diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-03-21 20:25:19 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-03-21 20:25:19 +0000 |
commit | c7e43cae600f042aa6450ba713cb35b2e7aa6289 (patch) | |
tree | b7c785288b74e3ad092920e49f902a118cdd8eec | |
parent | 38759710112896ba006f9764e275a6c98ab1cc03 (diff) | |
download | gnutls-c7e43cae600f042aa6450ba713cb35b2e7aa6289.tar.gz |
Added hooks not to include SRP and Anonymous authentication
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | acconfig.h | 2 | ||||
-rw-r--r-- | configure.in | 24 | ||||
-rw-r--r-- | lib/auth_anon.c | 17 | ||||
-rw-r--r-- | lib/auth_srp.c | 4 | ||||
-rw-r--r-- | lib/auth_srp.h | 4 | ||||
-rw-r--r-- | lib/auth_srp_passwd.c | 5 | ||||
-rw-r--r-- | lib/auth_srp_passwd.h | 4 | ||||
-rw-r--r-- | lib/auth_srp_sb64.c | 4 | ||||
-rw-r--r-- | lib/crypt.c | 5 | ||||
-rw-r--r-- | lib/crypt_bcrypt.c | 5 | ||||
-rw-r--r-- | lib/crypt_srpsha1.c | 5 | ||||
-rw-r--r-- | lib/ext_srp.c | 5 | ||||
-rw-r--r-- | lib/ext_srp.h | 4 | ||||
-rw-r--r-- | lib/gnutls_algorithms.c | 4 | ||||
-rw-r--r-- | lib/gnutls_anon_cred.c | 5 | ||||
-rw-r--r-- | lib/gnutls_auth.c | 15 | ||||
-rw-r--r-- | lib/gnutls_extensions.c | 2 | ||||
-rw-r--r-- | lib/gnutls_session_pack.c | 4 | ||||
-rw-r--r-- | lib/gnutls_srp.c | 5 | ||||
-rw-r--r-- | lib/gnutls_srp.h | 4 | ||||
-rw-r--r-- | lib/gnutls_ui.c | 6 | ||||
-rw-r--r-- | src/serv.c | 2 |
23 files changed, 125 insertions, 16 deletions
@@ -1,3 +1,9 @@ +2002-03-21 19:27 nmav <nmav@gnutls.org> + + * ChangeLog, NEWS, lib/gnutls_record.c, lib/gnutls_state.c: + + CBC protection support is disabled by default. + 2002-03-20 18:13 nmav <nmav@gnutls.org> * lib/: gnutls_algorithms.c, gnutls_cipher.c, diff --git a/acconfig.h b/acconfig.h index 7bff0536a1..85d9065685 100644 --- a/acconfig.h +++ b/acconfig.h @@ -35,3 +35,5 @@ #undef DEFINE_SIZE_T +#undef ENABLE_SRP +#undef ENABLE_ANON diff --git a/configure.in b/configure.in index cfe31dd6f1..f6411d5e17 100644 --- a/configure.in +++ b/configure.in @@ -247,6 +247,30 @@ else AC_MSG_RESULT() fi +AC_MSG_CHECKING([whether to disable SRP authentication support]) +AC_ARG_ENABLE( srp, [ --disable-srp-authentication disable the SRP authentication support], + ac_enable_srp=no +) +if test x$ac_enable_srp != xno; then + AC_MSG_RESULT(no) + AC_DEFINE(ENABLE_SRP) +else + AC_MSG_RESULT(yes) +fi + +AC_MSG_CHECKING([whether to disable anonymous authentication support]) +AC_ARG_ENABLE( srp, [ --disable-anon-authentication disable the anonymous authentication support], + ac_enable_anon=no +) +if test x$ac_enable_anon != xno; then + AC_MSG_RESULT(no) + AC_DEFINE(ENABLE_ANON) +else + AC_MSG_RESULT(yes) +fi + + + diff --git a/lib/auth_anon.c b/lib/auth_anon.c index 20ca8c8b67..d343ec129a 100644 --- a/lib/auth_anon.c +++ b/lib/auth_anon.c @@ -19,6 +19,9 @@ */ #include "gnutls_int.h" + +#ifdef ENABLE_ANON + #include "gnutls_auth_int.h" #include "gnutls_errors.h" #include "gnutls_dh.h" @@ -53,19 +56,6 @@ MOD_AUTH_STRUCT anon_auth_struct = { NULL }; -/* this function will copy an MPI key to - * opaque data. - */ -int _gnutls_generate_key(GNUTLS_KEY key) { - _gnutls_mpi_print( NULL, &key->key.size, key->KEY); - key->key.data = gnutls_secure_malloc( key->key.size); - if ( key->key.data==NULL) { - return