diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-01-18 14:50:07 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-01-18 14:50:07 +0000 |
commit | 3c59529b4a3f46de965ccd2acd4ce8d0f9de87b7 (patch) | |
tree | 8816fd1344936015fef27778a61f14a5e4d48e0b | |
parent | b9059712e3a8954643d916895e794512546e2742 (diff) | |
download | gnutls-3c59529b4a3f46de965ccd2acd4ce8d0f9de87b7.tar.gz |
added required changes to release gnutls 0.3.3
(mostly bug fixes)
-rw-r--r-- | NEWS | 9 | ||||
-rw-r--r-- | configure.in | 5 | ||||
-rw-r--r-- | lib/auth_srp_sb64.c | 1 | ||||
-rw-r--r-- | lib/auth_x509.c | 197 | ||||
-rw-r--r-- | lib/gnutls.h.in.in | 17 | ||||
-rw-r--r-- | lib/gnutls_cert.c | 129 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 40 | ||||
-rw-r--r-- | lib/gnutls_random.c | 2 | ||||
-rw-r--r-- | lib/gnutls_ui.h | 17 | ||||
-rw-r--r-- | lib/x509_b64.c | 6 | ||||
-rw-r--r-- | lib/x509_b64.h | 6 |
11 files changed, 148 insertions, 281 deletions
@@ -1,10 +1,3 @@ -Version ?.?.? -- gnutls_check_pending() was renamed to gnutls_record_check_pending() -- Key exchange methods changed so they do not depend on the Certificate - type (GNUTLS_KX_X509PKI_* renamed to GNUTLS_KX_*) -- Renamed gnutls_x509pki_s/get_dh_bits() to gnutls_dh_s/get_dhe_bits() -- Renamed gnutls_anon_server/client_get_dh_bits() to gnutls_dh_get_dha_bits() - Version 0.3.3 - Added gnutls_x509pki_verify_certificate() - Added gnutls_x509pki_set_trust_mem() and gnutls_x509pki_set_key_mem() @@ -12,7 +5,7 @@ Version 0.3.3 - Bug fixes in the Handshake protocol (based on patch by Guillaume Morin) - Corrected library versioning -Version 0.3.2 (5/01/2002) +Version 0.3.2 (5/01/2001) - Corrected bug which did not allow a client to accept multiple CA names - Added gnutls_fingerprint() - Added gnutls_x509pki_extract_certificate_serial() diff --git a/configure.in b/configure.in index 9532e46703..5ebac40fb7 100644 --- a/configure.in +++ b/configure.in @@ -9,10 +9,9 @@ AC_DEFINE_UNQUOTED(T_CPU, "$target_cpu") AC_DEFINE_UNQUOTED(T_VENDOR, "$target_vendor") AC_DEFINE_UNQUOTED(T_OS, "$target_os") -dnl Gnutls Version GNUTLS_MAJOR_VERSION=0 GNUTLS_MINOR_VERSION=3 -GNUTLS_MICRO_VERSION=2 +GNUTLS_MICRO_VERSION=3 GNUTLS_VERSION=$GNUTLS_MAJOR_VERSION.$GNUTLS_MINOR_VERSION.$GNUTLS_MICRO_VERSION AC_DEFINE_UNQUOTED(GNUTLS_VERSION, "$GNUTLS_VERSION") @@ -20,7 +19,7 @@ AC_DEFINE_UNQUOTED(GNUTLS_VERSION, "$GNUTLS_VERSION") AM_INIT_AUTOMAKE(gnutls, $GNUTLS_VERSION) AM_CONFIG_HEADER(config.h) -dnl This is the library version + GNUTLS_MOST_RECENT_INTERFACE=3 GNUTLS_CURRENT_INTERFACE_IMPLEMENTATION_NUMBER=$GNUTLS_MICRO_VERSION GNUTLS_OLDEST_INTERFACE=3 diff --git a/lib/auth_srp_sb64.c b/lib/auth_srp_sb64.c index d7be368f30..cb48e5013f 100644 --- a/lib/auth_srp_sb64.c +++ b/lib/auth_srp_sb64.c @@ -161,7 +161,6 @@ int _gnutls_sbase64_encode(uint8 * data, int data_size, uint8 ** result) memcpy(&(*result)[0], tmpres, tmp); i = mod; j = tmp; - } /* encode the rest */ diff --git a/lib/auth_x509.c b/lib/auth_x509.c index 0fcc057aa3..18f5c82e89 100644 --- a/lib/auth_x509.c +++ b/lib/auth_x509.c @@ -1283,105 +1283,6 @@ int gnutls_x509pki_get_peer_certificate_status(GNUTLS_STATE state) return verify; } -#define CLEAR_CERTS_CA for(x=0;x<peer_certificate_list_size;x++) gnutls_free_cert(peer_certificate_list[x]); \ - for(x=0;x<ca_certificate_list_size;x++) gnutls_free_cert(ca_certificate_list[x]) -/** - * gnutls_x509pki_verify_certificate - This function verifies given certificate list - * @cert_list: is the certificate list to be verified - * @cert_list_length: holds the number of certificate in cert_list - * @CA_list: is the CA list which will be used in verification - * @CA_list_length: holds the number of CA certificate in CA_list - * @CRL_list: not used - * @CRL_list_length: not used - * - * This function will try to verify the given certificate list and return it's status (TRUSTED, EXPIRED etc.). - * The return value (status) should be one of the CertificateStatus enumerated elements. - * However you must also check the peer's name in order to check if the verified certificate belongs to the - * actual peer. Returns a negative error code in case of an error. - * - **/ -int gnutls_x509pki_verify_certificate( const gnutls_datum* cert_list, int cert_list_length, const gnutls_datum * CA_list, int CA_list_length, const gnutls_datum* CRL_list, int CRL_list_length) -{ - CertificateStatus verify; - gnutls_cert *peer_certificate_list; - gnutls_cert *ca_certificate_list; - int peer_certificate_list_size, i, x, ret, ca_certificate_list_size; - - if (cert_list == NULL || cert_list_length == 0) - return GNUTLS_CERT_NONE; - - /* generate a list of gnutls_certs based on the auth info - * raw certs. - */ - peer_certificate_list_size = cert_list_length; - peer_certificate_list = - gnutls_calloc(1, - peer_certificate_list_size * - sizeof(gnutls_cert)); - if (peer_certificate_list == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - ca_certificate_list_size = CA_list_length; - ca_certificate_list = - gnutls_calloc(1, - ca_certificate_list_size * - sizeof(gnutls_cert)); - if (ca_certificate_list == NULL) { - gnutls_assert(); - gnutls_free( peer_certificate_list); - return GNUTLS_E_MEMORY_ERROR; - } - - /* convert certA_list to gnutls_cert* list - */ - for (i = 0; i < peer_certificate_list_size; i++) { - if ((ret = - _gnutls_cert2gnutlsCert(&peer_certificate_list[i], - cert_list[i])) < 0) { - gnutls_assert(); - CLEAR_CERTS_CA; - gnutls_free( peer_certificate_list); - gnutls_free( ca_certificate_list); - return ret; - } - } - - /* convert CA_list to gnutls_cert* list - */ - for (i = 0; i < ca_certificate_list_size; i++) { - if ((ret = - _gnutls_cert2gnutlsCert(&ca_certificate_list[i], - CA_list[i])) < 0) { - gnutls_assert(); - CLEAR_CERTS_CA; - gnutls_free( peer_certificate_list); - gnutls_free( ca_certificate_list); - return ret; - } - } - - /* Verify certificate - */ - verify = - gnutls_verify_certificate(peer_certificate_list, - peer_certificate_list_size, - ca_certificate_list, ca_certificate_list_size, NULL, 0); - - CLEAR_CERTS_CA; - gnutls_free( peer_certificate_list); - gnutls_free( ca_certificate_list); - - if (verify < 0) { - gnutls_assert(); - return GNUTLS_CERT_INVALID; - } - - return verify; -} - - /* finds the most appropriate certificate in the cert list. * The 'appropriate' is defined by the user. * (frontend to _gnutls_server_find_cert_index()) @@ -1503,3 +1404,101 @@ int gnutls_x509pki_extract_certificate_serial(const gnutls_datum * cert, char* r return 0; } + +#define CLEAR_CERTS_CA for(x=0;x<peer_certificate_list_size;x++) gnutls_free_cert(peer_certificate_list[x]); \ + for(x=0;x<ca_certificate_list_size;x++) gnutls_free_cert(ca_certificate_list[x]) +/** + * gnutls_x509pki_verify_certificate - This function verifies given certificate list + * @cert_list: is the certificate