summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos <nmav@crystal.(none)>2008-03-16 17:37:44 +0200
committerNikos <nmav@crystal.(none)>2008-03-16 17:37:44 +0200
commit3aea821a6ce36bd14f2a3a41598db698d031fadc (patch)
tree665890de0f4d23c059e2ac2062f6eaaf1d79b5c3
parenta1cd6fe1a072717d2c33fd5a20306741c86399ae (diff)
downloadgnutls-3aea821a6ce36bd14f2a3a41598db698d031fadc.tar.gz
several fixes in the cipher (register) interface and added hash.
Diffstat
-rw-r--r--lib/gnutls_cipher.c66
-rw-r--r--lib/gnutls_cipher_int.c16
-rw-r--r--lib/gnutls_cipher_int.h2
-rw-r--r--lib/gnutls_constate.c12
-rw-r--r--lib/gnutls_handshake.c89
-rw-r--r--lib/gnutls_hash_int.c292
-rw-r--r--lib/gnutls_hash_int.h37
-rw-r--r--lib/gnutls_int.h5
-rw-r--r--lib/gnutls_sig.c129
-rw-r--r--lib/gnutls_srp.c37
-rw-r--r--lib/gnutls_state.c35
-rw-r--r--lib/gnutls_ui.c14
-rw-r--r--lib/x509/pkcs12.c22
-rw-r--r--lib/x509/privkey.c11
-rw-r--r--lib/x509/privkey_pkcs8.c36
-rw-r--r--lib/x509/sign.c24
-rw-r--r--lib/x509/verify.c24
-rw-r--r--lib/x509/x509.c11
18 files changed, 459 insertions, 403 deletions
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index c8bc72314b..cd3cdb1c27 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -193,29 +193,32 @@ _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext,
return ret;
}
-inline static mac_hd_t
-mac_init (gnutls_mac_algorithm_t mac, opaque * secret, int secret_size,
+inline static int
+mac_init (digest_hd_st* td, gnutls_mac_algorithm_t mac, opaque * secret, int secret_size,
int ver)
{
- mac_hd_t td;
+int ret = 0;
if (mac == GNUTLS_MAC_NULL)
- return GNUTLS_MAC_FAILED;
+ {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
if (ver == GNUTLS_SSL3)
{ /* SSL 3.0 */
- td = _gnutls_mac_init_ssl3 (mac, secret, secret_size);
+ ret = _gnutls_mac_init_ssl3 (td, mac, secret, secret_size);
}
else
{ /* TLS 1.x */
- td = _gnutls_hmac_init (mac, secret, secret_size);
+ ret = _gnutls_hmac_init (td, mac, secret, secret_size);
}
- return td;
+ return ret;
}
inline static void
-mac_deinit (mac_hd_t td, opaque * res, int ver)
+mac_deinit (digest_hd_st *td, opaque * res, int ver)
{
if (ver == GNUTLS_SSL3)
{ /* SSL 3.0 */
@@ -298,7 +301,7 @@ _gnutls_compressed2ciphertext (gnutls_session_t session,
uint16_t c_length;
uint8_t pad;
int length, ret;
- mac_hd_t td;
+ digest_hd_st td;
uint8_t type = _type;
uint8_t major, minor;
int hash_size =
@@ -320,34 +323,33 @@ _gnutls_compressed2ciphertext (gnutls_session_t session,
/* Initialize MAC */
- td = mac_init (session->security_parameters.write_mac_algorithm,
+ ret = mac_init (&td, session->security_parameters.write_mac_algorithm,
session->connection_state.write_mac_secret.data,
session->connection_state.write_mac_secret.size, ver);
- if (td == GNUTLS_MAC_FAILED
- && session->security_parameters.write_mac_algorithm != GNUTLS_MAC_NULL)
+ if (ret < 0 && session->security_parameters.write_mac_algorithm != GNUTLS_MAC_NULL)
{
gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
+ return ret;
}
c_length = _gnutls_conv_uint16 (compressed.size);
- if (td != GNUTLS_MAC_FAILED)
+ if (session->security_parameters.write_mac_algorithm != GNUTLS_MAC_NULL)
{ /* actually when the algorithm in not the NULL one */
- _gnutls_hmac (td,
+ _gnutls_hmac (&td,
UINT64DATA (session->connection_state.
write_sequence_number), 8);
- _gnutls_hmac (td, &type, 1);
+ _gnutls_hmac (&td, &type, 1);
if (ver >= GNUTLS_TLS1)
{ /* TLS 1.0 or higher */
- _gnutls_hmac (td, &major, 1);
- _gnutls_hmac (td, &minor, 1);
+ _gnutls_hmac (&td, &major, 1);
+ _gnutls_hmac (&td, &minor, 1);
}
- _gnutls_hmac (td, &c_length, 2);
- _gnutls_hmac (td, compressed.data, compressed.size);
- mac_deinit (td, MAC, ver);
+ _gnutls_hmac (&td, &c_length, 2);
+ _gnutls_hmac (&td, compressed.data, compressed.size);
+ mac_deinit (&td, MAC, ver);
}
@@ -424,7 +426,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
uint16_t c_length;
uint8_t pad;
int length;
- mac_hd_t td;
+ digest_hd_st td;
uint16_t blocksize;
int ret, i, pad_failed = 0;
uint8_t major, minor;
@@ -442,11 +444,11 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
/* initialize MAC
*/
- td = mac_init (session->security_parameters.read_mac_algorithm,
+ ret = mac_init (&td, session->security_parameters.read_mac_algorithm,
session->connection_state.read_mac_secret.data,
session->connection_state.read_mac_secret.size, ver);
- if (td == GNUTLS_MAC_FAILED
+ if (ret < 0
&& session->security_parameters.read_mac_algorithm != GNUTLS_MAC_NULL)
{
gnutls_assert ();
@@ -537,24 +539,24 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
/* Pass the type, version, length and compressed through
* MAC.
*/
- if (td != GNUTLS_MAC_FAILED)
+ if (session->security_parameters.read_mac_algorithm != GNUTLS_MAC_NULL)
{
- _gnutls_hmac (td,
+ _gnutls_hmac (&td,
UINT64DATA (session->connection_state.
read_sequence_number), 8);
- _gnutls_hmac (td, &type, 1);
+ _gnutls_hmac (&td, &type, 1);
if (ver >= GNUTLS_TLS1)
{ /* TLS 1.x */
- _gnutls_hmac (td, &major, 1);
- _gnutls_hmac (td, &minor, 1);
+ _gnutls_hmac (&td, &major, 1);
+ _gnutls_hmac (&td, &minor, 1);
}
- _gnutls_hmac (td, &c_length, 2);
+ _gnutls_hmac (&td, &c_length, 2);
if (length > 0)
- _gnutls_hmac (td, ciphertext.data, length);
+ _gnutls_hmac (&td, ciphertext.data, length);
- mac_deinit (td, MAC, ver);
+ mac_deinit (&td, MAC, ver);
}
/* This one was introduced to avoid a timing attack against the TLS
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index 11b8488722..af3060e668 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2000, 2004, 2005 Free Software Foundation
+ * Copyright (C) 2000, 2004, 2005, 2008 Free Software Foundation
*
* Author: Nikos Mavrogiannopoulos
*
@@ -29,10 +29,10 @@
#include <gnutls/crypto.h>
#include <crypto.h>
-#define SR(x) if ( (x)<0 ) { \
+#define SR(x, cleanup) if ( (x)<0 ) { \
gnutls_assert(); \
err = GNUTLS_E_INTERNAL_ERROR; \
- goto cc_cleanup; \
+ goto cleanup; \
}
int
@@ -44,14 +44,14 @@ _gnutls_cipher_init (cipher_hd_st* handle, gnutls_cipher_algorithm_t cipher,
/* check if a cipher has been registered
*/
- cc = _gnutls_get_registered_cipher( cipher);
+ cc = _gnutls_get_crypto_cipher( cipher);
if (cc != NULL) {
handle->registered = 1;
handle->hd.rh.cc = cc;
- SR( cc->init(&handle->hd.rh.ctx) );
- SR(cc->setkey( handle->hd.rh.ctx, key->data, key->size));
+ SR( cc->init(&handle->hd.rh.ctx), cc_cleanup );
+ SR(cc->setkey( handle->hd.rh.ctx, key->data, key->size), cc_cleanup);
if (iv->data && iv->size && cc->setiv)
- SR(cc->setiv( handle->hd.rh.ctx, iv->data, iv->size));
+ SR(cc->setiv( handle->hd.rh.ctx, iv->data, iv->size), cc_cleanup);
return 0;
}
@@ -167,7 +167,7 @@ _gnutls_cipher_deinit (cipher_hd_st* handle)
{
if (handle != GNUTLS_CIPHER_FAILED)
{
- if (handle->registered) {
+ if (handle->registered && handle->hd.rh.ctx != NULL) {
return handle->hd.rh.cc->deinit( handle->hd.rh.ctx);
}
gc_cipher_close (handle);
diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h
index b97a0c862f..fa46c94bfb 100644
--- a/lib/gnutls_cipher_int.h
+++ b/lib/gnutls_cipher_int.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008 Free Software Foundation
*
* Author: Nikos Mavrogiannopoulos
*
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index e3e43ba13f..cbe7a15e74 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -568,8 +568,7 @@ _gnutls_read_connection_state_init (gnutls_session_t session)
if (session->connection_state.read_mac_secret.data != NULL)
_gnutls_free_datum (&session->connection_state.read_mac_secret);
- if (session->connection_state.read_cipher_state != NULL)
- _gnutls_cipher_deinit (&session->connection_state.read_cipher_state);
+ _gnutls_cipher_deinit (&session->connection_state.read_cipher_state);
if (session->connection_state.read_compression_state != NULL)
_gnutls_comp_deinit (session->connection_state.read_compression_state, 1);
@@ -591,7 +590,7 @@ _gnutls_read_connection_state_init (gnutls_session_t session)
session->security_parameters.read_bulk_cipher_algorithm,
&session->cipher_specs.client_write_key,
&session->cipher_specs.client_write_IV);
- if (rc < 0) && session->security_parameters.
