diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | README | 6 | ||||
| -rw-r--r-- | lib/crypt_srpsha1.c | 6 | ||||
| -rw-r--r-- | lib/gnutls.h.in.in | 2 | ||||
| -rw-r--r-- | lib/gnutls_handshake.c | 8 | ||||
| -rw-r--r-- | lib/gnutls_hash_int.c | 28 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 1 | ||||
| -rw-r--r-- | lib/gnutls_sig.c | 8 | ||||
| -rw-r--r-- | lib/gnutls_srp.c | 10 | ||||
| -rw-r--r-- | lib/gnutls_ui.c | 33 | ||||
| -rw-r--r-- | lib/x509_sig_check.c | 14 | ||||
| -rw-r--r-- | src/cli.c | 15 |
12 files changed, 92 insertions, 40 deletions
@@ -1,5 +1,6 @@ Version ?.?.? - Corrected bug which did not allow a client to accept multiple CA names +- Added gnutls_fingerprint_calc() Version 0.3.1 (21/12/2001) - Corrections in the configuration files @@ -1,5 +1,5 @@ This is the GNU TLS library. More up to date information can be found -at http://www.gnu.org/software/gnutls +at http://www.gnu.org/software/gnutls and http://www.gnutls.org It is a TLS implementation for the GNU project. It is currently under heavy development. (and still not ready for @@ -14,8 +14,8 @@ BUGS: Currently gnuTLS needs a lot of testing. By notifying the developers about a possible bug you may help a lot, since testing is really -important (and expensive). If you think you found a bug, +important and expensive. If you think you found a bug, report it to bug-gnutls@gnu.org, together with the needed information, -in order for developers to reproduce it. +in order for developers to reproduce it. diff --git a/lib/crypt_srpsha1.c b/lib/crypt_srpsha1.c index ddb4052fbe..f32319187e 100644 --- a/lib/crypt_srpsha1.c +++ b/lib/crypt_srpsha1.c @@ -36,7 +36,7 @@ char *crypt_srpsha1(const char *username, const char *passwd, int salt_size = strlen(salt); unsigned char *local_salt, *v; int passwd_len; - GNUTLS_MAC_HANDLE h1; + GNUTLS_HASH_HANDLE h1; int vsize, hash_len = gnutls_hash_get_algo_len(GNUTLS_MAC_SHA); opaque *tmp; uint8 *rtext, *csalt; @@ -44,7 +44,7 @@ char *crypt_srpsha1(const char *username, const char *passwd, passwd_len = strlen(passwd); /* we do not want the null */ - h1 = gnutls_hash_init(GNUTLS_MAC_SHA); + h1 = gnutls_hash_init(GNUTLS_DIG_SHA); gnutls_hash(h1, (char *) username, strlen(username)); gnutls_hash(h1, ":", 1); gnutls_hash(h1, (char *) passwd, passwd_len); @@ -73,7 +73,7 @@ char *crypt_srpsha1(const char *username, const char *passwd, return NULL; } - h1 = gnutls_hash_init(GNUTLS_MAC_SHA); + h1 = gnutls_hash_init(GNUTLS_DIG_SHA); gnutls_hash(h1, csalt, rsalt_size); gnutls_free(csalt); diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index 3f99c2e254..5c5cdc8034 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -36,6 +36,7 @@ typedef enum BulkCipherAlgorithm { GNUTLS_CIPHER_NULL=1, GNUTLS_CIPHER_ARCFOUR, typedef enum KXAlgorithm { GNUTLS_KX_X509PKI_RSA=1, GNUTLS_KX_X509PKI_DHE_DSS, GNUTLS_KX_X509PKI_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP } KXAlgorithm; typedef enum CredType { GNUTLS_X509PKI=1, GNUTLS_ANON, GNUTLS_SRP } CredType; typedef enum MACAlgorithm { GNUTLS_MAC_NULL=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } MACAlgorithm; +typedef enum DigestAlgorithm { GNUTLS_DIG_MD5=1, GNUTLS_DIG_SHA } DigestAlgorithm; typedef enum CompressionMethod { GNUTLS_COMP_NULL=1, GNUTLS_COMP_ZLIB } CompressionMethod; typedef enum ConnectionEnd { GNUTLS_SERVER=1, GNUTLS_CLIENT } ConnectionEnd; typedef enum AlertLevel { GNUTLS_AL_WARNING=1, GNUTLS_AL_FATAL } AlertLevel; @@ -244,3 +245,4 @@ void gnutls_transport_set_pull_func( GNUTLS_STATE, GNUTLS_PULL_FUNC pull_func); size_t