diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-05-07 08:27:54 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-05-07 08:27:54 +0000 |
commit | 132aec6a41f3b3e7eea73db83063b61b58043384 (patch) | |
tree | e2f3d704227f1c2ee6074f5bc9a7eb7ef413c8b3 | |
parent | 85cac3c065e43c503ca65ece913e02e72243b00e (diff) | |
download | gnutls-132aec6a41f3b3e7eea73db83063b61b58043384.tar.gz |
gnutls_get_kx_cred() now returns err value. set_kx_cred() now accepts size.
-rw-r--r-- | doc/API | 3 | ||||
-rw-r--r-- | lib/auth_srp.c | 4 | ||||
-rw-r--r-- | lib/auth_srp_passwd.c | 7 | ||||
-rw-r--r-- | lib/ext_srp.c | 2 | ||||
-rw-r--r-- | lib/gnutls_auth.c | 26 | ||||
-rw-r--r-- | lib/gnutls_auth_int.h | 4 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 5 |
7 files changed, 36 insertions, 15 deletions
@@ -93,11 +93,12 @@ void gnutls_set_cipher_priority( GNUTLS_STATE state, int num, ...); not use that except for disabling algorithms that were not specified. -int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred); +int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred, int cred_size); Sets the needed credentials for the specified (in kx) authentication algorithm. Eg username, password - or public and private keys etc. The (void* cred) parameter is a structure that depends on the specified kx algorithm and on the current state (client or server). + cred_size is the size of the structure. In GNUTLS_KX_ANON cred should be NULL. diff --git a/lib/auth_srp.c b/lib/auth_srp.c index 5c667b1ac3..40c6eb1eda 100644 --- a/lib/auth_srp.c +++ b/lib/auth_srp.c @@ -195,7 +195,7 @@ int gen_srp_client_kx0(GNUTLS_KEY key, opaque ** data) char *username; char *password; SRP_CLIENT_CREDENTIALS *cred = - _gnutls_get_kx_cred(key, GNUTLS_KX_SRP); + _gnutls_get_kx_cred(key, GNUTLS_KX_SRP, NULL); if (cred == NULL) return GNUTLS_E_INSUFICIENT_CRED; @@ -240,7 +240,7 @@ int proc_srp_server_kx(GNUTLS_KEY key, opaque * data, int data_size) char *username; char *password; SRP_CLIENT_CREDENTIALS *cred = - _gnutls_get_kx_cred(key, GNUTLS_KX_SRP); + _gnutls_get_kx_cred(key, GNUTLS_KX_SRP, NULL); if (cred == NULL) return GNUTLS_E_INSUFICIENT_CRED; diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c index e60b6f0c84..26a960b2b7 100644 --- a/lib/auth_srp_passwd.c +++ b/lib/auth_srp_passwd.c @@ -152,7 +152,12 @@ GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( GNUTLS_KEY key, char* username int i; GNUTLS_SRP_PWD_ENTRY * entry = gnutls_malloc(sizeof(GNUTLS_SRP_PWD_ENTRY)); - cred = _gnutls_get_kx_cred( key, GNUTLS_KX_SRP); + cred = _gnutls_get_kx_cred( key, GNUTLS_KX_SRP, NULL); + if (cred==NULL) { + gnutls_assert(); + gnutls_free(entry); + return NULL; + } fd = fopen( cred->password_file, "r"); if (fd==NULL) { diff --git a/lib/ext_srp.c b/lib/ext_srp.c index 3b5222bcc0..37d9ed6ef7 100644 --- a/lib/ext_srp.c +++ b/lib/ext_srp.c @@ -40,7 +40,7 @@ int _gnutls_srp_recv_params( GNUTLS_STATE state, const opaque* data, int data_si int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data) { /* this function sends the client extension data (username) */ if (state->security_parameters.entity == GNUTLS_CLIENT) { - SRP_CLIENT_CREDENTIALS* cred = _gnutls_get_kx_cred( state->gnutls_key, GNUTLS_KX_SRP); + SRP_CLIENT_CREDENTIALS* cred = _gnutls_get_kx_cred( state->gnutls_key, GNUTLS_KX_SRP, NULL); (*data) = NULL; diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c index 87e178bff0..1a345faa21 100644 --- a/lib/gnutls_auth.c +++ b/lib/gnutls_auth.c @@ -36,6 +36,7 @@ int gnutls_clear_creds( GNUTLS_STATE state) { ccred = state->gnutls_key->cred; while(ccred!=NULL) { ncred = ccred->next; + if (ccred->credentials!=NULL) gnutls_free(ccred->credentials); if (ccred!