+ if (rc < 0 && session->security_parameters.
read_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL)
{
gnutls_assert ();
@@ -751,8 +750,7 @@ _gnutls_write_connection_state_init (gnutls_session_t session)
if (session->connection_state.write_mac_secret.data != NULL)
_gnutls_free_datum (&session->connection_state.write_mac_secret);
- if (session->connection_state.write_cipher_state != NULL)
- _gnutls_cipher_deinit (&session->connection_state.write_cipher_state);
+ _gnutls_cipher_deinit (&session->connection_state.write_cipher_state);
if (session->connection_state.write_compression_state != NULL)
_gnutls_comp_deinit (session->connection_state.
@@ -771,7 +769,7 @@ _gnutls_write_connection_state_init (gnutls_session_t session)
/* initialize cipher session
*/
rc = _gnutls_cipher_init (
- &connection_state.write_cipher_state,
+ &session->connection_state.write_cipher_state,
session->security_parameters.
write_bulk_cipher_algorithm,
&session->cipher_specs.
@@ -808,7 +806,7 @@ _gnutls_write_connection_state_init (gnutls_session_t session)
break;
case GNUTLS_CLIENT:
- rc = _gnutls_cipher_init (&connection_state.write_cipher_state,
+ rc = _gnutls_cipher_init (&session->connection_state.write_cipher_state,
session->security_parameters.
write_bulk_cipher_algorithm,
&session->cipher_specs.
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 987b268213..71e6484afc 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -71,10 +71,8 @@ int _gnutls_server_select_comp_method (gnutls_session_t session,
inline static void
_gnutls_handshake_hash_buffers_clear (gnutls_session_t session)
{
- _gnutls_hash_deinit (session->internals.handshake_mac_handle_md5, NULL);
- _gnutls_hash_deinit (session->internals.handshake_mac_handle_sha, NULL);
- session->internals.handshake_mac_handle_md5 = NULL;
- session->internals.handshake_mac_handle_sha = NULL;
+ _gnutls_hash_deinit (&session->internals.handshake_mac_handle_md5, NULL);
+ _gnutls_hash_deinit (&session->internals.handshake_mac_handle_sha, NULL);
_gnutls_handshake_buffer_clear (session);
}
@@ -146,23 +144,24 @@ static int
_gnutls_ssl3_finished (gnutls_session_t session, int type, opaque * ret)
{
const int siz = SSL_MSG_LEN;
- mac_hd_t td_md5;
- mac_hd_t td_sha;
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
const char *mesg;
+ int rc;
- td_md5 = _gnutls_hash_copy (session->internals.handshake_mac_handle_md5);
- if (td_md5 == NULL)
+ rc = _gnutls_hash_copy (&td_md5, &session->internals.handshake_mac_handle_md5);
+ if (rc < 0)
{
gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
+ return rc;
}
- td_sha = _gnutls_hash_copy (session->internals.handshake_mac_handle_sha);
- if (td_sha == NULL)
+ rc = _gnutls_hash_copy (&td_sha, &session->internals.handshake_mac_handle_sha);
+ if (rc < 0)
{
gnutls_assert ();
- _gnutls_hash_deinit (td_md5, NULL);
- return GNUTLS_E_HASH_FAILED;
+ _gnutls_hash_deinit (&td_md5, NULL);
+ return rc;
}
if (type == GNUTLS_SERVER)
@@ -174,13 +173,13 @@ _gnutls_ssl3_finished (gnutls_session_t session, int type, opaque * ret)
mesg = SSL3_CLIENT_MSG;
}
- _gnutls_hash (td_md5, mesg, siz);
- _gnutls_hash (td_sha, mesg, siz);
+ _gnutls_hash (&td_md5, mesg, siz);
+ _gnutls_hash (&td_sha, mesg, siz);
- _gnutls_mac_deinit_ssl3_handshake (td_md5, ret,
+ _gnutls_mac_deinit_ssl3_handshake (&td_md5, ret,
session->security_parameters.
master_secret, TLS_MASTER_SIZE);
- _gnutls_mac_deinit_ssl3_handshake (td_sha, &ret[16],
+ _gnutls_mac_deinit_ssl3_handshake (&td_sha, &ret[16],
session->security_parameters.
