Added hooks not to include SRP and Anonymous authentication

23 files changed, 125 insertions, 16 deletions

diff --git a/ChangeLog b/ChangeLog
index 75852ca96c..5957524cd1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2002-03-21 19:27  nmav <nmav@gnutls.org>
+
+	* ChangeLog, NEWS, lib/gnutls_record.c, lib/gnutls_state.c:
+
+	CBC protection support is disabled by default.  
+
 2002-03-20 18:13  nmav <nmav@gnutls.org>
 
 	* lib/: gnutls_algorithms.c, gnutls_cipher.c,
diff --git a/acconfig.h b/acconfig.h
index 7bff0536a1..85d9065685 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -35,3 +35,5 @@
 
 #undef DEFINE_SIZE_T
 
+#undef ENABLE_SRP
+#undef ENABLE_ANON
diff --git a/configure.in b/configure.in
index cfe31dd6f1..f6411d5e17 100644
--- a/configure.in
+++ b/configure.in
@@ -247,6 +247,30 @@ else
  AC_MSG_RESULT()
 fi
 
+AC_MSG_CHECKING([whether to disable SRP authentication support])
+AC_ARG_ENABLE( srp, [  --disable-srp-authentication  disable the SRP authentication support],
+ ac_enable_srp=no
+)
+if test x$ac_enable_srp != xno; then
+ AC_MSG_RESULT(no)
+ AC_DEFINE(ENABLE_SRP)
+else
+ AC_MSG_RESULT(yes)
+fi
+
+AC_MSG_CHECKING([whether to disable anonymous authentication support])
+AC_ARG_ENABLE( srp, [  --disable-anon-authentication disable the anonymous authentication support],
+ ac_enable_anon=no
+)
+if test x$ac_enable_anon != xno; then
+ AC_MSG_RESULT(no)
+ AC_DEFINE(ENABLE_ANON)
+else
+ AC_MSG_RESULT(yes)
+fi
+
+
+
 
 
 
diff --git a/lib/auth_anon.c b/lib/auth_anon.c
index 20ca8c8b67..d343ec129a 100644
--- a/lib/auth_anon.c
+++ b/lib/auth_anon.c
@@ -19,6 +19,9 @@
  */
 
 #include "gnutls_int.h"
+
+#ifdef ENABLE_ANON
+
 #include "gnutls_auth_int.h"
 #include "gnutls_errors.h"
 #include "gnutls_dh.h"
@@ -53,19 +56,6 @@ MOD_AUTH_STRUCT anon_auth_struct = {
 	NULL
 };
 
-/* this function will copy an MPI key to 
- * opaque data.
- */
-int _gnutls_generate_key(GNUTLS_KEY key) {
-        _gnutls_mpi_print( NULL, &key->key.size, key->KEY);
-	key->key.data = gnutls_secure_malloc( key->key.size);
-	if ( key->key.data==NULL) {
-		return GNUTLS_E_MEMORY_ERROR;
-	}
-	_gnutls_mpi_print( key->key.data, &key->key.size, key->KEY);
-	return 0;
-}
-
 int gen_anon_server_kx( GNUTLS_STATE state, opaque** data) {
 	MPI x, X, g, p;
 	int bits, ret;
@@ -340,3 +330,4 @@ int proc_anon_client_kx( GNUTLS_STATE state, opaque* data, int data_size) {
 	return 0;
 }
 
+#endif /* ENABLE_ANON */
diff --git a/lib/auth_srp.c b/lib/auth_srp.c
index f8e5b444fd..eb8e217f55 100644
--- a/lib/auth_srp.c
+++ b/lib/auth_srp.c
@@ -19,6 +19,9 @@
  */
 
 #include "gnutls_int.h"
+
+#ifdef ENABLE_SRP
+
 #include "gnutls_errors.h"
 #include "auth_srp_passwd.h"
 #include "gnutls_auth.h"
@@ -441,3 +444,4 @@ int proc_srp_server_kx2(GNUTLS_STATE state, opaque * data, int data_size)
 	return 0;
 }
 
+#endif /* ENABLE_SRP */
diff --git a/lib/auth_srp.h b/lib/auth_srp.h
index f7d776f0cf..951ca62857 100644
--- a/lib/auth_srp.h
+++ b/lib/auth_srp.h
@@ -1,5 +1,7 @@
 #include <gnutls_auth.h>
 