list to be verified + * @cert_list_length: holds the number of certificate in cert_list + * @CA_list: is the CA list which will be used in verification + * @CA_list_length: holds the number of CA certificate in CA_list + * @CRL_list: not used + * @CRL_list_length: not used + * + * This function will try to verify the given certificate list and return it's status (TRUSTED, EXPIRED etc.). + * The return value (status) should be one of the CertificateStatus enumerated elements. + * However you must also check the peer's name in order to check if the verified certificate belongs to the + * actual peer. Returns a negative error code in case of an error. + * + **/ +int gnutls_x509pki_verify_certificate( const gnutls_datum* cert_list, int cert_list_length, const gnutls_datum * CA_list, int CA_list_length, const gnutls_datum* CRL_list, int CRL_list_length) +{ + CertificateStatus verify; + gnutls_cert *peer_certificate_list; + gnutls_cert *ca_certificate_list; + int peer_certificate_list_size, i, x, ret, ca_certificate_list_size; + + if (cert_list == NULL || cert_list_length == 0) + return GNUTLS_CERT_NONE; + + /* generate a list of gnutls_certs based on the auth info + * raw certs. + */ + peer_certificate_list_size = cert_list_length; + peer_certificate_list = + gnutls_calloc(1, + peer_certificate_list_size * + sizeof(gnutls_cert)); + if (peer_certificate_list == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + ca_certificate_list_size = CA_list_length; + ca_certificate_list = + gnutls_calloc(1, + ca_certificate_list_size * + sizeof(gnutls_cert)); + if (ca_certificate_list == NULL) { + gnutls_assert(); + gnutls_free( peer_certificate_list); + return GNUTLS_E_MEMORY_ERROR; + } + + /* convert certA_list to gnutls_cert* list + */ + for (i = 0; i < peer_certificate_list_size; i++) { + if ((ret = + _gnutls_cert2gnutlsCert(&peer_certificate_list[i], + cert_list[i])) < 0) { + gnutls_assert(); + CLEAR_CERTS_CA; + gnutls_free( peer_certificate_list); + gnutls_free( ca_certificate_list); + return ret; + } + } + + /* convert CA_list to gnutls_cert* list + */ + for (i = 0; i < ca_certificate_list_size; i++) { + if ((ret = + _gnutls_cert2gnutlsCert(&ca_certificate_list[i], + CA_list[i])) < 0) { + gnutls_assert(); + CLEAR_CERTS_CA; + gnutls_free( peer_certificate_list); + gnutls_free( ca_certificate_list); + return ret; + } + } + + /* Verify certificate + */ + verify = + gnutls_verify_certificate(peer_certificate_list, + peer_certificate_list_size, + ca_certificate_list, ca_certificate_list_size, NULL, 0); + + CLEAR_CERTS_CA; + gnutls_free( peer_certificate_list); + gnutls_free( ca_certificate_list); + + if (verify < 0) { + gnutls_assert(); + return GNUTLS_CERT_INVALID; + } + + return verify; +} diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index eee80b9d4f..7f324229c2 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -30,18 +30,10 @@ extern "C" { @DEFINE_SIZE_T@ @DEFINE_TIME_T@ -#define GNUTLS_CIPHER_AES_128_CBC GNUTLS_CIPHER_RIJNDAEL_128_CBC -#define GNUTLS_CIPHER_AES_256_CBC GNUTLS_CIPHER_RIJNDAEL_256_CBC - -typedef enum GNUTLS_BulkCipherAlgorithm { GNUTLS_CIPHER_NULL=1, GNUTLS_CIPHER_ARCFOUR, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_TWOFISH_128_CBC, GNUTLS_CIPHER_RIJNDAEL_256_CBC } GNUTLS_BulkCipherAlgorithm; -#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_RIJNDAEL_128_CBC -#define GNUTLS_CIPHER_RIJNDAEL256_CBC GNUTLS_CIPHER_RIJNDAEL_256_CBC - -typedef enum GNUTLS_KXAlgorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP } GNUTLS_KXAlgorithm; -#define GNUTLS_KX_X509PKI_RSA GNUTLS_KX_RSA -#define GNUTLS_KX_X509PKI_DHE_RSA GNUTLS_KX_DHE_RSA -#define GNUTLS_KX_X509PKI_DHE_DSS GNUTLS_KX_DHE_DSS +#define GNUTLS_AES GNUTLS_RIJNDAEL +typedef enum GNUTLS_BulkCipherAlgorithm { GNUTLS_CIPHER_NULL=1, GNUTLS_CIPHER_ARCFOUR, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_CIPHER_RIJNDAEL256_CBC } GNUTLS_BulkCipherAlgorithm; +typedef enum GNUTLS_KXAlgorithm { GNUTLS_KX_X509PKI_RSA=1, GNUTLS_KX_X509PKI_DHE_DSS, GNUTLS_KX_X509PKI_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP } GNUTLS_KXAlgorithm; typedef enum GNUTLS_CredType { GNUTLS_X509PKI=1, GNUTLS_ANON, GNUTLS_SRP } GNUTLS_CredType; #define CredType GNUTLS_CredType @@ -93,6 +85,7 @@ void gnutls_deinit(GNUTLS_STATE state); int gnutls_bye( GNUTLS_STATE state, GNUTLS_CloseRequest how); int gnutls_handshake( GNUTLS_STATE state); +int gnutls_check_pending(GNUTLS_STATE state); int gnutls_rehandshake( GNUTLS_STATE state); @@ -261,6 +254,4 @@ void gnutls_transport_set_pull_func( GNUTLS_STATE, GNUTLS_PULL_FUNC pull_func); size_t gnutls_record_get_max_size( GNUTLS_STATE state); size_t gnutls_record_set_max_size( GNUTLS_STATE state, size_t size); -size_t gnutls_record_check_pending(GNUTLS_STATE state); - int gnutls_fingerprint(GNUTLS_DigestAlgorithm algo, const gnutls_datum* data, char* result, int* result_size); diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 74372f69b2..b97f69a789 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -47,11 +47,11 @@ typedef struct { /* This table maps the Key exchange algorithms to * the certificate algorithms. Eg. if we have * RSA algorithm in the certificate then we can - * use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA. + * use GNUTLS_KX_X509PKI_RSA or GNUTLS_KX_X509PKI_DHE_RSA. */ static const gnutls_pk_map pk_mappings[] = { - {GNUTLS_KX_RSA, GNUTLS_PK_RSA}, - {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA}, + {GNUTLS_KX_X509PKI_RSA, GNUTLS_PK_RSA}, + {GNUTLS_KX_X509PKI_DHE_RSA, GNUTLS_PK_RSA}, {0} }; @@ -510,102 +510,7 @@ int gnutls_x509pki_set_trust_file(GNUTLS_X509PKI_CREDENTIALS res, char *CAFILE, } /** - * gnutls_x509pki_set_key_mem - Used to set keys in a GNUTLS_X509PKI_CREDENTIALS structure - * @res: is an &GNUTLS_X509PKI_CREDENTIALS structure. - * @CERT: contains a PEM encoded certificate list (path) for - * the specified private key - * @KEY: is a PEM encoded private key - * - * This function sets a certificate/private key pair in the - * GNUTLS_X509PKI_CREDENTIALS structure. This function may be called - * more than once (in case multiple keys/certificates exist for the - * server). - * - * Currently only PKCS-1 PEM encoded RSA private keys are accepted by - * this function. - * - **/ -int gnutls_x509pki_set_key_mem(GNUTLS_X509PKI_CREDENTIALS res, const gnutls_datum* CERT, - const gnutls_datum* KEY) -{ - int ret; - - /* this should be first - */ - if ((ret = read_key_mem( res, KEY->data, KEY->size)) < 0) - return ret; - - if ((ret = read_cert_mem( res, CERT->data, CERT->size)) < 0) - return ret; - - return 0; -} - -/** - * gnutls_x509pki_set_trust_mem - Used to set trusted CAs in a GNUTLS_X509PKI_CREDENTIALS structure - * @res: is an &GNUTLS_X509PKI_CREDENTIALS structure. - * @CA: is a PEM encoded list of trusted CAs - * @CRL: is a PEM encoded list