diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-12-06 12:19:15 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-12-06 12:19:15 +0000 |
commit | a5e2cde71c2a41bf56d1c1b0f40a0868dfc1fd78 (patch) | |
tree | 8877c06bc88fea7d3190f432954eed1ce9be9899 | |
parent | 430e38e3aa7d2cf790e46c7227dc0c2ba984e250 (diff) | |
download | gnutls-a5e2cde71c2a41bf56d1c1b0f40a0868dfc1fd78.tar.gz |
cleanups again
-rw-r--r-- | doc/tex/ex1.tex | 4 | ||||
-rw-r--r-- | doc/tex/ex2.tex | 4 | ||||
-rw-r--r-- | doc/tex/serv1.tex | 4 | ||||
-rw-r--r-- | doc/tex/srp1.tex | 4 | ||||
-rw-r--r-- | lib/debug.c | 44 | ||||
-rw-r--r-- | lib/gnutls.h.in | 28 | ||||
-rw-r--r-- | lib/gnutls_algorithms.c | 86 | ||||
-rw-r--r-- | lib/gnutls_cipher.c | 4 | ||||
-rw-r--r-- | lib/gnutls_cipher_int.c | 12 | ||||
-rw-r--r-- | lib/gnutls_compress_int.c | 8 | ||||
-rw-r--r-- | lib/gnutls_constate.c | 8 | ||||
-rw-r--r-- | lib/gnutls_errors_int.h | 4 | ||||
-rw-r--r-- | lib/gnutls_hash_int.c | 8 | ||||
-rw-r--r-- | lib/gnutls_int.h | 28 | ||||
-rw-r--r-- | lib/gnutls_kx.c | 2 | ||||
-rw-r--r-- | lib/gnutls_record.c | 46 | ||||
-rw-r--r-- | lib/gnutls_v2_compat.c | 2 | ||||
-rw-r--r-- | src/cli.c | 8 | ||||
-rw-r--r-- | src/serv.c | 10 |
19 files changed, 155 insertions, 159 deletions
diff --git a/doc/tex/ex1.tex b/doc/tex/ex1.tex index 3ac9d3ebf1..08b82c0f5c 100644 --- a/doc/tex/ex1.tex +++ b/doc/tex/ex1.tex @@ -61,8 +61,8 @@ int main() } gnutls_init(&state, GNUTLS_CLIENT); gnutls_protocol_set_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0); - gnutls_cipher_set_priority(state, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0); - gnutls_compression_set_priority(state, GNUTLS_NULL_COMPRESSION, 0); + gnutls_cipher_set_priority(state, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0); + gnutls_compression_set_priority(state, GNUTLS_COMP_NULL, 0); gnutls_kx_set_priority(state, GNUTLS_KX_RSA, 0); gnutls_mac_set_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); diff --git a/doc/tex/ex2.tex b/doc/tex/ex2.tex index e136e0b19c..43f28b4eca 100644 --- a/doc/tex/ex2.tex +++ b/doc/tex/ex2.tex @@ -63,11 +63,11 @@ int main() /* allow only ARCFOUR and 3DES ciphers * (3DES has the highest priority) */ - gnutls_cipher_set_priority(state, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0); + gnutls_cipher_set_priority(state, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0); /* only allow null compression */ - gnutls_compression_set_priority(state, GNUTLS_NULL_COMPRESSION, 0); + gnutls_compression_set_priority(state, GNUTLS_COMP_NULL, 0); /* use GNUTLS_KX_RSA */ diff --git a/doc/tex/serv1.tex b/doc/tex/serv1.tex index 8a36d7a159..7b7effa8e4 100644 --- a/doc/tex/serv1.tex +++ b/doc/tex/serv1.tex @@ -45,8 +45,8 @@ GNUTLS_STATE initialize_state() if ((ret = gnutls_db_set_name(state, "gnutls-rsm.db")) < 0) fprintf(stderr, "*** DB error (%d)\n\n", ret); - gnutls_cipher_set_priority(state, GNUTLS_RIJNDAEL_CBC, GNUTLS_3DES_CBC, 0); - gnutls_compression_set_priority(state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0); + gnutls_cipher_set_priority(state, GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_CIPHER_3DES_CBC, 0); + gnutls_compression_set_priority(state, GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0); gnutls_kx_set_priority(state, GNUTLS_KX_RSA, GNUTLS_KX_SRP, 0); gnutls_protocol_set_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0); gnutls_mac_set_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); diff --git a/doc/tex/srp1.tex b/doc/tex/srp1.tex index cbbcf5d779..240f290313 100644 --- a/doc/tex/srp1.tex +++ b/doc/tex/srp1.tex @@ -60,11 +60,11 @@ int main() /* allow only ARCFOUR and 3DES ciphers * (3DES has the highest priority) */ - gnutls_cipher_set_priority(state, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0); + gnutls_cipher_set_priority(state, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0); /* only allow null compression */ - gnutls_compression_set_priority(state, GNUTLS_NULL_COMPRESSION, 0); + gnutls_compression_set_priority(state, GNUTLS_COMP_NULL, 0); /* use GNUTLS_KX_RSA */ diff --git a/lib/debug.c b/lib/debug.c index bcaccf7d6a..1b46a9eb47 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -74,73 +74,73 @@ char* _gnutls_alert2str( int alert) { static char str[512]; switch(alert) { - case GNUTLS_CLOSE_NOTIFY: + case GNUTLS_A_CLOSE_NOTIFY: strcpy(str, "Close Notify"); break; - case GNUTLS_UNEXPECTED_MESSAGE: + case GNUTLS_A_UNEXPECTED_MESSAGE: strcpy(str, "Unexpected message"); break; - case GNUTLS_BAD_RECORD_MAC: + case GNUTLS_A_BAD_RECORD_MAC: strcpy(str, "Bad record MAC"); break; - case GNUTLS_DECRYPTION_FAILED: + case GNUTLS_A_DECRYPTION_FAILED: strcpy(str, "Decryption Failed"); break; - case GNUTLS_RECORD_OVERFLOW: + case GNUTLS_A_RECORD_OVERFLOW: strcpy(str, "Record Overflow"); break; - case GNUTLS_DECOMPRESSION_FAILURE: + case GNUTLS_A_DECOMPRESSION_FAILURE: strcpy(str, "Decompression Failed"); break; - case GNUTLS_HANDSHAKE_FAILURE: + case GNUTLS_A_HANDSHAKE_FAILURE: strcpy(str, "Handshake failed"); break; - case GNUTLS_BAD_CERTIFICATE: + case GNUTLS_A_BAD_CERTIFICATE: strcpy(str, "Certificate is bad"); break; - case GNUTLS_UNSUPPORTED_CERTIFICATE: + case GNUTLS_A_UNSUPPORTED_CERTIFICATE: strcpy(str, "Certificate is not supported"); break; - case GNUTLS_CERTIFICATE_REVOKED: + case GNUTLS_A_CERTIFICATE_REVOKED: strcpy(str, "Certificate was revoked"); break; - case GNUTLS_CERTIFICATE_EXPIRED: + case GNUTLS_A_CERTIFICATE_EXPIRED: strcpy(str, "Certificate is expired"); break; - case GNUTLS_CERTIFICATE_UNKNOWN: + case GNUTLS_A_CERTIFICATE_UNKNOWN: strcpy(str, "Unknown Certificate"); break; - case GNUTLS_ILLEGAL_PARAMETER: + case GNUTLS_A_ILLEGAL_PARAMETER: strcpy(str, "Illegal Parameter"); break; - case GNUTLS_UNKNOWN_CA: + case GNUTLS_A_UNKNOWN_CA: strcpy(str, "CA is not known"); break; - case GNUTLS_ACCESS_DENIED: + case GNUTLS_A_ACCESS_DENIED: strcpy(str, "Access was denied"); break; - case GNUTLS_DECODE_ERROR: + case GNUTLS_A_DECODE_ERROR: strcpy(str, "Decode error"); break; - case GNUTLS_DECRYPT_ERROR: + case GNUTLS_A_DECRYPT_ERROR: strcpy(str, "Decrypt error"); break; - case GNUTLS_EXPORT_RESTRICTION: + case GNUTLS_A_EXPORT_RESTRICTION: strcpy(str, "Export Restriction"); break; - case GNUTLS_PROTOCOL_VERSION: + case GNUTLS_A_PROTOCOL_VERSION: strcpy(str, "Error in protocol version"); break; - case GNUTLS_INSUFFICIENT_SECURITY: + case GNUTLS_A_INSUFFICIENT_SECURITY: strcpy(str, "Insufficient Security"); break; - case GNUTLS_USER_CANCELED: + case GNUTLS_A_USER_CANCELED: strcpy(str, "User Canceled"); break; - case GNUTLS_NO_RENEGOTIATION: + case GNUTLS_A_NO_RENEGOTIATION: strcpy(str, "No renegotiation is allowed"); break; default: diff --git a/lib/gnutls.h.in b/lib/gnutls.h.in index e6f4f488f0..9bfc3d7bdc 100644 --- a/lib/gnutls.h.in +++ b/lib/gnutls.h.in @@ -32,23 +32,23 @@ extern "C" { #define GNUTLS_AES GNUTLS_RIJNDAEL -typedef enum BulkCipherAlgorithm { GNUTLS_NULL_CIPHER=1, GNUTLS_ARCFOUR, GNUTLS_3DES_CBC, GNUTLS_RIJNDAEL_CBC, GNUTLS_TWOFISH_CBC, GNUTLS_RIJNDAEL256_CBC } BulkCipherAlgorithm; +typedef enum BulkCipherAlgorithm { GNUTLS_CIPHER_NULL=1, GNUTLS_CIPHER_ARCFOUR, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_CIPHER_RIJNDAEL256_CBC } BulkCipherAlgorithm; typedef enum KXAlgorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DH_DSS, GNUTLS_KX_DH_RSA, GNUTLS_KX_DH_ANON, GNUTLS_KX_SRP } KXAlgorithm; typedef enum CredType { GNUTLS_X509PKI=1, GNUTLS_ANON, GNUTLS_SRP } CredType; -typedef enum MACAlgorithm { GNUTLS_NULL_MAC=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } MACAlgorithm; -typedef enum CompressionMethod { GNUTLS_NULL_COMPRESSION=1, GNUTLS_ZLIB } CompressionMethod; +typedef enum MACAlgorithm { GNUTLS_MAC_NULL=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } MACAlgorithm; +typedef enum CompressionMethod { GNUTLS_COMP_NULL=1, GNUTLS_COMP_ZLIB } CompressionMethod; typedef enum ConnectionEnd { GNUTLS_SERVER=1, GNUTLS_CLIENT } ConnectionEnd; -typedef enum AlertLevel { GNUTLS_WARNING=1, GNUTLS_FATAL } AlertLevel; -typedef enum AlertDescription { GNUTLS_CLOSE_NOTIFY, GNUTLS_UNEXPECTED_MESSAGE=10, GNUTLS_BAD_RECORD_MAC=20, - GNUTLS_DECRYPTION_FAILED, GNUTLS_RECORD_OVERFLOW, GNUTLS_DECOMPRESSION_FAILURE=30, - GNUTLS_HANDSHAKE_FAILURE=40, GNUTLS_NETSCAPE_NO_CLIENT_CERTIFICATE=41, - GNUTLS_BAD_CERTIFICATE=42, GNUTLS_UNSUPPORTED_CERTIFICATE, - GNUTLS_CERTIFICATE_REVOKED, GNUTLS_CERTIFICATE_EXPIRED, GNUTLS_CERTIFICATE_UNKNOWN, - GNUTLS_ILLEGAL_PARAMETER, GNUTLS_UNKNOWN_CA, GNUTLS_ACCESS_DENIED, GNUTLS_DECODE_ERROR=50, - GNUTLS_DECRYPT_ERROR, GNUTLS_EXPORT_RESTRICTION=60, GNUTLS_PROTOCOL_VERSION=70, - GNUTLS_INSUFFICIENT_SECURITY, GNUTLS_INTERNAL_ERROR=80, GNUTLS_USER_CANCELED=90, - GNUTLS_NO_RENEGOTIATION=100 - } AlertDescription; +typedef enum AlertLevel { GNUTLS_AL_WARNING=1, GNUTLS_AL_FATAL } AlertLevel; +typedef enum AlertDescription { GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTED_MESSAGE=10, GNUTLS_A_BAD_RECORD_MAC=20, + GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_RECORD_OVERFLOW, GNUTLS_A_DECOMPRESSION_FAILURE=30, + GNUTLS_A_HANDSHAKE_FAILURE=40, GNUTLS_A_NETSCAPE_NO_CLIENT_CERTIFICATE=41, + GNUTLS_A_BAD_CERTIFICATE=42, GNUTLS_A_UNSUPPORTED_CERTIFICATE, + GNUTLS_A_CERTIFICATE_REVOKED, GNUTLS_A_CERTIFICATE_EXPIRED, GNUTLS_A_CERTIFICATE_UNKNOWN, + GNUTLS_A_ILLEGAL_PARAMETER, GNUTLS_A_UNKNOWN_CA, GNUTLS_A_ACCESS_DENIED, GNUTLS_A_DECODE_ERROR=50, + GNUTLS_A_DECRYPT_ERROR, GNUTLS_A_EXPORT_RESTRICTION=60, GNUTLS_A_PROTOCOL_VERSION=70, + GNUTLS_A_INSUFFICIENT_SECURITY, GNUTLS_A_INTERNAL_ERROR=80, GNUTLS_A_USER_CANCELED=90, + GNUTLS_A_NO_RENEGOTIATION=100 +} AlertDescription; typedef enum GNUTLS_NAME_IND { GNUTLS_DNSNAME=1 } GNUTLS_NAME_IND; typedef enum CertificateStatus { GNUTLS_CERT_TRUSTED=1, GNUTLS_CERT_NOT_TRUSTED, GNUTLS_CERT_EXPIRED, GNUTLS_CERT_INVALID, GNUTLS_CERT_NONE } CertificateStatus; diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index f0768967fa..72f409e5b3 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -100,12 +100,12 @@ typedef struct gnutls_cipher_entry gnutls_cipher_entry; * protecting communications" by Hugo Krawczyk - CRYPTO 2001 */ static const gnutls_cipher_entry algorithms[] = { - GNUTLS_CIPHER_ENTRY(GNUTLS_3DES_CBC, 8, 24, CIPHER_BLOCK, 8), - GNUTLS_CIPHER_ENTRY(GNUTLS_RIJNDAEL_CBC, 16, 16, CIPHER_BLOCK, 16), - GNUTLS_CIPHER_ENTRY(GNUTLS_RIJNDAEL256_CBC, 16, 32, CIPHER_BLOCK, 16), - GNUTLS_CIPHER_ENTRY(GNUTLS_TWOFISH_CBC, 16, 16, CIPHER_BLOCK, 16), - GNUTLS_CIPHER_ENTRY(GNUTLS_ARCFOUR, 1, 16, CIPHER_STREAM, 0), - GNUTLS_CIPHER_ENTRY(GNUTLS_NULL_CIPHER, 1, 0, CIPHER_STREAM, 0), + GNUTLS_CIPHER_ENTRY(GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8), + GNUTLS_CIPHER_ENTRY(GNUTLS_CIPHER_RIJNDAEL_CBC, 16, 16, CIPHER_BLOCK, 16), + GNUTLS_CIPHER_ENTRY(GNUTLS_CIPHER_RIJNDAEL256_CBC, 16, 32, CIPHER_BLOCK, 16), + GNUTLS_CIPHER_ENTRY(GNUTLS_CIPHER_TWOFISH_CBC, 16, 16, CIPHER_BLOCK, 16), + GNUTLS_CIPHER_ENTRY(GNUTLS_CIPHER_ARCFOUR, 1, 16, CIPHER_STREAM, 0), + GNUTLS_CIPHER_ENTRY(GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0), {0} }; @@ -130,7 +130,7 @@ typedef struct gnutls_hash_entry gnutls_hash_entry; static const gnutls_hash_entry hash_algorithms[] = { GNUTLS_HASH_ENTRY(GNUTLS_MAC_SHA, 20), GNUTLS_HASH_ENTRY(GNUTLS_MAC_MD5, 16), - GNUTLS_HASH_ENTRY(GNUTLS_NULL_MAC, 0), + GNUTLS_HASH_ENTRY(GNUTLS_MAC_NULL, 0), {0} }; @@ -154,9 +154,9 @@ struct gnutls_compression_entry { typedef struct gnutls_compression_entry gnutls_compression_entry; static const gnutls_compression_entry compression_algorithms[] = { - GNUTLS_COMPRESSION_ENTRY(GNUTLS_NULL_COMPRESSION, 0), + GNUTLS_COMPRESSION_ENTRY(GNUTLS_COMP_NULL, 0), #ifdef HAVE_LIBZ - GNUTLS_COMPRESSION_ENTRY(GNUTLS_ZLIB, 224), + GNUTLS_COMPRESSION_ENTRY(GNUTLS_COMP_ZLIB, 224), #endif {0} }; @@ -273,119 +273,119 @@ typedef struct { static const gnutls_cipher_suite_entry cs_algorithms[] = { /* DH_anon */ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_anon_ARCFOUR_MD5, - GNUTLS_ARCFOUR, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DH_ANON, GNUTLS_MAC_MD5), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_anon_3DES_EDE_CBC_SHA, - GNUTLS_3DES_CBC, GNUTLS_KX_DH_ANON, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DH_ANON, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_anon_RIJNDAEL_128_CBC_SHA, - GNUTLS_RIJNDAEL_CBC, GNUTLS_KX_DH_ANON, + GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_KX_DH_ANON, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_anon_RIJNDAEL_256_CBC_SHA, - GNUTLS_RIJNDAEL256_CBC, GNUTLS_KX_DH_ANON, + GNUTLS_CIPHER_RIJNDAEL256_CBC, GNUTLS_KX_DH_ANON, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_anon_TWOFISH_128_CBC_SHA, - GNUTLS_TWOFISH_CBC, GNUTLS_KX_DH_ANON, + GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_KX_DH_ANON, GNUTLS_MAC_SHA), /* SRP */ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_ARCFOUR_SHA, - GNUTLS_ARCFOUR, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_SRP, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_ARCFOUR_MD5, - GNUTLS_ARCFOUR, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_SRP, GNUTLS_MAC_MD5), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_3DES_EDE_CBC_SHA, - GNUTLS_3DES_CBC, GNUTLS_KX_SRP, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_RIJNDAEL_128_CBC_SHA, - GNUTLS_RIJNDAEL_CBC, GNUTLS_KX_SRP, + GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_KX_SRP, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_RIJNDAEL_256_CBC_SHA, - GNUTLS_RIJNDAEL256_CBC, GNUTLS_KX_SRP, + GNUTLS_CIPHER_RIJNDAEL256_CBC, GNUTLS_KX_SRP, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_TWOFISH_128_CBC_SHA, - GNUTLS_TWOFISH_CBC, GNUTLS_KX_SRP, + GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_KX_SRP, GNUTLS_MAC_SHA), /* DH_DSS */ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_DSS_3DES_EDE_CBC_SHA, - GNUTLS_3DES_CBC, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DH_DSS, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_DSS_RIJNDAEL_128_CBC_SHA, - GNUTLS_RIJNDAEL_CBC, GNUTLS_KX_DH_DSS, + GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_KX_DH_DSS, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_DSS_RIJNDAEL_256_CBC_SHA, - GNUTLS_RIJNDAEL256_CBC, GNUTLS_KX_DH_DSS, + GNUTLS_CIPHER_RIJNDAEL256_CBC, GNUTLS_KX_DH_DSS, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_DSS_TWOFISH_128_CBC_SHA, - GNUTLS_TWOFISH_CBC, GNUTLS_KX_DH_DSS, + GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_KX_DH_DSS, GNUTLS_MAC_SHA), /* DH_RSA */ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_RSA_3DES_EDE_CBC_SHA, - GNUTLS_3DES_CBC, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DH_RSA, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_RSA_RIJNDAEL_128_CBC_SHA, - GNUTLS_RIJNDAEL_CBC, GNUTLS_KX_DH_RSA, + GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_KX_DH_RSA, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_RSA_RIJNDAEL_256_CBC_SHA, - GNUTLS_RIJNDAEL256_CBC, GNUTLS_KX_DH_RSA, + GNUTLS_CIPHER_RIJNDAEL256_CBC, GNUTLS_KX_DH_RSA, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_RSA_TWOFISH_128_CBC_SHA, - GNUTLS_TWOFISH_CBC, GNUTLS_KX_DH_RSA, + GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_KX_DH_RSA, GNUTLS_MAC_SHA), /* DHE_DSS */ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_TWOFISH_128_CBC_SHA, - GNUTLS_TWOFISH_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA, - GNUTLS_3DES_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_RIJNDAEL_128_CBC_SHA, - GNUTLS_RIJNDAEL_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_RIJNDAEL_256_CBC_SHA, - GNUTLS_RIJNDAEL256_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_CIPHER_RIJNDAEL256_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA), /* DHE_RSA */ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_TWOFISH_128_CBC_SHA, - GNUTLS_TWOFISH_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA, - GNUTLS_3DES_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_RIJNDAEL_128_CBC_SHA, - GNUTLS_RIJNDAEL_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_RIJNDAEL_256_CBC_SHA, - GNUTLS_RIJNDAEL256_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_CIPHER_RIJNDAEL256_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA), /* RSA */ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_NULL_MD5, - GNUTLS_NULL_CIPHER, + GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA, GNUTLS_MAC_MD5), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_ARCFOUR_SHA, - GNUTLS_ARCFOUR, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_ARCFOUR_MD5, - GNUTLS_ARCFOUR, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA, GNUTLS_MAC_MD5), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_3DES_EDE_CBC_SHA, - GNUTLS_3DES_CBC, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_RIJNDAEL_128_CBC_SHA, - GNUTLS_RIJNDAEL_CBC, GNUTLS_KX_RSA, + GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_RIJNDAEL_256_CBC_SHA, - GNUTLS_RIJNDAEL256_CBC, GNUTLS_KX_RSA, + GNUTLS_CIPHER_RIJNDAEL256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_TWOFISH_128_CBC_SHA, - GNUTLS_TWOFISH_CBC, GNUTLS_KX_RSA, + GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA), {0} diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 030aa1d4c9..6f3ad10719 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -153,7 +153,7 @@ int _gnutls_compressed2TLSCiphertext(GNUTLS_STATE state, write_mac_secret.size); } if (td == GNUTLS_MAC_FAILED - && state->security_parameters.write_mac_algorithm != GNUTLS_NULL_MAC) { + && state->security_parameters.write_mac_algorithm != GNUTLS_MAC_NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_MAC_ALGORITHM; } @@ -286,7 +286,7 @@ int _gnutls_ciphertext2TLSCompressed(GNUTLS_STATE state, } if (td == GNUTLS_MAC_FAILED - && state->security_parameters.read_mac_algorithm != GNUTLS_NULL_MAC) { + && state->security_parameters.read_mac_algorithm != GNUTLS_MAC_NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_MAC_ALGORITHM; } diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c index 8ac55a0921..5249e48b31 100644 --- a/lib/gnutls_cipher_int.c +++ b/lib/gnutls_cipher_int.c @@ -28,38 +28,38 @@ GNUTLS_CIPHER_HANDLE gnutls_cipher_init( BulkCipherAlgorithm cipher, gnutls_datu GNUTLS_CIPHER_HANDLE ret; switch (cipher) { - case