+#ifdef ENABLE_SRP
+
 typedef struct {
 	char* username;
 	char* password;
@@ -24,3 +26,5 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size
 int gen_srp_server_hello(GNUTLS_STATE state, opaque ** data);
 
 typedef struct  SRP_SERVER_AUTH_INFO_INT  SRP_SERVER_AUTH_INFO_INT;
+
+#endif /* ENABLE_SRP */
diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c
index aca241f079..97fe1ce207 100644
--- a/lib/auth_srp_passwd.c
+++ b/lib/auth_srp_passwd.c
@@ -21,6 +21,9 @@
 /* Functions for operating in an SRP passwd file are included here */
 
 #include "gnutls_int.h"
+
+#ifdef ENABLE_SRP
+
 #include "x509_b64.h"
 #include "gnutls_errors.h"
 #include "auth_srp_passwd.h"
@@ -427,3 +430,5 @@ int _gnutls_srp_generate_prime(opaque ** ret_g, opaque ** ret_n, int bits)
 	return 0;
 
 }
+
+#endif /* ENABLE SRP */
diff --git a/lib/auth_srp_passwd.h b/lib/auth_srp_passwd.h
index d54846b2ac..6207265542 100644
--- a/lib/auth_srp_passwd.h
+++ b/lib/auth_srp_passwd.h
@@ -1,3 +1,5 @@
+#ifdef ENABLE_SRP
+
 typedef struct {
 	char* username;
 	int algorithm;
@@ -16,3 +18,5 @@ void _gnutls_srp_clear_pwd_entry( GNUTLS_SRP_PWD_ENTRY * entry);
 GNUTLS_SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry(void);
 int _gnutls_sbase64_encode(uint8 * data, int data_size, uint8 ** result);
 int _gnutls_sbase64_decode(uint8 * data, int data_size, uint8 ** result);
+
+#endif /* ENABLE_SRP */
diff --git a/lib/auth_srp_sb64.c b/lib/auth_srp_sb64.c
index d7be368f30..3876ed5a6a 100644
--- a/lib/auth_srp_sb64.c
+++ b/lib/auth_srp_sb64.c
@@ -20,6 +20,8 @@
 
 #include "gnutls_int.h"
 
+#ifdef ENABLE_SRP
+
 /* this a modified base64 for srp !!! 
  * It seems that everybody makes it's own base64 convertion.
  */
@@ -304,3 +306,5 @@ int main()
 
 }
 #endif
+
+#endif /* ENABLE_SRP */
diff --git a/lib/crypt.c b/lib/crypt.c
index f7030e0d8b..9e4c00c03b 100644
--- a/lib/crypt.c
+++ b/lib/crypt.c
@@ -19,6 +19,9 @@
  */
 
 #include "gnutls_int.h"
+
+#ifdef ENABLE_SRP
+
 #include "crypt_bcrypt.h"
 #include "crypt_srpsha1.h"
 #include "gnutls_random.h"
@@ -56,3 +59,5 @@ int gnutls_crypt_vrfy(const char* username, const char *passwd, char* salt, MPI
 	}
 	return 1;
 }
+
+#endif
diff --git a/lib/crypt_bcrypt.c b/lib/crypt_bcrypt.c
index 53d3202f3e..a9c9aa8fa3 100644
--- a/lib/crypt_bcrypt.c
+++ b/lib/crypt_bcrypt.c
@@ -35,6 +35,9 @@
  */
  
 #include "gnutls_int.h"
+
+#ifdef ENABLE_SRP
+
 #include "crypt_bcrypt.h"
 #include "gnutls_random.h"
 #include "auth_srp_passwd.h"
@@ -766,3 +769,5 @@ int _gnutls_calc_srp_bcrypt(const char* username, const char *passwd, opaque * s
 	memcpy( digest, text, BCRYPT_SIZE);
 	return 0;
 }
+
+#endif /* ENABLE_SRP */
diff --git a/lib/crypt_srpsha1.c b/lib/crypt_srpsha1.c
index 7c81637d9b..08b07c1cd7 100644
--- a/lib/crypt_srpsha1.c
+++ b/lib/crypt_srpsha1.c
@@ -19,6 +19,9 @@
  */
 