of CRLs (ignored for now) - * - * This function sets the trusted CAs in order to verify client - * certificates. - **/ -int gnutls_x509pki_set_trust_mem(GNUTLS_X509PKI_CREDENTIALS res, const gnutls_datum *CA, - const gnutls_datum *CRL) -{ - int ret, size, i; - opaque *pdata; - gnutls_datum tmp; - - if ((ret = read_ca_mem(res, CA->data, CA->size)) < 0) - return ret; - - /* Generate the RDN sequence - * This will be sent to clients when a certificate - * request message is sent. - */ - - /* FIXME: in case of a client it is not needed - * to do that. This would save time and memory. - * However we don't have that information available - * here. - */ - - size = 0; - for (i = 0; i < res->ncas; i++) { - if ((ret = _gnutls_find_dn(&tmp, &res->ca_list[i])) < 0) { - gnutls_assert(); - return ret; - } - size += (2 + tmp.size); - } - - res->rdn_sequence.data = gnutls_malloc(size); - if (res->rdn_sequence.data == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - res->rdn_sequence.size = size; - - pdata = res->rdn_sequence.data; - - for (i = 0; i < res->ncas; i++) { - if ((ret = _gnutls_find_dn(&tmp, &res->ca_list[i])) < 0) { - gnutls_free(res->rdn_sequence.data); - res->rdn_sequence.size = 0; - res->rdn_sequence.data = NULL; - gnutls_assert(); - return ret; - } - WRITEdatum16(pdata, tmp); - pdata += (2 + tmp.size); - } - - return 0; -} - -/** - * gnutls_dh_set_dhe_bits - Used to set the bits for a DHE_* ciphersuite + * gnutls_x509pki_set_dh_bits - Used to set the bits for a DHE_* ciphersuite * @state: is a &GNUTLS_STATE structure. * @bits: is the number of bits * @@ -613,17 +518,11 @@ int gnutls_x509pki_set_trust_mem(GNUTLS_X509PKI_CREDENTIALS res, const gnutls_da * This value will only be used in case of DHE ciphersuite. * **/ -void gnutls_dh_set_dhe_bits(GNUTLS_STATE state, int bits) +void gnutls_x509pki_set_dh_bits(GNUTLS_STATE state, int bits) { - state->gnutls_internals.dhe_bits = bits; + state->gnutls_internals.x509pki_dhe_bits = bits; } -#ifdef DEBUG -# warning REMOVE THIS ON LIBRARY VERSION CHANGE -#endif -void gnutls_x509pki_set_dh_bits(GNUTLS_STATE state, int bits) { - gnutls_dh_set_dhe_bits( state, bits); -} static int _read_rsa_params(opaque * der, int dersize, MPI * params) { @@ -1102,7 +1001,7 @@ int _gnutls_check_x509pki_key_usage(const gnutls_cert * cert, { if (_gnutls_map_kx_get_cred(alg) == GNUTLS_X509PKI) { switch (alg) { - case GNUTLS_KX_RSA: + case GNUTLS_KX_X509PKI_RSA: if (cert->keyUsage != 0) { if (! (cert-> @@ -1113,8 +1012,7 @@ int _gnutls_check_x509pki_key_usage(const gnutls_cert * cert, return 0; } return 0; - case GNUTLS_KX_DHE_RSA: - case GNUTLS_KX_DHE_DSS: + case GNUTLS_KX_X509PKI_DHE_RSA: if (cert->keyUsage != 0) { if (! (cert-> @@ -1135,7 +1033,7 @@ int _gnutls_check_x509pki_key_usage(const gnutls_cert * cert, /* returns the KX algorithms that are supported by a * certificate. (Eg a certificate with RSA params, supports - * GNUTLS_KX_RSA algorithm). + * GNUTLS_KX_X509PKI_RSA algorithm). * This function also uses the KeyUsage field of the certificate * extensions in order to disable unneded algorithms. */ @@ -1145,10 +1043,10 @@ int _gnutls_cert_supported_kx(const gnutls_cert * cert, KXAlgorithm ** alg, KXAlgorithm kx; int i; PKAlgorithm pk; - KXAlgorithm kxlist[MAX_KX_ALGOS]; + KXAlgorithm kxlist[255]; i = 0; - for (kx = 0; kx < MAX_KX_ALGOS; kx++) { + for (kx = 0; kx < 255; kx++) { pk = _gnutls_map_pk_get_pk(kx); if (pk == cert->subject_pk_algorithm) { if (_gnutls_check_x509pki_key_usage(cert, kx) == 0) { @@ -1158,11 +1056,6 @@ int _gnutls_cert_supported_kx(const gnutls_cert * cert, KXAlgorithm ** alg, } } - if (i==0) { - gnutls_assert(); - return GNUTLS_E_INVALID_PARAMETERS; - } - *alg = gnutls_calloc(1, sizeof(KXAlgorithm) * i); if (*alg == NULL) return GNUTLS_E_MEMORY_ERROR; diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index db68d4714a..2eba02f9a9 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -139,7 +139,7 @@ static int _gnutls_ssl3_finished(GNUTLS_STATE state, int type, int skip, return GNUTLS_E_HASH_FAILED; } - siz = _gnutls_handshake_buffer_get_size(state) - skip; + siz = gnutls_get_handshake_buffer_size(state) - skip; data = gnutls_malloc(siz); if (data == NULL) { gnutls_assert(); @@ -148,7 +148,7 @@ static int _gnutls_ssl3_finished(GNUTLS_STATE state, int type, int skip, return GNUTLS_E_MEMORY_ERROR; } - _gnutls_handshake_buffer_peek(state, data, siz); + gnutls_read_handshake_buffer(state, data, siz); gnutls_mac_ssl3(td, data, siz); gnutls_mac_ssl3(td2, data, siz); @@ -197,7 +197,7 @@ int _gnutls_finished(GNUTLS_STATE state, int type, int skip, void *ret) return GNUTLS_E_HASH_FAILED; } - siz = _gnutls_handshake_buffer_get_size(state) - skip; + siz = gnutls_get_handshake_buffer_size(state) - skip; data = gnutls_malloc(siz); if (data == NULL) { @@ -207,7 +207,7 @@ int _gnutls_finished(GNUTLS_STATE state, int type, int skip, void *ret) return GNUTLS_E_MEMORY_ERROR; } - _gnutls_handshake_buffer_get(state, data, siz); + gnutls_read_handshake_buffer(state, data, siz); gnutls_hash(td, data, siz); gnutls_hash(td2, data, siz); @@ -650,7 +650,7 @@ int _gnutls_send_handshake(GNUTLS_STATE state, void *i_data, /* we are resuming a previously interrupted * send. */ - ret = _gnutls_handshake_io_write_flush(state); + ret = _gnutls_handshake_write_flush(state); return ret; } @@ -685,7 +685,7 @@ int _gnutls_send_handshake(GNUTLS_STATE state, void *i_data, if (type != GNUTLS_HELLO_REQUEST) { if ((ret = - _gnutls_handshake_buffer_put(state, data, + gnutls_insert_to_handshake_buffer(state, data, datasize)) < 0) { gnutls_assert(); gnutls_free(data); @@ -694,7 +694,7 @@ int _gnutls_send_handshake(GNUTLS_STATE state, void *i_data, } ret = - _gnutls_handshake_io_send_int(state, GNUTLS_HANDSHAKE, type, + _gnutls_handshake_send_int(state, GNUTLS_HANDSHAKE, type, data, datasize); gnutls_free(data); @@ -744,7 +744,7 @@ static int _gnutls_recv_handshake_header(GNUTLS_STATE state, if (state->gnutls_internals.handshake_header_buffer.header_size < SSL2_HEADERS) { ret = - _gnutls_handshake_io_recv_int(state, GNUTLS_HANDSHAKE, + _gnutls_handshake_recv_int(state, GNUTLS_HANDSHAKE, type, dataptr, SSL2_HEADERS); @@ -766,7 +766,7 @@ static int _gnutls_recv_handshake_header(GNUTLS_STATE state, if (state->gnutls_internals.v2_hello == 0 || type != GNUTLS_CLIENT_HELLO) { ret = - _gnutls_handshake_io_recv_int(state, GNUTLS_HANDSHAKE, + _gnutls_handshake_recv_int(state, GNUTLS_HANDSHAKE, type, &dataptr[state-> gnutls_internals. @@ -831,7 +831,7 @@ static int _gnutls_recv_handshake_header(GNUTLS_STATE state, if (*recv_type != GNUTLS_HELLO_REQUEST) { if ((ret = - _gnutls_handshake_buffer_put(state, dataptr, + gnutls_insert_to_handshake_buffer(state, dataptr, handshake_header_size)) < 0) { gnutls_assert(); @@ -839,7 +839,7 @@ static int _gnutls_recv_handshake_header(GNUTLS_STATE