diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-12-13 20:08:02 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-12-13 20:08:02 +0100 |
| commit | 9a7543f23b18907f37efbf8bf1f05560c902402f (patch) | |
| tree | f02561120bf2d099d43997370086ca5581cf8c5f | |
| parent | 070113ec2142111ee741e47b7c76aea20c9ceb38 (diff) | |
| download | gnutls-9a7543f23b18907f37efbf8bf1f05560c902402f.tar.gz | |
cipher_suite_st is no longer used internally. We only use a point to 2 bytes.
| -rw-r--r-- | lib/algorithms.h | 15 | ||||
| -rw-r--r-- | lib/algorithms/ciphersuites.c | 226 | ||||
| -rw-r--r-- | lib/auth/dh_common.c | 2 | ||||
| -rw-r--r-- | lib/auth/rsa.c | 2 | ||||
| -rw-r--r-- | lib/auth/rsa_export.c | 2 | ||||
| -rw-r--r-- | lib/gnutls_auth.c | 12 | ||||
| -rw-r--r-- | lib/gnutls_constate.c | 30 | ||||
| -rw-r--r-- | lib/gnutls_constate.h | 2 | ||||
| -rw-r--r-- | lib/gnutls_handshake.c | 79 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 7 | ||||
| -rw-r--r-- | lib/gnutls_session_pack.c | 13 | ||||
| -rw-r--r-- | lib/gnutls_state.c | 14 | ||||
| -rw-r--r-- | lib/gnutls_v2_compat.c | 8 |
13 files changed, 193 insertions, 219 deletions
diff --git a/lib/algorithms.h b/lib/algorithms.h index d588811e18..6b78505a84 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -61,18 +61,13 @@ const char *_gnutls_digest_get_name (gnutls_digest_algorithm_t algorithm); /* Functions for cipher suites. */ int _gnutls_supported_ciphersuites (gnutls_session_t session, uint8_t* cipher_suites, int max_cipher_suite_size); -const char *_gnutls_cipher_suite_get_name (cipher_suite_st * algorithm); -gnutls_mac_algorithm_t _gnutls_cipher_suite_get_prf (const cipher_suite_st * suite); +const char *_gnutls_cipher_suite_get_name (const uint8_t suite[2]); +gnutls_mac_algorithm_t _gnutls_cipher_suite_get_prf (const uint8_t suite[2]); gnutls_cipher_algorithm_t _gnutls_cipher_suite_get_cipher_algo (const - cipher_suite_st - * algorithm); -gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo (const cipher_suite_st - * algorithm); + uint8_t suite[2]); +gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo (const uint8_t suite[2]); gnutls_mac_algorithm_t _gnutls_cipher_suite_get_mac_algo (const - cipher_suite_st * - algorithm); -cipher_suite_st _gnutls_cipher_suite_get_suite_name (cipher_suite_st * - algorithm); + uint8_t suite[2]); /* Functions for ciphers. */ int _gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm); diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 6b4f034e32..88ce7ad536 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -26,15 +26,15 @@ #include <x509/common.h> /* Cipher SUITES */ -#define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls ) \ - { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls, GNUTLS_MAC_SHA256} -#define GNUTLS_CIPHER_SUITE_ENTRY_PRF( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls, prf ) \ - { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls, prf} +#define ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls ) \ + { #name, name, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls, GNUTLS_MAC_SHA256} +#define ENTRY_PRF( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls, prf ) \ + { #name, name, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls, prf} typedef struct { const char *name; - const cipher_suite_st id; + const uint8_t id[2]; gnutls_cipher_algorithm_t block_algorithm; gnutls_kx_algorithm_t kx_algorithm; gnutls_mac_algorithm_t mac_algorithm; @@ -220,452 +220,452 @@ typedef struct static const gnutls_cipher_suite_entry cs_algorithms[] = { /* DH_ANON */ - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DH_ANON_ARCFOUR_MD5, + ENTRY (GNUTLS_DH_ANON_ARCFOUR_MD5, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 0), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1, + ENTRY (GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA1, + ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA1, + ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1, + ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1, + ENTRY (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA256, + ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA256, + ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA256, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), /* PSK */ - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1, + ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1, GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 0), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1, + ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1, + ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1, + ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_AES_128_CBC_SHA256, + ENTRY (GNUTLS_PSK_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_AES_128_GCM_SHA256, + ENTRY (GNUTLS_PSK_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_NULL_SHA256, + ENTRY (GNUTLS_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), /* DHE-PSK */ - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1, + ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1, GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 0), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1, + ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1, + ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1, + ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA256, + ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_AES_128_GCM_SHA256, + ENTRY (GNUTLS_DHE_PSK_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_NULL_SHA256, + ENTRY (GNUTLS_DHE_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), /* SRP */ - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, + ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1, + ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1, + ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1, + ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1, + ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1, + ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1, + ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1, + ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1, + ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), /* DHE_DSS */ - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1, + ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 0), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1, + ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1, + ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1, + ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, + ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1, + ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256, + ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256, + ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), /* DHE_RSA */ - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1, + ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1, + ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1, + ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1, + ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1, + ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256, + ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256, + ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), /* RSA-NULL */ - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5, + ENTRY (GNUTLS_RSA_NULL_MD5, GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_SHA1, + ENTRY (GNUTLS_RSA_NULL_SHA1, GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_SHA256, + ENTRY (GNUTLS_RSA_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), /* RSA-EXPORT */ - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5, + ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5, GNUTLS_CIPHER_ARCFOUR_40, GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5, GNUTLS_SSL3, GNUTLS_TLS1_0, 0), /* RSA */ - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1, + ENTRY (GNUTLS_RSA_ARCFOUR_SHA1, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 0), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5, + ENTRY (GNUTLS_RSA_ARCFOUR_MD5, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 0), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1, + ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1, + ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1, + ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, + ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1, + ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256, + ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256, + ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), /* GCM */ - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_GCM_SHA256, + ENTRY (GNUTLS_RSA_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_GCM_SHA256, + ENTRY (GNUTLS_DHE_RSA_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_GCM_SHA256, + ENTRY (GNUTLS_DHE_DSS_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DH_ANON_AES_128_GCM_SHA256, + ENTRY (GNUTLS_DH_ANON_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), /* ECC-ANON */ - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDH_ANON_NULL_SHA, + ENTRY (GNUTLS_ECDH_ANON_NULL_SHA, GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH, GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA, + ENTRY (GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH, GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDH_ANON_AES_128_CBC_SHA, + ENTRY (GNUTLS_ECDH_ANON_AES_128_CBC_SHA, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH, GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDH_ANON_AES_256_CBC_SHA, + ENTRY (GNUTLS_ECDH_ANON_AES_256_CBC_SHA, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH, GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), /* ECC-RSA */ - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_RSA_NULL_SHA, + ENTRY (GNUTLS_ECDHE_RSA_NULL_SHA, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA, + ENTRY (GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA, + ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA, + ENTRY (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), /* ECDHE-ECDSA */ - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_ECDSA_NULL_SHA, + ENTRY (GNUTLS_ECDHE_ECDSA_NULL_SHA, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA, + ENTRY (GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA, + ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA, + ENTRY (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), /* More ECC */ - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256, + ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256, + ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256, + ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256, + ENTRY (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), /* ECC - PSK */ - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA, + ENTRY (GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA, + ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA, + ENTRY (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256, + ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY_PRF (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384, + ENTRY_PRF (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1, GNUTLS_MAC_SHA384), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ECDHE_PSK_NULL_SHA256, + ENTRY (GNUTLS_ECDHE_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), - GNUTLS_CIPHER_SUITE_ENTRY_PRF (GNUTLS_ECDHE_PSK_NULL_SHA384, + ENTRY_PRF (GNUTLS_ECDHE_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1, GNUTLS_MAC_SHA384), - GNUTLS_CIPHER_SUITE_ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384), - GNUTLS_CIPHER_SUITE_ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384), - GNUTLS_CIPHER_SUITE_ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384, + ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384), - {0, {{0, 0}}, 0, 0, 0, 0, 0, 0} + {0, {0, 0}, 0, 0, 0, 0, 0, 0} }; -#define GNUTLS_CIPHER_SUITE_LOOP(b) \ +#define CIPHER_SUITE_LOOP(b) \ const gnutls_cipher_suite_entry *p; \ for(p = cs_algorithms; p->name != NULL; p++) { b ; } -#define GNUTLS_CIPHER_SUITE_ALG_LOOP(a) \ - GNUTLS_CIPHER_SUITE_LOOP( if( (p->id.suite[0] == suite->suite[0]) && (p->id.suite[1] == suite->suite[1])) { a; break; } ) +#define CIPHER_SUITE_ALG_LOOP(a) \ + CIPHER_SUITE_LOOP( if( (p->id[0] == suite[0]) && (p->id[1] == suite[1])) { a; break; } ) /* Cipher Suite's functions */ gnutls_cipher_algorithm_t -_gnutls_cipher_suite_get_cipher_algo (const cipher_suite_st * suite) +_gnutls_cipher_suite_get_cipher_algo (const uint8_t suite[2]) { int ret = 0; - GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->block_algorithm); + CIPHER_SUITE_ALG_LOOP (ret = p->block_algorithm); return ret; } gnutls_kx_algorithm_t -_gnutls_cipher_suite_get_kx_algo (const cipher_suite_st * suite) +_gnutls_cipher_suite_get_kx_algo (const uint8_t suite[2]) { int ret = 0; - GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->kx_algorithm); + CIPHER_SUITE_ALG_LOOP (ret = p->kx_algorithm); return ret; } gnutls_mac_algorithm_t -_gnutls_cipher_suite_get_prf (const cipher_suite_st * suite) +_gnutls_cipher_suite_get_prf (const uint8_t suite[2]) { int ret = 0; - GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->prf); + CIPHER_SUITE_ALG_LOOP (ret = p->prf); return ret; } gnutls_mac_algorithm_t -_gnutls_cipher_suite_get_mac_algo (const cipher_suite_st * suite) +_gnutls_cipher_suite_get_mac_algo (const uint8_t suite[2]) { /* In bytes */ int ret = 0; - GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->mac_algorithm); + CIPHER_SUITE_ALG_LOOP (ret = p->mac_algorithm); return ret; } const char * -_gnutls_cipher_suite_get_name (cipher_suite_st * suite) +_gnutls_cipher_suite_get_name (const uint8_t suite[2]) { const char *ret = NULL; /* avoid prefix */ - GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_") - 1); + CIPHER_SUITE_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_") - 1); return ret; } @@ -678,7 +678,7 @@ cipher_suite_get (gnutls_kx_algorithm_t kx_algorithm, { const gnutls_cipher_suite_entry *ret = NULL; - GNUTLS_CIPHER_SUITE_LOOP ( + CIPHER_SUITE_LOOP ( if (kx_algorithm == p->kx_algorithm && cipher_algorithm == p->block_algorithm && mac_algorithm == p->mac_algorithm) { @@ -747,7 +747,7 @@ gnutls_cipher_suite_info (size_t idx, return NULL; if (cs_id) - memcpy (cs_id, cs_algorithms[idx].id.suite, 2); + memcpy (cs_id, cs_algorithms[idx].id, 2); if (kx) *kx = cs_algorithms[idx].kx_algorithm; if (cipher) @@ -762,12 +762,12 @@ gnutls_cipher_suite_info (size_t idx, static inline int -_gnutls_cipher_suite_is_ok (cipher_suite_st * suite) +_gnutls_cipher_suite_is_ok (const uint8_t suite[2]) { size_t ret; const char *name = NULL; - GNUTLS_CIPHER_SUITE_ALG_LOOP (name = p->name); + CIPHER_SUITE_ALG_LOOP (name = p->name); if (name != NULL) ret = 0; else @@ -804,7 +804,7 @@ _gnutls_supported_ciphersuites (gnutls_session_t session, if (k+2 > max_cipher_suite_size) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - memcpy (&cipher_suites[k], ce->id.suite, 2); + memcpy (&cipher_suites[k], ce->id, 2); k+=2; } diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c index 7a93d83789..25ad4e7798 100644 --- a/lib/auth/dh_common.c +++ b/lib/auth/dh_common.c @@ -163,7 +163,7 @@ _gnutls_gen_dh_common_client_kx_int (gnutls_session_t session, gnutls_buffer_st* _gnutls_mpi_release (&session->key->client_g); if (_gnutls_cipher_suite_get_kx_algo - (&session->security_parameters.current_cipher_suite) + (session->security_parameters.cipher_suite) != GNUTLS_KX_DHE_PSK) { ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key); diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c index 030ed35dde..d07e5e5708 100644 --- a/lib/auth/rsa.c +++ b/lib/auth/rsa.c @@ -99,7 +99,7 @@ _gnutls_get_public_rsa_params (gnutls_session_t session, /* EXPORT case: */ if (_gnutls_cipher_suite_get_kx_algo - (&session->security_parameters.current_cipher_suite) == + (session->security_parameters.cipher_suite) == GNUTLS_KX_RSA_EXPORT && _gnutls_pubkey_is_over_rsa_512(peer_cert.pubkey) == 0) { diff --git a/lib/auth/rsa_export.c b/lib/auth/rsa_export.c index 959f72c672..fca2826a63 100644 --- a/lib/auth/rsa_export.c +++ b/lib/auth/rsa_export.c @@ -93,7 +93,7 @@ _gnutls_get_private_rsa_params (gnutls_session_t session, ret = _gnutls_pubkey_is_over_rsa_512(session->internals.selected_cert_list[0].pubkey); if (_gnutls_cipher_suite_get_kx_algo - (&session->security_parameters.current_cipher_suite) + (session->security_parameters.cipher_suite) != GNUTLS_KX_RSA_EXPORT || ret < 0) { gnutls_assert (); diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c index 39c13485a0..eb64214b87 100644 --- a/lib/gnutls_auth.c +++ b/lib/gnutls_auth.c @@ -177,8 +177,8 @@ gnutls_auth_get_type (gnutls_session_t session) return _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite), + (session-> + security_parameters.cipher_suite), server); } @@ -198,8 +198,8 @@ gnutls_auth_server_get_type (gnutls_session_t session) { return _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite), 1); + (session-> + security_parameters.cipher_suite), 1); } /** @@ -218,8 +218,8 @@ gnutls_auth_client_get_type (gnutls_session_t session) { return _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite), 0); + (session-> + security_parameters.cipher_suite), 0); } diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index f1d7528ca7..40e30a2caf 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -321,7 +321,7 @@ _gnutls_init_record_state (record_parameters_st * params, gnutls_protocol_t ver, int _gnutls_epoch_set_cipher_suite (gnutls_session_t session, - int epoch_rel, cipher_suite_st * suite) + int epoch_rel, const uint8_t suite[2]) { gnutls_cipher_algorithm_t cipher_algo; gnutls_mac_algorithm_t mac_algo; @@ -454,7 +454,7 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch) #define CPY_COMMON dst->entity = src->entity; \ dst->kx_algorithm = src->kx_algorithm; \ - memcpy( &dst->current_cipher_suite, &src->current_cipher_suite, sizeof(cipher_suite_st)); \ + memcpy( dst->cipher_suite, src->cipher_suite, 2); \ memcpy( dst->master_secret, src->master_secret, GNUTLS_MASTER_SIZE); \ memcpy( dst->client_random, src->client_random, GNUTLS_RANDOM_SIZE); \ memcpy( dst->server_random, src->server_random, GNUTLS_RANDOM_SIZE); \ @@ -500,7 +500,7 @@ _gnutls_connection_state_init (gnutls_session_t session) static int _gnutls_check_algos (gnutls_session_t session, - cipher_suite_st * suite, + const uint8_t suite[2], gnutls_compression_method_t comp_algo) { gnutls_cipher_algorithm_t cipher_algo; @@ -557,16 +557,16 @@ _gnutls_read_connection_state_init (gnutls_session_t session) { ret = _gnutls_check_algos (session, - &session-> - security_parameters.current_cipher_suite, + session-> + security_parameters.cipher_suite, _gnutls_epoch_get_compression(session, epoch_next)); if (ret < 0) return ret; ret = _gnutls_set_kx (session, _gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite)); + (session-> + security_parameters.cipher_suite)); if (ret < 0) return ret; } @@ -580,8 +580,8 @@ _gnutls_read_connection_state_init (gnutls_session_t session) _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n", session, _gnutls_cipher_suite_get_name - (&session-> - security_parameters.current_cipher_suite)); + (session-> + security_parameters.cipher_suite)); session->security_parameters.epoch_read = epoch_next; @@ -605,16 +605,16 @@ _gnutls_write_connection_state_init (gnutls_session_t session) if (session->internals.resumed == RESUME_FALSE) { ret = _gnutls_check_algos (session, - &session-> - security_parameters.current_cipher_suite, + session-> + security_parameters.cipher_suite, _gnutls_epoch_get_compression(session, epoch_next)); if (ret < 0) return ret; ret = _gnutls_set_kx (session, _gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite)); + (session-> + security_parameters.cipher_suite)); if (ret < 0) return ret; } @@ -627,8 +627,8 @@ _gnutls_write_connection_state_init (gnutls_session_t session) _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n", session, _gnutls_cipher_suite_get_name - (&session-> - security_parameters.current_cipher_suite)); + (session-> + security_parameters.cipher_suite)); _gnutls_handshake_log ("HSK[%p]: Initializing internal [write] cipher sessions\n", session); diff --git a/lib/gnutls_constate.h b/lib/gnutls_constate.h index bb32fa1ff1..b7cb1c4d58 100644 --- a/lib/gnutls_constate.h +++ b/lib/gnutls_constate.h @@ -24,7 +24,7 @@ #define GNUTLS_CONSTATE_H int _gnutls_epoch_set_cipher_suite (gnutls_session_t session, int epoch_rel, - cipher_suite_st * suite); + const uint8_t suite[2]); int _gnutls_epoch_set_compression (gnutls_session_t session, int epoch_rel, gnutls_compression_method_t comp_algo); int _gnutls_epoch_get_compression (gnutls_session_t session, int epoch_rel); diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 024ad38414..6480033bcd 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -128,14 +128,13 @@ resume_copy_required_values (gnutls_session_t session) * That is because the client must see these in our * hello message. */ - memcpy (session->security_parameters.current_cipher_suite.suite, - session->internals.resumed_security_parameters.current_cipher_suite. - suite, 2); + memcpy (session->security_parameters.cipher_suite, + session->internals.resumed_security_parameters.cipher_suite, 2); session->security_parameters.compression_method = session->internals.resumed_security_parameters.compression_method; _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT, - &session-> - internals.resumed_security_parameters.current_cipher_suite); + session-> + internals.resumed_security_parameters.cipher_suite); _gnutls_epoch_set_compression (session, EPOCH_NEXT, session-> internals.resumed_security_parameters.compression_method); @@ -273,7 +272,7 @@ _gnutls_finished (gnutls_session_t session, int type, void *ret, int sending) } else { - int algorithm = _gnutls_cipher_suite_get_prf(&session->security_parameters.current_cipher_suite); + int algorithm = _gnutls_cipher_suite_get_prf(session->security_parameters.cipher_suite); rc = _gnutls_hash_fast( algorithm, session->internals.handshake_hash_buffer.data, len, concat); if (rc < 0) @@ -772,7 +771,6 @@ server_find_pk_algos_in_ciphersuites (const opaque * { unsigned int j; gnutls_kx_algorithm_t kx; - cipher_suite_st cs; int max = *algos_size; if (datalen % 2 != 0) @@ -784,8 +782,7 @@ server_find_pk_algos_in_ciphersuites (const opaque * *algos_size = 0; for (j = 0; j < datalen; j += 2) { - memcpy (&cs.suite, &data[j], 2); - kx = _gnutls_cipher_suite_get_kx_algo (&cs); + kx = _gnutls_cipher_suite_get_kx_algo (&data[j]); if (_gnutls_map_kx_get_cred (kx, 1) == GNUTLS_CRD_CERTIFICATE) { algos[(*algos_size)++] = _gnutls_map_pk_get_pk (kx); @@ -807,7 +804,6 @@ _gnutls_server_select_suite (gnutls_session_t session, opaque * data, { int i, j, ret, cipher_suites_size; size_t pk_algos_size; - cipher_suite_st cs; uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE]; int retval, err; gnutls_pk_algorithm_t pk_algos[MAX_ALGOS]; /* will hold the pk algorithms @@ -876,7 +872,7 @@ _gnutls_server_select_suite (gnutls_session_t session, opaque * data, return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } - memset (session->security_parameters.current_cipher_suite.suite, 0, 2); + memset (session->security_parameters.cipher_suite, 0, 2); retval = GNUTLS_E_UNKNOWN_CIPHER_SUITE; @@ -886,20 +882,19 @@ _gnutls_server_select_suite (gnutls_session_t session, opaque * data, { for (j = 0; j < datalen; j += 2) { - memcpy (&cs.suite, &data[j], 2); - _gnutls_handshake_log ("\t0x%.2x, 0x%.2x %s\n", data[j], data[j+1], _gnutls_cipher_suite_get_name (&cs)); + _gnutls_handshake_log ("\t0x%.2x, 0x%.2x %s\n", data[j], data[j+1], _gnutls_cipher_suite_get_name (&data[j])); for (i = 0; i < cipher_suites_size; i+=2) { if (memcmp (&cipher_suites[i], &data[j], 2) == 0) { _gnutls_handshake_log ("HSK[%p]: Selected cipher suite: %s\n", session, - _gnutls_cipher_suite_get_name (&cs)); - memcpy (session->security_parameters.current_cipher_suite.suite, + _gnutls_cipher_suite_get_name (&data[j])); + memcpy (session->security_parameters.cipher_suite, &cipher_suites[i], 2); _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT, - &session-> - security_parameters.current_cipher_suite); + session-> + security_parameters.cipher_suite); retval = 0; @@ -916,15 +911,14 @@ _gnutls_server_select_suite (gnutls_session_t session, opaque * data, { if (memcmp (&cipher_suites[i], &data[j], 2) == 0) { - memcpy (&cs.suite, &data[j], 2); _gnutls_handshake_log ("HSK[%p]: Selected cipher suite: %s\n", session, - _gnutls_cipher_suite_get_name (&cs)); - memcpy (session->security_parameters.current_cipher_suite.suite, + _gnutls_cipher_suite_get_name (&data[j])); + memcpy (session->security_parameters.cipher_suite, &cipher_suites[i], 2); _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT, - &session-> - security_parameters.current_cipher_suite); + session-> + security_parameters.cipher_suite); retval = 0; @@ -945,8 +939,8 @@ finish: */ if (_gnutls_get_kx_cred (session, - _gnutls_cipher_suite_get_kx_algo (&session-> - security_parameters.current_cipher_suite), + _gnutls_cipher_suite_get_kx_algo (session-> + security_parameters.cipher_suite), &err) == NULL && err != 0) { gnutls_assert (); @@ -960,8 +954,8 @@ finish: */ session->internals.auth_struct = _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite)); + (session-> + security_parameters.cipher_suite)); if (session->internals.auth_struct == NULL) { @@ -1371,15 +1365,15 @@ _gnutls_client_set_ciphersuite (gnutls_session_t session, opaque suite[2]) return GNUTLS_E_UNKNOWN_CIPHER_SUITE; } - memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2); + memcpy (session->security_parameters.cipher_suite, suite, 2); _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT, - &session-> - security_parameters.current_cipher_suite); + session-> + security_parameters.cipher_suite); _gnutls_handshake_log ("HSK[%p]: Selected cipher suite: %s\n", session, _gnutls_cipher_suite_get_name - (&session-> - security_parameters.current_cipher_suite)); + (session-> + security_parameters.cipher_suite)); /* check if the credentials (username, public key etc.) are ok. @@ -1388,7 +1382,7 @@ _gnutls_client_set_ciphersuite (gnutls_session_t session, opaque suite[2]) if (_gnutls_get_kx_cred (session, _gnutls_cipher_suite_get_kx_algo - (&session->security_parameters.current_cipher_suite), &err) == NULL + (session->security_parameters.cipher_suite), &err) == NULL && err != 0) { gnutls_assert (); @@ -1402,8 +1396,8 @@ _gnutls_client_set_ciphersuite (gnutls_session_t session, opaque suite[2]) */ session->internals.auth_struct = _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite)); + (session-> + security_parameters.cipher_suite)); if (session->internals.auth_struct == NULL) { @@ -1492,8 +1486,8 @@ _gnutls_client_check_if_resuming (gnutls_session_t session, _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT, - &session->internals. - resumed_security_parameters.current_cipher_suite); + session->internals. + resumed_security_parameters.cipher_suite); _gnutls_epoch_set_compression (session, EPOCH_NEXT, session-> internals.resumed_security_parameters.compression_method); @@ -1985,7 +1979,7 @@ _gnutls_send_server_hello (gnutls_session_t session, int again) sizeof (buf), NULL)); memcpy (&data[pos], - session->security_parameters.current_cipher_suite.suite, 2); + session->security_parameters.cipher_suite, 2); pos += 2; comp = _gnutls_compression_get_num ( session->security_parameters.compression_method); @@ -2025,7 +2019,7 @@ _gnutls_send_hello (gnutls_session_t session, int again) } /* RECEIVE A HELLO MESSAGE. This should be called from gnutls_recv_handshake_int only if a - * hello message is expected. It uses the security_parameters.current_cipher_suite + * hello message is expected. It uses the security_parameters.cipher_suite * and internals.compression_method. */ int @@ -3039,7 +3033,6 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, { int ret = 0; - cipher_suite_st cs; int i, new_suites_size; gnutls_certificate_credentials_t cert_cred; gnutls_kx_algorithm_t kx; @@ -3094,9 +3087,7 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, /* finds the key exchange algorithm in * the ciphersuite */ - cs.suite[0] = cipher_suites[i]; - cs.suite[1] = cipher_suites[i+1]; - kx = _gnutls_cipher_suite_get_kx_algo (&cs); + kx = _gnutls_cipher_suite_get_kx_algo (&cipher_suites[i]); /* if it is defined but had no credentials */ @@ -3140,7 +3131,7 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, _gnutls_handshake_log ("HSK[%p]: Keeping ciphersuite: %s\n", session, - _gnutls_cipher_suite_get_name (&cs)); + _gnutls_cipher_suite_get_name (&cipher_suites[i])); if (i != new_suites_size) memmove( &cipher_suites[new_suites_size], &cipher_suites[i], 2); @@ -3150,7 +3141,7 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, { _gnutls_handshake_log ("HSK[%p]: Removing ciphersuite: %s\n", session, - _gnutls_cipher_suite_get_name (&cs)); + _gnutls_cipher_suite_get_name (&cipher_suites[i])); } } diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 4ace3d4425..3767f10442 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -421,11 +421,6 @@ typedef struct record_parameters_st record_parameters_st; typedef