diff options
44 files changed, 460 insertions, 520 deletions
diff --git a/configure.in b/configure.in index ffc473d79a..86a200b2b5 100644 --- a/configure.in +++ b/configure.in @@ -497,9 +497,6 @@ AC_CONFIG_FILES(lib/gnutls.h.in) AC_CONFIG_COMMANDS([includes/gnutls/gnutls.h],[[ test -f lib/gnutls.h.in || (echo "Could not generate includes/gnutls/gnutls.h" && exit 1) cat lib/gnutls.h.in > includes/gnutls/gnutls.h - cat $srcdir/lib/gnutls_ui.h >> includes/gnutls/gnutls.h - echo "" >> includes/gnutls/gnutls.h - cat $srcdir/lib/gnutls_errors_int.h | grep -v _INT_ >> includes/gnutls/gnutls.h echo "" >> includes/gnutls/gnutls.h echo "#ifdef __cplusplus" >> includes/gnutls/gnutls.h echo "}" >> includes/gnutls/gnutls.h diff --git a/lib/Makefile.am b/lib/Makefile.am index 43e5b9a9b8..700a967e92 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -26,7 +26,8 @@ SUBDIRS += minitasn1 endif AM_CPPFLAGS = -I$(top_srcdir)/crypto -I$(top_srcdir)/gl \ - -I$(top_srcdir)/includes -I$(srcdir)/x509 \ + -I$(top_srcdir)/includes -I../includes \ + -I$(srcdir)/x509 \ -I$(top_srcdir)/libextra -I$(top_srcdir)/libextra/openpgp/ \ -I$(top_srcdir)/libextra/opencdk \ $(LIBOPENCDK_CFLAGS) $(LIBGCRYPT_CFLAGS) @@ -79,7 +80,7 @@ HFILES = debug.h gnutls_compress.h defines.h gnutls_cipher.h \ gnutls_errors_int.h gnutls_datum.h auth_cert.h gnutls_mpi.h \ gnutls_pk.h gnutls_record.h gnutls_cert.h gnutls_constate.h \ gnutls_global.h strfile.h gnutls_sig.h gnutls_mem.h \ - gnutls_ui.h io_debug.h ext_max_record.h gnutls_session_pack.h \ + io_debug.h ext_max_record.h gnutls_session_pack.h \ gnutls_alert.h gnutls_str.h gnutls_state.h gnutls_x509.h \ ext_cert_type.h gnutls_rsa_export.h ext_server_name.h \ auth_dh_common.h ext_srp.h gnutls_srp.h auth_srp.h \ diff --git a/lib/auth_anon.c b/lib/auth_anon.c index e27b2c880f..0e9c66e9e1 100644 --- a/lib/auth_anon.c +++ b/lib/auth_anon.c @@ -67,7 +67,7 @@ static int gen_anon_server_kx(gnutls_session_t session, opaque ** data) const mpi_t *mpis; int ret; gnutls_dh_params_t dh_params; - const gnutls_anon_server_credentials_t cred; + gnutls_anon_server_credentials_t cred; cred = _gnutls_get_cred(session->key, GNUTLS_CRD_ANON, NULL); if (cred == NULL) { @@ -106,7 +106,7 @@ static int gen_anon_server_kx(gnutls_session_t session, opaque ** data) static int proc_anon_client_kx(gnutls_session_t session, opaque * data, size_t _data_size) { - const gnutls_anon_server_credentials_t cred; + gnutls_anon_server_credentials_t cred; int bits; int ret; mpi_t p, g; diff --git a/lib/auth_anon.h b/lib/auth_anon.h index e7104aa5f3..6dc54f1b13 100644 --- a/lib/auth_anon.h +++ b/lib/auth_anon.h @@ -26,16 +26,17 @@ #include <gnutls_auth.h> #include <auth_dh_common.h> -typedef struct { +typedef struct gnutls_anon_server_credentials_st { gnutls_dh_params_t dh_params; /* this callback is used to retrieve the DH or RSA * parameters. */ gnutls_params_function *params_func; } anon_server_credentials_st; -#define gnutls_anon_server_credentials_t anon_server_credentials_st* -#define gnutls_anon_client_credentials_t void* +typedef struct gnutls_anon_client_credentials_st { + int dummy; +} anon_client_credentials_st; typedef struct anon_client_auth_info_st { dh_info_st dh; diff --git a/lib/auth_cert.c b/lib/auth_cert.c index 81a183a3b9..92efe19e35 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -376,7 +376,7 @@ static int call_get_cert_callback(gnutls_session_t session, gnutls_retr_st st; int ret; gnutls_certificate_type_t type = gnutls_certificate_type_get(session); - const gnutls_certificate_credentials_t cred; + gnutls_certificate_credentials_t cred; cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { @@ -473,7 +473,7 @@ static int _select_client_cert(gnutls_session_t session, { int result; int indx = -1; - const gnutls_certificate_credentials_t cred; + gnutls_certificate_credentials_t cred; opaque *data = _data; ssize_t data_size = _data_size; int issuers_dn_length; @@ -773,7 +773,7 @@ int _gnutls_proc_x509_server_certificate(gnutls_session_t session, int size, len, ret; opaque *p = data; cert_auth_info_t info; - const gnutls_certificate_credentials_t cred; + gnutls_certificate_credentials_t cred; ssize_t dsize = data_size; int i, j, x; gnutls_cert *peer_certificate_list; @@ -901,7 +901,7 @@ int _gnutls_proc_openpgp_server_certificate(gnutls_session_t session, int size, ret, len; opaque *p = data; cert_auth_info_t info; - const gnutls_certificate_credentials_t cred; + gnutls_certificate_credentials_t cred; ssize_t dsize = data_size; int i, x; gnutls_cert *peer_certificate_list = NULL; @@ -1097,7 +1097,7 @@ int _gnutls_proc_cert_cert_req(gnutls_session_t session, opaque * data, { int size, ret; opaque *p; - const gnutls_certificate_credentials_t cred; + gnutls_certificate_credentials_t cred; cert_auth_info_t info; ssize_t dsize; int i, j; @@ -1268,7 +1268,7 @@ int _gnutls_proc_cert_client_cert_vrfy(gnutls_session_t session, int _gnutls_gen_cert_server_cert_req(gnutls_session_t session, opaque ** data) { - const gnutls_certificate_credentials_t cred; + gnutls_certificate_credentials_t cred; int size; opaque *pdata; @@ -1543,7 +1543,7 @@ int _gnutls_server_select_cert(gnutls_session_t session, { uint i; int index, ret; - const gnutls_certificate_credentials_t cred; + gnutls_certificate_credentials_t cred; cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { diff --git a/lib/auth_cert.h b/lib/auth_cert.h index ccf21ea654..f49792ebc9 100644 --- a/lib/auth_cert.h +++ b/lib/auth_cert.h @@ -22,42 +22,18 @@ * */ -#ifndef AUTH_X509_H -# define AUTH_X509_H +#ifndef AUTH_CERT_H +# define AUTH_CERT_H # include "gnutls_cert.h" # include "gnutls_auth.h" # include "auth_dh_common.h" # include "x509/x509.h" # include "../libextra/openpgp/openpgp.h" -typedef struct retr_st { - gnutls_certificate_type_t type; - union cert { - gnutls_x509_crt_t *x509; - gnutls_openpgp_key_t pgp; - } cert; - uint ncerts; - - union key { - gnutls_x509_privkey_t x509; - gnutls_openpgp_privkey_t pgp; - } key; - - uint deinit_all; -} gnutls_retr_st; - -typedef int gnutls_certificate_client_retrieve_function(gnutls_session_t, - const gnutls_datum_t *req_ca_rdn, int nreqs, - const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, - gnutls_retr_st *); - -typedef int gnutls_certificate_server_retrieve_function(struct - gnutls_session_int*, gnutls_retr_st *); - /* This structure may be complex, but it's the only way to * support a server that has multiple certificates */ -typedef struct { +typedef struct gnutls_certificate_credentials_st { gnutls_dh_params_t dh_params; gnutls_rsa_params_t rsa_params; /* this callback is used to retrieve the DH or RSA @@ -120,8 +96,6 @@ typedef struct { gnutls_certificate_server_retrieve_function *server_get_cert_callback; } certificate_credentials_st; -#define gnutls_certificate_credentials_t certificate_credentials_st* - typedef struct rsa_info_st { gnutls_datum_t modulus; gnutls_datum_t exponent; diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c index 6be2dd36ac..a576481ba8 100644 --- a/lib/auth_dhe.c +++ b/lib/auth_dhe.c @@ -89,7 +89,7 @@ static int gen_dhe_server_kx(gnutls_session_t session, opaque ** data) gnutls_privkey *apr_pkey; int apr_cert_list_length; gnutls_datum_t signature, ddata; - const gnutls_certificate_credentials_t cred; + gnutls_certificate_credentials_t cred; gnutls_dh_params_t dh_params; cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL); @@ -228,7 +228,7 @@ static int proc_dhe_server_kx(gnutls_session_t session, opaque * data, static int proc_dhe_client_kx(gnutls_session_t session, opaque * data, size_t _data_size) { - const gnutls_certificate_credentials_t cred; + gnutls_certificate_credentials_t cred; int ret; mpi_t p, g; const mpi_t *mpis; diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index 5ed7c0129d..b63937908a 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -142,7 +142,7 @@ int _gnutls_get_private_rsa_params(gnutls_session_t session, mpi_t ** params, int *params_size) { int bits; - const gnutls_certificate_credentials_t cred; + gnutls_certificate_credentials_t cred; gnutls_rsa_params_t rsa_params; cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL); diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c index 765f66e99f..7a682d13b5 100644 --- a/lib/auth_rsa_export.c +++ b/lib/auth_rsa_export.c @@ -80,7 +80,7 @@ static int gen_rsa_export_server_kx(gnutls_session_t session, int apr_cert_list_length; gnutls_datum_t signature, ddata; cert_auth_info_t info; - const gnutls_certificate_credentials_t cred; + gnutls_certificate_credentials_t cred; cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { diff --git a/lib/auth_srp.h b/lib/auth_srp.h index 087bae3844..a7006bc28a 100644 --- a/lib/auth_srp.h +++ b/lib/auth_srp.h @@ -27,24 +27,13 @@ #include <gnutls_auth.h> -typedef int gnutls_srp_server_credentials_function(gnutls_session_t, - const char *username, gnutls_datum_t * salt, - gnutls_datum_t *verifier, gnutls_datum_t *generator, - gnutls_datum_t * prime); - -typedef int gnutls_srp_client_credentials_function(gnutls_session_t, - unsigned int times, char **username, char **password); - - -typedef struct { +typedef struct gnutls_srp_client_credentials_st { char *username; char *password; gnutls_srp_client_credentials_function *get_function; } srp_client_credentials_st; -#define gnutls_srp_client_credentials_t srp_client_credentials_st* - -typedef struct { +typedef struct gnutls_srp_server_credentials_st { char *password_file; char *password_conf_file; /* callback function, instead of reading the @@ -53,8 +42,6 @@ typedef struct { gnutls_srp_server_credentials_function *pwd_callback; } srp_server_cred_st; -#define gnutls_srp_server_credentials_t srp_server_cred_st* - /* these structures should not use allocated data */ typedef struct srp_server_auth_info_st { char username[MAX_SRP_USERNAME]; diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c index 1a087aa2d8..f8ba26030e 100644 --- a/lib/auth_srp_passwd.c +++ b/lib/auth_srp_passwd.c @@ -227,7 +227,7 @@ static int pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, SRP_PWD_ENTRY ** _entry) { - const gnutls_srp_server_credentials_t cred; + gnutls_srp_server_credentials_t cred; FILE *fd; char line[2 * 1024]; uint i, len; diff --git a/lib/auth_srp_rsa.c b/lib/auth_srp_rsa.c index cc091a4856..c1ded881a1 100644 --- a/lib/auth_srp_rsa.c +++ b/lib/auth_srp_rsa.c @@ -83,7 +83,7 @@ static int gen_srp_cert_server_kx(gnutls_session_t session, opaque ** data) { ssize_t ret, data_size; gnutls_datum_t signature, ddata; - const gnutls_certificate_credentials_t cred; + gnutls_certificate_credentials_t cred; gnutls_cert *apr_cert_list; gnutls_privkey *apr_pkey; int apr_cert_list_length; diff --git a/lib/debug.c b/lib/debug.c index b5040007cd..c517d40ec4 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -68,38 +68,38 @@ const char *_gnutls_packet2str(content_type_t packet) } } -const char *_gnutls_handshake2str(handshake_t handshake) +const char *_gnutls_handshake2str(gnutls_handshake_description_t handshake) { switch (handshake) { - case GNUTLS_HELLO_REQUEST: + case GNUTLS_HANDSHAKE_HELLO_REQUEST: return "HELLO REQUEST"; break; - case GNUTLS_CLIENT_HELLO: + case GNUTLS_HANDSHAKE_CLIENT_HELLO: return "CLIENT HELLO"; break; - case GNUTLS_SERVER_HELLO: + case GNUTLS_HANDSHAKE_SERVER_HELLO: return "SERVER HELLO"; break; - case GNUTLS_CERTIFICATE_PKT: + case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: return "CERTIFICATE"; break; - case GNUTLS_SERVER_KEY_EXCHANGE: + case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: return "SERVER KEY EXCHANGE"; break; - case GNUTLS_CERTIFICATE_REQUEST: + case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: return "CERTIFICATE REQUEST"; break; - case GNUTLS_SERVER_HELLO_DONE: + case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: return "SERVER HELLO DONE"; break; - case GNUTLS_CERTIFICATE_VERIFY: + case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: return "CERTIFICATE VERIFY"; break; - case GNUTLS_CLIENT_KEY_EXCHANGE: + case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: return "CLIENT KEY EXCHANGE"; break; - case GNUTLS_FINISHED: + case GNUTLS_HANDSHAKE_FINISHED: return "FINISHED"; break; default: diff --git a/lib/debug.h b/lib/debug.h index a96cc0076a..751ad27fa9 100644 --- a/lib/debug.h +++ b/lib/debug.h @@ -26,5 +26,5 @@ void _gnutls_print_state(gnutls_session_t session); #endif const char *_gnutls_packet2str(content_type_t packet); -const char *_gnutls_handshake2str(handshake_t handshake); +const char *_gnutls_handshake2str(gnutls_handshake_description_t handshake); void _gnutls_dump_mpi(const char *prefix, mpi_t a); diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index b5cf800550..2dbaa22941 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -1,4 +1,4 @@ -/* +/* -*- c -*- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation * * Author: Nikos Mavroyanopoulos @@ -61,9 +61,11 @@ extern "C" { #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128 -typedef enum { GNUTLS_CIPHER_NULL=1, - GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_AES_128_CBC, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_ARCFOUR_40 +typedef enum gnutls_cipher_algorithm { GNUTLS_CIPHER_NULL = 1, + GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_3DES_CBC, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, + GNUTLS_CIPHER_ARCFOUR_40, + GNUTLS_CIPHER_RC2_40_CBC = 90, GNUTLS_CIPHER_DES_CBC } gnutls_cipher_algorithm_t; typedef enum { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, @@ -79,8 +81,12 @@ typedef enum { GNUTLS_CRD_CERTIFICATE=1, GNUTLS_CRD_ANON, GNUTLS_CRD_SRP } gnutl #define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1 #define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1 -typedef enum { GNUTLS_MAC_NULL=1, - GNUTLS_MAC_MD5, GNUTLS_MAC_SHA1, GNUTLS_MAC_RMD160 +typedef enum { + GNUTLS_MAC_UNKNOWN = 0, + GNUTLS_MAC_NULL = 1, + GNUTLS_MAC_MD5, + GNUTLS_MAC_SHA1, + GNUTLS_MAC_RMD160 } gnutls_mac_algorithm_t; /* The enumerations here should have the same value with gnutls_mac_algorithm_t. @@ -154,8 +160,12 @@ typedef enum { GNUTLS_OPENPGP_KEY, typedef enum { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } gnutls_close_request_t; #define GNUTLS_TLS1 GNUTLS_TLS1_0 -typedef enum { GNUTLS_SSL3=1, GNUTLS_TLS1_0, - GNUTLS_TLS1_1 } gnutls_protocol_t; +typedef enum { + GNUTLS_SSL3 = 1, + GNUTLS_TLS1_0, + GNUTLS_TLS1_1, + GNUTLS_VERSION_UNKNOWN = 0xff +} gnutls_protocol_t; typedef enum { GNUTLS_CRT_X509=1, GNUTLS_CRT_OPENPGP } gnutls_certificate_type_t; @@ -187,8 +197,8 @@ typedef struct gnutls_session_int* gnutls_session_t; struct gnutls_dh_params_int; typedef struct gnutls_dh_params_int* gnutls_dh_params_t; -struct gnutls_rsa_params_int; -typedef struct gnutls_rsa_params_int* gnutls_rsa_params_t; +struct gnutls_x509_privkey_int; /* XXX ugly. */ +typedef struct gnutls_x509_privkey_int* gnutls_rsa_params_t; /* XXX ugly. */ typedef struct { unsigned char * data; @@ -330,7 +340,7 @@ const char* gnutls_check_version( const char *req_version); /* Functions for setting/clearing credentials */ -int gnutls_credentials_clear( gnutls_session_t session); +void gnutls_credentials_clear( gnutls_session_t session); /* cred is a structure defined by the kx algorithm */ @@ -341,13 +351,13 @@ int gnutls_credentials_set( gnutls_session_t session, /* Credential structures for SRP - used in gnutls_credentials_set(); */ -struct DSTRUCT; -typedef struct DSTRUCT* gnutls_certificate_credentials_t; +struct gnutls_certificate_credentials_st; +typedef struct gnutls_certificate_credentials_st *gnutls_certificate_credentials_t; typedef gnutls_certificate_credentials_t gnutls_certificate_server_credentials; typedef gnutls_certificate_credentials_t gnutls_certificate_client_credentials; -typedef struct DSTRUCT* gnutls_anon_server_credentials_t; -typedef struct DSTRUCT* gnutls_anon_client_credentials_t; +typedef struct gnutls_anon_server_credentials_st* gnutls_anon_server_credentials_t; +typedef struct gnutls_anon_client_credentials_st* gnutls_anon_client_credentials_t; void gnutls_anon_free_server_credentials( gnutls_anon_server_credentials_t sc); int gnutls_anon_allocate_server_credentials( gnutls_anon_server_credentials_t *sc); @@ -449,7 +459,7 @@ int gnutls_dh_params_import_raw(gnutls_dh_params_t dh_params, const gnutls_datum_t* generator); int gnutls_dh_params_import_pkcs3(gnutls_dh_params_t params, const gnutls_datum_t * pkcs3_params, gnutls_x509_crt_fmt_t format); -int gnutls_dh_params_generate2(gnutls_dh_params_t params, int bits); +int gnutls_dh_params_generate2(gnutls_dh_params_t params, unsigned int bits); int gnutls_dh_params_export_pkcs3( gnutls_dh_params_t params, gnutls_x509_crt_fmt_t format, unsigned char* params_data, size_t* params_data_size); int gnutls_dh_params_export_raw(gnutls_dh_params_t params, @@ -466,7 +476,7 @@ int gnutls_rsa_params_import_raw(gnutls_rsa_params_t rsa_params, const gnutls_datum_t *m, const gnutls_datum_t *e, const gnutls_datum_t *d, const gnutls_datum_t *p, const gnutls_datum_t *q, const gnutls_datum_t *u); -int gnutls_rsa_params_generate2(gnutls_rsa_params_t params, int bits); +int gnutls_rsa_params_generate2(gnutls_rsa_params_t params, unsigned int bits); int gnutls_rsa_params_export_raw(gnutls_rsa_params_t params, gnutls_datum_t * m, gnutls_datum_t *e, gnutls_datum_t *d, gnutls_datum_t *p, gnutls_datum_t* q, @@ -513,8 +523,8 @@ int gnutls_fingerprint(gnutls_digest_algorithm_t algo, const gnutls_datum_t* dat /* SRP */ -typedef struct DSTRUCT* gnutls_srp_server_credentials_t; -typedef struct DSTRUCT* gnutls_srp_client_credentials_t; +typedef struct gnutls_srp_server_credentials_st* gnutls_srp_server_credentials_t; +typedef struct gnutls_srp_client_credentials_st* gnutls_srp_client_credentials_t; void gnutls_srp_free_client_credentials( gnutls_srp_client_credentials_t sc); int gnutls_srp_allocate_client_credentials( gnutls_srp_client_credentials_t *sc); @@ -567,3 +577,289 @@ int gnutls_srp_base64_encode_alloc( const gnutls_datum_t *data, gnutls_datum_t* int gnutls_srp_base64_decode( const gnutls_datum_t *b64_data, char* result, int* result_size); int gnutls_srp_base64_decode_alloc( const gnutls_datum_t *b64_data, gnutls_datum_t* result); + +#ifndef GNUTLS_UI_H +# define GNUTLS_UI_H + + typedef enum gnutls_x509_subject_alt_name_t { + GNUTLS_SAN_DNSNAME = 1, GNUTLS_SAN_RFC822NAME, + GNUTLS_SAN_URI, GNUTLS_SAN_IPADDRESS + } gnutls_x509_subject_alt_name_t; + +# ifdef LIBGNUTLS_VERSION /* These are defined only in gnutls.h */ + + struct