state, } } - /* This MUST be after handshake_buffer_put(), because + /* This MUST be after insert_to_handshake_buffer(), because * of optional packets. */ if (*recv_type != type) { @@ -850,7 +850,7 @@ static int _gnutls_recv_handshake_header(GNUTLS_STATE state, return length32; } -#define _gnutls_handshake_header_buffer_clear( state) state->gnutls_internals.handshake_header_buffer.header_size = 0 +#define _gnutls_clear_handshake_header_buffer( state) state->gnutls_internals.handshake_header_buffer.header_size = 0 /* This function will receive handshake messages of the given types, @@ -900,7 +900,7 @@ int _gnutls_recv_handshake(GNUTLS_STATE state, uint8 ** data, if (length32 > 0) { ret = - _gnutls_handshake_io_recv_int(state, GNUTLS_HANDSHAKE, + _gnutls_handshake_recv_int(state, GNUTLS_HANDSHAKE, type, dataptr, length32); if (ret <= 0) { gnutls_assert(); @@ -915,7 +915,7 @@ int _gnutls_recv_handshake(GNUTLS_STATE state, uint8 ** data, * have have received above. if we get here the we clear the handshake * header we received. */ - _gnutls_handshake_header_buffer_clear(state); + _gnutls_clear_handshake_header_buffer(state); ret = GNUTLS_E_UNKNOWN_ERROR; @@ -926,7 +926,7 @@ int _gnutls_recv_handshake(GNUTLS_STATE state, uint8 ** data, if (recv_type != GNUTLS_HELLO_REQUEST && length32 > 0) { if ((ret = - _gnutls_handshake_buffer_put(state, dataptr, + gnutls_insert_to_handshake_buffer(state, dataptr, length32)) < 0) { gnutls_assert(); return ret; @@ -943,8 +943,7 @@ int _gnutls_recv_handshake(GNUTLS_STATE state, uint8 ** data, ret = length32; break; case GNUTLS_SERVER_HELLO_DONE: - if (length32==0) ret = 0; - else ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + ret = 0; break; case GNUTLS_FINISHED: ret = length32; @@ -1705,7 +1704,7 @@ int gnutls_handshake(GNUTLS_STATE state) STATE = STATE0; - _gnutls_handshake_io_buffer_clear(state); + _gnutls_clear_handshake_buffers(state); return 0; } @@ -1715,7 +1714,7 @@ int gnutls_handshake(GNUTLS_STATE state) if (gnutls_error_is_fatal(ret)==0) return ret; \ gnutls_assert(); \ ERR( str, ret); \ - _gnutls_handshake_buffer_clear(state); \ + gnutls_clear_handshake_buffer(state); \ return ret; \ } @@ -2095,9 +2094,8 @@ int gnutls_handshake_common(GNUTLS_STATE state) /* in order to support session resuming */ _gnutls_server_register_current_session(state); } - /* clear handshake buffer */ - _gnutls_handshake_buffer_clear(state); + gnutls_clear_handshake_buffer(state); return ret; } diff --git a/lib/gnutls_random.c b/lib/gnutls_random.c index 9c363da1f3..241c823359 100644 --- a/lib/gnutls_random.c +++ b/lib/gnutls_random.c @@ -76,7 +76,7 @@ int _gnutls_get_random(opaque * res, int bytes, int dev) memcpy( res, buf, bytes); gcry_free(buf); - + return 0; #endif diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h index 31b246f553..512525740b 100644 --- a/lib/gnutls_ui.h +++ b/lib/gnutls_ui.h @@ -52,16 +52,8 @@ const char* gnutls_srp_server_get_username( GNUTLS_STATE state); /* ANON */ -int gnutls_dh_get_dha_bits( GNUTLS_STATE state); - -#define gnutls_anon_server_get_dh_bits gnutls_dh_get_dha_bits -#define gnutls_anon_client_get_dh_bits gnutls_dh_get_dha_bits - -void gnutls_dh_set_dhe_bits( GNUTLS_STATE state, int bits); -int gnutls_dh_get_dhe_bits( GNUTLS_STATE); - -#define gnutls_x509pki_set_dh_bits gnutls_dh_set_dhe_bits -#define gnutls_x509pki_get_dh_bits gnutls_dh_get_dhe_bits +int gnutls_anon_server_get_dh_bits( GNUTLS_STATE