 #include "gnutls_int.h"
+
+#ifdef ENABLE_SRP
+
 #include "gnutls_random.h"
 #include "gnutls_hash_int.h"
 #include "auth_srp_passwd.h"
@@ -168,3 +171,5 @@ char *crypt_srpsha1_wrapper(const char *username, const char *pass_new,
 
 	return e;
 }
+
+#endif
diff --git a/lib/ext_srp.c b/lib/ext_srp.c
index e2ea404c28..92d9c6e635 100644
--- a/lib/ext_srp.c
+++ b/lib/ext_srp.c
@@ -19,6 +19,9 @@
  */
 
 #include "gnutls_int.h"
+
+#ifdef ENABLE_SRP
+
 #include "gnutls_auth_int.h"
 #include "auth_srp.h"
 #include "gnutls_errors.h"
@@ -104,3 +107,5 @@ int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data) {
 	}
 	return 0;
 }
+
+#endif /* ENABLE_SRP */
diff --git a/lib/ext_srp.h b/lib/ext_srp.h
index 43a0b2ed9c..d0fc3d40f1 100644
--- a/lib/ext_srp.h
+++ b/lib/ext_srp.h
@@ -1,2 +1,6 @@
+#ifdef ENABLE_SRP
+
 int _gnutls_srp_recv_params( GNUTLS_STATE state, const opaque* data, int data_size);
 int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data);
+
+#endif
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index c232d73f94..2934833e7c 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -174,11 +174,15 @@ extern MOD_AUTH_STRUCT anon_auth_struct;
 extern MOD_AUTH_STRUCT srp_auth_struct;
 
 static const gnutls_kx_algo_entry kx_algorithms[] = {
+#ifdef ENABLE_ANON
 	{ "Anon DH", GNUTLS_KX_ANON_DH, &anon_auth_struct },
+#endif
 	{ "RSA", GNUTLS_KX_RSA, &rsa_auth_struct },
 	{ "DHE RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct },
 	{ "DHE DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct },
+#ifdef ENABLE_SRP
 	{ "SRP", GNUTLS_KX_SRP, &srp_auth_struct },
+#endif
 	{0}
 };
 
diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c
index 544596d646..99ae1a10c1 100644
--- a/lib/gnutls_anon_cred.c
+++ b/lib/gnutls_anon_cred.c
@@ -19,6 +19,9 @@
  */
 
 #include "gnutls_int.h"
+
+#ifdef ENABLE_ANON
+
 #include "gnutls_auth_int.h"
 #include "gnutls_errors.h"
 #include "gnutls_dh.h"
@@ -87,3 +90,5 @@ int gnutls_anon_allocate_client_sc( GNUTLS_ANON_CLIENT_CREDENTIALS *sc) {
 	
 	return 0;
 }
+
+#endif
diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c
index a3b366decf..48636ef5fe 100644
--- a/lib/gnutls_auth.c
+++ b/lib/gnutls_auth.c
@@ -1,5 +1,5 @@
 /*
- *      Copyright (C) 2001 Nikos Mavroyanopoulos
+ *      Copyright (C) 2001,2002 Nikos Mavroyanopoulos
  *
  * This file is part of GNUTLS.
  *
@@ -281,3 +281,16 @@ int _gnutls_auth_info_set( GNUTLS_STATE state, CredType type, int size, int allo
 	}
 	return 0;
 }
+
+/* this function will copy an MPI key to 
+ * opaque data.
+ */
+int _gnutls_generate_key(GNUTLS_KEY key) {
+        _gnutls_mpi_print( NULL, &key->key.size, key->KEY);
+	key->key.data = gnutls_secure_malloc( key->key.size);
+	if ( key->key.data==NULL) {
+		return GNUTLS_E_MEMORY_ERROR;
+	}
+	_gnutls_mpi_print( key->key.data, &key->key.size, key->KEY);
+	return 0;
+}
diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c
index 034b1575ca..b0316bc4eb 100644
--- a/lib/gnutls_extensions.c
+++ b/lib/gnutls_extensions.c
@@ -38,7 +38,9 @@ typedef struct {
 } gnutls_extension_entry;
 
