diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | README | 43 | ||||
| -rw-r--r-- | configure.in | 18 | ||||
| -rw-r--r-- | doc/tex/Makefile.am | 6 | ||||
| -rw-r--r-- | doc/tex/funcs.tex | 7 | ||||
| -rw-r--r-- | doc/tex/macros.tex | 1 | ||||
| -rw-r--r-- | lib/Makefile.am | 29 | ||||
| -rw-r--r-- | lib/auth_cert.c | 37 | ||||
| -rw-r--r-- | lib/auth_dhe.c | 10 | ||||
| -rw-r--r-- | lib/auth_rsa.c | 11 | ||||
| -rw-r--r-- | lib/gnutls.h.in.in | 27 | ||||
| -rw-r--r-- | lib/gnutls_algorithms.c | 18 | ||||
| -rw-r--r-- | lib/gnutls_algorithms.h | 7 | ||||
| -rw-r--r-- | lib/gnutls_cert.c | 23 | ||||
| -rw-r--r-- | lib/gnutls_extensions.c | 17 | ||||
| -rw-r--r-- | lib/gnutls_extensions.h | 8 | ||||
| -rw-r--r-- | lib/gnutls_openpgp.h | 2 | ||||
| -rw-r--r-- | lib/gnutls_ui.h | 24 | ||||
| -rwxr-xr-x | lib/libgnutls-config.in | 8 | ||||
| -rw-r--r-- | src/Makefile.am | 14 | ||||
| -rw-r--r-- | src/cli.c | 5 | ||||
| -rw-r--r-- | src/common.c | 1 | ||||
| -rw-r--r-- | src/serv.c | 5 | ||||
| -rw-r--r-- | src/tests.c | 2 | ||||
| -rw-r--r-- | src/tls_test.c | 1 |
25 files changed, 163 insertions, 162 deletions
@@ -10,6 +10,7 @@ Version 0.4.2 - Replaced the included 1024 bit prime for Diffie Hellman, with a new random one. - Relicensed the library under the GNU Lesser General Public License +- Added gnutls-extra library which contains the GPL parts. Version 0.4.1 (7/04/2002) - Now uses alloca() for temporary variables @@ -14,34 +14,21 @@ It is currently under heavy development. **************************** LICENSE ISSUES: -Since the 0.4.2 version the gnutls library is covered under both the -GNU Lesser GPL, and GNU GPL Licenses. Previously released versions were -licensed under the GPL. (see COPYING and COPYING.LIB for the licenses) - -The LGPL license applies to all parts of the gnutls library except for the -"OPENPGP authentication" part, and the "SRP authentication" part, which are -only available under the GPL. Both of these parts can be disabled at compile -time. - -In order to create a library under the LGPL run the configure script with -the following parameters: - --disable-srp-authentication - --disable-openpgp-authentication - -This will disable the above authentication methods. If this is not done -the library will be only available under the GPL. In both cases the generated -libraries are binary compatible. In the LGPL case the missing functions are -replaced with stubs that always fail. - -The rationale behind this license change is that given the fact that other -free libraries with similar functionality exist, keeping the gnutls library -GPL would not give any practical advantage to Free software developers. - -Please note that in many cases it is better for a library to be licensed -under the GPL, so that it provides an advantage for free software projects. -The Lesser GPL is so named because it does less to protect the freedom of -the users of the code that it covers. -See http://www.gnu.org/philosophy/why-not-lgpl.html for more explanation. +Since the 0.4.2 version the gnutls library is covered under the GNU +Lesser GPL. Previously released versions were licensed under the GNU GPL. + +We changed the license for most of GNUTLS because other free libraries +already exist that do the same jobs and have lax licenses. We want +GNUTLS to be usable in all the same places as those other libraries. +We kept some parts of GNUTLS under the GPL because they are unique, +and with the GPL they provide free software projects (which deserve +our help) an advantage over non-free projects (which do not deserve +our help, since they refuse to share with us). For more explanation, +see http://www.gnu.org/philosophy/why-not-lgpl.html. + +The GNU Lesser GPL license applies to the main gnutls library, while the +gnutls-extra library is under the GPL. + **************************** diff --git a/configure.in b/configure.in