_E_INTERNAL_ERROR; | ||
91 | dh = &anon_info->dh; | ||
92 | break; | ||
93 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
94 | cert_info = MHD_gtls_get_auth_info (session); | ||
95 | if (cert_info == NULL) | ||
96 | return GNUTLS_E_INTERNAL_ERROR; | ||
97 | dh = &cert_info->dh; | ||
98 | break; | ||
99 | default: | ||
100 | MHD_gnutls_assert (); | ||
101 | return GNUTLS_E_INVALID_REQUEST; | ||
102 | } | ||
103 | |||
104 | ret = MHD__gnutls_set_datum (raw_prime, dh->prime.data, dh->prime.size); | ||
105 | if (ret < 0) | ||
106 | { | ||
107 | MHD_gnutls_assert (); | ||
108 | return ret; | ||
109 | } | ||
110 | |||
111 | ret = | ||
112 | MHD__gnutls_set_datum (raw_gen, dh->generator.data, dh->generator.size); | ||
113 | if (ret < 0) | ||
114 | { | ||
115 | MHD_gnutls_assert (); | ||
116 | MHD__gnutls_free_datum (raw_prime); | ||
117 | return ret; | ||
118 | } | ||
119 | |||
120 | return 0; | ||
121 | } | ||
122 | |||
123 | /** | ||
124 | * MHD__gnutls_dh_get_pubkey - This function returns the peer's public key used in DH authentication | ||
125 | * @session: is a gnutls session | ||
126 | * @raw_key: will hold the public key. | ||
127 | * | ||
128 | * This function will return the peer's public key used in the last Diffie Hellman authentication. | ||
129 | * This function should be used for both anonymous and ephemeral diffie Hellman. | ||
130 | * The output parameters must be freed with MHD_gnutls_free(). | ||
131 | * | ||
132 | * Returns a negative value in case of an error. | ||
133 | * | ||
134 | **/ | ||
135 | int | ||
136 | MHD__gnutls_dh_get_pubkey (MHD_gtls_session_t session, | ||
137 | MHD_gnutls_datum_t * raw_key) | ||
138 | { | ||
139 | MHD_gtls_dh_info_st *dh; | ||
140 | mhd_anon_auth_info_t anon_info; | ||
141 | cert_auth_info_t cert_info; | ||
142 | cert_auth_info_t psk_info; | ||
143 | |||
144 | switch (MHD_gtls_auth_get_type (session)) | ||
145 | { | ||
146 | case MHD_GNUTLS_CRD_ANON: | ||
147 | { | ||
148 | anon_info = MHD_gtls_get_auth_info (session); | ||
149 | if (anon_info == NULL) | ||
150 | return GNUTLS_E_INTERNAL_ERROR; | ||
151 | dh = &anon_info->dh; | ||
152 | break; | ||
153 | } | ||
154 | case MHD_GNUTLS_CRD_PSK: | ||
155 | { | ||
156 | psk_info = MHD_gtls_get_auth_info (session); | ||
157 | if (psk_info == NULL) | ||
158 | return GNUTLS_E_INTERNAL_ERROR; | ||
159 | dh = &psk_info->dh; | ||
160 | break; | ||
161 | } | ||
162 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
163 | { | ||
164 | |||
165 | cert_info = MHD_gtls_get_auth_info (session); | ||
166 | if (cert_info == NULL) | ||
167 | return GNUTLS_E_INTERNAL_ERROR; | ||
168 | dh = &cert_info->dh; | ||
169 | break; | ||
170 | } | ||
171 | default: | ||
172 | MHD_gnutls_assert (); | ||
173 | return GNUTLS_E_INVALID_REQUEST; | ||
174 | } | ||
175 | |||
176 | return MHD__gnutls_set_datum (raw_key, dh->public_key.data, | ||
177 | dh->public_key.size); | ||
178 | } | ||
179 | |||
180 | /** | ||
181 | * MHD_gtls_rsa_export_get_pubkey - This function returns the peer's public key used in RSA-EXPORT authentication | ||
182 | * @session: is a gnutls session | ||
183 | * @exponent: will hold the exponent. | ||
184 | * @modulus: will hold the modulus. | ||
185 | * | ||
186 | * This function will return the peer's public key exponent and | ||
187 | * modulus used in the last RSA-EXPORT authentication. The output | ||
188 | * parameters must be freed with MHD_gnutls_free(). | ||
189 | * | ||
190 | * Returns a negative value in case of an error. | ||
191 | * | ||
192 | **/ | ||
193 | int | ||
194 | MHD_gtls_rsa_export_get_pubkey (MHD_gtls_session_t session, | ||
195 | MHD_gnutls_datum_t * exponent, | ||
196 | MHD_gnutls_datum_t * modulus) | ||
197 | { | ||
198 | cert_auth_info_t info; | ||
199 | int ret; | ||
200 | |||
201 | if (MHD_gtls_auth_get_type (session) == MHD_GNUTLS_CRD_CERTIFICATE) | ||
202 | { | ||
203 | info = MHD_gtls_get_auth_info (session); | ||
204 | if (info == NULL) | ||
205 | return GNUTLS_E_INTERNAL_ERROR; | ||
206 | |||
207 | ret = MHD__gnutls_set_datum (modulus, info->rsa_export.modulus.data, | ||
208 | info->rsa_export.modulus.size); | ||
209 | if (ret < 0) | ||
210 | { | ||
211 | MHD_gnutls_assert (); | ||
212 | return ret; | ||
213 | } | ||
214 | |||
215 | ret = MHD__gnutls_set_datum (exponent, info->rsa_export.exponent.data, | ||
216 | info->rsa_export.exponent.size); | ||
217 | if (ret < 0) | ||
218 | { | ||
219 | MHD_gnutls_assert (); | ||
220 | MHD__gnutls_free_datum (modulus); | ||
221 | return ret; | ||
222 | } | ||
223 | |||
224 | return 0; | ||
225 | } | ||
226 | |||
227 | return GNUTLS_E_INVALID_REQUEST; | ||
228 | } | ||
229 | |||
230 | /** | ||
231 | * MHD__gnutls_dh_get_secret_bits - This function returns the bits used in DH authentication | ||
232 | * @session: is a gnutls session | ||
233 | * | ||
234 | * This function will return the bits used in the last Diffie Hellman authentication | ||
235 | * with the peer. Should be used for both anonymous and ephemeral diffie Hellman. | ||
236 | * Returns a negative value in case of an error. | ||
237 | * | ||
238 | **/ | ||
239 | int | ||
240 | MHD__gnutls_dh_get_secret_bits (MHD_gtls_session_t session) | ||
241 | { | ||
242 | switch (MHD_gtls_auth_get_type (session)) | ||
243 | { | ||
244 | case MHD_GNUTLS_CRD_ANON: | ||
245 | { | ||
246 | mhd_anon_auth_info_t info; | ||
247 | |||
248 | info = MHD_gtls_get_auth_info (session); | ||
249 | if (info == NULL) | ||
250 | return GNUTLS_E_INTERNAL_ERROR; | ||
251 | return info->dh.secret_bits; | ||
252 | } | ||
253 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
254 | { | ||
255 | cert_auth_info_t info; | ||
256 | |||
257 | info = MHD_gtls_get_auth_info (session); | ||
258 | if (info == NULL) | ||
259 | return GNUTLS_E_INTERNAL_ERROR; | ||
260 | |||
261 | return info->dh.secret_bits; | ||
262 | } | ||
263 | default: | ||
264 | MHD_gnutls_assert (); | ||
265 | return GNUTLS_E_INVALID_REQUEST; | ||
266 | } | ||
267 | } | ||
268 | |||
269 | /** | ||
270 | * MHD__gnutls_dh_get_prime_bits - This function returns the bits used in DH authentication | ||
271 | * @session: is a gnutls session | ||
272 | * | ||
273 | * This function will return the bits of the prime used in the last Diffie Hellman authentication | ||
274 | * with the peer. Should be used for both anonymous and ephemeral diffie Hellman. | ||
275 | * Returns a negative value in case of an error. | ||
276 | * | ||
277 | **/ | ||
278 | int | ||
279 | MHD__gnutls_dh_get_prime_bits (MHD_gtls_session_t session) | ||
280 | { | ||
281 | MHD_gtls_dh_info_st *dh; | ||
282 | |||
283 | switch (MHD_gtls_auth_get_type (session)) | ||