=NULL) gnutls_free(ccred); ccred = ncred; } @@ -49,7 +50,7 @@ int gnutls_clear_creds( GNUTLS_STATE state) { * This creates a linked list of the form: * { algorithm, credentials, pointer to next } */ -int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred) { +int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred, int cred_size) { AUTH_CRED * ccred, *pcred; int exists=0; @@ -58,7 +59,10 @@ int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred) { state->gnutls_key->cred = gnutls_malloc(sizeof(AUTH_CRED)); if (state->gnutls_key->cred == NULL) return GNUTLS_E_MEMORY_ERROR; - state->gnutls_key->cred->credentials = cred; + /* copy credentials localy */ + state->gnutls_key->cred->credentials = gnutls_malloc(cred_size); + memcpy( state->gnutls_key->cred->credentials, cred, cred_size); + state->gnutls_key->cred->next = NULL; state->gnutls_key->cred->algorithm = kx; } else { @@ -77,11 +81,17 @@ int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred) { if (pcred->next == NULL) return GNUTLS_E_MEMORY_ERROR; ccred = pcred->next; - ccred->credentials = cred; + + /* copy credentials localy */ + ccred->credentials = gnutls_malloc(cred_size); + memcpy( ccred->credentials, cred, cred_size); + ccred->next = NULL; ccred->algorithm = kx; } else { /* modify existing entry */ - ccred->credentials = cred; + gnutls_free(ccred->credentials); + ccred->credentials = gnutls_malloc(cred_size); + memcpy( ccred->credentials, cred, cred_size); } } @@ -92,7 +102,7 @@ int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred) { * This returns an pointer to the linked list. Don't * free that!!! */ -void *_gnutls_get_kx_cred( GNUTLS_KEY key, int kx) { +void *_gnutls_get_kx_cred( GNUTLS_KEY key, int kx, int *err) { AUTH_CRED * ccred; ccred = key->cred; @@ -102,7 +112,11 @@ void *_gnutls_get_kx_cred( GNUTLS_KEY key, int kx) { } ccred = ccred->next; } - if (ccred==NULL) return NULL; + if (ccred==NULL) { + if (err!=NULL) *err=-1; + return NULL; + } + if (err!=NULL) *err=0; return ccred->credentials; } diff --git a/lib/gnutls_auth_int.h b/lib/gnutls_auth_int.h index b852118fe2..6a3b8610a7 100644 --- a/lib/gnutls_auth_int.h +++ b/lib/gnutls_auth_int.h @@ -1,4 +1,4 @@ int gnutls_clear_creds( GNUTLS_STATE state); -int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred); -void *_gnutls_get_kx_cred( GNUTLS_KEY key, int kx); +int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred, int cred_size); +void *_gnutls_get_kx_cred( GNUTLS_KEY key, int kx, int* err); diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index ca56dde37d..ae8f74141d 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -638,6 +638,7 @@ int _gnutls_recv_hello(int cd, GNUTLS_STATE state, char *data, int datalen) time_t cur_time; char* rand; int len = datalen; + int err; if (state->security_parameters.entity == GNUTLS_CLIENT) { if (datalen < 38) { @@ -720,7 +721,7 @@ int _gnutls_recv_hello(int cd, GNUTLS_STATE state, char *data, int datalen) /* check if the credentials (username, public key etc. are ok - actually check if they exist) */ - if ( _gnutls_get_kx_cred( state->gnutls_key, _gnutls_cipher_suite_get_kx_algo( state->gnutls_internals.current_cipher_suite)) == NULL) { + if ( _gnutls_get_kx_cred( state->gnutls_key, _gnutls_cipher_suite_get_kx_algo( state->gnutls_internals.current_cipher_suite), &err) == NULL && err!=0) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; } @@ -845,7 +846,7 @@ int _gnutls_recv_hello(int cd, GNUTLS_STATE state, char *data, int datalen) /* check if the credentials (username, public key etc. are ok) */ - if ( _gnutls_get_kx_cred( state->gnutls_key, _gnutls_cipher_suite_get_kx_algo( state->gnutls_internals.current_cipher_suite)) == NULL) { + if ( _gnutls_get_kx_cred( state->gnutls_key, _gnutls_cipher_suite_get_kx_algo( state->gnutls_internals.current_cipher_suite), &err) == NULL && err!=0) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; } |