gnutls_record_get_max_size( GNUTLS_STATE state); size_t gnutls_record_set_max_size( GNUTLS_STATE state, size_t size); +int gnutls_fingerprint_calc(DigestAlgorithm algo, gnutls_datum data, char* result, int* result_size); diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index f7f041c307..267c5092ee 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -178,19 +178,19 @@ static int _gnutls_ssl3_finished(GNUTLS_STATE state, int type, int skip, int _gnutls_finished(GNUTLS_STATE state, int type, int skip, void *ret) { int siz; - GNUTLS_MAC_HANDLE td; - GNUTLS_MAC_HANDLE td2; + GNUTLS_HASH_HANDLE td; + GNUTLS_HASH_HANDLE td2; char tmp[MAX_HASH_SIZE]; opaque concat[36]; opaque *mesg, *data; - td = gnutls_hash_init(GNUTLS_MAC_MD5); + td = gnutls_hash_init(GNUTLS_DIG_MD5); if (td == GNUTLS_HASH_FAILED) { gnutls_assert(); return GNUTLS_E_HASH_FAILED; } - td2 = gnutls_hash_init(GNUTLS_MAC_SHA); + td2 = gnutls_hash_init(GNUTLS_DIG_SHA); if (td2 == GNUTLS_HASH_FAILED) { gnutls_assert(); gnutls_hash_deinit(td2, tmp); diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index aabb2b1ac8..8e06869196 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -27,16 +27,14 @@ * the gcrypt library that this can be easily changed. */ -GNUTLS_MAC_HANDLE gnutls_hash_init(MACAlgorithm algorithm) +GNUTLS_HASH_HANDLE gnutls_hash_init(DigestAlgorithm algorithm) { GNUTLS_MAC_HANDLE ret; switch (algorithm) { - case GNUTLS_MAC_NULL: - ret = GNUTLS_HASH_FAILED; - break; - case GNUTLS_MAC_SHA: + case GNUTLS_DIG_SHA: ret = gnutls_malloc(sizeof(GNUTLS_MAC_HANDLE_INT)); + if (ret==NULL) return GNUTLS_HASH_FAILED; #ifdef USE_MHASH ret->handle = mhash_init(MHASH_SHA1); #else @@ -47,8 +45,10 @@ GNUTLS_MAC_HANDLE gnutls_hash_init(MACAlgorithm algorithm) ret = GNUTLS_HASH_FAILED; } break; - case GNUTLS_MAC_MD5: + + case GNUTLS_DIG_MD5: ret = gnutls_malloc(sizeof(GNUTLS_MAC_HANDLE_INT)); + if (ret==NULL) return GNUTLS_HASH_FAILED; #ifdef USE_MHASH ret->handle = mhash_init(MHASH_MD5); #else @@ -59,6 +59,7 @@ GNUTLS_MAC_HANDLE gnutls_hash_init(MACAlgorithm algorithm) ret = GNUTLS_HASH_FAILED; } break; + default: ret = GNUTLS_HASH_FAILED; } @@ -68,22 +69,19 @@ GNUTLS_MAC_HANDLE gnutls_hash_init(MACAlgorithm algorithm) return ret; } -int gnutls_hash_get_algo_len(MACAlgorithm algorithm) +int gnutls_hash_get_algo_len(DigestAlgorithm algorithm) { int ret; switch (algorithm) { - case GNUTLS_MAC_NULL: - ret = 0; - break; - case GNUTLS_MAC_SHA: + case GNUTLS_DIG_SHA: #ifdef USE_MHASH ret = mhash_get_block_size(MHASH_SHA1); #else ret = gcry_md_get_algo_dlen(GCRY_MD_SHA1); #endif break; - case GNUTLS_MAC_MD5: + case GNUTLS_DIG_MD5: #ifdef USE_MHASH ret = mhash_get_block_size(MHASH_MD5); #else @@ -98,7 +96,7 @@ int gnutls_hash_get_algo_len(MACAlgorithm algorithm) } -int gnutls_hash(GNUTLS_MAC_HANDLE handle, const void *text, int textlen) +int gnutls_hash(GNUTLS_HASH_HANDLE handle, const void *text, int textlen) { #ifdef USE_MHASH mhash(handle->handle, text, textlen); @@ -108,7 +106,7 @@ int gnutls_hash(GNUTLS_MAC_HANDLE handle, const void *text, int textlen) return 0; } -void gnutls_hash_deinit(GNUTLS_MAC_HANDLE handle, void* digest) +void gnutls_hash_deinit(GNUTLS_HASH_HANDLE handle, void* digest) { char *mac; int maclen; @@ -141,6 +139,7 @@ GNUTLS_MAC_HANDLE gnutls_hmac_init(MACAlgorithm algorithm, void *key, break; case GNUTLS_MAC_SHA: ret = gnutls_malloc(sizeof(GNUTLS_MAC_HANDLE_INT)); + if (ret==NULL) return GNUTLS_MAC_FAILED; #ifdef USE_MHASH ret->handle = mhash_hmac_init(MHASH_SHA1, key, keylen, 0); #else @@ -152,6 +151,7 @@ GNUTLS_MAC_HANDLE