diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-12-08 15:55:08 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-12-08 15:55:08 +0000 |
commit | c40c474082a518d54e4a4305e214ad00e4dda2f7 (patch) | |
tree | 8d0f632267e0f3d5879bd6a5a276496d9a0072f5 | |
parent | 18f9137387c0d68d99edcf99af2d8dbe26ad222c (diff) | |
download | gnutls-c40c474082a518d54e4a4305e214ad00e4dda2f7.tar.gz |
Cleanups. Now use GCRYMPI_FMT_STD instead of USG.
-rw-r--r-- | lib/auth_anon.c | 32 | ||||
-rw-r--r-- | lib/auth_dhe_dss.c | 28 | ||||
-rw-r--r-- | lib/auth_dhe_rsa.c | 28 | ||||
-rw-r--r-- | lib/auth_srp.c | 26 | ||||
-rw-r--r-- | lib/auth_srp_passwd.c | 14 | ||||
-rw-r--r-- | lib/gnutls_buffers.c | 17 | ||||
-rw-r--r-- | lib/gnutls_cert.c | 4 | ||||
-rw-r--r-- | lib/gnutls_dh_primes.c | 28 | ||||
-rw-r--r-- | lib/gnutls_gcry.c | 18 | ||||
-rw-r--r-- | lib/gnutls_gcry.h | 6 | ||||
-rw-r--r-- | lib/gnutls_int.h | 8 | ||||
-rw-r--r-- | lib/gnutls_pk.c | 20 | ||||
-rw-r--r-- | lib/gnutls_privkey.c | 4 | ||||
-rw-r--r-- | lib/gnutls_srp.c | 10 | ||||
-rw-r--r-- | lib/x509_extensions.c | 1 |
15 files changed, 131 insertions, 113 deletions
diff --git a/lib/auth_anon.c b/lib/auth_anon.c index ba2341e881..aece0378a2 100644 --- a/lib/auth_anon.c +++ b/lib/auth_anon.c @@ -56,12 +56,12 @@ MOD_AUTH_STRUCT anon_auth_struct = { * opaque data. */ int _gnutls_generate_key(GNUTLS_KEY key) { - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &key->key.size, key->KEY); + _gnutls_mpi_print( NULL, &key->key.size, key->KEY); key->key.data = secure_malloc( key->key.size); if ( key->key.data==NULL) { return GNUTLS_E_MEMORY_ERROR; } - gcry_mpi_print(GCRYMPI_FMT_USG, key->key.data, &key->key.size, key->KEY); + _gnutls_mpi_print( key->key.data, &key->key.size, key->KEY); return 0; } @@ -111,9 +111,9 @@ int gen_anon_server_kx( GNUTLS_STATE state, opaque** data) { } state->gnutls_key->dh_secret = x; - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &n_g, g); - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &n_p, p); - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &n_X, X); + _gnutls_mpi_print( NULL, &n_g, g); + _gnutls_mpi_print( NULL, &n_p, p); + _gnutls_mpi_print( NULL, &n_X, X); (*data) = gnutls_malloc(n_g + n_p + n_X + 6); if (*data==NULL) { _gnutls_mpi_release( &X); @@ -122,19 +122,19 @@ int gen_anon_server_kx( GNUTLS_STATE state, opaque** data) { return GNUTLS_E_MEMORY_ERROR; } data_p = &(*data)[0]; - gcry_mpi_print(GCRYMPI_FMT_USG, &data_p[2], &n_p, p); + _gnutls_mpi_print( &data_p[2], &n_p, p); _gnutls_mpi_release(&p); WRITEuint16( n_p, data_p); data_g = &data_p[2 + n_p]; - gcry_mpi_print(GCRYMPI_FMT_USG, &data_g[2], &n_g, g); + _gnutls_mpi_print( &data_g[2], &n_g, g); _gnutls_mpi_release(&g); WRITEuint16( n_g, data_g); data_X = &data_g[2 + n_g]; - gcry_mpi_print(GCRYMPI_FMT_USG, &data_X[2], &n_X, X); + _gnutls_mpi_print( &data_X[2], &n_X, X); _gnutls_mpi_release(&X); WRITEuint16( n_X, data_X); @@ -153,12 +153,12 @@ int ret; if (X==NULL) return GNUTLS_E_MEMORY_ERROR; - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &n_X, X); + _gnutls_mpi_print( NULL, &n_X, X); (*data) = gnutls_malloc(n_X + 2); if (*data==NULL) return GNUTLS_E_MEMORY_ERROR; - gcry_mpi_print(GCRYMPI_FMT_USG, &(*data)[2], &n_X, X); + _gnutls_mpi_print( &(*data)[2], &n_X, X); (*data)[0] = 1; /* extern - explicit since we do not have certificate */ _gnutls_mpi_release(&X); @@ -226,19 +226,16 @@ int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) { _n_g = n_g; _n_p = n_p; - if (_gnutls_mpi_scan(&state->gnutls_key->client_Y, - GCRYMPI_FMT_USG, data_Y, &_n_Y) != 0 || state->gnutls_key->client_Y==NULL) { + if (_gnutls_mpi_scan(&state->gnutls_key->client_Y, data_Y, &_n_Y) != 0 || state->gnutls_key->client_Y==NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - if (_gnutls_mpi_scan(&state->gnutls_key->client_g, - GCRYMPI_FMT_USG, data_g, &_n_g) != 0 || state->gnutls_key->client_g==NULL) { + if (_gnutls_mpi_scan(&state->gnutls_key->client_g, data_g, &_n_g) != 0 || state->gnutls_key->client_g==NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - if (_gnutls_mpi_scan(&state->gnutls_key->client_p, - GCRYMPI_FMT_USG, data_p, &_n_p) != 0 || state->gnutls_key->client_p==NULL) { + if (_gnutls_mpi_scan(&state->gnutls_key->client_p, data_p, &_n_p) != 0 || state->gnutls_key->client_p==NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } @@ -273,8 +270,7 @@ int proc_anon_client_kx( GNUTLS_STATE state, opaque* data, int data_size) { n_Y = READuint16( &data[0]); _n_Y = n_Y; - if (_gnutls_mpi_scan(&state->gnutls_key->client_Y, - GCRYMPI_FMT_USG, &data[2], &_n_Y) !=0 || state->gnutls_key->client_Y==NULL) { + if (_gnutls_mpi_scan(&state->gnutls_key->client_Y, &data[2], &_n_Y) !=0 || state->gnutls_key->client_Y==NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } diff --git a/lib/auth_dhe_dss.c b/lib/auth_dhe_dss.c index adb0dfd849..cfad3c1dac 100644 --- a/lib/auth_dhe_dss.c +++ b/lib/auth_dhe_dss.c @@ -85,24 +85,24 @@ int gen_dhe_dss_server_kx( GNUTLS_KEY key, opaque** data) { key->dh_secret = x; - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &n_g, g); - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &n_p, p); - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &n_X, X); + _gnutls_mpi_print( NULL, &n_g, g); + _gnutls_mpi_print( NULL, &n_p, p); + _gnutls_mpi_print( NULL, &n_X, X); (*data) = gnutls_malloc(n_g + n_p + n_X + 6); data_p = &(*data)[0]; - gcry_mpi_print(GCRYMPI_FMT_USG, &data_p[2], &n_p, p); + _gnutls_mpi_print( &data_p[2], &n_p, p); _gnutls_mpi_release(p); WRITEuint16( n_p, data_p); data_g = &data_p[2 + n_p]; - gcry_mpi_print(GCRYMPI_FMT_USG, &data_g[2], &n_g, g); + _gnutls_mpi_print( &data_g[2], &n_g, g); _gnutls_mpi_release(g); WRITEuint16( n_g, data_g); data_X = &data_g[2 + n_g]; - gcry_mpi_print(GCRYMPI_FMT_USG, &data_X[2], &n_X, X); + _gnutls_mpi_print( &data_X[2], &n_X, X); _gnutls_mpi_release(X); WRITEuint16( n_X, data_X); @@ -119,10 +119,10 @@ size_t n_X; X = _gnutls_calc_dh_secret(&x, key->client_g, key->client_p); - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &n_X, X); + _gnutls_mpi_print( NULL, &n_X, X); (*data) = gnutls_malloc(n_X + 2); - gcry_mpi_print(GCRYMPI_FMT_USG, &(*data)[2], &n_X, X); + _gnutls_mpi_print( &(*data)[2], &n_X, X); (*data)[0] = 1; /* extern - explicit since we do not have certificate */ _gnutls_mpi_release(X); @@ -186,19 +186,16 @@ int proc_dhe_dss_server_kx( GNUTLS_KEY key, opaque* data, int data_size) { _n_g = n_g; _n_p = n_p; - if (gcry_mpi_scan(&key->client_Y, - GCRYMPI_FMT_USG, data_Y, &_n_Y) != 0) { + if (gcry_mpi_scan(&key->client_Y, data_Y, &_n_Y) != 0) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - if (gcry_mpi_scan(&key->client_g, - GCRYMPI_FMT_USG, data_g, &_n_g) != 0) { + if (gcry_mpi_scan(&key->client_g,, data_g, &_n_g) != 0) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - if (gcry_mpi_scan(&key->client_p, - GCRYMPI_FMT_USG, data_p, &_n_p) != 0) { + if (gcry_mpi_scan(&key->client_p, data_p, &_n_p) != 0) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } @@ -235,8 +232,7 @@ int proc_dhe_dss_client_kx( GNUTLS_KEY key, opaque* data, int data_size) { n_Y = READuint16( &data[0]); _n_Y = n_Y; - if (gcry_mpi_scan(&key->client_Y, - GCRYMPI_FMT_USG, &data[2], &_n_Y)) { + if (gcry_mpi_scan(&key->client_Y, &data[2], &_n_Y)) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } diff --git a/lib/auth_dhe_rsa.c b/lib/auth_dhe_rsa.c index 4a18872394..5ec132032d 100644 --- a/lib/auth_dhe_rsa.c +++ b/lib/auth_dhe_rsa.c @@ -119,9 +119,9 @@ static int gen_dhe_rsa_server_kx(GNUTLS_STATE state, opaque ** data) } state->gnutls_key->dh_secret = x; - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &n_g, g); - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &n_p, p); - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &n_X, X); + _gnutls_mpi_print( NULL, &n_g, g); + _gnutls_mpi_print( NULL, &n_p, p); + _gnutls_mpi_print( NULL, &n_X, X); (*data) = gnutls_malloc(n_g + n_p + n_X + 6); if (*data == NULL) { _gnutls_mpi_release(&X); @@ -131,19 +131,19 @@ static int gen_dhe_rsa_server_kx(GNUTLS_STATE state, opaque ** data) } data_p = &(*data)[0]; - gcry_mpi_print(GCRYMPI_FMT_USG, &data_p[2], &n_p, p); + _gnutls_mpi_print( &data_p[2], &n_p, p); _gnutls_mpi_release(&p); WRITEuint16(n_p, data_p); data_g = &data_p[2 + n_p]; - gcry_mpi_print(GCRYMPI_FMT_USG, &data_g[2], &n_g, g); + _gnutls_mpi_print( &data_g[2], &n_g, g); _gnutls_mpi_release(&g); WRITEuint16(n_g, data_g); data_X = &data_g[2 + n_g]; - gcry_mpi_print(GCRYMPI_FMT_USG, &data_X[2], &n_X, X); + _gnutls_mpi_print( &data_X[2], &n_X, X); _gnutls_mpi_release(&X); WRITEuint16(n_X, data_X); @@ -200,7 +200,7 @@ static int gen_dhe_rsa_client_kx(GNUTLS_STATE state, opaque ** data) return GNUTLS_E_MEMORY_ERROR; } - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &n_X, X); + _gnutls_mpi_print( NULL, &n_X, X); (*data) = gnutls_malloc(n_X + 2); if (*data == NULL) { _gnutls_mpi_release(&x); @@ -208,7 +208,7 @@ static int gen_dhe_rsa_client_kx(GNUTLS_STATE state, opaque ** data) return GNUTLS_E_MEMORY_ERROR; } - gcry_mpi_print(GCRYMPI_FMT_USG, &(*data)[2], &n_X, X); + _gnutls_mpi_print( &(*data)[2], &n_X, X); _gnutls_mpi_release(&X); WRITEuint16(n_X, &(*data)[0]); @@ -293,19 +293,16 @@ static int proc_dhe_rsa_server_kx(GNUTLS_STATE state, opaque * data, _n_g = n_g; _n_p = n_p; - if (_gnutls_mpi_scan(&state->gnutls_key->client_Y, - GCRYMPI_FMT_USG, data_Y, &_n_Y) != 0) { + if (_gnutls_mpi_scan(&state->gnutls_key->client_Y, data_Y, &_n_Y) != 0) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - if (_gnutls_mpi_scan(&state->gnutls_key->client_g, - GCRYMPI_FMT_USG, data_g, &_n_g) != 0) { + if (_gnutls_mpi_scan(&state->gnutls_key->client_g, data_g, &_n_g) != 0) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - if (_gnutls_mpi_scan(&state->gnutls_key->client_p, - GCRYMPI_FMT_USG, data_p, &_n_p) != 0) { + if (_gnutls_mpi_scan(&state->gnutls_key->client_p, data_p, &_n_p) != 0) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } @@ -362,8 +359,7 @@ static int proc_dhe_rsa_client_kx(GNUTLS_STATE state, opaque * data, n_Y = READuint16(&data[0]); _n_Y = n_Y; - if (_gnutls_mpi_scan(&state->gnutls_key->client_Y, - GCRYMPI_FMT_USG, &data[2], &_n_Y)) { + if (_gnutls_mpi_scan(&state->gnutls_key->client_Y, &data[2], &_n_Y)) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } diff --git a/lib/auth_srp.c b/lib/auth_srp.c index e017f53835..6be3f358a5 100644 --- a/lib/auth_srp.c +++ b/lib/auth_srp.c @@ -108,11 +108,11 @@ int gen_srp_server_hello(GNUTLS_STATE state, opaque ** data) pwd_algo = (uint8) pwd_entry->algorithm; - if (gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &n_g, pwd_entry->g)!=0) { + if (_gnutls_mpi_print( NULL, &n_g, pwd_entry->g)!