struct { - uint8_t suite[2]; -} cipher_suite_st; - -typedef struct -{ uint8_t hash_algorithm; uint8_t sign_algorithm; /* pk algorithm actually */ } sign_algorithm_st; @@ -477,7 +472,7 @@ typedef struct * moved here from internals in order to be restored * on resume; */ - cipher_suite_st current_cipher_suite; + uint8_t cipher_suite[2]; gnutls_compression_method_t compression_method; opaque master_secret[GNUTLS_MASTER_SIZE]; opaque client_random[GNUTLS_RANDOM_SIZE]; diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index 07db0df039..b5302669e9 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -768,11 +768,7 @@ pack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps) BUFFER_APPEND_NUM (ps, session->security_parameters.entity); BUFFER_APPEND_NUM (ps, session->security_parameters.kx_algorithm); BUFFER_APPEND (ps, - &session->security_parameters.current_cipher_suite.suite[0], - 1); - BUFFER_APPEND (ps, - &session->security_parameters.current_cipher_suite.suite[1], - 1); + session->security_parameters.cipher_suite, 2); BUFFER_APPEND_NUM (ps, session->security_parameters.compression_method); BUFFER_APPEND_NUM (ps, session->security_parameters.cert_type); BUFFER_APPEND_NUM (ps, session->security_parameters.version); @@ -817,11 +813,8 @@ unpack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps) BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.kx_algorithm); BUFFER_POP (ps, - &session->internals. - resumed_security_parameters.current_cipher_suite.suite[0], 1); - BUFFER_POP (ps, - &session->internals.resumed_security_parameters. - current_cipher_suite.suite[1], 1); + session->internals. + resumed_security_parameters.cipher_suite, 2); BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.compression_method); BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.cert_type); BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.version); diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 3fcd803ad7..3e1e3aeb97 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -921,7 +921,7 @@ _gnutls_PRF (gnutls_session_t session, if (_gnutls_version_has_selectable_prf (ver)) { result = - P_hash (_gnutls_cipher_suite_get_prf(&session->security_parameters.current_cipher_suite), + P_hash (_gnutls_cipher_suite_get_prf(session->security_parameters.cipher_suite), secret, secret_size, s_seed, s_seed_size, total_bytes, ret); if (result < 0) @@ -1124,8 +1124,8 @@ _gnutls_session_is_export (gnutls_session_t session) gnutls_cipher_algorithm_t cipher; cipher = - _gnutls_cipher_suite_get_cipher_algo (&session-> - security_parameters.current_cipher_suite); + _gnutls_cipher_suite_get_cipher_algo (session-> + security_parameters.cipher_suite); if (_gnutls_cipher_get_export_flag (cipher) != 0) return 1; @@ -1146,8 +1146,8 @@ _gnutls_session_is_psk (gnutls_session_t session) gnutls_kx_algorithm_t kx; kx = - _gnutls_cipher_suite_get_kx_algo (&session-> - security_parameters.current_cipher_suite); + _gnutls_cipher_suite_get_kx_algo (session-> + security_parameters.cipher_suite); if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK) return 1; @@ -1170,8 +1170,8 @@ _gnutls_session_is_ecc (gnutls_session_t session) * the negotiated key exchange might not have been set yet. */ kx = - _gnutls_cipher_suite_get_kx_algo (&session-> - security_parameters.current_cipher_suite); + _gnutls_cipher_suite_get_kx_algo (session-> + security_parameters.cipher_suite); return _gnutls_kx_is_ecc(kx); } diff --git a/lib/gnutls_v2_compat.c b/lib/gnutls_v2_compat.c index b258febb8f..57e82fda57 100644 --- a/lib/gnutls_v2_compat.c +++ b/lib/gnutls_v2_compat.c @@ -175,8 +175,8 @@ _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data, */ if (_gnutls_get_kx_cred (session, - _gnutls_cipher_suite_get_kx_algo (&session-> - security_parameters.current_cipher_suite), + _gnutls_cipher_suite_get_kx_algo (session-> + security_parameters.cipher_suite), &err) == NULL && err != 0) { gnutls_assert (); @@ -189,8 +189,8 @@ _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data, */ session->internals.auth_struct = _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite)); + (session-> + security_parameters.cipher_suite)); if (session->internals.auth_struct == NULL) { |