diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/auth_anon.c | 16 | ||||
| -rw-r--r-- | lib/auth_dhe_rsa.c | 8 | ||||
| -rw-r--r-- | lib/gnutls.h.in.in | 5 | ||||
| -rw-r--r-- | lib/gnutls_anon_cred.c | 24 | ||||
| -rw-r--r-- | lib/gnutls_dh.c | 7 | ||||
| -rw-r--r-- | lib/gnutls_dh.h | 4 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 7 | ||||
| -rw-r--r-- | lib/gnutls_int_compat.c | 10 | ||||
| -rw-r--r-- | lib/gnutls_record.c | 3 | ||||
| -rw-r--r-- | lib/gnutls_ui.c | 75 | ||||
| -rw-r--r-- | lib/gnutls_ui.h | 4 |
11 files changed, 77 insertions, 86 deletions
diff --git a/lib/auth_anon.c b/lib/auth_anon.c index ff5e21740d..cda1f4d78f 100644 --- a/lib/auth_anon.c +++ b/lib/auth_anon.c @@ -72,14 +72,8 @@ int gen_anon_server_kx( GNUTLS_STATE state, opaque** data) { uint8 *data_p; uint8 *data_g; uint8 *data_X; - const GNUTLS_ANON_SERVER_CREDENTIALS cred; - cred = _gnutls_get_cred( state->gnutls_key, GNUTLS_ANON, NULL); - if (cred==NULL) { - bits = DEFAULT_BITS; /* default */ - } else { - bits = cred->dh_bits; - } + bits = _gnutls_dh_get_bits( state); g = gnutls_get_dh_params(&p, bits); if (g==NULL || p==NULL) { @@ -265,14 +259,8 @@ int proc_anon_client_kx( GNUTLS_STATE state, opaque* data, int data_size) { size_t _n_Y; MPI g, p; int bits, ret; - const GNUTLS_ANON_SERVER_CREDENTIALS cred; - cred = _gnutls_get_cred( state->gnutls_key, GNUTLS_ANON, NULL); - if (cred==NULL) { - bits = DEFAULT_BITS; /* default */ - } else { - bits = cred->dh_bits; - } + bits = _gnutls_dh_get_bits( state); DECR_LEN( data_size, 2); n_Y = READuint16( &data[0]); diff --git a/lib/auth_dhe_rsa.c b/lib/auth_dhe_rsa.c index 23fd18938a..520ac7e6f8 100644 --- a/lib/auth_dhe_rsa.c +++ b/lib/auth_dhe_rsa.c @@ -69,9 +69,7 @@ static int gen_dhe_rsa_server_kx(GNUTLS_STATE state, opaque ** data) gnutls_datum signature, ddata; X509PKI_AUTH_INFO info; - bits = state->gnutls_internals.dhe_bits; - if (bits < MIN_BITS) - bits = DEFAULT_BITS; /* default */ + bits = _gnutls_dh_get_bits( state); /* find the appropriate certificate */ if ((ret = @@ -361,9 +359,7 @@ static int proc_dhe_rsa_client_kx(GNUTLS_STATE state, opaque * data, MPI g, p; int bits, ret; - bits = state->gnutls_internals.dhe_bits; - if (bits < MIN_BITS) - bits = DEFAULT_BITS; /* default */ + bits = _gnutls_dh_get_bits( state); DECR_LEN( data_size, 2); n_Y = READuint16(&data[0]); diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index e7df75c9e5..9590db553a 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -205,10 +205,11 @@ int gnutls_anon_set_client_cred( GNUTLS_ANON_SERVER_CREDENTIALS res, int dh_bits */ void gnutls_x509pki_free_sc( GNUTLS_X509PKI_CREDENTIALS sc); int gnutls_x509pki_allocate_sc( GNUTLS_X509PKI_CREDENTIALS *sc, int ncerts); -int gnutls_x509pki_set_key_file( GNUTLS_X509PKI_CREDENTIALS res, char *CERTFILE, char* KEYFILE); -int gnutls_x509pki_set_trust_file( GNUTLS_X509PKI_CREDENTIALS res, char* CAFILE, char* CRLFILE); +int gnutls_x509pki_set_trust_file( GNUTLS_X509PKI_CREDENTIALS res, char* CAFILE, char* CRLFILE); int gnutls_x509pki_set_trust_mem(GNUTLS_X509PKI_CREDENTIALS res, const gnutls_datum *CA, const gnutls_datum *CRL); + +int gnutls_x509pki_set_key_file( GNUTLS_X509PKI_CREDENTIALS res, char *CERTFILE, char* KEYFILE); int gnutls_x509pki_set_key_mem(GNUTLS_X509PKI_CREDENTIALS res, const gnutls_datum* CERT, const gnutls_datum* KEY); #define gnutls_x509pki_free_server_sc gnutls_x509pki_free_sc diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c index f74f96f0b7..189b203689 100644 --- a/lib/gnutls_anon_cred.c +++ b/lib/gnutls_anon_cred.c @@ -26,6 +26,8 @@ #include "gnutls_num.h" #include "gnutls_gcry.h" +const static int anon_tmp; + /** * gnutls_anon_free_server_sc - Used to free an allocated GNUTLS_ANON_SERVER_CREDENTIALS structure * @sc: is an &GNUTLS_ANON_SERVER_CREDENTIALS structure. @@ -35,7 +37,7 @@ * the structure. **/ void gnutls_anon_free_server_sc( GNUTLS_ANON_SERVER_CREDENTIALS sc) { - gnutls_free(sc); + return; } /** @@ -47,26 +49,10 @@ void gnutls_anon_free_server_sc( GNUTLS_ANON_SERVER_CREDENTIALS sc) { * the structure. **/ int gnutls_anon_allocate_server_sc( GNUTLS_ANON_SERVER_CREDENTIALS *sc) { - *sc = gnutls_malloc(sizeof( ANON_SERVER_CREDENTIALS_INT)); - - if (*sc==NULL) return GNUTLS_E_MEMORY_ERROR; + *sc = &anon_tmp; return 0; } -/** - * gnutls_anon_set_server_cred - Used to set the number of bits to use in DH, in a GNUTLS_ANON_SERVER_CREDENTIALS structure - * @res: is an &GNUTLS_ANON_SERVER_CREDENTIALS structure. - * @dh_bits: is the number of bits in DH key exchange - * - * Used to set the number of bits to use in an anonymous Diffie-Hellman, - * key exchange. - * - **/ - -int gnutls_anon_set_server_cred( GNUTLS_ANON_SERVER_CREDENTIALS res, int dh_bits) { - res->dh_bits = dh_bits; - return 0; -} /** * gnutls_anon_free_client_sc - Used to free an allocated GNUTLS_ANON_CLIENT_CREDENTIALS structure @@ -80,7 +66,6 @@ void gnutls_anon_free_client_sc( GNUTLS_ANON_CLIENT_CREDENTIALS sc) { return; } -const static int anon_tmp; /** * gnutls_allocate_anon_client_sc - Used to allocate an GNUTLS_ANON_CLIENT CREDENTIALS structure @@ -96,6 +81,5 @@ int gnutls_anon_allocate_client_sc( GNUTLS_ANON_CLIENT_CREDENTIALS *sc) { */ *sc = (void*) &anon_tmp; - if (*sc==NULL) return GNUTLS_E_MEMORY_ERROR; return 0; } diff --git a/lib/gnutls_dh.c b/lib/gnutls_dh.c index c4f66a3308..001e68b354 100644 --- a/lib/gnutls_dh.c +++ b/lib/gnutls_dh.c @@ -96,3 +96,10 @@ MPI gnutls_calc_dh_key(MPI f, MPI x, MPI prime) gcry_mpi_powm(k, f, x, prime); return k; } + +/* returns the bits the user requested for DH key exchange. + */ +int _gnutls_dh_get_bits(GNUTLS_STATE state) +{ + return state->gnutls_internals.dh_bits; +} diff --git a/lib/gnutls_dh.h b/lib/gnutls_dh.h index 50a3d5dc2a..6b871743a4 100644 --- a/lib/gnutls_dh.h +++ b/lib/gnutls_dh.h @@ -25,5 +25,5 @@ int _gnutls_dh_generate_prime(MPI *ret_g, MPI* ret_n, int bits); void _gnutls_dh_clear_mpis(void); int _gnutls_dh_calc_mpis(void); - -#define DEFAULT_BITS 1024 +int _gnutls_dh_get_bits( GNUTLS_STATE); +void gnutls_dh_set_bits( GNUTLS_STATE state, int bits); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index ef86412e0e..d1d8e58abe 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -500,8 +500,11 @@ typedef struct { x509pki_client_cert_callback_func* client_cert_callback; x509pki_server_cert_callback_func* server_cert_callback; - /* how may bits to use for DHE? */ - int dhe_bits; + /* bits to use for DHE and DHA + * use _gnutls_dh_get_bits() and gnutls_dh_set_bits() + * to access it. + */ + int dh_bits; int max_handshake_data_buffer_size; diff --git a/lib/gnutls_int_compat.c b/lib/gnutls_int_compat.c index 825df05de2..e095895e96 100644 --- a/lib/gnutls_int_compat.c +++ b/lib/gnutls_int_compat.c @@ -4,6 +4,10 @@ * with previous versions. */ +int gnutls_anon_set_server_cred( GNUTLS_ANON_SERVER_CREDENTIALS res, int dh_bits) { + return 0; +} + /* used in 0.3.x */ int gnutls_check_pending( GNUTLS_STATE state) { return gnutls_record_check_pending( state); @@ -11,17 +15,17 @@ int gnutls_check_pending( GNUTLS_STATE state) { /* used in 0.3.x */ void gnutls_x509pki_set_dh_bits(GNUTLS_STATE state, int bits) { - gnutls_dh_set_dhe_bits( state, bits); + gnutls_dh_set_bits( state, bits); } /* used in 0.3.x */ int gnutls_anon_server_get_dh_bits(GNUTLS_STATE state) { - return gnutls_dh_get_dha_bits( state); + return gnutls_dh_get_bits( state); } /* used in 0.3.x */ int gnutls_anon_client_get_dh_bits(GNUTLS_STATE state) { - return gnutls_dh_get_dha_bits( state); + return gnutls_dh_get_bits( state); } diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index ec658d195f..15b080f478 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -36,6 +36,7 @@ #include "gnutls_datum.h" #include "ext_max_record.h" #include <gnutls_alert.h> +#include <gnutls_dh.h> /** * gnutls_protocol_get_version - Returns the version of the currently used protocol @@ -142,6 +143,8 @@ int default_protocol_list[] = { GNUTLS_TLS1, 0 }; (*state)->gnutls_internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */ + gnutls_dh_set_bits( (*state), MIN_BITS); + gnutls_transport_set_lowat((*state), DEFAULT_LOWAT); /* the default for tcp */ gnutls_handshake_set_max_data_buffer_size( (*state), MAX_HANDSHAKE_DATA_BUFFER_SIZE); diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index 5ade2f25c3..94a68678b1 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -55,23 +55,52 @@ const char *gnutls_srp_server_get_username(GNUTLS_STATE state) /* ANON */ /** - * gnutls_dh_get_dha_bits - This function returns the bits used in anonymous DH authentication + * gnutls_dh_set_bits - Used to set the bits for a DH ciphersuite + * @state: is a &GNUTLS_STATE structure. + * @bits: is the number of bits + * + * This function sets the number of bits, for use in an + * Diffie Hellman key exchange. This is used both in DHE and + * DH anonymous cipher suites. + * + **/ +void gnutls_dh_set_bits(GNUTLS_STATE state, int bits) +{ + state->gnutls_internals.dh_bits = bits; +} + +/** + * gnutls_dh_get_bits - This function returns the bits used in DH authentication * @state: is a gnutls state * - * This function will return the bits used in the anonymous Diffie Hellman authentication + * This function will return the bits used in the last Diffie Hellman authentication * with the peer. Returns a negative value in case of an error. * **/ -int gnutls_dh_get_dha_bits(GNUTLS_STATE state) +int gnutls_dh_get_bits(GNUTLS_STATE state) { - ANON_SERVER_AUTH_INFO info; - - CHECK_AUTH(GNUTLS_ANON, GNUTLS_E_INVALID_REQUEST); - - info = _gnutls_get_auth_info(state); - if (info == NULL) - return GNUTLS_E_UNKNOWN_ERROR; - return info->dh_bits; + switch( gnutls_auth_get_type( state)) { + case GNUTLS_ANON: { + ANON_SERVER_AUTH_INFO info; + + info = _gnutls_get_auth_info(state); + if (info == NULL) + return GNUTLS_E_UNKNOWN_ERROR; + return info->dh_bits; + } + case GNUTLS_X509PKI: { + X509PKI_AUTH_INFO info; + + info = _gnutls_get_auth_info(state); + if (info == NULL) + return GNUTLS_E_UNKNOWN_ERROR; + + return info->dh_bits; + } + default: + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } } /* X509PKI */ @@ -103,30 +132,6 @@ const gnutls_datum *gnutls_x509pki_get_peer_certificate_list(GNUTLS_STATE state, /** - * gnutls_dh_get_dhe_bits - This function returns the number of bits used in a DHE handshake - * @state: is a gnutls state - * - * This function will return the number of bits used in a Diffie Hellman Handshake. This will only - * occur in case of DHE_* ciphersuites. The return value may be zero if no applicable ciphersuite was - * used. - * Returns a negative value in case of an error. - * - **/ -int gnutls_dh_get_dhe_bits(GNUTLS_STATE state) -{ - X509PKI_AUTH_INFO info; - - CHECK_AUTH(GNUTLS_X509PKI, GNUTLS_E_INVALID_REQUEST); - - info = _gnutls_get_auth_info(state); - if (info == NULL) - return GNUTLS_E_UNKNOWN_ERROR; - return info->dh_bits; -} - - - -/** * gnutls_x509pki_get_certificate_request_status - This function returns the certificate request status * @state: is a gnutls state * diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h index d1c1cef3c2..6a38a188f7 100644 --- a/lib/gnutls_ui.h +++ b/lib/gnutls_ui.h @@ -55,8 +55,8 @@ const char* gnutls_srp_server_get_username( GNUTLS_STATE state); int gnutls_dh_get_dha_bits( GNUTLS_STATE state); -void gnutls_dh_set_dhe_bits( GNUTLS_STATE state, int bits); -int gnutls_dh_get_dhe_bits( GNUTLS_STATE); +void gnutls_dh_set_bits( GNUTLS_STATE state, int bits); +int gnutls_dh_get_bits( GNUTLS_STATE); /* X509PKI */ |