=0) { gnutls_assert(); return GNUTLS_E_MPI_PRINT_FAILED; } - if (gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &n_n, pwd_entry->n)!=0) { + if (_gnutls_mpi_print( NULL, &n_n, pwd_entry->n)!=0) { gnutls_assert(); return GNUTLS_E_MPI_PRINT_FAILED; } @@ -147,7 +147,7 @@ int gen_srp_server_hello(GNUTLS_STATE state, opaque ** data) data_g++; - if(gcry_mpi_print(GCRYMPI_FMT_USG, &data_g[2], &n_g, G)!=0) { + if(_gnutls_mpi_print( &data_g[2], &n_g, G)!=0) { gnutls_assert(); return GNUTLS_E_MPI_PRINT_FAILED; } @@ -157,7 +157,7 @@ int gen_srp_server_hello(GNUTLS_STATE state, opaque ** data) /* copy N (mod n) */ data_n = &data_g[2 + n_g]; - if (gcry_mpi_print(GCRYMPI_FMT_USG, &data_n[2], &n_n, N)!=0) { + if (_gnutls_mpi_print( &data_n[2], &n_n, N)!=0) { gnutls_assert(); return GNUTLS_E_MPI_PRINT_FAILED; } @@ -191,7 +191,7 @@ int gen_srp_server_kx2(GNUTLS_STATE state, opaque ** data) return GNUTLS_E_MEMORY_ERROR; } - if (gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &n_b, B)!=0) + if (_gnutls_mpi_print( NULL, &n_b, B)!=0) return GNUTLS_E_MPI_PRINT_FAILED; (*data) = gnutls_malloc(n_b + 2); @@ -202,7 +202,7 @@ int gen_srp_server_kx2(GNUTLS_STATE state, opaque ** data) /* copy B */ data_b = (*data); - if (gcry_mpi_print(GCRYMPI_FMT_USG, &data_b[2], &n_b, B)!=0) + if (_gnutls_mpi_print( &data_b[2], &n_b, B)!=0) return GNUTLS_E_MPI_PRINT_FAILED; WRITEuint16( n_b, data_b); @@ -272,7 +272,7 @@ int gen_srp_client_kx0(GNUTLS_STATE state, opaque ** data) return GNUTLS_E_MEMORY_ERROR; } - if (gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &n_a, A)!=0) + if (_gnutls_mpi_print( NULL, &n_a, A)!=0) return GNUTLS_E_MPI_PRINT_FAILED; (*data) = gnutls_malloc(n_a + 2); @@ -283,7 +283,7 @@ int gen_srp_client_kx0(GNUTLS_STATE state, opaque ** data) /* copy A */ data_a = (*data); - if (gcry_mpi_print(GCRYMPI_FMT_USG, &data_a[2], &n_a, A)!=0) { + if (_gnutls_mpi_print( &data_a[2], &n_a, A)!=0) { gnutls_free( *data); return GNUTLS_E_MPI_PRINT_FAILED; } @@ -359,12 +359,12 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size _n_g = n_g; _n_n = n_n; - if (_gnutls_mpi_scan(&N, GCRYMPI_FMT_USG, data_n, &_n_n) != 0 || N == NULL) { + if (_gnutls_mpi_scan(&N, data_n, &_n_n) != 0 || N == NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - if (_gnutls_mpi_scan(&G, GCRYMPI_FMT_USG, data_g, &_n_g) != 0 || G == NULL) { + if (_gnutls_mpi_scan(&G, data_g, &_n_g) != 0 || G == NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } @@ -377,7 +377,7 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size return ret; } - if (_gnutls_mpi_scan(&state->gnutls_key->x, GCRYMPI_FMT_USG, hd, &_n_g) != 0 || state->gnutls_key->x==NULL) { + if (_gnutls_mpi_scan(&state->gnutls_key->x, hd, &_n_g) != 0 || state->gnutls_key->x==NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } @@ -392,7 +392,7 @@ int proc_srp_client_kx0(GNUTLS_STATE state, opaque * data, int data_size) _n_A = READuint16( &data[0]); - if (_gnutls_mpi_scan(&A, GCRYMPI_FMT_USG, &data[2], &_n_A) || A == NULL) { + if (_gnutls_mpi_scan(&A, &data[2], &_n_A) || A == NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } @@ -408,7 +408,7 @@ int proc_srp_server_kx2(GNUTLS_STATE state, opaque * data, int data_size) _n_B = READuint16( &data[0]); - if (_gnutls_mpi_scan(&B, GCRYMPI_FMT_USG, &data[2], &_n_B) || B==NULL) { + if (_gnutls_mpi_scan(&B, &data[2], &_n_B) || B==NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c index 9874892309..a56a091306 100644 --- a/lib/auth_srp_passwd.c +++ b/lib/auth_srp_passwd.c @@ -108,7 +108,7 @@ int indx; return GNUTLS_E_PARSING_ERROR; } - if (_gnutls_mpi_scan(&entry->v, GCRYMPI_FMT_USG, verifier, &verifier_size) || entry->v == NULL) { + if (_gnutls_mpi_scan(&entry->v, verifier, &verifier_size) || entry->v == NULL) { gnutls_assert(); gnutls_free(entry->salt); return GNUTLS_E_MPI_SCAN_FAILED; @@ -151,7 +151,7 @@ int tmp_size; gnutls_assert(); return GNUTLS_E_PARSING_ERROR; } - if (_gnutls_mpi_scan(&entry->g, GCRYMPI_FMT_USG, tmp, &tmp_size) || entry->g==NULL) { + if (_gnutls_mpi_scan(&entry->g, tmp, &tmp_size) || entry->g==NULL) { gnutls_assert(); gnutls_free(tmp); return GNUTLS_E_MPI_SCAN_FAILED; @@ -179,7 +179,7 @@ int tmp_size; _gnutls_mpi_release(&entry->g); return GNUTLS_E_PARSING_ERROR; } - if (_gnutls_mpi_scan(&entry->n, GCRYMPI_FMT_USG, tmp, &tmp_size) || entry->n==NULL) { + if (_gnutls_mpi_scan(&entry->n, tmp, &tmp_size) || entry->n==NULL) { gnutls_assert(); gnutls_free(tmp); _gnutls_mpi_release(&entry->g); @@ -367,12 +367,12 @@ int _gnutls_srp_generate_prime(opaque ** ret_g, opaque ** ret_n, int bits) } siz = 0; - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &siz, g); + _gnutls_mpi_print( NULL, &siz, g); if (ret_g != NULL) { tmp = gnutls_malloc(siz); if (tmp==NULL) return GNUTLS_E_MEMORY_ERROR; - gcry_mpi_print(GCRYMPI_FMT_USG, tmp, &siz, g); + _gnutls_mpi_print( tmp, &siz, g); if (_gnutls_sbase64_encode(tmp, siz, ret_g) < 0) { gnutls_free(tmp); @@ -382,12 +382,12 @@ int _gnutls_srp_generate_prime(opaque ** ret_g, opaque ** ret_n, int bits) } siz = 0; - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &siz, prime); + _gnutls_mpi_print( NULL, &siz, prime); if (ret_n != NULL) { tmp = gnutls_malloc(siz); if (tmp==NULL) return GNUTLS_E_MEMORY_ERROR; - gcry_mpi_print(GCRYMPI_FMT_USG, tmp, &siz, prime); + _gnutls_mpi_print( tmp, &siz, prime); if (_gnutls_sbase64_encode(tmp, siz, ret_n) < 0) { gnutls_free(tmp); return GNUTLS_E_UNKNOWN_ERROR; diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index 0f6ed94676..b8cf3e351c 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -27,6 +27,23 @@ /* This is the only file that uses the berkeley sockets API. * * Also holds all the buffering code used in gnutls. + * The buffering code works as: + * + * RECORD LAYER: + * 1. uses a buffer to hold data (application/handshake), + * we got but they were not requested, yet. + * (see gnutls_insert_to_data_buffer(), gnutls_get_data_buffer_size() etc.) + * + * 2. uses a buffer to hold data that were incomplete (ie the read/write + * was interrupted) + * (see _gnutls_read_buffered(), _gnutls_write_buffered() etc.) + * + * HANDSHAKE LAYER: + * Uses a buffer to hold data that was not sent or received + * complete. (Ie. sent 10 bytes of a handshake packet that is 20 bytes + * long). + * (see _gnutls_handshake_send_int(), _gnutls_handshake_recv_int()) + * */ #ifdef HAVE_ERRNO_H diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index a2237d6f4c..2f721813ac 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -520,7 +520,7 @@ static int _read_rsa_params(opaque * der, int dersize, MPI * params) return GNUTLS_E_ASN1_PARSING_ERROR; } - if (_gnutls_mpi_scan(¶ms[0], GCRYMPI_FMT_USG, str, &len) != 0) { + if (_gnutls_mpi_scan(¶ms[0], str, &len) != 0) { gnutls_assert(); asn1_delete_structure(spk); return GNUTLS_E_MPI_SCAN_FAILED; @@ -537,7 +537,7 @@ static int _read_rsa_params(opaque * der, int dersize, MPI * params) return GNUTLS_E_ASN1_PARSING_ERROR; } - if (_gnutls_mpi_scan(¶ms[1], GCRYMPI_FMT_USG, str, &len) != 0) { + if (_gnutls_mpi_scan(¶ms[1], str, &len) != 0) { gnutls_assert(); _gnutls_mpi_release(¶ms[0]); asn1_delete_structure(spk); diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c index aa447b99ff..9f16876b27 