master_secret, TLS_MASTER_SIZE);
@@ -199,37 +198,38 @@ _gnutls_finished (gnutls_session_t session, int type, void *ret)
opaque concat[36];
size_t len;
const char *mesg;
- mac_hd_t td_md5 = NULL;
- mac_hd_t td_sha;
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+ int rc;
if (ver < GNUTLS_TLS1_2)
{
- td_md5 = _gnutls_hash_copy (session->internals.handshake_mac_handle_md5);
- if (td_md5 == NULL)
+ rc = _gnutls_hash_copy (&td_md5, &session->internals.handshake_mac_handle_md5);
+ if (rc < 0)
{
gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
+ return rc;
}
}
- td_sha = _gnutls_hash_copy (session->internals.handshake_mac_handle_sha);
- if (td_sha == NULL)
+ rc = _gnutls_hash_copy (&td_sha, &session->internals.handshake_mac_handle_sha);
+ if (rc < 0)
{
gnutls_assert ();
- _gnutls_hash_deinit (td_md5, NULL);
- return GNUTLS_E_HASH_FAILED;
+ _gnutls_hash_deinit (&td_md5, NULL);
+ return rc;
}
if (ver < GNUTLS_TLS1_2)
{
- _gnutls_hash_deinit (td_md5, concat);
- _gnutls_hash_deinit (td_sha, &concat[16]);
+ _gnutls_hash_deinit (&td_md5, concat);
+ _gnutls_hash_deinit (&td_sha, &concat[16]);
len = 20 + 16;
}
else
{
- _gnutls_hash_deinit (td_sha, concat);
+ _gnutls_hash_deinit (&td_sha, concat);
len = 20;
}
@@ -483,8 +483,7 @@ _gnutls_handshake_hash_pending (gnutls_session_t session)
int ret;
opaque *data;
- if (session->internals.handshake_mac_handle_sha == NULL ||
- session->internals.handshake_mac_handle_md5 == NULL)
+ if (session->internals.handshake_mac_handle_init == 0)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
@@ -500,8 +499,8 @@ _gnutls_handshake_hash_pending (gnutls_session_t session)
if (siz > 0)
{
- _gnutls_hash (session->internals.handshake_mac_handle_sha, data, siz);
- _gnutls_hash (session->internals.handshake_mac_handle_md5, data, siz);
+ _gnutls_hash (&session->internals.handshake_mac_handle_sha, data, siz);
+ _gnutls_hash (&session->internals.handshake_mac_handle_md5, data, siz);
}
_gnutls_handshake_buffer_empty (session);
@@ -888,9 +887,9 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session,
if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
{
- _gnutls_hash (session->internals.handshake_mac_handle_sha, dataptr,
+ _gnutls_hash (&session->internals.handshake_mac_handle_sha, dataptr,
datalen);
- _gnutls_hash (session->internals.handshake_mac_handle_md5, dataptr,
+ _gnutls_hash (&session->internals.handshake_mac_handle_md5, dataptr,
datalen);
}
@@ -2109,27 +2108,25 @@ inline static int
_gnutls_handshake_hash_init (gnutls_session_t session)
{
- if (session->internals.handshake_mac_handle_md5 == NULL)
+ if (session->internals.handshake_mac_handle_init == 0)
{
- session->internals.handshake_mac_handle_md5 =
- _gnutls_hash_init (GNUTLS_MAC_MD5);
+ int ret =
+ _gnutls_hash_init (&session->internals.handshake_mac_handle_md5, GNUTLS_MAC_MD5);
- if (session->internals.handshake_mac_handle_md5 == GNUTLS_HASH_FAILED)
+ if (ret < 0)
{
gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
+ return ret;
}
- }
- if (session->internals.handshake_mac_handle_sha == NULL)
- {
- session->internals.handshake_mac_handle_sha =
- _gnutls_hash_init (GNUTLS_MAC_SHA1);
- if (session->internals.handshake_mac_handle_sha == GNUTLS_HASH_FAILED)
+ ret = _gnutls_hash_init(&session->internals.handshake_mac_handle_sha, GNUTLS_MAC_SHA1);
+ if (ret < 0)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
+
+ session->internals.handshake_mac_handle_init = 1;
}
return 0;
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index a20d0ea8c9..21d0fe078d 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2000, 2001, 2004, 2005, 2007 Free Software Foundation
+ * Copyright (C) 2000, 2001, 2004, 2005, 2007, 2008 Free Software Foundation
*
* Author: Nikos Mavrogiannopoulos
*
@@ -65,30 +65,38 @@ static inline Gc_hash _gnutls_mac2gc (gnutls_mac_algorithm_t mac)
return -1;
}
-GNUTLS_HASH_HANDLE
-_gnutls_hash_init (gnutls_mac_algorithm_t algorithm)
+int
+_gnutls_hash_init (digest_hd_st* dig, gnutls_mac_algorithm_t algorithm)
{
- mac_hd_t ret;
int result;
-
- ret = gnutls_malloc (sizeof (mac_hd_st));
- if (ret == NULL)
- {
- gnutls_assert ();
- return GNUTLS_HASH_FAILED;
+ gnutls_crypto_digest_st * cc = NULL;
+
+ dig->algorithm = algorithm;
+
+ /* check if a digest has been registered
+ */
+ cc = _gnutls_get_crypto_digest( algorithm);
+ if (cc != NULL) {
+ dig->registered = 1;
+ dig->hd.rh.cc = cc;
+ if (cc->init(& dig->hd.rh.ctx) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
}
+ return 0;
+ }
+
+ dig->registered = 0;
- ret->algorithm = algorithm;
- result = gc_hash_open (_gnutls_mac2gc (algorithm), 0, &ret->handle);
+ result = gc_hash_open (_gnutls_mac2gc (algorithm), 0, &dig->hd.gc);
if (result)
{
gnutls_assert ();
- gnutls_free (ret);
- ret = GNUTLS_HASH_FAILED;
+ return GNUTLS_E_HASH_FAILED;
}
- return ret;
+ return 0;
}
int
@@ -103,100 +111,126 @@ _gnutls_hash_get_algo_len (gnutls_mac_algorithm_t algorithm)
}
int
-_gnutls_hash (GNUTLS_HASH_HANDLE handle, const void *text, size_t textlen)
+_gnutls_hash (const digest_hd_st* handle, const void *text, size_t textlen)
{
- if (textlen > 0)
- gc_hash_write (handle->handle, textlen, text);
+ if (textlen > 0) {
+ if (handle->registered) {
+ return handle->hd.rh.cc->hash( handle->hd.rh.ctx, text, textlen);
+ }
+ gc_hash_write (handle->hd.gc, textlen, text);
+ }
return 0;
}
-GNUTLS_HASH_HANDLE
-_gnutls_hash_copy (GNUTLS_HASH_HANDLE handle)
+int _gnutls_hash_copy (digest_hd_st* dst, digest_hd_st* src)
{
- GNUTLS_HASH_HANDLE ret;
int result;
- ret = gnutls_malloc (sizeof (mac_hd_st));
-
- if (ret == NULL)
- return GNUTLS_HASH_FAILED;
+ dst->algorithm = src->algorithm;
+ dst->key = NULL; /* it's a hash anyway */
+ dst->keysize = 0;
- ret->algorithm = handle->algorithm;
- ret->key = NULL; /* it's a hash anyway */
- ret->keysize = 0;
+ if (src->registered) {
+ return src->hd.rh.cc->copy( &dst->hd.rh.ctx, src->hd.rh.ctx);
+ }
- result = gc_hash_clone (handle->handle, &ret->handle);
+ result = gc_hash_clone (src->hd.gc, &dst->hd.gc);
if (result)
{
- gnutls_free (ret);
- return GNUTLS_HASH_FAILED;
+ return GNUTLS_E_HASH_FAILED;
}
- return ret;
+ return 0;
}
void
-_gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest)
+_gnutls_hash_deinit (digest_hd_st* handle, void *digest)
{
const opaque *mac;
int maclen;
maclen = _gnutls_hash_get_algo_len (handle->algorithm);
- mac = gc_hash_read (handle->handle);
+ if (handle->registered && handle->hd.rh.ctx != NULL) {
+ handle->hd.rh.cc->output( handle->hd.rh.ctx, digest, maclen);
+ handle->hd.rh.cc->deinit( handle->hd.rh.ctx);
+ return;
+ }
+
+ mac = gc_hash_read (handle->hd.gc);