284 | { | ||
285 | case MHD_GNUTLS_CRD_ANON: | ||
286 | { | ||
287 | mhd_anon_auth_info_t info; | ||
288 | |||
289 | info = MHD_gtls_get_auth_info (session); | ||
290 | if (info == NULL) | ||
291 | return GNUTLS_E_INTERNAL_ERROR; | ||
292 | dh = &info->dh; | ||
293 | break; | ||
294 | } | ||
295 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
296 | { | ||
297 | cert_auth_info_t info; | ||
298 | |||
299 | info = MHD_gtls_get_auth_info (session); | ||
300 | if (info == NULL) | ||
301 | return GNUTLS_E_INTERNAL_ERROR; | ||
302 | |||
303 | dh = &info->dh; | ||
304 | break; | ||
305 | } | ||
306 | default: | ||
307 | MHD_gnutls_assert (); | ||
308 | return GNUTLS_E_INVALID_REQUEST; | ||
309 | } | ||
310 | |||
311 | return (dh->prime.size) * 8; | ||
312 | |||
313 | } | ||
314 | |||
315 | /** | ||
316 | * MHD_gtls_rsa_export_get_modulus_bits - This function returns the bits used in RSA-export key exchange | ||
317 | * @session: is a gnutls session | ||
318 | * | ||
319 | * This function will return the bits used in the last RSA-EXPORT key exchange | ||
320 | * with the peer. | ||
321 | * Returns a negative value in case of an error. | ||
322 | * | ||
323 | **/ | ||
324 | int | ||
325 | MHD_gtls_rsa_export_get_modulus_bits (MHD_gtls_session_t session) | ||
326 | { | ||
327 | cert_auth_info_t info; | ||
328 | |||
329 | info = MHD_gtls_get_auth_info (session); | ||
330 | if (info == NULL) | ||
331 | return GNUTLS_E_INTERNAL_ERROR; | ||
332 | |||
333 | return info->rsa_export.modulus.size * 8; | ||
334 | } | ||
335 | |||
336 | /** | ||
337 | * MHD__gnutls_dh_get_peers_public_bits - This function returns the bits used in DH authentication | ||
338 | * @session: is a gnutls session | ||
339 | * | ||
340 | * This function will return the bits used in the last Diffie Hellman authentication | ||
341 | * with the peer. Should be used for both anonymous and ephemeral diffie Hellman. | ||
342 | * Returns a negative value in case of an error. | ||
343 | * | ||
344 | **/ | ||
345 | int | ||
346 | MHD__gnutls_dh_get_peers_public_bits (MHD_gtls_session_t session) | ||
347 | { | ||
348 | MHD_gtls_dh_info_st *dh; | ||
349 | |||
350 | switch (MHD_gtls_auth_get_type (session)) | ||
351 | { | ||
352 | case MHD_GNUTLS_CRD_ANON: | ||
353 | { | ||
354 | mhd_anon_auth_info_t info; | ||
355 | |||
356 | info = MHD_gtls_get_auth_info (session); | ||
357 | if (info == NULL) | ||
358 | return GNUTLS_E_INTERNAL_ERROR; | ||
359 | |||
360 | dh = &info->dh; | ||
361 | break; | ||
362 | } | ||
363 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
364 | { | ||
365 | cert_auth_info_t info; | ||
366 | |||
367 | info = MHD_gtls_get_auth_info (session); | ||
368 | if (info == NULL) | ||
369 | return GNUTLS_E_INTERNAL_ERROR; | ||
370 | |||
371 | dh = &info->dh; | ||
372 | break; | ||
373 | } | ||
374 | default: | ||
375 | MHD_gnutls_assert (); | ||
376 | return GNUTLS_E_INVALID_REQUEST; | ||
377 | } | ||
378 | |||
379 | return dh->public_key.size * 8; | ||
380 | |||
381 | } | ||
382 | |||
383 | /* CERTIFICATE STUFF */ | ||
384 | |||
385 | /** | ||
386 | * MHD_gtls_certificate_get_ours - This function returns the raw certificate sent in the last handshake | ||
387 | * @session: is a gnutls session | ||
388 | * | ||
389 | * This function will return the certificate as sent to the peer, | ||
390 | * in the last handshake. These certificates are in raw format. | ||
391 | * In X.509 this is a certificate list. In OpenPGP this is a single | ||
392 | * certificate. | ||
393 | * Returns NULL in case of an error, or if no certificate was used. | ||
394 | * | ||
395 | **/ | ||
396 | const MHD_gnutls_datum_t * | ||
397 | MHD_gtls_certificate_get_ours (MHD_gtls_session_t session) | ||
398 | { | ||
399 | MHD_gtls_cert_credentials_t cred; | ||
400 | |||
401 | CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
402 | |||
403 | cred | ||
404 | = (MHD_gtls_cert_credentials_t) MHD_gtls_get_cred (session->key, | ||
405 | MHD_GNUTLS_CRD_CERTIFICATE, | ||
406 | NULL); | ||
407 | if (cred == NULL || cred->cert_list == NULL) | ||
408 | { | ||
409 | MHD_gnutls_assert (); | ||
410 | return NULL; | ||
411 | } | ||
412 | |||
413 | if (session->internals.selected_cert_list == NULL) | ||
414 | return NULL; | ||
415 | |||
416 | return &session->internals.selected_cert_list[0].raw; | ||
417 | } | ||
418 | |||
419 | /** | ||
420 | * MHD_gtls_certificate_get_peers - This function returns the peer's raw certificate | ||
421 | * @session: is a gnutls session | ||
422 | * @list_size: is the length of the certificate list | ||
423 | * | ||
424 | * This function will return the peer's raw certificate (chain) as | ||
425 | * sent by the peer. These certificates are in raw format (DER encoded | ||
426 | * for X.509). In case of a X.509 then a certificate list may be present. | ||
427 | * The first certificate in the list is the peer's certificate, | ||
428 | * following the issuer's certificate, then the issuer's issuer etc. | ||
429 | * | ||
430 | * In case of OpenPGP keys a single key will be returned | ||
431 | * in raw format. | ||
432 | * | ||
433 | * Returns NULL in case of an error, or if no certificate was sent. | ||
434 | * | ||
435 | **/ | ||
436 | const MHD_gnutls_datum_t * | ||
437 | MHD_gtls_certificate_get_peers (MHD_gtls_session_t | ||
438 | session, unsigned int *list_size) | ||
439 | { | ||
440 | cert_auth_info_t info; | ||
441 | |||
442 | CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
443 | |||
444 | info = MHD_gtls_get_auth_info (session); | ||
445 | if (info == NULL) | ||
446 | return NULL; | ||
447 | |||
448 | *list_size = info->ncerts; | ||
449 | return info->raw_certificate_list; | ||
450 | } | ||
451 | |||
452 | /** | ||
453 | * MHD_gtls_certificate_client_get_request_status - This function returns the certificate request status | ||
454 | * @session: is a gnutls session | ||
455 | * | ||
456 | * This function will return 0 if the peer (server) did not request client | ||
457 | * authentication or 1 otherwise. | ||
458 | * Returns a negative value in case of an error. | ||
459 | * | ||
460 | **/ | ||
461 | int | ||
462 | MHD_gtls_certificate_client_get_request_status (MHD_gtls_session_t session) | ||
463 | { | ||
464 | cert_auth_info_t info; | ||
465 | |||
466 | CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, 0); | ||
467 | |||
468 | info = MHD_gtls_get_auth_info (session); | ||
469 | if (info == NULL) | ||
470 | return GNUTLS_E_INTERNAL_ERROR; | ||
471 | return info->certificate_requested; | ||
472 | } | ||
473 | |||
474 | /** | ||