gnutls_openpgp_key_int; + typedef struct gnutls_openpgp_key_int *gnutls_openpgp_key_t; + + struct gnutls_openpgp_privkey_int; + typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t; + + typedef struct gnutls_retr_st { + gnutls_certificate_type_t type; + union cert { + gnutls_x509_crt_t *x509; + gnutls_openpgp_key_t pgp; + } cert; + unsigned int ncerts; /* one for pgp keys */ + + union key { + gnutls_x509_privkey_t x509; + gnutls_openpgp_privkey_t pgp; + } key; + + unsigned int deinit_all; /* if non zero all keys will be deinited */ + } gnutls_retr_st; + + typedef int gnutls_certificate_client_retrieve_function(gnutls_session_t, + const + gnutls_datum_t * + req_ca_rdn, + int nreqs, + const + gnutls_pk_algorithm_t + * pk_algos, + int + pk_algos_length, + gnutls_retr_st *); + typedef int gnutls_certificate_server_retrieve_function(gnutls_session_t, + gnutls_retr_st *); + + + /* Functions that allow auth_info_t structures handling + */ + + gnutls_credentials_type_t gnutls_auth_get_type(gnutls_session_t session); + gnutls_credentials_type_t gnutls_auth_server_get_type(gnutls_session_t + session); + gnutls_credentials_type_t gnutls_auth_client_get_type(gnutls_session_t + session); + + /* DH */ + + void gnutls_dh_set_prime_bits(gnutls_session_t session, unsigned int bits); + int gnutls_dh_get_secret_bits(gnutls_session_t session); + int gnutls_dh_get_peers_public_bits(gnutls_session_t session); + int gnutls_dh_get_prime_bits(gnutls_session_t session); + + int gnutls_dh_get_group(gnutls_session_t session, gnutls_datum_t * raw_gen, + gnutls_datum_t * raw_prime); + int gnutls_dh_get_pubkey(gnutls_session_t session, + gnutls_datum_t * raw_key); + + /* RSA */ + int gnutls_rsa_export_get_pubkey(gnutls_session_t session, + gnutls_datum_t * exponent, + gnutls_datum_t * modulus); + int gnutls_rsa_export_get_modulus_bits(gnutls_session_t session); + + /* X509PKI */ + + /* These are set on the credentials structure. + */ + void gnutls_certificate_client_set_retrieve_function + (gnutls_certificate_credentials_t cred, + gnutls_certificate_client_retrieve_function * func); + void gnutls_certificate_server_set_retrieve_function + (gnutls_certificate_credentials_t cred, + gnutls_certificate_server_retrieve_function * func); + + void gnutls_certificate_server_set_request(gnutls_session_t session, + gnutls_certificate_request_t + req); + + /* get data from the session + */ + const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t + session, unsigned int + *list_size); + const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t + session); + + time_t gnutls_certificate_activation_time_peers(gnutls_session_t session); + time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session); + + int gnutls_certificate_client_get_request_status(gnutls_session_t session); + int gnutls_certificate_verify_peers2(gnutls_session_t session, + unsigned int *status); + + /* this is obsolete (?). */ + int gnutls_certificate_verify_peers(gnutls_session_t session); + + int gnutls_pem_base64_encode(const char *msg, const gnutls_datum_t * data, + char *result, size_t * result_size); + int gnutls_pem_base64_decode(const char *header, + const gnutls_datum_t * b64_data, + unsigned char *result, size_t * result_size); + + int gnutls_pem_base64_encode_alloc(const char *msg, + const gnutls_datum_t * data, + gnutls_datum_t * result); + int gnutls_pem_base64_decode_alloc(const char *header, + const gnutls_datum_t * b64_data, + gnutls_datum_t * result); + + /* key_usage will be an OR of the following values: + */ +#define GNUTLS_KEY_DIGITAL_SIGNATURE 128 /* when the key is to be + * used for signing. + */ +#define GNUTLS_KEY_NON_REPUDIATION 64 +#define GNUTLS_KEY_KEY_ENCIPHERMENT 32 /* when the key is to be + * used for encryption. + */ +#define GNUTLS_KEY_DATA_ENCIPHERMENT 16 +#define GNUTLS_KEY_KEY_AGREEMENT 8 +#define GNUTLS_KEY_KEY_CERT_SIGN 4 +#define GNUTLS_KEY_CRL_SIGN 2 +#define GNUTLS_KEY_ENCIPHER_ONLY 1 +#define GNUTLS_KEY_DECIPHER_ONLY 32768 + + typedef struct gnutls_params_st { + gnutls_params_type_t type; + union params { + gnutls_dh_params_t dh; + gnutls_rsa_params_t rsa_export; + } params; + int deinit; + } gnutls_params_st; + + typedef int gnutls_params_function(gnutls_session_t, gnutls_params_type_t, + gnutls_params_st *); + + void + gnutls_certificate_set_params_function(gnutls_certificate_credentials_t + res, gnutls_params_function * func); + void gnutls_anon_set_params_function(gnutls_anon_server_credentials_t res, + gnutls_params_function * func); + + +# endif /* LIBGNUTLS_VERSION */ + +#endif /* GNUTLS_UI_H */ + + /* Gnutls error codes. The mapping to a TLS alert is also shown in + * comments. + */ + +#define GNUTLS_E_SUCCESS 0 +#define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3 +#define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6 +#define GNUTLS_E_LARGE_PACKET -7 +#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */ +#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */ +#define GNUTLS_E_INVALID_SESSION -10 +#define GNUTLS_E_FATAL_ALERT_RECEIVED -12 +#define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */ +#define GNUTLS_E_WARNING_ALERT_RECEIVED -16 +#define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18 +#define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19 +#define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */ +#define GNUTLS_E_UNWANTED_ALGORITHM -22 +#define GNUTLS_E_MPI_SCAN_FAILED -23 +#define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */ +#define GNUTLS_E_MEMORY_ERROR -25 +#define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */ +#define GNUTLS_E_COMPRESSION_FAILED -27 +#define GNUTLS_E_AGAIN -28 +#define GNUTLS_E_EXPIRED -29 +#define GNUTLS_E_DB_ERROR -30 +#define GNUTLS_E_SRP_PWD_ERROR -31 +#define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32 +#define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */ +#define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS +#define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */ + +#define GNUTLS_E_HASH_FAILED -33 +#define GNUTLS_E_BASE64_DECODING_ERROR -34 + +#define GNUTLS_E_MPI_PRINT_FAILED -35 +#define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */ +#define GNUTLS_E_GOT_APPLICATION_DATA -38 +#define GNUTLS_E_RECORD_LIMIT_REACHED -39 +#define GNUTLS_E_ENCRYPTION_FAILED -40 + +#define GNUTLS_E_PK_ENCRYPTION_FAILED -44 +#define GNUTLS_E_PK_DECRYPTION_FAILED -45 +#define GNUTLS_E_PK_SIGN_FAILED -46 +#define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47 +#define GNUTLS_E_KEY_USAGE_VIOLATION -48 +#define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */ +#define GNUTLS_E_INVALID_REQUEST -50 +#define GNUTLS_E_SHORT_MEMORY_BUFFER -51 +#define GNUTLS_E_INTERRUPTED -52 +#define GNUTLS_E_PUSH_ERROR -53 +#define GNUTLS_E_PULL_ERROR -54 +#define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */ +#define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56 +#define GNUTLS_E_PKCS1_WRONG_PAD -57 +#define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58 +#define GNUTLS_E_INTERNAL_ERROR -59 +#define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63 +#define GNUTLS_E_FILE_ERROR -64 +#define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78 +#define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80 + + + /* returned if libextra functionality was requested but + * gnutls_global_init_extra() was not called. + */ +#define GNUTLS_E_INIT_LIBEXTRA -82 +#define GNUTLS_E_LIBRARY_VERSION_MISMATCH -83 + + + /* returned if you need to generate temporary RSA + * parameters. These are needed for export cipher suites. + */ +#define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84 + +#define GNUTLS_E_LZO_INIT_FAILED -85 +#define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86 +#define GNUTLS_E_NO_CIPHER_SUITES -87 + +#define GNUTLS_E_OPENPGP_GETKEY_FAILED -88 +#define GNUTLS_E_PK_SIG_VERIFY_FAILED -89 + +#define GNUTLS_E_ILLEGAL_SRP_USERNAME -90 +#define GNUTLS_E_SRP_PWD_PARSING_ERROR -91 +#define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93 + + /* For certificate and key stuff + */ +#define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67 +#define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68 +#define GNUTLS_E_ASN1_DER_ERROR -69 +#define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70 +#define GNUTLS_E_ASN1_GENERIC_ERROR -71 +#define GNUTLS_E_ASN1_VALUE_NOT_VALID -72 +#define GNUTLS_E_ASN1_TAG_ERROR -73 +#define GNUTLS_E_ASN1_TAG_IMPLICIT -74 +#define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75 +#define GNUTLS_E_ASN1_SYNTAX_ERROR -76 +#define GNUTLS_E_ASN1_DER_OVERFLOW -77 +#define GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED -81 +#define GNUTLS_E_OPENPGP_UID_REVOKED -79 +#define GNUTLS_E_CERTIFICATE_ERROR -43 +#define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR +#define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60 +#define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */ +#define GNUTLS_E_X509_UNKNOWN_SAN -62 +#define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94 +#define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95 +#define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96 +#define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97 +#define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98 +#define GNUTLS_E_INVALID_PASSWORD -99 +#define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */ +#define GNUTLS_E_CONSTRAINT_ERROR -101 + +#define GNUTLS_E_BASE64_ENCODING_ERROR -201 +#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */ +#define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202 +#define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203 + +#define GNUTLS_E_OPENPGP_KEYRING_ERROR -204 +#define GNUTLS_E_X509_UNSUPPORTED_OID -205 + +#define GNUTLS_E_RANDOM_FAILED -206 + +#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 diff --git a/lib/gnutls_alert.h b/lib/gnutls_alert.h index 93788fcfd7..bd742d3008 100644 --- a/lib/gnutls_alert.h +++ b/lib/gnutls_alert.h @@ -22,29 +22,6 @@ * */ -typedef enum gnutls_alert_level_t { GNUTLS_AL_WARNING = 1, GNUTLS_AL_FATAL -} gnutls_alert_level_t; - -typedef enum AlertDescription { - GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTED_MESSAGE = 10, - GNUTLS_A_BAD_RECORD_MAC = 20, GNUTLS_A_DECRYPTION_FAILED, - GNUTLS_A_RECORD_OVERFLOW, GNUTLS_A_DECOMPRESSION_FAILURE = 30, - GNUTLS_A_HANDSHAKE_FAILURE = 40, GNUTLS_A_SSL3_NO_CERTIFICATE = 41, - GNUTLS_A_BAD_CERTIFICATE = 42, GNUTLS_A_UNSUPPORTED_CERTIFICATE, - GNUTLS_A_CERTIFICATE_REVOKED, GNUTLS_A_CERTIFICATE_EXPIRED, - GNUTLS_A_CERTIFICATE_UNKNOWN, GNUTLS_A_ILLEGAL_PARAMETER, - GNUTLS_A_UNKNOWN_CA, GNUTLS_A_ACCESS_DENIED, GNUTLS_A_DECODE_ERROR = - 50, - GNUTLS_A_DECRYPT_ERROR, GNUTLS_A_EXPORT_RESTRICTION = 60, - GNUTLS_A_PROTOCOL_VERSION = 70, GNUTLS_A_INSUFFICIENT_SECURITY, - GNUTLS_A_INTERNAL_ERROR = 80, GNUTLS_A_USER_CANCELED = 90, - GNUTLS_A_NO_RENEGOTIATION = 100, GNUTLS_A_UNSUPPORTED_EXTENSION = 110, - GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111, GNUTLS_A_UNRECOGNIZED_NAME = - 112, - GNUTLS_A_UNKNOWN_SRP_USERNAME = 120, GNUTLS_A_MISSING_SRP_USERNAME = - 121 -} gnutls_alert_description_t; - gnutls_alert_description_t gnutls_alert_get(gnutls_session_t session); int gnutls_alert_send(gnutls_session_t session, gnutls_alert_level_t level, gnutls_alert_description_t desc); diff --git a/lib/gnutls_auth_int.h b/lib/gnutls_auth_int.h index 4a3b58fc52..a12bb0a199 100644 --- a/lib/gnutls_auth_int.h +++ b/lib/gnutls_auth_int.h @@ -22,9 +22,6 @@ * */ -void gnutls_credentials_clear(gnutls_session_t session); -int gnutls_credentials_set(gnutls_session_t session, - gnutls_credentials_type_t type, void *cred); const void *_gnutls_get_cred(gnutls_key_st key, gnutls_credentials_type_t kx, int *err); const void *_gnutls_get_kx_cred(gnutls_session_t session, diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index fdfd9aa5bb..6ef024d881 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -780,7 +780,7 @@ ssize_t _gnutls_handshake_io_write_flush(gnutls_session_t session) */ ssize_t _gnutls_handshake_io_send_int(gnutls_session_t session, content_type_t type, - handshake_t htype, + gnutls_handshake_description_t htype, const void *iptr, size_t n) { size_t left; @@ -898,7 +898,7 @@ ssize_t _gnutls_handshake_io_send_int(gnutls_session_t session, */ ssize_t _gnutls_handshake_io_recv_int(gnutls_session_t session, content_type_t type, - handshake_t htype, void *iptr, + gnutls_handshake_description_t htype, void *iptr, size_t sizeOfPtr) { size_t left; diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h index 82114973d2..121311186f 100644 --- a/lib/gnutls_buffers.h +++ b/lib/gnutls_buffers.h @@ -56,9 +56,9 @@ int _gnutls_handshake_buffer_get_ptr(gnutls_session_t session, session->internals.handshake_send_buffer_prev_size = 0 ssize_t _gnutls_handshake_io_recv_int(gnutls_session_t, content_type_t, - handshake_t, void *, size_t); + gnutls_handshake_description_t, void *, size_t); ssize_t _gnutls_handshake_io_send_int(gnutls_session_t, content_type_t, - handshake_t, const void *, size_t); + gnutls_handshake_description_t, const void *, size_t); ssize_t _gnutls_io_write_flush(gnutls_session_t session); ssize_t _gnutls_handshake_io_write_flush(gnutls_session_t session); diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 7077404acc..d956986732 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -45,8 +45,6 @@ #include "x509/x509.h" #include "x509/mpi.h" -void gnutls_certificate_free_crls(gnutls_certificate_credentials_t sc); - /** * gnutls_certificate_free_keys - Used to free all the keys from a gnutls_certificate_credentials_t structure * @sc: is an #gnutls_certificate_credentials_t structure. @@ -403,7 +401,7 @@ int _gnutls_openpgp_cert_verify_peers(gnutls_session_t session, unsigned int *status) { cert_auth_info_t info; - const gnutls_certificate_credentials_t cred; + gnutls_certificate_credentials_t cred; int peer_certificate_list_size, ret; CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h index a9d553d070..3298c96e5a 100644 --- a/lib/gnutls_cert.h +++ b/lib/gnutls_cert.h @@ -27,7 +27,6 @@ #include <gnutls_pk.h> #include <libtasn1.h> -#include <gnutls_ui.h> #include "x509/x509.h" #define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */ diff --git a/lib/gnutls_dh.h b/lib/gnutls_dh.h index 3b49209412..ae69a44ab9 100644 --- a/lib/gnutls_dh.h +++ b/lib/gnutls_dh.h @@ -26,4 +26,3 @@ const mpi_t *_gnutls_get_dh_params(gnutls_dh_params_t); mpi_t gnutls_calc_dh_secret(mpi_t * ret_x, mpi_t g, mpi_t prime); mpi_t gnutls_calc_dh_key(mpi_t f, mpi_t x, mpi_t prime); int _gnutls_dh_generate_prime(mpi_t * ret_g, mpi_t * ret_n, uint bits); -void gnutls_dh_params_deinit(gnutls_dh_params_t dh_params); diff --git a/lib/gnutls_errors_int.h b/lib/gnutls_errors_int.h index 5f853b44f4..d9fd66c9eb 100644 --- a/lib/gnutls_errors_int.h +++ b/lib/gnutls_errors_int.h @@ -22,139 +22,7 @@ * */ -#ifndef GNUTLS_ERRORS_IH -# define GNUTLS_ERRORS_IH - -/* Gnutls error codes. The mapping to a TLS alert is also shown in - * comments. - */ - -#define GNUTLS_E_SUCCESS 0 -#define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3 -#define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6 -#define GNUTLS_E_LARGE_PACKET -7 -#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */ -#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */ -#define GNUTLS_E_INVALID_SESSION -10 -#define GNUTLS_E_FATAL_ALERT_RECEIVED -12 -#define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */ -#define GNUTLS_E_WARNING_ALERT_RECEIVED -16 -#define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18 -#define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19 -#define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */ -#define GNUTLS_E_UNWANTED_ALGORITHM -22 -#define GNUTLS_E_MPI_SCAN_FAILED -23 -#define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */ -#define GNUTLS_E_MEMORY_ERROR -25 -#define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */ -#define GNUTLS_E_COMPRESSION_FAILED -27 -#define GNUTLS_E_AGAIN -28 -#define GNUTLS_E_EXPIRED -29 -#define GNUTLS_E_DB_ERROR -30 -#define GNUTLS_E_SRP_PWD_ERROR -31 -#define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32 -#define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */ -#define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS -#define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */ - -#define GNUTLS_E_HASH_FAILED -33 -#define GNUTLS_E_BASE64_DECODING_ERROR -34 - -#define GNUTLS_E_MPI_PRINT_FAILED -35 -#define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */ -#define GNUTLS_E_GOT_APPLICATION_DATA -38 -#define GNUTLS_E_RECORD_LIMIT_REACHED -39 -#define GNUTLS_E_ENCRYPTION_FAILED -40 - -#define GNUTLS_E_PK_ENCRYPTION_FAILED -44 -#define GNUTLS_E_PK_DECRYPTION_FAILED -45 -#define GNUTLS_E_PK_SIGN_FAILED -46 -#define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47 -#define GNUTLS_E_KEY_USAGE_VIOLATION -48 -#define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */ -#define GNUTLS_E_INVALID_REQUEST -50 -#define GNUTLS_E_SHORT_MEMORY_BUFFER -51 -#define GNUTLS_E_INTERRUPTED -52 -#define GNUTLS_E_PUSH_ERROR -53 -#define GNUTLS_E_PULL_ERROR -54 -#define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */ -#define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56 -#define GNUTLS_E_PKCS1_WRONG_PAD -57 -#define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58 -#define GNUTLS_E_INTERNAL_ERROR -59 -#define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63 -#define GNUTLS_E_FILE_ERROR -64 -#define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78 -#define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80 - - -/* returned if libextra functionality was requested but - * gnutls_global_init_extra() was not called. - */ -#define GNUTLS_E_INIT_LIBEXTRA -82 -#define GNUTLS_E_LIBRARY_VERSION_MISMATCH -83 - - -/* returned if you need to generate temporary RSA - * parameters. These are needed for export cipher suites. - */ -#define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84 - -#define GNUTLS_E_LZO_INIT_FAILED -85 -#define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86 -#define GNUTLS_E_NO_CIPHER_SUITES -87 - -#define GNUTLS_E_OPENPGP_GETKEY_FAILED -88 -#define GNUTLS_E_PK_SIG_VERIFY_FAILED -89 - -#define GNUTLS_E_ILLEGAL_SRP_USERNAME -90 -#define GNUTLS_E_SRP_PWD_PARSING_ERROR -91 -#define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93 - -/* For certificate and key stuff - */ -#define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67 -#define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68 -#define GNUTLS_E_ASN1_DER_ERROR -69 -#define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70 -#define GNUTLS_E_ASN1_GENERIC_ERROR -71 -#define GNUTLS_E_ASN1_VALUE_NOT_VALID -72 -#define GNUTLS_E_ASN1_TAG_ERROR -73 -#define GNUTLS_E_ASN1_TAG_IMPLICIT -74 -#define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75 -#define GNUTLS_E_ASN1_SYNTAX_ERROR -76 -#define GNUTLS_E_ASN1_DER_OVERFLOW -77 -#define GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED -81 -#define GNUTLS_E_OPENPGP_UID_REVOKED -79 -#define GNUTLS_E_CERTIFICATE_ERROR -43 -#define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR -#define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60 -#define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */ -#define GNUTLS_E_X509_UNKNOWN_SAN -62 -#define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94 -#define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95 -#define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96 -#define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97 -#define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98 -#define GNUTLS_E_INVALID_PASSWORD -99 -#define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */ -#define GNUTLS_E_CONSTRAINT_ERROR -101 - -#define GNUTLS_E_BASE64_ENCODING_ERROR -201 -#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */ -#define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202 -#define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203 - -#define GNUTLS_E_OPENPGP_KEYRING_ERROR -204 -#define GNUTLS_E_X509_UNSUPPORTED_OID -205 - -#define GNUTLS_E_RANDOM_FAILED -206 - -#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 - /* _INT_ internal errors. Not exported */ #define GNUTLS_E_INT_RET_0 -1251 #define GNUTLS_E_INT_HANDSHAKE_AGAIN -1252 - -#endif /* GNUTLS_ERRORS_IH */ diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 5e1770dd46..385ca9cc61 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -459,7 +459,7 @@ int _gnutls_send_finished(gnutls_session_t session, int again) } ret = - _gnutls_send_handshake(session, data, data_size, GNUTLS_FINISHED); + _gnutls_send_handshake(session, data, data_size, GNUTLS_HANDSHAKE_FINISHED); return ret; } @@ -476,7 +476,7 @@ int _gnutls_recv_finished(gnutls_session_t session) ret = _gnutls_recv_handshake(session, &vrfy, &vrfysize, - GNUTLS_FINISHED, MANDATORY_PACKET); + GNUTLS_HANDSHAKE_FINISHED, MANDATORY_PACKET); if (ret < 0) { ERR("recv finished int", ret); gnutls_assert(); @@ -728,7 +728,7 @@ int _gnutls_server_select_comp_method(gnutls_session_t session, * (until it returns ok), with NULL parameters. */ int _gnutls_send_empty_handshake(gnutls_session_t session, - handshake_t type, int again) + gnutls_handshake_description_t type, int again) { opaque data = 0; opaque *ptr; @@ -746,7 +746,7 @@ int _gnutls_send_empty_handshake(gnutls_session_t session, */ static int _gnutls_handshake_hash_add_sent(gnutls_session_t session, - handshake_t type, opaque * dataptr, + gnutls_handshake_description_t type, opaque * dataptr, uint32 datalen) { int ret; @@ -756,7 +756,7 @@ int _gnutls_handshake_hash_add_sent(gnutls_session_t session, return ret; } - if (type != GNUTLS_HELLO_REQUEST) { + if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) { _gnutls_hash(session->internals.handshake_mac_handle_sha, dataptr, datalen); _gnutls_hash(session->internals.handshake_mac_handle_md5, dataptr, @@ -773,7 +773,7 @@ int _gnutls_handshake_hash_add_sent(gnutls_session_t session, * (until it returns ok), with NULL parameters. */ int _gnutls_send_handshake(gnutls_session_t session, void *i_data, - uint32 i_datasize, handshake_t type) + uint32 i_datasize, gnutls_handshake_description_t type) { int ret; uint8 *data; @@ -815,7 +815,7 @@ int _gnutls_send_handshake(gnutls_session_t session, void *i_data, /* Here we keep the handshake messages in order to hash them... */ - if (type != GNUTLS_HELLO_REQUEST) + if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) if ((ret = _gnutls_handshake_hash_add_sent(session, type, data, datasize)) < 0) { @@ -843,8 +843,8 @@ int _gnutls_send_handshake(gnutls_session_t session, void *i_data, */ #define SSL2_HEADERS 1 static int _gnutls_recv_handshake_header(gnutls_session_t session, - handshake_t type, - handshake_t * recv_type) + gnutls_handshake_description_t type, + gnutls_handshake_description_t * recv_type) { int ret; uint32 length32 = 0; @@ -857,7 +857,7 @@ static int _gnutls_recv_handshake_header(gnutls_session_t session, */ if (session->internals.handshake_header_buffer.header_size == handshake_header_size || (session->internals.v2_hello != 0 - && type == GNUTLS_CLIENT_HELLO + && type == GNUTLS_HANDSHAKE_CLIENT_HELLO && session->internals. handshake_header_buffer. packet_length > 0)) { @@ -894,7 +894,7 @@ static int _gnutls_recv_handshake_header(gnutls_session_t session, header_size = SSL2_HEADERS; } - if (session->internals.v2_hello == 0 || type != GNUTLS_CLIENT_HELLO) { + if (session->internals.v2_hello == 0 || type != GNUTLS_HANDSHAKE_CLIENT_HELLO) { ret = _gnutls_handshake_io_recv_int(session, GNUTLS_HANDSHAKE, type, @@ -939,7 +939,7 @@ static int _gnutls_recv_handshake_header(gnutls_session_t session, session, _gnutls_handshake2str(*recv_type), length32 + handshake_header_size); - if (*recv_type != GNUTLS_CLIENT_HELLO) { /* it should be one or nothing */ + if (*recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO) { /* it should be one or nothing */ gnutls_assert(); return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; } @@ -968,7 +968,7 @@ static int _gnutls_recv_handshake_header(gnutls_session_t session, */ static int _gnutls_handshake_hash_add_recvd(gnutls_session_t session, - handshake_t recv_type, + gnutls_handshake_description_t recv_type, opaque * header, uint16 header_size, opaque * dataptr, uint32 datalen) { @@ -984,7 +984,7 @@ int _gnutls_handshake_hash_add_recvd(gnutls_session_t session, } /* here we buffer the handshake messages - needed at Finished message */ - if (recv_type != GNUTLS_HELLO_REQUEST) { + if (recv_type != GNUTLS_HANDSHAKE_HELLO_REQUEST) { if ((ret = _gnutls_handshake_buffer_put(session, @@ -1013,13 +1013,13 @@ int _gnutls_handshake_hash_add_recvd(gnutls_session_t session, * passed to _gnutls_recv_hello(). */ int _gnutls_recv_handshake(gnutls_session_t session, uint8 ** data, - int *datalen, handshake_t type, + int *datalen, gnutls_handshake_description_t type, Optional optional) { int ret; uint32 length32 = 0; opaque *dataptr = NULL; - handshake_t recv_type; + gnutls_handshake_description_t recv_type; ret = _gnutls_recv_handshake_header(session, type, &recv_type); if (ret < 0) { @@ -1029,7 +1029,7 @@ int _gnutls_recv_handshake(gnutls_session_t session, uint8 ** data, */ if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED && gnutls_alert_get(session) == GNUTLS_A_MISSING_SRP_USERNAME && - type == GNUTLS_SERVER_HELLO) { + type == GNUTLS_HANDSHAKE_SERVER_HELLO) { gnutls_assert(); return GNUTLS_E_INT_HANDSHAKE_AGAIN; } @@ -1052,7 +1052,7 @@ int _gnutls_recv_handshake(gnutls_session_t session, uint8 ** data, if (length32 > 0) dataptr = gnutls_malloc(length32); - else if (recv_type != GNUTLS_SERVER_HELLO_DONE) { + else if (recv_type != GNUTLS_HANDSHAKE_SERVER_HELLO_DONE) { gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } @@ -1099,8 +1099,8 @@ int _gnutls_recv_handshake(gnutls_session_t session, uint8 ** data, _gnutls_handshake_header_buffer_clear(session); switch (recv_type) { - case GNUTLS_CLIENT_HELLO: - case GNUTLS_SERVER_HELLO: + case GNUTLS_HANDSHAKE_CLIENT_HELLO: + case GNUTLS_HANDSHAKE_SERVER_HELLO: ret = _gnutls_recv_hello(session, dataptr, length32); /* dataptr is freed because the caller does not * need it */ @@ -1108,18 +1108,18 @@ int _gnutls_recv_handshake(gnutls_session_t session, uint8 ** data, if (data != NULL) *data = NULL; break; - case GNUTLS_SERVER_HELLO_DONE: + case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: if (length32 == 0) ret = 0; else ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; break; - case GNUTLS_CERTIFICATE_PKT: - case GNUTLS_FINISHED: - case GNUTLS_SERVER_KEY_EXCHANGE: - case GNUTLS_CLIENT_KEY_EXCHANGE: - case GNUTLS_CERTIFICATE_REQUEST: - case GNUTLS_CERTIFICATE_VERIFY: + case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: + case GNUTLS_HANDSHAKE_FINISHED: + case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: + case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: + case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: + case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: ret = length32; break; default: @@ -1659,7 +1659,7 @@ static int _gnutls_send_client_hello(gnutls_session_t session, int again) ret = _gnutls_send_handshake(session, data, datalen, - GNUTLS_CLIENT_HELLO); + GNUTLS_HANDSHAKE_CLIENT_HELLO); gnutls_free(data); return ret; @@ -1767,7 +1767,7 @@ static int _gnutls_send_server_hello(gnutls_session_t session, int again) ret = _gnutls_send_handshake(session, data, datalen, - GNUTLS_SERVER_HELLO); + GNUTLS_HANDSHAKE_SERVER_HELLO); gnutls_afree(data); return ret; @@ -1867,7 +1867,7 @@ int gnutls_rehandshake(gnutls_session_t session) return GNUTLS_E_INVALID_REQUEST; ret = - _gnutls_send_empty_handshake(session, GNUTLS_HELLO_REQUEST, + _gnutls_send_empty_handshake(session, GNUTLS_HANDSHAKE_HELLO_REQUEST, AGAIN(STATE50)); STATE = STATE50; @@ -2046,7 +2046,7 @@ int _gnutls_handshake_client(gnutls_session_t session) /* receive the server hello */ ret = _gnutls_recv_handshake(session, NULL, NULL, - GNUTLS_SERVER_HELLO, MANDATORY_PACKET); + GNUTLS_HANDSHAKE_SERVER_HELLO, MANDATORY_PACKET); STATE = STATE2; IMED_RET("recv hello", ret); @@ -2078,7 +2078,7 @@ int _gnutls_handshake_client(gnutls_session_t session) if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ ret = _gnutls_recv_handshake(session, NULL, NULL, - GNUTLS_SERVER_HELLO_DONE, + GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, MANDATORY_PACKET); STATE = STATE6; IMED_RET("recv server hello done", ret); @@ -2238,7 +2238,7 @@ int _gnutls_handshake_server(gnutls_session_t session) case STATE1: ret = _gnutls_recv_handshake(session, NULL, NULL, - GNUTLS_CLIENT_HELLO, MANDATORY_PACKET); + GNUTLS_HANDSHAKE_CLIENT_HELLO, MANDATORY_PACKET); STATE = STATE1; IMED_RET("recv hello", ret); @@ -2277,7 +2277,7 @@ int _gnutls_handshake_server(gnutls_session_t session) if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ ret = _gnutls_send_empty_handshake(session, - GNUTLS_SERVER_HELLO_DONE, + GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, AGAIN(STATE6)); STATE = STATE6; IMED_RET("send server hello done", ret); @@ -2377,7 +2377,7 @@ int _gnutls_recv_hello_request(gnutls_session_t session, void *data, return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } type = ((uint8 *) data)[0]; - if (type == GNUTLS_HELLO_REQUEST) + if (type == GNUTLS_HANDSHAKE_HELLO_REQUEST) return GNUTLS_E_REHANDSHAKE; else { gnutls_assert(); @@ -2394,8 +2394,6 @@ inline static int check_server_params(gnutls_session_t session, int alg_size) { int cred_type; - const gnutls_certificate_credentials_t x509_cred; - const gnutls_anon_server_credentials_t anon_cred; gnutls_dh_params_t dh_params = NULL; gnutls_rsa_params_t rsa_params = NULL; int j, remove; @@ -2405,7 +2403,8 @@ inline static int check_server_params(gnutls_session_t session, /* Read the Diffie Hellman parameters, if any. */ if (cred_type == GNUTLS_CRD_CERTIFICATE) { - x509_cred = _gnutls_get_cred(session->key, cred_type, NULL); + const gnutls_certificate_credentials_t x509_cred = + _gnutls_get_cred(session->key, cred_type, NULL); if (x509_cred != NULL) { dh_params = @@ -2430,7 +2429,8 @@ inline static int check_server_params(gnutls_session_t session, #ifdef ENABLE_ANON } else if (cred_type == GNUTLS_CRD_ANON) { - anon_cred = _gnutls_get_cred(session->key, cred_type, NULL); + const gnutls_anon_server_credentials_t anon_cred = + _gnutls_get_cred(session->key, cred_type, NULL); if (anon_cred != NULL) { dh_params = _gnutls_anon_get_dh_params(anon_cred, session); @@ -2473,7 +2473,7 @@ int _gnutls_remove_unwanted_ciphersuites(gnutls_session_t session, int ret = 0; cipher_suite_st *newSuite, cs; int newSuiteSize = 0, i, remove; - const gnutls_certificate_credentials_t x509_cred; + gnutls_certificate_credentials_t x509_cred; gnutls_kx_algorithm_t kx; int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0; diff --git a/lib/gnutls_handshake.h b/lib/gnutls_handshake.h index dcc28c3d8a..7e04608c20 100644 --- a/lib/gnutls_handshake.h +++ b/lib/gnutls_handshake.h @@ -25,7 +25,7 @@ typedef enum Optional { OPTIONAL_PACKET, MANDATORY_PACKET } Optional; int _gnutls_send_handshake(gnutls_session_t session, void *i_data, - uint32 i_datasize, handshake_t type); + uint32 i_datasize, gnutls_handshake_description_t type); int gnutls_send_hello_request(gnutls_session_t session); int _gnutls_recv_hello_request(gnutls_session_t session, void *data, uint32 data_size); @@ -34,7 +34,7 @@ int _gnutls_recv_hello(gnutls_session_t session, opaque * data, int datalen); int gnutls_handshake(gnutls_session_t session); int _gnutls_recv_handshake(gnutls_session_t session, uint8 **, int *, - handshake_t, Optional optional); + gnutls_handshake_description_t, Optional optional); int _gnutls_generate_session_id(opaque * session_id, uint8 * len); int _gnutls_handshake_common(gnutls_session_t session); int _gnutls_handshake_client(gnutls_session_t session); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 27fa306a3a..be6bb611d6 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -26,6 +26,8 @@ #define GNUTLS_INT_H +#include <gnutls/gnutls.h> + #include <defines.h> /* @@ -41,11 +43,6 @@ #define DEBUG */ -/* It might be a good idea to replace int with void* - * here. - */ -typedef void *gnutls_transport_ptr_t; - #define MAX32 4294967295 #define MAX24 16777215 #define MAX16 65535 @@ -101,7 +98,6 @@ typedef void *gnutls_transport_ptr_t; #define DEFAULT_VERIFY_BITS 8200 #include <gnutls_mem.h> -#include <gnutls_ui.h> #define DECR_LEN(len, x) do { len-=x; if (len<0) {gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;} } while (0) #define DECR_LENGTH_RET(len, x, RET) do { len-=x; if (len<0) {gnutls_assert(); return RET;} } while (0) @@ -112,59 +108,17 @@ typedef struct { opaque pint[3]; } uint24; -typedef struct { - opaque *data; - unsigned int size; -} gnutls_datum_t; - #include <gnutls_mpi.h> typedef enum change_cipher_spec_t { GNUTLS_TYPE_CHANGE_CIPHER_SPEC = 1 } change_cipher_spec_t; -typedef enum gnutls_certificate_status { - GNUTLS_CERT_INVALID = 2, /* will be set if the certificate - * was not verified. - */ - GNUTLS_CERT_REVOKED = 32, /* in X.509 this will be set only if CRLs are checked - */ - - /* Those are extra information about the verification - * process. Will be set only if the certificate was - * not verified. - */ - GNUTLS_CERT_SIGNER_NOT_FOUND = 64, - GNUTLS_CERT_SIGNER_NOT_CA = 128 -} gnutls_certificate_status_t; - -typedef enum gnutls_certificate_request { GNUTLS_CERT_IGNORE, - GNUTLS_CERT_REQUEST = 1, GNUTLS_CERT_REQUIRE -} gnutls_certificate_request_t; - -typedef enum gnutls_openpgp_key_status { GNUTLS_OPENPGP_KEY, - GNUTLS_OPENPGP_KEY_FINGERPRINT -} gnutls_openpgp_key_status_t; - -typedef enum gnutls_close_request_t { - GNUTLS_SHUT_RDWR = 0, GNUTLS_SHUT_WR = 1 -} gnutls_close_request_t; - typedef enum handshake_state_t { STATE0 = 0, STATE1, STATE2, STATE3, STATE4, STATE5, STATE6, STATE7, STATE8, STATE9, STATE20 = 20, STATE21, STATE30 = 30, STATE31, STATE50 = 50, STATE60 = 60, STATE61, STATE62 } handshake_state_t; -typedef enum handshake_t { GNUTLS_HELLO_REQUEST, - GNUTLS_CLIENT_HELLO, GNUTLS_SERVER_HELLO, - GNUTLS_CERTIFICATE_PKT = 11, GNUTLS_SERVER_KEY_EXCHANGE, - GNUTLS_CERTIFICATE_REQUEST, GNUTLS_SERVER_HELLO_DONE, - GNUTLS_CERTIFICATE_VERIFY, GNUTLS_CLIENT_KEY_EXCHANGE, - GNUTLS_FINISHED = 20 -} handshake_t; - -typedef handshake_t gnutls_handshake_description_t; - #include <gnutls_buffer.h> /* This is the maximum number of algorithms (ciphers or macs etc). @@ -174,52 +128,11 @@ typedef handshake_t gnutls_handshake_description_t; #define MAX_CIPHERSUITES 256 - -typedef enum gnutls_cipher_algorithm { GNUTLS_CIPHER_NULL = 1, - GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, - GNUTLS_CIPHER_ARCFOUR_40, - GNUTLS_CIPHER_RC2_40_CBC = 90, GNUTLS_CIPHER_DES_CBC -} gnutls_cipher_algorithm_t; - -typedef enum gnutls_kx_algorithm { GNUTLS_KX_RSA = 1, GNUTLS_KX_DHE_DSS, - GNUTLS_KX_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP, - GNUTLS_KX_RSA_EXPORT, GNUTLS_KX_SRP_RSA, GNUTLS_KX_SRP_DSS -} gnutls_kx_algorithm_t; - -typedef enum gnutls_params_type { GNUTLS_PARAMS_RSA_EXPORT = 1, - GNUTLS_PARAMS_DH -} gnutls_params_type_t; - -typedef enum gnutls_mac_algorithm { GNUTLS_MAC_UNKNOWN = 0, - GNUTLS_MAC_NULL = 1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA1, - GNUTLS_MAC_RMD160 -} gnutls_mac_algorithm_t; -typedef gnutls_mac_algorithm_t gnutls_digest_algorithm_t; - -typedef enum gnutls_compression_method { - GNUTLS_COMP_NULL = 1, GNUTLS_COMP_DEFLATE, - GNUTLS_COMP_LZO -} gnutls_compression_method_t; - -typedef enum gnutls_connection_end { - GNUTLS_SERVER = 1, GNUTLS_CLIENT -} gnutls_connection_end_t; - typedef enum extensions_t { GNUTLS_EXTENSION_SERVER_NAME = 0, GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1, GNUTLS_EXTENSION_SRP = 6, GNUTLS_EXTENSION_CERT_TYPE = 7 } extensions_t; -typedef enum gnutls_credentials_type { - GNUTLS_CRD_CERTIFICATE = 1, GNUTLS_CRD_ANON, - GNUTLS_CRD_SRP -} gnutls_credentials_type_t; - -typedef enum gnutls_certificate_type { - GNUTLS_CRT_X509 = 1, GNUTLS_CRT_OPENPGP -} gnutls_certificate_type_t; - typedef enum { CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t; typedef enum valid_session_t { VALID_TRUE, VALID_FALSE } valid_session_t; @@ -233,40 +146,16 @@ typedef enum content_type_t { GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA } content_type_t; -typedef enum gnutls_x509_crt_fmt { - GNUTLS_X509_FMT_DER, - GNUTLS_X509_FMT_PEM -} gnutls_x509_crt_fmt_t; - -typedef enum gnutls_pk_algorithm { - GNUTLS_PK_UNKNOWN = 0, GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA -} gnutls_pk_algorithm_t; - #define GNUTLS_PK_ANY (gnutls_pk_algorithm_t)-1 #define GNUTLS_PK_NONE (gnutls_pk_algorithm_t)-2 -typedef enum gnutls_sign_algorithm { - GNUTLS_SIGN_UNKNOWN = 0, - GNUTLS_SIGN_RSA_SHA1 = 