gnutls_hmac_init(MACAlgorithm algorithm, void *key, break; case GNUTLS_MAC_MD5: ret = gnutls_malloc(sizeof(GNUTLS_MAC_HANDLE_INT)); + if (ret==NULL) return GNUTLS_MAC_FAILED; #ifdef USE_MHASH ret->handle = mhash_hmac_init(MHASH_MD5, key, keylen, 0); #else diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index d97de9e3ac..131a381ff0 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -148,6 +148,7 @@ typedef enum KXAlgorithm { GNUTLS_KX_X509PKI_RSA=1, GNUTLS_KX_X509PKI_DHE_DSS, G typedef enum CredType { GNUTLS_X509PKI=1, GNUTLS_ANON, GNUTLS_SRP } CredType; typedef enum CipherType { CIPHER_STREAM, CIPHER_BLOCK } CipherType; typedef enum MACAlgorithm { GNUTLS_MAC_NULL=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } MACAlgorithm; +typedef enum DigestAlgorithm { GNUTLS_DIG_MD5=1, GNUTLS_DIG_SHA } DigestAlgorithm; typedef enum CompressionMethod { GNUTLS_COMP_NULL=1, GNUTLS_COMP_ZLIB } CompressionMethod; typedef enum ValidSession { VALID_TRUE, VALID_FALSE } ValidSession; diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index 51830ae4e7..6c0dec4350 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -121,7 +121,7 @@ GNUTLS_HASH_HANDLE td; switch(pkey->pk_algorithm) { case GNUTLS_PK_RSA: - td = gnutls_hash_init( GNUTLS_MAC_MD5); + td = gnutls_hash_init( GNUTLS_DIG_MD5); if (td==NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; @@ -129,7 +129,7 @@ GNUTLS_HASH_HANDLE td; gnutls_hash( td, data->data, data->size); gnutls_hash_deinit( td, digest); - td = gnutls_hash_init( GNUTLS_MAC_SHA); + td = gnutls_hash_init( GNUTLS_DIG_SHA); if (td==NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; @@ -183,7 +183,7 @@ int _gnutls_pkcs1_rsa_verify_sig( gnutls_cert *cert, const gnutls_datum *data, g switch(cert->subject_pk_algorithm) { case GNUTLS_PK_RSA: - td = gnutls_hash_init( GNUTLS_MAC_MD5); + td = gnutls_hash_init( GNUTLS_DIG_MD5); if (td==NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; @@ -191,7 +191,7 @@ int _gnutls_pkcs1_rsa_verify_sig( gnutls_cert *cert, const gnutls_datum *data, g gnutls_hash( td, data->data, data->size); gnutls_hash_deinit( td, digest); - td = gnutls_hash_init( GNUTLS_MAC_SHA); + td = gnutls_hash_init( GNUTLS_DIG_SHA); if (td==NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c index 02afdbf3bd..f8e5c0a426 100644 --- a/lib/gnutls_srp.c +++ b/lib/gnutls_srp.c @@ -122,7 +122,7 @@ MPI _gnutls_calc_srp_u(MPI B) { int b_size; opaque *b_holder, hd[MAX_HASH_SIZE]; - GNUTLS_MAC_HANDLE td; + GNUTLS_HASH_HANDLE td; uint32 u; MPI ret; @@ -133,7 +133,7 @@ MPI _gnutls_calc_srp_u(MPI B) _gnutls_mpi_print( b_holder, &b_size, B); - td = gnutls_hash_init(GNUTLS_MAC_SHA); + td = gnutls_hash_init(GNUTLS_DIG_SHA); if (td==NULL) { gnutls_free(b_holder); gnutls_assert(); @@ -226,12 +226,12 @@ MPI _gnutls_calc_srp_A(MPI * a, MPI g, MPI n) int _gnutls_calc_srp_sha(char *username, char *password, opaque * salt, int salt_size, int *size, void* digest) { - GNUTLS_MAC_HANDLE td; + GNUTLS_HASH_HANDLE td; opaque res[MAX_HASH_SIZE]; *size = 20; - td = gnutls_hash_init(GNUTLS_MAC_SHA); + td = gnutls_hash_init(GNUTLS_DIG_SHA); if (td==NULL) { return GNUTLS_E_MEMORY_ERROR; } @@ -241,7 +241,7 @@ int _gnutls_calc_srp_sha(char *username, char *password, opaque * salt, gnutls_hash_deinit(td, res); - td = gnutls_hash_init(GNUTLS_MAC_SHA); + td = gnutls_hash_init(GNUTLS_DIG_SHA); if (td==NULL) { return GNUTLS_E_MEMORY_ERROR; } diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index d6391adb80..4b3689f6f5 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -171,3 +171,36 @@ int