gnutls_get_kx_cred() now returns err value. set_kx_cred() now accepts size.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2001-05-07 08:27:54 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2001-05-07 08:27:54 +0000
commit: 132aec6a41f3b3e7eea73db83063b61b58043384 (patch)
tree: e2f3d704227f1c2ee6074f5bc9a7eb7ef413c8b3
parent: 85cac3c065e43c503ca65ece913e02e72243b00e (diff)
download: gnutls-132aec6a41f3b3e7eea73db83063b61b58043384.tar.gz
7 files changed, 36 insertions, 15 deletions
diff --git a/doc/API b/doc/API
index 3b7c1a0ad9..7d108a7c05 100644
--- a/doc/API
+++ b/doc/API
@@ -93,11 +93,12 @@ void gnutls_set_cipher_priority( GNUTLS_STATE state, int num, ...);
 	not use that except for disabling algorithms that were not
 	specified.
 
-int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred);
+int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred, int cred_size);
 	Sets the needed credentials for the specified (in kx) authentication
 	algorithm. Eg username, password - or public and private keys etc.
 	The (void* cred) parameter is a structure that depends on the
 	specified kx algorithm and on the current state (client or server).
+	cred_size is the size of the structure.
 
 	In GNUTLS_KX_ANON cred should be NULL.
 
diff --git a/lib/auth_srp.c b/lib/auth_srp.c
index 5c667b1ac3..40c6eb1eda 100644
--- a/lib/auth_srp.c
+++ b/lib/auth_srp.c
@@ -195,7 +195,7 @@ int gen_srp_client_kx0(GNUTLS_KEY key, opaque ** data)
 	char *username;
 	char *password;
 	SRP_CLIENT_CREDENTIALS *cred =
-	    _gnutls_get_kx_cred(key, GNUTLS_KX_SRP);
+	    _gnutls_get_kx_cred(key, GNUTLS_KX_SRP, NULL);
 
 	if (cred == NULL)
 		return GNUTLS_E_INSUFICIENT_CRED;
@@ -240,7 +240,7 @@ int proc_srp_server_kx(GNUTLS_KEY key, opaque * data, int data_size)
 	char *username;
 	char *password;
 	SRP_CLIENT_CREDENTIALS *cred =
-	    _gnutls_get_kx_cred(key, GNUTLS_KX_SRP);
+	    _gnutls_get_kx_cred(key, GNUTLS_KX_SRP, NULL);
 
 	if (cred == NULL)
 		return GNUTLS_E_INSUFICIENT_CRED;
diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c
index e60b6f0c84..26a960b2b7 100644
--- a/lib/auth_srp_passwd.c
+++ b/lib/auth_srp_passwd.c
@@ -152,7 +152,12 @@ GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( GNUTLS_KEY key, char* username
 	int i;
 	GNUTLS_SRP_PWD_ENTRY * entry = gnutls_malloc(sizeof(GNUTLS_SRP_PWD_ENTRY));
 	
-	cred = _gnutls_get_kx_cred( key, GNUTLS_KX_SRP);
+	cred = _gnutls_get_kx_cred( key, GNUTLS_KX_SRP, NULL);
+	if (cred==NULL) {
+		gnutls_assert();
+		gnutls_free(entry);
+		return NULL;
+	}
 
 	fd = fopen( cred->password_file, "r");
 	if (fd==NULL) {
diff --git a/lib/ext_srp.c b/lib/ext_srp.c
index 3b5222bcc0..37d9ed6ef7 100644
--- a/lib/ext_srp.c
+++ b/lib/ext_srp.c
@@ -40,7 +40,7 @@ int _gnutls_srp_recv_params( GNUTLS_STATE state, const opaque* data, int data_si
 int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data) {
 	/* this function sends the client extension data (username) */
 	if (state->security_parameters.entity == GNUTLS_CLIENT) {
-		SRP_CLIENT_CREDENTIALS* cred = _gnutls_get_kx_cred( state->gnutls_key, GNUTLS_KX_SRP);
+		SRP_CLIENT_CREDENTIALS* cred = _gnutls_get_kx_cred( state->gnutls_key, GNUTLS_KX_SRP, NULL);
 
 		(*data) = NULL;
 
diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c
index 87e178bff0..1a345faa21 100644
--- a/lib/gnutls_auth.c
+++ b/lib/gnutls_auth.c
@@ -36,6 +36,7 @@ int gnutls_clear_creds( GNUTLS_STATE state) {
 		ccred = state->gnutls_key->cred;
 		while(ccred!=NULL) {
 			ncred = ccred->next;
+			if (ccred->credentials!=NULL) gnutls_free(ccred->credentials);
 			if (ccred!=NULL) gnutls_free(ccred);
 			ccred = ncred;
 		}
@@ -49,7 +50,7 @@ int gnutls_clear_creds( GNUTLS_STATE state) {
  * This creates a linked list of the form:
  * { algorithm, credentials, pointer to next }
  */
-int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred) {
+int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred, int cred_size) {
 	AUTH_CRED * ccred, *pcred;
 	int exists=0;	
 	