475 | * MHD__gnutls_fingerprint - This function calculates the fingerprint of the given data | ||
476 | * @algo: is a digest algorithm | ||
477 | * @data: is the data | ||
478 | * @result: is the place where the result will be copied (may be null). | ||
479 | * @result_size: should hold the size of the result. The actual size | ||
480 | * of the returned result will also be copied there. | ||
481 | * | ||
482 | * This function will calculate a fingerprint (actually a hash), of the | ||
483 | * given data. The result is not printable data. You should convert it | ||
484 | * to hex, or to something else printable. | ||
485 | * | ||
486 | * This is the usual way to calculate a fingerprint of an X.509 | ||
487 | * DER encoded certificate. Note however that the fingerprint | ||
488 | * of an OpenPGP is not just a hash and cannot be calculated with | ||
489 | * this function. | ||
490 | * | ||
491 | * Returns a negative value in case of an error. | ||
492 | * | ||
493 | **/ | ||
494 | int | ||
495 | MHD__gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo, | ||
496 | const MHD_gnutls_datum_t * data, | ||
497 | void *result, size_t * result_size) | ||
498 | { | ||
499 | GNUTLS_HASH_HANDLE td; | ||
500 | int hash_len = MHD_gnutls_hash_get_algo_len (HASH2MAC (algo)); | ||
501 | |||
502 | if (hash_len < 0 || (unsigned) hash_len > *result_size || result == NULL) | ||
503 | { | ||
504 | *result_size = hash_len; | ||
505 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
506 | } | ||
507 | *result_size = hash_len; | ||
508 | |||
509 | if (result) | ||
510 | { | ||
511 | td = MHD_gtls_hash_init (HASH2MAC (algo)); | ||
512 | if (td == NULL) | ||
513 | return GNUTLS_E_HASH_FAILED; | ||
514 | |||
515 | MHD_gnutls_hash (td, data->data, data->size); | ||
516 | |||
517 | MHD_gnutls_hash_deinit (td, result); | ||
518 | } | ||
519 | |||
520 | return 0; | ||
521 | } | ||
522 | |||
523 | /** | ||
524 | * MHD__gnutls_certificate_set_dh_params - This function will set the DH parameters for a server to use | ||
525 | * @res: is a MHD_gtls_cert_credentials_t structure | ||
526 | * @dh_params: is a structure that holds diffie hellman parameters. | ||
527 | * | ||
528 | * This function will set the diffie hellman parameters for a | ||
529 | * certificate server to use. These parameters will be used in | ||
530 | * Ephemeral Diffie Hellman cipher suites. Note that only a pointer | ||
531 | * to the parameters are stored in the certificate handle, so if you | ||
532 | * deallocate the parameters before the certificate is deallocated, | ||
533 | * you must change the parameters stored in the certificate first. | ||
534 | * | ||
535 | **/ | ||
536 | void | ||
537 | MHD__gnutls_certificate_set_dh_params (MHD_gtls_cert_credentials_t res, | ||
538 | MHD_gtls_dh_params_t dh_params) | ||
539 | { | ||
540 | res->dh_params = dh_params; | ||
541 | } | ||
542 | |||
543 | /** | ||
544 | * MHD_gnutls_certificate_set_params_function - This function will set the DH or RSA parameters callback | ||
545 | * @res: is a MHD_gtls_cert_credentials_t structure | ||
546 | * @func: is the function to be called | ||
547 | * | ||
548 | * This function will set a callback in order for the server to get the | ||
549 | * diffie hellman or RSA parameters for certificate authentication. The callback | ||
550 | * should return zero on success. | ||
551 | * | ||
552 | **/ | ||
553 | void | ||
554 | MHD_gnutls_certificate_set_params_function (MHD_gtls_cert_credentials_t res, | ||
555 | MHD_gnutls_params_function * func) | ||
556 | { | ||
557 | res->params_func = func; | ||
558 | } | ||
559 | |||
560 | /** | ||
561 | * MHD__gnutls_certificate_set_verify_flags - This function will set the flags to be used at certificate verification | ||
562 | * @res: is a MHD_gtls_cert_credentials_t structure | ||
563 | * @flags: are the flags | ||
564 | * | ||
565 | * This function will set the flags to be used at verification of the | ||
566 | * certificates. Flags must be OR of the | ||
567 | * #MHD_gnutls_certificate_verify_flags enumerations. | ||
568 | * | ||
569 | **/ | ||
570 | void | ||
571 | MHD__gnutls_certificate_set_verify_flags (MHD_gtls_cert_credentials_t | ||
572 | res, unsigned int flags) | ||
573 | { | ||
574 | res->verify_flags = flags; | ||
575 | } | ||
576 | |||
577 | /** | ||
578 | * MHD__gnutls_certificate_set_verify_limits - This function will set the upper limits to be used at certificate verification | ||
579 | * @res: is a MHD_gnutls_certificate_credentials structure | ||
580 | * @max_bits: is the number of bits of an acceptable certificate (default 8200) | ||
581 | * @max_depth: is maximum depth of the verification of a certificate chain (default 5) | ||
582 | * | ||
583 | * This function will set some upper limits for the default verification function, | ||
584 | * MHD_gtls_certificate_verify_peers2(), to avoid denial of service attacks. | ||
585 | * You can set them to zero to disable limits. | ||
586 | * | ||
587 | **/ | ||
588 | void | ||
589 | MHD__gnutls_certificate_set_verify_limits (MHD_gtls_cert_credentials_t | ||
590 | res, | ||
591 | unsigned int max_bits, | ||
592 | unsigned int max_depth) | ||
593 | { | ||
594 | res->verify_depth = max_depth; | ||
595 | res->verify_bits = max_bits; | ||
596 | } | ||
597 | |||
598 | /** | ||
599 | * MHD__gnutls_certificate_set_rsa_export_params - This function will set the RSA parameters for a server to use | ||
600 | * @res: is a MHD_gtls_cert_credentials_t structure | ||
601 | * @rsa_params: is a structure that holds temporary RSA parameters. | ||
602 | * | ||
603 | * This function will set the temporary RSA parameters for a certificate | ||
604 | * server to use. These parameters will be used in RSA-EXPORT | ||
605 | * cipher suites. | ||
606 | * | ||
607 | **/ | ||
608 | void | ||
609 | MHD__gnutls_certificate_set_rsa_export_params (MHD_gtls_cert_credentials_t | ||
610 | res, | ||
611 | MHD_gtls_rsa_params_t | ||
612 | rsa_params) | ||
613 | { | ||
614 | res->rsa_params = rsa_params; | ||
615 | } | ||
616 | |||
617 | /** | ||
618 | * MHD_gnutls_anon_set_params_function - This function will set the DH or RSA parameters callback | ||
619 | * @res: is a MHD_gtls_anon_server_credentials_t structure | ||
620 | * @func: is the function to be called | ||
621 | * | ||
622 | * This function will set a callback in order for the server to get the | ||
623 | * diffie hellman or RSA parameters for anonymous authentication. The callback | ||
624 | * should return zero on success. | ||
625 | * | ||
626 | **/ | ||
627 | void | ||
628 | MHD_gnutls_anon_set_params_function (MHD_gtls_anon_server_credentials_t res, | ||