100644 --- a/lib/gnutls_dh_primes.c +++ b/lib/gnutls_dh_primes.c @@ -28,7 +28,7 @@ static uint8 DH_G_4096[] = { 0x05 }; static uint8 DH_G_2048[] = { 0x05 }; static uint8 DH_G_3072[] = { 0x0D }; -static uint8 diffie_hellman_group1_prime[130] = { 0x04, +static uint8 diffie_hellman_group1_prime[] = { 0x00, 0x04, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, @@ -44,7 +44,7 @@ static uint8 diffie_hellman_group1_prime[130] = { 0x04, }; /* prime - 4096 bits */ -static uint8 diffie_hellman_prime_4096[512] = { +static uint8 diffie_hellman_prime_4096[] = { 0x00, 0x98, 0xb7, 0x3d, 0x66, 0xf1, 0x18, 0x61, 0xa9, 0x36, 0xd9, 0xf1, 0xbf, 0x65, 0xbb, 0x7c, 0x06, 0x10, 0x15, 0xe5, 0x24, 0x47, @@ -122,7 +122,7 @@ static uint8 diffie_hellman_prime_4096[512] = { }; /* prime - 3072 bits */ -static uint8 diffie_hellman_prime_3072[384] = { +static uint8 diffie_hellman_prime_3072[] = { 0x00, 0xd5, 0x6e, 0xc8, 0x1f, 0xe9, 0x80, 0x9e, 0x56, 0x35, 0x6d, 0x6d, 0xdb, 0xfa, 0x47, 0x75, 0xcd, 0xfa, 0x32, 0x52, 0x1a, 0xc8, @@ -181,7 +181,7 @@ static uint8 diffie_hellman_prime_3072[384] = { }; /* prime - 2048 bits */ -static uint8 diffie_hellman_prime_2048[256] = { +static uint8 diffie_hellman_prime_2048[] = { 0x00, 0xf0, 0x49, 0x65, 0x6d, 0x24, 0x61, 0xe6, 0x86, 0x8e, 0x57, 0x2b, 0x9b, 0x1c, 0x53, 0x2e, 0xef, 0xd2, 0x6e, 0xe5, 0x6c, 0xc4, @@ -306,8 +306,7 @@ int i, n; n = dh_primes[i].prime.size; _gnutls_mpi_release( &dh_primes[i]._prime); - if (_gnutls_mpi_scan(&dh_primes[i]._prime, GCRYMPI_FMT_USG, - dh_primes[i].prime.data, &n) + if (_gnutls_mpi_scan(&dh_primes[i]._prime, dh_primes[i].prime.data, &n) || dh_primes[i]._prime == NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; @@ -317,8 +316,7 @@ int i, n; n = dh_primes[i].generator.size; _gnutls_mpi_release( &dh_primes[i]._generator); - if (_gnutls_mpi_scan(&dh_primes[i]._generator, GCRYMPI_FMT_USG, - dh_primes[i].generator.data, &n) + if (_gnutls_mpi_scan(&dh_primes[i]._generator, dh_primes[i].generator.data, &n) || dh_primes[i]._generator == NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; @@ -454,15 +452,13 @@ int gnutls_dh_replace_params( gnutls_datum prime, gnutls_datum generator, int bi } while(dh_primes[i].bits!=0); siz = prime.size; - if (_gnutls_mpi_scan(&tmp_prime, GCRYMPI_FMT_USG, - prime.data, &siz)) { + if (_gnutls_mpi_scan(&tmp_prime, prime.data, &siz)) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } siz = generator.size; - if (_gnutls_mpi_scan(&tmp_g, GCRYMPI_FMT_USG, - generator.data, &siz)) { + if (_gnutls_mpi_scan(&tmp_g, generator.data, &siz)) { _gnutls_mpi_release( &tmp_prime); gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; @@ -533,7 +529,7 @@ int gnutls_dh_generate_params( gnutls_datum* prime, gnutls_datum* generator, int } siz = 0; - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &siz, tmp_g); + _gnutls_mpi_print( NULL, &siz, tmp_g); generator->data = gnutls_malloc(siz); if (generator->data == NULL) { @@ -543,11 +539,11 @@ int gnutls_dh_generate_params( gnutls_datum* prime, gnutls_datum* generator, int } generator->size = siz; - gcry_mpi_print(GCRYMPI_FMT_USG, generator->data, &siz, tmp_g); + _gnutls_mpi_print( generator->data, &siz, tmp_g); siz = 0; - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &siz, tmp_prime); + _gnutls_mpi_print( NULL, &siz, tmp_prime); prime->data = gnutls_malloc(siz); if (prime->data == NULL) { @@ -557,7 +553,7 @@ int gnutls_dh_generate_params( gnutls_datum* prime, gnutls_datum* generator, int return GNUTLS_E_MEMORY_ERROR; } prime->size = siz; - gcry_mpi_print(GCRYMPI_FMT_USG, prime->data, &siz, tmp_prime); + _gnutls_mpi_print( prime->data, &siz, tmp_prime); return 0; diff --git a/lib/gnutls_gcry.c b/lib/gnutls_gcry.c index 41685d650a..f519d345b3 100644 --- a/lib/gnutls_gcry.c +++ b/lib/gnutls_gcry.c @@ -33,8 +33,20 @@ MPI _gnutls_mpi_new( int bits) { return gcry_mpi_new( bits); } -int _gnutls_mpi_scan( GCRY_MPI *ret_mpi, enum gcry_mpi_format format, - const char *buffer, size_t *nbytes ) { - return gcry_mpi_scan( ret_mpi, format, buffer, nbytes); +int _gnutls_mpi_scan( GCRY_MPI *ret_mpi, const opaque *buffer, size_t *nbytes ) { + return gcry_mpi_scan( ret_mpi, GCRYMPI_FMT_STD, buffer, nbytes); } + +int _gnutls_mpi_scan_raw( GCRY_MPI *ret_mpi, const opaque *buffer, size_t *nbytes ) { + return gcry_mpi_scan( ret_mpi, GCRYMPI_FMT_USG, buffer, nbytes); + +} + +int _gnutls_mpi_print( opaque *buffer, size_t *nbytes, const GCRY_MPI a ) { + return gcry_mpi_print( GCRYMPI_FMT_STD, buffer, nbytes, a); +} + +int _gnutls_mpi_print_raw( opaque *buffer, size_t *nbytes, const GCRY_MPI a ) { + return gcry_mpi_print( GCRYMPI_FMT_USG, buffer, nbytes, a); +} diff --git a/lib/gnutls_gcry.h b/lib/gnutls_gcry.h index eec1d13352..de14f6e4ad 100644 --- a/lib/gnutls_gcry.h +++ b/lib/gnutls_gcry.h @@ -9,8 +9,10 @@ MPI _gnutls_mpi_new( int); void _gnutls_mpi_release( MPI* x); -int _gnutls_mpi_scan( GCRY_MPI *ret_mpi, enum gcry_mpi_format format, - const char *buffer, size_t *nbytes ); +int _gnutls_mpi_scan( GCRY_MPI *ret_mpi, const opaque *buffer, size_t *nbytes ); +int _gnutls_mpi_scan_raw( GCRY_MPI *ret_mpi, const opaque *buffer, size_t *nbytes ); +int _gnutls_mpi_print( opaque *buffer, size_t *nbytes, const GCRY_MPI a ); +int _gnutls_mpi_print_raw( opaque *buffer, size_t *nbytes, const GCRY_MPI a ); #endif diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 648aaaa252..f33d12172b 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -84,10 +84,6 @@ typedef const int* GNUTLS_LIST; #define HANDSHAKE_HEADER_SIZE 4 -#ifdef USE_GCRYPT -# include <gnutls_gcry.h> -#endif - #include <gnutls_mem.h> #include <gnutls_ui.h> @@ -96,6 +92,10 @@ typedef const int* GNUTLS_LIST; typedef unsigned char opaque; typedef struct { opaque pint[3]; } uint24; +#ifdef USE_GCRYPT +# include <gnutls_gcry.h> +#endif + typedef enum crypt_algo { SRPSHA1_CRYPT, BLOWFISH_CRYPT=2 } crypt_algo; typedef enum ChangeCipherSpecType { GNUTLS_TYPE_CHANGE_CIPHER_SPEC=1 } ChangeCipherSpecType; typedef enum AlertLevel { GNUTLS_AL_WARNING=1, GNUTLS_AL_FATAL } AlertLevel; diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index 704adb0309..85842e7fc7 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -91,7 +91,7 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext, ps[psize] = 0; memcpy(&ps[psize + 1], plaintext.data, plaintext.size); - if (_gnutls_mpi_scan(&m, GCRYMPI_FMT_USG, edata, &k) != 0) { + if (_gnutls_mpi_scan(&m, edata, &k) != 0) { gnutls_assert(); gnutls_free(edata); return GNUTLS_E_MPI_SCAN_FAILED; @@ -108,7 +108,7 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext, return ret; } - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &psize, res); + _gnutls_mpi_print_raw( NULL, &psize, res); ciphertext->data = gnutls_malloc(psize); if (ciphertext->data == NULL) { @@ -116,7 +116,7 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext, _gnutls_mpi_release(&res); return GNUTLS_E_MEMORY_ERROR; } - gcry_mpi_print(GCRYMPI_FMT_USG, ciphertext->data, &psize, res); + _gnutls_mpi_print_raw( ciphertext->data, &psize, res); ciphertext->size = psize; _gnutls_mpi_release(&res); @@ -140,16 +140,20 @@ int _gnutls_pkcs1_rsa_decrypt(gnutls_sdatum * plaintext, gnutls_datum ciphertext k = gcry_mpi_get_nbits(n) / 8; esize = ciphertext.size; - if (esize!