GNUTLS_NULL_CIPHER: + case GNUTLS_CIPHER_NULL: ret = GNUTLS_CIPHER_FAILED; break; - case GNUTLS_RIJNDAEL_CBC: + case GNUTLS_CIPHER_RIJNDAEL_CBC: #ifdef USE_MCRYPT ret = mcrypt_module_open( "rijndael-128", NULL, "cbc", NULL); #else ret = gcry_cipher_open(GCRY_CIPHER_RIJNDAEL, GCRY_CIPHER_MODE_CBC, 0); #endif break; - case GNUTLS_RIJNDAEL256_CBC: + case GNUTLS_CIPHER_RIJNDAEL256_CBC: #ifdef USE_MCRYPT ret = mcrypt_module_open( "rijndael-128", NULL, "cbc", NULL); #else ret = gcry_cipher_open(GCRY_CIPHER_RIJNDAEL256, GCRY_CIPHER_MODE_CBC, 0); #endif break; - case GNUTLS_TWOFISH_CBC: + case GNUTLS_CIPHER_TWOFISH_CBC: #ifdef USE_MCRYPT ret = mcrypt_module_open( "twofish", NULL, "cbc", NULL); #else ret = gcry_cipher_open(GCRY_CIPHER_TWOFISH, GCRY_CIPHER_MODE_CBC, 0); #endif break; - case GNUTLS_3DES_CBC: + case GNUTLS_CIPHER_3DES_CBC: #ifdef USE_MCRYPT ret = mcrypt_module_open( "tripledes", NULL, "cbc", NULL); #else ret = gcry_cipher_open(GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0); #endif break; - case GNUTLS_ARCFOUR: + case GNUTLS_CIPHER_ARCFOUR: #ifdef USE_MCRYPT ret = mcrypt_module_open( "arcfour", NULL, "stream", NULL); #else diff --git a/lib/gnutls_compress_int.c b/lib/gnutls_compress_int.c index 8eea99f6d2..489ef4f275 100644 --- a/lib/gnutls_compress_int.c +++ b/lib/gnutls_compress_int.c @@ -35,13 +35,13 @@ uLongf size; int err; switch (algorithm) { - case GNUTLS_NULL_COMPRESSION: + case GNUTLS_COMP_NULL: *compressed = gnutls_malloc(plain_size); memcpy(*compressed, plain, plain_size); compressed_size = plain_size; break; #ifdef HAVE_LIBZ - case GNUTLS_ZLIB: + case GNUTLS_COMP_ZLIB: size = (plain_size*1.2)+12; *compressed=NULL; do { @@ -77,7 +77,7 @@ uLongf size; if (compressed_size > MAX_COMP_SIZE) return GNUTLS_E_DECOMPRESSION_FAILED; switch (algorithm) { - case GNUTLS_NULL_COMPRESSION: + case GNUTLS_COMP_NULL: *plain = gnutls_malloc(compressed_size); if (*plain==NULL) { gnutls_assert(); @@ -88,7 +88,7 @@ uLongf size; plain_size = compressed_size; break; #ifdef HAVE_LIBZ - case GNUTLS_ZLIB: + case GNUTLS_COMP_ZLIB: *plain = NULL; size = compressed_size; do { diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index 9f72f76ad5..e118420e08 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -284,7 +284,7 @@ int rc; if (state->connection_state.read_cipher_state == GNUTLS_CIPHER_FAILED && state->security_parameters.read_bulk_cipher_algorithm != - GNUTLS_NULL_CIPHER) { + GNUTLS_CIPHER_NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_CIPHER; } @@ -313,7 +313,7 @@ int rc; if (state->connection_state.read_cipher_state == GNUTLS_CIPHER_FAILED && state->security_parameters.read_bulk_cipher_algorithm != - GNUTLS_NULL_CIPHER) { + GNUTLS_CIPHER_NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_CIPHER; } @@ -428,7 +428,7 @@ int rc; state->cipher_specs.server_write_IV); if (state->connection_state.write_cipher_state == GNUTLS_CIPHER_FAILED - && state->security_parameters.write_bulk_cipher_algorithm != GNUTLS_NULL_CIPHER) { + && state->security_parameters.write_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_CIPHER; } @@ -456,7 +456,7 @@ int rc; if (state->connection_state.write_cipher_state == GNUTLS_CIPHER_FAILED && state->security_parameters.write_bulk_cipher_algorithm != - GNUTLS_NULL_CIPHER) { + GNUTLS_CIPHER_NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_CIPHER; } diff --git a/lib/gnutls_errors_int.h b/lib/gnutls_errors_int.h index cd3758e4ea..ee9ea32697 100644 --- a/lib/gnutls_errors_int.h +++ b/lib/gnutls_errors_int.h @@ -9,8 +9,8 @@ #define GNUTLS_E_UNKNOWN_ERROR -5 #define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6 #define GNUTLS_E_LARGE_PACKET -7 -#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 -#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 +#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */ +#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */ #define GNUTLS_E_INVALID_SESSION -10 #define GNUTLS_E_UNABLE_SEND_DATA -11 #define GNUTLS_E_FATAL_ALERT_RECEIVED -12 diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index dacfdc2d00..097fc9c469 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -32,7 +32,7 @@ GNUTLS_MAC_HANDLE gnutls_hash_init(MACAlgorithm algorithm) GNUTLS_MAC_HANDLE ret; switch (algorithm) { - case GNUTLS_NULL_MAC: + case GNUTLS_MAC_NULL: ret = GNUTLS_HASH_FAILED; break; case GNUTLS_MAC_SHA: @@ -73,7 +73,7 @@ int gnutls_hash_get_algo_len(MACAlgorithm algorithm) int ret; switch (algorithm) { - case GNUTLS_NULL_MAC: + case GNUTLS_MAC_NULL: ret = 0; break; case GNUTLS_MAC_SHA: @@ -136,7 +136,7 @@ GNUTLS_MAC_HANDLE gnutls_hmac_init(MACAlgorithm algorithm, void *key, GNUTLS_MAC_HANDLE ret; switch (algorithm) { - case GNUTLS_NULL_MAC: + case GNUTLS_MAC_NULL: ret = GNUTLS_MAC_FAILED; break; case GNUTLS_MAC_SHA: @@ -184,7 +184,7 @@ int gnutls_hmac_get_algo_len(MACAlgorithm algorithm) int ret; switch (algorithm) { - case GNUTLS_NULL_MAC: + case GNUTLS_MAC_NULL: ret = 0; break; case GNUTLS_MAC_SHA: diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 3674a5ae1c..85eee4870d 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -98,17 +98,17 @@ typedef struct { opaque pint[3]; } uint24; typedef enum crypt_algo { SRPSHA1_CRYPT, BLOWFISH_CRYPT=2 } crypt_algo; typedef enum ChangeCipherSpecType { GNUTLS_TYPE_CHANGE_CIPHER_SPEC=1 } ChangeCipherSpecType; -typedef enum AlertLevel { GNUTLS_WARNING=1, GNUTLS_FATAL } AlertLevel; -typedef enum AlertDescription { GNUTLS_CLOSE_NOTIFY, GNUTLS_UNEXPECTED_MESSAGE=10, GNUTLS_BAD_RECORD_MAC=20, - GNUTLS_DECRYPTION_FAILED, GNUTLS_RECORD_OVERFLOW, GNUTLS_DECOMPRESSION_FAILURE=30, - GNUTLS_HANDSHAKE_FAILURE=40, GNUTLS_NETSCAPE_NO_CLIENT_CERTIFICATE=41, - GNUTLS_BAD_CERTIFICATE=42, GNUTLS_UNSUPPORTED_CERTIFICATE, - GNUTLS_CERTIFICATE_REVOKED, GNUTLS_CERTIFICATE_EXPIRED, GNUTLS_CERTIFICATE_UNKNOWN, - GNUTLS_ILLEGAL_PARAMETER, GNUTLS_UNKNOWN_CA, GNUTLS_ACCESS_DENIED, GNUTLS_DECODE_ERROR=50, - GNUTLS_DECRYPT_ERROR, GNUTLS_EXPORT_RESTRICTION=60, GNUTLS_PROTOCOL_VERSION=70, - GNUTLS_INSUFFICIENT_SECURITY, GNUTLS_INTERNAL_ERROR=80, GNUTLS_USER_CANCELED=90, - GNUTLS_NO_RENEGOTIATION=100 - } AlertDescription; +typedef enum AlertLevel { GNUTLS_AL_WARNING=1, GNUTLS_AL_FATAL } AlertLevel; +typedef enum AlertDescription { GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTED_MESSAGE=10, GNUTLS_A_BAD_RECORD_MAC=20, + GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_RECORD_OVERFLOW, GNUTLS_A_DECOMPRESSION_FAILURE=30, + GNUTLS_A_HANDSHAKE_FAILURE=40, GNUTLS_A_NETSCAPE_NO_CLIENT_CERTIFICATE=41, + GNUTLS_A_BAD_CERTIFICATE=42, GNUTLS_A_UNSUPPORTED_CERTIFICATE, + GNUTLS_A_CERTIFICATE_REVOKED, GNUTLS_A_CERTIFICATE_EXPIRED, GNUTLS_A_CERTIFICATE_UNKNOWN, + GNUTLS_A_ILLEGAL_PARAMETER, GNUTLS_A_UNKNOWN_CA, GNUTLS_A_ACCESS_DENIED, GNUTLS_A_DECODE_ERROR=50, + GNUTLS_A_DECRYPT_ERROR, GNUTLS_A_EXPORT_RESTRICTION=60, GNUTLS_A_PROTOCOL_VERSION=70, + GNUTLS_A_INSUFFICIENT_SECURITY, GNUTLS_A_INTERNAL_ERROR=80, GNUTLS_A_USER_CANCELED=90, + GNUTLS_A_NO_RENEGOTIATION=100 +} AlertDescription; typedef enum CertificateStatus { GNUTLS_CERT_TRUSTED=1, GNUTLS_CERT_NOT_TRUSTED, GNUTLS_CERT_EXPIRED, GNUTLS_CERT_INVALID, GNUTLS_CERT_NONE } CertificateStatus; typedef enum CertificateRequest { GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } CertificateRequest; typedef enum CloseRequest { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } CloseRequest; @@ -140,13 +140,13 @@ typedef struct { /* STATE */ typedef enum ConnectionEnd { GNUTLS_SERVER=1, GNUTLS_CLIENT } ConnectionEnd; -typedef enum BulkCipherAlgorithm { GNUTLS_NULL_CIPHER=1, GNUTLS_ARCFOUR, GNUTLS_3DES_CBC, GNUTLS_RIJNDAEL_CBC, GNUTLS_TWOFISH_CBC, GNUTLS_RIJNDAEL256_CBC } BulkCipherAlgorithm; +typedef enum BulkCipherAlgorithm { GNUTLS_CIPHER_NULL=1, GNUTLS_CIPHER_ARCFOUR, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_CIPHER_RIJNDAEL256_CBC } BulkCipherAlgorithm; typedef enum Extensions { GNUTLS_EXTENSION_DNSNAME=0, GNUTLS_EXTENSION_MAX_RECORD_SIZE=1, GNUTLS_EXTENSION_SRP=6 } Extensions; typedef enum KXAlgorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DH_DSS, GNUTLS_KX_DH_RSA, GNUTLS_KX_DH_ANON, GNUTLS_KX_SRP } KXAlgorithm; typedef enum CredType { GNUTLS_X509PKI=1, GNUTLS_ANON, GNUTLS_SRP } CredType; typedef enum CipherType { CIPHER_STREAM, CIPHER_BLOCK } CipherType; -typedef enum MACAlgorithm { GNUTLS_NULL_MAC=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } MACAlgorithm; -typedef enum CompressionMethod { GNUTLS_NULL_COMPRESSION=1, GNUTLS_ZLIB } CompressionMethod; +typedef enum MACAlgorithm { GNUTLS_MAC_NULL=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } MACAlgorithm; +typedef enum CompressionMethod { GNUTLS_COMP_NULL=1, GNUTLS_COMP_ZLIB } CompressionMethod; typedef enum ValidSession { VALID_TRUE, VALID_FALSE } ValidSession; typedef enum ResumableSession { RESUME_TRUE, RESUME_FALSE } ResumableSession; diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index aad059fcb8..f52e3cf1b7 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -532,7 +532,7 @@ int _gnutls_recv_client_certificate( GNUTLS_STATE state) if (ret < 0) { if (optional == OPTIONAL_PACKET && ret==GNUTLS_E_WARNING_ALERT_RECEIVED && - gnutls_get_last_alert(state)==GNUTLS_NETSCAPE_NO_CLIENT_CERTIFICATE) { + gnutls_get_last_alert(state)==GNUTLS_A_NETSCAPE_NO_CLIENT_CERTIFICATE) { /* netscape does not send an empty certificate, * but this alert. So we just ignore it. diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index fd2e046bad..3bfddc0328 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -106,13 +106,13 @@ int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end) /* Set the defaults for initial handshake */ (*state)->security_parameters.read_bulk_cipher_algorithm = - (*state)->security_parameters.write_bulk_cipher_algorithm = GNUTLS_NULL_CIPHER; + (*state)->security_parameters.write_bulk_cipher_algorithm = GNUTLS_CIPHER_NULL; (*state)->security_parameters.read_mac_algorithm = - (*state)->security_parameters.write_mac_algorithm = GNUTLS_NULL_MAC; + (*state)->security_parameters.write_mac_algorithm = GNUTLS_MAC_NULL; - (*state)->security_parameters.read_compression_algorithm = GNUTLS_NULL_COMPRESSION; - (*state)->security_parameters.write_compression_algorithm = GNUTLS_NULL_COMPRESSION; + (*state)->security_parameters.read_compression_algorithm = GNUTLS_COMP_NULL; + (*state)->security_parameters.write_compression_algorithm = GNUTLS_COMP_NULL; (*state)->gnutls_internals.resumable = RESUME_TRUE; @@ -429,31 +429,36 @@ int gnutls_send_appropriate_alert( GNUTLS_STATE state, int err) { int ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; switch (err) { /* send appropriate alert */ case GNUTLS_E_MAC_FAILED: - ret = gnutls_send_alert( state, GNUTLS_FATAL, GNUTLS_BAD_RECORD_MAC); + ret = gnutls_send_alert( state, GNUTLS_AL_FATAL, GNUTLS_A_BAD_RECORD_MAC); break; case GNUTLS_E_DECRYPTION_FAILED: - ret = gnutls_send_alert( state, GNUTLS_FATAL, GNUTLS_DECRYPTION_FAILED); + ret = gnutls_send_alert( state, GNUTLS_AL_FATAL, GNUTLS_A_DECRYPTION_FAILED); break; case GNUTLS_E_DECOMPRESSION_FAILED: - ret = gnutls_send_alert( state, GNUTLS_FATAL, GNUTLS_DECOMPRESSION_FAILURE); + ret = gnutls_send_alert( state, GNUTLS_AL_FATAL, GNUTLS_A_DECOMPRESSION_FAILURE); break; case GNUTLS_E_ILLEGAL_PARAMETER: - ret = gnutls_send_alert( state, GNUTLS_FATAL, GNUTLS_ILLEGAL_PARAMETER); + ret = gnutls_send_alert( state, GNUTLS_AL_FATAL, GNUTLS_A_ILLEGAL_PARAMETER); break; case GNUTLS_E_ASN1_PARSING_ERROR: case GNUTLS_E_NO_CERTIFICATE_FOUND: - ret = gnutls_send_alert( state, GNUTLS_FATAL, GNUTLS_BAD_CERTIFICATE); + ret = gnutls_send_alert( state, GNUTLS_AL_FATAL, GNUTLS_A_BAD_CERTIFICATE); break; case GNUTLS_E_UNKNOWN_CIPHER_SUITE: - ret = gnutls_send_alert( state, GNUTLS_FATAL, GNUTLS_HANDSHAKE_FAILURE); + ret = gnutls_send_alert( state, GNUTLS_AL_FATAL, GNUTLS_A_HANDSHAKE_FAILURE); break; case GNUTLS_E_UNEXPECTED_PACKET: - ret = gnutls_send_alert( state, GNUTLS_FATAL, GNUTLS_UNEXPECTED_MESSAGE); + ret = gnutls_send_alert( state, GNUTLS_AL_FATAL, GNUTLS_A_UNEXPECTED_MESSAGE); break; case GNUTLS_E_REHANDSHAKE: - ret = gnutls_send_alert( state, GNUTLS_WARNING, GNUTLS_NO_RENEGOTIATION); + ret = gnutls_send_alert( state, GNUTLS_AL_WARNING, GNUTLS_A_NO_RENEGOTIATION); break; - + case GNUTLS_E_UNSUPPORTED_VERSION_PACKET: + ret = gnutls_send_alert( state, GNUTLS_AL_WARNING, GNUTLS_A_PROTOCOL_VERSION); + break; + case GNUTLS_E_UNEXPECTED_PACKET_LENGTH: + ret = gnutls_send_alert( state, GNUTLS_AL_FATAL, GNUTLS_A_RECORD_OVERFLOW); + break; } return ret; } @@ -488,7 +493,7 @@ int gnutls_bye( GNUTLS_STATE state, CloseRequest how) if (STATE==STATE60) { ret = _gnutls_write_flush( state); } else { - ret = gnutls_send_alert( state, GNUTLS_WARNING, GNUTLS_CLOSE_NOTIFY); + ret = gnutls_send_alert( state, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY); STATE = STATE60; } @@ -551,7 +556,6 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty lver = _gnutls_version_lowest(state); if (lver==GNUTLS_VERSION_UNKNOWN) { gnutls_assert(); - return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; } } else { /* send the current */ lver = gnutls_protocol_get_version( state); @@ -790,13 +794,6 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty # ifdef RECORD_DEBUG _gnutls_log( "Record: INVALID VERSION PACKET: (%d/%d) %d.%d\n", headers[0], htype, headers[1], headers[2]); # endif - if (type!