gnutls_x509pki_get_certificate_request_status(GNUTLS_STATE state) } +/** + * gnutls_fingerprint_calc - This function calculates the fingerprint of the given data + * @algo: is a digest algorithm + * @data: is the data + * @result: is the place where the result will be copied. + * @result_size: should hold the size of the result. The actual size + * of the returned result will also be copied there. + * + * This function will calculate a fingerprint (actually hash), of the + * given data. The result is not printable data. You should convert + * it to hex, or something else printable. + * Returns a negative value in case of an error. + * + **/ +int gnutls_fingerprint_calc(DigestAlgorithm algo, gnutls_datum data, char* result, int* result_size) +{ + GNUTLS_HASH_HANDLE td; + + if (gnutls_hash_get_algo_len(algo) > *result_size) { + return GNUTLS_E_INVALID_REQUEST; + } + *result_size = gnutls_hash_get_algo_len(algo); + + td = gnutls_hash_init( algo); + if (td==NULL) return GNUTLS_E_HASH_FAILED; + + gnutls_hash( td, data.data, data.size); + + gnutls_hash_deinit( td, result); + + return 0; +} + diff --git a/lib/x509_sig_check.c b/lib/x509_sig_check.c index d7620724e3..39c28a0e9a 100644 --- a/lib/x509_sig_check.c +++ b/lib/x509_sig_check.c @@ -74,7 +74,7 @@ int start, end; /* we use DER here -- FIXME: use BER */ -static int _gnutls_get_ber_digest_info( const gnutls_datum *info, MACAlgorithm *hash, opaque* digest, int *digest_size) { +static int _gnutls_get_ber_digest_info( const gnutls_datum *info, DigestAlgorithm *hash, opaque* digest, int *digest_size) { node_asn* dinfo; int result; opaque str[1024]; @@ -104,10 +104,10 @@ int len; *hash = -1; if ( strcmp(str, "1 2 840 113549 2 5")==0) { /* MD5 */ - *hash = GNUTLS_MAC_MD5; + *hash = GNUTLS_DIG_MD5; } else if ( strcmp(str, "1 3 14 3 2 26")==0) { /* SHA1 ID */ - *hash = GNUTLS_MAC_SHA; + *hash = GNUTLS_DIG_SHA; } if (*hash==-1) { @@ -139,7 +139,7 @@ int len; int _pkcs1_rsa_verify_sig( gnutls_datum* signature, gnutls_datum* text, MPI e, MPI m) { - MACAlgorithm hash; + DigestAlgorithm hash; int ret; opaque digest[MAX_HASH_SIZE], md[MAX_HASH_SIZE]; int digest_size; @@ -265,7 +265,7 @@ int result; return 0; } -int _pkcs1_rsa_generate_sig( MACAlgorithm hash_algo, gnutls_private_key *pkey, const gnutls_datum *data, gnutls_datum *signature) { +int _pkcs1_rsa_generate_sig( DigestAlgorithm hash_algo, gnutls_private_key *pkey, const gnutls_datum *data, gnutls_datum *signature) { int ret; GNUTLS_HASH_HANDLE hd; opaque digest[MAX_HASH_SIZE]; @@ -273,9 +273,9 @@ int _pkcs1_rsa_generate_sig( MACAlgorithm hash_algo, gnutls_private_key *pkey, c int digest_size = gnutls_hash_get_algo_len( hash_algo); gnutls_datum der; - if (hash_algo==GNUTLS_MAC_MD5) + if (hash_algo==GNUTLS_DIG_MD5) strcpy(OID, "1 2 840 113549 2 5"); - else if (hash_algo==GNUTLS_MAC_SHA) + else if (hash_algo==GNUTLS_DIG_SHA) strcpy(OID, "1 3 14 3 2 26"); else { gnutls_assert(); @@ -93,7 +93,22 @@ int cert_list_size = 0; } if (cert_list_size > 0) { + char digest[20]; + int digest_size = sizeof(digest), i; + char printable[120]; + char* print; + printf(" - Certificate info:\n"); + + if ( gnutls_fingerprint_calc( GNUTLS_DIG_MD5, cert_list[0], digest, &digest_size) >= 0) { + print = printable; + for (i=0;i<digest_size;i++) { + sprintf( print, "%.2x ", (unsigned char)digest[i]); + print += 3; + } + printf(" - Certificate fingerprint: %s\n", printable); + } + printf(" - Certificate version: #%d\n", gnutls_x509pki_extract_certificate_version( &cert_list[0])); gnutls_x509pki_extract_certificate_dn( &cert_list[0], &dn); |