1, GNUTLS_SIGN_DSA_SHA1, - GNUTLS_SIGN_RSA_MD5, GNUTLS_SIGN_RSA_MD2, GNUTLS_SIGN_RSA_RMD160 -} gnutls_sign_algorithm_t; - /* STATE (stop) */ typedef void (*LOG_FUNC) (int, const char *); -/* Pull & Push functions defines: - */ -typedef ssize_t(*gnutls_pull_func)(gnutls_transport_ptr_t, void *, size_t); -typedef ssize_t(*gnutls_push_func)(gnutls_transport_ptr_t, const void *,size_t); - /* Store & Retrieve functions defines: */ -typedef int (*gnutls_db_store_func) (void *, gnutls_datum_t key, - gnutls_datum_t data); -typedef int (*gnutls_db_remove_func) (void *, gnutls_datum_t key); -typedef gnutls_datum_t(*gnutls_db_retr_func) (void *, gnutls_datum_t key); typedef struct auth_cred_st { gnutls_credentials_type_t algorithm; @@ -335,23 +224,11 @@ typedef struct { uint8 suite[2]; } cipher_suite_st; -/* Versions should be in order of the oldest - * (eg. SSL3 is before TLS1) - */ -#define GNUTLS_TLS1 GNUTLS_TLS1_0 -typedef enum gnutls_protocol_version { - GNUTLS_SSL3 = 1, GNUTLS_TLS1_0, - GNUTLS_TLS1_1, GNUTLS_VERSION_UNKNOWN = 0xff -} gnutls_protocol_t; - /* This structure holds parameters got from TLS extension * mechanism. (some extensions may hold parameters in auth_info_t * structures also - see SRP). */ -typedef enum { GNUTLS_NAME_DNS = 1 -} gnutls_server_name_type_t; - typedef struct { opaque name[MAX_SERVER_NAME_SIZE]; uint name_length; @@ -458,16 +335,12 @@ typedef struct { /* DH and RSA parameters types. */ -typedef struct { +typedef struct gnutls_dh_params_int { /* [0] is the prime, [1] is the generator. */ mpi_t params[2]; } dh_params_st; -#define gnutls_dh_params_t dh_params_st* - -#define gnutls_rsa_params_t gnutls_x509_privkey_t - typedef struct { gnutls_dh_params_t anon_dh_params; int free_anon_dh_params; @@ -477,15 +350,6 @@ typedef struct { int free_rsa_params; } internal_params_st; -typedef struct gnutls_params_st { - gnutls_params_type_t type; - union params { - gnutls_dh_params_t dh; - gnutls_rsa_params_t rsa_export; - } params; - int deinit; -} gnutls_params_st; - typedef struct { @@ -494,7 +358,7 @@ typedef struct { size_t header_size; /* this holds the length of the handshake packet */ size_t packet_length; - handshake_t recv_type; + gnutls_handshake_description_t recv_type; } handshake_header_buffer_st; /* Openpgp key retrieval callback */ @@ -556,9 +420,9 @@ typedef struct { gnutls_buffer handshake_send_buffer; size_t handshake_send_buffer_prev_size; content_type_t handshake_send_buffer_type; - handshake_t handshake_send_buffer_htype; + gnutls_handshake_description_t handshake_send_buffer_htype; content_type_t handshake_recv_buffer_type; - handshake_t handshake_recv_buffer_htype; + gnutls_handshake_description_t handshake_recv_buffer_htype; gnutls_buffer handshake_recv_buffer; /* this buffer holds a record packet -mostly used for @@ -720,8 +584,6 @@ struct gnutls_session_int { gnutls_key_st key; }; -typedef struct gnutls_session_int *gnutls_session_t; - /* functions @@ -751,7 +613,4 @@ int gnutls_fingerprint(gnutls_digest_algorithm_t algo, const gnutls_datum_t * data, void *result, size_t * result_size); -typedef int gnutls_params_function(gnutls_session_t, gnutls_params_type_t, - gnutls_params_st *); - #endif /* GNUTLS_INT_H */ diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index 58676e2b3a..49c81e285e 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -142,7 +142,7 @@ int _gnutls_send_server_kx_message(gnutls_session_t session, int again) ret = _gnutls_send_handshake(session, data, data_size, - GNUTLS_SERVER_KEY_EXCHANGE); + GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE); gnutls_free(data); if (ret < 0) { @@ -184,7 +184,7 @@ int _gnutls_send_server_certificate_request(gnutls_session_t session, } ret = _gnutls_send_handshake(session, data, data_size, - GNUTLS_CERTIFICATE_REQUEST); + GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST); gnutls_free(data); if (ret < 0) { @@ -222,7 +222,7 @@ int _gnutls_send_client_kx_message(gnutls_session_t session, int again) } ret = _gnutls_send_handshake(session, data, data_size, - GNUTLS_CLIENT_KEY_EXCHANGE); + GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE); gnutls_free(data); if (ret < 0) { @@ -278,7 +278,7 @@ int _gnutls_send_client_certificate_verify(gnutls_session_t session, } ret = _gnutls_send_handshake(session, data, - data_size, GNUTLS_CERTIFICATE_VERIFY); + data_size, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY); gnutls_free(data); return ret; @@ -304,7 +304,7 @@ int _gnutls_recv_server_kx_message(gnutls_session_t session) ret = _gnutls_recv_handshake(session, &data, &datasize, - GNUTLS_SERVER_KEY_EXCHANGE, + GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE, MANDATORY_PACKET); if (ret < 0) { gnutls_assert(); @@ -337,7 +337,7 @@ int _gnutls_recv_server_certificate_request(gnutls_session_t session) ret = _gnutls_recv_handshake(session, &data, &datasize, - GNUTLS_CERTIFICATE_REQUEST, + GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, OPTIONAL_PACKET); if (ret < 0) return ret; @@ -370,7 +370,7 @@ int _gnutls_recv_client_kx_message(gnutls_session_t session) ret = _gnutls_recv_handshake(session, &data, &datasize, - GNUTLS_CLIENT_KEY_EXCHANGE, + GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE, MANDATORY_PACKET); if (ret < 0) return ret; @@ -437,7 +437,7 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again) */ ret = _gnutls_send_handshake(session, data, data_size, - GNUTLS_CERTIFICATE_PKT); + GNUTLS_HANDSHAKE_CERTIFICATE_PKT); gnutls_free(data); } @@ -478,7 +478,7 @@ int _gnutls_send_server_certificate(gnutls_session_t session, int again) } ret = _gnutls_send_handshake(session, data, data_size, - GNUTLS_CERTIFICATE_PKT); + GNUTLS_HANDSHAKE_CERTIFICATE_PKT); gnutls_free(data); if (ret < 0) { @@ -514,7 +514,7 @@ int _gnutls_recv_client_certificate(gnutls_session_t session) ret = _gnutls_recv_handshake(session, &data, &datasize, - GNUTLS_CERTIFICATE_PKT, optional); + GNUTLS_HANDSHAKE_CERTIFICATE_PKT, optional); if (ret < 0) { if (optional == OPTIONAL_PACKET && ret == GNUTLS_E_WARNING_ALERT_RECEIVED && @@ -581,7 +581,7 @@ int _gnutls_recv_server_certificate(gnutls_session_t session) ret = _gnutls_recv_handshake(session, &data, &datasize, - GNUTLS_CERTIFICATE_PKT, + GNUTLS_HANDSHAKE_CERTIFICATE_PKT, MANDATORY_PACKET); if (ret < 0) { gnutls_assert(); @@ -624,7 +624,7 @@ int _gnutls_recv_client_certificate_verify_message(gnutls_session_t ret = _gnutls_recv_handshake(session, &data, &datasize, - GNUTLS_CERTIFICATE_VERIFY, + GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY, OPTIONAL_PACKET); if (ret < 0) return ret; diff --git a/lib/gnutls_mem.h b/lib/gnutls_mem.h index 7f693310e9..ef04a388c5 100644 --- a/lib/gnutls_mem.h +++ b/lib/gnutls_mem.h @@ -55,11 +55,6 @@ typedef void svoid; /* for functions that allocate using gnutls_secure_malloc * # endif #endif /* HAVE_ALLOCA */ -typedef void *(*gnutls_alloc_function) (size_t); -typedef int (*gnutls_is_secure_function) (const void *); -typedef void (*gnutls_free_function) (void *); -typedef void *(*gnutls_realloc_function) (void *, size_t); - extern gnutls_alloc_function gnutls_secure_malloc; extern gnutls_alloc_function gnutls_malloc; extern gnutls_free_function gnutls_free; diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 4475136dd3..d8757382a7 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -254,12 +254,12 @@ inline static int session_is_valid(gnutls_session_t session) * version must have 2 bytes at least. */ inline static -void copy_record_version(gnutls_session_t session, handshake_t htype, +void copy_record_version(gnutls_session_t session, gnutls_handshake_description_t htype, opaque version[2]) { gnutls_protocol_t lver; - if (htype != GNUTLS_CLIENT_HELLO + if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO || session->internals.default_record_version[0] == 0) { lver = gnutls_protocol_get_version(session); @@ -286,7 +286,7 @@ void copy_record_version(gnutls_session_t session, handshake_t htype, * */ ssize_t _gnutls_send_int(gnutls_session_t session, content_type_t type, - handshake_t htype, const void *_data, + gnutls_handshake_description_t htype, const void *_data, size_t sizeofdata) { uint8 *cipher; @@ -494,7 +494,7 @@ static int check_buffers(gnutls_session_t session, content_type_t type, */ static int record_check_headers(gnutls_session_t session, - uint8 headers[RECORD_HEADER_SIZE], content_type_t type, handshake_t htype, + uint8 headers[RECORD_HEADER_SIZE], content_type_t type, gnutls_handshake_description_t htype, /*output */ content_type_t * recv_type, opaque version[2], uint16 * length, uint16 * header_size) { @@ -503,7 +503,7 @@ int record_check_headers(gnutls_session_t session, * version 2 message */ - if (htype == GNUTLS_CLIENT_HELLO && type == GNUTLS_HANDSHAKE + if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && type == GNUTLS_HANDSHAKE && headers[0] > 127) { /* if msb set and expecting handshake message @@ -547,9 +547,9 @@ int record_check_headers(gnutls_session_t session, */ inline static int record_check_version(gnutls_session_t session, - handshake_t htype, opaque version[2]) + gnutls_handshake_description_t htype, opaque version[2]) { - if (htype == GNUTLS_CLIENT_HELLO) { + if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) { /* Reject hello packets with