629 | MHD_gnutls_params_function * func) | ||
630 | { | ||
631 | res->params_func = func; | ||
632 | } | ||
diff --git a/src/daemon/internal.h b/src/daemon/internal.h index 8c4b8eb4..e0514b9a 100644 --- a/src/daemon/internal.h +++ b/src/daemon/internal.h | |||
@@ -652,9 +652,6 @@ struct MHD_Daemon | |||
652 | /* server x509 credintials */ | 652 | /* server x509 credintials */ |
653 | MHD_gtls_cert_credentials_t x509_cred; | 653 | MHD_gtls_cert_credentials_t x509_cred; |
654 | 654 | ||
655 | /* credentials used for anonymous authentication */ | ||
656 | MHD_gtls_anon_server_credentials_t anon_cred; | ||
657 | |||
658 | /* cipher priority cache */ | 655 | /* cipher priority cache */ |
659 | MHD_gnutls_priority_t priority_cache; | 656 | MHD_gnutls_priority_t priority_cache; |
660 | 657 | ||
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h index 35b14e62..fc9df921 100644 --- a/src/include/microhttpd.h +++ b/src/include/microhttpd.h | |||
@@ -365,8 +365,8 @@ enum MHD_OPTION | |||
365 | MHD_OPTION_HTTPS_MEM_CERT = 10, | 365 | MHD_OPTION_HTTPS_MEM_CERT = 10, |
366 | 366 | ||
367 | /** | 367 | /** |
368 | * Daemon credentials type. Either certificate or anonymous, | 368 | * Daemon credentials type. |
369 | * this option should be followed by one of the values listed in | 369 | * This option should be followed by one of the values listed in |
370 | * "enum MHD_GNUTLS_CredentialsType". | 370 | * "enum MHD_GNUTLS_CredentialsType". |
371 | */ | 371 | */ |
372 | MHD_OPTION_CRED_TYPE = 11, | 372 | MHD_OPTION_CRED_TYPE = 11, |
@@ -530,7 +530,6 @@ enum MHD_GNUTLS_KeyExchangeAlgorithm | |||
530 | MHD_GNUTLS_KX_RSA = 1, | 530 | MHD_GNUTLS_KX_RSA = 1, |
531 | MHD_GNUTLS_KX_DHE_DSS, | 531 | MHD_GNUTLS_KX_DHE_DSS, |
532 | MHD_GNUTLS_KX_DHE_RSA, | 532 | MHD_GNUTLS_KX_DHE_RSA, |
533 | MHD_GNUTLS_KX_ANON_DH, | ||
534 | MHD_GNUTLS_KX_SRP, | 533 | MHD_GNUTLS_KX_SRP, |
535 | MHD_GNUTLS_KX_RSA_EXPORT, | 534 | MHD_GNUTLS_KX_RSA_EXPORT, |
536 | MHD_GNUTLS_KX_SRP_RSA, | 535 | MHD_GNUTLS_KX_SRP_RSA, |
@@ -549,11 +548,6 @@ enum MHD_GNUTLS_CredentialsType | |||
549 | MHD_GNUTLS_CRD_CERTIFICATE = 1, | 548 | MHD_GNUTLS_CRD_CERTIFICATE = 1, |
550 | 549 | ||
551 | /** | 550 | /** |
552 | * We have no certificate ("anonymous"). | ||
553 | */ | ||
554 | MHD_GNUTLS_CRD_ANON, | ||
555 | |||
556 | /** | ||
557 | * Use SRP (password-based authentication). | 551 | * Use SRP (password-based authentication). |
558 | */ | 552 | */ |
559 | MHD_GNUTLS_CRD_SRP, | 553 | MHD_GNUTLS_CRD_SRP, |
diff --git a/src/testcurl/https/Makefile.am b/src/testcurl/https/Makefile.am index 7d3e8460..c4276711 100644 --- a/src/testcurl/https/Makefile.am +++ b/src/testcurl/https/Makefile.am | |||
@@ -11,8 +11,6 @@ $(LIBCURL_CPPFLAGS) | |||
11 | 11 | ||
12 | check_PROGRAMS = \ | 12 | check_PROGRAMS = \ |
13 | tls_daemon_options_test \ | 13 | tls_daemon_options_test \ |
14 | tls_daemon_options_adh_test \ | ||
15 | tls_daemon_options_dh_test \ | ||
16 | tls_authentication_test \ | 14 | tls_authentication_test \ |
17 | mhds_multi_daemon_test \ | 15 | mhds_multi_daemon_test \ |
18 | mhds_session_info_test | 16 | mhds_session_info_test |
@@ -55,20 +53,6 @@ tls_daemon_options_test_LDADD = \ | |||
55 | $(top_builddir)/src/daemon/libmicrohttpd.la \ | 53 | $(top_builddir)/src/daemon/libmicrohttpd.la \ |
56 | @LIBCURL@ | 54 | @LIBCURL@ |
57 | 55 | ||
58 | tls_daemon_options_dh_test_SOURCES = \ | ||
59 | tls_daemon_options_dh_test.c | ||
60 | tls_daemon_options_dh_test_LDADD = \ | ||
61 | $(top_builddir)/src/testcurl/libcurl_version_check.a \ | ||
62 | $(top_builddir)/src/daemon/libmicrohttpd.la \ | ||
63 | @LIBCURL@ | ||
64 | |||
65 | tls_daemon_options_adh_test_SOURCES = \ | ||
66 | tls_daemon_options_adh_test.c | ||
67 | tls_daemon_options_adh_test_LDADD = \ | ||
68 | $(top_builddir)/src/testcurl/libcurl_version_check.a \ | ||
69 | $(top_builddir)/src/daemon/libmicrohttpd.la \ | ||
70 | @LIBCURL@ | ||
71 | |||
72 | tls_authentication_test_SOURCES = \ | 56 | tls_authentication_test_SOURCES = \ |
73 | tls_authentication_test.c | 57 | tls_authentication_test.c |
74 | tls_authentication_test_LDADD = \ | 58 | tls_authentication_test_LDADD = \ |
diff --git a/src/testcurl/https/tls_daemon_options_adh_test.c b/src/testcurl/https/tls_daemon_options_adh_test.c deleted file mode 100644 index 9cce0002..00000000 --- a/src/testcurl/https/tls_daemon_options_adh_test.c +++ /dev/null | |||
@@ -1,395 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of libmicrohttpd | ||
3 | (C) 2007 Christian Grothoff | ||
4 | |||
5 | libmicrohttpd is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 2, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | libmicrohttpd is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with libmicrohttpd; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 59 Temple Place - Suite 330, | ||
18 | Boston, MA 02111-1307, USA. | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file tls_daemon_options_adh_test.c | ||
23 | * @brief Testcase for libmicrohttpd HTTPS GET operations | ||
24 | * @author Sagie Amir | ||
25 | */ | ||
26 | |||
27 | #include "platform.h" | ||
28 | #include "microhttpd.h" | ||
29 | |||
30 | #include <sys/stat.h> | ||
31 | |||
32 | #include "gnutls.h" | ||
33 | #include <curl/curl.h> | ||
34 | |||
35 | #define DEBUG_CURL_VERBOSE 0 | ||
36 | #define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>" | ||
37 | |||
38 | #define MHD_E_MEM "Error: memory error\n" | ||
39 | #define MHD_E_SERVER_INIT "Error: failed to start server\n" | ||
40 | #define MHD_E_TEST_FILE_CREAT "Error: failed to setup test file\n" | ||
41 | #define MHD_E_CERT_FILE_CREAT "Error: failed to setup test certificate\n" | ||
42 | #define MHD_E_KEY_FILE_CREAT "Error: failed to setup test certificate\n" | ||
43 | |||
44 | #include "tls_test_keys.h" | ||
45 | |||
46 | const int DEBUG_GNUTLS_LOG_LEVEL = 0; | ||
47 | const char *test_file_name = "https_test_file"; | ||
48 | const char test_file_data[] = "Hello World\n"; | ||
49 | |||
50 | int curl_check_version (const char *req_version, ...); | ||
51 | |||
52 | struct CBC | ||
53 | { | ||
54 | char *buf; | ||
55 | size_t pos; | ||
56 | size_t size; | ||
57 | }; | ||
58 | |||
59 | static size_t | ||
60 | copyBuffer (void *ptr, size_t size, size_t nmemb, void *ctx) | ||
61 | { | ||
62 | struct CBC *cbc = ctx; | ||
63 | |||
64 | if (cbc->pos + size * nmemb > cbc->size) | ||
65 | return 0; /* overflow */ | ||
66 | memcpy (&cbc->buf[cbc->pos], ptr, size * nmemb); | ||
67 | cbc->pos += size * nmemb; | ||
68 | return size * nmemb; | ||
69 | } | ||
70 | |||
71 | static int | ||