@@ -58,7 +59,10 @@ int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred) {
 		state->gnutls_key->cred = gnutls_malloc(sizeof(AUTH_CRED));
 		if (state->gnutls_key->cred == NULL) return GNUTLS_E_MEMORY_ERROR;
 		
-		state->gnutls_key->cred->credentials = cred;
+		/* copy credentials localy */
+		state->gnutls_key->cred->credentials = gnutls_malloc(cred_size);
+		memcpy( state->gnutls_key->cred->credentials, cred, cred_size);
+		
 		state->gnutls_key->cred->next = NULL;
 		state->gnutls_key->cred->algorithm = kx;
 	} else {
@@ -77,11 +81,17 @@ int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred) {
 			if (pcred->next == NULL) return GNUTLS_E_MEMORY_ERROR;
 		
 			ccred = pcred->next;
-			ccred->credentials = cred;
+
+			/* copy credentials localy */
+			ccred->credentials = gnutls_malloc(cred_size);
+			memcpy( ccred->credentials, cred, cred_size);
+
 			ccred->next = NULL;
 			ccred->algorithm = kx;
 		} else { /* modify existing entry */
-			ccred->credentials = cred;
+			gnutls_free(ccred->credentials);
+			ccred->credentials = gnutls_malloc(cred_size);
+			memcpy( ccred->credentials, cred, cred_size);
 		}
 	}
 
@@ -92,7 +102,7 @@ int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred) {
  * This returns an pointer to the linked list. Don't
  * free that!!!
  */
-void *_gnutls_get_kx_cred( GNUTLS_KEY key, int kx) {
+void *_gnutls_get_kx_cred( GNUTLS_KEY key, int kx, int *err) {
 	AUTH_CRED * ccred;
 	
 	ccred = key->cred;
@@ -102,7 +112,11 @@ void *_gnutls_get_kx_cred( GNUTLS_KEY key, int kx) {
 		}
 		ccred = ccred->next;
 	}
-	if (ccred==NULL) return NULL;
+	if (ccred==NULL) {
+		if (err!=NULL) *err=-1;
+		return NULL;
+	}
 			
+	if (err!=NULL) *err=0;
 	return ccred->credentials;
 }
diff --git a/lib/gnutls_auth_int.h b/lib/gnutls_auth_int.h
index b852118fe2..6a3b8610a7 100644
--- a/lib/gnutls_auth_int.h
+++ b/lib/gnutls_auth_int.h
@@ -1,4 +1,4 @@
 int gnutls_clear_creds( GNUTLS_STATE state);
-int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred);
-void *_gnutls_get_kx_cred( GNUTLS_KEY key, int kx);
+int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred, int cred_size);
+void *_gnutls_get_kx_cred( GNUTLS_KEY key, int kx, int* err);
 
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index ca56dde37d..ae8f74141d 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -638,6 +638,7 @@ int _gnutls_recv_hello(int cd, GNUTLS_STATE state, char *data, int datalen)
 	time_t cur_time;
 	char* rand;
 	int len = datalen;
+	int err;
 	
 	if (state->security_parameters.entity == GNUTLS_CLIENT) {
 		if (datalen < 38) {
@@ -720,7 +721,7 @@ int _gnutls_recv_hello(int cd, GNUTLS_STATE state, char *data, int datalen)
 
 		/* check if the credentials (username, public key etc. are ok - actually check if they exist)
 		 */
-		if ( _gnutls_get_kx_cred( state->gnutls_key, _gnutls_cipher_suite_get_kx_algo( state->gnutls_internals.current_cipher_suite)) == NULL) {
+		if ( _gnutls_get_kx_cred( state->gnutls_key, _gnutls_cipher_suite_get_kx_algo( state->gnutls_internals.current_cipher_suite), &err) == NULL && err!=0) {
 			gnutls_assert();
 			return GNUTLS_E_INSUFICIENT_CRED;
 		}
@@ -845,7 +846,7 @@ int _gnutls_recv_hello(int cd, GNUTLS_STATE state, char *data, int datalen)
 
 		/* check if the credentials (username, public key etc. are ok)
 		 */
-		if ( _gnutls_get_kx_cred( state->gnutls_key, _gnutls_cipher_suite_get_kx_algo( state->gnutls_internals.current_cipher_suite)) == NULL) {
+		if ( _gnutls_get_kx_cred( state->gnutls_key, _gnutls_cipher_suite_get_kx_algo( state->gnutls_internals.current_cipher_suite), &err) == NULL && err!=0) {
 			gnutls_assert();
 			return GNUTLS_E_INSUFICIENT_CRED;
 		}
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2001-05-07 08:27:54 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2001-05-07 08:27:54 +0000
commit	132aec6a41f3b3e7eea73db83063b61b58043384 (patch)
tree	e2f3d704227f1c2ee6074f5bc9a7eb7ef413c8b3
parent	85cac3c065e43c503ca65ece913e02e72243b00e (diff)
download	gnutls-132aec6a41f3b3e7eea73db83063b61b58043384.tar.gz