=k) { + /* here we have a problem if the integer has leading zeros. + * However this is STRICT PKCS1. + */ + if (esize != k) { gnutls_assert(); return GNUTLS_E_PK_DECRYPTION_FAILED; } - - if (_gnutls_mpi_scan(&c, GCRYMPI_FMT_USG, ciphertext.data, &esize) != 0) { + + if (_gnutls_mpi_scan_raw(&c, ciphertext.data, &esize) != 0) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } + _pkey[0] = &n; _pkey[1] = &pkey; @@ -161,14 +165,14 @@ int _gnutls_pkcs1_rsa_decrypt(gnutls_sdatum * plaintext, gnutls_datum ciphertext return ret; } - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &esize, res); + _gnutls_mpi_print( NULL, &esize, res); edata = gnutls_malloc(esize+1); if (edata == NULL) { gnutls_assert(); _gnutls_mpi_release(&res); return GNUTLS_E_MEMORY_ERROR; } - gcry_mpi_print(GCRYMPI_FMT_USG, &edata[1], &esize, res); + _gnutls_mpi_print( &edata[1], &esize, res); _gnutls_mpi_release(&res); diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c index f17971ce74..3501944ede 100644 --- a/lib/gnutls_privkey.c +++ b/lib/gnutls_privkey.c @@ -67,7 +67,7 @@ int _gnutls_pkcs1key2gnutlsKey(gnutls_private_key * pkey, gnutls_datum cert) { return GNUTLS_E_ASN1_PARSING_ERROR; } if (_gnutls_mpi_scan( &pkey->params[0], /* u */ - GCRYMPI_FMT_USG, str, &len) != 0 || pkey->params[0]==NULL) { + str, &len) != 0 || pkey->params[0]==NULL) { gnutls_assert(); asn1_delete_structure(pkcs_asn); return GNUTLS_E_MPI_SCAN_FAILED; @@ -85,7 +85,7 @@ int _gnutls_pkcs1key2gnutlsKey(gnutls_private_key * pkey, gnutls_datum cert) { } if (_gnutls_mpi_scan( &pkey->params[1], /* A */ - GCRYMPI_FMT_USG, str, &len) != 0 || pkey->params[1] == NULL) { + str, &len) != 0 || pkey->params[1] == NULL) { gnutls_assert(); asn1_delete_structure(pkcs_asn); _gnutls_mpi_release( &pkey->params[0]); diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c index 91ca92d83f..31fa8600cd 100644 --- a/lib/gnutls_srp.c +++ b/lib/gnutls_srp.c @@ -39,7 +39,7 @@ int _gnutls_srp_gx(opaque * text, int textsize, opaque ** result, MPI g, MPI x, e; int result_size; - if (_gnutls_mpi_scan(&x, GCRYMPI_FMT_USG, text, &textsize)) { + if (_gnutls_mpi_scan(&x, text, &textsize)) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } @@ -55,12 +55,12 @@ int _gnutls_srp_gx(opaque * text, int textsize, opaque ** result, MPI g, gcry_mpi_powm(e, g, x, prime); _gnutls_mpi_release(&x); - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &result_size, e); + _gnutls_mpi_print( NULL, &result_size, e); if (result != NULL) { *result = gnutls_malloc(result_size); if ((*result)==NULL) return GNUTLS_E_MEMORY_ERROR; - gcry_mpi_print(GCRYMPI_FMT_USG, *result, &result_size, e); + _gnutls_mpi_print( *result, &result_size, e); } _gnutls_mpi_release(&e); @@ -126,11 +126,11 @@ MPI _gnutls_calc_srp_u(MPI B) uint32 u; MPI ret; - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &b_size, B); + _gnutls_mpi_print( NULL, &b_size, B); b_holder = gnutls_malloc(b_size); if (b_holder==NULL) return NULL; - gcry_mpi_print(GCRYMPI_FMT_USG, b_holder, &b_size, B); + _gnutls_mpi_print( b_holder, &b_size, B); td = gnutls_hash_init(GNUTLS_MAC_SHA); diff --git a/lib/x509_extensions.c b/lib/x509_extensions.c index 0e6f7c5bb6..48360a8352 100644 --- a/lib/x509_extensions.c +++ b/lib/x509_extensions.c @@ -124,7 +124,6 @@ static int _parse_extension(gnutls_cert * cert, char *extnID, } if (strcmp(extnID, "2 5 29 15") == 0) { /* Key Usage */ -fprintf(stderr, "key USAGE FOUND\n"); return _extract_keyUsage(&cert->keyUsage, extnValue, extnValueLen); } |