72 | file_reader (void *cls, size_t pos, char *buf, int max) | ||
73 | { | ||
74 | FILE *file = cls; | ||
75 | fseek (file, pos, SEEK_SET); | ||
76 | return fread (buf, 1, max, file); | ||
77 | } | ||
78 | |||
79 | /* HTTP access handler call back */ | ||
80 | static int | ||
81 | http_ahc (void *cls, struct MHD_Connection *connection, | ||
82 | const char *url, const char *method, const char *upload_data, | ||
83 | const char *version, unsigned int *upload_data_size, void **ptr) | ||
84 | { | ||
85 | static int aptr; | ||
86 | struct MHD_Response *response; | ||
87 | int ret; | ||
88 | FILE *file; | ||
89 | struct stat buf; | ||
90 | |||
91 | if (0 != strcmp (method, MHD_HTTP_METHOD_GET)) | ||
92 | return MHD_NO; /* unexpected method */ | ||
93 | if (&aptr != *ptr) | ||
94 | { | ||
95 | /* do never respond on first call */ | ||
96 | *ptr = &aptr; | ||
97 | return MHD_YES; | ||
98 | } | ||
99 | *ptr = NULL; /* reset when done */ | ||
100 | |||
101 | file = fopen (url, "r"); | ||
102 | if (file == NULL) | ||
103 | { | ||
104 | response = MHD_create_response_from_data (strlen (PAGE_NOT_FOUND), | ||
105 | (void *) PAGE_NOT_FOUND, | ||
106 | MHD_NO, MHD_NO); | ||
107 | ret = MHD_queue_response (connection, MHD_HTTP_NOT_FOUND, response); | ||
108 | MHD_destroy_response (response); | ||
109 | } | ||
110 | else | ||
111 | { | ||
112 | stat (url, &buf); | ||
113 | response = MHD_create_response_from_callback (buf.st_size, 32 * 1024, /* 32k PAGE_NOT_FOUND size */ | ||
114 | &file_reader, file, | ||
115 | (MHD_ContentReaderFreeCallback) | ||
116 | & fclose); | ||
117 | ret = MHD_queue_response (connection, MHD_HTTP_OK, response); | ||
118 | MHD_destroy_response (response); | ||
119 | } | ||
120 | return ret; | ||
121 | } | ||
122 | |||
123 | /* | ||
124 | * test HTTPS transfer | ||
125 | * @param test_fd: file to attempt transfering | ||
126 | */ | ||
127 | static int | ||
128 | test_https_transfer (FILE * test_fd, char *cipher_suite, int proto_version) | ||
129 | { | ||
130 | CURL *c; | ||
131 | CURLcode errornum; | ||
132 | struct CBC cbc; | ||
133 | char *doc_path; | ||
134 | char url[255]; | ||
135 | struct stat statb; | ||
136 | |||
137 | stat (test_file_name, &statb); | ||
138 | |||
139 | int len = statb.st_size; | ||
140 | |||
141 | /* used to memcmp local copy & deamon supplied copy */ | ||
142 | unsigned char *mem_test_file_local; | ||
143 | |||
144 | /* setup test file path, url */ | ||
145 | doc_path = get_current_dir_name (); | ||
146 | |||
147 | if (NULL == (mem_test_file_local = malloc (len))) | ||
148 | { | ||
149 | fclose (test_fd); | ||
150 | fprintf (stderr, MHD_E_MEM); | ||
151 | return -1; | ||
152 | } | ||
153 | |||
154 | fseek (test_fd, 0, SEEK_SET); | ||
155 | if (fread (mem_test_file_local, sizeof (char), len, test_fd) != len) | ||
156 | { | ||
157 | fclose (test_fd); | ||
158 | fprintf (stderr, "Error: failed to read test file. %s\n", | ||
159 | strerror (errno)); | ||
160 | return -1; | ||
161 | } | ||
162 | |||
163 | if (NULL == (cbc.buf = malloc (sizeof (char) * len))) | ||
164 | { | ||
165 | fclose (test_fd); | ||
166 | fprintf (stderr, MHD_E_MEM); | ||
167 | return -1; | ||
168 | } | ||
169 | cbc.size = len; | ||
170 | cbc.pos = 0; | ||
171 | |||
172 | /* construct url - this might use doc_path */ | ||
173 | sprintf (url, "%s%s/%s", "https://localhost:42433", | ||
174 | doc_path, test_file_name); | ||
175 | |||
176 | c = curl_easy_init (); | ||
177 | #if DEBUG_CURL_VERBOSE | ||
178 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1); | ||
179 | #endif | ||
180 | curl_easy_setopt (c, CURLOPT_URL, url); | ||
181 | curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); | ||
182 | curl_easy_setopt (c, CURLOPT_TIMEOUT, 5L); | ||
183 | curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 5L); | ||
184 | curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); | ||
185 | curl_easy_setopt (c, CURLOPT_FILE, &cbc); | ||
186 | |||
187 | /* TLS options */ | ||
188 | curl_easy_setopt (c, CURLOPT_SSLVERSION, proto_version); | ||
189 | curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite); | ||
190 | |||
191 | /* currently skip any peer authentication */ | ||
192 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0); | ||
193 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0); | ||
194 | |||
195 | curl_easy_setopt (c, CURLOPT_FAILONERROR, 1); | ||
196 | |||
197 | /* NOTE: use of CONNECTTIMEOUT without also | ||
198 | setting NOSIGNAL results in really weird | ||
199 | crashes on my system! */ | ||
200 | curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1); | ||
201 | if (CURLE_OK != (errornum = curl_easy_perform (c))) | ||
202 | { | ||
203 | fprintf (stderr, "curl_easy_perform failed: `%s'\n", | ||
204 | curl_easy_strerror (errornum)); | ||
205 | curl_easy_cleanup (c); | ||
206 | return errornum; | ||
207 | } | ||
208 | |||
209 | curl_easy_cleanup (c); | ||
210 | |||
211 | if (memcmp (cbc.buf, mem_test_file_local, len) != 0) | ||
212 | { | ||
213 | fprintf (stderr, "Error: local file & received file differ.\n"); | ||
214 | free (cbc.buf); | ||
215 | free (mem_test_file_local); | ||
216 | return -1; | ||
217 | } | ||
218 | |||
219 | free (mem_test_file_local); | ||
220 | free (cbc.buf); | ||
221 | free (doc_path); | ||
222 | return 0; | ||
223 | } | ||
224 | |||
225 | static FILE * | ||
226 | setupTestFile () | ||
227 | { | ||
228 | FILE *test_fd; | ||
229 | |||
230 | if (NULL == (test_fd = fopen (test_file_name, "w+"))) | ||
231 | { | ||
232 | fprintf (stderr, "Error: failed to open `%s': %s\n", | ||
233 | test_file_name, strerror (errno)); | ||
234 | return NULL; | ||
235 | } | ||
236 | if (fwrite (test_file_data, sizeof (char), strlen (test_file_data), test_fd) | ||
237 | != strlen (test_file_data)) | ||
238 | { | ||
239 | fprintf (stderr, "Error: failed to write `%s. %s'\n", | ||
240 | test_file_name, strerror (errno)); | ||
241 | return NULL; | ||
242 | } | ||
243 | if (fflush (test_fd)) | ||
244 | { | ||
245 | fprintf (stderr, "Error: failed to flush test file stream. %s\n", | ||
246 | strerror (errno)); | ||
247 | return NULL; | ||
248 | } | ||
249 | |||
250 | return test_fd; | ||
251 | } | ||
252 | |||
253 | static int | ||
254 | setup (struct MHD_Daemon **d, va_list arg_list) | ||
255 | { | ||
256 | *d = MHD_start_daemon_va (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | | ||
257 | MHD_USE_DEBUG, 42433, | ||
258 | NULL, NULL, &http_ahc, NULL, arg_list); | ||
259 | |||
260 | if (*d == NULL) | ||
261 | { | ||
262 | fprintf (stderr, MHD_E_SERVER_INIT); | ||
263 | return -1; | ||
264 | } | ||
265 | |||
266 | return 0; | ||
267 | } | ||