if (digest != NULL)
memcpy (digest, mac, maclen);
- gc_hash_close (handle->handle);
-
- gnutls_free (handle);
+ gc_hash_close (handle->hd.gc);
}
-mac_hd_t
-_gnutls_hmac_init (gnutls_mac_algorithm_t algorithm,
+int _gnutls_hmac_init (digest_hd_st *dig, gnutls_mac_algorithm_t algorithm,
const void *key, int keylen)
{
- mac_hd_t ret;
int result;
+ gnutls_crypto_digest_st * cc = NULL;
- ret = gnutls_malloc (sizeof (mac_hd_st));
- if (ret == NULL)
- return GNUTLS_MAC_FAILED;
+ dig->algorithm = algorithm;
+ dig->key = key;
+ dig->keysize = keylen;
- result = gc_hash_open (_gnutls_mac2gc (algorithm), GC_HMAC, &ret->handle);
+ /* check if a digest has been registered
+ */
+ cc = _gnutls_get_crypto_mac( algorithm);
+ if (cc != NULL) {
+ dig->registered = 1;
+
+ dig->hd.rh.cc = cc;
+ if (cc->init(&dig->hd.rh.ctx) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ if (cc->setkey( dig->hd.rh.ctx, key, keylen) < 0) {
+ gnutls_assert();
+ cc->deinit(dig->hd.rh.ctx);
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ return 0;
+ }
+
+ dig->registered = 0;
+
+ result = gc_hash_open (_gnutls_mac2gc (algorithm), GC_HMAC, &dig->hd.gc);
if (result)
{
- gnutls_free (ret);
- return GNUTLS_MAC_FAILED;
+ return GNUTLS_E_HASH_FAILED;
}
- gc_hash_hmac_setkey (ret->handle, keylen, key);
-
- ret->algorithm = algorithm;
- ret->key = key;
- ret->keysize = keylen;
+ gc_hash_hmac_setkey (dig->hd.gc, keylen, key);
- return ret;
+ return 0;
}
void
-_gnutls_hmac_deinit (mac_hd_t handle, void *digest)
+_gnutls_hmac_deinit (digest_hd_st* handle, void *digest)
{
const opaque *mac;
int maclen;
maclen = _gnutls_hash_get_algo_len (handle->algorithm);
- mac = gc_hash_read (handle->handle);
+ if (handle->registered && handle->hd.rh.ctx != NULL) {
+ handle->hd.rh.cc->output( handle->hd.rh.ctx, digest, maclen);
+ handle->hd.rh.cc->deinit( handle->hd.rh.ctx);
+ return;
+ }
+
+ mac = gc_hash_read (handle->hd.gc);
if (digest != NULL)
memcpy (digest, mac, maclen);
- gc_hash_close (handle->handle);
+ gc_hash_close (handle->hd.gc);
- gnutls_free (handle);
}
inline static int
@@ -213,45 +247,46 @@ get_padsize (gnutls_mac_algorithm_t algorithm)
}
}
-mac_hd_t
-_gnutls_mac_init_ssl3 (gnutls_mac_algorithm_t algorithm, void *key,
+int _gnutls_mac_init_ssl3 (digest_hd_st* ret, gnutls_mac_algorithm_t algorithm, void *key,
int keylen)
{
- mac_hd_t ret;
opaque ipad[48];
- int padsize;
+ int padsize, result;
padsize = get_padsize (algorithm);
if (padsize == 0)
{
gnutls_assert ();
- return GNUTLS_MAC_FAILED;
+ return GNUTLS_E_HASH_FAILED;
}
memset (ipad, 0x36, padsize);
- ret = _gnutls_hash_init (algorithm);
- if (ret != GNUTLS_HASH_FAILED)
+ result = _gnutls_hash_init (ret, algorithm);
+ if (result < 0)
{
- ret->key = key;
- ret->keysize = keylen;
-
- if (keylen > 0)
- _gnutls_hash (ret, key, keylen);
- _gnutls_hash (ret, ipad, padsize);
+ gnutls_assert();
+ return result;
}
- return ret;
+ ret->key = key;
+ ret->keysize = keylen;
+
+ if (keylen > 0)
+ _gnutls_hash (ret, key, keylen);
+ _gnutls_hash (ret, ipad, padsize);
+
+ return 0;
}
void
-_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest)
+_gnutls_mac_deinit_ssl3 (digest_hd_st* handle, void *digest)
{
opaque ret[MAX_HASH_SIZE];
- mac_hd_t td;
+ digest_hd_st td;
opaque opad[48];
int padsize;
- int block;
+ int block, rc;
padsize = get_padsize (handle->algorithm);
if (padsize == 0)
@@ -262,32 +297,37 @@ _gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest)
memset (opad, 0x5C, padsize);
- td = _gnutls_hash_init (handle->algorithm);
- if (td != GNUTLS_MAC_FAILED)
+ rc = _gnutls_hash_init (&td, handle->algorithm);
+ if (rc < 0)
{
- if (handle->keysize > 0)
- _gnutls_hash (td, handle->key, handle->keysize);
+ gnutls_assert();
+ return;
+ }
- _gnutls_hash (td, opad, padsize);
- block = _gnutls_hmac_get_algo_len (handle->algorithm);
- _gnutls_hash_deinit (handle, ret); /* get the previous hash */
- _gnutls_hash (td, ret, block);
+ if (handle->keysize > 0)
+ _gnutls_hash (&td, handle->key, handle->keysize);
- _gnutls_hash_deinit (td, digest);
- }
+ _gnutls_hash (&td, opad, padsize);
+ block = _gnutls_hmac_get_algo_len (handle->algorithm);
+ _gnutls_hash_deinit (handle, ret); /* get the previous hash */
+ _gnutls_hash (&td, ret, block);
+
+ _gnutls_hash_deinit (&td, digest);
+
+ return;
}
void
-_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle,
+_gnutls_mac_deinit_ssl3_handshake (digest_hd_st* handle,
void *digest, opaque * key,
uint32_t key_size)
{
opaque ret[MAX_HASH_SIZE];
- mac_hd_t td;
+ digest_hd_st td;
opaque opad[48];
opaque ipad[48];
int padsize;
- int block;
+ int block, rc;
padsize = get_padsize (handle->algorithm);
if (padsize == 0)
@@ -299,52 +339,57 @@ _gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle,
memset (opad, 0x5C, padsize);
memset (ipad, 0x36, padsize);
- td = _gnutls_hash_init (handle->algorithm);
- if (td != GNUTLS_HASH_FAILED)
+ rc = _gnutls_hash_init (&td, handle->algorithm);
+ if (rc < 0)
{
- if (key_size > 0)
- _gnutls_hash (td, key, key_size);
+ gnutls_assert();
+ return;
+ }
- _gnutls_hash (td, opad, padsize);
- block = _gnutls_hmac_get_algo_len (handle->algorithm);
+ if (key_size > 0)
+ _gnutls_hash (&td, key, key_size);
- if (key_size > 0)
- _gnutls_hash (handle, key, key_size);
- _gnutls_hash (handle, ipad, padsize);
- _gnutls_hash_deinit (handle, ret); /* get the previous hash */
+ _gnutls_hash (&td, opad, padsize);
+ block = _gnutls_hmac_get_algo_len (handle->algorithm);
- _gnutls_hash (td, ret, block);
+ if (key_size > 0)
+ _gnutls_hash (handle, key, key_size);
+ _gnutls_hash (handle, ipad, padsize);
+ _gnutls_hash_deinit (handle, ret); /* get the previous hash */
- _gnutls_hash_deinit (td, digest);
- }
+ _gnutls_hash (&td, ret, block);
+
+ _gnutls_hash_deinit (&td, digest);
+
+ return;
}
static int
ssl3_sha (int i, opaque * secret, int secret_len,
opaque * rnd, int rnd_len, void *digest)
{
- int j;
+ int j, ret;
opaque text1[26];
- GNUTLS_HASH_HANDLE td;
+ digest_hd_st td;
for (j = 0; j < i + 1; j++)
{
text1[j] = 65 + i; /* A==65 */
}
- td = _gnutls_hash_init (GNUTLS_MAC_SHA1);
- if (td == NULL)
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
+ if (ret < 0)
{
gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
+ return ret;
}
- _gnutls_hash (td, text1, i + 1);
- _gnutls_hash (td, secret, secret_len);
- _gnutls_hash (td, rnd, rnd_len);
+ _gnutls_hash (&td, text1, i + 1);
+ _gnutls_hash (&td, secret, secret_len);
+ _gnutls_hash (&td, rnd, rnd_len);
- _gnutls_hash_deinit (td, digest);
+ _gnutls_hash_deinit (&td, digest);
return 0;
}
@@ -353,29 +398,29 @@ ssl3_md5 (int i, opaque * secret, int secret_len,