index 866bee7b90..dae7e0582d 100644 --- a/configure.in +++ b/configure.in @@ -252,7 +252,6 @@ AC_ARG_ENABLE( srp-authentication, [ --disable-srp-authentication disable t if test x$ac_enable_srp != xno; then AC_MSG_RESULT(no) AC_DEFINE(ENABLE_SRP) - LIBGNUTLS_MODULES="$LIBGNUTLS_MODULES srp-authentication" else AC_MSG_RESULT(yes) fi @@ -264,7 +263,6 @@ AC_ARG_ENABLE( anon-authentication, [ --disable-anon-authentication disable if test x$ac_enable_anon != xno; then AC_MSG_RESULT(no) AC_DEFINE(ENABLE_ANON) - LIBGNUTLS_MODULES="$LIBGNUTLS_MODULES anonymous-authentication" else AC_MSG_RESULT(yes) fi @@ -276,8 +274,7 @@ AC_ARG_ENABLE( openpgp-authentication, [ --disable-openpgp-authentication disab ) if test x$ac_enable_openpgp != xno; then AC_MSG_RESULT(no) - AM_PATH_LIBOPENCDK( 0.1.0, AC_DEFINE(HAVE_LIBOPENCDK) - LIBGNUTLS_MODULES="$LIBGNUTLS_MODULES openpgp-authentication", + AM_PATH_LIBOPENCDK( 0.1.0, AC_DEFINE(HAVE_LIBOPENCDK), AC_MSG_WARN([[ *** *** libopencdk was not found. You will not be able to use OpenPGP keys with gnutls. @@ -299,7 +296,6 @@ LIBGNUTLS_LIBS="$LIBS -L${libdir} -lgnutls $LIBGCRYPT_LIBS $LIBOPENCDK_LIBS" LIBGNUTLS_CFLAGS="$LIBGCRYPT_CFLAGS $LIBOPENCDK_CFLAGS -I${includedir}" AC_SUBST(LIBGNUTLS_LIBS) AC_SUBST(LIBGNUTLS_CFLAGS) -AC_SUBST(LIBGNUTLS_MODULES) if test $ac_cv_c_compiler_gnu != no; then @@ -335,18 +331,6 @@ AC_CONFIG_COMMANDS([lib/gnutls.h],[[ chmod +x lib/libgnutls-config ]],[[]]) -AC_CONFIG_COMMANDS_POST( - echo "***************************" -if test x$ac_enable_srp = xno && test x$ac_enable_openpgp = xno;then - echo "* License: GNU Lesser GPL *" -else - echo "* License: GNU GPL *" -fi - echo "***************************" - echo "(see the README file)" - echo "" -) - AC_CONFIG_FILES([Makefile src/Makefile lib/Makefile lib/libgnutls-config \ doc/Makefile src/x509/Makefile src/srp/Makefile doc/tex/Makefile \ doc/tex/cover.tex doc/scripts/Makefile src/openpgp/Makefile]) diff --git a/doc/tex/Makefile.am b/doc/tex/Makefile.am index db427ddcd0..42476a1dc7 100644 --- a/doc/tex/Makefile.am +++ b/doc/tex/Makefile.am @@ -6,12 +6,13 @@ EXTRA_DIST = gnutls.tex gnutls.ps gnutls.html asn1.ps asn1.html \ TEX_OBJECTS = gnutls.tex ../../lib/gnutls-api.tex serv1.tex ex1.tex ex2.tex ex3.tex fdl.tex \ macros.tex cover.tex ciphersuites.tex handshake.tex translayer.tex asn1.tex ../../lib/asn1-api.tex \ auth.tex ciphers.tex errors.tex layers.tex alert.tex record.tex \ - funcs.tex examples.tex ex4.tex + funcs.tex examples.tex ex4.tex ../../lib/gnutls-extra-api.tex ASN1_TEX_OBJECTS = fdl.tex asn1.tex ../../lib/asn1-api.tex gnutls.ps: $(TEX_OBJECTS) -$(LN_S) ../../lib/gnutls-api.tex . + -$(LN_S) ../../lib/gnutls-extra-api.tex . -$(LN_S) ../../lib/asn1-api.tex . -latex gnutls.tex && latex gnutls.tex && dvips gnutls.dvi -o gnutls.ps @@ -30,5 +31,4 @@ asn1.html: $(ASN1_TEX_OBJECTS) clean: @-rm *.log *.aux *.toc @-rm *.pl index.html gnutls.dvi - @-rm WARNINGS gnutls-api.tex -
\ No newline at end of file + @-rm WARNINGS gnutls-api.tex gnutls-extra-api.tex diff --git a/doc/tex/funcs.tex b/doc/tex/funcs.tex index 2026740879..48ddeabd35 100644 --- a/doc/tex/funcs.tex +++ b/doc/tex/funcs.tex @@ -1,4 +1,11 @@ \chapter{Function reference} +\section{\gnutls{} library} \include{gnutls-api} +\section{\gnutlse{} library} +These functions are only available in the GPL version of the +library called <gnutls-extra>. the prototypes are in <gnutls-extra.h>. + +\include{gnutls-extra-api} + diff --git a/doc/tex/macros.tex b/doc/tex/macros.tex index 5fdd1b4fdc..cec64c5836 100644 --- a/doc/tex/macros.tex +++ b/doc/tex/macros.tex @@ -1,4 +1,5 @@ \newcommand{\gnutls}{{\emph{GNUTLS}}} +\newcommand{\gnutlse}{{\emph{GNUTLS-EXTRA}}} \newcommand{\tlsI}{{\emph{TLS 1.0}}} \newcommand{\tls}{{\emph{TLS}}} \newcommand{\sslIII}{{\emph{SSL 3.0}}} diff --git a/lib/Makefile.am b/lib/Makefile.am index 7129d11bae..815c42fda6 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,4 +1,4 @@ -include_HEADERS = gnutls.h +include_HEADERS = gnutls.h gnutls-extra.h bin_SCRIPTS = libgnutls-config m4datadir = $(datadir)/aclocal @@ -19,9 +19,9 @@ EXTRA_DIST = debug.h gnutls_compress.h defines.h gnutls.asn pkix.asn \ gnutls_sig.h gnutls_mem.h x509_extensions.h gnutls_ui.h \ gnutls-api.tex io_debug.h ext_max_record.h gnutls_session_pack.h \ gnutls_alert.h asn1-api.tex gnutls_str.h gnutls_state.h gnutls_x509.h \ - gnutls_openpgp.h ext_cert_type.h + gnutls_openpgp.h ext_cert_type.h gnutls-extra-api.tex gnutls_extra.h -lib_LTLIBRARIES = libgnutls.la +lib_LTLIBRARIES = libgnutls.la libgnutls-extra.la COBJECTS = gnutls_record.c gnutls_compress.c debug.c \ @@ -29,24 +29,28 @@ COBJECTS = gnutls_record.c gnutls_compress.c debug.c \ gnutls_errors.c gnutls_algorithms.c gnutls_dh.c gnutls_kx.c \ gnutls_priority.c gnutls_hash_int.c gnutls_cipher_int.c \ gnutls_compress_int.c gnutls_session.c gnutls_db.c x509_b64.c \ - auth_anon.c gnutls_extensions.c ext_srp.c gnutls_auth.c \ - crypt_bcrypt.c crypt.c gnutls_random.c crypt_srpsha1.c gnutls_srp.c \ - auth_srp.c auth_srp_passwd.c gnutls_v2_compat.c auth_srp_sb64.c \ - gnutls_datum.c auth_rsa.c gnutls_session_pack.c \ + auth_anon.c gnutls_extensions.c gnutls_auth.c gnutls_random.c \ + gnutls_v2_compat.c gnutls_datum.c auth_rsa.c gnutls_session_pack.c \ gnutls_mpi.c gnutls_pk.c gnutls_cert.c x509_verify.c\ gnutls_global.c gnutls_privkey.c gnutls_constate.c gnutls_anon_cred.c \ x509_sig_check.c pkix_asn1_tab.c gnutls_asn1_tab.c gnutls_mem.c \ x509_extensions.c auth_cert.c gnutls_ui.c gnutls_sig.c auth_dhe.c \ gnutls_dh_primes.c ext_max_record.c gnutls_alert.c gnutls_int_compat.c \ - gnutls_str.c gnutls_state.c gnutls_x509.c gnutls_openpgp.c \ + gnutls_str.c gnutls_state.c gnutls_x509.c \ ext_cert_type.c +COBJECTS_EXTRA = crypt_bcrypt.c crypt.c crypt_srpsha1.c ext_srp.c \ + gnutls_srp.c auth_srp.c auth_srp_passwd.c auth_srp_sb64.c \ + gnutls_openpgp.c ext_cert_type.c gnutls_extra.c + # Separate so we can create the documentation COBJECTS2 = x509_ASN.y x509_asn1.c x509_der.c libgnutls_la_SOURCES = $(COBJECTS) $(COBJECTS2) +libgnutls_extra_la_SOURCES = $(COBJECTS_EXTRA) libgnutls_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) +libgnutls_extra_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) pkix_asn1_tab.c: pkix.asn -../src/asn1c pkix.asn pkix_asn1_tab.c @@ -61,6 +65,13 @@ gnutls-api.tex: $(COBJECTS) && echo "ok"; \ done +gnutls-extra-api.tex: $(COBJECTS_EXTRA) + @echo "\\newpage" > gnutls-extra-api.tex + @for i in $(COBJECTS_EXTRA); \ + do echo -n "Creating documentation for file $$i... " && ../doc/scripts/gdoc -tex $$i >> gnutls-extra-api.tex \ + && echo "ok"; \ + done + asn1-api.tex: $(COBJECTS2) @echo "\\newpage" > asn1-api.tex @for i in $(COBJECTS2); \ @@ -68,4 +79,4 @@ asn1-api.tex: $(COBJECTS2) && echo "ok"; \ done -all-local: gnutls-api.tex asn1-api.tex +all-local: gnutls-api.tex gnutls-extra-api.tex asn1-api.tex diff --git a/lib/auth_cert.c b/lib/auth_cert.c index 6585875a94..363bf5139a 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -39,7 +39,7 @@ #include <gnutls_state.h> #include <gnutls_pk.h> #include <gnutls_x509.h> -#include <gnutls_openpgp.h> +#include <gnutls_extra.h> #include "debug.h" /* Copies data from a internal certificate struct (gnutls_cert) to @@ -555,6 +555,10 @@ int _gnutls_gen_openpgp_certificate(GNUTLS_STATE state, return ret; } +OPENPGP_FINGERPRINT _E_gnutls_openpgp_fingerprint = NULL; +OPENPGP_KEY_REQUEST _E_gnutls_openpgp_request_key = NULL; +extern OPENPGP_CERT2GNUTLS_CERT _E_gnutls_openpgp_cert2gnutls_cert; + int _gnutls_gen_openpgp_certificate_fpr(GNUTLS_STATE state, opaque ** data) { @@ -600,7 +604,13 @@ int _gnutls_gen_openpgp_certificate_fpr(GNUTLS_STATE state, pdata++; fpr_size = 20; - if ( (ret=gnutls_openpgp_fingerprint( &apr_cert_list[0].raw, pdata, &fpr_size)) < 0) { + + if (_E_gnutls_openpgp_fingerprint==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if ( (ret=_E_gnutls_openpgp_fingerprint( &apr_cert_list[0].raw, pdata, &fpr_size)) < 0) { gnutls_assert(); return ret; } @@ -848,7 +858,11 @@ int _gnutls_proc_openpgp_server_certificate(GNUTLS_STATE state, /* request the actual key from our database, or * a key server or anything. */ - if ( (ret=_gnutls_openpgp_request_key( &akey, cred, p, 20)) < 0) { + if (_E_gnutls_openpgp_request_key==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + if ( (ret=_E_gnutls_openpgp_request_key( &akey, cred, p, 20)) < 0) { gnutls_assert(); return ret; } @@ -900,9 +914,16 @@ int _gnutls_proc_openpgp_server_certificate(GNUTLS_STATE state, memset( peer_certificate_list, 0, sizeof(gnutls_cert)* peer_certificate_list_size); - + if (_E_gnutls_openpgp_cert2gnutls_cert==NULL) { + gnutls_assert(); + gnutls_free_datum( &akey); + CLEAR_CERTS; + gnutls_afree(peer_certificate_list); + return GNUTLS_E_INVALID_REQUEST; + } + if ((ret = - _gnutls_openpgp_cert2gnutls_cert(&peer_certificate_list[0], + _E_gnutls_openpgp_cert2gnutls_cert(&peer_certificate_list[0], tmp)) < 0) { gnutls_assert(); gnutls_free_datum( &akey); @@ -1139,8 +1160,12 @@ int _gnutls_proc_cert_client_cert_vrfy(GNUTLS_STATE state, opaque * data, raw_certificate_list[0]); break; case GNUTLS_CRT_OPENPGP: + if (_E_gnutls_openpgp_cert2gnutls_cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } ret = - _gnutls_openpgp_cert2gnutls_cert(&peer_cert, + _E_gnutls_openpgp_cert2gnutls_cert(&peer_cert, info-> raw_certificate_list [0]); diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c index fd0d31ca5d..bd0b501521 100644 --- a/lib/auth_dhe.c +++ b/lib/auth_dhe.c @@ -28,7 +28,7 @@ #include <gnutls_datum.h> #include <auth_cert.h> #include <gnutls_x509.h> -#include <gnutls_openpgp.h> +#include <gnutls_extra.h> #include <gnutls_state.h> static int gen_dhe_server_kx(GNUTLS_STATE, opaque **); @@ -278,6 +278,8 @@ static int gen_dhe_client_kx(GNUTLS_STATE state, opaque ** data) return n_X + 2; } +OPENPGP_CERT2GNUTLS_CERT _E_gnutls_openpgp_cert2gnutls_cert = NULL; + static int proc_dhe_server_kx(GNUTLS_STATE state, opaque * data, int data_size) { @@ -394,8 +396,12 @@ static int proc_dhe_server_kx(GNUTLS_STATE state, opaque * data, break; case GNUTLS_CRT_OPENPGP: + if (_E_gnutls_openpgp_cert2gnutls_cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } if ((ret = - _gnutls_openpgp_cert2gnutls_cert( &peer_cert, + _E_gnutls_openpgp_cert2gnutls_cert( &peer_cert, info->raw_certificate_list[0])) < 0) { gnutls_assert(); return ret; diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index 84438af15d..01c159e99d 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -35,7 +35,7 @@ #include "debug.h" #include <gnutls_sig.h> #include <gnutls_x509.h> -#include <gnutls_openpgp.h> +#include <gnutls_extra.h> int gen_rsa_client_kx(GNUTLS_STATE, opaque **); int proc_rsa_client_kx(GNUTLS_STATE, opaque *, int); @@ -62,7 +62,8 @@ const MOD_AUTH_STRUCT rsa_auth_struct = { _gnutls_proc_cert_cert_req /* proc server cert request */ }; - +/* in auth_dhe.c */ +extern OPENPGP_CERT2GNUTLS_CERT _E_gnutls_openpgp_cert2gnutls_cert; /* This function reads the RSA parameters from peer's certificate; */ @@ -88,8 +89,12 @@ int i; break; case GNUTLS_CRT_OPENPGP: + if (_E_gnutls_openpgp_cert2gnutls_cert==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } if ((ret = - _gnutls_openpgp_cert2gnutls_cert( &peer_cert, + _E_gnutls_openpgp_cert2gnutls_cert( &peer_cert, info->raw_certificate_list[0])) < 0) { gnutls_assert(); return ret; diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index 7829b80673..8162192d0a 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -203,20 +203,9 @@ typedef struct DSTRUCT* GNUTLS_CERTIFICATE_CREDENTIALS; typedef GNUTLS_CERTIFICATE_CREDENTIALS GNUTLS_CERTIFICATE_CLIENT_CREDENTIALS; typedef GNUTLS_CERTIFICATE_CREDENTIALS