268 | |||
269 | static void | ||
270 | teardown (struct MHD_Daemon *d) | ||
271 | { | ||
272 | MHD_stop_daemon (d); | ||
273 | } | ||
274 | |||
275 | /* TODO test_wrap: change sig to (setup_func, test, va_list test_arg) & move to test_util.c */ | ||
276 | int | ||
277 | test_wrap (char *test_name, int | ||
278 | (*test) (FILE * test_fd, char *cipher_suite, int proto_version), | ||
279 | FILE * test_fd, char *cipher_suite, int proto_version, ...) | ||
280 | { | ||
281 | int ret; | ||
282 | va_list arg_list; | ||
283 | struct MHD_Daemon *d; | ||
284 | |||
285 | va_start (arg_list, proto_version); | ||
286 | if (setup (&d, arg_list) != 0) | ||
287 | { | ||
288 | va_end (arg_list); | ||
289 | return -1; | ||
290 | } | ||
291 | |||
292 | fprintf (stdout, "running test: %s ", test_name); | ||
293 | ret = test (test_fd, cipher_suite, proto_version); | ||
294 | |||
295 | if (ret == 0) | ||
296 | { | ||
297 | fprintf (stdout, "[pass]\n"); | ||
298 | } | ||
299 | else | ||
300 | { | ||
301 | fprintf (stdout, "[fail]\n"); | ||
302 | } | ||
303 | |||
304 | teardown (d); | ||
305 | va_end (arg_list); | ||
306 | return ret; | ||
307 | } | ||
308 | |||
309 | /* | ||
310 | * test server refuses to negotiate connections with unsupported protocol versions | ||
311 | */ | ||
312 | int | ||
313 | test_protocol_version (FILE * test_fd, char *cipher_suite, | ||
314 | int curl_proto_version) | ||
315 | { | ||
316 | CURL *c; | ||
317 | CURLcode errornum; | ||
318 | |||
319 | c = curl_easy_init (); | ||
320 | #if DEBUG_CURL_VERBOSE | ||
321 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1); | ||
322 | #endif | ||
323 | curl_easy_setopt (c, CURLOPT_URL, "https://localhost:42433/"); | ||
324 | curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); | ||
325 | curl_easy_setopt (c, CURLOPT_TIMEOUT, 5L); | ||
326 | curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 5L); | ||
327 | |||
328 | /* TLS options */ | ||
329 | curl_easy_setopt (c, CURLOPT_SSLVERSION, curl_proto_version); | ||
330 | curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite); | ||
331 | |||
332 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0); | ||
333 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0); | ||
334 | curl_easy_setopt (c, CURLOPT_FAILONERROR, 1); | ||
335 | |||
336 | /* NOTE: use of CONNECTTIMEOUT without also | ||
337 | setting NOSIGNAL results in really weird | ||
338 | crashes on my system! */ | ||
339 | curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1); | ||
340 | |||
341 | /* assert daemon rejected request */ | ||
342 | if (CURLE_OK == (errornum = curl_easy_perform (c))) | ||
343 | { | ||
344 | fprintf (stderr, "curl_easy_perform failed: `%s'\n", | ||
345 | curl_easy_strerror (errornum)); | ||
346 | curl_easy_cleanup (c); | ||
347 | return -1; | ||
348 | } | ||
349 | |||
350 | return 0; | ||
351 | } | ||
352 | |||
353 | /* setup a temporary transfer test file */ | ||
354 | int | ||
355 | main (int argc, char *const *argv) | ||
356 | { | ||
357 | FILE *test_fd; | ||
358 | unsigned int errorCount = 0; | ||
359 | |||
360 | MHD_gtls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL); | ||
361 | |||
362 | if (curl_check_version (MHD_REQ_CURL_VERSION)) | ||
363 | { | ||
364 | return -1; | ||
365 | } | ||
366 | |||
367 | if ((test_fd = setupTestFile ()) == NULL) | ||
368 | { | ||
369 | fprintf (stderr, MHD_E_TEST_FILE_CREAT); | ||
370 | return -1; | ||
371 | } | ||
372 | |||
373 | if (0 != curl_global_init (CURL_GLOBAL_ALL)) | ||
374 | { | ||
375 | fprintf (stderr, "Error: %s\n", strerror (errno)); | ||
376 | return -1; | ||
377 | } | ||
378 | |||
379 | int kx[] = { MHD_GNUTLS_KX_ANON_DH, 0 }; | ||
380 | errorCount += | ||
381 | test_wrap ("ADH-AES256-SHA", &test_https_transfer, test_fd, | ||
382 | "ADH-AES256-SHA", CURL_SSLVERSION_TLSv1, | ||
383 | MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON, | ||
384 | MHD_OPTION_KX_PRIORITY, kx, MHD_OPTION_END); | ||
385 | |||
386 | if (errorCount != 0) | ||
387 | fprintf (stderr, "Failed test: %s.\n", argv[0]); | ||
388 | |||
389 | curl_global_cleanup (); | ||
390 | fclose (test_fd); | ||
391 | |||
392 | remove (test_file_name); | ||
393 | |||
394 | return errorCount != 0; | ||
395 | } | ||
diff --git a/src/testcurl/https/tls_daemon_options_dh_test.c b/src/testcurl/https/tls_daemon_options_dh_test.c deleted file mode 100644 index ff659185..00000000 --- a/src/testcurl/https/tls_daemon_options_dh_test.c +++ /dev/null | |||
@@ -1,397 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of libmicrohttpd | ||
3 | (C) 2007 Christian Grothoff | ||
4 | |||
5 | libmicrohttpd is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 2, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | libmicrohttpd is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with libmicrohttpd; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 59 Temple Place - Suite 330, | ||
18 | Boston, MA 02111-1307, USA. | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file tls_daemon_options_dh_test.c | ||
23 | * @brief Testcase for libmicrohttpd HTTPS GET operations | ||
24 | * @author Sagie Amir | ||
25 | */ | ||
26 | |||
27 | #include "platform.h" | ||
28 | #include "microhttpd.h" | ||
29 | |||
30 | #include <sys/stat.h> | ||
31 | |||
32 | #include "gnutls.h" | ||
33 | #include <curl/curl.h> | ||
34 | |||
35 | #define DEBUG_CURL_VERBOSE 0 | ||
36 | #define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>" | ||
37 | |||
38 | #define MHD_E_MEM "Error: memory error\n" | ||
39 | #define MHD_E_SERVER_INIT "Error: failed to start server\n" | ||
40 | #define MHD_E_TEST_FILE_CREAT "Error: failed to setup test file\n" | ||
41 | #define MHD_E_CERT_FILE_CREAT "Error: failed to setup test certificate\n" | ||
42 | #define MHD_E_KEY_FILE_CREAT "Error: failed to setup test certificate\n" | ||
43 | |||
44 | #include "tls_test_keys.h" | ||
45 | |||
46 | const int DEBUG_GNUTLS_LOG_LEVEL = 0; | ||
47 | const char *test_file_name = "https_test_file"; | ||
48 | const char test_file_data[] = "Hello World\n"; | ||
49 | |||
50 | int curl_check_version (const char *req_version, ...); | ||
51 | |||
52 | struct CBC | ||
53 | { | ||
54 | char *buf; | ||
55 | size_t pos; | ||
56 | size_t size; | ||
57 | }; | ||
58 | |||
59 | static size_t | ||
60 | copyBuffer (void *ptr, size_t size, size_t nmemb, void *ctx) | ||
61 | { | ||
62 | struct CBC *cbc = ctx; | ||
63 | |||
64 | if (cbc->pos + size * nmemb > cbc->size) | ||
65 | return 0; /* overflow */ | ||
66 | memcpy (&cbc->buf[cbc->pos], ptr, size * nmemb); | ||
67 | cbc->pos += size * nmemb; | ||
68 | return size * nmemb; | ||