opaque * rnd, int rnd_len, void *digest)
{
opaque tmp[MAX_HASH_SIZE];
- mac_hd_t td;
+ digest_hd_st td;
int ret;
- td = _gnutls_hash_init (GNUTLS_MAC_MD5);
- if (td == NULL)
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_MD5);
+ if (ret < 0)
{
gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
+ return ret;
}
- _gnutls_hash (td, secret, secret_len);
+ _gnutls_hash (&td, secret, secret_len);
ret = ssl3_sha (i, secret, secret_len, rnd, rnd_len, tmp);
if (ret < 0)
{
gnutls_assert ();
- _gnutls_hash_deinit (td, digest);
+ _gnutls_hash_deinit (&td, digest);
return ret;
}
- _gnutls_hash (td, tmp, _gnutls_hash_get_algo_len (GNUTLS_MAC_SHA1));
+ _gnutls_hash (&td, tmp, _gnutls_hash_get_algo_len (GNUTLS_MAC_SHA1));
- _gnutls_hash_deinit (td, digest);
+ _gnutls_hash_deinit (&td, digest);
return 0;
}
@@ -385,20 +430,21 @@ _gnutls_ssl3_hash_md5 (void *first, int first_len,
opaque * ret)
{
opaque digest[MAX_HASH_SIZE];
- mac_hd_t td;
+ digest_hd_st td;
int block = _gnutls_hash_get_algo_len (GNUTLS_MAC_MD5);
+ int rc;
- td = _gnutls_hash_init (GNUTLS_MAC_MD5);
- if (td == NULL)
+ rc = _gnutls_hash_init (&td, GNUTLS_MAC_MD5);
+ if (rc < 0)
{
gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
+ return rc;
}
- _gnutls_hash (td, first, first_len);
- _gnutls_hash (td, second, second_len);
+ _gnutls_hash (&td, first, first_len);
+ _gnutls_hash (&td, second, second_len);
- _gnutls_hash_deinit (td, digest);
+ _gnutls_hash_deinit (&td, digest);
if (ret_len > block)
{
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index 3e1b75e693..7f156f6a33 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008 Free Software Foundation
*
* Author: Nikos Mavrogiannopoulos
*
@@ -26,37 +26,46 @@
# define GNUTLS_HASH_INT_H
#include <gnutls_int.h>
+#include <gnutls/crypto.h>
+#include <crypto.h>
/* for message digests */
+typedef struct {
+ gnutls_crypto_mac_st* cc;
+ void* ctx;
+} digest_reg_hd;
+
typedef struct
{
- gc_hash_handle handle;
+ int registered; /* true or false(0) */
+ union {
+ gc_hash_handle gc; /* when not registered */
+ digest_reg_hd rh; /* when registered */
+ } hd;
gnutls_mac_algorithm_t algorithm;
const void *key;
int keysize;
-} mac_hd_st;
-typedef mac_hd_st *mac_hd_t;
-typedef mac_hd_t GNUTLS_HASH_HANDLE;
+} digest_hd_st;
#define GNUTLS_HASH_FAILED NULL
#define GNUTLS_MAC_FAILED NULL
-mac_hd_t _gnutls_hmac_init (gnutls_mac_algorithm_t algorithm,
+int _gnutls_hmac_init (digest_hd_st*, gnutls_mac_algorithm_t algorithm,
const void *key, int keylen);
#define _gnutls_hmac_get_algo_len _gnutls_hash_get_algo_len
#define _gnutls_hmac _gnutls_hash
-void _gnutls_hmac_deinit (mac_hd_t handle, void *digest);
+void _gnutls_hmac_deinit (digest_hd_st* handle, void *digest);
-mac_hd_t _gnutls_mac_init_ssl3 (gnutls_mac_algorithm_t algorithm, void *key,
+int _gnutls_mac_init_ssl3 (digest_hd_st*, gnutls_mac_algorithm_t algorithm, void *key,
int keylen);
-void _gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest);
+void _gnutls_mac_deinit_ssl3 (digest_hd_st* handle, void *digest);
-GNUTLS_HASH_HANDLE _gnutls_hash_init (gnutls_mac_algorithm_t algorithm);
+int _gnutls_hash_init (digest_hd_st*, gnutls_mac_algorithm_t algorithm);
int _gnutls_hash_get_algo_len (gnutls_mac_algorithm_t algorithm);
-int _gnutls_hash (GNUTLS_HASH_HANDLE handle, const void *text,
+int _gnutls_hash (const digest_hd_st* handle, const void *text,
size_t textlen);
-void _gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest);
+void _gnutls_hash_deinit (digest_hd_st* handle, void *digest);
int _gnutls_ssl3_generate_random (void *secret, int secret_len,
void *rnd, int random_len, int bytes,
@@ -64,9 +73,9 @@ int _gnutls_ssl3_generate_random (void *secret, int secret_len,
int _gnutls_ssl3_hash_md5 (void *first, int first_len, void *second,
int second_len, int ret_len, opaque * ret);
-void _gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle, void *digest,
+void _gnutls_mac_deinit_ssl3_handshake (digest_hd_st* handle, void *digest,
opaque * key, uint32_t key_size);
-GNUTLS_HASH_HANDLE _gnutls_hash_copy (GNUTLS_HASH_HANDLE handle);
+int _gnutls_hash_copy (digest_hd_st* dst_handle, digest_hd_st * src_handle);
#endif /* GNUTLS_HASH_INT_H */
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index b4dbdba26d..e37237d33c 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -437,8 +437,9 @@ typedef struct
gnutls_buffer application_data_buffer; /* holds data to be delivered to application layer */
gnutls_buffer handshake_hash_buffer; /* used to keep the last received handshake
* message */
- mac_hd_t handshake_mac_handle_sha; /* hash of the handshake messages */
- mac_hd_t handshake_mac_handle_md5; /* hash of the handshake messages */
+ digest_hd_st handshake_mac_handle_sha; /* hash of the handshake messages */
+ digest_hd_st handshake_mac_handle_md5; /* hash of the handshake messages */
+ int handshake_mac_handle_init; /* 1 when the previous two were initialized */
gnutls_buffer handshake_data_buffer; /* this is a buffer that holds the current handshake message */
gnutls_buffer ia_data_buffer; /* holds inner application data (TLS/IA) */
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index fdfe75aa43..1c931e8a56 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -55,15 +55,15 @@ _gnutls_tls_sign_hdata (gnutls_session_t session,
gnutls_datum_t dconcat;
int ret;
opaque concat[36];
- mac_hd_t td_md5;
- mac_hd_t td_sha;
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
- td_sha = _gnutls_hash_copy (session->internals.handshake_mac_handle_sha);
- if (td_sha == NULL)
+ ret = _gnutls_hash_copy (&td_sha, &session->internals.handshake_mac_handle_sha);
+ if (ret < 0)
{
gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
+ return ret;
}
if (ver == GNUTLS_SSL3)
@@ -75,30 +75,29 @@ _gnutls_tls_sign_hdata (gnutls_session_t session,
return ret;
}
- _gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16],
+ _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
session->security_parameters.
master_secret, TLS_MASTER_SIZE);
}
else
- _gnutls_hash_deinit (td_sha, &concat[16]);
+ _gnutls_hash_deinit (&td_sha, &concat[16]);
switch (cert->subject_pk_algorithm)
{
case GNUTLS_PK_RSA:
- td_md5 =
- _gnutls_hash_copy (session->internals.handshake_mac_handle_md5);
- if (td_md5 == NULL)
+ ret = _gnutls_hash_copy (&td_md5, &session->internals.handshake_mac_handle_md5);
+ if (ret < 0)
{
gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
+ return ret;
}
if (ver == GNUTLS_SSL3)
- _gnutls_mac_deinit_ssl3_handshake (td_md5, concat,
+ _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
session->security_parameters.