GNUTLS_CERTIFICATE_SERVER_CREDENTIALS; -typedef struct DSTRUCT* GNUTLS_SRP_SERVER_CREDENTIALS; -typedef struct DSTRUCT* GNUTLS_SRP_CLIENT_CREDENTIALS; - typedef struct DSTRUCT* GNUTLS_ANON_SERVER_CREDENTIALS; typedef struct DSTRUCT* GNUTLS_ANON_CLIENT_CREDENTIALS; -void gnutls_srp_free_client_sc( GNUTLS_SRP_CLIENT_CREDENTIALS sc); -int gnutls_srp_allocate_client_sc( GNUTLS_SRP_CLIENT_CREDENTIALS *sc); -int gnutls_srp_set_client_cred( GNUTLS_SRP_CLIENT_CREDENTIALS res, char *username, char* password); - -void gnutls_srp_free_server_sc( GNUTLS_SRP_SERVER_CREDENTIALS sc); -int gnutls_srp_allocate_server_sc( GNUTLS_SRP_SERVER_CREDENTIALS *sc); -int gnutls_srp_set_server_cred_file( GNUTLS_SRP_SERVER_CREDENTIALS res, char *password_file, char* password_conf_file); - void gnutls_anon_free_server_sc( GNUTLS_ANON_SERVER_CREDENTIALS sc); int gnutls_anon_allocate_server_sc( GNUTLS_ANON_SERVER_CREDENTIALS *sc); int gnutls_anon_set_server_cred( GNUTLS_ANON_SERVER_CREDENTIALS res); @@ -246,22 +235,6 @@ int gnutls_certificate_set_x509_key_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const gnutls_datum* CERT, const gnutls_datum* KEY, GNUTLS_X509_CertificateFmt); -int gnutls_certificate_set_openpgp_key_file( GNUTLS_CERTIFICATE_CREDENTIALS res, char *CERTFILE, char* KEYFILE); -int gnutls_certificate_set_openpgp_key_mem( GNUTLS_CERTIFICATE_CREDENTIALS res, - const gnutls_datum* CERT, const gnutls_datum* KEY); - -void gnutls_certificate_set_openpgp_keyserver(GNUTLS_CERTIFICATE_CREDENTIALS res, - char* keyserver, int port); - -void gnutls_certificate_set_openpgp_trustdb(GNUTLS_CERTIFICATE_CREDENTIALS res, - char* trustdb); - -int gnutls_certificate_set_openpgp_keyring_mem( GNUTLS_CERTIFICATE_CREDENTIALS res, - const char *data, size_t len); - -int gnutls_certificate_set_openpgp_keyring_file( GNUTLS_CERTIFICATE_CREDENTIALS res, const char *name); - - /* global state functions */ /* In this version global_init accepts two files (pkix.asn, pkcs1.asn). diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index e0ffa98a9d..9d3934ff2a 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -161,35 +161,29 @@ static const gnutls_compression_entry compression_algorithms[] = { /* Key Exchange Section */ -struct gnutls_kx_algo_entry { - char *name; - KXAlgorithm algorithm; - MOD_AUTH_STRUCT *auth_struct; -}; -typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry; extern MOD_AUTH_STRUCT rsa_auth_struct; extern MOD_AUTH_STRUCT dhe_rsa_auth_struct; extern MOD_AUTH_STRUCT dhe_dss_auth_struct; extern MOD_AUTH_STRUCT anon_auth_struct; -extern MOD_AUTH_STRUCT srp_auth_struct; -static const gnutls_kx_algo_entry kx_algorithms[] = { + +#define MAX_KX_ALGOS 10 +const int _gnutls_kx_algorithms_size = MAX_KX_ALGOS; + +gnutls_kx_algo_entry _gnutls_kx_algorithms[MAX_KX_ALGOS] = { #ifdef ENABLE_ANON { "Anon DH", GNUTLS_KX_ANON_DH, &anon_auth_struct }, #endif { "RSA", GNUTLS_KX_RSA, &rsa_auth_struct }, { "DHE RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct }, { "DHE DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct }, -#ifdef ENABLE_SRP - { "SRP", GNUTLS_KX_SRP, &srp_auth_struct }, -#endif {0} }; #define GNUTLS_KX_LOOP(b) \ const gnutls_kx_algo_entry *p; \ - for(p = kx_algorithms; p->name != NULL; p++) { b ; } + for(p = _gnutls_kx_algorithms; p->name != NULL; p++) { b ; } #define GNUTLS_KX_ALG_LOOP(a) \ GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } ) diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h index 8a724258f6..2209a3b263 100644 --- a/lib/gnutls_algorithms.h +++ b/lib/gnutls_algorithms.h @@ -74,3 +74,10 @@ const char *gnutls_compression_get_name(CompressionMethod algorithm); /* Type to KX mappings */ KXAlgorithm _gnutls_map_kx_get_kx(CredType type); CredType _gnutls_map_kx_get_cred(KXAlgorithm algorithm); + +struct gnutls_kx_algo_entry { + char *name; + KXAlgorithm algorithm; + MOD_AUTH_STRUCT *auth_struct; +}; +typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry; diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 24b4a1edbc..a586a3cf72 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -37,7 +37,7 @@ #include <gnutls_state.h> #include <gnutls_auth_int.h> #include <gnutls_x509.h> -#include <gnutls_openpgp.h> +#include <gnutls_extra.h> /* KX mappings to PK algorithms */ typedef struct { @@ -300,6 +300,13 @@ void gnutls_certificate_server_set_select_func(GNUTLS_STATE state, state->gnutls_internals.server_cert_callback = func; } +/* These are set by the gnutls_extra library's initialization function. + */ + +OPENPGP_KEY_CREATION_TIME_FUNC _E_gnutls_openpgp_extract_key_creation_time = NULL; +OPENPGP_KEY_EXPIRATION_TIME_FUNC _E_gnutls_openpgp_extract_key_expiration_time = NULL; +OPENPGP_VERIFY_KEY_FUNC _E_gnutls_openpgp_verify_key = NULL; + /*- * _gnutls_openpgp_cert_verify_peers - This function returns the peer's certificate status * @state: is a gnutls state @@ -344,7 +351,11 @@ int _gnutls_openpgp_cert_verify_peers(GNUTLS_STATE state) /* Verify certificate */ - verify = gnutls_openpgp_verify_key( cred->pgp_trustdb, &cred->keyring, &info->raw_certificate_list[0], + if (_E_gnutls_openpgp_verify_key==NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + verify = _E_gnutls_openpgp_verify_key( cred->pgp_trustdb, &cred->keyring, &info->raw_certificate_list[0], peer_certificate_list_size); if (verify < 0) { @@ -426,7 +437,9 @@ time_t gnutls_certificate_expiration_time_peers(GNUTLS_STATE state) return gnutls_x509_extract_certificate_expiration_time( &info->raw_certificate_list[0]); case GNUTLS_CRT_OPENPGP: - return gnutls_openpgp_extract_key_expiration_time( + if (_E_gnutls_openpgp_extract_key_expiration_time==NULL) + return (time_t)-1; + return _E_gnutls_openpgp_extract_key_expiration_time( &info->raw_certificate_list[0]); default: return (time_t)-1; @@ -465,7 +478,9 @@ time_t gnutls_certificate_activation_time_peers(GNUTLS_STATE state) return gnutls_x509_extract_certificate_activation_time( &info->raw_certificate_list[0]); case GNUTLS_CRT_OPENPGP: - return gnutls_openpgp_extract_key_creation_time( + if (_E_gnutls_openpgp_extract_key_creation_time==NULL) + return (time_t)-1; + return _E_gnutls_openpgp_extract_key_creation_time( &info->raw_certificate_list[0]); default: return (time_t)-1; diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index 02ca265928..8610dc738d 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -22,7 +22,6 @@ #include "gnutls_int.h" #include "gnutls_extensions.h" #include "gnutls_errors.h" -#include "ext_srp.h" #include "ext_max_record.h" #include <ext_cert_type.h> #include "gnutls_num.h" @@ -31,17 +30,11 @@ #define GNUTLS_EXTENSION_ENTRY(type, ext_func_recv, ext_func_send) \ { #type, type, ext_func_recv, ext_func_send } -typedef struct { - char *name; - uint16 type; - int (*gnutls_ext_func_recv)( GNUTLS_STATE, const opaque*, int); /* recv data */ - int (*gnutls_ext_func_send)( GNUTLS_STATE, opaque*, int); /* send data */ -} gnutls_extension_entry; -static gnutls_extension_entry extensions[] = { -#ifdef ENABLE_SRP - GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_SRP, _gnutls_srp_recv_params, _gnutls_srp_send_params), -#endif +#define MAX_EXT_SIZE 10 +const int _gnutls_extensions_size = MAX_EXT_SIZE; + +gnutls_extension_entry _gnutls_extensions[MAX_EXT_SIZE] = { GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_MAX_RECORD_SIZE, _gnutls_max_record_recv_params, _gnutls_max_record_send_params), GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_CERT_TYPE, _gnutls_cert_type_recv_params, _gnutls_cert_type_send_params), {0} @@ -49,7 +42,7 @@ static gnutls_extension_entry extensions[] = { #define GNUTLS_EXTENSION_LOOP2(b) \ gnutls_extension_entry *p; \ - for(p = extensions; p->name != NULL; p++) { b ; } + for(p = _gnutls_extensions; p->name != NULL; p++) { b ; } #define GNUTLS_EXTENSION_LOOP(a) \ GNUTLS_EXTENSION_LOOP2( if(p->type == type) { a; break; } ) diff --git a/lib/gnutls_extensions.h b/lib/gnutls_extensions.h index 52e12b5c9b..30243f8ca6 100644 --- a/lib/gnutls_extensions.h +++ b/lib/gnutls_extensions.h @@ -18,9 +18,17 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ +#include <gnutls_int.h> + void* _gnutls_ext_func_send(uint16 type); void* _gnutls_ext_func_recv(uint16 type); const char *_gnutls_extension_get_name(uint16 type); int _gnutls_parse_extensions( GNUTLS_STATE, const opaque*, int); int _gnutls_gen_extensions( GNUTLS_STATE state, opaque** data); +typedef struct { + char *name; + uint16 type; + int (*gnutls_ext_func_recv)( GNUTLS_STATE, const opaque*, int); /* recv data */ + int (*gnutls_ext_func_send)( GNUTLS_STATE, opaque*, int); /* send data */ +} gnutls_extension_entry; diff --git a/lib/gnutls_openpgp.h b/lib/gnutls_openpgp.h index 8149556f3e..a0ec4dd2e1 100644 --- a/lib/gnutls_openpgp.h +++ b/lib/gnutls_openpgp.h @@ -1,6 +1,8 @@ #ifndef GNUTLS_OPENPGP_H #define GNUTLS_OPENPGP_H +#include <auth_cert.h> + /* OpenCDK compatible */ typedef enum { KEY_ATTR_NONE = 0, diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h index bee125a930..69201df2ee 100644 --- a/lib/gnutls_ui.h +++ b/lib/gnutls_ui.h @@ -52,19 +52,11 @@ typedef enum GNUTLS_X509_SUBJECT_ALT_NAME { typedef int gnutls_certificate_client_select_func(GNUTLS_STATE, const gnutls_datum *, int, const gnutls_datum *, int); typedef int gnutls_certificate_server_select_func(GNUTLS_STATE, const gnutls_datum *, int); -typedef int gnutls_srp_server_select_func(GNUTLS_STATE, char **, char**, int); - /* Functions that allow AUTH_INFO structures handling */ GNUTLS_CredType gnutls_auth_get_type( GNUTLS_STATE state); -/* SRP */ - -const char* gnutls_srp_server_get_username( GNUTLS_STATE state); - -void gnutls_srp_server_set_select_func( GNUTLS_STATE, gnutls_srp_server_select_func *); - /* DH */ void gnutls_dh_set_prime_bits( GNUTLS_STATE state, int bits); @@ -93,22 +85,6 @@ int gnutls_x509_extract_certificate_pk_algorithm( const gnutls_datum * cert, int int gnutls_x509_verify_certificate( const gnutls_datum* cert_list, int cert_list_length, const gnutls_datum * CA_list, int CA_list_length, const gnutls_datum* CRL_list, int CRL_list_length); -/* Openpgp certificate stuff */ -int gnutls_openpgp_extract_key_name( const gnutls_datum *cert, - int idx, - gnutls_openpgp_name *dn ); - -int gnutls_openpgp_extract_key_pk_algorithm(const gnutls_datum *cert, - int *r_bits); - -int gnutls_openpgp_extract_key_version( const gnutls_datum *cert ); - -time_t gnutls_openpgp_extract_key_creation_time( const gnutls_datum *cert ); -time_t gnutls_openpgp_extract_key_expiration_time( const gnutls_datum *cert ); - -int gnutls_openpgp_verify_key( const gnutls_datum* keyring, - const gnutls_datum* key_list, - int key_list_length); /* get data from the state */ const gnutls_datum* gnutls_certificate_get_peers( GNUTLS_STATE, int* list_size); diff --git a/lib/libgnutls-config.in b/lib/libgnutls-config.in index b83682bcb3..dbf91486fb 100755 --- a/lib/libgnutls-config.in +++ b/lib/libgnutls-config.in @@ -6,7 +6,6 @@ exec_prefix_set=no gnutls_libs="@LIBGNUTLS_LIBS@" gnutls_cflags="@LIBGNUTLS_CFLAGS@" -gnutls_modules="@LIBGNUTLS_MODULES@" usage() { @@ -18,7 +17,6 @@ Options: [--version] [--libs] [--cflags] - [--modules] EOF exit $1 } @@ -60,9 +58,6 @@ while test $# -gt 0; do --libs) echo_libs=yes ;; - --modules) - echo_modules=yes - ;; *) usage 1 1>&2 ;; @@ -94,8 +89,5 @@ if test "$echo_libs" = "yes"; then echo ${gnutls_libs} fi -if test "$echo_modules" = "yes"; then - echo ${gnutls_modules} -fi diff --git a/src/Makefile.am b/src/Makefile.am index e9e9397897..b55527bb93 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -7,13 +7,13 @@ INCLUDES = -I../lib bin_PROGRAMS = gnutls-serv gnutls-cli gnutls-srpcrypt gnutls-cli-debug gnutls_serv_SOURCES = serv-gaa.c serv.c common.c -gnutls_serv_LDADD = ../lib/libgnutls.la $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS) +gnutls_serv_LDADD = ../lib/libgnutls.la ../lib/libgnutls-extra.la $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS) gnutls_srpcrypt_SOURCES = crypt-gaa.c crypt.c -gnutls_srpcrypt_LDADD = ../lib/libgnutls.la $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS) +gnutls_srpcrypt_LDADD = ../lib/libgnutls.la ../lib/libgnutls-extra.la $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS) gnutls_cli_SOURCES = cli-gaa.c cli.c common.c -gnutls_cli_LDADD = ../lib/libgnutls.la $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS) +gnutls_cli_LDADD = ../lib/libgnutls.la ../lib/libgnutls-extra.la $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS) gnutls_cli_debug_SOURCES = tls_test-gaa.c tls_test.c tests.c -gnutls_cli_debug_LDADD = ../lib/libgnutls.la $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS) +gnutls_cli_debug_LDADD = ../lib/libgnutls.la ../lib/libgnutls-extra.la $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS) @@ -21,11 +21,11 @@ noinst_PROGRAMS = prime asn1c CertificateExample CrlExample prime_SOURCES = prime-gaa.c prime.c prime_LDADD = ../lib/libgnutls.la $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS) CertificateExample_SOURCES = CertificateExample.c -CertificateExample_LDADD = ../lib/libgnutls.la $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS) +CertificateExample_LDADD = ../lib/libgnutls.la $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS) CrlExample_SOURCES = CrlExample.c -CrlExample_LDADD = ../lib/libgnutls.la $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS) +CrlExample_LDADD = ../lib/libgnutls.la $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS) asn1c_SOURCES = asn1c.c -asn1c_LDADD = ../lib/libgnutls.la $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS) +asn1c_LDADD = ../lib/libgnutls.la $(LIBGCRYPT_LIBS) $(LIBOPENCDK_LIBS) crypt-gaa.c: crypt.gaa @@ -28,6 +28,7 @@ #include <string.h> #include <unistd.h> #include "../lib/gnutls.h" +#include "../lib/gnutls-extra.h" #include <sys/time.h> #include <signal.h> #include <netdb.h> @@ -161,6 +162,10 @@ int main(int argc, char **argv) fprintf(stderr, "global state initialization error\n"); exit(1); } + if (gnutls_global_init_ext() < 0) { + fprintf(stderr, "global state initialization error\n"); + exit(1); + } /* X509 stuff */ diff --git a/src/common.c b/src/common.c index e6fe35f84b..9e0cba8b1d 100644 --- a/src/common.c +++ b/src/common.c @@ -1,5 +1,6 @@ #include <stdio.h> #include <gnutls.h> +#include <gnutls-extra.h> #include <time.h> #define PRINTX(x,y) if (y[0]!=0) printf(" # %s %s\n", x, y) diff --git a/src/serv.c b/src/serv.c index 805be19ed1..67974e673f 100644 --- a/src/serv.c +++ b/src/serv.c @@ -28,6 +28,7 @@ #include <string.h> #include <unistd.h> #include "../lib/gnutls.h" +#include "../lib/gnutls-extra.h" #include "common.h" #include <signal.h> #include "serv-gaa.h" @@ -333,6 +334,10 @@ int main(int argc, char **argv) fprintf(stderr, "global state initialization error\n"); exit(1); } + if (gnutls_global_init_ext() < 0) { + fprintf(stderr, "global state initialization error\n"); + exit(1); + } /* Note that servers must generate parameters for * Diffie Hellman. See gnutls_dh_params_generate(), and diff --git a/src/tests.c b/src/tests.c index a9c404171f..dd5bf5439b 100644 --- a/src/tests.c +++ b/src/tests.c @@ -17,7 +17,9 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ + #include "../lib/gnutls.h" +#include "../lib/gnutls-extra.h" #include <tests.h> #include <unistd.h> #include <signal.h> diff --git a/src/tls_test.c b/src/tls_test.c index f4c82e95cd..40cb9c7fc8 100644 --- a/src/tls_test.c +++ b/src/tls_test.c @@ -28,6 +28,7 @@ #include <string.h> #include <unistd.h> #include "../lib/gnutls.h" +#include "../lib/gnutls-extra.h" #include <sys/time.h> #include <signal.h> #include <netdb.h> |