69 | } | ||
70 | |||
71 | static int | ||
72 | file_reader (void *cls, size_t pos, char *buf, int max) | ||
73 | { | ||
74 | FILE *file = cls; | ||
75 | fseek (file, pos, SEEK_SET); | ||
76 | return fread (buf, 1, max, file); | ||
77 | } | ||
78 | |||
79 | /* HTTP access handler call back */ | ||
80 | static int | ||
81 | http_ahc (void *cls, struct MHD_Connection *connection, | ||
82 | const char *url, const char *method, const char *upload_data, | ||
83 | const char *version, unsigned int *upload_data_size, void **ptr) | ||
84 | { | ||
85 | static int aptr; | ||
86 | struct MHD_Response *response; | ||
87 | int ret; | ||
88 | FILE *file; | ||
89 | struct stat buf; | ||
90 | |||
91 | if (0 != strcmp (method, MHD_HTTP_METHOD_GET)) | ||
92 | return MHD_NO; /* unexpected method */ | ||
93 | if (&aptr != *ptr) | ||
94 | { | ||
95 | /* do never respond on first call */ | ||
96 | *ptr = &aptr; | ||
97 | return MHD_YES; | ||
98 | } | ||
99 | *ptr = NULL; /* reset when done */ | ||
100 | |||
101 | file = fopen (url, "r"); | ||
102 | if (file == NULL) | ||
103 | { | ||
104 | response = MHD_create_response_from_data (strlen (PAGE_NOT_FOUND), | ||
105 | (void *) PAGE_NOT_FOUND, | ||
106 | MHD_NO, MHD_NO); | ||
107 | ret = MHD_queue_response (connection, MHD_HTTP_NOT_FOUND, response); | ||
108 | MHD_destroy_response (response); | ||
109 | } | ||
110 | else | ||
111 | { | ||
112 | stat (url, &buf); | ||
113 | response = MHD_create_response_from_callback (buf.st_size, 32 * 1024, /* 32k PAGE_NOT_FOUND size */ | ||
114 | &file_reader, file, | ||
115 | (MHD_ContentReaderFreeCallback) | ||
116 | & fclose); | ||
117 | ret = MHD_queue_response (connection, MHD_HTTP_OK, response); | ||
118 | MHD_destroy_response (response); | ||
119 | } | ||
120 | return ret; | ||
121 | } | ||
122 | |||
123 | /* | ||
124 | * test HTTPS transfer | ||
125 | * @param test_fd: file to attempt transfering | ||
126 | */ | ||
127 | static int | ||
128 | test_https_transfer (FILE * test_fd, char *cipher_suite, int proto_version) | ||
129 | { | ||
130 | CURL *c; | ||
131 | CURLcode errornum; | ||
132 | struct CBC cbc; | ||
133 | char *doc_path; | ||
134 | char url[255]; | ||
135 | struct stat statb; | ||
136 | |||
137 | stat (test_file_name, &statb); | ||
138 | |||
139 | int len = statb.st_size; | ||
140 | |||
141 | /* used to memcmp local copy & deamon supplied copy */ | ||
142 | unsigned char *mem_test_file_local; | ||
143 | |||
144 | /* setup test file path, url */ | ||
145 | doc_path = get_current_dir_name (); | ||
146 | |||
147 | if (NULL == (mem_test_file_local = malloc (len))) | ||
148 | { | ||
149 | fclose (test_fd); | ||
150 | fprintf (stderr, MHD_E_MEM); | ||
151 | return -1; | ||
152 | } | ||
153 | |||
154 | fseek (test_fd, 0, SEEK_SET); | ||
155 | if (fread (mem_test_file_local, sizeof (char), len, test_fd) != len) | ||
156 | { | ||
157 | fclose (test_fd); | ||
158 | fprintf (stderr, "Error: failed to read test file. %s\n", | ||
159 | strerror (errno)); | ||
160 | return -1; | ||
161 | } | ||
162 | |||
163 | if (NULL == (cbc.buf = malloc (sizeof (char) * len))) | ||
164 | { | ||
165 | fclose (test_fd); | ||
166 | fprintf (stderr, MHD_E_MEM); | ||
167 | return -1; | ||
168 | } | ||
169 | cbc.size = len; | ||
170 | cbc.pos = 0; | ||
171 | |||
172 | /* construct url - this might use doc_path */ | ||
173 | sprintf (url, "%s%s/%s", "https://localhost:42433", | ||
174 | doc_path, test_file_name); | ||
175 | |||
176 | c = curl_easy_init (); | ||
177 | #if DEBUG_CURL_VERBOSE | ||
178 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1); | ||
179 | #endif | ||
180 | curl_easy_setopt (c, CURLOPT_URL, url); | ||
181 | curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); | ||
182 | curl_easy_setopt (c, CURLOPT_TIMEOUT, 5L); | ||
183 | curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 5L); | ||
184 | curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); | ||
185 | curl_easy_setopt (c, CURLOPT_FILE, &cbc); | ||
186 | |||
187 | /* TLS options */ | ||
188 | curl_easy_setopt (c, CURLOPT_SSLVERSION, proto_version); | ||
189 | curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite); | ||
190 | |||
191 | /* currently skip any peer authentication */ | ||
192 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0); | ||
193 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0); | ||
194 | |||
195 | curl_easy_setopt (c, CURLOPT_FAILONERROR, 1); | ||
196 | |||
197 | /* NOTE: use of CONNECTTIMEOUT without also | ||
198 | setting NOSIGNAL results in really weird | ||
199 | crashes on my system! */ | ||
200 | curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1); | ||
201 | if (CURLE_OK != (errornum = curl_easy_perform (c))) | ||
202 | { | ||
203 | fprintf (stderr, "curl_easy_perform failed: `%s'\n", | ||
204 | curl_easy_strerror (errornum)); | ||
205 | curl_easy_cleanup (c); | ||
206 | return errornum; | ||
207 | } | ||
208 | |||
209 | curl_easy_cleanup (c); | ||
210 | |||
211 | if (memcmp (cbc.buf, mem_test_file_local, len) != 0) | ||
212 | { | ||
213 | fprintf (stderr, "Error: local file & received file differ.\n"); | ||
214 | free (cbc.buf); | ||
215 | free (mem_test_file_local); | ||
216 | return -1; | ||
217 | } | ||
218 | |||
219 | free (mem_test_file_local); | ||
220 | free (cbc.buf); | ||
221 | free (doc_path); | ||
222 | return 0; | ||
223 | } | ||
224 | |||
225 | FILE * | ||
226 | setupTestFile () | ||
227 | { | ||
228 | FILE *test_fd; | ||
229 | |||
230 | if (NULL == (test_fd = fopen (test_file_name, "w+"))) | ||
231 | { | ||
232 | fprintf (stderr, "Error: failed to open `%s': %s\n", | ||
233 | test_file_name, strerror (errno)); | ||
234 | return NULL; | ||
235 | } | ||
236 | if (fwrite (test_file_data, sizeof (char), strlen (test_file_data), test_fd) | ||
237 | != strlen (test_file_data)) | ||
238 | { | ||
239 | fprintf (stderr, "Error: failed to write `%s. %s'\n", | ||
240 | test_file_name, strerror (errno)); | ||
241 | return NULL; | ||
242 | } | ||
243 | if (fflush (test_fd)) | ||
244 | { | ||
245 | fprintf (stderr, "Error: failed to flush test file stream. %s\n", | ||
246 | strerror (errno)); | ||
247 | return NULL; | ||
248 | } | ||
249 | |||
250 | return test_fd; | ||
251 | } | ||
252 | |||
253 | static int | ||
254 | setup (struct MHD_Daemon **d, va_list arg_list) | ||
255 | { | ||
256 | *d = MHD_start_daemon_va (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | | ||
257 | MHD_USE_DEBUG, 42433, | ||
258 | NULL, NULL, &http_ahc, NULL, arg_list); | ||
259 | |||
260 | if (*d == NULL) | ||
261 | { | ||
262 | fprintf (stderr, MHD_E_SERVER_INIT); | ||