master_secret, TLS_MASTER_SIZE);
else
- _gnutls_hash_deinit (td_md5, concat);
+ _gnutls_hash_deinit (&td_md5, concat);
dconcat.data = concat;
dconcat.size = 36;
@@ -132,43 +131,45 @@ _gnutls_tls_sign_params (gnutls_session_t session, gnutls_cert * cert,
{
gnutls_datum_t dconcat;
int ret;
- mac_hd_t td_sha;
+ digest_hd_st td_sha;
opaque concat[36];
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
- td_sha = _gnutls_hash_init (GNUTLS_MAC_SHA1);
- if (td_sha == NULL)
+ ret = _gnutls_hash_init (&td_sha, GNUTLS_MAC_SHA1);
+ if (ret < 0)
{
gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
+ return ret;
}
- _gnutls_hash (td_sha, session->security_parameters.client_random,
+ _gnutls_hash (&td_sha, session->security_parameters.client_random,
TLS_RANDOM_SIZE);
- _gnutls_hash (td_sha, session->security_parameters.server_random,
+ _gnutls_hash (&td_sha, session->security_parameters.server_random,
TLS_RANDOM_SIZE);
- _gnutls_hash (td_sha, params->data, params->size);
+ _gnutls_hash (&td_sha, params->data, params->size);
switch (cert->subject_pk_algorithm)
{
case GNUTLS_PK_RSA:
if (ver < GNUTLS_TLS1_2)
{
- mac_hd_t td_md5 = _gnutls_hash_init (GNUTLS_MAC_MD5);
- if (td_md5 == NULL)
+ digest_hd_st td_md5;
+
+ ret =_gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
+ if (ret < 0)
{
gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
+ return ret;
}
- _gnutls_hash (td_md5, session->security_parameters.client_random,
+ _gnutls_hash (&td_md5, session->security_parameters.client_random,
TLS_RANDOM_SIZE);
- _gnutls_hash (td_md5, session->security_parameters.server_random,
+ _gnutls_hash (&td_md5, session->security_parameters.server_random,
TLS_RANDOM_SIZE);
- _gnutls_hash (td_md5, params->data, params->size);
+ _gnutls_hash (&td_md5, params->data, params->size);
- _gnutls_hash_deinit (td_md5, concat);
- _gnutls_hash_deinit (td_sha, &concat[16]);
+ _gnutls_hash_deinit (&td_md5, concat);
+ _gnutls_hash_deinit (&td_sha, &concat[16]);
dconcat.size = 36;
}
@@ -179,28 +180,28 @@ _gnutls_tls_sign_params (gnutls_session_t session, gnutls_cert * cert,
memcpy (concat,
"\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14",
15);
- _gnutls_hash_deinit (td_sha, &concat[15]);
+ _gnutls_hash_deinit (&td_sha, &concat[15]);
dconcat.size = 35;
#else
/* No parameters field. */
memcpy (concat,
"\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14",
13);
- _gnutls_hash_deinit (td_sha, &concat[13]);
+ _gnutls_hash_deinit (&td_sha, &concat[13]);
dconcat.size = 33;
#endif
}
dconcat.data = concat;
break;
case GNUTLS_PK_DSA:
- _gnutls_hash_deinit (td_sha, concat);
+ _gnutls_hash_deinit (&td_sha, concat);
dconcat.data = concat;
dconcat.size = 20;
break;
default:
gnutls_assert ();
- _gnutls_hash_deinit (td_sha, NULL);
+ _gnutls_hash_deinit (&td_sha, NULL);
return GNUTLS_E_INTERNAL_ERROR;
}
ret = _gnutls_tls_sign (session, cert, pkey, &dconcat, signature);
@@ -369,23 +370,23 @@ _gnutls_verify_sig_hdata (gnutls_session_t session, gnutls_cert * cert,
{
int ret;
opaque concat[36];
- mac_hd_t td_md5;
- mac_hd_t td_sha;
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
gnutls_datum_t dconcat;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
- td_md5 = _gnutls_hash_copy (session->internals.handshake_mac_handle_md5);
- if (td_md5 == NULL)
+ ret = _gnutls_hash_copy (&td_md5, &session->internals.handshake_mac_handle_md5);
+ if (ret < 0)
{
gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
+ return ret;
}
- td_sha = _gnutls_hash_copy (session->internals.handshake_mac_handle_sha);
- if (td_sha == NULL)
+ ret = _gnutls_hash_copy (&td_sha, &session->internals.handshake_mac_handle_sha);
+ if (ret < 0)
{
gnutls_assert ();
- _gnutls_hash_deinit (td_md5, NULL);
+ _gnutls_hash_deinit (&td_md5, NULL);
return GNUTLS_E_HASH_FAILED;
}
@@ -398,17 +399,17 @@ _gnutls_verify_sig_hdata (gnutls_session_t session, gnutls_cert * cert,
return ret;
}
- _gnutls_mac_deinit_ssl3_handshake (td_md5, concat,
+ _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
session->security_parameters.
master_secret, TLS_MASTER_SIZE);
- _gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16],
+ _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
session->security_parameters.
master_secret, TLS_MASTER_SIZE);
}
else
{
- _gnutls_hash_deinit (td_md5, concat);
- _gnutls_hash_deinit (td_sha, &concat[16]);
+ _gnutls_hash_deinit (&td_md5, concat);
+ _gnutls_hash_deinit (&td_sha, &concat[16]);
}
dconcat.data = concat;
@@ -435,46 +436,46 @@ _gnutls_verify_sig_params (gnutls_session_t session, gnutls_cert * cert,
{
gnutls_datum_t dconcat;
int ret;
- mac_hd_t td_md5 = NULL;
- mac_hd_t td_sha;
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
opaque concat[36];
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
if (ver < GNUTLS_TLS1_2)
{
- td_md5 = _gnutls_hash_init (GNUTLS_MAC_MD5);
- if (td_md5 == NULL)
+ ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
+ if (ret < 0)
{
gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
+ return ret;
}
- _gnutls_hash (td_md5, session->security_parameters.client_random,
+ _gnutls_hash (&td_md5, session->security_parameters.client_random,
TLS_RANDOM_SIZE);
- _gnutls_hash (td_md5, session->security_parameters.server_random,
+ _gnutls_hash (&td_md5, session->security_parameters.server_random,
TLS_RANDOM_SIZE);
- _gnutls_hash (td_md5, params->data, params->size);
+ _gnutls_hash (&td_md5, params->data, params->size);
}
- td_sha = _gnutls_hash_init (GNUTLS_MAC_SHA1);
- if (td_sha == NULL)
+ ret = _gnutls_hash_init (&td_sha, GNUTLS_MAC_SHA1);
+ if (ret < 0)
{
gnutls_assert ();
- if (td_md5)
- _gnutls_hash_deinit (td_md5, NULL);
- return GNUTLS_E_HASH_FAILED;
+ if (ver < GNUTLS_TLS1_2)
+ _gnutls_hash_deinit (&td_md5, NULL);
+ return ret;
}
- _gnutls_hash (td_sha, session->security_parameters.client_random,
+ _gnutls_hash (&td_sha, session->security_parameters.client_random,
TLS_RANDOM_SIZE);
- _gnutls_hash (td_sha, session->security_parameters.server_random,
+ _gnutls_hash (&td_sha, session->security_parameters.server_random,
TLS_RANDOM_SIZE);
- _gnutls_hash (td_sha, params->data, params->size);
+ _gnutls_hash (&td_sha, params->data, params->size);
if (ver < GNUTLS_TLS1_2)
{
- _gnutls_hash_deinit (td_md5, concat);
- _gnutls_hash_deinit (td_sha, &concat[16]);
+ _gnutls_hash_deinit (&td_md5, concat);
+ _gnutls_hash_deinit (&td_sha, &concat[16]);
dconcat.size = 36;
}
else
@@ -484,14 +485,14 @@ _gnutls_verify_sig_params (gnutls_session_t session, gnutls_cert * cert,
memcpy (concat,
"\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14",
15);
- _gnutls_hash_deinit (td_sha, &concat[15]);
+ _gnutls_hash_deinit (&td_sha, &concat[15]);
dconcat.size = 35;
#else
/* No parameters field. */
memcpy (concat,
"\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14",
13);
- _gnutls_hash_deinit (td_sha, &concat[13]);
+ _gnutls_hash_deinit (&td_sha, &concat[13]);
dconcat.size = 33;
#endif
}
diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c
index bc1206be9b..84eb1fd151 100644
--- a/lib/gnutls_srp.c
+++ b/lib/gnutls_srp.c
@@ -172,7 +172,7 @@ _gnutls_calc_srp_u (mpi_t A, mpi_t B, mpi_t n)
size_t b_size, a_size;
opaque *holder, hd[MAX_HASH_SIZE];