state); +int gnutls_anon_client_get_dh_bits( GNUTLS_STATE state); /* X509PKI */ @@ -70,6 +62,8 @@ void gnutls_x509pki_set_client_cert_callback( GNUTLS_X509PKI_CREDENTIALS, x509pk void gnutls_x509pki_set_server_cert_callback( GNUTLS_X509PKI_CREDENTIALS, x509pki_server_cert_callback_func *); void gnutls_x509pki_server_set_cert_request( GNUTLS_STATE, CertificateRequest); +void gnutls_x509pki_set_dh_bits( GNUTLS_STATE state, int bits); + /* X.509 certificate handling functions */ int gnutls_x509pki_extract_dn( const gnutls_datum*, gnutls_DN*); int gnutls_x509pki_extract_certificate_dn( const gnutls_datum*, gnutls_DN*); @@ -80,10 +74,11 @@ time_t gnutls_x509pki_extract_certificate_activation_time( const gnutls_datum*); time_t gnutls_x509pki_extract_certificate_expiration_time( const gnutls_datum*); int gnutls_x509pki_extract_subject_dns_name( const gnutls_datum*, char*, int*); -int gnutls_x509pki_verify_certificate( const gnutls_datum* cert_list, int cert_list_length, const gnutls_datum * CA_list, int CA_list_length, const gnutls_datum* CRL_list, int CRL_list_length); +int gnutls_x509pki_verify_certificate( const gnutls_datum* cert_list, int cert_list_length, const gnutls_datum * CA_list, int CA_list_length, const gnutls_datum* CRL_list, int CRL_list_length); /* get data from the state */ const gnutls_datum* gnutls_x509pki_get_peer_certificate_list( GNUTLS_STATE, int* list_size); +int gnutls_x509pki_get_dh_bits( GNUTLS_STATE); int gnutls_x509pki_get_certificate_request_status( GNUTLS_STATE); int gnutls_x509pki_get_peer_certificate_status( GNUTLS_STATE); diff --git a/lib/x509_b64.c b/lib/x509_b64.c index 8023455a96..43832d8537 100644 --- a/lib/x509_b64.c +++ b/lib/x509_b64.c @@ -279,7 +279,7 @@ int size; /* decodes data and puts the result into result (localy alocated) * The result_size is the return value */ -int _gnutls_base64_decode(const uint8 * data, int data_size, uint8 ** result) +int _gnutls_base64_decode(uint8 * data, int data_size, uint8 ** result) { int i, ret, tmp, j; uint8 tmpres[3]; @@ -309,7 +309,7 @@ int _gnutls_base64_decode(const uint8 * data, int data_size, uint8 ** result) /* copies data to result but removes newlines and <CR> * returns the size of the data copied. */ -inline static int cpydata(const uint8 * data, int data_size, uint8 ** result) +inline static int cpydata(uint8 * data, int data_size, uint8 ** result) { int i, j; @@ -330,7 +330,7 @@ inline static int cpydata(const uint8 * data, int data_size, uint8 ** result) * The result_size is the return value */ #define ENDSTR "-----\n" -int _gnutls_fbase64_decode( const uint8 * data, int data_size, +int _gnutls_fbase64_decode( uint8 * data, int data_size, uint8 ** result) { int ret; diff --git a/lib/x509_b64.h b/lib/x509_b64.h index 34ef20b5c2..259c408609 100644 --- a/lib/x509_b64.h +++ b/lib/x509_b64.h @@ -1,6 +1,6 @@ -int _gnutls_base64_encode(uint8 * data, int data_size, uint8 ** result); -int _gnutls_fbase64_encode(const char *msg, const uint8 * data, int data_size, +int _gnutls_base64_encode(uint8 * const data, int data_size, uint8 ** result); +int _gnutls_fbase64_encode( char *msg, const uint8 * data, int data_size, uint8 ** result); -int _gnutls_base64_decode(uint8 * data, int data_size, uint8 ** result); +int _gnutls_base64_decode( const uint8 * data, int data_size, uint8 ** result); int _gnutls_fbase64_decode( const uint8 * data, int data_size, uint8 ** result); |