major version higher than 3. */ if (version[0] > 3) { @@ -559,7 +559,7 @@ inline htype, version[0], version[1]); return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; } - } else if (htype != GNUTLS_SERVER_HELLO && + } else if (htype != GNUTLS_HANDSHAKE_SERVER_HELLO && gnutls_protocol_get_version(session) != _gnutls_version_get(version[0], version[1])) { /* Reject record packets that have a different version than the @@ -581,7 +581,7 @@ inline */ static int record_check_type(gnutls_session_t session, content_type_t recv_type, content_type_t type, - handshake_t htype, opaque * data, int data_size) + gnutls_handshake_description_t htype, opaque * data, int data_size) { int ret; @@ -648,7 +648,7 @@ static int record_check_type(gnutls_session_t session, * if expecting client hello (for rehandshake * reasons). Otherwise it is an unexpected packet */ - if (type==GNUTLS_ALERT || (htype == GNUTLS_CLIENT_HELLO + if (type==GNUTLS_ALERT || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && type == GNUTLS_HANDSHAKE)) return GNUTLS_E_GOT_APPLICATION_DATA; else { @@ -736,10 +736,10 @@ inline * receive (if called by the user the Content is Userdata only) * It is intended to receive data, under the current session. * - * The handshake_t was introduced to support SSL V2.0 client hellos. + * The gnutls_handshake_description_t was introduced to support SSL V2.0 client hellos. */ ssize_t _gnutls_recv_int(gnutls_session_t session, content_type_t type, - handshake_t htype, opaque * data, + gnutls_handshake_description_t htype, opaque * data, size_t sizeofdata) { gnutls_datum_t tmp; diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h index 53285dfdbe..05cf4e66fd 100644 --- a/lib/gnutls_record.h +++ b/lib/gnutls_record.h @@ -23,10 +23,10 @@ */ ssize_t _gnutls_send_int(gnutls_session_t session, content_type_t type, - handshake_t htype, const void *data, + gnutls_handshake_description_t htype, const void *data, size_t sizeofdata); ssize_t _gnutls_recv_int(gnutls_session_t session, content_type_t type, - handshake_t, opaque * data, size_t sizeofdata); + gnutls_handshake_description_t, opaque * data, size_t sizeofdata); ssize_t _gnutls_send_change_cipher_spec(gnutls_session_t session, int again); void gnutls_transport_set_lowat(gnutls_session_t session, int num); diff --git a/lib/gnutls_rsa_export.h b/lib/gnutls_rsa_export.h index ff2f40d2e8..6b7641eca1 100644 --- a/lib/gnutls_rsa_export.h +++ b/lib/gnutls_rsa_export.h @@ -25,4 +25,4 @@ const mpi_t *_gnutls_get_rsa_params(gnutls_rsa_params_t); int _gnutls_peers_cert_less_512(gnutls_session_t session); int _gnutls_rsa_generate_params(mpi_t * resarr, int *resarr_len, int bits); -void gnutls_rsa_params_deinit(gnutls_rsa_params_t rsa_params); + diff --git a/lib/gnutls_session.h b/lib/gnutls_session.h index 332cf5129d..18037c1543 100644 --- a/lib/gnutls_session.h +++ b/lib/gnutls_session.h @@ -21,9 +21,3 @@ * USA * */ - -int gnutls_session_set_data(gnutls_session_t session, - const opaque * session_data, - int session_data_size); -int gnutls_session_get_data(gnutls_session_t session, - opaque * session_data, int *session_data_size); diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h index 732012886e..2bbb284d62 100644 --- a/lib/gnutls_sig.h +++ b/lib/gnutls_sig.h @@ -24,19 +24,29 @@ #ifndef GNUTLS_SIG_H # define GNUTLS_SIG_H -# include <auth_cert.h> -gnutls_certificate_status_t gnutls_x509_verify_signature(gnutls_cert * - cert, gnutls_cert * issuer); -int _gnutls_tls_sign_hdata(gnutls_session_t session, gnutls_cert * cert, - gnutls_privkey * pkey, gnutls_datum_t * signature); -int _gnutls_tls_sign_params(gnutls_session_t session, gnutls_cert * cert, - gnutls_privkey * pkey, gnutls_datum_t * params, gnutls_datum_t * signature); -int _gnutls_verify_sig_hdata(gnutls_session_t session, gnutls_cert * cert, - gnutls_datum_t * signature); -int _gnutls_verify_sig_params(gnutls_session_t session, gnutls_cert * cert, - const gnutls_datum_t * params, gnutls_datum_t * signature); -int _gnutls_sign(gnutls_pk_algorithm_t algo, mpi_t * params, - int params_size, const gnutls_datum_t * data, gnutls_datum_t * signature); +int _gnutls_tls_sign_hdata(gnutls_session_t session, + gnutls_cert * cert, + gnutls_privkey * pkey, + gnutls_datum_t * signature); + +int _gnutls_tls_sign_params(gnutls_session_t session, + gnutls_cert * cert, + gnutls_privkey * pkey, + gnutls_datum_t * params, + gnutls_datum_t * signature); + +int _gnutls_verify_sig_hdata(gnutls_session_t session, + gnutls_cert * cert, + gnutls_datum_t * signature); + +int _gnutls_verify_sig_params(gnutls_session_t session, + gnutls_cert * cert, + const gnutls_datum_t * params, + gnutls_datum_t * signature); + +int _gnutls_sign(gnutls_pk_algorithm_t algo, + mpi_t * params, int params_size, + const gnutls_datum_t * data, gnutls_datum_t * signature); #endif diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 823b2ba691..41963109f2 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -124,7 +124,7 @@ int _gnutls_session_cert_type_supported(gnutls_session_t session, { uint i; uint cert_found = 0; - const gnutls_certificate_credentials_t cred; + gnutls_certificate_credentials_t cred; if (session->security_parameters.entity == GNUTLS_SERVER) { cred = diff --git a/lib/gnutls_state.h b/lib/gnutls_state.h index 580a5ccdfe..e29e2569f1 100644 --- a/lib/gnutls_state.h +++ b/lib/gnutls_state.h @@ -51,7 +51,6 @@ int _gnutls_dh_set_peer_public(gnutls_session_t session, mpi_t public); int _gnutls_dh_set_group(gnutls_session_t session, mpi_t gen, mpi_t prime); int _gnutls_dh_get_allowed_prime_bits(gnutls_session_t session); -void gnutls_dh_set_prime_bits(gnutls_session_t session, unsigned int bits); void _gnutls_handshake_internal_state_clear(gnutls_session_t); int _gnutls_rsa_export_set_pubkey(gnutls_session_t session, mpi_t exp, diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index 33380b75f8..0cb5507451 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -364,7 +364,7 @@ int gnutls_dh_get_peers_public_bits(gnutls_session_t session) **/ const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t session) { - const gnutls_certificate_credentials_t cred; + gnutls_certificate_credentials_t cred; CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL); diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index e66a9790de..5f1bff16cc 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -98,7 +98,7 @@ int _gnutls_x509_cert_verify_peers(gnutls_session_t session, unsigned int *status) { cert_auth_info_t info; - const gnutls_certificate_credentials_t cred; + gnutls_certificate_credentials_t cred; gnutls_x509_crt_t *peer_certificate_list; int peer_certificate_list_size, i, x, ret; diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c index 3f6a02b41a..79b4fdf097 100644 --- a/lib/x509/crl_write.c +++ b/lib/x509/crl_write.c @@ -41,7 +41,6 @@ #include <sign.h> #include <extensions.h> #include <libtasn1.h> -#include <gnutls_ui.h> static void disable_optional_stuff(gnutls_x509_crl_t crl); diff --git a/lib/x509/crq.c b/lib/x509/crq.c index af55d81dce..e595b48259 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -41,7 +41,6 @@ #include <sign.h> #include <extensions.h> #include <libtasn1.h> -#include <gnutls_ui.h> /** * gnutls_x509_crq_init - This function initializes a gnutls_x509_crq_t structure diff --git a/lib/x509/rfc2818_hostname.c b/lib/x509/rfc2818_hostname.c index 488eacf4ad..e0bdaa12a7 100644 --- a/lib/x509/rfc2818_hostname.c +++ b/lib/x509/rfc2818_hostname.c @@ -22,7 +22,6 @@ */ #include <gnutls_int.h> -#include <gnutls_ui.h> #include <compat.h> #include <x509.h> #include <dn.h> diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 534a232e5f..de4085794d 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -36,7 +36,6 @@ #include <dn.h> #include <extensions.h> #include <libtasn1.h> -#include <gnutls_ui.h> #include <mpi.h> #include <privkey.h> #include <verify.h> diff --git a/lib/x509/x509.h b/lib/x509/x509.h index dd93616240..386c6f2a4e 100644 --- a/lib/x509/x509.h +++ b/lib/x509/x509.h @@ -89,10 +89,6 @@ typedef struct gnutls_x509_privkey_int { ASN1_TYPE key; } gnutls_x509_privkey_int; -typedef struct gnutls_x509_crt_int *gnutls_x509_crt_t; -typedef struct gnutls_x509_crl_int *gnutls_x509_crl_t; -typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey_t; - int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, const char *oid, int indx, unsigned int raw_flag, void *buf, diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index 3bf0c2d18b..453ca523c5 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -41,7 +41,6 @@ #include <sign.h> #include <extensions.h> #include <libtasn1.h> -#include <gnutls_ui.h> static void disable_optional_stuff(gnutls_x509_crt_t cert); diff --git a/libextra/openpgp/openpgp.h b/libextra/openpgp/openpgp.h index 4f9fa50684..eb9e3a73ed 100644 --- a/libextra/openpgp/openpgp.h +++ b/libextra/openpgp/openpgp.h @@ -28,8 +28,6 @@ typedef struct gnutls_openpgp_trustdb_int { cdk_stream_t st; } gnutls_openpgp_trustdb_int; -typedef struct gnutls_openpgp_key_int *gnutls_openpgp_key_t; -typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t; typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t; typedef struct gnutls_openpgp_trustdb_int *gnutls_openpgp_trustdb_t; |