size_t holder_size, hash_size, n_size;
- GNUTLS_HASH_HANDLE td;
+ digest_hd_st td;
int ret;
mpi_t res;
@@ -197,15 +197,15 @@ _gnutls_calc_srp_u (mpi_t A, mpi_t B, mpi_t n)
_gnutls_mpi_print (&holder[n_size - a_size], &a_size, A);
_gnutls_mpi_print (&holder[n_size + n_size - b_size], &b_size, B);
- td = _gnutls_hash_init (GNUTLS_MAC_SHA1);
- if (td == NULL)
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
+ if (ret < 0)
{
gnutls_free (holder);
gnutls_assert ();
return NULL;
}
- _gnutls_hash (td, holder, holder_size);
- _gnutls_hash_deinit (td, hd);
+ _gnutls_hash (&td, holder, holder_size);
+ _gnutls_hash_deinit (&td, hd);
/* convert the bytes of hd to integer
*/
@@ -301,32 +301,33 @@ _gnutls_calc_srp_sha (const char *username, const char *password,
opaque * salt, int salt_size, size_t * size,
void *digest)
{
- GNUTLS_HASH_HANDLE td;
+ digest_hd_st td;
opaque res[MAX_HASH_SIZE];
-
+ int ret;
+
*size = 20;
- td = _gnutls_hash_init (GNUTLS_MAC_SHA1);
- if (td == NULL)
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
+ if (ret < 0)
{
return GNUTLS_E_MEMORY_ERROR;
}
- _gnutls_hash (td, username, strlen (username));
- _gnutls_hash (td, ":", 1);
- _gnutls_hash (td, password, strlen (password));
+ _gnutls_hash (&td, username, strlen (username));
+ _gnutls_hash (&td, ":", 1);
+ _gnutls_hash (&td, password, strlen (password));
- _gnutls_hash_deinit (td, res);
+ _gnutls_hash_deinit (&td, res);
- td = _gnutls_hash_init (GNUTLS_MAC_SHA1);
- if (td == NULL)
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
+ if (ret < 0)
{
return GNUTLS_E_MEMORY_ERROR;
}
- _gnutls_hash (td, salt, salt_size);
- _gnutls_hash (td, res, 20); /* 20 bytes is the output of sha1 */
+ _gnutls_hash (&td, salt, salt_size);
+ _gnutls_hash (&td, res, 20); /* 20 bytes is the output of sha1 */
- _gnutls_hash_deinit (td, digest);
+ _gnutls_hash_deinit (&td, digest);
return 0;
}
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 5524af8120..df84deb6ca 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -376,10 +376,8 @@ gnutls_deinit (gnutls_session_t session)
gnutls_credentials_clear (session);
_gnutls_selected_certs_deinit (session);
- if (session->connection_state.read_cipher_state != NULL)
- _gnutls_cipher_deinit (&session->connection_state.read_cipher_state);
- if (session->connection_state.write_cipher_state != NULL)
- _gnutls_cipher_deinit (&session->connection_state.write_cipher_state);
+ _gnutls_cipher_deinit (&session->connection_state.read_cipher_state);
+ _gnutls_cipher_deinit (&session->connection_state.write_cipher_state);
if (session->connection_state.read_compression_state != NULL)
_gnutls_comp_deinit (session->connection_state.read_compression_state, 1);
@@ -730,17 +728,18 @@ _gnutls_cal_PRF_A (gnutls_mac_algorithm_t algorithm,
const void *secret, int secret_size,
const void *seed, int seed_size, void *result)
{
- mac_hd_t td1;
+ digest_hd_st td1;
+ int ret;
- td1 = _gnutls_hmac_init (algorithm, secret, secret_size);
- if (td1 == GNUTLS_MAC_FAILED)
+ ret = _gnutls_hmac_init (&td1, algorithm, secret, secret_size);
+ if (ret < 0)
{
gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
+ return ret;
}
- _gnutls_hmac (td1, seed, seed_size);
- _gnutls_hmac_deinit (td1, result);
+ _gnutls_hmac (&td1, seed, seed_size);
+ _gnutls_hmac_deinit (&td1, result);
return 0;
}
@@ -757,7 +756,7 @@ _gnutls_P_hash (gnutls_mac_algorithm_t algorithm,
int total_bytes, opaque * ret)
{
- mac_hd_t td2;
+ digest_hd_st td2;
int i, times, how, blocksize, A_size;
opaque final[20], Atmp[MAX_SEED_SIZE];
int output_bytes, result;
@@ -786,11 +785,11 @@ _gnutls_P_hash (gnutls_mac_algorithm_t algorithm,
for (i = 0; i < times; i++)
{
- td2 = _gnutls_hmac_init (algorithm, secret, secret_size);
- if (td2 == GNUTLS_MAC_FAILED)
+ result = _gnutls_hmac_init (&td2, algorithm, secret, secret_size);
+ if (result < 0)
{
gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
+ return result;
}
/* here we calculate A(i+1) */
@@ -799,15 +798,15 @@ _gnutls_P_hash (gnutls_mac_algorithm_t algorithm,
A_size, Atmp)) < 0)
{
gnutls_assert ();
- _gnutls_hmac_deinit (td2, final);
+ _gnutls_hmac_deinit (&td2, final);
return result;
}
A_size = blocksize;
- _gnutls_hmac (td2, Atmp, A_size);
- _gnutls_hmac (td2, seed, seed_size);
- _gnutls_hmac_deinit (td2, final);
+ _gnutls_hmac (&td2, Atmp, A_size);
+ _gnutls_hmac (&td2, seed, seed_size);
+ _gnutls_hmac_deinit (&td2, final);
if ((1 + i) * blocksize < total_bytes)
{
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index 84046b09cb..277dfe441c 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -543,7 +543,7 @@ gnutls_fingerprint (gnutls_digest_algorithm_t algo,
const gnutls_datum_t * data, void *result,
size_t * result_size)
{
- GNUTLS_HASH_HANDLE td;
+ digest_hd_st td;
int hash_len = _gnutls_hash_get_algo_len (HASH2MAC (algo));
if (hash_len < 0 || (unsigned) hash_len > *result_size || result == NULL)
@@ -555,13 +555,15 @@ gnutls_fingerprint (gnutls_digest_algorithm_t algo,
if (result)
{
- td = _gnutls_hash_init (HASH2MAC (algo));
- if (td == NULL)
- return GNUTLS_E_HASH_FAILED;
+ int ret = _gnutls_hash_init (&td, HASH2MAC (algo));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- _gnutls_hash (td, data->data, data->size);
+ _gnutls_hash (&td, data->data, data->size);
- _gnutls_hash_deinit (td, result);
+ _gnutls_hash_deinit (&td, result);
}
return 0;
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 64f4881ca7..e5e443c09f 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -857,7 +857,7 @@ gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass)
opaque salt[8], key[20];
int result;
const int iter = 1;
- mac_hd_t td1 = NULL;
+ digest_hd_st td1;
gnutls_datum_t tmp = { NULL, 0 };
opaque sha_mac[20];
@@ -922,18 +922,17 @@ gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass)
/* MAC the data
*/
- td1 = _gnutls_hmac_init (GNUTLS_MAC_SHA1, key, sizeof (key));
- if (td1 == GNUTLS_MAC_FAILED)
+ result = _gnutls_hmac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
+ if (result < 0)
{
gnutls_assert ();
- result = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
- _gnutls_hmac (td1, tmp.data, tmp.size);
+ _gnutls_hmac (&td1, tmp.data, tmp.size);
_gnutls_free_datum (&tmp);
- _gnutls_hmac_deinit (td1, sha_mac);
+ _gnutls_hmac_deinit (&td1, sha_mac);
result =
@@ -990,7 +989,7 @@ gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass)
int result;
unsigned int iter;
int len;
- mac_hd_t td1 = NULL;
+ digest_hd_st td1;
gnutls_datum_t tmp = { NULL, 0 }, salt =
{
NULL, 0};
@@ -1048,18 +1047,17 @@ gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass)
/* MAC the data
*/
- td1 = _gnutls_hmac_init (GNUTLS_MAC_SHA1, key, sizeof (key));
- if (td1 == GNUTLS_MAC_FAILED)
+ result = _gnutls_hmac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
+ if (result < 0)
{
gnutls_assert ();
- result = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
- _gnutls_hmac (td1, tmp.data, tmp.size);
+ _gnutls_hmac (&td1, tmp.data, tmp.size);
_gnutls_free_datum (&tmp);
- _gnutls_hmac_deinit (td1, sha_mac);
+ _gnutls_hmac_deinit (&td1, sha_mac);
len = sizeof (sha_mac_orig);
result =