 static gnutls_extension_entry extensions[] = {
+#ifdef ENABLE_SRP
 	GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_SRP, _gnutls_srp_recv_params, _gnutls_srp_send_params),
+#endif
 	GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_MAX_RECORD_SIZE, _gnutls_max_record_recv_params, _gnutls_max_record_send_params),
 	GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_CERT_TYPE, _gnutls_cert_type_recv_params, _gnutls_cert_type_send_params),
 	{0}
diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c
index d5b5dfa99e..dbaab90586 100644
--- a/lib/gnutls_session_pack.c
+++ b/lib/gnutls_session_pack.c
@@ -51,6 +51,7 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session)
 
 
 	switch (gnutls_auth_get_type(state)) {
+#ifdef ENABLE_SRP
 	case GNUTLS_CRD_SRP:{
 			SRP_SERVER_AUTH_INFO info =
 			    _gnutls_get_auth_info(state);
@@ -78,6 +79,7 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session)
 		}
 
 		break;
+#endif
 	case GNUTLS_CRD_ANON:{
 			ANON_CLIENT_AUTH_INFO info =
 			    _gnutls_get_auth_info(state);
@@ -183,6 +185,7 @@ int _gnutls_session_unpack(GNUTLS_STATE state,
 	}
 	
 	switch ( packed_session->data[0]) {
+#ifdef ENABLE_SRP
 	case GNUTLS_CRD_SRP:{
 
 			pack_size =
@@ -212,6 +215,7 @@ int _gnutls_session_unpack(GNUTLS_STATE state,
 			       pack_size);
 		}
 		break;
+#endif
 	case GNUTLS_CRD_ANON:{
 			pack_size =
 			    READuint32(&packed_session->
diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c
index 4ad61830fc..a693319346 100644
--- a/lib/gnutls_srp.c
+++ b/lib/gnutls_srp.c
@@ -19,6 +19,9 @@
  */
 
 #include <gnutls_int.h>
+
+#ifdef ENABLE_SRP
+
 #include <gnutls_errors.h>
 #include <crypt_bcrypt.h>
 #include <gnutls_srp.h>
@@ -479,3 +482,5 @@ void gnutls_srp_server_set_select_func(GNUTLS_STATE state,
 {
 	state->gnutls_internals.server_srp_callback = func;
 }
+
+#endif /* ENABLE_SRP */
diff --git a/lib/gnutls_srp.h b/lib/gnutls_srp.h
index 7a9be24f28..5f13abd7c1 100644
--- a/lib/gnutls_srp.h
+++ b/lib/gnutls_srp.h
@@ -1,3 +1,5 @@
+#ifdef ENABLE_SRP
+
 int _gnutls_srp_gx(opaque *text, int textsize, opaque** result, MPI g, MPI prime);
 MPI _gnutls_calc_srp_B(MPI * ret_b, MPI g, MPI n, MPI v);
 MPI _gnutls_calc_srp_u( MPI B);
@@ -12,3 +14,5 @@ extern const uint8 diffie_hellman_group1_prime[130];
 
 /* g is defined to be 2 */
 #define SRP_MAX_HASH_SIZE 24
+
+#endif
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index b8ebae5e42..50528e1fb0 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -28,6 +28,8 @@
 
 /* SRP */
 
+#ifdef ENABLE_SRP
+
 /**
   * gnutls_srp_server_get_username - This function returns the username of the peer
   * @state: is a gnutls state
@@ -49,7 +51,9 @@ const char *gnutls_srp_server_get_username(GNUTLS_STATE state)
 	return info->username;
 }
 
-/* ANON */
+#endif
+
+/* ANON & DHE */
 
 /**
   * gnutls_dh_set_prime_bits - Used to set the bits for a DH ciphersuite
diff --git a/src/serv.c b/src/serv.c
index 07c98819e9..0f36e215c2 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -168,7 +168,7 @@ GNUTLS_STATE initialize_state(void)
    gnutls_dh_set_prime_bits(state, DEFAULT_PRIME_BITS);
 
    gnutls_cred_set(state, GNUTLS_CRD_ANON, dh_cred);
-   gnutls_cred_set(state, GNUTLS_CRD_SRP, srp_cred);
+//   gnutls_cred_set(state, GNUTLS_CRD_SRP, srp_cred);
    gnutls_cred_set(state, GNUTLS_CRD_CERTIFICATE, cert_cred);
 
    gnutls_mac_set_priority(state, mac_priority);