263 | return -1; | ||
264 | } | ||
265 | |||
266 | return 0; | ||
267 | } | ||
268 | |||
269 | static void | ||
270 | teardown (struct MHD_Daemon *d) | ||
271 | { | ||
272 | MHD_stop_daemon (d); | ||
273 | } | ||
274 | |||
275 | /* TODO test_wrap: change sig to (setup_func, test, va_list test_arg) & move to test_util.c */ | ||
276 | int | ||
277 | test_wrap (char *test_name, int | ||
278 | (*test) (FILE * test_fd, char *cipher_suite, int proto_version), | ||
279 | FILE * test_fd, char *cipher_suite, int proto_version, ...) | ||
280 | { | ||
281 | int ret; | ||
282 | va_list arg_list; | ||
283 | struct MHD_Daemon *d; | ||
284 | |||
285 | va_start (arg_list, proto_version); | ||
286 | if (setup (&d, arg_list) != 0) | ||
287 | { | ||
288 | va_end (arg_list); | ||
289 | return -1; | ||
290 | } | ||
291 | |||
292 | fprintf (stdout, "running test: %s ", test_name); | ||
293 | ret = test (test_fd, cipher_suite, proto_version); | ||
294 | |||
295 | if (ret == 0) | ||
296 | { | ||
297 | fprintf (stdout, "[pass]\n"); | ||
298 | } | ||
299 | else | ||
300 | { | ||
301 | fprintf (stdout, "[fail]\n"); | ||
302 | } | ||
303 | |||
304 | teardown (d); | ||
305 | va_end (arg_list); | ||
306 | return ret; | ||
307 | } | ||
308 | |||
309 | /* | ||
310 | * test server refuses to negotiate connections with unsupported protocol versions | ||
311 | */ | ||
312 | int | ||
313 | test_protocol_version (FILE * test_fd, char *cipher_suite, | ||
314 | int curl_proto_version) | ||
315 | { | ||
316 | CURL *c; | ||
317 | CURLcode errornum; | ||
318 | |||
319 | c = curl_easy_init (); | ||
320 | #if DEBUG_CURL_VERBOSE | ||
321 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1); | ||
322 | #endif | ||
323 | curl_easy_setopt (c, CURLOPT_URL, "https://localhost:42433/"); | ||
324 | curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); | ||
325 | curl_easy_setopt (c, CURLOPT_TIMEOUT, 5L); | ||
326 | curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 5L); | ||
327 | |||
328 | /* TLS options */ | ||
329 | curl_easy_setopt (c, CURLOPT_SSLVERSION, curl_proto_version); | ||
330 | curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite); | ||
331 | |||
332 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0); | ||
333 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0); | ||
334 | curl_easy_setopt (c, CURLOPT_FAILONERROR, 1); | ||
335 | |||
336 | /* NOTE: use of CONNECTTIMEOUT without also | ||
337 | setting NOSIGNAL results in really weird | ||
338 | crashes on my system! */ | ||
339 | curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1); | ||
340 | |||
341 | /* assert daemon rejected request */ | ||
342 | if (CURLE_OK == (errornum = curl_easy_perform (c))) | ||
343 | { | ||
344 | fprintf (stderr, "curl_easy_perform failed: `%s'\n", | ||
345 | curl_easy_strerror (errornum)); | ||
346 | curl_easy_cleanup (c); | ||
347 | return -1; | ||
348 | } | ||
349 | |||
350 | return 0; | ||
351 | } | ||
352 | |||
353 | /* setup a temporary transfer test file */ | ||
354 | int | ||
355 | main (int argc, char *const *argv) | ||
356 | { | ||
357 | FILE *test_fd; | ||
358 | unsigned int errorCount = 0; | ||
359 | |||
360 | MHD_gtls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL); | ||
361 | |||
362 | if (curl_check_version (MHD_REQ_CURL_VERSION)) | ||
363 | { | ||
364 | return -1; | ||
365 | } | ||
366 | |||
367 | if ((test_fd = setupTestFile ()) == NULL) | ||
368 | { | ||
369 | fprintf (stderr, MHD_E_TEST_FILE_CREAT); | ||
370 | return -1; | ||
371 | } | ||
372 | |||
373 | if (0 != curl_global_init (CURL_GLOBAL_ALL)) | ||
374 | { | ||
375 | fprintf (stderr, "Error: %s\n", strerror (errno)); | ||
376 | return -1; | ||
377 | } | ||
378 | |||
379 | int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 }; | ||
380 | int kx[] = { MHD_GNUTLS_KX_ANON_DH, 0 }; | ||
381 | |||
382 | errorCount += | ||
383 | test_wrap ("kx ANON_DH", &test_https_transfer, test_fd, | ||
384 | "ADH-DES-CBC3-SHA", CURL_SSLVERSION_TLSv1, | ||
385 | MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON, | ||
386 | MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_KX_PRIORITY, | ||
387 | kx, MHD_OPTION_END); | ||
388 | if (errorCount != 0) | ||
389 | fprintf (stderr, "Failed test: %s.\n", argv[0]); | ||
390 | |||
391 | curl_global_cleanup (); | ||
392 | fclose (test_fd); | ||
393 | |||
394 | remove (test_file_name); | ||
395 | |||
396 | return errorCount != 0; | ||
397 | } | ||
diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c index 737ea58a..11439db4 100644 --- a/src/testcurl/https/tls_daemon_options_test.c +++ b/src/testcurl/https/tls_daemon_options_test.c | |||
@@ -222,7 +222,7 @@ test_https_transfer (FILE * test_fd, char *cipher_suite, int proto_version) | |||
222 | return 0; | 222 | return 0; |
223 | } | 223 | } |
224 | 224 | ||
225 | FILE * | 225 | static FILE * |
226 | setupTestFile () | 226 | setupTestFile () |
227 | { | 227 | { |
228 | FILE *test_fd; | 228 | FILE *test_fd; |
@@ -381,7 +381,8 @@ main (int argc, char *const *argv) | |||
381 | int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 }; | 381 | int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 }; |
382 | 382 | ||
383 | errorCount += | 383 | errorCount += |
384 | test_wrap ("https_transfer", &test_https_transfer, test_fd, "AES256-SHA", | 384 | test_wrap ("https_transfer", &test_https_transfer, |
385 | test_fd, "AES256-SHA", | ||
385 | CURL_SSLVERSION_TLSv1, | 386 | CURL_SSLVERSION_TLSv1, |
386 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | 387 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, |
387 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | 388 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, |
@@ -389,9 +390,11 @@ main (int argc, char *const *argv) | |||
389 | 390 | ||
390 | errorCount += | 391 | errorCount += |
391 | test_wrap ("protocol_version", &test_protocol_version, test_fd, | 392 | test_wrap ("protocol_version", &test_protocol_version, test_fd, |
392 | "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, | 393 | "AES256-SHA", CURL_SSLVERSION_TLSv1, |
394 | MHD_OPTION_HTTPS_MEM_KEY, | ||
393 | srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, | 395 | srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, |
394 | srv_self_signed_cert_pem, MHD_OPTION_PROTOCOL_VERSION, p, | 396 | srv_self_signed_cert_pem, |
397 | MHD_OPTION_PROTOCOL_VERSION, p, | ||
395 | MHD_OPTION_END); | 398 | MHD_OPTION_END); |
396 | errorCount += | 399 | errorCount += |
397 | test_wrap ("cipher DES-CBC3-SHA", &test_https_transfer, test_fd, | 400 | test_wrap ("cipher DES-CBC3-SHA", &test_https_transfer, test_fd, |