=GNUTLS_ALERT) { - /* some browsers return garbage, when - * we send them a close notify. - * silently ignore that. - */ - gnutls_send_alert( state, GNUTLS_FATAL, GNUTLS_PROTOCOL_VERSION); - } state->gnutls_internals.resumable = RESUME_FALSE; return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; } @@ -813,7 +810,6 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty #ifdef RECORD_DEBUG _gnutls_log( "Record: FATAL ERROR: Received packet with length: %d\n", length); #endif - gnutls_send_alert( state, GNUTLS_FATAL, GNUTLS_RECORD_OVERFLOW); state->gnutls_internals.valid_connection = VALID_FALSE; state->gnutls_internals.resumable = RESUME_FALSE; gnutls_assert(); @@ -891,7 +887,7 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty /* if close notify is received and * the alert is not fatal */ - if (tmpdata[1] == GNUTLS_CLOSE_NOTIFY && tmpdata[0] != GNUTLS_FATAL) { + if (tmpdata[1] == GNUTLS_A_CLOSE_NOTIFY && tmpdata[0] != GNUTLS_AL_FATAL) { /* If we have been expecting for an alert do * not call close(). */ @@ -908,7 +904,7 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty */ ret = GNUTLS_E_WARNING_ALERT_RECEIVED; - if (tmpdata[0] == GNUTLS_FATAL) { + if (tmpdata[0] == GNUTLS_AL_FATAL) { state->gnutls_internals.valid_connection = VALID_FALSE; state->gnutls_internals.resumable = RESUME_FALSE; diff --git a/lib/gnutls_v2_compat.c b/lib/gnutls_v2_compat.c index e585e799c6..7bb91ed9ce 100644 --- a/lib/gnutls_v2_compat.c +++ b/lib/gnutls_v2_compat.c @@ -249,7 +249,7 @@ int _gnutls_read_client_hello_v2(GNUTLS_STATE state, opaque * data, state->gnutls_internals.resumed = RESUME_FALSE; } - state->gnutls_internals.compression_method = GNUTLS_NULL_COMPRESSION; + state->gnutls_internals.compression_method = GNUTLS_COMP_NULL; return 0; } @@ -223,8 +223,8 @@ int main(int argc, char** argv) gnutls_init(&state, GNUTLS_CLIENT); gnutls_protocol_set_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0); - gnutls_cipher_set_priority( state, GNUTLS_3DES_CBC, GNUTLS_RIJNDAEL_CBC, 0); - gnutls_compression_set_priority( state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0); + gnutls_cipher_set_priority( state, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_RIJNDAEL_CBC, 0); + gnutls_compression_set_priority( state, GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0); gnutls_kx_set_priority( state, GNUTLS_KX_DHE_RSA, GNUTLS_KX_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0); gnutls_mac_set_priority( state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); @@ -286,8 +286,8 @@ int main(int argc, char** argv) gnutls_init(&state, GNUTLS_CLIENT); gnutls_protocol_set_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0); - gnutls_cipher_set_priority( state, GNUTLS_3DES_CBC, GNUTLS_RIJNDAEL_CBC, 0); - gnutls_compression_set_priority( state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0); + gnutls_cipher_set_priority( state, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_RIJNDAEL_CBC, 0); + gnutls_compression_set_priority( state, GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0); gnutls_kx_set_priority( state, GNUTLS_KX_DHE_RSA, GNUTLS_KX_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0); gnutls_mac_set_priority( state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); diff --git a/src/serv.c b/src/serv.c index 9f45819873..97ca3de30f 100644 --- a/src/serv.c +++ b/src/serv.c @@ -83,9 +83,9 @@ GNUTLS_STATE initialize_state() /* null cipher is here only for debuging * purposes. */ - gnutls_cipher_set_priority(state, GNUTLS_NULL_CIPHER, - GNUTLS_RIJNDAEL_CBC, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0); - gnutls_compression_set_priority(state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0); + gnutls_cipher_set_priority(state, GNUTLS_CIPHER_NULL, + GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0); + gnutls_compression_set_priority(state, GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0); gnutls_kx_set_priority(state, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0); gnutls_protocol_set_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0); @@ -317,7 +317,7 @@ int read_request( GNUTLS_STATE state, char *data, int data_size, int rnl) void check_alert( GNUTLS_STATE state, int ret) { if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { ret = gnutls_get_last_alert(state); - if (ret == GNUTLS_NO_RENEGOTIATION) + if (ret == GNUTLS_A_NO_RENEGOTIATION) printf("* Received NO_RENEGOTIATION alert. Client Does not support renegotiation.\n"); else printf("* Received alert '%d'.\n", ret); @@ -474,7 +474,7 @@ int main(int argc, char **argv) ret = gnutls_rehandshake( state); } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); - if (gnutls_get_last_alert(state)!=GNUTLS_NO_RENEGOTIATION) { + if (gnutls_get_last_alert(state)!=GNUTLS_A_NO_RENEGOTIATION) { printf("* Requesting rehandshake.\n"); /* continue handshake proccess */ do { |