GNUTLS_E_MEMORY_ERROR; - } - _gnutls_mpi_print( key->key.data, &key->key.size, key->KEY); - return 0; -} - int gen_anon_server_kx( GNUTLS_STATE state, opaque** data) { MPI x, X, g, p; int bits, ret; @@ -340,3 +330,4 @@ int proc_anon_client_kx( GNUTLS_STATE state, opaque* data, int data_size) { return 0; } +#endif /* ENABLE_ANON */ diff --git a/lib/auth_srp.c b/lib/auth_srp.c index f8e5b444fd..eb8e217f55 100644 --- a/lib/auth_srp.c +++ b/lib/auth_srp.c @@ -19,6 +19,9 @@ */ #include "gnutls_int.h" + +#ifdef ENABLE_SRP + #include "gnutls_errors.h" #include "auth_srp_passwd.h" #include "gnutls_auth.h" @@ -441,3 +444,4 @@ int proc_srp_server_kx2(GNUTLS_STATE state, opaque * data, int data_size) return 0; } +#endif /* ENABLE_SRP */ diff --git a/lib/auth_srp.h b/lib/auth_srp.h index f7d776f0cf..951ca62857 100644 --- a/lib/auth_srp.h +++ b/lib/auth_srp.h @@ -1,5 +1,7 @@ #include <gnutls_auth.h> +#ifdef ENABLE_SRP + typedef struct { char* username; char* password; @@ -24,3 +26,5 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size int gen_srp_server_hello(GNUTLS_STATE state, opaque ** data); typedef struct SRP_SERVER_AUTH_INFO_INT SRP_SERVER_AUTH_INFO_INT; + +#endif /* ENABLE_SRP */ diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c index aca241f079..97fe1ce207 100644 --- a/lib/auth_srp_passwd.c +++ b/lib/auth_srp_passwd.c @@ -21,6 +21,9 @@ /* Functions for operating in an SRP passwd file are included here */ #include "gnutls_int.h" + +#ifdef ENABLE_SRP + #include "x509_b64.h" #include "gnutls_errors.h" #include "auth_srp_passwd.h" @@ -427,3 +430,5 @@ int _gnutls_srp_generate_prime(opaque ** ret_g, opaque ** ret_n, int bits) return 0; } + +#endif /* ENABLE SRP */ diff --git a/lib/auth_srp_passwd.h b/lib/auth_srp_passwd.h index d54846b2ac..6207265542 100644 --- a/lib/auth_srp_passwd.h +++ b/lib/auth_srp_passwd.h @@ -1,3 +1,5 @@ +#ifdef ENABLE_SRP + typedef struct { char* username; int algorithm; @@ -16,3 +18,5 @@ void _gnutls_srp_clear_pwd_entry( GNUTLS_SRP_PWD_ENTRY * entry); GNUTLS_SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry(void); int _gnutls_sbase64_encode(uint8 * data, int data_size, uint8 ** result); int _gnutls_sbase64_decode(uint8 * data, int data_size, uint8 ** result); + +#endif /* ENABLE_SRP */ diff --git a/lib/auth_srp_sb64.c b/lib/auth_srp_sb64.c index d7be368f30..3876ed5a6a 100644 --- a/lib/auth_srp_sb64.c +++ b/lib/auth_srp_sb64.c @@ -20,6 +20,8 @@ #include "gnutls_int.h" +#ifdef ENABLE_SRP + /* this a modified base64 for srp !!! * It seems that everybody makes it's own base64 convertion. */ @@ -304,3 +306,5 @@ int main() } #endif + +#endif /* ENABLE_SRP */ diff --git a/lib/crypt.c b/lib/crypt.c index f7030e0d8b..9e4c00c03b 100644 --- a/lib/crypt.c +++ b/lib/crypt.c @@ -19,6 +19,9 @@ */ #include "gnutls_int.h" + +#ifdef ENABLE_SRP + #include "crypt_bcrypt.h" #include "crypt_srpsha1.h" #include "gnutls_random.h" @@ -56,3 +59,5 @@ int gnutls_crypt_vrfy(const char* username, const char *passwd, char* salt, MPI } return 1; } + +#endif diff --git a/lib/crypt_bcrypt.c b/lib/crypt_bcrypt.c index 53d3202f3e..a9c9aa8fa3 100644 --- a/lib/crypt_bcrypt.c +++ b/lib/crypt_bcrypt.c @@ -35,6 +35,9 @@ */ #include "gnutls_int.h" + +#ifdef ENABLE_SRP + #include "crypt_bcrypt.h" #include "gnutls_random.h" #include "auth_srp_passwd.h" @@ -766,3 +769,5 @@ int _gnutls_calc_srp_bcrypt(const char* username, const char *passwd, opaque * s memcpy( digest, text, BCRYPT_SIZE); return 0; } + +#endif /* ENABLE_SRP */ diff --git a/lib/crypt_srpsha1.c b/lib/crypt_srpsha1.c index 7c81637d9b..08b07c1cd7 100644 --- a/lib/crypt_srpsha1.c +++ b/lib/crypt_srpsha1.c @@ -19,6 +19,9 @@ */ #include "gnutls_int.h" + +#ifdef ENABLE_SRP + #include "gnutls_random.h" #include "gnutls_hash_int.h" #include "auth_srp_passwd.h" @@ -168,3 +171,5 @@ char *crypt_srpsha1_wrapper(const char *username, const char *pass_new, return e; } + +#endif diff --git a/lib/ext_srp.c b/lib/ext_srp.c index e2ea404c28..92d9c6e635 100644 --- a/lib/ext_srp.c +++ b/lib/ext_srp.c @@ -19,6 +19,9 @@ */ #include "gnutls_int.h" + +#ifdef ENABLE_SRP + #include "gnutls_auth_int.h" #include "auth_srp.h" #include "gnutls_errors.h" @@ -104,3 +107,5 @@ int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data) { } return 0; } + +#endif /* ENABLE_SRP */ diff --git a/lib/ext_srp.h b/lib/ext_srp.h index 43a0b2ed9c..d0fc3d40f1 100644 --- a/lib/ext_srp.h +++ b/lib/ext_srp.h @@ -1,2 +1,6 @@ +#ifdef ENABLE_SRP + int _gnutls_srp_recv_params( GNUTLS_STATE state, const opaque* data, int data_size); int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data); + +#endif diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index c232d73f94..2934833e7c 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -174,11 +174,15 @@ extern MOD_AUTH_STRUCT anon_auth_struct; extern MOD_AUTH_STRUCT srp_auth_struct; static const gnutls_kx_algo_entry kx_algorithms[] = { +#ifdef ENABLE_ANON { "Anon DH", GNUTLS_KX_ANON_DH, &anon_auth_struct }, +#endif { "RSA", GNUTLS_KX_RSA, &rsa_auth_struct }, { "DHE RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct }, { "DHE DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct }, +#ifdef ENABLE_SRP { "SRP", GNUTLS_KX_SRP, &srp_auth_struct }, +#endif {0} }; diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c index 544596d646..99ae1a10c1 100644 --- a/lib/gnutls_anon_cred.c +++ b/lib/gnutls_anon_cred.c @@ -19,6 +19,9 @@ */ #include "gnutls_int.h" + +#ifdef ENABLE_ANON + #include "gnutls_auth_int.h" #include "gnutls_errors.h" #include "gnutls_dh.h" @@ -87,3 +90,5 @@ int gnutls_anon_allocate_client_sc( GNUTLS_ANON_CLIENT_CREDENTIALS *sc) { return 0; } + +#endif diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c index a3b366decf..48636ef5fe 100644 --- a/lib/gnutls_auth.c +++ b/lib/gnutls_auth.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2001 Nikos Mavroyanopoulos + * Copyright (C) 2001,2002 Nikos Mavroyanopoulos * * This file is part of GNUTLS. * @@ -281,3 +281,16 @@ int _gnutls_auth_info_set( GNUTLS_STATE state, CredType type, int size, int allo } return 0; } + +/* this function will copy an MPI key to + * opaque data. + */ +int _gnutls_generate_key(GNUTLS_KEY key) { + _gnutls_mpi_print( NULL, &key->key.size, key->KEY); + key->key.data = gnutls_secure_malloc( key->key.size); + if ( key->key.data==NULL) { + return GNUTLS_E_MEMORY_ERROR; + } + _gnutls_mpi_print( key->key.data, &key->key.size, key->KEY); + return 0; +} diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index 034b1575ca..b0316bc4eb 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -38,7 +38,9 @@ typedef struct { } gnutls_extension_entry; static gnutls_extension_entry extensions[] = { +#ifdef ENABLE_SRP GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_SRP, _gnutls_srp_recv_params, _gnutls_srp_send_params), +#endif GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_MAX_RECORD_SIZE, _gnutls_max_record_recv_params, _gnutls_max_record_send_params), GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_CERT_TYPE, _gnutls_cert_type_recv_params, _gnutls_cert_type_send_params), {0} diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index d5b5dfa99e..dbaab90586 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -51,6 +51,7 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session) switch (gnutls_auth_get_type(state)) { +#ifdef ENABLE_SRP case GNUTLS_CRD_SRP:{ SRP_SERVER_AUTH_INFO info = _gnutls_get_auth_info(state); @@ -78,6 +79,7 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session) } break; +#endif case GNUTLS_CRD_ANON:{ ANON_CLIENT_AUTH_INFO info = _gnutls_get_auth_info(state); @@ -183,6 +185,7 @@ int _gnutls_session_unpack(GNUTLS_STATE state, } switch ( packed_session->data[0]) { +#ifdef ENABLE_SRP case GNUTLS_CRD_SRP:{ pack_size = @@ -212,6 +215,7 @@ int _gnutls_session_unpack(GNUTLS_STATE state, pack_size); } break; +#endif case GNUTLS_CRD_ANON:{ pack_size = READuint32(&packed_session-> diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c index 4ad61830fc..a693319346 100644 --- a/lib/gnutls_srp.c +++ b/lib/gnutls_srp.c @@ -19,6 +19,9 @@ */ #include <gnutls_int.h> + +#ifdef ENABLE_SRP + #include <gnutls_errors.h> #include <crypt_bcrypt.h> #include <gnutls_srp.h> @@ -479,3 +482,5 @@ void gnutls_srp_server_set_select_func(GNUTLS_STATE state, { state->gnutls_internals.server_srp_callback = func; } + +#endif /* ENABLE_SRP */ diff --git a/lib/gnutls_srp.h b/lib/gnutls_srp.h index 7a9be24f28..5f13abd7c1 100644 --- a/lib/gnutls_srp.h +++ b/lib/gnutls_srp.h @@ -1,3 +1,5 @@ +#ifdef ENABLE_SRP + int _gnutls_srp_gx(opaque *text, int textsize, opaque** result, MPI g, MPI prime); MPI _gnutls_calc_srp_B(MPI * ret_b, MPI g, MPI n, MPI v); MPI _gnutls_calc_srp_u( MPI B); @@ -12,3 +14,5 @@ extern const uint8 diffie_hellman_group1_prime[130]; /* g is defined to be 2 */ #define SRP_MAX_HASH_SIZE 24 + +#endif diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index b8ebae5e42..50528e1fb0 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -28,6 +28,8 @@ /* SRP */ +#ifdef ENABLE_SRP + /** * gnutls_srp_server_get_username - This function returns the username of the peer * @state: is a gnutls state @@ -49,7 +51,9 @@ const char *gnutls_srp_server_get_username(GNUTLS_STATE state) return info->username; } -/* ANON */ +#endif + +/* ANON & DHE */ /** * gnutls_dh_set_prime_bits - Used to set the bits for a DH ciphersuite diff --git a/src/serv.c b/src/serv.c index 07c98819e9..0f36e215c2 100644 --- a/src/serv.c +++ b/src/serv.c @@ -168,7 +168,7 @@ GNUTLS_STATE initialize_state(void) gnutls_dh_set_prime_bits(state, DEFAULT_PRIME_BITS); gnutls_cred_set(state, GNUTLS_CRD_ANON, dh_cred); - gnutls_cred_set(state, GNUTLS_CRD_SRP, srp_cred); +// gnutls_cred_set(state, GNUTLS_CRD_SRP, srp_cred); gnutls_cred_set(state, GNUTLS_CRD_CERTIFICATE, cert_cred); gnutls_mac_set_priority(state, mac_priority); |