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index a52b7c7b84..074b43ef98 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -1417,7 +1417,7 @@ gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
size_t * output_data_size)
{
int result;
- GNUTLS_HASH_HANDLE hd;
+ digest_hd_st hd;
gnutls_datum_t der = { NULL, 0 };
if (key == NULL || key->crippled)
@@ -1457,17 +1457,16 @@ gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
else
return GNUTLS_E_INTERNAL_ERROR;
- hd = _gnutls_hash_init (GNUTLS_MAC_SHA1);
- if (hd == GNUTLS_HASH_FAILED)
+ result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
+ if (result < 0)
{
gnutls_assert ();
- result = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
- _gnutls_hash (hd, der.data, der.size);
+ _gnutls_hash (&hd, der.data, der.size);
- _gnutls_hash_deinit (hd, output_data);
+ _gnutls_hash_deinit (&hd, output_data);
*output_data_size = 20;
result = 0;
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 4ca8f0ea58..7304a7569f 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -1442,7 +1442,8 @@ decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
int data_size;
opaque *data = NULL, *key = NULL;
gnutls_datum_t dkey, d_iv;
- cipher_hd_t ch = NULL;
+ cipher_hd_st ch;
+ int ch_init = 0;
int key_size;
data_size = 0;
@@ -1520,19 +1521,20 @@ decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
d_iv.data = (opaque *) enc_params->iv;
d_iv.size = enc_params->iv_size;
- ch = _gnutls_cipher_init (enc_params->cipher, &dkey, &d_iv);
+ result = _gnutls_cipher_init (&ch, enc_params->cipher, &dkey, &d_iv);
gnutls_afree (key);
key = NULL;
- if (ch == NULL)
+ if (result < 0)
{
gnutls_assert ();
- result = GNUTLS_E_DECRYPTION_FAILED;
goto error;
}
+
+ ch_init = 1;
- result = _gnutls_cipher_decrypt (ch, data, data_size);
+ result = _gnutls_cipher_decrypt (&ch, data, data_size);
if (result < 0)
{
gnutls_assert ();
@@ -1546,15 +1548,15 @@ decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
else
decrypted_data->size = data_size;
- _gnutls_cipher_deinit (ch);
+ _gnutls_cipher_deinit (&ch);
return 0;
error:
gnutls_free (data);
gnutls_afree (key);
- if (ch != NULL)
- _gnutls_cipher_deinit (ch);
+ if (ch_init != 0)
+ _gnutls_cipher_deinit (&ch);
return result;
}
@@ -1937,7 +1939,8 @@ encrypt_data (const gnutls_datum_t * plain,
int data_size;
opaque *data = NULL;
gnutls_datum_t d_iv;
- cipher_hd_t ch = NULL;
+ cipher_hd_st ch;
+ int ch_init = 0;
opaque pad, pad_size;
pad_size = _gnutls_cipher_get_block_size (enc_params->cipher);
@@ -1968,16 +1971,17 @@ encrypt_data (const gnutls_datum_t * plain,
d_iv.data = (opaque *) enc_params->iv;
d_iv.size = enc_params->iv_size;
- ch = _gnutls_cipher_init (enc_params->cipher, key, &d_iv);
+ result = _gnutls_cipher_init (&ch, enc_params->cipher, key, &d_iv);
- if (ch == GNUTLS_CIPHER_FAILED)
+ if (result < 0)
{
gnutls_assert ();
- result = GNUTLS_E_ENCRYPTION_FAILED;
goto error;
}
- result = _gnutls_cipher_encrypt (ch, data, data_size);
+ ch_init = 1;
+
+ result = _gnutls_cipher_encrypt (&ch, data, data_size);
if (result < 0)
{
gnutls_assert ();
@@ -1987,14 +1991,14 @@ encrypt_data (const gnutls_datum_t * plain,
encrypted->data = data;
encrypted->size = data_size;
- _gnutls_cipher_deinit (ch);
+ _gnutls_cipher_deinit (&ch);
return 0;
error:
gnutls_free (data);
- if (ch != NULL)
- _gnutls_cipher_deinit (ch);
+ if (ch_init != 0)
+ _gnutls_cipher_deinit (&ch);
return result;
}
diff --git a/lib/x509/sign.c b/lib/x509/sign.c
index 47fd6ed31a..ff87573614 100644
--- a/lib/x509/sign.c
+++ b/lib/x509/sign.c
@@ -133,18 +133,18 @@ pkcs1_rsa_sign (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text,
{
int ret;
opaque _digest[MAX_HASH_SIZE];
- GNUTLS_HASH_HANDLE hd;
+ digest_hd_st hd;
gnutls_datum_t digest, info;
- hd = _gnutls_hash_init (HASH2MAC (hash));
- if (hd == NULL)
+ ret = _gnutls_hash_init (&hd, HASH2MAC (hash));
+ if (ret < 0)
{
gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
+ return ret;
}
- _gnutls_hash (hd, text->data, text->size);
- _gnutls_hash_deinit (hd, _digest);
+ _gnutls_hash (&hd, text->data, text->size);
+ _gnutls_hash_deinit (&hd, _digest);
digest.data = _digest;
digest.size = _gnutls_hash_get_algo_len (HASH2MAC (hash));
@@ -177,18 +177,18 @@ dsa_sign (const gnutls_datum_t * text,
{
int ret;
opaque _digest[MAX_HASH_SIZE];
- GNUTLS_HASH_HANDLE hd;
+ digest_hd_st hd;
gnutls_datum_t digest;
- hd = _gnutls_hash_init (GNUTLS_MAC_SHA1);
- if (hd == NULL)
+ ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
+ if (ret < 0)
{
gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
+ return ret;
}
- _gnutls_hash (hd, text->data, text->size);
- _gnutls_hash_deinit (hd, _digest);
+ _gnutls_hash (&hd, text->data, text->size);
+ _gnutls_hash_deinit (&hd, _digest);
digest.data = _digest;
digest.size = 20;
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 26abb56d25..c2217fa2cc 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -542,7 +542,7 @@ _pkcs1_rsa_verify_sig (const gnutls_datum_t * text,
int ret;
opaque digest[MAX_HASH_SIZE], md[MAX_HASH_SIZE];
int digest_size;
- GNUTLS_HASH_HANDLE hd;
+ digest_hd_st hd;
gnutls_datum_t decrypted;
ret =
@@ -573,15 +573,15 @@ _pkcs1_rsa_verify_sig (const gnutls_datum_t * text,
return GNUTLS_E_ASN1_GENERIC_ERROR;
}
- hd = _gnutls_hash_init (hash);
- if (hd == NULL)
+ ret = _gnutls_hash_init (&hd, hash);
+ if (ret < 0)
{
gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
+ return ret;
}
- _gnutls_hash (hd, text->data, text->size);
- _gnutls_hash_deinit (hd, md);
+ _gnutls_hash (&hd, text->data, text->size);
+ _gnutls_hash_deinit (&hd, md);
if (memcmp (md, digest, digest_size) != 0)
{
@@ -602,17 +602,17 @@ dsa_verify_sig (const gnutls_datum_t * text,
int ret;
opaque _digest[MAX_HASH_SIZE];
gnutls_datum_t digest;
- GNUTLS_HASH_HANDLE hd;
+ digest_hd_st hd;
- hd = _gnutls_hash_init (GNUTLS_MAC_SHA1);
- if (hd == NULL)
+ ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
+ if (ret < 0)
{
gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
+ return ret;
}
- _gnutls_hash (hd, text->data, text->size);
- _gnutls_hash_deinit (hd, _digest);
+ _gnutls_hash (&hd, text->data, text->size);
+ _gnutls_hash_deinit (&hd, _digest);
digest.data = _digest;
digest.size = 20;
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index d9b17b7e54..bab2e1135b 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -2028,7 +2028,7 @@ rsadsa_get_key_id (gnutls_x509_crt_t crt, int pk,
int params_size = MAX_PUBLIC_PARAMS_SIZE;
int i, result = 0;
gnutls_datum_t der = { NULL, 0 };
- GNUTLS_HASH_HANDLE hd;
+ digest_hd_st hd;
result = _gnutls_x509_crt_get_mpis (crt, params, &params_size);
if (result < 0)
@@ -2058,17 +2058,16 @@ rsadsa_get_key_id (gnutls_x509_crt_t crt, int pk,
else
return GNUTLS_E_INTERNAL_ERROR;
- hd = _gnutls_hash_init (GNUTLS_MAC_SHA1);
- if (hd == GNUTLS_HASH_FAILED)
+ result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
+ if (result < 0)
{
gnutls_assert ();
- result = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
- _gnutls_hash (hd, der.data, der.size);
+ _gnutls_hash (&hd, der.data, der.size);
- _gnutls_hash_deinit (hd, output_data);
+ _gnutls_hash_deinit (&hd, output_data);
*output_data_size = 20;
result = 0;
View Lorry Controller Status